CN109714300A - Method of controlling security and system and relevant device - Google Patents
Method of controlling security and system and relevant device Download PDFInfo
- Publication number
- CN109714300A CN109714300A CN201711012582.5A CN201711012582A CN109714300A CN 109714300 A CN109714300 A CN 109714300A CN 201711012582 A CN201711012582 A CN 201711012582A CN 109714300 A CN109714300 A CN 109714300A
- Authority
- CN
- China
- Prior art keywords
- user
- ipsec
- instruction parameter
- open instruction
- authorization data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of method of controlling security and system and relevant devices, are related to the communications field.Method therein includes obtaining the authorization data of user in response to Client-initiated registration request;The IPsec extracted in the authorization data of user encrypts open instruction parameter;In the case where the value of IPsec encryption open instruction parameter indicates to close, indicate that user closes IPsec encryption function by response message, to monitor the signaling that user issues.To realize the IPsec function of needing to close local users according to monitoring, while ensureing the communications security of most of legitimate users, realize to local users Lawful Interception.
Description
Technical field
This disclosure relates to the communications field, in particular to a kind of method of controlling security and system and relevant device.
Background technique
IP multimedia subsystem (IMS, IP Multimedia Subsystem) have dialogue-based initiation protocol (SIP,
Session Initiation Protocol) full IP framework.IP agreement interconnects IMS terminal and internet directly, and interconnects
Net is unsafe network, causes access device and IMS terminal easily by the attack of hacker.In addition, used by IMS
For Session Initiation Protocol as a kind of text protocol, structural grammar is simple, it is prone to the safety issues such as copy, distorts and intercept.Maliciously
SIP signaling is transmitted to core control layer, and great security threat can be caused to IMS network.
Using the security feature of internet protocol secure (IPSec) safeguard protection can be provided for IMS system.3GPP IMS
Terminal and Proxy Call Session Control Function (P-CSCF, Proxy Call Session Control are defined in security architecture
Function the Confidentiality protection of SIP signaling, including encryption and completeization protection are realized between) by IPsec.
The implementation of IPSec improves the access safety of IMS, but terminal is issued on Gm by IPSec
SIP signaling is encrypted, and is led to not the signaling issued to terminal and is carried out Lawful Interception, may cause to public safety
Adverse effect.
Summary of the invention
Inventors have found that whether IMS network opens IPSec by parameter instruction terminal side, but the parameter is global at present
Property setting, i.e., IMS network can only select that whole terminals is required to open or close IPSec.If whole terminals open IPSec,
Lawful Interception cannot achieve;If needing IMS network to indicate that whole terminals close IPSec it is required that Lawful Interception is normally realized,
The communications security and carrier network safety that will lead to most of legitimate users decline to a great extent.
An embodiment of the present disclosure technical problem to be solved is: in the communications security for ensureing most of legitimate users
While, realize Lawful Interception.
According to one aspect of the disclosure, a kind of method of controlling security is proposed, comprising:
In response to Client-initiated registration request, the authorization data of the user is obtained;
Extract the internet protocol secure IPsec encryption open instruction parameter in the authorization data of the user;
In the case where the value of IPsec encryption open instruction parameter indicates to close, indicated by response message described in
User closes IPsec encryption function, so that the signaling issued to the user is monitored.
Optionally, this method further include: according to the user information of the eavesdropping target of acquisition, by the authorization data of relative users
In IPsec encryption open instruction parameter value be set off.
Optionally, this method further include: the value setting of the IPsec encryption open instruction parameter in the authorization data of user
After closing, the login state of the user is checked;It is whole by the registration of extension in the state that the user is in registered
Only request message triggers the user and re-initiates registration request, and the cancellation in the registration termination request message of the extension is former
Because IPsec encrypts open instruction parameter change.
Optionally, the expansion that service call conversation control function S-CSCF is sent in response to home signature user server HSS
The registration termination request message of exhibition checks the cancellation reason in the registration termination request message of the extension as IPsec encryption
Open instruction parameter change notifies the user to re-initiate registration request.
Optionally, it in the state that the user is in unregistered, removes to the IP multimedia public identity of the user
The S-CSCF information of assignment waits the user to initiate registration request.
Optionally, the Encryption Algorithm of the security service header field of response message is assigned a value of sky, to indicate that the user closes
IPsec encryption function.
According to another aspect of the disclosure, a kind of service call conversation control function S-CSCF of security control is proposed,
Include:
Authorization data obtains module, for obtaining the authorization data of the user in response to Client-initiated registration request;
Extract the internet protocol secure IPsec encryption open instruction parameter in the authorization data of the user;
Notification module, for passing through response in the case where the value of IPsec encryption open instruction parameter indicates to close
Message indicates that the user closes IPsec encryption function, so that the signaling issued to the user is monitored.
Optionally, the notification module is also used to the registration in response to the home signature user server HSS extension sent
Request message is terminated, checking the cancellation reason in the registration termination request message of the extension is that IPsec encrypts open instruction
Parameter change notifies the user to re-initiate registration request.
Optionally, the notification module, for indicating the case where closing in the value of IPsec encryption open instruction parameter
Under, the Encryption Algorithm of the security service header field of response message is assigned a value of sky, to indicate that the user closes IPsec encryption function
Energy.
According to another aspect of the present disclosure, a kind of home signature user server HSS of security control is proposed, comprising:
Authorization data setup module, for the user information according to the eavesdropping target of acquisition, by the authentication number of relative users
The value of IPsec encryption open instruction parameter in is set off;
Login state checks module, for checking the login state of the user;
Message transmission module, for passing through the registration termination request of extension in the state that the user is in registered
Message triggers the user and re-initiates registration request, and the cancellation reason in the registration termination request message of the extension is
IPsec encrypts open instruction parameter change.
Optionally, HSS further include: processing module, for removing to described in the state that the user is in unregistered
The S-CSCF information of the IP multimedia public identity assignment of user, waits the user to initiate registration request.
According to the another aspect of the disclosure, a kind of safety control system is proposed, including S-CSCF above-mentioned and above-mentioned
HSS。
According to the another further aspect of the disclosure, a kind of safety control is proposed, comprising:
Memory;And
It is coupled to the processor of the memory, the processor is configured to the finger based on storage in the memory
It enables, executes method of controlling security above-mentioned.
According to another aspect of the present disclosure, it proposes a kind of computer readable storage medium, is stored thereon with computer program,
The step of program realizes method of controlling security above-mentioned when being executed by processor.
To realize the IPsec function of needing to close local users according to monitoring, ensure leading to for most of legitimate users
While believing safety, realize to local users Lawful Interception.
Detailed description of the invention
Attached drawing needed in embodiment or description of Related Art will be briefly described below.According to following ginseng
According to the detailed description of attached drawing, the disclosure can be more clearly understood,
It should be evident that the accompanying drawings in the following description is only some embodiments of the present disclosure, skill common for this field
For art personnel, without any creative labor, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow diagram of disclosure method of controlling security one embodiment.
Fig. 2 is the flow diagram of another embodiment of disclosure method of controlling security.
Fig. 3 is that the disclosure initiates registered users to nullify and require the process of the one embodiment re-registered to illustrate
Figure.
Fig. 4 is the flow diagram of one embodiment that disclosure core net instruction terminal closes IPsec function.
Fig. 5 is the structural schematic diagram of disclosure safety control system one embodiment.
Fig. 6 is the structural schematic diagram of S-CSCF one embodiment of disclosure security control.
Fig. 7 is the structural schematic diagram of HSS one embodiment of disclosure security control.
Fig. 8 is the structural schematic diagram of disclosure safety control one embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present disclosure, the technical solution in the embodiment of the present disclosure is carried out clear, complete
Site preparation description.
Fig. 1 is the flow diagram of disclosure method of controlling security one embodiment.When the security control side of the embodiment
When method is applied to IMS system, this method can be by service call conversation control function (S-CSCF, Serving Call
Session Control Function) it executes.
As shown in Figure 1, the method 10 of the embodiment includes:
Step 110, in response to Client-initiated registration request, the authorization data of user is obtained, such as can be signed from ownership
The about authorization data of client server (HSS, Home Subscriber Server) acquisition user.
Step 120, the IPsec encryption open instruction parameter in the authorization data of user is extracted.
Wherein, the value that IPsec encrypts open instruction parameter, which includes at least, to be opened and closed, and is respectively indicated and is opened IPsec function
It can and close IPsec function.
Step 130, it in the case where the value of IPsec encryption open instruction parameter indicates to close, is indicated by response message
User closes IPsec encryption function, to monitor the signaling that user issues.
For example, the Encryption Algorithm of the security service header field of response message is assigned a value of sky, added with indicating that user closes IPsec
Close function.
To realize the IPsec function of needing to close local users according to monitoring, ensure leading to for most of legitimate users
While believing safety, realize to local users Lawful Interception.
Fig. 2 is the flow diagram of another embodiment of disclosure method of controlling security.
As shown in Fig. 2, the method 20 of the embodiment includes:
Step 210, HSS is according to the user information of the eavesdropping target of acquisition, by the IPsec in the authorization data of relative users
The value of encryption open instruction parameter is set off.
Wherein, HSS can be notified for the user information of eavesdropping target by monitoring platform, and the user information of eavesdropping target is, for example,
Name, telephone number, phone number of user etc..
Step 220, HSS checks the login state of user;
Step 230, in the state that user is in unregistered, HSS is removed to the IP multimedia public identity of user
(IMPU) the S-CSCF information assigned waits user to initiate registration request.Then, step 250 is executed.
Step 240, in the state that user is in registered, HSS passes through the registration termination request RTR of extension
(Registration-Termination-Request) message, triggering user re-initiate registration request, and the registration of extension is whole
Only the cancellation reason in request message is that IPsec encrypts open instruction parameter change.Then, step 250 is executed.
Step 250, user is switched on or is re-registered according to network side the requirement of authentication, initiates register and authentication process.
Then, execute step 260,270,280, these three steps respectively with step 110,120, it is 130 identical, here no longer
It repeats.
To realize the IPsec function of needing to close local users according to monitoring, ensure leading to for most of legitimate users
While believing safety, realize to local users Lawful Interception.In addition, realized based on the general network element of IMS, it is special without disposing
Business device saves equipment cost.And it can be realized based on such as SIP of the puppy parc in IMS network, but need to existing association
View carries out the simple extension of header field and process.For the program convenient for introducing network, the influence to network and business is small.
Fig. 3 is that the disclosure initiates registered users to nullify and require the process of the one embodiment re-registered to illustrate
Figure.
As shown in figure 3, the method 30 of the embodiment includes:
Step 310, the S-CSCF that HSS is currently registered to user sends the registration termination request RTR message of extension, disappears to this
Cancellation reason (Deregistration-Reason) attribute value in breath is " SEC_CHANGED " (table to (AVP) extension value
Show that IPsec encrypts open instruction parameter change), to indicate that the reason of this network is nullified is ipsec encryption open instruction parameter
It changes.HSS encrypts open instruction parameter by the S-CSCF User IP sec that the spreading parameter notifies user currently to register and becomes
Change, needs to initiate network and nullify and require user's discrimination weight process.
Step 320, S-CSCF returns to Registration Termination Answer (RTA) message to HSS, and RTR message has been received in expression.
Step 330, S-CSCF checks the Deregistration-Reason AVP in RTR message, and when discovery, the AVP is taken
Value is " SEC_CHANGED " (that is, IPsec encrypts open instruction parameter change), is sent by P-CSCF to UE (user equipment)
NOTIFY (notice) message notifies user to re-initiate register and authentication event, extends " event (event) " in NOTIFY message body
Header field initiates to re-register authentication immediately with event=" re-register (re-register) " instruction UE.
Step 340, UE returns to 200OK to S-CSCF by P-CSCF, and expression has received the notice for re-registering authentication.
Subsequent, UE re-initiates registration process according to network requirement, to complete to authenticate.
Fig. 4 is the flow diagram of one embodiment that disclosure core net instruction terminal closes IPsec function.
As shown in figure 4, the method 40 of the embodiment includes:
Step 410, user is switched on or is re-registered according to network side the requirement of authentication, sends REGISTER (registration) and disappears
Breath, initiates new register and authentication process.
Step 420, S-CSCF to HSS send multimedia authentication request (MAR,
Multimedia-Auth-Request) message requests subscription authentication data.
Step 430, HSS returns to corresponding data by multimedia authentication responses (MAA) message, wherein encrypting comprising IPsec
Open instruction parameter " SIP-Authentication-Ipsec ", value are to close.
It step 440, is the user of " closing " for the value of IPsec encryption open instruction parameter, S-CSCF is according to " SIP-
The instruction of Authentication-Ipsec " parameter, in 401 response messages of user's REGISTER message, by will be safe
The Encryption Algorithm (ealg) of service (Security-Server) header field is assigned a value of empty (null), is added with indicating that user closes IPSec
Close function.
Step 450, UE closes ipsec capability, completes authentication, accesses IMS network.
Fig. 5 is the structural schematic diagram of disclosure safety control system one embodiment.
As shown in figure 5, the system 50 of the embodiment includes: S-CSCF510 and HSS520.
Wherein, HSS520 is used for the user information of the eavesdropping target according to acquisition, will be in the authorization data of relative users
The value of IPsec encryption open instruction parameter is set off.It is also used to check the login state of user;It is in registered in user
In the state of, by the registration termination request message of extension, triggers user and re-initiate registration request, the registration termination of extension is asked
Seeking the cancellation reason in message is that IPsec encrypts open instruction parameter change.In the state that user is in unregistered, removing is given
The S-CSCF information of the IP multimedia public identity assignment of user, waits user to initiate registration request.
Wherein, S-CSCF510 is used to obtain the authorization data of user in response to Client-initiated registration request;It extracts and uses
Internet protocol secure IPsec in the authorization data at family encrypts open instruction parameter;In IPsec encryption open instruction parameter
Value indicates in the case where closing, and indicates that user closes IPsec encryption function by response message, so as to the signaling issued to user
It is monitored.
To realize the IPsec function of needing to close local users according to monitoring, ensure leading to for most of legitimate users
While believing safety, realize to local users Lawful Interception.
Fig. 6 is the structural schematic diagram of S-CSCF one embodiment of disclosure security control.
As shown in fig. 6, the S-CSCF60 of the embodiment includes:
Authorization data obtains module 610, for obtaining the authorization data of user in response to Client-initiated registration request;
The internet protocol secure IPsec extracted in the authorization data of user encrypts open instruction parameter;
Notification module 620, for passing through response in the case where the value of IPsec encryption open instruction parameter indicates to close
Message indicates that user closes IPsec encryption function, to monitor the signaling that user issues.
Wherein, notification module 620, for that will ring in the case where the value of IPsec encryption open instruction parameter indicates to close
The Encryption Algorithm of the security service header field of message is answered to be assigned a value of sky, to indicate that user closes IPsec encryption function.
Wherein, notification module 620 are also used to the registration end in response to the home signature user server HSS extension sent
Only request message, checking the cancellation reason in the registration termination request message of extension is that IPsec encryption open instruction parameter changes
Become, user is notified to re-initiate registration request.
To realize the IPsec function of needing to close local users according to monitoring, ensure leading to for most of legitimate users
While believing safety, realize to local users Lawful Interception.
Fig. 7 is the structural schematic diagram of HSS one embodiment of disclosure security control.
As shown in fig. 7, the HSS70 of the embodiment includes:
Authorization data setup module 710, for the user information according to the eavesdropping target of acquisition, by the authentication of relative users
The value of IPsec encryption open instruction parameter in data is set off;
Login state checks module 720, for checking the login state of user;
Message transmission module 730, for being disappeared in the state that user is in registered by the registration termination request of extension
Breath, triggering user re-initiate registration request, and the cancellation reason in the registration termination request message of extension is that IPsec encryption is opened
Indicate parameter change.
In addition, HSS further include: processing module 740, for removing to user's in the state that user is in unregistered
The S-CSCF information of IP multimedia public identity assignment, waits user to initiate registration request.
Fig. 8 is the structural schematic diagram of disclosure safety control one embodiment.
As shown in figure 8, the device 80 includes:
Memory 810;And
It is coupled to the processor 820 of the memory 810, is configured as holding based on the instruction being stored in memory 810
Row method of controlling security above-mentioned.
Wherein, memory 810 is such as may include system storage, fixed non-volatile memory medium.System storage
Device is for example stored with operating system, application program, Boot loader (Boot Loader) and other programs etc..
Device 80 can also include input/output interface 830, network interface 840, memory interface 850 etc..These interfaces
It can for example be connected by bus 860 between 830,840,850 and memory 810 and processor 820.Wherein, input and output
The input-output equipment such as interface 830 is display, mouse, keyboard, touch screen provide connecting interface.Network interface 840 is various
Networked devices provide connecting interface.The external storages such as memory interface 850 is SD card, USB flash disk provide connecting interface.
The disclosure also proposes a kind of computer readable storage medium, is stored thereon with computer program, and the program is processed
The step of device realizes method of controlling security above-mentioned when executing.
Those skilled in the art should be understood that embodiment of the disclosure can provide as method, system or computer journey
Sequence product.Therefore, complete hardware embodiment, complete software embodiment or combining software and hardware aspects can be used in the disclosure
The form of embodiment.Moreover, it wherein includes the calculating of computer usable program code that the disclosure, which can be used in one or more,
Machine can use the meter implemented in non-transient storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of calculation machine program product.
The disclosure is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present disclosure
Figure and/or block diagram describe.It is interpreted as to be realized by computer program instructions each in flowchart and/or the block diagram
The combination of process and/or box in process and/or box and flowchart and/or the block diagram.It can provide these computer journeys
Sequence instruct to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with
A machine is generated, so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for
Realize the dress for the function of specifying in one or more flows of the flowchart and/or one or more blocks of the block diagram
It sets.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is merely the preferred embodiments of the disclosure, not to limit the disclosure, all spirit in the disclosure and
Within principle, any modification, equivalent replacement, improvement and so on be should be included within the protection scope of the disclosure.
Claims (14)
1. a kind of method of controlling security, comprising:
In response to Client-initiated registration request, the authorization data of the user is obtained;
Extract the internet protocol secure IPsec encryption open instruction parameter in the authorization data of the user;
In the case where the value of IPsec encryption open instruction parameter indicates to close, the user is indicated by response message
IPsec encryption function is closed, so that the signaling issued to the user is monitored.
2. the method as described in claim 1, further includes: according to the user information of the eavesdropping target of acquisition, by relative users
The value of IPsec encryption open instruction parameter in authorization data is set off.
3. method according to claim 2, further includes: the IPsec in the authorization data of user encrypts open instruction parameter
Value be set off after, check the login state of the user;
In the state that the user is in registered, by the registration termination request message of extension, the user is triggered again
Registration request is initiated, the cancellation reason in the registration termination request message of the extension is that IPsec encryption open instruction parameter changes
Become.
4. method as claimed in claim 3, wherein service call conversation control function S-CSCF is in response to home signature user
The registration termination request message for the extension that server HSS is sent, checks the note in the registration termination request message of the extension
Selling reason is that IPsec encrypts open instruction parameter change, and the user is notified to re-initiate registration request.
5. method as claimed in claim 3, wherein in the state that the user is in unregistered, remove to the user
IP multimedia public identity assignment S-CSCF information, wait the user to initiate registration request.
6. the Encryption Algorithm of the security service header field of response message is the method for claim 1, wherein assigned a value of sky,
To indicate that the user closes IPsec encryption function.
7. a kind of service call conversation control function S-CSCF of security control, comprising:
Authorization data obtains module, for obtaining the authorization data of the user in response to Client-initiated registration request;It extracts
Internet protocol secure IPsec in the authorization data of the user encrypts open instruction parameter;
Notification module, for passing through response message in the case where the value of IPsec encryption open instruction parameter indicates to close
Indicate that the user closes IPsec encryption function, so that the signaling issued to the user is monitored.
8. S-CSCF as claimed in claim 7, wherein
The notification module is also used to disappear in response to the registration termination request of the home signature user server HSS extension sent
Breath, checking the cancellation reason in the registration termination request message of the extension is that IPsec encrypts open instruction parameter change, is led to
Know that the user re-initiates registration request.
9. S-CSCF as claimed in claim 7, wherein
The notification module, in the case where the value of IPsec encryption open instruction parameter indicates to close, response to be disappeared
The Encryption Algorithm of the security service header field of breath is assigned a value of sky, to indicate that the user closes IPsec encryption function.
10. a kind of home signature user server HSS of security control, comprising:
Authorization data setup module will be in the authorization data of relative users for the user information according to the eavesdropping target of acquisition
IPsec encryption open instruction parameter value be set off;
Login state checks module, for checking the login state of the user;
Message transmission module, in the state that the user is in registered, by the registration termination request message of extension,
It triggers the user and re-initiates registration request, the cancellation reason in the registration termination request message of the extension adds for IPsec
Close open instruction parameter change.
11. HSS as claimed in claim 10, further includes:
Processing module, for removing to the IP multimedia public mark of the user in the state that user is in unregistered
The S-CSCF information for knowing assignment waits the user to initiate registration request.
12. a kind of safety control system, including described in the described in any item S-CSCF of claim 7-9 and claim 10 or 11
HSS.
13. a kind of safety control, comprising:
Memory;And
It is coupled to the processor of the memory, the processor is configured to the instruction based on storage in the memory,
Perform claim requires method of controlling security described in any one of 1-6.
14. a kind of computer readable storage medium, is stored thereon with computer program, power is realized when which is executed by processor
Benefit requires the step of method of controlling security described in any one of 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711012582.5A CN109714300B (en) | 2017-10-26 | 2017-10-26 | Safety control method and system and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711012582.5A CN109714300B (en) | 2017-10-26 | 2017-10-26 | Safety control method and system and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109714300A true CN109714300A (en) | 2019-05-03 |
| CN109714300B CN109714300B (en) | 2021-06-11 |
Family
ID=66253360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711012582.5A Active CN109714300B (en) | 2017-10-26 | 2017-10-26 | Safety control method and system and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109714300B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111405557A (en) * | 2020-03-19 | 2020-07-10 | 中国电子科技集团公司第三十研究所 | Method and system for enabling 5G network to flexibly support multiple main authentication algorithms |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286896A (en) * | 2008-06-05 | 2008-10-15 | 上海交通大学 | IPSec VPN protocol drastic detecting method based on flows |
| CN101909056A (en) * | 2010-07-21 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Client state recognition method, device and network equipment |
| CN102802275A (en) * | 2012-08-22 | 2012-11-28 | 汉柏科技有限公司 | Wireless encryption access method |
| CN104219705A (en) * | 2014-09-24 | 2014-12-17 | 中国联合网络通信集团有限公司 | VoLTE terminal re-registering method and device |
| CN106549923A (en) * | 2015-09-22 | 2017-03-29 | 中国联合网络通信集团有限公司 | A kind of control method and device of secure access |
-
2017
- 2017-10-26 CN CN201711012582.5A patent/CN109714300B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286896A (en) * | 2008-06-05 | 2008-10-15 | 上海交通大学 | IPSec VPN protocol drastic detecting method based on flows |
| CN101909056A (en) * | 2010-07-21 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Client state recognition method, device and network equipment |
| CN102802275A (en) * | 2012-08-22 | 2012-11-28 | 汉柏科技有限公司 | Wireless encryption access method |
| CN104219705A (en) * | 2014-09-24 | 2014-12-17 | 中国联合网络通信集团有限公司 | VoLTE terminal re-registering method and device |
| CN106549923A (en) * | 2015-09-22 | 2017-03-29 | 中国联合网络通信集团有限公司 | A kind of control method and device of secure access |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111405557A (en) * | 2020-03-19 | 2020-07-10 | 中国电子科技集团公司第三十研究所 | Method and system for enabling 5G network to flexibly support multiple main authentication algorithms |
| CN111405557B (en) * | 2020-03-19 | 2022-03-15 | 中国电子科技集团公司第三十研究所 | Method and system for enabling 5G network to flexibly support multiple main authentication algorithms |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109714300B (en) | 2021-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9992176B2 (en) | Systems and methods for encrypted communication in a secure network | |
| US20180295137A1 (en) | Techniques for dynamic authentication in connection within applications and sessions | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| CN104917721B (en) | Authorization method, device and system based on oAuth agreement | |
| US9881304B2 (en) | Risk-based control of application interface transactions | |
| US10771624B1 (en) | Data store for communication authentication | |
| CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
| CN105991614B (en) | It is a kind of it is open authorization, resource access method and device, server | |
| JP2017509076A (en) | Method and apparatus for verifying processed data | |
| CN104054321A (en) | Security management for cloud services | |
| CN103347020B (en) | A kind of system and method across application authorization access | |
| CN106133735B (en) | For accessing the safety method and device of internet protocol multi-media sub-system | |
| CN108605264A (en) | Network management | |
| CN108712376B (en) | Verification method and device for server login | |
| CN104579657A (en) | Method and device for identity authentication | |
| EP3381166B1 (en) | Systems and methods for cross-channel device binding | |
| US10148629B1 (en) | User-friendly multifactor authentication | |
| US11689517B2 (en) | Method for distributed application segmentation through authorization | |
| US20190149991A1 (en) | Technique for authenticating a user device | |
| CN109714300A (en) | Method of controlling security and system and relevant device | |
| Wu et al. | IoT network traffic analysis: Opportunities and challenges for forensic investigators? | |
| Reimair et al. | MoCrySIL-Carry your Cryptographic keys in your pocket | |
| US20160191493A1 (en) | System and method of authenticating a live video stream | |
| US10893035B2 (en) | Network architecture for controlling data signalling | |
| Benzidane et al. | Secured architecture for inter-VM traffic in a Cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |