KR20170044835A - Dynamic host access control system and method based on ieee 802.1x - Google Patents
Dynamic host access control system and method based on ieee 802.1x Download PDFInfo
- Publication number
- KR20170044835A KR20170044835A KR1020150144429A KR20150144429A KR20170044835A KR 20170044835 A KR20170044835 A KR 20170044835A KR 1020150144429 A KR1020150144429 A KR 1020150144429A KR 20150144429 A KR20150144429 A KR 20150144429A KR 20170044835 A KR20170044835 A KR 20170044835A
- Authority
- KR
- South Korea
- Prior art keywords
- user
- host
- access control
- server
- authentication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H04L61/2015—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
The present invention relates to security technology, and more particularly, to an 802.1X-based dynamic host access control system and method for dynamically controlling whether or not an access to a user host requesting a service is allowed by an access control target server.
As the cyber threat increases and the leakage of internal confidential information increases, the importance of access control to the system (access control target server) is increasing.
As a result, various security solutions are used to monitor access control to the access control server and internal information leakage.
However, even for access control servers, internal employees or privileged users are always connected to the network to provide services, and there is a risk that they are exposed to a malicious attack because the service ports are open.
SUMMARY OF THE INVENTION It is therefore an object of the present invention to provide an 802.1X-based dynamic host access control method that dynamically controls access to a user host requesting a service, Control system and method.
According to another aspect of the present invention, there is provided an 802.1X-based dynamic host access control system including an authentication server for performing user authentication and IP allocation for a user host by 802.1X; A host profiling module that performs profiling on user host information in the authentication and IP allocation process; A control server for checking the access control policy using the profiled user host information and notifying the access control target server of the access to the user host; And an access control target server that includes an access control agent that manages the access control policy for each user host and changes and deletes the firewall policy.
Meanwhile, an 802.1X-based dynamic host access control method of the present invention includes: performing authentication and IP allocation by 802.1X in response to a network connection of a user host in an authentication server; In the host profiling module, performing the profiling on the user host information in the authentication and IP allocation process; Confirming the access control policy using the profiled user host information in the control server, and notifying the access control target server of the access to the user host; And managing an access control policy for each user host using the access control agent in the access control target server and changing and deleting the firewall policy.
According to another aspect of the present invention, there is provided an 802.1X-based dynamic host access control method including: performing a user authentication by an 802.1X in an authentication server when a user host is connected to a network; Assigning a virtual local area network (VLAN) and an IP address to the user host in the network when the user authentication is completed; Performing profiling on user host information in the user authentication and IP allocation process through the authentication server and the network; Checking the access control policy using the profiled user host information in the control server and notifying the access control target server of the access to the user host; Controlling the access control policy of the firewall to permit access by the user host in response to the access control policy for the user host in the access control target server; And accessing the service provided by the user host in the access control target server.
The 802.1X-based dynamic host access control method of the present invention further comprises the steps of: notifying the authentication server of a termination of the user host connection in response to termination of the network connection of the user host; In response to the termination of the user host connection transmitted from the authentication server, using the profiled user host information in the control server and informing the access control agent installed in the access control target server of the termination of the user host connection ; And deleting the access control policy of the corresponding user host registered in the firewall by referring to the received network connection termination host information in the access control agent, thereby blocking access to the access control target server of the corresponding user host .
As described above, according to the 802.1X-based dynamic host access control system and method according to the present invention, it is possible to prevent the risk of being exposed to an external attack by controlling access permission and blocking according to a policy for 802.1X- have.
1 is a block diagram of an 802.1X based dynamic host access control system according to an embodiment of the present invention.
FIG. 2 is a procedure for allowing 802.1X-based dynamic host access according to an embodiment of the present invention.
FIG. 3 is a block diagram of an 802.1X-based dynamic host access according to an exemplary embodiment of the present invention.
4 is a flowchart illustrating a dynamic host access permission procedure according to an embodiment of the present invention.
5 is a flowchart illustrating a dynamic host access blocking procedure according to an embodiment of the present invention.
6 is a flowchart illustrating an 802.1X authentication and an IP address assignment procedure of a user host according to an embodiment of the present invention.
7 is a flowchart illustrating a user authentication and a profiling procedure using an agent for user authentication according to an embodiment of the present invention.
8 is a flowchart illustrating a user host access control procedure for an access control target server according to an embodiment of the present invention.
Hereinafter, an 802.1X-based dynamic host access control system and method according to the present invention will be described in detail with reference to the accompanying drawings.
1 is a block diagram of an 802.1X based dynamic host access control system according to an embodiment of the present invention.
Referring to FIG. 1, the 802.1X-based dynamic host access control system of the present invention performs user authentication and IP assignment by 802.1X for a user host (user terminal) 1, A
Here, the collection information of the
1) Collection information of host profiling module
- User identifier (ID) of the user host
- The management IP address and port identifier (ID) of the host access switch.
- H / W address (Mac address) and IP address of the user host
- The type of operating system installed on the user's host
2) Functions of the control server
- Access control policy between user host and access control server
- Collecting user host connection and connection termination event information
> Address Resolution Protocol (ARP) packet analysis
> Simple Network Management Protocol (SNMP) Alert packet analysis
> Authentication server transmission message analysis
- Receive host access control request from other security devices (firewall, IDS / IPS, APT defense system, etc.)
- Request access to the access control agent or block request after checking user host connection and connection termination event
3) The function of the access control agent (security agent) for the access control target server
- Receiving user host event and access control policy by communicating with control server
- Management of host access control policies received from the control server
- Establishment and application of firewall policy based on user host access control policy
- The access control agent itself can perform the firewall function, and the operating system itself can also use the firewall
Hereinafter, the 802.1X-based dynamic host access control method of the present invention using the system configured as described above will be described.
FIG. 2 is a procedure for allowing 802.1X-based dynamic host access according to an embodiment of the present invention.
Referring to FIG. 2, when the user host is connected to the network (S1), the authentication server requests user authentication (S2). At this time, a network that does not support 802.1X authentication installs a user authentication agent on a user host, and logs in using an agent for user authentication.
When the user authentication is completed, a virtual local area network (VLAN) and an IP address are assigned to the user host in the network (S3). At this time, the information related to the user host is profiled in the process of user authentication and IP address assignment. Profiling will be synchronized with the authentication server, network and backend database. The profiled user host information includes the management IP address and port identifier (ID) of the host access switch, the user identifier (ID) of the user host, And IP address, and operating system type.
Then, the control server verifies the access control policy using the profiled user host information, and notifies the access control agent installed in the access control target server of the access to the user host (S4).
Thus, the access control agent receives the access control policy for the corresponding user host from the control server. The access control policy configuration items include the IP address and destination service port of the access control server, the user identifier (ID) of the user host, the IP address of the user host, and the MAC address and the originating service port.
Then, the access control agent of the access control server changes the access control policy of the firewall to allow the user host to access according to the received access control policy (S5).
Accordingly, the user host can access the service provided by the access control target server (S6).
FIG. 3 is a block diagram of an 802.1X-based dynamic host access according to an exemplary embodiment of the present invention.
Referring to FIG. 3, when the user host terminates the network connection (S11), the host access switch notifies the authentication server of the end of the user host connection (S12).
The control server recognizing the termination of the user host connection from the authentication server uses the profiled user host information and informs the access control agent installed in the access control target server of the termination of the user host connection. The control server receives the blocking request packet for the user host from other security devices (firewall, IDS / IPS, APT defense system, etc.) and transmits the blocking user host command to the access control agent (S13).
Then, the access control agent receives the connection termination host information (S14). The access control agent deletes the access control policy of the corresponding user host registered in the firewall with reference to the received network connection termination host information (S15), and blocks access to the access controlled server of the corresponding user host (S16).
Therefore, the user host can not access the service provided by the access control target server.
[Example]
First, the preconditions of dynamic host access control implementation are described.
In order to implement the dynamic host access control proposed in the present invention, the following preconditions must be satisfied.
1) Network with 802.1X applied
For dynamic network access control, profiling for user hosts (user terminals) connecting to the network is essential. In order to do this effectively, 802.1X-based network access control that performs user authentication before network access should be applied. The following information is profiled during the user authentication process.
- User identifier (ID) of the user host
- The management IP address and port identifier (ID) of the host access switch.
- H / W address (Mac address) and IP address of the user host
- The type of operating system installed in the user terminal (when selecting the IP address allocation method using DHCP (Dynamic Host Configuration Protocol))
2) Profiling method in network environment without 802.1X in '1)'
In the case of a network to which 802.1X is not applicable, a system capable of profiling user and user terminal information in real time should be constructed. To do this, a separate agent for user authentication is installed to perform user authentication and profiling.
3) IP address assignment using DHCP (optional)
Whether or not DHCP is applied to manage IP addresses in wired and wireless networks is optional. However, when DHCP is used, it is possible to minimize the effort for IP address allocation and retrieval, and it is advantageous to identify the operating system installed in the user terminal by using DHCP fingerprinting.
Hereinafter, the dynamic host access control procedure will be described.
Dynamic host access control is performed in two steps. The first step is to allow access from the access control target server when a user terminal that is permitted to access the service is connected to the network. The second step is to block access from the access control target server to the user terminal whose service use is terminated or network connection is terminated.
4 is a flowchart illustrating a dynamic host access permission procedure according to an embodiment of the present invention.
Referring to FIG. 4, the dynamic host access permission procedure is as follows.
① A user host (Initiating Host) that wants to use the service connects to the network. When a user host connection is detected on the network, the user is authenticated by 802.1X.
* A network that does not support 802.1X authentication installs an agent for user authentication on the user host (Initiating Host) and logs in as an agent when it needs access to an access control server.
② Assign VLAN (Virtual Local Area Network) and IP address from the authentication server (Radius Server) to the user host that has been authenticated.
- Optionally, an access control list (ACL) can be assigned to the port to which the user host is connected.
- IP address assignment of user host is allocated by DHCP, and fixed IP address is also applicable.
- Profiles user host related information during user authentication and IP address assignment.
> The management IP address and port identifier (ID) of the host access switch (Access Switch and AP)
> User ID (user ID), Mac address and IP address of user host, operating system type
③ The control server that recognizes the user host connection checks the access control policy using the profiled user host information and access control agent installed in the access control server (Accepting Host) Notify user host connection. Then, the access control agent receives the access control policy for the user host from the control server.
- How the control server connects to the user host
> Notify the control server after user authentication is completed on the authentication server
> Gratuitous Address Resolution Protocol (GARP) packet reception
> Receiving Simple Network Management Protocol (SNMP) packets from the switch
- Access control policy configuration items
> The IP address of the access control server (Accepting Host) and the destination service port
> User identifier (ID) of the user host
> The IP address and Mac address of the initiating host and the originating service port
④ The access control agent of the access control server (Accepting Host) changes the access control policy of the firewall to allow access to the user host (initiating host) according to the access control policy received.
⑤ The user host accesses the service provided by the Accepting Host.
5 is a flowchart illustrating a dynamic host access blocking procedure according to an embodiment of the present invention.
Referring to FIG. 5, the dynamic host access blocking procedure is as follows.
① The user host (initiating host) terminates the network connection.
- Type of service termination: Termination of user terminal, interception of network connection, etc.
② The host access switch recognizes that the connection of the user host is terminated, and notifies the authentication server (Radius Server) of the end of the user host connection.
③ The control server recognizing the termination of the user host connection uses the profiled user host information and notifies the access agent (Security Agent) installed in the access control server . The access control agent then receives the connection termination host information.
- How to know if the control server has terminated the user host connection
> Authentication server notifies the control server after ending user host connection
> Receiving SNMP packets from the switch
- Access control policy configuration items
> The IP address of the access control server (Accepting Host) and the destination service port
> User identifier (ID) of the user host
> The IP address and Mac address of the initiating host and the originating service port
- Block additional dynamic host access by the control server
> The control server receives the blocking request packet for the user host from other security devices (firewall, IDS / IPS, APT defense system, etc.) and sends the blocking user host command to the access control agent installed on the access control target server.
④ The access control agent of the access control server (Accepting Host) deletes the access control policy of the corresponding user host registered in the firewall by referring to the received network connection termination host information, do.
⑤ The user host can not access the service provided by the access control server.
Here, we will describe the dynamic host access control policy configuration.
(1) Profile items used in access control policy configuration
- User identifier (ID) of the user host
- User host's network connection type: wired or wireless
- H / W address (Mac address) of user host
- Operating system type installed in user terminal
(2) Example of access control configuration
[Table 1] shows the access control policy registered in the control server. When the user terminal is connected to the network and the user authentication is completed, according to the user ID registered in the access control policy, the corresponding policy is the access control agent And the access control server controls access to the user terminal.
The meaning of each policy is as follows.
(1) When the user ID is '50013' and the operating system is MS-Windows and the wired network is used, the IP address '172.16.100.100' allows access to the HTTP (80) service of the access control server.
② A user terminal connected to the port 18 of the access switch whose user ID is '50020' and whose management IP address is '172.16.10.11' allows SSH connection to the access controlled server with IP address '172.16.100.110'.
③ A user terminal whose user ID is '50030', the operating system is iOS or Android, and the user terminal that connects wirelessly allows HTTP (80) service access to the access controlled server with IP address '172.16.100.120'.
④ If the MAC address of the user terminal is '00: 11: 11: 11: 11: 22 ', HTTP (80) is sent to the access control server with IP address' 172.16.100.100' irrespective of the user, ) Allow access to services.
The policy defined in [Table 1] is transformed into a policy of [Table 2], transferred to the access control agent of the access control server, registered, and access control is executed. That is, [Table 2] shows the policy transmitted from the control server to the access control target server.
The IP address of the user terminal in [Table 2] is automatically registered in the access control policy delivery process in the IP address of the user terminal obtained in the user authentication, IP address assignment and profiling process of [FIG. 2].
6 is a flowchart illustrating an 802.1X authentication and an IP address assignment procedure of a user host according to an embodiment of the present invention.
Referring to FIG. 6, the 802.1X authentication procedure is as follows.
①-1 Connect the user host (Initiating Host) to the network and request authentication.
- When the host access switch (Access Switch and AP) recognizes the user host connection and requests the user host for the user ID and PW (Pass Word) required for 802.1X authentication, the user host forwards the user ID and PW to the host access switch do.
①-2 The host access switch requests the authentication server (Radius Server) to authenticate the user host using the user ID and PW.
①-3 The authentication server authenticates the user by using the user ID and PW provided from the host access switch. If the user authentication is successful, profile the information about the user host.
- Profiling information
> User identifier (ID) of the user host
> The management IP address and port identifier (ID) of the host access switch.
> H / W address of user host (Mac address)
①-4 Assign the VLAN to be assigned to the user of the user host to the switch. An access control list can optionally be assigned.
①-5 The authentication server notifies the control server (control server) that the user terminal is connected.
* A network that does not support 802.1X authentication installs an agent for user authentication on the user host (Initiating Host) and logs in as an agent for user authentication when access to the server is required. The user profile information is collected and transmitted by the agent for user authentication.
Referring to FIG. 6, an IP address assignment procedure after 802.1X authentication is as follows.
②-1 User host requests IP address assignment to DHCP server.
②-2 DHCP server assigns IP address to user host.
②-3 Profiles IP address information assigned to user host after IP address assignment.
- Profiling information
> The H / W address (Mac address) of the user host requesting the IP address assignment and the assigned IP address
7 is a flowchart illustrating a user authentication and a profiling procedure using an agent for user authentication according to an embodiment of the present invention.
FIG. 7 illustrates a procedure for authenticating a user in a network environment to which 802.1X is not applied, and performing profiling between a user and a user terminal.
First, the distribution of the agent for user authentication will be described.
- In the network environment where 802.1X is not applied, install agent program for user authentication and profiling.
- The agent for user authentication performs the following functions.
ㆍ Monitor the user terminal, identify the Mac address and IP address of the user terminal, and the operating system type.
When the user terminal is connected to the network, it requests the user ID and PW required for authentication.
ㆍ The agent for user authentication requests authentication from the authentication server (Radius Server) and receives the result.
When the authentication result is notified from the authentication server, the user profile information is transmitted to the control server.
ㆍ Perform functions such as reauthentication and network access control at the request of the control server.
Referring to FIG. 7, the authentication procedure by the agent for user authentication is as follows.
①-1 The user authentication agent confirms that the user terminal is connected to the network, requests the user for the user ID and PW required for authentication, and transmits the authentication request to the authentication server.
①-2 The authentication server informs the agent for user authentication about the authentication result.
Referring to FIG. 7, the user profile information registration procedure is as follows.
②-1 If the authentication is successful, the agent for user authentication sends the user profile information to the control server.
②-1 The control server records the user profile information received from the agent in the database (Backend Database).
8 is a flowchart illustrating a user host access control procedure for an access control target server according to an embodiment of the present invention.
FIG. 8 shows a dynamic host access control procedure performed after user authentication and IP address assignment to a user host are completed.
Referring to FIG. 8, the user host access control procedure is as follows.
①-1 The control server recognizing that the user host is connected to the network notifies the access agent (Security Agent) installed on the access control server of the connection to the user host.
①-2 The access control agent of the access control server The event control module of the agent is informed of the connection of the user host and requests the security policy for the user host to the control server through the policy management module.
①-3 The control server checks the registered security policy for the corresponding user host.
①-4 The control server sends the security policy of the user host requested by the access control agent of the access control server.
①-5 The policy management module of the access control agent that receives the security policy for the user host registers the access control policy in the firewall and allows the user host access.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the invention.
1: User host
2: Host Profiling Module
3: control server
4: Access control target server
Claims (10)
A host profiling module that performs profiling on user host information in the authentication and IP allocation process;
A control server for checking the access control policy using the profiled user host information and notifying the access control target server of the access to the user host; And
An 802.1X based dynamic host access control system including an access control server including an access control agent for managing user access control policies and changing and deleting firewall policies.
In the host profiling module, performing the profiling on the user host information in the authentication and IP allocation process;
Confirming the access control policy using the profiled user host information in the control server, and notifying the access control target server of the access to the user host; And
Managing an access control policy for each user host using an access control agent in an access control target server, and changing and deleting a firewall policy.
Assigning a virtual local area network (VLAN) and an IP address to the user host in the network when the user authentication is completed;
Performing profiling on user host information in the user authentication and IP allocation process through the authentication server and the network;
Checking the access control policy using the profiled user host information in the control server and notifying the access control target server of the access to the user host;
Controlling the access control policy of the firewall to permit access by the user host in response to the access control policy for the user host in the access control target server; And
And accessing the service provided by the access control target server by the user host.
Wherein the network that does not support 802.1X authentication installs a user authentication agent on the user host and logs on using the user authentication agent.
The profiled user host information includes at least one of a management IP address and a port identifier (ID) of a host access switch, a user identifier (ID) of a user host, a Mac address and an IP address, an 802.1X- .
Wherein the access control target server manages an access control policy for each user host, and changes and deletes a firewall policy.
The access control policy configuration item includes an IP address of the access control server (Accepting Host), a destination service port, a user identifier (ID) of the user host, an IP address of the user host (Initiating Host) 802.1X based dynamic host access control method.
Wherein the IP address assignment of the user host is based on Dynamic Host Configuration Protocol (DHCP).
In response to the termination of the user host connection transmitted from the authentication server, using the profiled user host information in the control server and informing the access control agent installed in the access control target server of the termination of the user host connection ; And
The access control agent deletes the access control policy of the corresponding user host registered in the firewall with reference to the received network connection termination host information and blocks access to the access control target server of the corresponding user host, Dynamic host access control method.
Wherein the control server receives a blocking request packet for the user host from a security device and transmits a blocking user host command to the access control agent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150144429A KR20170044835A (en) | 2015-10-16 | 2015-10-16 | Dynamic host access control system and method based on ieee 802.1x |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150144429A KR20170044835A (en) | 2015-10-16 | 2015-10-16 | Dynamic host access control system and method based on ieee 802.1x |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170044835A true KR20170044835A (en) | 2017-04-26 |
Family
ID=58705078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150144429A KR20170044835A (en) | 2015-10-16 | 2015-10-16 | Dynamic host access control system and method based on ieee 802.1x |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170044835A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023116791A1 (en) * | 2021-12-22 | 2023-06-29 | 中兴通讯股份有限公司 | Access control method, access control system, terminal and storage medium |
-
2015
- 2015-10-16 KR KR1020150144429A patent/KR20170044835A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023116791A1 (en) * | 2021-12-22 | 2023-06-29 | 中兴通讯股份有限公司 | Access control method, access control system, terminal and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015101125A1 (en) | Network access control method and device | |
US7568107B1 (en) | Method and system for auto discovery of authenticator for network login | |
JP4754964B2 (en) | Radio network control apparatus and radio network control system | |
JP5957612B2 (en) | Reducing core network traffic caused by my grant | |
KR101910605B1 (en) | System and method for controlling network access of wireless terminal | |
CN112997454A (en) | Connecting to a home local area network via a mobile communication network | |
JP2018525935A (en) | Secure communication using devices that can connect to the Internet | |
EP2405678A1 (en) | System and method for roaming WLAN authentication | |
US20180198786A1 (en) | Associating layer 2 and layer 3 sessions for access control | |
US9497179B2 (en) | Provisioning layer three access for agentless devices | |
WO2017219748A1 (en) | Method and device for access permission determination and page access | |
JP5864598B2 (en) | Method and system for providing service access to a user | |
US20170093868A1 (en) | Device authentication to capillary gateway | |
US20240098583A1 (en) | PDU session continuity for a UE moving between a telecommunications network and a gateway device | |
KR101993860B1 (en) | System and method for controlling network access | |
US20120106399A1 (en) | Identity management system | |
KR101628534B1 (en) | VIRTUAL 802.1x METHOD AND DEVICE FOR NETWORK ACCESS CONTROL | |
KR20170044835A (en) | Dynamic host access control system and method based on ieee 802.1x | |
KR20070102830A (en) | Method for access control in wire and wireless network | |
JP2013105250A (en) | Access line specification/authentication system | |
TW201721498A (en) | Wired area network user management system and method with security and function scalability wherein a network controller is used to control a programmable network switch, and divert a non-authenticated terminal device to an authentication server | |
CN111416815B (en) | Message processing method, electronic device and storage medium | |
KR101690105B1 (en) | Method for controlling network access based on ieee 802.1x by entrance and exit state | |
CN113556337A (en) | Terminal address identification method, network system, electronic device and storage medium | |
CN102447710A (en) | Method and system for controlling access right of user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |