KR100819036B1 - 패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 - Google Patents
패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 Download PDFInfo
- Publication number
- KR100819036B1 KR100819036B1 KR1020060096632A KR20060096632A KR100819036B1 KR 100819036 B1 KR100819036 B1 KR 100819036B1 KR 1020060096632 A KR1020060096632 A KR 1020060096632A KR 20060096632 A KR20060096632 A KR 20060096632A KR 100819036 B1 KR100819036 B1 KR 100819036B1
- Authority
- KR
- South Korea
- Prior art keywords
- traffic
- call
- network
- information
- service
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 26
- 238000002716 delivery method Methods 0.000 claims 1
- 230000000903 blocking effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
- H04L47/2433—Allocation of priorities to traffic types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1425—Charging, metering or billing arrangements for data wireline or wireless communications involving dedicated fields in the data packet for billing purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1485—Tariff-related aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/15—Flow control; Congestion control in relation to multipoint traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/78—Architectures of resource allocation
- H04L47/781—Centralised allocation of resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/80—Actions related to the user profile or the type of traffic
- H04L47/805—QOS or priority aware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (8)
- 발신단말로부터 전송된 호 수락요청을 수신하는 호 수락 제어 에이전트;상기 호 수락 제어 에이전트가 수신한 호 수락 요청의 허부를 결정하고, 상기 호 수락 요청으로부터 호 정보를 획득하는 네트워크 제어장치; 및상기 발신단말로부터의 트래픽 유입시, 유입된 트래픽 패킷의 헤더 정보와 상기 네트워크 제어장치로부터 전달받은 호 정보에 각각 포함된 발신/착신단말의 주소, 발신/착신단말의 어플리케이션 포트 및 어플리케이션 프로토콜 정보를 서로 비교하여 트래픽의 인증을 수행하는 네트워크 접속장치;를 포함하는 것을 특징으로 하는 트래픽 인증장치.
- 제 1항에 있어서,상기 유입된 트래픽이 합법 트래픽인 경우에는 제공된 네트워크 서비스에 대한 과금을 하는 과금부를 더 포함하는 것을 특징으로 하는 트래픽 인증장치.
- 제 2항에 있어서, 상기 제공된 네트워크 서비스는,QoS를 보장하는 프리미엄 서비스인 것을 특징으로 하는 트래픽 인증장치.
- 제 2항에 있어서, 상기 제공된 네트워크 서비스에 대한 과금은제공된 네트워크 서비스의 클래스 및 사용량 중 적어도 어느 하나를 기초로 하는 것을 특징으로 하는 트래픽 인증장치.
- 삭제
- 제 1항의 상기 네트워크 접속장치에 있어서,상기 유입된 트래픽이 불법 트래픽인 경우에는 트래픽의 유입을 차단하고, 서비스 제공시 보장된 서비스 품질이나 우선권을 제공하는 것을 보장하지 못하는 데이터 전달방식인 Best effort로 처리 또는 다른 네트워크로 재전송하는 것을 특징으로 하는 트래픽 인증장치.
- (a) 발신단말로부터 전송된 호 수락요청을 수신하는 단계;(b) 상기 호 수락 요청의 허부를 결정하고, 상기 호 수락요청으로부터 호 정보를 획득하는 단계;(c) 상기 호 정보를 네트워크 접속장치로 전달하는 단계; 및(d) 상기 발신단말로부터 트래픽 유입시, 유입된 트래픽 패킷의 헤더 정보와 상기 호 정보에 각각 포함된 발신/착신단말의 주소, 발신/착신단말의 어플리케이션 포트 및 어플리케이션 프로토콜 정보를 서로 비교하여 트래픽의 인증을 수행하는 단계;를 포함하는 것을 특징으로 하는 트래픽 인증방법.
- 삭제
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020060096632A KR100819036B1 (ko) | 2005-12-08 | 2006-09-29 | 패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 |
US11/635,554 US20070133408A1 (en) | 2005-12-08 | 2006-12-08 | Apparatus and method for authenticating traffic using packet header information |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020050120057 | 2005-12-08 | ||
KR20050120057 | 2005-12-08 | ||
KR1020060096632A KR100819036B1 (ko) | 2005-12-08 | 2006-09-29 | 패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20070061322A KR20070061322A (ko) | 2007-06-13 |
KR100819036B1 true KR100819036B1 (ko) | 2008-04-02 |
Family
ID=38139178
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020060096632A KR100819036B1 (ko) | 2005-12-08 | 2006-09-29 | 패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 |
Country Status (2)
Country | Link |
---|---|
US (1) | US20070133408A1 (ko) |
KR (1) | KR100819036B1 (ko) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101172889B1 (ko) | 2008-12-03 | 2012-08-10 | 한국전자통신연구원 | 유해트래픽 탐지/대응 방법 및 시스템 |
US8402538B2 (en) | 2008-12-03 | 2013-03-19 | Electronics And Telecommunications Research Institute | Method and system for detecting and responding to harmful traffic |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100963963B1 (ko) * | 2007-10-17 | 2010-06-15 | 주식회사 케이티 | 이동 통신망에서의 비인가 트래픽 제어 시스템 및 방법 |
US8813197B2 (en) * | 2008-12-15 | 2014-08-19 | Novell, Inc. | Techniques for network process identity enablement |
CN103401840B (zh) * | 2013-07-03 | 2016-03-16 | 厦门锐思特软件科技有限公司 | 一种应用于业务系统的保护方法及系统 |
US11134095B2 (en) * | 2016-02-24 | 2021-09-28 | Fireeye, Inc. | Systems and methods for attack simulation on a production network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002124952A (ja) | 2000-10-12 | 2002-04-26 | Furukawa Electric Co Ltd:The | 無線ネットワークにおける無線端末の認証方法および無線ネットワークにおける無線端末の認証システム |
KR20030000254A (ko) * | 2001-06-22 | 2003-01-06 | (주)빌렉스 | 무선 인터넷 서비스를 위한 과금 대행 장치 및 그 방법 |
KR20040017445A (ko) * | 2002-08-21 | 2004-02-27 | 엘지전자 주식회사 | 멀티미디어 데이터 인증방법 |
KR20050005152A (ko) * | 2003-07-04 | 2005-01-13 | 주식회사 케이티프리텔 | 부당한 단말 식별자에 대한 정보 이용료 과금 차단 방법및 시스템 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6233686B1 (en) * | 1997-01-17 | 2001-05-15 | At & T Corp. | System and method for providing peer level access control on a network |
US7912856B2 (en) * | 1998-06-29 | 2011-03-22 | Sonicwall, Inc. | Adaptive encryption |
US6463474B1 (en) * | 1999-07-02 | 2002-10-08 | Cisco Technology, Inc. | Local authentication of a client at a network device |
CA2296213C (en) * | 2000-01-07 | 2009-04-14 | Sedona Networks Corporation | Distributed subscriber management |
JP2002152279A (ja) * | 2000-11-10 | 2002-05-24 | Sony Corp | ネットワーク接続制御装置及びその方法 |
US7567578B2 (en) * | 2001-03-16 | 2009-07-28 | Kyocera Wireless Corp. | System and method for roaming connectivity |
US7042998B2 (en) * | 2002-08-27 | 2006-05-09 | Itxc Ip Holdings, S.A.R.L. | Call routing system and method with rule-modifying ability |
US7516487B1 (en) * | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US20070204050A1 (en) * | 2003-09-18 | 2007-08-30 | Sheng Liu | Method Of Radio Access Bearer For Ip Multimedia Session In Umts Network |
US8214875B2 (en) * | 2004-02-26 | 2012-07-03 | Vmware, Inc. | Network security policy enforcement using application session information and object attributes |
EP1805961B1 (en) * | 2004-10-29 | 2012-12-05 | Telefonaktiebolaget L M Ericsson (publ) | Methods and nodes in a communication system for controlling the use of access resources |
US7627123B2 (en) * | 2005-02-07 | 2009-12-01 | Juniper Networks, Inc. | Wireless network having multiple security interfaces |
-
2006
- 2006-09-29 KR KR1020060096632A patent/KR100819036B1/ko active IP Right Grant
- 2006-12-08 US US11/635,554 patent/US20070133408A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002124952A (ja) | 2000-10-12 | 2002-04-26 | Furukawa Electric Co Ltd:The | 無線ネットワークにおける無線端末の認証方法および無線ネットワークにおける無線端末の認証システム |
KR20030000254A (ko) * | 2001-06-22 | 2003-01-06 | (주)빌렉스 | 무선 인터넷 서비스를 위한 과금 대행 장치 및 그 방법 |
KR20040017445A (ko) * | 2002-08-21 | 2004-02-27 | 엘지전자 주식회사 | 멀티미디어 데이터 인증방법 |
KR20050005152A (ko) * | 2003-07-04 | 2005-01-13 | 주식회사 케이티프리텔 | 부당한 단말 식별자에 대한 정보 이용료 과금 차단 방법및 시스템 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101172889B1 (ko) | 2008-12-03 | 2012-08-10 | 한국전자통신연구원 | 유해트래픽 탐지/대응 방법 및 시스템 |
US8402538B2 (en) | 2008-12-03 | 2013-03-19 | Electronics And Telecommunications Research Institute | Method and system for detecting and responding to harmful traffic |
Also Published As
Publication number | Publication date |
---|---|
KR20070061322A (ko) | 2007-06-13 |
US20070133408A1 (en) | 2007-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4586071B2 (ja) | 端末へのユーザポリシーの提供 | |
US7652990B2 (en) | Method and apparatus for providing quality of service level in broadband communications systems | |
US8108677B2 (en) | Method and apparatus for authentication of session packets for resource and admission control functions (RACF) | |
US20020110123A1 (en) | Network connection control apparatus and method | |
JP6455780B2 (ja) | グローバルなリアルタイム電気通信装置、ソフトウェア・モジュール、および、システム | |
US7735114B2 (en) | Multiple tiered network security system, method and apparatus using dynamic user policy assignment | |
US7822406B2 (en) | Simplified dual mode wireless device authentication apparatus and method | |
US20060190997A1 (en) | Method and system for transparent in-line protection of an electronic communications network | |
KR100819036B1 (ko) | 패킷의 헤더정보를 이용한 트래픽 인증장치와 그 방법 | |
US11843532B2 (en) | Application peering | |
US20040177247A1 (en) | Policy enforcement in dynamic networks | |
WO2008019615A1 (fr) | Procédé, dispositif et système pour authentification d'accès | |
JP2014096181A (ja) | 電気通信システムにおいて特権を付与してリソースを共有する方法 | |
US8959610B2 (en) | Security bridging | |
US7656794B2 (en) | Method and apparatus for authenticated quality of service reservation | |
Feng et al. | A dual-layer zero trust architecture for 5G industry MEC applications access control | |
CN100571461C (zh) | 通信系统 | |
CN114391245A (zh) | 网络切片应用接入控制 | |
US6785233B1 (en) | Method for bandwidth management by resizing pipes | |
CN114915972A (zh) | 一种网络切片安全架构及信任度量方法 | |
CN114915534A (zh) | 面向信任增强的网络部署架构及其网络访问方法 | |
KR20050075308A (ko) | 방화벽용 및 관련 제품을 위한 보안 시스템 및 방법 | |
JP3624878B2 (ja) | Ipネットワーク及びそれに用いるアドミッション制御方法 | |
CN116566713A (zh) | 多层次访问控制方法、模块、介质及系统 | |
KR20080001424A (ko) | 인터넷 무단 결제 방지 시스템 및 그 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20130304 Year of fee payment: 6 |
|
FPAY | Annual fee payment |
Payment date: 20140303 Year of fee payment: 7 |
|
FPAY | Annual fee payment |
Payment date: 20150226 Year of fee payment: 8 |
|
FPAY | Annual fee payment |
Payment date: 20160226 Year of fee payment: 9 |
|
FPAY | Annual fee payment |
Payment date: 20170324 Year of fee payment: 10 |
|
FPAY | Annual fee payment |
Payment date: 20180327 Year of fee payment: 11 |
|
FPAY | Annual fee payment |
Payment date: 20200310 Year of fee payment: 13 |