WO2012160809A1 - Communication system, control device, communication method, and program - Google Patents
Communication system, control device, communication method, and program Download PDFInfo
- Publication number
- WO2012160809A1 WO2012160809A1 PCT/JP2012/003336 JP2012003336W WO2012160809A1 WO 2012160809 A1 WO2012160809 A1 WO 2012160809A1 JP 2012003336 W JP2012003336 W JP 2012003336W WO 2012160809 A1 WO2012160809 A1 WO 2012160809A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- isolation level
- user terminal
- access
- information
- unit
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- the isolation level determined in this way can also be used as information for determining whether or not access is possible between users, as shown in Fig. 10. A detailed description is given in a first exemplary embodiment with regard to this point.
- the processing rule implementing whether or not access is possible among the users as described above or the processing rule enabling or disenabling access to the network resources may be set first in a processing node, or they may be set at the same timing. Furthermore, in the abovementioned description, the processing rule implementing whether or not access is possible among the users is set, but in a case where an isolation level is also obtained for other nodes outside of the user terminals, it is possible to determine whether or not access is possible in accordance with the isolation level, and to set a processing rule implementing this.
- the control device 400 as described above can also be realized by adding equivalent functions to the path-action calculation unit 16 functioning as the isolation level determination unit 410, the isolation level information storage unit 420, and the access control unit 430, as described above, based on an OpenFlow controller of NPLs 1 and 2.
- a processing rule used by the terminal access control unit 600 of the user terminal 100A may be the same as one held in a forwarding node, or packet filtering technology as in iptables may be used instead of this type of processing rule.
- the terminal access control unit 600 can also apply a processing rule allowing or denying forwarding of a packet, with respect to a physical NIC (Network Interface Card) inside the user terminal 100A; application is also possible with regard to virtual NICs held by respective VMs (Virtual Machines) operating inside the user terminal 100A; and application is also possible with respect to plural virtual switches operating inside the user terminal 100A. In this way, the terminal access control unit 600 can freely designate a place to execute access control inside the user terminal 100A.
- NIC Network Interface Card
- an isolation level information storage unit 420 stores isolation level information, in which location information of where access is allowed (or location information of where access is denied) is set, in a condition field (refer to Fig. 8) of respective isolation level information shown in the first and second exemplary embodiments of the present invention.
- a condition field (refer to Fig. 8) of respective isolation level information shown in the first and second exemplary embodiments of the present invention.
- location information for allowed access for example, "Tokyo", or the like
- the communication system is provided with a quarantine agent that implements quarantine processing of a user terminal at prescribed timing, in a user terminal, and notifies a quarantine result to the isolation level determination unit, unit as the information acquisition unit.
- the communication system has a requirement to be satisfied that is determined for each of the isolation levels, and the isolation level determination unit determines an isolation level according to whether or not the quarantine result notified from the quarantine agent unit satisfies the requirement (Fourth Mode)
- the communication system further includes a communication policy management unit that provides a communication policy to be applied to a user for whom authentication has succeeded, wherein accessibility determined by the communication policy is corrected using information defined in the isolation level information storage unit.
Abstract
Description
This application is based upon and claims the benefit of the priority of Japanese patent application No. 2011-115104, filed on May 23, 2011, the disclosure of which is incorporated herein in its entirety by reference thereto. This invention relates to a communication system, a communication device, a quarantine method, and a computer program, and in particular to a communication system, a control device, a communication method, and a computer program for performing access control by controlling a forwarding node.
[PLT 2] Japanese Patent Kohyo Publication No. JP2009-515426A
[PLT 3] International Publication No. WO2008/095010A1
Next, a detailed description is given concerning a first exemplary embodiment of the present invention, making reference to the drawings. Fig. 2 is a diagram representing a configuration of a communication system of the first exemplary embodiment of the invention. Referring to Fig. 2, a configuration is shown that includes a plurality of
Next, a detailed description is given concerning a second exemplary embodiment of the present invention, making reference to the drawings. Fig. 12 is a diagram representing a configuration of a communication system of the second exemplary embodiment of the invention. A point of difference from the configuration shown in Fig. 2 is that a terminal
Next, a detailed description is given concerning a third exemplary embodiment of the present invention, making reference to the drawings. Fig. 14 is a diagram representing a configuration of a communication system of the third exemplary embodiment of the invention. Points of difference from the configuration shown in Fig. 2 are the point that an
(First Mode)
(Refer to the communication system according to the abovementioned first aspect.)
(Second Mode)
With regard to the communication system of the first mode, the communication system is provided with a quarantine agent that implements quarantine processing of a user terminal at prescribed timing, in a user terminal, and notifies a quarantine result to the isolation level determination unit, unit as the information acquisition unit.
(Third Mode)
With regard to the communication system of the second mode, the communication system has a requirement to be satisfied that is determined for each of the isolation levels, and the isolation level determination unit determines an isolation level according to whether or not the quarantine result notified from the quarantine agent unit satisfies the requirement
(Fourth Mode)
With regard to the communication system of any one of the first to third modes, the communication system further includes a communication policy management unit that provides a communication policy to be applied to a user for whom authentication has succeeded, wherein accessibility determined by the communication policy is corrected using information defined in the isolation level information storage unit.
(Fifth Mode)
With regard to the communication system of any one of the first to fourth modes, in the communication system the access control unit controls whether or not access is possible between the user terminal and another node, based on the determined isolation level and an isolation level of the other node.
(Sixth Mode)
With regard to the communication system of any one of the first to fifth modes, in the communication system the access control unit controls the forwarding node by setting, in the forwarding node, a processing rule that determines a matching rule matching a packet and a process to be applied to the packet that conforms to the matching rule.
(Seventh Mode)
With regard to the communication system of the sixth mode, in the communication system the access control unit controls the forwarding node so as to delete an unnecessary processing rule, and in a case of not holding a processing rule having a matching rule that matches a received packet, causes the received packet to be dropped.
(Eighth Mode)
With regard to the communication system of any one of the first to seventh modes, in the communication system a terminal access control unit that controls whether or not transmission of a packet is possible is provided in the user terminal, and the isolation level determination unit or the access control unit gives an instruction to inhibit transmission of a packet, with respect to the terminal access control unit.
(Ninth Mode)
With regard to the communication system of the first mode, in the communication system an action monitoring unit that monitors action of a user terminal and gives notification to the isolation level determination unit is provided in the user terminal, as the information acquisition unit.
(Tenth Mode)
With regard to the communication system of the ninth mode, in the communication system the isolation level determination unit uses location information of a user terminal included in the action information to determine an isolation level. It is noted that any combination (including selection of elements contained in any of the modes) of the modes disclosed above can be implemented within the basic concept of the present entire disclosure.
(Eleventh Mode)
(Refer to the control device according to the abovementioned second aspect.) Note further modes are possible in accordance with any of the preceding modes se forth herein.
(Twelfth Mode)
(Refer to the communication method according to the abovementioned third aspect.) Note further modes are possible in accordance with any of the preceding modes se forth herein.
(Thirteenth Mode)
(Refer to the program according to the abovementioned fourth aspect.) It is to be noted that the abovementioned eleventh to thirteenth modes can be expanded to be applicable to the second to tenth modes in any combination and/or selection thereof, similar to the abovementioned first mode.
12 control message processing unit
13 processing rule management unit
14 processing rule storage unit
15 forwarding node management unit
16 path-action calculation unit
17 topology management unit
18 terminal location management unit
19 communication policy management unit
20 communication policy storage unit
100, 100A, 100B user terminal
110a information acquisition unit
110 quarantine agent unit
200, 201, 202, 203, 204 forwarding node
300 policy management device
310 communication policy storage unit
320 resource information storage unit
330 authentication device
400 control device
410 isolation level determination unit
420 isolation level information storage unit
430 access control unit
500, 500A, 500B network resource
600 terminal access control unit
700 action monitoring unit
Claims (10)
- A communication system, comprising:
an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from said user terminal;
an isolation level determination unit that determines an isolation level to which said user terminal belongs, based on said acquired information;
an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each isolation level;
an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to said respective access destinations; and
a forwarding node(s) that forwards a packet in accordance with control of said access control unit. - The communication system according to claim 1 comprising a quarantine agent unit that implements quarantine processing of a user terminal at prescribed timing, in a user terminal, and notifies a quarantine result to said isolation level determination unit, as said information acquisition unit.
- The communication system according to claim 2, wherein
a requirement to be satisfied is determined for each of said isolation levels, and
said isolation level determination unit determines an isolation level according to whether or not a quarantine result notified from said quarantine agent unit satisfies said requirement. - The communication system according to any one of claims 1 to 3, further comprising a communication policy management unit that provides a communication policy to be applied to a user for whom authentication has succeeded, wherein
accessibility determined by said communication policy is corrected by using information defined in said isolation level information storage unit. - The communication system according to any one of claims 1 to 4, wherein said access control unit controls whether or not access is possible between said user terminal and an other node, based on said determined isolation level and an isolation level of the other node.
- The communication system according to any one of claims 1 to 5, wherein said access control unit controls said forwarding node by setting, in said forwarding node, a processing rule that determines a matching rule matching a packet and a process to be applied to the packet that conforms to said matching rule.
- The communication system according to any one of claims 1 to 6, wherein
a terminal access control unit that controls whether or not transmission of a packet is possible is provided in said user terminal, and
said isolation level determination unit or said access control unit gives an instruction to inhibit transmission of a packet, with respect to said terminal access control unit. - The communication system according to claim 1, wherein an action monitoring unit that monitors action of a user terminal and gives notification to said isolation level determination unit is provided in said user terminal, as said information acquisition unit.
- A control device, adapted to be disposed in a communication system including an information acquisition unit that acquires information for determining an isolation level to which a user terminal belongs, from said user terminal, and a forwarding node(s) that forwards a packet in accordance with control of said control device, said control device comprising:
an isolation level determination unit that determines an isolation level to which said user terminal belongs, based on information acquired in said information acquisition unit;
an isolation level information storage unit that defines whether or not access is possible to respective access destinations for each of said isolation levels; and
an access control unit that causes a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to said respective access destinations. - A communication method, comprising:
a step of acquiring information for determining an isolation level to which a user terminal belongs, from said user terminal;
a step of determining an isolation level to which said user terminal belongs, based on said acquired information; and
a step of referring to isolation level information defining whether or not access is possible to respective access destinations, for each of said isolation levels, and causing a forwarding node(s) to implement forwarding or dropping of a packet, in accordance with whether or not access is possible to said respective access destinations.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/119,827 US9215237B2 (en) | 2011-05-23 | 2012-05-22 | Communication system, control device, communication method, and program |
JP2013553678A JP5943006B2 (en) | 2011-05-23 | 2012-05-22 | COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM |
EP12789941.7A EP2715991A4 (en) | 2011-05-23 | 2012-05-22 | Communication system, control device, communication method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011115104 | 2011-05-23 | ||
JP2011-115104 | 2011-05-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012160809A1 true WO2012160809A1 (en) | 2012-11-29 |
Family
ID=47216900
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/003336 WO2012160809A1 (en) | 2011-05-23 | 2012-05-22 | Communication system, control device, communication method, and program |
Country Status (4)
Country | Link |
---|---|
US (1) | US9215237B2 (en) |
EP (1) | EP2715991A4 (en) |
JP (1) | JP5943006B2 (en) |
WO (1) | WO2012160809A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015198574A1 (en) * | 2014-06-23 | 2015-12-30 | 日本電気株式会社 | Physical machine detection system, detection apparatus, detection method and detection program |
JP2017502620A (en) * | 2013-11-04 | 2017-01-19 | イルミオ, インコーポレイテッドIllumio,Inc. | Distributed network security using a logical multidimensional label-based policy model |
US10701090B2 (en) | 2013-04-10 | 2020-06-30 | Illumio, Inc. | Distributed network security using a logical multi-dimensional label-based policy model |
US10897403B2 (en) | 2013-04-10 | 2021-01-19 | Illumio, Inc. | Distributed network management using a logical multi-dimensional label-based policy model |
US11012310B2 (en) | 2018-06-05 | 2021-05-18 | Illumio, Inc. | Managing containers based on pairing keys in a segmented network environment |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9137205B2 (en) | 2012-10-22 | 2015-09-15 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US9565213B2 (en) | 2012-10-22 | 2017-02-07 | Centripetal Networks, Inc. | Methods and systems for protecting a secured network |
US9203806B2 (en) | 2013-01-11 | 2015-12-01 | Centripetal Networks, Inc. | Rule swapping in a packet network |
US9124552B2 (en) | 2013-03-12 | 2015-09-01 | Centripetal Networks, Inc. | Filtering network data transfers |
US9094445B2 (en) | 2013-03-15 | 2015-07-28 | Centripetal Networks, Inc. | Protecting networks from cyber attacks and overloading |
US9491031B2 (en) * | 2014-05-06 | 2016-11-08 | At&T Intellectual Property I, L.P. | Devices, methods, and computer readable storage devices for collecting information and sharing information associated with session flows between communication devices and servers |
US9531677B1 (en) * | 2014-05-07 | 2016-12-27 | Skyport Systems, Inc. | Method and system for managing network access |
US9264370B1 (en) | 2015-02-10 | 2016-02-16 | Centripetal Networks, Inc. | Correlating packets in communications networks |
US9866576B2 (en) * | 2015-04-17 | 2018-01-09 | Centripetal Networks, Inc. | Rule-based network-threat detection |
US9917856B2 (en) | 2015-12-23 | 2018-03-13 | Centripetal Networks, Inc. | Rule-based network-threat detection for encrypted communications |
US11729144B2 (en) | 2016-01-04 | 2023-08-15 | Centripetal Networks, Llc | Efficient packet capture for cyber threat analysis |
US11483288B1 (en) * | 2016-03-17 | 2022-10-25 | Wells Fargo Bank, N.A. | Serialization of firewall rules with user, device, and application correlation |
US11050758B2 (en) * | 2016-08-23 | 2021-06-29 | Reavire, Inc. | Controlling access to a computer network using measured device location |
WO2018055654A1 (en) * | 2016-09-20 | 2018-03-29 | Nec Corporation | Communication apparatus, system, method, and program |
US10911452B2 (en) * | 2016-11-22 | 2021-02-02 | Synergex Group (corp.) | Systems, methods, and media for determining access privileges |
US10503899B2 (en) | 2017-07-10 | 2019-12-10 | Centripetal Networks, Inc. | Cyberanalysis workflow acceleration |
US10284526B2 (en) | 2017-07-24 | 2019-05-07 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
US11233777B2 (en) | 2017-07-24 | 2022-01-25 | Centripetal Networks, Inc. | Efficient SSL/TLS proxy |
US10333898B1 (en) | 2018-07-09 | 2019-06-25 | Centripetal Networks, Inc. | Methods and systems for efficient network protection |
US11258720B2 (en) * | 2020-05-15 | 2022-02-22 | Entry Point, Llc | Flow-based isolation in a service network implemented over a software-defined network |
US11362996B2 (en) | 2020-10-27 | 2022-06-14 | Centripetal Networks, Inc. | Methods and systems for efficient adaptive logging of cyber threat incidents |
US11159546B1 (en) | 2021-04-20 | 2021-10-26 | Centripetal Networks, Inc. | Methods and systems for efficient threat context-aware packet filtering for network protection |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138417A1 (en) | 2003-12-19 | 2005-06-23 | Mcnerney Shaun C. | Trusted network access control system and method |
JP2005346183A (en) | 2004-05-31 | 2005-12-15 | Quality Kk | Network connection control system and network connection control program |
US20070011725A1 (en) | 2005-07-11 | 2007-01-11 | Vasant Sahay | Technique for providing secure network access |
JP2007052550A (en) * | 2005-08-16 | 2007-03-01 | Nec Corp | Computer system and information processing terminal |
WO2008095010A1 (en) | 2007-02-01 | 2008-08-07 | The Board Of Trustees Of The Leland Stanford Jr. University | Secure network switching infrastructure |
JP2009515426A (en) | 2005-11-07 | 2009-04-09 | ジーディーエックス ネットワーク, インコーポレイテッド | High reliability communication network |
JP2010118745A (en) * | 2008-11-11 | 2010-05-27 | Sumitomo Electric System Solutions Co Ltd | Quarantine control device, quarantine controlling computer program, communication jamming method, terminal device, agent computer program, computer program set, and incorrect learning processing method |
JP2010287932A (en) * | 2009-06-09 | 2010-12-24 | Nec Corp | Quarantine network system, access management device, access management method, and access management program |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7051077B2 (en) | 2003-06-30 | 2006-05-23 | Mx Logic, Inc. | Fuzzy logic voting method and system for classifying e-mail using inputs from multiple spam classifiers |
US7680890B1 (en) | 2004-06-22 | 2010-03-16 | Wei Lin | Fuzzy logic voting method and system for classifying e-mail using inputs from multiple spam classifiers |
US8484295B2 (en) | 2004-12-21 | 2013-07-09 | Mcafee, Inc. | Subscriber reputation filtering method for analyzing subscriber activity and detecting account misuse |
US7953814B1 (en) | 2005-02-28 | 2011-05-31 | Mcafee, Inc. | Stopping and remediating outbound messaging abuse |
US7272719B2 (en) * | 2004-11-29 | 2007-09-18 | Signacert, Inc. | Method to control access between network endpoints based on trust scores calculated from information system component analysis |
US9160755B2 (en) | 2004-12-21 | 2015-10-13 | Mcafee, Inc. | Trusted communication network |
US8738708B2 (en) | 2004-12-21 | 2014-05-27 | Mcafee, Inc. | Bounce management in a trusted communication network |
US7266475B1 (en) * | 2006-02-16 | 2007-09-04 | International Business Machines Corporation | Trust evaluation |
US8191124B2 (en) * | 2006-09-06 | 2012-05-29 | Devicescape Software, Inc. | Systems and methods for acquiring network credentials |
US8316227B2 (en) * | 2006-11-01 | 2012-11-20 | Microsoft Corporation | Health integration platform protocol |
US8856330B2 (en) * | 2013-03-04 | 2014-10-07 | Fmr Llc | System for determining whether to block internet access of a portable system based on its current network configuration |
-
2012
- 2012-05-22 US US14/119,827 patent/US9215237B2/en active Active
- 2012-05-22 JP JP2013553678A patent/JP5943006B2/en active Active
- 2012-05-22 EP EP12789941.7A patent/EP2715991A4/en not_active Withdrawn
- 2012-05-22 WO PCT/JP2012/003336 patent/WO2012160809A1/en active Application Filing
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138417A1 (en) | 2003-12-19 | 2005-06-23 | Mcnerney Shaun C. | Trusted network access control system and method |
JP2005346183A (en) | 2004-05-31 | 2005-12-15 | Quality Kk | Network connection control system and network connection control program |
US20070011725A1 (en) | 2005-07-11 | 2007-01-11 | Vasant Sahay | Technique for providing secure network access |
JP2007052550A (en) * | 2005-08-16 | 2007-03-01 | Nec Corp | Computer system and information processing terminal |
JP2009515426A (en) | 2005-11-07 | 2009-04-09 | ジーディーエックス ネットワーク, インコーポレイテッド | High reliability communication network |
WO2008095010A1 (en) | 2007-02-01 | 2008-08-07 | The Board Of Trustees Of The Leland Stanford Jr. University | Secure network switching infrastructure |
JP2010118745A (en) * | 2008-11-11 | 2010-05-27 | Sumitomo Electric System Solutions Co Ltd | Quarantine control device, quarantine controlling computer program, communication jamming method, terminal device, agent computer program, computer program set, and incorrect learning processing method |
JP2010287932A (en) * | 2009-06-09 | 2010-12-24 | Nec Corp | Quarantine network system, access management device, access management method, and access management program |
Non-Patent Citations (3)
Title |
---|
NICK MCKEOWN, OPENFLOW: ENABLING INNOVATION IN CAMPUS NETWORKS, 16 May 2011 (2011-05-16), Retrieved from the Internet <URL:http://www.openflowswitch.org/documents/openflow-wp-latest.pdf> |
OPENFLOW: SWITCH SPECIFICATION, 16 May 2011 (2011-05-16), Retrieved from the Internet <URL:http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf> |
See also references of EP2715991A4 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10701090B2 (en) | 2013-04-10 | 2020-06-30 | Illumio, Inc. | Distributed network security using a logical multi-dimensional label-based policy model |
US10897403B2 (en) | 2013-04-10 | 2021-01-19 | Illumio, Inc. | Distributed network management using a logical multi-dimensional label-based policy model |
US10917309B2 (en) | 2013-04-10 | 2021-02-09 | Illumio, Inc. | Distributed network management using a logical multi-dimensional label-based policy model |
US10924355B2 (en) | 2013-04-10 | 2021-02-16 | Illumio, Inc. | Handling changes in a distributed network management system that uses a logical multi-dimensional label-based policy model |
US11503042B2 (en) | 2013-04-10 | 2022-11-15 | Illumio, Inc. | Distributed network security using a logical multi-dimensional label-based policy model |
JP2017502620A (en) * | 2013-11-04 | 2017-01-19 | イルミオ, インコーポレイテッドIllumio,Inc. | Distributed network security using a logical multidimensional label-based policy model |
WO2015198574A1 (en) * | 2014-06-23 | 2015-12-30 | 日本電気株式会社 | Physical machine detection system, detection apparatus, detection method and detection program |
JPWO2015198574A1 (en) * | 2014-06-23 | 2017-04-27 | 日本電気株式会社 | Physical machine detection system, detection apparatus, detection method, and detection program |
US11012310B2 (en) | 2018-06-05 | 2021-05-18 | Illumio, Inc. | Managing containers based on pairing keys in a segmented network environment |
Also Published As
Publication number | Publication date |
---|---|
EP2715991A4 (en) | 2014-11-26 |
EP2715991A1 (en) | 2014-04-09 |
JP2014518021A (en) | 2014-07-24 |
JP5943006B2 (en) | 2016-06-29 |
US9215237B2 (en) | 2015-12-15 |
US20140075510A1 (en) | 2014-03-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012160809A1 (en) | Communication system, control device, communication method, and program | |
JP5862577B2 (en) | COMMUNICATION SYSTEM, CONTROL DEVICE, POLICY MANAGEMENT DEVICE, COMMUNICATION METHOD, AND PROGRAM | |
JP5811179B2 (en) | COMMUNICATION SYSTEM, CONTROL DEVICE, POLICY MANAGEMENT DEVICE, COMMUNICATION METHOD, AND PROGRAM | |
RU2586587C2 (en) | Terminal control device, communication method, communication system, communication module, program and information processing device | |
US9571523B2 (en) | Security actuator for a dynamically programmable computer network | |
JP5811171B2 (en) | COMMUNICATION SYSTEM, DATABASE, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM | |
US9397949B2 (en) | Terminal, control device, communication method, communication system, communication module, program, and information processing device | |
US9887920B2 (en) | Terminal, control device, communication method, communication system, communication module, program, and information processing device | |
JP2014516215A (en) | Communication system, control device, processing rule setting method and program | |
CN106411852B (en) | Distributed terminal access control method and device | |
KR101854996B1 (en) | SDN for preventing malicious application and Determination apparatus comprising the same | |
US20230319684A1 (en) | Resource filter for integrated networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12789941 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013553678 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14119827 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012789941 Country of ref document: EP |