KR20170044835A - Dynamic host access control system and method based on ieee 802.1x - Google Patents

Dynamic host access control system and method based on ieee 802.1x Download PDF

Info

Publication number
KR20170044835A
KR20170044835A KR1020150144429A KR20150144429A KR20170044835A KR 20170044835 A KR20170044835 A KR 20170044835A KR 1020150144429 A KR1020150144429 A KR 1020150144429A KR 20150144429 A KR20150144429 A KR 20150144429A KR 20170044835 A KR20170044835 A KR 20170044835A
Authority
KR
South Korea
Prior art keywords
user
host
access control
server
authentication
Prior art date
Application number
KR1020150144429A
Other languages
Korean (ko)
Inventor
김정호
이민철
Original Assignee
한밭대학교 산학협력단
한밭대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한밭대학교 산학협력단, 한밭대학교 산학협력단 filed Critical 한밭대학교 산학협력단
Priority to KR1020150144429A priority Critical patent/KR20170044835A/en
Publication of KR20170044835A publication Critical patent/KR20170044835A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • H04L61/2015
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to an 802.1X based dynamic host access control system and a method thereof. The system comprises: an authentication server performing user authentication and IP assignment by 802.1X for a user host; a host profiling module performing profiling on a user host information in the authentication and IP assignment process; a control server confirming an access control policy by using the profiled user host information and notifying a user host connection; and an access control target server managing the access control policy by user host and including an access control agent changing and deleting a firewall policy. According to the present invention, the risk of being exposed to an external attack can be prevented by allowing and blocking access according to the policy for 802.1X based dynamic host access.

Description

TECHNICAL FIELD [0001] The present invention relates to a dynamic host access control system based on 802.1X,

The present invention relates to security technology, and more particularly, to an 802.1X-based dynamic host access control system and method for dynamically controlling whether or not an access to a user host requesting a service is allowed by an access control target server.

As the cyber threat increases and the leakage of internal confidential information increases, the importance of access control to the system (access control target server) is increasing.

As a result, various security solutions are used to monitor access control to the access control server and internal information leakage.

However, even for access control servers, internal employees or privileged users are always connected to the network to provide services, and there is a risk that they are exposed to a malicious attack because the service ports are open.

Korean Registered Patent No. 10-1218409 (Published date 2013.03.03.)

SUMMARY OF THE INVENTION It is therefore an object of the present invention to provide an 802.1X-based dynamic host access control method that dynamically controls access to a user host requesting a service, Control system and method.

According to another aspect of the present invention, there is provided an 802.1X-based dynamic host access control system including an authentication server for performing user authentication and IP allocation for a user host by 802.1X; A host profiling module that performs profiling on user host information in the authentication and IP allocation process; A control server for checking the access control policy using the profiled user host information and notifying the access control target server of the access to the user host; And an access control target server that includes an access control agent that manages the access control policy for each user host and changes and deletes the firewall policy.

Meanwhile, an 802.1X-based dynamic host access control method of the present invention includes: performing authentication and IP allocation by 802.1X in response to a network connection of a user host in an authentication server; In the host profiling module, performing the profiling on the user host information in the authentication and IP allocation process; Confirming the access control policy using the profiled user host information in the control server, and notifying the access control target server of the access to the user host; And managing an access control policy for each user host using the access control agent in the access control target server and changing and deleting the firewall policy.

According to another aspect of the present invention, there is provided an 802.1X-based dynamic host access control method including: performing a user authentication by an 802.1X in an authentication server when a user host is connected to a network; Assigning a virtual local area network (VLAN) and an IP address to the user host in the network when the user authentication is completed; Performing profiling on user host information in the user authentication and IP allocation process through the authentication server and the network; Checking the access control policy using the profiled user host information in the control server and notifying the access control target server of the access to the user host; Controlling the access control policy of the firewall to permit access by the user host in response to the access control policy for the user host in the access control target server; And accessing the service provided by the user host in the access control target server.

The 802.1X-based dynamic host access control method of the present invention further comprises the steps of: notifying the authentication server of a termination of the user host connection in response to termination of the network connection of the user host; In response to the termination of the user host connection transmitted from the authentication server, using the profiled user host information in the control server and informing the access control agent installed in the access control target server of the termination of the user host connection ; And deleting the access control policy of the corresponding user host registered in the firewall by referring to the received network connection termination host information in the access control agent, thereby blocking access to the access control target server of the corresponding user host .

As described above, according to the 802.1X-based dynamic host access control system and method according to the present invention, it is possible to prevent the risk of being exposed to an external attack by controlling access permission and blocking according to a policy for 802.1X- have.

1 is a block diagram of an 802.1X based dynamic host access control system according to an embodiment of the present invention.
FIG. 2 is a procedure for allowing 802.1X-based dynamic host access according to an embodiment of the present invention.
FIG. 3 is a block diagram of an 802.1X-based dynamic host access according to an exemplary embodiment of the present invention.
4 is a flowchart illustrating a dynamic host access permission procedure according to an embodiment of the present invention.
5 is a flowchart illustrating a dynamic host access blocking procedure according to an embodiment of the present invention.
6 is a flowchart illustrating an 802.1X authentication and an IP address assignment procedure of a user host according to an embodiment of the present invention.
7 is a flowchart illustrating a user authentication and a profiling procedure using an agent for user authentication according to an embodiment of the present invention.
8 is a flowchart illustrating a user host access control procedure for an access control target server according to an embodiment of the present invention.

Hereinafter, an 802.1X-based dynamic host access control system and method according to the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of an 802.1X based dynamic host access control system according to an embodiment of the present invention.

Referring to FIG. 1, the 802.1X-based dynamic host access control system of the present invention performs user authentication and IP assignment by 802.1X for a user host (user terminal) 1, A control server 3 for checking the access control policy using the profiled user host information and notifying the user of the connection to the user host, And an access control target server 4 in which an access control agent for managing a separate access control policy and changing and deleting a firewall policy is installed.

Here, the collection information of the host profiling module 2, the functions of the control server 3, and the functions of the access control agent will be briefly described.

1) Collection information of host profiling module

- User identifier (ID) of the user host

- The management IP address and port identifier (ID) of the host access switch.

- H / W address (Mac address) and IP address of the user host

- The type of operating system installed on the user's host

2) Functions of the control server

- Access control policy between user host and access control server

- Collecting user host connection and connection termination event information

> Address Resolution Protocol (ARP) packet analysis

> Simple Network Management Protocol (SNMP) Alert packet analysis

> Authentication server transmission message analysis

- Receive host access control request from other security devices (firewall, IDS / IPS, APT defense system, etc.)

- Request access to the access control agent or block request after checking user host connection and connection termination event

3) The function of the access control agent (security agent) for the access control target server

- Receiving user host event and access control policy by communicating with control server

- Management of host access control policies received from the control server

- Establishment and application of firewall policy based on user host access control policy

- The access control agent itself can perform the firewall function, and the operating system itself can also use the firewall

Hereinafter, the 802.1X-based dynamic host access control method of the present invention using the system configured as described above will be described.

FIG. 2 is a procedure for allowing 802.1X-based dynamic host access according to an embodiment of the present invention.

Referring to FIG. 2, when the user host is connected to the network (S1), the authentication server requests user authentication (S2). At this time, a network that does not support 802.1X authentication installs a user authentication agent on a user host, and logs in using an agent for user authentication.

When the user authentication is completed, a virtual local area network (VLAN) and an IP address are assigned to the user host in the network (S3). At this time, the information related to the user host is profiled in the process of user authentication and IP address assignment. Profiling will be synchronized with the authentication server, network and backend database. The profiled user host information includes the management IP address and port identifier (ID) of the host access switch, the user identifier (ID) of the user host, And IP address, and operating system type.

Then, the control server verifies the access control policy using the profiled user host information, and notifies the access control agent installed in the access control target server of the access to the user host (S4).

Thus, the access control agent receives the access control policy for the corresponding user host from the control server. The access control policy configuration items include the IP address and destination service port of the access control server, the user identifier (ID) of the user host, the IP address of the user host, and the MAC address and the originating service port.

Then, the access control agent of the access control server changes the access control policy of the firewall to allow the user host to access according to the received access control policy (S5).

Accordingly, the user host can access the service provided by the access control target server (S6).

FIG. 3 is a block diagram of an 802.1X-based dynamic host access according to an exemplary embodiment of the present invention.

Referring to FIG. 3, when the user host terminates the network connection (S11), the host access switch notifies the authentication server of the end of the user host connection (S12).

The control server recognizing the termination of the user host connection from the authentication server uses the profiled user host information and informs the access control agent installed in the access control target server of the termination of the user host connection. The control server receives the blocking request packet for the user host from other security devices (firewall, IDS / IPS, APT defense system, etc.) and transmits the blocking user host command to the access control agent (S13).

Then, the access control agent receives the connection termination host information (S14). The access control agent deletes the access control policy of the corresponding user host registered in the firewall with reference to the received network connection termination host information (S15), and blocks access to the access controlled server of the corresponding user host (S16).

Therefore, the user host can not access the service provided by the access control target server.

[Example]

First, the preconditions of dynamic host access control implementation are described.

In order to implement the dynamic host access control proposed in the present invention, the following preconditions must be satisfied.

1) Network with 802.1X applied

For dynamic network access control, profiling for user hosts (user terminals) connecting to the network is essential. In order to do this effectively, 802.1X-based network access control that performs user authentication before network access should be applied. The following information is profiled during the user authentication process.

- User identifier (ID) of the user host

- The management IP address and port identifier (ID) of the host access switch.

- H / W address (Mac address) and IP address of the user host

- The type of operating system installed in the user terminal (when selecting the IP address allocation method using DHCP (Dynamic Host Configuration Protocol))

2) Profiling method in network environment without 802.1X in '1)'

In the case of a network to which 802.1X is not applicable, a system capable of profiling user and user terminal information in real time should be constructed. To do this, a separate agent for user authentication is installed to perform user authentication and profiling.

3) IP address assignment using DHCP (optional)

Whether or not DHCP is applied to manage IP addresses in wired and wireless networks is optional. However, when DHCP is used, it is possible to minimize the effort for IP address allocation and retrieval, and it is advantageous to identify the operating system installed in the user terminal by using DHCP fingerprinting.

Hereinafter, the dynamic host access control procedure will be described.

Dynamic host access control is performed in two steps. The first step is to allow access from the access control target server when a user terminal that is permitted to access the service is connected to the network. The second step is to block access from the access control target server to the user terminal whose service use is terminated or network connection is terminated.

4 is a flowchart illustrating a dynamic host access permission procedure according to an embodiment of the present invention.

Referring to FIG. 4, the dynamic host access permission procedure is as follows.

① A user host (Initiating Host) that wants to use the service connects to the network. When a user host connection is detected on the network, the user is authenticated by 802.1X.

* A network that does not support 802.1X authentication installs an agent for user authentication on the user host (Initiating Host) and logs in as an agent when it needs access to an access control server.

② Assign VLAN (Virtual Local Area Network) and IP address from the authentication server (Radius Server) to the user host that has been authenticated.

- Optionally, an access control list (ACL) can be assigned to the port to which the user host is connected.

- IP address assignment of user host is allocated by DHCP, and fixed IP address is also applicable.

- Profiles user host related information during user authentication and IP address assignment.

> The management IP address and port identifier (ID) of the host access switch (Access Switch and AP)

> User ID (user ID), Mac address and IP address of user host, operating system type

③ The control server that recognizes the user host connection checks the access control policy using the profiled user host information and access control agent installed in the access control server (Accepting Host) Notify user host connection. Then, the access control agent receives the access control policy for the user host from the control server.

- How the control server connects to the user host

> Notify the control server after user authentication is completed on the authentication server

> Gratuitous Address Resolution Protocol (GARP) packet reception

> Receiving Simple Network Management Protocol (SNMP) packets from the switch

- Access control policy configuration items

> The IP address of the access control server (Accepting Host) and the destination service port

> User identifier (ID) of the user host

> The IP address and Mac address of the initiating host and the originating service port

④ The access control agent of the access control server (Accepting Host) changes the access control policy of the firewall to allow access to the user host (initiating host) according to the access control policy received.

⑤ The user host accesses the service provided by the Accepting Host.

5 is a flowchart illustrating a dynamic host access blocking procedure according to an embodiment of the present invention.

Referring to FIG. 5, the dynamic host access blocking procedure is as follows.

① The user host (initiating host) terminates the network connection.

- Type of service termination: Termination of user terminal, interception of network connection, etc.

② The host access switch recognizes that the connection of the user host is terminated, and notifies the authentication server (Radius Server) of the end of the user host connection.

③ The control server recognizing the termination of the user host connection uses the profiled user host information and notifies the access agent (Security Agent) installed in the access control server . The access control agent then receives the connection termination host information.

- How to know if the control server has terminated the user host connection

> Authentication server notifies the control server after ending user host connection

> Receiving SNMP packets from the switch

- Access control policy configuration items

> The IP address of the access control server (Accepting Host) and the destination service port

> User identifier (ID) of the user host

> The IP address and Mac address of the initiating host and the originating service port

- Block additional dynamic host access by the control server

> The control server receives the blocking request packet for the user host from other security devices (firewall, IDS / IPS, APT defense system, etc.) and sends the blocking user host command to the access control agent installed on the access control target server.

④ The access control agent of the access control server (Accepting Host) deletes the access control policy of the corresponding user host registered in the firewall by referring to the received network connection termination host information, do.

⑤ The user host can not access the service provided by the access control server.

Here, we will describe the dynamic host access control policy configuration.

(1) Profile items used in access control policy configuration

- User identifier (ID) of the user host

- User host's network connection type: wired or wireless

- H / W address (Mac address) of user host

- Operating system type installed in user terminal

(2) Example of access control configuration

[Table 1] shows the access control policy registered in the control server. When the user terminal is connected to the network and the user authentication is completed, according to the user ID registered in the access control policy, the corresponding policy is the access control agent And the access control server controls access to the user terminal.

Figure pat00001

The meaning of each policy is as follows.

(1) When the user ID is '50013' and the operating system is MS-Windows and the wired network is used, the IP address '172.16.100.100' allows access to the HTTP (80) service of the access control server.

② A user terminal connected to the port 18 of the access switch whose user ID is '50020' and whose management IP address is '172.16.10.11' allows SSH connection to the access controlled server with IP address '172.16.100.110'.

③ A user terminal whose user ID is '50030', the operating system is iOS or Android, and the user terminal that connects wirelessly allows HTTP (80) service access to the access controlled server with IP address '172.16.100.120'.

④ If the MAC address of the user terminal is '00: 11: 11: 11: 11: 22 ', HTTP (80) is sent to the access control server with IP address' 172.16.100.100' irrespective of the user, ) Allow access to services.

The policy defined in [Table 1] is transformed into a policy of [Table 2], transferred to the access control agent of the access control server, registered, and access control is executed. That is, [Table 2] shows the policy transmitted from the control server to the access control target server.

Figure pat00002

The IP address of the user terminal in [Table 2] is automatically registered in the access control policy delivery process in the IP address of the user terminal obtained in the user authentication, IP address assignment and profiling process of [FIG. 2].

6 is a flowchart illustrating an 802.1X authentication and an IP address assignment procedure of a user host according to an embodiment of the present invention.

Referring to FIG. 6, the 802.1X authentication procedure is as follows.

①-1 Connect the user host (Initiating Host) to the network and request authentication.

- When the host access switch (Access Switch and AP) recognizes the user host connection and requests the user host for the user ID and PW (Pass Word) required for 802.1X authentication, the user host forwards the user ID and PW to the host access switch do.

①-2 The host access switch requests the authentication server (Radius Server) to authenticate the user host using the user ID and PW.

①-3 The authentication server authenticates the user by using the user ID and PW provided from the host access switch. If the user authentication is successful, profile the information about the user host.

- Profiling information

> User identifier (ID) of the user host

> The management IP address and port identifier (ID) of the host access switch.

> H / W address of user host (Mac address)

①-4 Assign the VLAN to be assigned to the user of the user host to the switch. An access control list can optionally be assigned.

①-5 The authentication server notifies the control server (control server) that the user terminal is connected.

* A network that does not support 802.1X authentication installs an agent for user authentication on the user host (Initiating Host) and logs in as an agent for user authentication when access to the server is required. The user profile information is collected and transmitted by the agent for user authentication.

Referring to FIG. 6, an IP address assignment procedure after 802.1X authentication is as follows.

②-1 User host requests IP address assignment to DHCP server.

②-2 DHCP server assigns IP address to user host.

②-3 Profiles IP address information assigned to user host after IP address assignment.

- Profiling information

> The H / W address (Mac address) of the user host requesting the IP address assignment and the assigned IP address

7 is a flowchart illustrating a user authentication and a profiling procedure using an agent for user authentication according to an embodiment of the present invention.

FIG. 7 illustrates a procedure for authenticating a user in a network environment to which 802.1X is not applied, and performing profiling between a user and a user terminal.

First, the distribution of the agent for user authentication will be described.

- In the network environment where 802.1X is not applied, install agent program for user authentication and profiling.

- The agent for user authentication performs the following functions.

ㆍ Monitor the user terminal, identify the Mac address and IP address of the user terminal, and the operating system type.

When the user terminal is connected to the network, it requests the user ID and PW required for authentication.

ㆍ The agent for user authentication requests authentication from the authentication server (Radius Server) and receives the result.

When the authentication result is notified from the authentication server, the user profile information is transmitted to the control server.

ㆍ Perform functions such as reauthentication and network access control at the request of the control server.

Referring to FIG. 7, the authentication procedure by the agent for user authentication is as follows.

①-1 The user authentication agent confirms that the user terminal is connected to the network, requests the user for the user ID and PW required for authentication, and transmits the authentication request to the authentication server.

①-2 The authentication server informs the agent for user authentication about the authentication result.

Referring to FIG. 7, the user profile information registration procedure is as follows.

②-1 If the authentication is successful, the agent for user authentication sends the user profile information to the control server.

②-1 The control server records the user profile information received from the agent in the database (Backend Database).

8 is a flowchart illustrating a user host access control procedure for an access control target server according to an embodiment of the present invention.

FIG. 8 shows a dynamic host access control procedure performed after user authentication and IP address assignment to a user host are completed.

Referring to FIG. 8, the user host access control procedure is as follows.

①-1 The control server recognizing that the user host is connected to the network notifies the access agent (Security Agent) installed on the access control server of the connection to the user host.

①-2 The access control agent of the access control server The event control module of the agent is informed of the connection of the user host and requests the security policy for the user host to the control server through the policy management module.

①-3 The control server checks the registered security policy for the corresponding user host.

①-4 The control server sends the security policy of the user host requested by the access control agent of the access control server.

①-5 The policy management module of the access control agent that receives the security policy for the user host registers the access control policy in the firewall and allows the user host access.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the invention.

1: User host
2: Host Profiling Module
3: control server
4: Access control target server

Claims (10)

An authentication server for performing user authentication and IP assignment by 802.1X for the user host;
A host profiling module that performs profiling on user host information in the authentication and IP allocation process;
A control server for checking the access control policy using the profiled user host information and notifying the access control target server of the access to the user host; And
An 802.1X based dynamic host access control system including an access control server including an access control agent for managing user access control policies and changing and deleting firewall policies.
Performing, at the authentication server, user authentication and IP assignment by 802.1X in response to a network connection of a user host;
In the host profiling module, performing the profiling on the user host information in the authentication and IP allocation process;
Confirming the access control policy using the profiled user host information in the control server, and notifying the access control target server of the access to the user host; And
Managing an access control policy for each user host using an access control agent in an access control target server, and changing and deleting a firewall policy.
When the user host is connected to the network, performing authentication of the user by 802.1X at the authentication server;
Assigning a virtual local area network (VLAN) and an IP address to the user host in the network when the user authentication is completed;
Performing profiling on user host information in the user authentication and IP allocation process through the authentication server and the network;
Checking the access control policy using the profiled user host information in the control server and notifying the access control target server of the access to the user host;
Controlling the access control policy of the firewall to permit access by the user host in response to the access control policy for the user host in the access control target server; And
And accessing the service provided by the access control target server by the user host.
The method of claim 3,
Wherein the network that does not support 802.1X authentication installs a user authentication agent on the user host and logs on using the user authentication agent.
The method of claim 3,
The profiled user host information includes at least one of a management IP address and a port identifier (ID) of a host access switch, a user identifier (ID) of a user host, a Mac address and an IP address, an 802.1X- .
The method of claim 3,
Wherein the access control target server manages an access control policy for each user host, and changes and deletes a firewall policy.
The method of claim 3,
The access control policy configuration item includes an IP address of the access control server (Accepting Host), a destination service port, a user identifier (ID) of the user host, an IP address of the user host (Initiating Host) 802.1X based dynamic host access control method.
The method of claim 3,
Wherein the IP address assignment of the user host is based on Dynamic Host Configuration Protocol (DHCP).
The host access switch informing the authentication server of the termination of the user host connection in response to termination of the network connection of the user host;
In response to the termination of the user host connection transmitted from the authentication server, using the profiled user host information in the control server and informing the access control agent installed in the access control target server of the termination of the user host connection ; And
The access control agent deletes the access control policy of the corresponding user host registered in the firewall with reference to the received network connection termination host information and blocks access to the access control target server of the corresponding user host, Dynamic host access control method.
10. The method of claim 9,
Wherein the control server receives a blocking request packet for the user host from a security device and transmits a blocking user host command to the access control agent.
KR1020150144429A 2015-10-16 2015-10-16 Dynamic host access control system and method based on ieee 802.1x KR20170044835A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150144429A KR20170044835A (en) 2015-10-16 2015-10-16 Dynamic host access control system and method based on ieee 802.1x

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150144429A KR20170044835A (en) 2015-10-16 2015-10-16 Dynamic host access control system and method based on ieee 802.1x

Publications (1)

Publication Number Publication Date
KR20170044835A true KR20170044835A (en) 2017-04-26

Family

ID=58705078

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150144429A KR20170044835A (en) 2015-10-16 2015-10-16 Dynamic host access control system and method based on ieee 802.1x

Country Status (1)

Country Link
KR (1) KR20170044835A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023116791A1 (en) * 2021-12-22 2023-06-29 中兴通讯股份有限公司 Access control method, access control system, terminal and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023116791A1 (en) * 2021-12-22 2023-06-29 中兴通讯股份有限公司 Access control method, access control system, terminal and storage medium

Similar Documents

Publication Publication Date Title
WO2015101125A1 (en) Network access control method and device
US7568107B1 (en) Method and system for auto discovery of authenticator for network login
JP4754964B2 (en) Radio network control apparatus and radio network control system
JP5957612B2 (en) Reducing core network traffic caused by my grant
KR101910605B1 (en) System and method for controlling network access of wireless terminal
CN112997454A (en) Connecting to a home local area network via a mobile communication network
JP2018525935A (en) Secure communication using devices that can connect to the Internet
EP2405678A1 (en) System and method for roaming WLAN authentication
US20180198786A1 (en) Associating layer 2 and layer 3 sessions for access control
US9497179B2 (en) Provisioning layer three access for agentless devices
WO2017219748A1 (en) Method and device for access permission determination and page access
JP5864598B2 (en) Method and system for providing service access to a user
US20170093868A1 (en) Device authentication to capillary gateway
US20240098583A1 (en) PDU session continuity for a UE moving between a telecommunications network and a gateway device
KR101993860B1 (en) System and method for controlling network access
US20120106399A1 (en) Identity management system
KR101628534B1 (en) VIRTUAL 802.1x METHOD AND DEVICE FOR NETWORK ACCESS CONTROL
KR20170044835A (en) Dynamic host access control system and method based on ieee 802.1x
KR20070102830A (en) Method for access control in wire and wireless network
JP2013105250A (en) Access line specification/authentication system
TW201721498A (en) Wired area network user management system and method with security and function scalability wherein a network controller is used to control a programmable network switch, and divert a non-authenticated terminal device to an authentication server
CN111416815B (en) Message processing method, electronic device and storage medium
KR101690105B1 (en) Method for controlling network access based on ieee 802.1x by entrance and exit state
CN113556337A (en) Terminal address identification method, network system, electronic device and storage medium
CN102447710A (en) Method and system for controlling access right of user

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application