WO2006001647A1 - Systeme de gestion de reseau integree - Google Patents
Systeme de gestion de reseau integree Download PDFInfo
- Publication number
- WO2006001647A1 WO2006001647A1 PCT/KR2005/001959 KR2005001959W WO2006001647A1 WO 2006001647 A1 WO2006001647 A1 WO 2006001647A1 KR 2005001959 W KR2005001959 W KR 2005001959W WO 2006001647 A1 WO2006001647 A1 WO 2006001647A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- module
- user
- network
- server
- Prior art date
Links
- 238000013475 authorization Methods 0.000 claims abstract description 50
- 238000009434 installation Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 8
- 238000000034 method Methods 0.000 description 6
- 238000010276 construction Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 229960005486 vaccine Drugs 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000237519 Bivalvia Species 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 235000020639 clam Nutrition 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/042—Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
Definitions
- the present invention relates to an integrated network management system that performs 802.Ix protocol- based authentication and security on a network and, more particularly, to an integrated network management system, which can authenticate users who try to gain access to the network, and modify authorization policies, which will be applied to Voice Over Internet Protocol client modules, Virtual Private Network client modules and personal firewall modules installed in user terminals, as authorization policies set in an authentication server for respective users, or dynamically control the network access privileges of users according to the status of particular software installed in user terminals.
- FIG. 1 is a schematic diagram illustrating an authentication system on a wired/wireless network.
- FIG. 2 is a view illustrating an authentication process sequence in the authentication system of FIG. 1.
- the supplicant is an entity that provides the authenticator with a user's authentication information and requests user authentication, an example of which is a wired/wireless terminal that tries to gain access to the network. Access by the supplicant to the network is controlled by the authenticator, and the supplicant and the authenticator are referred to as Port Authentication Entities (PAE) .
- PEE Port Authentication Entities
- the initial port status of the authenticator is set to an uncontrolled port status.
- the supplicant and the authenticator can communicate with each other only through the Extensible Authentication Protocol (EAP) . That is, when authentication information and an authentication request are transferred from the supplicant to the authenticator, EAP Over LAN (EAPOL) or EAP Over Wireless (EAPOW) is used as the protocol.
- EAPOL EAP Over LAN
- EAPOW EAP Over Wireless
- the authenticator transmits the authentication information and the authentication request, which are received from the supplicant, to the authentication server. If the authentication through the authentication server is successful, the authenticator transfers an authentication success message to the supplicant and switches the port of the authenticator to a controlled port status.
- An example of the authenticator may be one of an access point, a router and a switch.
- the authenticator terminates only link layer authentication exchange, does not maintain user information, and transmits all requests, which are received from the supplicant, to the authentication server for processing. Meanwhile, authentication exchange is logically carried out between the supplicant and the authentication server.
- the authenticator serves only as a bridge.
- the authentication server is an entity that receives a request for supplicant authentication from the authenticator and authenticates the supplicant.
- the authentication server stores and manages user authentication information in its internal database, or receives user authentication information through communication with an external entity, and then authenticates users.
- a protocol used between the authentication server and the authenticator is not defined in IEEE 802.Ix, it is recommended that the protocol used in a typical Authentication, Authorization and Accounting (AAA) server be used. Accordingly, the Remote Authentication Dial-In User Service (RADIUS) protocol became a de facto standard in the industry.
- RADIUS Remote Authentication Dial-In User Service
- the control of the network access privileges of users can be implemented using the determination of authentication through the internal authentication algorithm of the authentication server, RADIUS attributes transferable through an authentication success message, and Vendor Specific Attributes (VSAs) .
- VSAs Vendor Specific Attributes
- the prior art 802.Ix supplicant is mainly composed of an EAPOL-based packet processor and a PAE state machine.
- a supplicant program installed in a user terminal has wireless network management functions, in addition to the above-described functions.
- the applicant of the present invention proposes a new integrated network management system that can integrally perform a new type of security, user authentication and privilege management on the basis of the conventional 802.Ix protocol.
- VoIP Voice over Internet Protocol
- VPN Virtual Private Network
- the present invention provides an integrated network management system, including: a user terminal having a predetermined access program, the terminal trying to gain access to a network using the access program; a security management server having at least one of authorization policies, which may be applied to a Voice Over Internet Protocol (VoIP) client module, a Virtual Private Network (VPN) client module and a personal firewall module, for each registered user; and an authentication server for authenticating a user and a user terminal trying to gain access to the network for each user, and transmitting authorization policies, which will be applied to a successfully authenticated user terminal, to the user terminal while operating in conjunction with the security management server; wherein the access program of the user terminal comprises at least one of the VoIP client module, the VPN client module and the personal firewall module; and wherein the access program comprises: an authentication supplicant module for gaining access to an end terminal of a network, transmitting basic user authentication information to the end terminal, and making a request for user authentication, and a security management module for receiving authorization policies,
- VoIP Voice Over Internet Protocol
- VPN Virtual Private Network
- the security management server causes an administrator to previously register the authorization policies for the VoIP client module, the VPN client module and the personal firewall module that will be applied to each user.
- the security management server stores and updates registration information about particular software while operating in conjunction with an external software management server;
- the access program of the user terminal further includes a software management module for storing registration information about particular software installed in the user terminal, and the authentication supplicant module transmits the basic authentication information and the registration information stored in the software management module to the authentication server when the authentication is requested;
- the authentication server authenticates the user using the basic user authentication information, and transmits an authentication success message only when the registration information about the particular software, which is received from the user terminal, is identical to corresponding information of the security management server even if the authentication is successful.
- a computer readable recording medium stores an access program installed in a predetermined terminal and configured to allow a user to gain access to a network, wherein: the access program comprises at least one of a VoIP client module, a VPN client module and a personal firewall module; and the access program comprises: an authentication supplicant module for transmitting basic user authentication information to an authentication server and making a request for user authentication, and a security management module for modifying authorization policies for corresponding modules using authorization policies for at least one of the VoIP client module, the VPN client module and the personal firewall module, which are received from the authentication server, when the authentication is performed by the authentication supplicant module.
- the access program further includes a software management module for storing and managing registration information about particular software installed in the user terminal, the authentication supplicant module transmits the registration information about particular software, which is installed in the software management module, to the authentication server, along with the basic authentication information, when making a request for user authentication, and the software management module installs or updates corresponding software when installation and update of particular software is requested by the authentication server.
- a software management module for storing and managing registration information about particular software installed in the user terminal
- the authentication supplicant module transmits the registration information about particular software, which is installed in the software management module, to the authentication server, along with the basic authentication information, when making a request for user authentication, and the software management module installs or updates corresponding software when installation and update of particular software is requested by the authentication server.
- the present invention modifies authorization policies, which will be applied to VoIP client modules, VPN client modules and personal firewall modules installed in user terminals, while performing an authentication procedure for allowing users to gain access to a network, so that the authentication and authorization of user terminals that try to gain access to the network can be performed for respective users in various ways, with the result that it is possible to dynamically limit network access privileges for respective users regardless of the infrastructure of a network. Furthermore, the present invention determines whether virus vaccine programs, Operating System (O/S) patch programs and other specific software have been installed in user terminals or whether programs installed in the user terminals have been updated, at the time of user authentication, and can limit the network access privileges of the user terminals in various ways according to the determination results.
- O/S Operating System
- the conventional 802.1x-based supplicant is simply composed of an EAPoL Packet Processor and a supplicant PAE state machine, whereas the integrated network management system of the present invention can additionally perform functions of user authentication, network management, user privilege management and security.
- FIG. 1 is a configuration diagram illustrating a typical 802.1x-based authentication system on a network
- FIG. 2 is a flowchart showing the operational sequence of the authentication system of FIG. 1
- FIG. 3 is a configuration diagram showing a complete integrated network management system according to a first embodiment of the present invention
- FIG. 4 is a flowchart showing the operational sequence of the system of FIG. 3
- FIG. 5 is a configuration diagram showing a complete integrated network management system according to a second embodiment of the present invention
- FIG. 6 is a flowchart showing the operational sequence of the system of FIG. 5
- FIG. 7 is a configuration diagram showing a complete integrated network management system according to a third embodiment of the present invention.
- FIG. 3 is a configuration diagram showing a complete integrated network management system according to a first embodiment of the present invention.
- the construction and operation of the wireless integrated network management system according to the present embodiment are described below with reference to FIGS. 3 and 4.
- the system according to the present embodiment includes an authentication server 300, a security management server 310, a network end terminal 320 and a user terminal 330.
- the network end terminal 320 is a terminal located at the end of the network, and it may be an Access Point (AP) , a switch, a router or the like.
- AP Access Point
- the user terminal 330 can gain access to the authentication server or the network through the end terminal.
- an access program 340 for performing functions of user authentication request and network access is installed in the user terminal 330 that serves as a supplicant.
- the access program 340 according to the present embodiment includes a VoIP client module 350, a VPN client module 352, a personal firewall module 354, an authentication supplicant module 356 and a security management module 358.
- the basic construction and functions of the VoIP client module 350, the VPN client module 352 and the personal firewall module 354 are the same as those of the conventional ones.
- authorization policy refers to conditions or references that are set to determine whether to permit access by users, who request access to a network or specific equipment, to the network or corresponding equipment.
- the authorization policy includes information corresponding to conditions that are previously set for respective users .
- the end terminal 320 serving as an authenticator transmits a user authentication request signal to the authentication server at the request of the access program of the user terminal 330, or transmits a signal, which is received from the authentication server, to the user terminal.
- the authentication server 300 operates in conjunction with the security management server 310 and performs a user authentication procedure at the request of the authenticator.
- the security management server 310 has at least one of an authorization policy for a VoIP client module, an authorization policy for an IPSec-based VPN client module and a security policy for a dynamically controlled personal firewall module, which will be applied for each registered user.
- the authentication server 300 and the security management server 310 are servers for performing logically different functions, but can be implemented using the same physical system.
- the operational sequence of the authentication supplicant module 356 of the access program 340 is described with reference to FIG. 4 below.
- the authentication supplicant module gains access to the authenticator, transmits basic user authentication information, which is received from the user, to the authenticator, and makes a request for user authentication, at step 400.
- the basic authentication information includes the identification (ID) information and password of the user.
- the contents of the basic authentication information may vary according to the network or communication protocol.
- the authenticator transmits the basic authentication information to the authentication server and makes a request for user authentication at step 410.
- the authenticator receives an authentication result message from the authentication server and transfers the message to the user terminal at step 420.
- the authentication server requests an authorization policy for a VoIP client module, an authorization policy for an IPSec-based VPN client module and a security policy for a dynamically controlled personal firewall module, which will be applied to a corresponding user, from the security management server at step 430.
- the security management server transmits corresponding information to the authentication server at the request of the authentication server at step 440.
- the authentication server transfers the received information to the user terminal via the authenticator at step 450.
- the security management module 358 modifies authorization policies for corresponding modules within the user terminal, that is, the VoIP client module, the VPN module and the personal firewall module, using the information received from the authentication server through the authentication supplicant module at step 460.
- the user terminal who tries to gain access to the network is authenticated by the authentication server and, at the same time, authorization policies for the corresponding modules of the user terminal are modified according to authorization policies (for example, authorization policies for the VoIP client module, the IPSec-based VPN client module and the dynamically controlled personal firewall module) that are set in the authentication server and the security management server for each user.
- the corresponding modules of the user terminal operate according to the modified authorization policies.
- the security management server can previously set the authorization policies for the VoIP client module, the authorization policies for the IPSec-based VPN client module, and the security policies for the dynamically controlled personal firewall module that will be applied for respective users.
- the authentication server receives authorization policies, which will be applied to a corresponding user, from the security management server, retransmits the authorization policies to the user terminal and allows corresponding modules to be modified. Finally, the user terminal operates according to the authorization policies set in the security management server.
- a switch or an access point of a network does not support dynamic VLAN or other authorization policies, authentication and authorization for a user terminal that has gained access to a network can be performed.
- a network system does not support VLAN, Routing and Access Control List (ACL)
- ACL Routing and Access Control List
- traffic blocking and firewall rule set can be dynamically applied on a user basis. Therefore, according to the present invention, practical authentication and authorization on a network are made possible.
- FIG. 5 is a configuration diagram showing the entire integrated network management system according to a second embodiment of the present invention.
- the system according to the present embodiment includes an authentication server 500, a security management server 510, a network end terminal 520 and a user terminal 530.
- An access program 540 for executing functions of user authentication request and network access is installed in the user terminal 530.
- the access program 540 includes a software management module 550 and an authentication supplicant module 556.
- the end terminal 520 serving as an authenticator is the same as that of the first embodiment. Accordingly, descriptions thereof are omitted here.
- the authentication server 500 operates in conjunction with the security management server 510, and performs a user authentication procedure at the request of the authenticator.
- the security management server 510 according to the present embodiment has a database that stores lists of particular software set for respective users and registration information about respective pieces of software.
- the security management server also operates in conjunction with management servers 560, 562 and 564 managing respective pieces of software registered in the lists, stores and manages the newest registration information about corresponding software in the database, and transmits the corresponding information to the authentication server 500 at the request of the authentication server.
- Software managed according to the present embodiment can include virus vaccine programs, 0/S patch programs, other security-related programs and the like.
- Servers for managing and operating these programs are the vaccine server 560, the O/S patch server 562, the PC security server 564 and the like.
- the type of software managed in the security management server can vary according to the system administrator or the requirements of the system.
- FIG. 6 the operational sequence of the authentication supplicant module 356 of the access program according to the present embodiment is described below.
- the authentication supplicant module gains access to the authenticator, transmits basic authentication information (for example, an ID and a PW) , which is input by the user, to the authenticator, makes a request for user authentication, requests registration information about particular software, which is installed in the user terminal, from the program management module, and transmits information, which is received from the program management -module in response to the request, to the authenticator at step 600.
- the authenticator transmits the basic user authentication information and registration information about specific software to the authentication server and makes a request for user authentication at step 610. Meanwhile, the authentication server performs a user authentication procedure using the received basic user authentication information at steps 620 and 630.
- the authentication server requests registration information about specific software from the security management server, receives the registration information from the security management server, and compares the registration information received from the security management server with the registration information received from the user terminal. If the registration information received from the user terminal and the registration information received from the security management server are identical to each other, the authentication server transmits an authentication success message to the user terminal so that the user terminal is granted the privilege to gain access to the network at step 640. Meanwhile, if the registration information received from the user terminal and the registration information received from the security management server are not identical to each other, the authentication server permits the user terminal to gain access to the management server through appropriate software, and allows the user terminal to install or update corresponding software from the management server at step 650.
- FIG. 7 is a configuration diagram showing a complete integrated network management system according to a third embodiment of the present invention.
- the system according to the present embodiment includes an authentication server 700, a security management server 710, a network end terminal 720 and a user terminal.
- An access program 740 for performing functions of user authentication request and network access is installed in the user terminal, and the access program 740 includes a VoIP client module 750, a VPN client module 752, a personal firewall module 754, an authentication supplicant module 756, a security management module 758 and a software management module 759.
- the operation and functions of the components constituting the system according to the present embodiment are the same as those of the first and second embodiments. Redundant descriptions thereof are omitted here.
- the component elements such as the types of software set in the security management server, basic user authentication information and the types of modules included in the access program, may be modified in various ways in order to improve the design or efficiency of the system.
- differences relating to the modifications and the applications fall within the scope of the present invention defined in the accompanying clams.
- the present invention modifies authorization policies, which will be applied to VoIP client modules, VPN client modules and personal firewall modules installed in user terminals, while performing an authentication procedure for allowing users to gain access to a network, so that authentication and authorization for user terminals that try to gain access to the network can be performed for respective users in various ways, with the result that it is possible to dynamically limit network access privileges for respective users regardless of the infrastructure of a network.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020040047424A KR20050122343A (ko) | 2004-06-24 | 2004-06-24 | 네트워크 통합 관리 시스템 |
KR10-2004-0047424 | 2004-06-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006001647A1 true WO2006001647A1 (fr) | 2006-01-05 |
Family
ID=35782024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2005/001959 WO2006001647A1 (fr) | 2004-06-24 | 2005-06-23 | Systeme de gestion de reseau integree |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR20050122343A (fr) |
WO (1) | WO2006001647A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008045618A1 (fr) * | 2006-10-06 | 2008-04-17 | Sbc Knowledge Ventures, L.P. | Procédés et appareils pour installer des dispositifs à protocole de voix sur internet (voip) |
WO2008070330A2 (fr) * | 2006-10-26 | 2008-06-12 | Cisco Technology, Inc. | Appareil et procédés permettant d'authentifier la voix et des dispositifs de données sur le même port |
CN102387052A (zh) * | 2010-09-06 | 2012-03-21 | 中商商业发展规划院有限公司 | 农村流通管理服务平台集成系统与方法 |
CN110011834A (zh) * | 2019-03-11 | 2019-07-12 | 烽火通信科技股份有限公司 | 一种管控融合型电信网络管理方法及系统 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100863461B1 (ko) * | 2006-12-11 | 2008-10-16 | 소프트캠프(주) | 데이터 보안을 위한 네트워크 내 결재시스템 |
KR100914676B1 (ko) * | 2007-09-04 | 2009-09-02 | 유넷시스템주식회사 | IEEE 802.1x 기반의 네트워크 보안시스템 및 네트워크보안방법 |
KR101432721B1 (ko) * | 2013-08-21 | 2014-08-21 | 주식회사 엑스엔시스템즈 | 용도별 가상환경을 제공하는 컴퓨팅 장치 및 그 제공방법 |
KR101670496B1 (ko) * | 2014-08-27 | 2016-10-28 | 주식회사 파수닷컴 | 데이터 관리 방법, 이를 위한 컴퓨터 프로그램, 그 기록매체, 데이터 관리 방법을 실행하는 사용자 클라이언트 |
CN114362983A (zh) * | 2020-10-12 | 2022-04-15 | 中国移动通信集团江西有限公司 | 一种防火墙策略管理方法、装置、计算机设备和存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004001985A2 (fr) * | 2002-06-20 | 2003-12-31 | Qualcomm, Incorporated | Authentification dans un systeme de communication |
US20040078597A1 (en) * | 2002-10-21 | 2004-04-22 | Microsoft Corporation | Automatic client authentication for a wireless network protected by PEAP, EAP-TLS, or other extensible authentication protocols |
US20040162105A1 (en) * | 2003-02-14 | 2004-08-19 | Reddy Ramgopal (Paul) K. | Enhanced general packet radio service (GPRS) mobility management |
WO2004077750A1 (fr) * | 2003-02-26 | 2004-09-10 | Cisco Technology, Inc. | Re-authentification rapide a l'aide d'authentifiants dynamiques |
WO2004077742A1 (fr) * | 2003-02-28 | 2004-09-10 | Siemens Aktiengesellschaft | Procede pour la transmission de donnees dans un reseau local sans fil |
-
2004
- 2004-06-24 KR KR1020040047424A patent/KR20050122343A/ko not_active Application Discontinuation
-
2005
- 2005-06-23 WO PCT/KR2005/001959 patent/WO2006001647A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004001985A2 (fr) * | 2002-06-20 | 2003-12-31 | Qualcomm, Incorporated | Authentification dans un systeme de communication |
US20040078597A1 (en) * | 2002-10-21 | 2004-04-22 | Microsoft Corporation | Automatic client authentication for a wireless network protected by PEAP, EAP-TLS, or other extensible authentication protocols |
US20040162105A1 (en) * | 2003-02-14 | 2004-08-19 | Reddy Ramgopal (Paul) K. | Enhanced general packet radio service (GPRS) mobility management |
WO2004077750A1 (fr) * | 2003-02-26 | 2004-09-10 | Cisco Technology, Inc. | Re-authentification rapide a l'aide d'authentifiants dynamiques |
WO2004077742A1 (fr) * | 2003-02-28 | 2004-09-10 | Siemens Aktiengesellschaft | Procede pour la transmission de donnees dans un reseau local sans fil |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008045618A1 (fr) * | 2006-10-06 | 2008-04-17 | Sbc Knowledge Ventures, L.P. | Procédés et appareils pour installer des dispositifs à protocole de voix sur internet (voip) |
US9521210B2 (en) | 2006-10-06 | 2016-12-13 | At&T Intellectual Property I, L.P. | Methods and apparatus to install voice over internet protocol (VoIP) devices |
WO2008070330A2 (fr) * | 2006-10-26 | 2008-06-12 | Cisco Technology, Inc. | Appareil et procédés permettant d'authentifier la voix et des dispositifs de données sur le même port |
WO2008070330A3 (fr) * | 2006-10-26 | 2009-01-15 | Cisco Tech Inc | Appareil et procédés permettant d'authentifier la voix et des dispositifs de données sur le même port |
US8104072B2 (en) | 2006-10-26 | 2012-01-24 | Cisco Technology, Inc. | Apparatus and methods for authenticating voice and data devices on the same port |
CN101518023B (zh) * | 2006-10-26 | 2013-03-06 | 思科技术公司 | 用于对同一端口的语音和数字设备进行认证的设备和方法 |
CN102387052A (zh) * | 2010-09-06 | 2012-03-21 | 中商商业发展规划院有限公司 | 农村流通管理服务平台集成系统与方法 |
CN102387052B (zh) * | 2010-09-06 | 2013-09-25 | 中商商业发展规划院有限公司 | 农村流通管理服务平台集成系统与方法 |
CN110011834A (zh) * | 2019-03-11 | 2019-07-12 | 烽火通信科技股份有限公司 | 一种管控融合型电信网络管理方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
KR20050122343A (ko) | 2005-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7082535B1 (en) | System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol | |
US8555348B2 (en) | Hierarchical trust based posture reporting and policy enforcement | |
US7526792B2 (en) | Integration of policy compliance enforcement and device authentication | |
US10764264B2 (en) | Technique for authenticating network users | |
US7886335B1 (en) | Reconciliation of multiple sets of network access control policies | |
US8375430B2 (en) | Roaming secure authenticated network access method and apparatus | |
US8359464B2 (en) | Quarantine method and system | |
US7194763B2 (en) | Method and apparatus for determining authentication capabilities | |
US7533407B2 (en) | System and methods for providing network quarantine | |
US7788705B2 (en) | Fine grained access control for wireless networks | |
US20050132229A1 (en) | Virtual private network based on root-trust module computing platforms | |
WO2006001647A1 (fr) | Systeme de gestion de reseau integree | |
US20180198786A1 (en) | Associating layer 2 and layer 3 sessions for access control | |
KR100714367B1 (ko) | 인증 서버와 연동되는 네트워크 보안 시스템 및 그 방법 | |
US9021253B2 (en) | Quarantine method and system | |
US20230006988A1 (en) | Method for selectively executing a container, and network arrangement | |
KR20060044494A (ko) | 인증 서버와 연동되는 네트워크 관리 시스템 및 네트워크관리 서버 | |
Cisco | Switch Access: Using Authentication, Authorization, and Accounting | |
Cisco | Configuring Switch Access Using AAA | |
Cisco | Switch Access: Using Authentication, Authorization, and Accounting | |
Cisco | Switch Access: Using Authentication, Authorization, and Accounting | |
Cisco | Configuring Switch Access Using AAA | |
Cisco | Configuring Switch Access Using AAA | |
Cisco | Configuring Switch Access Using AAA | |
Cisco | Configuring Switch Access Using AAA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPEN | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC OPF 230407 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05765835 Country of ref document: EP Kind code of ref document: A1 |