WO2006068108A1 - ゲートウェイ、ネットワークシステム及びWebサーバへのアクセス制御方法 - Google Patents
ゲートウェイ、ネットワークシステム及びWebサーバへのアクセス制御方法 Download PDFInfo
- Publication number
- WO2006068108A1 WO2006068108A1 PCT/JP2005/023314 JP2005023314W WO2006068108A1 WO 2006068108 A1 WO2006068108 A1 WO 2006068108A1 JP 2005023314 W JP2005023314 W JP 2005023314W WO 2006068108 A1 WO2006068108 A1 WO 2006068108A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- dedicated
- terminal
- address
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Definitions
- the present invention relates to a gateway, a network system and a method of controlling access to a server, which are preferably used to control access to a web server from a terminal having a web browser, for example.
- access control to a web server is mainly based on a method of setting an account for each user, setting an authority for each account, and controlling access according to the authority (for example, a patent). Reference 1).
- Such access control is realized by providing the application program in the Web server with a function to perform access control according to the user authority.
- a terminal serving as a Web client for example, a personal computer equipped with a Web browser
- a terminal 12 in the private network 10 is connected to an IP (Internet Protocol) public network 30 via a gateway 11, and dedicated web servers 21-1 and 21-2 in a private network 20 are IP via a gateway 22.
- IP Internet Protocol
- dedicated Web server 21-1 or 21-2 When accessing dedicated Web server 21-1 or 21-2 from terminal 12 of private network 10, first, the user accesses the web browser of terminal 12 with the domain name of dedicated Web server 21-1 or 21-2. input. That is, when accessing a web server on the Internet, it is necessary to specify and access the IP address of the web server.
- the IP address is a sequence of numbers and is difficult for humans to understand. Easy to understand New domain names are commonly used.
- the domain name is managed by a DNS (Domain Name System) server 32 in association with the IP address of the server device.
- DNS Domain Name System
- the web browser When the user inputs a domain name into the web browser of the terminal 12, the web browser sends a DNS server (IP address: yyy.yyy.yyy.aaa) 32 preset in the terminal 12 to that domain. Ask for the IP address that corresponds to the domain name, and match it (this is called DNS resolution below).
- DNS server 32 that has received the DNS resolution searches the corresponding IP address by recursive search, and that IP address (for example, xxx.xxx.xxx.2) is used as the webb of the access source terminal 12 Send it back to the browser.
- the Web browser of the terminal 12 that has received this sends a Web page display request to the server device of the IP address (xxx.xxx.xxx.2) (in this case, the dedicated Web server 21-1).
- the dedicated Web server 21-1 notifies the terminal 12 that authentication is required. Specifically, a display prompting the user to enter a user identification number (user ID) and a password is displayed on the web browser of the terminal 12. When the user enters a user ID and password, the entered information is sent to the dedicated Web server 21-1.
- the dedicated Web server 21-1 has access privileges set in association with the user ID and password, and determines whether the user ID and password sent from the terminal 12 can be accessed or not. In the 'permit access' to determine 'not authorized'. Only when the user is permitted to access the dedicated Web server 21-1, the content is transmitted to the terminal 12 and the content is displayed on the Web browser of the terminal 12.
- Patent Document 1 Japanese Patent Application Laid-Open No. 11-161602
- the setting is complicated because the access authority of the user is set for each web server.
- authentication of the user is performed to determine whether access to the Web server is permitted or not, which leads to a problem that access control becomes complicated.
- the object of the present invention is to eliminate the need for complicated settings such as user access authority to each server (for example, Web server), and to use each time each server (for example, Web server) is accessed.
- the present invention is to provide a gateway, network system and access control method to a server that realizes easy access control without requiring authentication.
- a dedicated DNS server for managing domain names in a dedicated network When a dedicated DNS server for managing domain names in a dedicated network is arranged, and an IP address is set to a terminal by a gateway arranged between the dedicated DNS server and the terminal, the authentication server By setting the address of the dedicated DNS server only for the authenticated terminal according to whether the authentication is possible or not, DNS resolution of the authenticated terminal is performed by the dedicated DNS server.
- the terminal authenticated by the authentication server can access the dedicated server by notifying the dedicated DNS server address according to whether the terminal is authenticated or not.
- a server for example, Web server
- complicated settings such as user access authority for each server (for example, Web server).
- FIG. 1 is a block diagram showing a conventional network configuration.
- FIG. 2 A block diagram showing a network configuration according to Embodiment 1 of the present invention
- Fig. 3A is a diagram showing an example of a domain name and an IP address managed by a dedicated DNS server
- Fig. 3B is a diagram showing an example of a domain name and an IP address managed by a DNS server.
- FIG. 4 A block diagram showing a schematic configuration of the private network side gateway of FIG.
- FIG. 5 A sequence diagram for explaining how to set the DNS server address of the terminal in the gateway on the private network side of FIG.
- FIG. 6 A diagram showing an example of a terminal management table managed by the terminal management unit of the private network side gateway of FIG.
- FIG. 7 A diagram showing an example of a format of a DHCP message broadcasted by the terminal shown in Fig. 2 when acquiring an IP address.
- FIG. 8 A flowchart for explaining the address setting process performed by the address setting unit of the private network side gateway in FIG.
- FIG. 9 A block diagram showing a network configuration according to Embodiment 2 of the present invention
- Figure 10A shows an example of the domain name and IP address managed by a dedicated DNS server.
- FIG. 10B shows an example of a domain name and an IP address managed by a DNS server.
- FIG. 2 is a block diagram showing a network configuration according to Embodiment 1 of the present invention.
- the network configuration of this embodiment comprises a private network 10, an IP public network 30, and a dedicated network 50.
- the private network 10 comprises a gateway 40 and a terminal 12 which is a plurality of Web clients.
- the dedicated network 50 includes dedicated Web servers 51 1 and 51-2 which hold pay sites or dedicated sites, dedicated DNS servers 52 which manage domain names of dedicated Web servers 5 1-1 and 51-2, and terminals 12.
- An authentication server 53 for authentication and a gateway 22 are provided.
- web servers 31-1 and 31-2 and a DNS server 32 for managing the domain name exist.
- the DNS server 32 manages domain names of the Web servers 31-1 and 31-2 in association with their IP addresses.
- the dedicated DNS server 52 also manages the domain names of the dedicated Web servers 51-1 and 51-2 and their IP addresses in association with each other, as shown in FIG. 3A.
- Terminal 12 authenticated by authentication server 53 in dedicated network 50 is set as dedicated DNS server 52 as a DNS server, and terminal 12 not authenticated is configured as DNS server 32 in public network 30 as a DNS server. Ru.
- FIG. 4 is a functional block diagram of the gateway 40.
- the gateway 40 includes a private network interface unit 401, a public network interface unit 402, a user authentication processing unit 403, a Dynamic Host Configuration Protocol 1 (DHCP) processing unit 404, and an address setting unit 405.
- Terminal management unit 406 and a transport layer protocol such as TCP (Transmission Protocol) or UDP (User Datagram Protocol).
- a transport processing unit 407 that performs processing and a transmission and reception processing unit 408 that performs transmission and reception processing are configured.
- the user authentication processing unit 403 processes an authentication frame from a user used in IEEE 802. Ix authentication and an authentication frame from the authentication server 53.
- each terminal 12 holds information on whether the terminal 12 has succeeded or failed in authentication, and notifies the terminal management unit 406 of this information.
- IEEE 802. Ix authentication is performed between the terminal 12 and the authentication server 53 at the start of communication using EAP (Extensible Authentication Protocol) specified in RFC 2284.
- EAP Extensible Authentication Protocol
- EAP-MD5 performs only user-side authentication with password
- EAP-TLS performs mutual authentication with electronic certificate between authentication server and client, authentication server with electronic certificate, client with ID / password
- EAP-PEAP / EAP-TTLS etc. that perform mutual authentication.
- IEEE802. Ix was standardized as a wired LAN specification, it is currently mainly used as a wireless LAN authentication specification.
- the DHCP processing unit 404 processes the DHCP message received from the terminal 12, and also sets the IP address, subnet mask, DNS server address, IP address validity period, default gateway address, etc. set by the address setting unit 405. , Notify terminal 12 using a DHCP message.
- the address setting unit 405 selects an IP address to be set in the terminal 12 and a DNS server address based on the authentication availability information of the terminal 12 and notifies the DHCP processing unit 404. Information such as the address range that can be assigned, the subnet mask, the address of the DNS server, etc. is set in the address setting unit 405 when the gateway is started.
- the terminal management unit 406 manages the MAC (Media Access Control Address) address and IP address of the terminal 12 and the authentication availability information in the terminal management table shown in FIG.
- IEEE 802. Ix authentication processing is performed between the terminal 12 and the gateway 40 and between the gateway 40 and the authentication server 53 ((1) in FIG. 5).
- the user authentication processing unit 403 notifies the terminal management unit 406 of the IEEE 802. Ix authentication availability and MAC address of the terminal 12 ((2) in FIG. 5).
- the terminal management unit 406 registers the MAC address and the authentication availability information in the terminal management table shown in FIG. Thereafter, in order to obtain an IP address, the terminal 12 broadcasts a packet (DHCPDISCOVER) for confirming whether a DHCP (Dynic Host Configuration Protocol) server exists on the network ((3) in FIG. 5). .
- DHCPDISCOVER a packet for confirming whether a DHCP (Dynic Host Configuration Protocol) server exists on the network
- FIG. 7 shows the format of a DHCP message.
- DHCPDISCOVER set 0.0.0.0 for the client IP address, 0.0.0.0 for the server IP address, and the MAC address of the terminal 12 for the client MAC address.
- the gateway 40 which is a DHCP server
- receives the DHCPD ISCOVER packet the DHCP processing unit 404 extracts the MAC address information in the DHCP message, and the address setting unit 405 makes an address setting request including the MAC address as an information element.
- Send The address setting unit 405 that has received the address setting request performs an address setting process, and notifies the DHCP processing unit 404 of the set IP address and DNS server address by an address setting response ((4) in FIG. 5).
- the address setting unit 405 refers to the terminal management table of the terminal management unit 406, and acquires authentication availability information of the corresponding MAC address (step S700). After that, the candidate of the IP address to be assigned to the terminal 12 is selected from the range of assignable IP addresses (step S701)
- step S 702 authentication availability of the terminal 12 is determined (step S 702). If the terminal 12 is authenticated, the IP address of the dedicated DNS server 52 in the dedicated network 50 is determined. Is selected as the DNS server address to be set in the terminal 12 (step S703), and if the terminal 12 is not authenticated, the IP address of the DNS server 32 in the IP public network 30 is selected (step S704). ) ((4) in Figure 5).
- the DHCP processing unit 404 sets the candidate of the IP address of the client, the IP address of the gateway 40, etc. in DHCPOFFER which is the response message of DHCPDISC based on the address setting response, and the option area Set the IP address of the selected DNS server, subnet mask, default gateway address, IP address lease period, and so on.
- Gateway 40 blows DHCPOFFER set information Docast.
- the terminal 12 receiving the DHCPOFFER broadcasts DHCPREQUEST and requests an IP address.
- the gateway 40 confirms that the other terminal 12 uses the requested IP address, and then uses it, and broadcasts it in the case of D HCPACK (see FIG. 5). (Five)).
- D HCPACK see FIG. 5
- the terminal 12 When the terminal 12 receives DHCPACK, the terminal 12 sets the IP address specified by DHCPACK, and when DHCPNACK is received, the terminal 12 transmits DHCPDISCOVER again to acquire an IP address.
- the DHCP processing unit 404 When the DHCPACK is broadcast-casted, the DHCP processing unit 404 notifies the terminal management unit 406 of the set IP address and registers it in the terminal management table ((6) in FIG. 5).
- the gateway 40 manages a terminal management unit 406 that manages authentication availability information indicating whether the terminal 12 has been authenticated by the authentication server 53, and the authentication server 53.
- the address of the dedicated DNS server 52 that manages the domain name of the dedicated web server 51-1 or 51-2 that can access only the authenticated terminal, or the web that can be accessed by the terminal 52 that has not been authenticated by the authentication server 53
- the address setting unit 405 selects one of the addresses of the DNS server 32 that manages the domain names of the servers 31-1 and 31-2 according to the authentication information and sets it as the DNS server address of the terminal 12. , And automatically set the DNS server (32 or 52) used by the terminal 12 for DNS resolution according to whether the terminal 12 authenticates.
- the authenticated terminal 12 uses the dedicated DNS server 52 to acquire the IP address of the dedicated web server 51-1 and 51-2 of the dedicated web server 51-1 and 51-2. Since the terminal 12 that can not be authenticated does not use the dedicated DNS server 52, the dedicated web server 51-1 and 51-2 domain name is also dedicated We b server 51-1 and 51-2 IP I can not get an address. Therefore, the terminal 12 which has not been authenticated can not access the dedicated Web server 51-1, 51-2 in the dedicated network 50.
- FIG. 9 is a block diagram showing a network configuration according to Embodiment 2 of the present invention.
- the private network 10 is composed of a gateway 40 and a plurality of terminals 12.
- the dedicated network 60 includes a dedicated web server 51 accessible only by authenticated users, a dedicated DNS server 52 managing the domain name of the dedicated web server 51, and a web server 31 accessible by unauthenticated users. It comprises a DNS server 32 that manages the domain name of the Web server 31, an authentication server 53, and a gateway 22.
- the dedicated DNS server 52 manages the domain name of the dedicated Web server 51 in association with its IP address
- the DNS server 32 manages the Web server 31. Domain names and their IP addresses are associated and managed.
- the inquiry of the IP address from the DNS server 32 to the dedicated DNS server 52 is prohibited.
- the terminal 12 authenticated by the authentication server 53 is set as the dedicated DNS server 52 as a DNS server, while the terminal 12 not authenticated is set as the DNS server 32 as a DNS server.
- the DNS server address is set using DHCP as in the first embodiment described above, and based on authentication!
- the functional block diagram of the gateway 40 is also the same as that of the first embodiment.
- the DNS server 32 and the web server 31 according to the present embodiment may be disposed in the IP public network 30 outside the dedicated network 60 as in the first embodiment.
- the terminal 12 that has not been authenticated can not access the dedicated Web server 51, as in the first embodiment described above.
- the terminal 12 that has not been authenticated can not access the dedicated Web server 51, as in the first embodiment described above.
- different IP addresses with the same domain name are registered in DNS server 32 and dedicated DNS server 52, authentication of terminal 12 is possible when terminal 12 of authorized or not authenticated accesses by the same domain name. It is preferable because it can enable browsing of content according to In this case, as a matter of course, it goes without saying that the content of the content differs depending on whether it is authenticated or not. As a result, it is possible to browse contents of different quality according to the authentication of the terminal with one domain name.
- the dedicated DNS server 52 is installed in the dedicated networks 50 and 60. Since the dedicated web server 51-1, 51-2, 51 domain name can be managed, it is not always necessary to place the dedicated network 50, 60 in the dedicated DNS server 52, for example, the IP public network 30. May be placed inside.
- the authentication of the power terminal 12 described with the layer 2 authentication as an example may be performed before the address autoconfiguration by DHCP, so layer 2 authentication is not necessarily required. It does not have to be.
- a server to be accessed after performing DNS resolution the Web server is described as an example, and a server that is accessed after performing DNS resolution is not necessarily a Web server. It is not limited to.
- two or more dedicated DNS servers and two or more DNS servers are provided, as described for the case where one dedicated DNS server 52 and one DNS server 32 are provided. Even if it is applicable.
- One aspect of the gateway of the present invention is a terminal management means for managing authentication availability information indicating whether or not the terminal has been authenticated by the authentication server, and a dedicated terminal in which only the terminal authenticated by the authentication server can be accessed. Authenticates either the address of a dedicated DNS server that manages the domain name of the server or the address of a DNS server that manages the domain name of a server that can be accessed by a terminal that has not been authenticated by the authentication server An address setting unit is provided which is selected according to the permission information and set as a DNS server address of the terminal.
- the address setting means sets the address of the dedicated DNS server to the terminal authenticated by the authentication server, while the terminal not authenticated by the authentication server sets the DNS.
- Adopt a configuration to set the server address.
- One aspect of the network system of the present invention is provided in a dedicated network in which there is a dedicated server holding a pay site or a dedicated site, and the domain name of the dedicated server provided in the dedicated network is A dedicated DNS server that is managed, an authentication server that performs authentication when accessing a dedicated server for the terminal, and a dedicated DNS server that is provided between the dedicated network and the terminal and that is authenticated by the authentication server. And a gateway configured to set the address of the terminal as the DNS server address of the terminal.
- the authentication server authenticates the access to the dedicated server of the terminal, and the domain name of the dedicated server is transmitted only to the authenticated terminal.
- the dedicated DNS server obtains the address for accessing the dedicated server and accesses the dedicated server To include the following steps:
- the dedicated DNS server or DNS server is selectively set as the DNS server address of the terminal according to whether the terminal is authenticated or not. Therefore, only the terminal authenticated by the authentication server is used.
- the dedicated DNS server can obtain an IP address for accessing a dedicated server in the dedicated network, and access to the dedicated server becomes possible. As a result, it becomes unnecessary to perform complicated settings such as user access authority for each dedicated server, and easy access control can be realized. Since it is possible to obtain an IP address for accessing a dedicated server using a dedicated DNS server, it is possible to realize easy access control without requiring user authentication every time each dedicated server is accessed. .
- the present invention is suitably applied to an application for controlling access to a web server from a terminal having a web browser.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/722,161 US20080134315A1 (en) | 2004-12-21 | 2005-12-20 | Gateway, Network Configuration, And Method For Conrtolling Access To Web Server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-369693 | 2004-12-21 | ||
JP2004369693A JP2006180095A (ja) | 2004-12-21 | 2004-12-21 | ゲートウェイ及びWebサーバのアクセス制御方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006068108A1 true WO2006068108A1 (ja) | 2006-06-29 |
Family
ID=36601708
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/023314 WO2006068108A1 (ja) | 2004-12-21 | 2005-12-20 | ゲートウェイ、ネットワークシステム及びWebサーバへのアクセス制御方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20080134315A1 (ja) |
JP (1) | JP2006180095A (ja) |
CN (1) | CN101084657A (ja) |
WO (1) | WO2006068108A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008160384A (ja) * | 2006-12-22 | 2008-07-10 | Nec Infrontia Corp | 無線lan端末、その電子証明書更新方法及びプログラム、並びに無線lanシステム |
CN101267304B (zh) * | 2007-03-13 | 2010-09-08 | 华为技术有限公司 | 一种上网权限控制方法、装置及系统 |
CN112422429A (zh) * | 2020-11-18 | 2021-02-26 | 贝壳技术有限公司 | 数据请求处理方法、装置及计算机可读存储介质 |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101341720B1 (ko) * | 2007-05-21 | 2013-12-16 | 삼성전자주식회사 | 이동통신 시스템에서 프록시 이동 인터넷 프로토콜을 이용한 단말의 이동성 관리 방법 및 시스템과 이를 위한 단말의 홈 주소 할당 방법 |
US8910234B2 (en) * | 2007-08-21 | 2014-12-09 | Schneider Electric It Corporation | System and method for enforcing network device provisioning policy |
JP2009111688A (ja) * | 2007-10-30 | 2009-05-21 | Kyocera Corp | 通信機器および通信経路切替方法 |
US8953486B2 (en) * | 2007-11-09 | 2015-02-10 | Cisco Technology, Inc. | Global auto-configuration of network devices connected to multipoint virtual connections |
US8667095B2 (en) * | 2007-11-09 | 2014-03-04 | Cisco Technology, Inc. | Local auto-configuration of network devices connected to multipoint virtual connections |
JP4891268B2 (ja) * | 2008-01-15 | 2012-03-07 | キヤノン株式会社 | 通信装置、制御方法、プログラム、記憶媒体 |
JP4962451B2 (ja) * | 2008-09-01 | 2012-06-27 | 日本電気株式会社 | 負荷分散方法およびdhcpサーバ装置 |
US9386105B2 (en) * | 2011-11-02 | 2016-07-05 | Microsoft Technology Licensing, Llc | Techniques for dynamic domain-based isolation |
CN102497378B (zh) * | 2011-12-15 | 2015-03-18 | 杭州华三通信技术有限公司 | 为客户端动态选择dhcp服务器的方法和装置 |
CN103634314B (zh) * | 2013-11-28 | 2017-06-16 | 新华三技术有限公司 | 一种基于虚拟路由器vsr的服务访问控制方法及设备 |
FR3074386A1 (fr) * | 2017-11-30 | 2019-05-31 | Orange | Gestion de l'acces a un serveur de contenus via a une passerelle |
CN112153168B (zh) * | 2020-08-14 | 2023-03-10 | 深圳市广和通无线股份有限公司 | 网络访问方法、装置、计算机设备和存储介质 |
CN114401129B (zh) * | 2022-01-04 | 2024-02-13 | 烽火通信科技股份有限公司 | 上网行为控制方法、dns服务器、家庭网关及存储介质 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004320631A (ja) * | 2003-04-18 | 2004-11-11 | Nec Corp | ネットワークを中継した2点間の通信システム |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7673049B2 (en) * | 2004-04-19 | 2010-03-02 | Brian Dinello | Network security system |
JP2006013827A (ja) * | 2004-06-25 | 2006-01-12 | Hitachi Communication Technologies Ltd | パケット転送装置 |
US7600011B1 (en) * | 2004-11-04 | 2009-10-06 | Sprint Spectrum L.P. | Use of a domain name server to direct web communications to an intermediation platform |
-
2004
- 2004-12-21 JP JP2004369693A patent/JP2006180095A/ja active Pending
-
2005
- 2005-12-20 CN CNA200580043947XA patent/CN101084657A/zh not_active Withdrawn
- 2005-12-20 US US11/722,161 patent/US20080134315A1/en not_active Abandoned
- 2005-12-20 WO PCT/JP2005/023314 patent/WO2006068108A1/ja active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004320631A (ja) * | 2003-04-18 | 2004-11-11 | Nec Corp | ネットワークを中継した2点間の通信システム |
Non-Patent Citations (1)
Title |
---|
ASO K.: "IP de Yomigaeru Kigyokan Torihiki Net", NIKKEI COMMUNICATIONS, no. 322, 17 July 2000 (2000-07-17), pages 98 - 103, XP003000413 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008160384A (ja) * | 2006-12-22 | 2008-07-10 | Nec Infrontia Corp | 無線lan端末、その電子証明書更新方法及びプログラム、並びに無線lanシステム |
CN101267304B (zh) * | 2007-03-13 | 2010-09-08 | 华为技术有限公司 | 一种上网权限控制方法、装置及系统 |
CN112422429A (zh) * | 2020-11-18 | 2021-02-26 | 贝壳技术有限公司 | 数据请求处理方法、装置及计算机可读存储介质 |
CN112422429B (zh) * | 2020-11-18 | 2022-04-22 | 贝壳技术有限公司 | 数据请求处理方法和装置、存储介质和电子设备 |
Also Published As
Publication number | Publication date |
---|---|
CN101084657A (zh) | 2007-12-05 |
JP2006180095A (ja) | 2006-07-06 |
US20080134315A1 (en) | 2008-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006068108A1 (ja) | ゲートウェイ、ネットワークシステム及びWebサーバへのアクセス制御方法 | |
CN101056178B (zh) | 一种控制用户网络访问权限的方法和系统 | |
US8291489B2 (en) | Method and apparatus for registering auto-configured network addresses based on connection authentication | |
CN101127600B (zh) | 一种用户接入认证的方法 | |
TWI274491B (en) | Network interconnection apparatus, network interconnection method, name resolution apparatus and computer program | |
US20100107223A1 (en) | Network Access Method, System, and Apparatus | |
US20100122338A1 (en) | Network system, dhcp server device, and dhcp client device | |
WO2014117600A1 (zh) | 基于dns的用户认证和域名访问控制方法及系统 | |
WO2012051868A1 (zh) | 防火墙策略分发方法、客户端、接入服务器及系统 | |
JP2006222929A (ja) | ネットワークシステム | |
WO2009079895A1 (fr) | Procédé permettant d'attribuer une adresse ip secondaire sur la base d'une authentification d'accès dhcp | |
WO2010000157A1 (zh) | 接入设备的配置方法、装置及系统 | |
JP2001326696A (ja) | アクセス制御方法 | |
KR100714368B1 (ko) | 인증 서버와 연동되는 ip 주소 관리 시스템 | |
WO2009079896A1 (fr) | Procédé d'authenfication d'accès utilisateur fondé sur un protocole de configuration d'hôte dynamique | |
CN102801685A (zh) | 一种Web认证方法及系统 | |
KR20040001329A (ko) | 공중 무선랜 서비스를 위한 망 접속 방법 | |
JP2010187314A (ja) | 認証機能付きネットワーク中継機器及びそれを用いた端末の認証方法 | |
US10248365B2 (en) | Method and system of using OAuth2 to secure neighbor discovery | |
CN102577299B (zh) | 简化的接入网认证信息承载协议 | |
Cisco | DHCP Server - On-Demand Address Pool Manager | |
Cisco | MPLS VPN ID | |
JP2009267638A (ja) | 端末認証・アクセス認証方法および認証システム | |
WO2006075823A1 (en) | Internet protocol address management system co-operated with authentication server | |
KR100513296B1 (ko) | 네트워크 접근제어를 위한 네트워크 관리장치와관리시스템 및 이를 이용한 네트워크 접근제어 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 11722161 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580043947.X Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05820318 Country of ref document: EP Kind code of ref document: A1 |
|
WWP | Wipo information: published in national office |
Ref document number: 11722161 Country of ref document: US |