WO2010040309A1 - Procédé d'accès, système de réseau et dispositif - Google Patents

Procédé d'accès, système de réseau et dispositif Download PDF

Info

Publication number
WO2010040309A1
WO2010040309A1 PCT/CN2009/074139 CN2009074139W WO2010040309A1 WO 2010040309 A1 WO2010040309 A1 WO 2010040309A1 CN 2009074139 W CN2009074139 W CN 2009074139W WO 2010040309 A1 WO2010040309 A1 WO 2010040309A1
Authority
WO
WIPO (PCT)
Prior art keywords
endpoint
security
security domain
information
identity
Prior art date
Application number
PCT/CN2009/074139
Other languages
English (en)
Chinese (zh)
Inventor
贾科
刘冰
位继伟
尹瀚
任兰芳
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010040309A1 publication Critical patent/WO2010040309A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to an access method, a network system, and an apparatus. Background technique
  • the TNC (Trusted Network Connect) standard defines an open architecture that enables network operators to implement policies related to endpoint security status to determine whether the endpoint is allowed to access the network.
  • the entities in the TNC architecture are AR (Access Requestor), PEP (Policy Enforcement Point), traffic controllers and sensors, MAP (Metadata Access Point), and PDP (Policy Decision). Point, strategic decision point).
  • AR Access Requestor
  • PEP Policy Enforcement Point
  • Traffic controllers and sensors MAP (Metadata Access Point)
  • MAP Metadata Access Point
  • PDP Policy Decision
  • Point strategic decision point
  • the PDP compares the AR's credentials (such as user credentials, passwords, etc.) and information about its own security status with a particular network access policy, and then decides whether network access should be authorized. Give AR. If a PEP is present, the PDP passes the decision of the PCP to the PEP, which is responsible for granting or denying access.
  • FTNC Federated Trusted Network Connect
  • ASD Access Security Domain
  • RSD Relying Security Domain
  • the FTNC is divided into a "Network Assessment Profile” and a "Web Assessment Profile” mode, and the Network Assessment Profile mode allows the network operator to perform access control on the endpoint access network according to the security status information of the endpoint.
  • the SP Service Provider
  • the message can contain attribute information such as the attribute requester and the IF-FTNC protocol version.
  • ASD's Radius server After ASD's Radius server successfully authenticates the endpoint identity, it must return a Radius Access-Accept message to the SP, which contains attribute information such as the endpoint's Name ID, the endpoint's attribute authority, and the IF-FTNC protocol version.
  • the SP requests an assertion from the endpoint's SAML (Security Assertion Markup Language) attribute authority. After obtaining the assertion, the SP makes appropriate authorizations for the endpoint access network based on the assertions obtained.
  • SAML Security Assertion Markup Language
  • the inventor has found that the prior art has at least the following problems:
  • the prior art when an endpoint sends an access request to a network, the network that is requested to access cannot determine which ASD the endpoint belongs to, and lacks a unified
  • the mechanism used to identify the endpoint ASD will have an impact on the feasibility of the technology under the trend of various types of network interworking and convergence. Summary of the invention
  • An embodiment of the present invention provides an access method, a network system, and a device, to implement, according to an identity identifier of an endpoint, determine a security domain of an endpoint, and perform access.
  • an embodiment of the present invention provides an access method, including: receiving an identity identifier from an endpoint, where the identity identifier includes a security domain information of the endpoint.
  • an embodiment of the present invention further provides a network system, including: An endpoint, configured to send an identity identifier to the service provider, where the identity identifier includes security domain information of the endpoint;
  • a service provider configured to receive an identity from the endpoint, obtain a security state of the endpoint according to the security domain information of the endpoint, and perform appropriate access control on the endpoint according to the security state of the endpoint decision making.
  • the embodiment of the present invention further provides a service provider, including:
  • a receiving module configured to receive an identity identifier from the endpoint, where the identity identifier includes security domain information of the endpoint;
  • An obtaining module configured to obtain a security status of the endpoint according to the security domain information of the endpoint
  • a decision module configured to make a suitable access control decision for the endpoint according to the security state obtained by the acquiring module.
  • the embodiment of the invention further provides an access method, which includes:
  • the security status of the endpoint is obtained by the service provider according to the security domain information of the endpoint, and an access control decision is made to the endpoint according to the security state of the endpoint.
  • the embodiment of the present invention has the following advantages:
  • the service provider receives the identity identifier from the endpoint, obtains the security state of the endpoint, and performs the endpoint according to the security state of the endpoint. Make appropriate access control decisions. Therefore, according to the security domain information sent by the endpoint, the security domain of the endpoint is determined, the security state of the endpoint is obtained, and subsequent access decisions are made according to the security state of the endpoint, so that the local trusted network can be well connected.
  • the process and the joint trusted network connection process are linked together.
  • FIG. 1 is a flowchart of an access method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another access method according to an embodiment of the present invention.
  • FIG. 3 is a flow chart of accessing by using an IEEE 802.11x access control protocol according to an embodiment of the present invention
  • FIG. 4 is a structural diagram of a network system according to an embodiment of the present invention.
  • FIG. 5 is a structural diagram of a service provider according to an embodiment of the present invention.
  • FIG. 6 is a structural diagram of another service provider according to an embodiment of the present invention. detailed description
  • the embodiment of the present invention provides an access method, which can be applied to a trusted network connection TNC or a joint trusted network connection FTNC architecture.
  • the network can quickly and accurately obtain the security domain information provided by the endpoint. Determining the security domain of the endpoint. If the security domain of the endpoint belongs to the local network, the access decision is made according to the policy of the local network, for example: triggering the local trusted network connection process; if the security domain of the endpoint is not local, the joint trusted The network connection process, and through the security domain information, such as: domain name information of the security domain, find the security domain of the endpoint and establish a connection.
  • Step S101 Receive an identity from an endpoint, where the identity includes security domain information of the endpoint.
  • Step S102 Obtain a security status of the endpoint according to the security domain information of the endpoint.
  • the service provider determines whether the endpoint is a local endpoint according to the security domain information of the endpoint, and if the endpoint is not the local endpoint, performs a joint trusted network connection process. If the endpoint is a local endpoint, the local trusted network connection process is triggered.
  • obtaining the security status of the endpoint may be:
  • the security domain of the endpoint is requested to authenticate the endpoint, and after the identity of the endpoint is successfully authenticated by the endpoint, the information is obtained from the security domain of the endpoint, and the endpoint is obtained according to the foregoing information.
  • the security status is obtained from the security domain of the endpoint, and the endpoint is obtained according to the foregoing information.
  • the service provider may send the request message sent by the endpoint to the security domain of the endpoint according to the security domain information of the endpoint, and request the security domain of the endpoint to perform identity authentication on the endpoint.
  • the security domain of the endpoint successfully authenticates the endpoint, receiving a message returned by the security domain of the endpoint, the message includes the attribute authority information of the endpoint, and requesting the attribute authority of the endpoint according to the attribute authority information of the endpoint
  • the security assertion of the endpoint obtains the security status of the endpoint based on the security assertion of the endpoint.
  • the attribute authority of the endpoint may be within the security domain of the endpoint or outside the security domain of the endpoint.
  • Step S103 according to the security state of the endpoint, make an appropriate access control decision for the endpoint.
  • the security domain in the embodiment of the present invention can provide endpoint attribute authority information, or can directly perform security assessment on the endpoint and provide endpoint attribute information; the security domain can be a network device or a logical function unit, or several network devices or logical function units.
  • the composition can be hardware or software implementation and can be deployed on the network side.
  • the security status in the embodiment of the present invention includes, but is not limited to, the security assessment status level of the endpoint, or the access control recommendation of the endpoint or the specific security status information of the endpoint, for example: OS (Operating System) version, patch installation, firewall /AV software version and so on.
  • the service provider receives the identity identifier from the endpoint, and determines the security domain of the endpoint according to the security domain information of the endpoint included in the identity identifier, obtains the security state of the endpoint, and according to the security state of the endpoint , making an access decision for the request of the endpoint.
  • the local trusted network connection process and the joint trusted network connection process are well connected.
  • the security domain information of the endpoint is included in the identity identifier. From the identity identifier, the accessed network can obtain the identity of the endpoint itself and the domain name information of the endpoint security domain.
  • the request message sent by the endpoint includes an identity, by which the network can quickly and accurately determine whether the security domain of the endpoint is in the local network, thereby determining whether the endpoint is a local endpoint, and further Trigger the subsequent process.
  • the TNC server refers to a server in the network that can perform security assessment on an endpoint, and is a logical component that is applicable to all types of networks.
  • devices that can perform access control decisions within the network for example: AAA (Authentication Authorization and Accounting), deploy a server that performs endpoint security evaluation.
  • Endpoints can refer to those terminal devices that seek to access the network, including fixed terminals (such as computers) and mobile terminals (such as smart phones), and can also be access devices (such as wireless access points and base stations) or forwarding devices (such as routers). And switches) and so on.
  • the security domain of the endpoint can evaluate the security status of the endpoint.
  • ASD is used as an example.
  • the service provider requested by the endpoint cannot directly perform security assessment on the endpoint, that is, the service provider can generally be located in the RSD, and the service provider can be the provider of the network access service, which can be A network device or logical functional unit, or several network devices or logical functional units, can be hardware or software implementation, for example: network connection Incoming provider, community broadband access provider or enterprise network access control server; can also be an application server, such as a web server. Service providers can be deployed on the network side.
  • a flowchart of another access method according to an embodiment of the present invention may be applied to a trusted network connection TNC or a joint trusted network connection FTNC architecture.
  • the identity identifier in this embodiment adopts IETF (Internet). Engineering Task Force, Internet Engineering Task Force)
  • the NAI IETF RFC 4282 - Network Address Identifier
  • Step S201 The endpoint sends an access request to a Service Provider.
  • the request message sent by the endpoint contains the identity of the NAI format.
  • Step S202 The service provider determines whether the endpoint is a local endpoint.
  • the service provider can determine that the endpoint is a local Endpoints, and access control measures for local endpoints (such as triggering a TNC process to perform security assessments on endpoints). Otherwise, the service provider performs step 203 to perform the FTNC process.
  • Step S203 The ASD authenticates the endpoint identity.
  • the endpoint needs to be authenticated by the ASD.
  • the service provider must send a Radius Access-Request message to the ASD Radius server, which contains the endpoint's attribute authority and IF-FTNC protocol version. According to the identity of the NAI format, the service provider can find the corresponding route to send the Radius Access-Request message to the ASD of the endpoint.
  • Step S204 the TNC server evaluates the endpoint.
  • Step S204 is an optional step.
  • Step S205 the ASD returns the IF-FTNC attribute information to the RSD.
  • the Radius Access-Accept message After the identity of the ADS Radius server authentication endpoint is successful, the Radius Access-Accept message must be returned to the service provider.
  • the adius Access-Accept message contains attribute information such as the endpoint's Name ID, the endpoint's attribute authority, and the IF-FTNC protocol version.
  • Step S206 The service provider requests the endpoint attribute authority to be disconnected
  • the service provider can request the endpoint's assertion from the endpoint's attribute authority based on the IF-FTNC attribute information returned by the ASD's Radius server.
  • the SAML 2.0 Assertion Query/Request mode, or the Shibboleth Attribute Exchange mode can be used when requesting assertions.
  • Step S207 The service provider authorizes the endpoint to access the network.
  • the service provider can make appropriate authorizations for the endpoint to access the network.
  • the service provider receives the identity identifier sent by the endpoint, determines the ASD of the endpoint according to the ASD information of the endpoint included in the identity identifier, and makes an appropriate access control decision on the endpoint, thereby implementing the local TNC.
  • the connection process and the FTNC process are well connected.
  • the Radius server and the TNC server may be integrated into one physical entity or may be independent physical entities.
  • the technical solution provided by the embodiment of the present invention can be applied to any network deployed with a TNC and an FTNC, and is applicable to various wired and wireless access technologies, for example, a LAN (Local Area Network), and an ADSL (Asymmetric Digital Subscriber Line).
  • Asymmetric Digital Subscriber Line Asymmetric Digital Subscriber Line
  • WLAN Wireless Local Area Network
  • WiFi Wireless Fidelity
  • WiMax Worldwide Interoperability for Microwave Access
  • UMTS Universal Mobile
  • FTNC can be applied in the Intranet (Enterprise Network), and its commonly used wired access control method is the IEEE (Institute of Electrical and Electronic Engineers) 802.1x protocol.
  • Step S301 The endpoint sends an EAPOL (Extensible Authentication Protocol over LAN)-start message to the switch to initiate an 802.1x connection request.
  • EAPOL Extensible Authentication Protocol over LAN
  • Step S302 The switch returns an EAP (Extensible Authentication Protocol)-Request/identity message to request identity information of the endpoint.
  • EAP Extensible Authentication Protocol
  • Step S303 The endpoint returns an EAP-Response/identity message, and the message carries an identity in the NAI format, for example, FTNC-Client@huawei.com.
  • Step S304 the switch sends a Radius-access-request message to the Radius server of the RSD to initiate a Radius access request.
  • the Radius-access-request message contains the identity of the NAI format sent by the endpoint to the switch.
  • Step S305 The Radius server of the RSD determines whether the endpoint is a local endpoint according to the identity of the NAI format. If the ASD of the endpoint is local to the RSD, the Radius server determines that the endpoint is a local endpoint, and performs an access decision according to the local policy of the RSD, for example: triggering a local TNC process; if the ASD of the endpoint is not local to the RSD, the Radius server determines the The endpoint is not a local endpoint, initiates the FTNC process, forwards the Radius-access-request message to the endpoint's ASD, and authenticates the endpoint by the endpoint's ASD.
  • the embodiment of the present invention introduces an identity identifier, and the security domain information in the identity identifier enables the SD to quickly and accurately determine the ASD of the endpoint, so that the protocol can be applied to various access scenarios. And by judging whether the ASD of the endpoint is local to the RSD, the process of the TNC and the FTNC can be well coupled. Similar to the NAI format, the embodiment of the present invention may also adopt a format such as a URI (Universal Resource Identifier), or an identifier may be defined by the implementer, as long as the identifier can identify the information of the endpoint security domain. It should fall within the scope of protection of the embodiments of the present invention.
  • URI Universal Resource Identifier
  • FIG. 4 it is a structural diagram of a network system according to an embodiment of the present invention, which can be applied to a trusted network connection TNC or a joint trusted network connection FTNC architecture, including:
  • the endpoint 41 is configured to send an identity identifier to the service provider, where the identity identifier includes the security domain information of the endpoint 41;
  • the service provider 42 for receiving the identity from the endpoint 41, obtains the security status of the endpoint 41 based on the security domain information of the endpoint 41, and makes appropriate access control decisions for the endpoint 41 based on the security state of the endpoint 41.
  • the network system can also include:
  • the security domain 43 of the endpoint is used to authenticate the endpoint 41.
  • the service provider 42 is provided with information, and the service provider 42 obtains the security status of the endpoint 41 based on the above information.
  • the service provider 42 receives the identity identifier sent by the endpoint 41, and determines the security domain of the endpoint 41 according to the security domain information of the endpoint included in the identity identifier, obtains the security state of the endpoint 41, and according to the endpoint The security state of 41 makes an appropriate access control decision for the endpoint 41.
  • the local trusted network connection process and the joint trusted network connection process are well connected.
  • a structural diagram of a service provider according to an embodiment of the present invention may be used as a service provider in the foregoing embodiment, and may be applied to a trusted network connection TNC or a joint trusted network connection FTNC architecture, including :
  • the receiving module 421 is configured to receive the identity identifier sent by the endpoint 41, where the identity identifier includes the security domain information of the endpoint 41.
  • the obtaining module 422 is configured to obtain the security state of the endpoint 41 according to the security domain information of the endpoint 41.
  • the decision module 423 is configured to make an appropriate access control decision for the endpoint 41 according to the security state obtained by the obtaining module 422.
  • the service provider 42 may further include:
  • the determining module 424 is configured to determine, according to the security domain information of the endpoint 41, whether the endpoint 41 is a local endpoint.
  • the acquisition module 422 can include:
  • the requesting sub-module 4221 is configured to: when the determining module 424 determines that the endpoint 41 is not a local endpoint, request the security domain of the endpoint 41 to authenticate the endpoint 41 according to the security domain information of the endpoint 41;
  • the state obtaining sub-module 4222 is configured to obtain information from the security domain of the endpoint 41 after the identity authentication of the endpoint 41 is successful in the security domain of the endpoint, and obtain the security state of the endpoint 41 according to the foregoing information.
  • the service provider 42 receives the identity sent by the endpoint 41, and the obtaining module 422 obtains the security state of the endpoint 41 according to the security domain information of the endpoint 41.
  • the decision module 423 compares the security state obtained by the obtaining module 422 to the endpoint 41. Make the right access control decisions. Thereby, the local trusted network connection process and the joint trusted network connection process are well connected.
  • the above modules may be distributed in one device or distributed in multiple devices.
  • the above modules can be combined into one module, or further split into multiple sub-modules.
  • the service provider 42 may be composed of one network device or logical function unit, or several network devices or logical function units, and may be implemented by hardware or software, for example: network access provider, community broadband access provider or enterprise network connection Into the control server; can also be an application server, such as a web server. It can be deployed on the network side.
  • the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.
  • a non-volatile storage medium which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.
  • the instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.
  • modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment.
  • the modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Un mode de réalisation de la présente invention porte sur un procédé d'accès, un système de réseau et un dispositif fournisseur de service. Le procédé d'accès comprend : la réception d'une identification comprenant les informations de domaine de sécurité d'un point d'extrémité en provenance du point d'extrémité, l'obtention de la posture de sécurité du point d'extrémité selon les informations de domaine de sécurité du point d'extrémité et la prise d'une décision de contrôle d'accès appropriée pour le point d'extrémité selon la posture de sécurité du point d'extrémité. Le mode de réalisation de la présente invention détermine le domaine de sécurité du point d'extrémité selon les informations de domaine de sécurité envoyées par le point d'extrémité afin d'obtenir la posture de sécurité du point d'extrémité et prend la décision d'accès subséquente selon la posture de sécurité du point d'extrémité. Le processus de connexion au réseau sécurisé local et le processus de connexion au réseau sécurisé fédéré sont combinés l'un à l'autre.
PCT/CN2009/074139 2008-10-10 2009-09-23 Procédé d'accès, système de réseau et dispositif WO2010040309A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810169687.6 2008-10-10
CN2008101696876A CN101582882B (zh) 2008-10-10 2008-10-10 一种接入方法、网络系统和装置

Publications (1)

Publication Number Publication Date
WO2010040309A1 true WO2010040309A1 (fr) 2010-04-15

Family

ID=41364845

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074139 WO2010040309A1 (fr) 2008-10-10 2009-09-23 Procédé d'accès, système de réseau et dispositif

Country Status (2)

Country Link
CN (1) CN101582882B (fr)
WO (1) WO2010040309A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917430B (zh) * 2010-08-11 2012-05-23 西安西电捷通无线网络通信股份有限公司 适合协同可信网络连接模型的间接交互实现方法及其系统
CN102739665B (zh) * 2012-06-25 2015-03-11 成都卫士通信息产业股份有限公司 一种实现网络虚拟安全域的方法
CN104618395B (zh) * 2015-03-04 2017-08-25 浪潮集团有限公司 一种基于可信网络连接的动态跨域访问控制系统及方法
CN105847256A (zh) * 2016-03-25 2016-08-10 宇龙计算机通信科技(深圳)有限公司 主叫接入域选择方法、装置、ims终端和归属签约用服务器
CN113381966B (zh) * 2020-03-09 2023-09-26 维沃移动通信有限公司 信息上报方法、信息接收方法、终端及网络侧设备

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937499A (zh) * 2006-10-13 2007-03-28 清华大学 基于域名的统一身份标识和认证方法
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222488B (zh) * 2007-01-10 2010-12-08 华为技术有限公司 控制客户端访问网络设备的方法和网络认证服务器
CN101197795A (zh) * 2007-12-26 2008-06-11 华为技术有限公司 网络业务保护方法和业务网关

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937499A (zh) * 2006-10-13 2007-03-28 清华大学 基于域名的统一身份标识和认证方法
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TCG, TCG TRUSTED NETWORK CONNECT FEDERATED TNC SPECIFICATION VERSION 1.0 REVISION 26, 18 May 2009 (2009-05-18) *

Also Published As

Publication number Publication date
CN101582882A (zh) 2009-11-18
CN101582882B (zh) 2011-04-20

Similar Documents

Publication Publication Date Title
US9398010B1 (en) Provisioning layer two network access for mobile devices
US9113332B2 (en) Method and device for managing authentication of a user
EP2051432B1 (fr) Procédé, système d'authentification, système, demandeur et authentificateur
US7194763B2 (en) Method and apparatus for determining authentication capabilities
CN101983517B (zh) 演进分组系统的非3gpp接入的安全性
EP3120515B1 (fr) Protection de données de bout en bout améliorée
US20200137056A1 (en) Client device re-authentication
US20090064291A1 (en) System and method for relaying authentication at network attachment
WO2011017924A1 (fr) Procede, systeme, serveur et terminal d'authentification dans un reseau local sans fil
US10284562B2 (en) Device authentication to capillary gateway
US20110055569A1 (en) Roaming authentication method based on wapi
WO2008019615A1 (fr) Procédé, dispositif et système pour authentification d'accès
WO2010003354A1 (fr) Serveur d'authentification et procédé de commande pour l'accès d'un terminal de communication mobile à un réseau privé virtuel
WO2010000185A1 (fr) Procédé, appareil, système et serveur utilisés pour l’authentification sur un réseau
US9548982B1 (en) Secure controlled access to authentication servers
WO2010094244A1 (fr) Procédé, dispositif et système pour réaliser une authentification d'accès
WO2017024449A1 (fr) Procédé et dispositif de traitement pour accéder à un réseau 3gpp par un terminal
WO2013056619A1 (fr) Procédé, idp, sp et système pour la fédération d'identités
US10492071B1 (en) Determining client device authenticity
WO2010069202A1 (fr) Procédé de négociation d'authentification et système associé, passerelle de sécurité, noeud local b
WO2010040309A1 (fr) Procédé d'accès, système de réseau et dispositif
US8051464B2 (en) Method for provisioning policy on user devices in wired and wireless networks
WO2015100874A1 (fr) Procédé et système de gestion d'accès par passerelle locale
KR100904215B1 (ko) 사용자 인증에 기반한 네트워크 접속 관리 시스템 및 방법
JP6312325B2 (ja) 無線通信におけるクライアント端末認証システムおよびクライアント端末認証方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09818773

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09818773

Country of ref document: EP

Kind code of ref document: A1