WO2016106560A1 - Procédé, dispositif et système de mise en œuvre d'accès aléatoire - Google Patents

Procédé, dispositif et système de mise en œuvre d'accès aléatoire Download PDF

Info

Publication number
WO2016106560A1
WO2016106560A1 PCT/CN2014/095582 CN2014095582W WO2016106560A1 WO 2016106560 A1 WO2016106560 A1 WO 2016106560A1 CN 2014095582 W CN2014095582 W CN 2014095582W WO 2016106560 A1 WO2016106560 A1 WO 2016106560A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
vpn server
address
verification code
server
Prior art date
Application number
PCT/CN2014/095582
Other languages
English (en)
Chinese (zh)
Inventor
张亚军
和江涛
吴向阳
刘晓
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201480038036.7A priority Critical patent/CN105493453B/zh
Priority to PCT/CN2014/095582 priority patent/WO2016106560A1/fr
Publication of WO2016106560A1 publication Critical patent/WO2016106560A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, apparatus, and system for implementing remote access.
  • VPN Virtual Private Network
  • TP Tunneling Protocol
  • insecure network for example, the Internet
  • a company employee travels to a foreign country, it needs to access the server resources in the intranet of the enterprise headquarters. This access belongs to remote access.
  • This access belongs to remote access.
  • the foreign employees By setting up a VPN gateway in the internal network, the foreign employees connect to the Internet through the Internet after connecting to the Internet, and then enter the intranet through the VPN gateway, so that foreign employees can access the intranet resources, in order to ensure data security.
  • the communication data between the VPN gateway and the clients used by the foreign employees are encrypted.
  • IPSec Internet Protocol Security
  • IPSec Internet Protocol Security
  • IETF Internet Engineering Task Force
  • IPSec VPN exposes a Site-to-Site scenario (ie, site-to-site or gateway-to-gateway): for example, a company's headquarters and branches are distributed in two different places on the Internet, each using a VPN gateway to establish a VPN tunnel. Secure interconnection.
  • Site-to-Site scenario ie, site-to-site or gateway-to-gateway
  • a company's headquarters and branches are distributed in two different places on the Internet, each using a VPN gateway to establish a VPN tunnel. Secure interconnection.
  • the premise of this method is that it needs to be configured according to the agreed parameters on the respective VPN gateways, and the encryption algorithm, the key and the subnet are determined in advance, and the configuration and negotiation methods are complicated.
  • the object of the present invention is to provide a method, device and system for implementing remote access, which solves the problem that the configuration and negotiation mode of the VPN gateway in the existing IPSec VPN technology is complicated.
  • an embodiment of the present invention provides a method for implementing a remote access private network of a user terminal, where the method is applied to a remote access system, where the remote access system includes a VPN server and a VPN gateway in a private network.
  • the public network IP address of the VPN gateway is configured in the VPN server, and the method includes:
  • the VPN server generates a verification code message, and sends the verification code message to the VPN gateway, where the verification code message includes an identifier of the VPN server;
  • the VPN server receives the private network IP address segment and the encryption key returned by the VPN gateway, where the private network IP address segment and the encryption key are specifically verified by the VPN gateway to verify the identifier of the VPN server. After being allocated for the VPN server;
  • the VPN server performs system configuration according to the private network IP address segment and an encryption key
  • the VPN server receives a login request sent by the user terminal, allocates an IP address to the user terminal in the private network IP address segment, and transmits the data sent by the user terminal to the VPN gateway by using the encryption key.
  • the VPN server is further configured with an RSA private key, and correspondingly, the public key corresponding to the RSA private key is configured in the VPN gateway,
  • the VPN server generates a verification code message, and sending the verification code message to the VPN gateway includes:
  • the VPN server encrypts the verification code message by using the RSA private key, and sends the encrypted verification code message to the VPN gateway, so that the VPN gateway uses the RSA private key to correspond to
  • the public key decrypts the verification code message, and obtains and verifies the identifier of the VPN server.
  • the method before the VPN server sends the verification code message to the VPN gateway, the method further includes:
  • the VPN server receives a configuration instruction, and stores the RSA private key and a public network IP address of the VPN gateway.
  • the VPN server is further provided with an activation password.
  • the method further includes:
  • the VPN server verifies the activation password carried in the activation request.
  • the VPN server is configured with a filtering rule to limit
  • the port opened on the VPN server is a port used for VPN data transmission, and the open address is a public network IP address of the VPN gateway.
  • the identifier of the VPN server is a device serial number of the VPN server.
  • the activation password includes at least one of a password, a fingerprint, a palm print, or an iris.
  • an embodiment of the present invention provides another method for implementing a remote access private network of a user terminal, which is applied to a remote access system, where the remote access system includes a VPN server, a third-party authentication center, and a private network.
  • the remote access system includes a VPN server, a third-party authentication center, and a private network.
  • a VPN gateway where the VPN server is configured with a public network IP address of the VPN gateway, and the method includes:
  • the VPN server generates a verification code message, and sends the verification code message to the third-party authentication center, where The verification code message includes an identifier of the VPN server;
  • the VPN server receives the private network IP address segment and the encryption key of the VPN gateway, and the private network IP address segment and the encryption key are specifically verified by the third-party authentication center for the identifier of the VPN server. After the request, the VPN gateway is requested to be allocated to the VPN server;
  • the VPN server performs system configuration according to the private network IP address segment and an encryption key
  • the VPN server receives a login request sent by the user terminal, allocates an IP address to the user terminal in the private network IP address segment, and transmits the data sent by the user terminal to the VPN gateway by using the encryption key.
  • the VPN server is further configured with an RSA private key
  • the third-party authentication center is configured with a public corresponding to the RSA private key. key
  • the VPN server generates a verification code message, and the sending the verification code message to the third-party authentication center includes:
  • the VPN server encrypts the verification code message by using the RSA private key, and sends the encrypted verification code message to the third-party authentication center, so that the third-party authentication center uses the
  • the public key corresponding to the RSA private key decrypts the verification code packet, and obtains and verifies the identifier of the VPN server.
  • the VPN server is configured with a filtering rule to limit the open port on the VPN server to The port used for VPN data transmission and the port that interacts with the third-party authentication center, the open address is the IP address of the third-party authentication center, and the public network IP address of the VPN gateway.
  • an embodiment of the present invention provides a system for implementing a remote access private network of a user terminal, where the remote access system includes a VPN server and a VPN gateway in a private network, where the VPN server is configured with the VPN.
  • the public IP address of the gateway is configured with the public IP address of the gateway.
  • the VPN server is configured to generate a verification code message, and send the verification code message to the VPN gateway, where the verification code message includes an identifier of the VPN server;
  • the VPN gateway is configured to allocate a private network IP address segment and an encryption key to the VPN server after verifying the identifier of the VPN server, and configure the private network IP address segment and the encryption key Sent to the VPN server;
  • the VPN server is further configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, and perform system configuration according to the private network IP address segment and an encryption key;
  • the VPN server is further configured to receive a login request sent by the user terminal, allocate an IP address to the user terminal in the private network IP address segment, and transmit the user terminal to the VPN gateway by using the encryption key.
  • the VPN server is further configured with an RSA private key, and correspondingly, the public key corresponding to the RSA private key is configured in the VPN gateway.
  • the VPN server is specifically configured to encrypt the verification code message by using the RSA private key, and encrypt the encrypted message. Sending the verification code message to the VPN gateway;
  • the VPN gateway is specifically configured to decrypt the verification code packet by using a public key corresponding to the RSA private key, and obtain and verify the identifier of the VPN server.
  • the VPN server receives a configuration command, and stores the RSA private key and the public network of the VPN gateway. IP address.
  • the VPN server is further configured with an activation password.
  • the VPN server is further configured to receive and verify an activation request sent by the user terminal, where the activation request carries an activation password.
  • the VPN server is configured with a filtering rule
  • the port used for VPN data transmission is defined by the port that is open on the VPN server, and the open address is the public network IP address of the VPN gateway.
  • the embodiment of the present invention further provides a system for implementing a remote access private network of a user terminal, where the system includes a VPN server and a VPN gateway in a private network, where the VPN server is configured with the VPN gateway.
  • Public IP address
  • the VPN server is configured to generate a verification code message, and send the verification code message to the third-party authentication center, where the verification code message includes an identifier of the VPN server;
  • the VPN gateway is configured to receive a notification message that is sent by the third-party authentication center after the identity verification of the VPN server is passed, where the notification message carries the identifier of the VPN server;
  • the VPN gateway is further configured to allocate a private network IP address segment and an encryption key to the VPN server, and send the private network IP address segment and an encryption key to the VPN server;
  • the VPN server is further configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, and perform system configuration according to the private network IP address segment and an encryption key;
  • the VPN server is further configured to receive a login request sent by the user terminal, allocate an IP address to the user terminal in the private network IP address segment, and transmit the user terminal to the VPN gateway by using the encryption key.
  • the system further includes a third-party authentication center,
  • the third-party authentication center is configured to verify the identifier of the VPN server.
  • the VPN server is further configured with an RSA private key
  • the third-party authentication center is configured The public key corresponding to the RSA private key
  • the VPN server is configured to encrypt the verification code message by using the RSA private key, and send the encrypted verification code message to the third-party authentication center;
  • the third-party authentication center is configured to decrypt the verification code message by using a public key corresponding to the RSA private key, and obtain and verify the identifier of the VPN server.
  • the VPN server is configured with a filtering rule to limit the open port on the VPN server for performing VPN data transmission.
  • the port used and the port interacting with the third-party authentication center, the open address is the IP address of the third-party authentication center, and the public network IP address of the VPN gateway.
  • an embodiment of the present invention provides a VPN server that implements a remote access private network of a user terminal, where the VPN server is configured with a public network IP address of a VPN gateway in the private network.
  • a generating unit configured to generate a verification code message, where the verification code message includes an identifier of the VPN server;
  • a sending unit configured to send the verification code message generated by the generating unit to the VPN gateway;
  • a receiving unit configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, where the private network IP address segment and the encryption key are specifically configured by the VPN gateway to verify the identifier of the VPN server After being passed through for the VPN server;
  • a configuration unit configured to perform system configuration according to the private network IP address segment and the encryption key received by the receiving unit
  • the receiving unit is further configured to receive a login request sent by the user terminal;
  • a data transmission unit configured to: after the receiving unit receives the login request, allocate an IP address to the user terminal in the private network IP address segment, and use the encryption key to transmit to the VPN gateway The data sent by the user terminal.
  • the VPN server is further configured with an RSA private key
  • the generating unit is specifically configured to encrypt the verification code message by using the RSA private key
  • the sending unit is configured to send the encrypted verification code message generated by the generating unit to the VPN gateway, so that the VPN gateway uses the public key corresponding to the RSA private key to The verification code message is decrypted, and the identifier of the VPN server is obtained and verified.
  • the receiving unit is further configured to receive a configuration instruction, and store the RSA private key and a public network IP address of the VPN gateway. .
  • the receiving unit is further configured to receive an activation request sent by the user terminal, where the activation request carries the activation password;
  • the VPN server further includes an authentication unit, configured to verify the activation password carried in the activation request received by the receiving unit.
  • the embodiment of the invention provides a method, a system and a device for realizing a remote access of a user terminal to a private network.
  • an IP address of a VPN gateway in a private network is configured in a VPN server, and after the user terminal activates the VPN server, The VPN server sends a verification code message to the VPN gateway, and the VPN gateway authenticates the VPN server.
  • the VPN gateway allocates a private network address segment and an encryption key to the VPN server.
  • the VPN gateway sends the private network address segment and the encryption key to the VPN server, so that the VPN server allocates an IP address to the user terminal in the private network address segment, and uses the encryption key.
  • the key encrypts the data passed to the VPN gateway. Therefore, the user terminal accesses the intranet through the VPN server, and the above-mentioned secure encryption and authentication mechanism ensures the end-to-end security process from user access to data transmission.
  • FIG. 1 is a schematic flowchart of a method for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a system for remote access according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of another method for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of another method for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of a system for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of another system for implementing a remote access private network of a user terminal according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a VPN server for implementing a remote access private network of a user terminal according to an embodiment of the present invention
  • FIG. 9 is a schematic structural diagram of a VPN server hardware according to an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of a method for implementing a remote access private network of a user terminal according to an embodiment of the present invention.
  • the method is applied to a remote access system, where the remote access system includes a VPN server and a private network.
  • a VPN gateway in which the public IP address of the VPN gateway is configured, the method includes:
  • Step 101 The VPN server generates a verification code message, and sends the verification code message to the VPN gateway, where the verification code message includes an identifier of the VPN server.
  • Step 102 The VPN server receives a private network IP address segment and an encryption key returned by the VPN gateway, where the private network IP address segment and the encryption key are specifically used by the VPN gateway to identify the VPN server. After the verification is passed, it is allocated to the VPN server;
  • Step 103 The VPN server performs system configuration according to the private network IP address segment and an encryption key.
  • Step 104 The VPN server receives a login request sent by the user terminal, allocates an IP address to the user terminal in the private network IP address segment, and transmits the user terminal to the VPN gateway by using the encryption key. The data.
  • the VPN server is configured with the IP address of the VPN gateway in the private network.
  • the VPN server sends a verification code message to the VPN gateway, and the VPN gateway pairs the VPN.
  • the server performs authentication.
  • the VPN gateway allocates a private network address segment and an encryption key to the VPN server, and the VPN gateway sends the private network address segment and the encryption key to the VPN server. So that the VPN server allocates an IP address to the user terminal in the private network address segment, and encrypts data transmitted to the VPN gateway by using the encryption key. Therefore, the user terminal accesses the intranet through the VPN server, and the above-mentioned secure encryption and authentication mechanism ensures the end-to-end security process from user access to data transmission.
  • the RSA private key may be set in the VPN server.
  • the public key corresponding to the RSA private key is configured in the VPN gateway, so that the VPN server can use the RSA private key pair to send to the VPN.
  • the gateway's verification code message is encrypted.
  • the VPN server encrypts the verification code message by using the RSA private key, and sends the encrypted verification code message to the VPN gateway, so that the VPN gateway uses the RSA.
  • the public key corresponding to the private key decrypts the verification code message, and obtains and verifies the identifier of the VPN server.
  • the VPN server receives a configuration instruction, and stores the RSA private key and a public network IP address of the VPN gateway.
  • the user terminal When the user terminal needs to access the VPN gateway of the headquarters through the VPN server, the user terminal sends an activation request to the VPN server, where the activation request carries the activation password; and the VPN server verifies the activation carried in the activation request.
  • a password, the activation password including at least one of a password, a fingerprint, a palm print, or an iris.
  • the identifier of the VPN server is a device serial number of the VPN server.
  • FIG. 2 is a schematic structural diagram of a system for remote access according to an embodiment of the present invention.
  • a user terminal is connected to a public network through a VPN server, and then connected to a VPN gateway of an internal private network of the enterprise, through a VPN gateway and an intranet. get on data transmission.
  • the VPN server presets the parameters for connecting to the headquarters, including the public IP address of the headquarters, and further includes the private key required for channel encryption and the activation password.
  • the VPN server itself provides wireless and wired access capabilities, and can perform MAC address filtering on the accessed terminals.
  • the user terminal accesses the VPN server to access the headquarters through the high-security authentication mode (WPA2). After the VPN server is activated, it will automatically interact with the VPN gateway at the headquarters to implement identity authentication, configuration negotiation, and automatic configuration. Each time the VPN server starts a new connection or changes its IP address, it needs to be reactivated to provide the service.
  • WPA2 high-security authentication mode
  • the VPN server Before the user terminal performs remote access through the VPN server, the VPN server needs to be initially configured to achieve the available purposes. Specifically, in a real-life scenario, the employee may apply for a VPN server to the headquarters before the employee travels, and the initial configuration of the VPN server may be performed by the headquarters IT manager.
  • the initial configuration may include the following:
  • the shared RSA private key is written in the VPN server by the dedicated device, and the public key corresponding to the RSA is stored in the headquarters system, and the RSA private key can be stored in the chip of the VPN server, so that the external system cannot be Read to
  • the activation password is set on the VPN server, and the activation password may be a password, a fingerprint, a palm print, an iris, or the like, which is not limited by the embodiment of the present invention
  • Open the qualified port and address on the VPN server For example, open only the port (500 or 4500) used for VPN data transmission and the public IP address of the VPN gateway on the VPN server.
  • the filtering rule can be set on the VPN server, and the filtering rule is for the IP address and the port, so that the VPN server can only access the VPN gateway and cannot access other public network addresses.
  • the third-party authentication center is responsible for verifying the VPN server, it is also required to set a filtering rule on the VPN server to limit the open port on the VPN server for VPN data transmission.
  • the port and the port interacting with the third-party authentication center, the open address are the IP address of the third-party authentication center, and the public network IP address of the VPN gateway.
  • the embodiment of the invention provides a VPN server, and the remote terminal accesses the VPN gateway of the intranet through the VPN server, so as to provide a simple, secure and convenient plug-and-play VPN service for the mobile office.
  • a schematic flowchart of a method for implementing a remote access private network of a user terminal includes:
  • Step 301 Connect the VPN server to the Internet, and start the VPN server.
  • the VPN server obtains a public network IP address. Specifically, it can be configured through static manual configuration, Dynamic Host Configuration Protocol (DHCP), or Ethernet.
  • DHCP Dynamic Host Configuration Protocol
  • Ethernet A public IP address is obtained by means of a point-to-point protocol over Ethernet (PPOE).
  • PPOE point-to-point protocol over Ethernet
  • Step 302 The user sends an activation request to the VPN server through the user terminal, so that the VPN server performs legality verification on the user.
  • the user can activate the VPN server by inputting an activation password, scanning a fingerprint, or a palm print according to the activation mode set by the VPN server.
  • This embodiment of the present invention does not limit this.
  • Step 303 The VPN server generates an authentication message, where the authentication message includes a verification code message, and the content of the message is a device serial number of the VPN server, and the VPN server encrypts the verification code message in the authentication message by using a preset RSA private key. And signing, sending an authentication message to the VPN gateway of the headquarters;
  • Step 304 The VPN gateway of the headquarters receives the authentication message, and after obtaining the encrypted verification code message, decrypts the verification code message by using the public key corresponding to the RSA private key stored in advance, and decrypts the obtained device.
  • the serial number is verified to determine whether the device serial number is registered in the system. If the device device serial number is known and the device has not been registered in the system, the verification is passed.
  • Step 305 After the verification is completed, the VPN gateway of the headquarters allocates an IP address segment of the private network to the VPN server, and an encryption key for subsequent VPN transmission, and the encryption key may be a symmetric key.
  • Step 306 The VPN gateway of the headquarters encrypts and signs the private network IP address segment and the encryption key by using the RSA public key, and carries the encrypted private network IP address segment and the encryption key in the authentication response message and sends the message to the VPN. server;
  • Step 307 The VPN server decrypts the packet in the received authentication response message, and obtains a private network IP address segment and an encryption key allocated by the VPN gateway to the VPN server.
  • Step 308 The VPN server automatically performs VPN configuration according to the received private network IP address segment and the encryption key.
  • Step 309 The user accesses the VPN server through the user terminal, and the VPN server performs legality verification on the access user. After the verification is passed, the user terminal allocates an IP address in the private network IP address segment.
  • the user can access the VPN server through the high-security authentication mode (WPA2) of the user terminal, and start to access the data of the headquarters.
  • WPA2 high-security authentication mode
  • the VPN server authenticates the connection validity of the password in the access mode.
  • Step 310 The user terminal and the headquarters VPN gateway use the standard IPSec VPN protocol for data interaction, and use Data Encryption Standard (DES) to encrypt data.
  • DES Data Encryption Standard
  • the VPN server in the initial configuration, is configured with the IP address of the VPN gateway in the private network.
  • the VPN server sends the verification code message to the VPN gateway.
  • the VPN server authenticates the VPN server.
  • the VPN gateway allocates a private network address segment and an encryption key to the VPN server, and the VPN gateway uses the private network address segment and the encryption key.
  • the third-party authentication center is The entire system is provided with Specific vendor-independent authentication services and a unified VPN device delivery service.
  • the third-party authentication center provides the initial configuration for the VPN server.
  • the third-party authentication center authenticates the VPN server accordingly. After the initial configuration of the VPN server, the user remotely accesses the intranet through the VPN server.
  • the method includes:
  • Step 401 The VPN server is connected to the Internet and obtains a public network IP address.
  • the public network IP address is obtained by static manual configuration, DHCP, or PPOE.
  • Step 402 The user sends an activation request to the VPN server through the user terminal, so that the VPN server performs legality verification on the user.
  • the user can activate the VPN server by inputting an activation password, scanning a fingerprint, or a palm print according to the activation mode set by the VPN server.
  • This embodiment of the present invention does not limit this.
  • Step 403 The VPN server generates an authentication message, where the authentication message includes a verification code message, and the content of the message is a device serial number of the VPN server, and the VPN server uses the preset RSA private key to encrypt the verification code message in the authentication message. And signing, sending the encrypted verification code message to the third-party authentication center;
  • Step 404 The third-party authentication center receives the authentication message, and after obtaining the encrypted verification code message, decrypts the encrypted verification code message by using the public key corresponding to the RSA private key stored in advance, and decrypts the encrypted verification code message.
  • the obtained device serial number is checked to determine whether the device serial number is registered in the system. If the device device serial number is a known unregistered device, the verification is passed.
  • Step 405 After the verification is passed, the third-party authentication center sends a notification message to the VPN gateway of the headquarters, where the notification message carries the identifier and IP address information of the VPN server.
  • Step 406 The VPN gateway of the headquarters allocates an IP address segment of the private network to the VPN server, and an encryption key for subsequent VPN transmission.
  • the encryption key may be a symmetric key.
  • Step 407 The VPN gateway of the headquarters encrypts and signs the private network IP address segment and the encryption key by using the RSA public key, and carries the encrypted private network IP address segment and the encryption key in the distribution message and sends the message to the VPN server. ;
  • Step 408 The VPN server decrypts the received distribution message, and obtains a private network IP address segment and an encryption key allocated by the VPN gateway to the VPN server.
  • Step 409 The VPN server automatically performs VPN configuration according to the received private network IP address segment and the encryption key.
  • Step 410 The user accesses the VPN server through the user terminal, and the VPN server performs legality verification on the access user. After the verification is passed, the user terminal allocates an IP address in the private network IP address segment.
  • the user can access the VPN server through the high-security authentication mode (WPA2) of the user terminal, and start to access the data of the headquarters.
  • WPA2 high-security authentication mode
  • the VPN server authenticates the connection validity of the password in the access mode.
  • Step 411 The user terminal communicates with the VPN gateway of the headquarters using a standard IPSec VPN protocol, and uses Data Encryption Standard (DES) to encrypt data.
  • DES Data Encryption Standard
  • the VPN server performs activation password verification to determine whether the user has the qualification to activate the VPN server.
  • the VPN server performs user identity verification to determine whether the user has the user authentication. Qualification of accessing intranet data through the VPN server.
  • the embodiment of the present invention provides a secure and convenient remote access mode.
  • the third-party authentication center serves as the management center of the VPN server, and the IP address of the third-party authentication center is pre-configured in the VPN server, and the user accesses through the VPN server.
  • the VPN server is connected to the third-party authentication center to perform VPN server authentication.
  • the third-party authentication center applies to the VPN gateway of the headquarters to allocate a private network address segment to the VPN server.
  • the encryption key the VPN gateway sends the private network address segment and the encryption key to the VPN server, so that the VPN server allocates an IP address to the user terminal in the private network address segment, and utilizes
  • the encryption key encrypts data passed to the VPN gateway. Therefore, the user terminal accesses the intranet through the VPN server, and the above-mentioned secure encryption and authentication mechanism ensures the end-to-end security process from user access to data transmission.
  • the embodiment of the present invention further provides another schematic diagram of a method for implementing a remote access private network of a user terminal, where the method is applied to a remote access system, where the remote access system includes a VPN server and a third party.
  • a public network IP address of the VPN gateway is configured in the authentication center and the VPN gateway in the private network, and the method includes:
  • Step 501 The VPN server generates a verification code message, and sends the verification code message to the third-party authentication center, where the verification code message includes an identifier of the VPN server.
  • Step 502 The VPN server receives the VPN gateway to return a private network IP address segment and an encryption key, where the private network IP address segment and the encryption key are specifically the identifier of the third-party authentication center in the VPN server. After the verification is passed, requesting the VPN gateway to allocate the VPN server;
  • Step 503 The VPN server performs system configuration according to the private network IP address segment and the encryption key.
  • Step 504 The VPN server receives a login request sent by the user terminal, allocates an IP address to the user terminal in the private network IP address segment, and transmits the user terminal to the VPN gateway by using the encryption key.
  • the data The data.
  • the third-party authentication center checks the VPN server. After the verification is passed, the VPN gateway of the private network allocates the private network IP address segment and the encryption key to the VPN server. a key, such that when the user terminal accesses the private network through the VPN server, the VPN server can assign the IP address in the private network IP address segment to the user terminal, and use the encryption key to transmit to the VPN gateway.
  • the data sent by the user terminal is described, thereby realizing the transmission of user data to the private network.
  • the VPN server is further configured with an RSA private key, and correspondingly, the third-party authentication center is configured. There is a public key corresponding to the RSA private key,
  • the VPN server encrypts the verification code message by using the RSA private key, and sends the encrypted verification code message to the third-party authentication center, so that the third-party authentication center uses the
  • the public key corresponding to the RSA private key decrypts the verification code packet, and obtains and verifies the identifier of the VPN server.
  • a filtering rule may be set in the VPN server to limit a port opened on the VPN server to a port used for VPN data transmission, and
  • the port interacted by the third-party authentication center, the open address is the IP address of the third-party authentication center, and the public network IP address of the VPN gateway.
  • the embodiment of the present invention further provides a system structure for implementing a remote access private network of a user terminal.
  • the remote access system includes a VPN server 601 and a private network.
  • a VPN gateway 602 wherein the VPN server 601 is configured with a public network IP address of the VPN gateway 602.
  • the VPN server 601 is configured to generate a verification code message, and send the verification code message to the VPN gateway 602, where the verification code message includes an identifier of the VPN server 601.
  • the VPN gateway 602 is configured to allocate a private network IP address segment and an encryption key to the VPN server 601 after verifying the identifier of the VPN server 601, and configure the private network IP address segment and Sending an encryption key to the VPN server 601;
  • the VPN server 601 is further configured to receive a private network IP address segment and an encryption key returned by the VPN gateway 602, and perform system configuration according to the private network IP address segment and an encryption key;
  • the VPN server 601 is further configured to receive a login request sent by the user terminal, allocate an IP address to the user terminal in the private network IP address segment, and transmit the identifier to the VPN gateway 602 by using the encryption key. The data sent by the user terminal.
  • the VPN server 601 is further configured with an RSA private key
  • the VPN gateway 602 is configured with a public key corresponding to the RSA private key.
  • the VPN server 601 is specifically configured to use the RSA private key to encrypt the verification code message, and send the encrypted verification code message to the VPN gateway 602;
  • the VPN gateway 602 is specifically configured to decrypt the verification code message by using a public key corresponding to the RSA private key, and obtain and verify the identifier of the VPN server 601.
  • the VPN server 601 is further configured to receive a configuration command, and store the RSA private key and a public network IP address of the VPN gateway 602.
  • the VPN server 601 is further provided with an activation password, and the VPN server 601 is further configured to receive and verify. An activation request sent by the user terminal, where the activation request carries an activation password.
  • the VPN server 601 is configured with a filtering rule to limit the port opened on the VPN server 601 to a port used for VPN data transmission, and the open address is a public network IP address of the VPN gateway 602.
  • the embodiment of the present invention further provides another system structure for implementing a remote access private network of a user terminal.
  • the system includes a VPN server 701 and a VPN gateway 702 in a private network.
  • the public network IP address of the VPN gateway 702 is configured in the VPN server 701.
  • the VPN server 701 is configured to generate a verification code message, and send the verification code message to the third-party authentication center, where the verification code message includes an identifier of the VPN server 701.
  • the VPN gateway 702 is configured to receive a notification message that is sent by the third-party authentication center after the identifier verification of the VPN server 701 is passed, where the notification message carries the identifier of the VPN server 701.
  • the VPN gateway 702 is further configured to allocate a private network IP address segment and an encryption key to the VPN server 701, and send the private network IP address segment and an encryption key to the VPN server 701;
  • the VPN server 701 is further configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, and perform system configuration according to the private network IP address segment and an encryption key;
  • the VPN server 701 is further configured to receive a login request sent by the user terminal, allocate an IP address to the user terminal in the private network IP address segment, and transmit the identifier to the VPN gateway 702 by using the encryption key. The data sent by the user terminal.
  • system further includes a third-party authentication center 703, and the third-party authentication center 703 is configured to check the identifier of the VPN server 701.
  • the VPN server 701 is further configured with an RSA private key, and correspondingly, the third-party authentication center 703 is configured with a public key corresponding to the RSA private key.
  • the VPN server 701 is specifically configured to encrypt the verification code message by using the RSA private key, and send the encrypted verification code message to the third-party authentication center 703;
  • the third-party authentication center 703 is specifically configured to decrypt the verification code message by using a public key corresponding to the RSA private key, and obtain and verify the identifier of the VPN server 701.
  • the VPN server 701 is further configured to receive a configuration command, and store the RSA private key and a public network IP address of the VPN gateway.
  • the VPN server 701 is further provided with an activation password.
  • the VPN server 701 is further configured to receive and verify an activation request sent by the user terminal, where the activation request carries an activation password.
  • a filtering rule is set in the VPN server 701 to limit the open port on the VPN server 701.
  • the port used for the VPN data transmission and the open address are the public network IP address of the VPN gateway 702.
  • a VPN server for implementing a remote access private network of a user terminal is provided in an embodiment of the present invention, where the VPN server is configured with a public network IP address of a VPN gateway in the private network.
  • a generating unit 801 configured to generate a verification code message, where the verification code message includes an identifier of the VPN server;
  • the sending unit 802 is configured to send the verification code message generated by the generating unit 801 to the VPN gateway;
  • the receiving unit 803 is configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, where the private network IP address segment and the encryption key are specifically configured by the VPN gateway to identify the VPN server. After the verification is passed, it is allocated for the VPN server;
  • the configuration unit 804 is configured to perform system configuration according to the private network IP address segment and the encryption key received by the receiving unit 803;
  • the receiving unit 803 is further configured to receive a login request sent by the user terminal;
  • a data transmission unit 805, configured to: after the receiving unit 803 receives the login request, allocate an IP address to the user terminal in the private network IP address segment, and use the encryption key to the VPN gateway. Transmitting data transmitted by the user terminal.
  • the RSA private key is also configured in the VPN server.
  • the generating unit 801 is specifically configured to encrypt the verification code message by using the RSA private key.
  • the sending unit 802 is specifically configured to send the encrypted verification code message generated by the generating unit 801 to the VPN gateway, so that the VPN gateway uses a public key pair corresponding to the RSA private key.
  • the verification code message is decrypted, and the identifier of the VPN server is obtained and verified.
  • the receiving unit 803 is further configured to receive a configuration instruction, and store the RSA private key and a public network IP address of the VPN gateway.
  • the receiving unit 803 is further configured to receive an activation request sent by the user terminal, where the activation request carries the activation password;
  • the VPN server further includes an authentication unit 806, configured to verify the activation password carried in the activation request received by the receiving unit 803.
  • the embodiment of the present invention further provides a VPN server, as shown in FIG. 9, comprising: a receiver 901, a transmitter 902, a processor 903, and a memory 904; wherein the memory 904 can be applied to storage of various configuration information in an initial configuration process. . specific,
  • the memory 904 is configured to store a public network IP address of a VPN gateway in the private network
  • the processor 903 is configured to generate a verification code message, where the verification code message includes an identifier of the VPN server;
  • the transmitter 902 is configured to send the verification code message generated by the processor 903 to the VPN gateway;
  • the receiver 901 is configured to receive a private network IP address segment and an encryption key returned by the VPN gateway, and receive a login request sent by the user terminal, where the private network IP address segment and the encryption key are specifically the VPN gateway. After the verification of the identifier of the VPN server is performed, the VPN server is allocated;
  • the processor 903 is further configured to perform system configuration according to the private network IP address segment and the encryption key received by the receiver 901, and allocate an IP address to the user terminal in the private network IP address segment. Transmitting, by the encryption key, data sent by the user terminal to the VPN gateway.
  • the processor 903 is specifically configured to encrypt the verification code message by using the RSA private key.
  • the transmitter 902 is specifically configured to send the encrypted verification code message generated by the processor 903 to the VPN gateway, so that the VPN gateway uses a public key pair corresponding to the RSA private key.
  • the verification code message is decrypted, and the identifier of the VPN server is obtained and verified.
  • the receiver 901 is further configured to receive a configuration instruction, where the configuration command includes the RSA private key and a public network IP address of the VPN gateway.
  • the receiver 901 is further configured to receive an activation request sent by the user terminal, where the activation request carries the activation password;
  • the processor 903 is further configured to verify the activation password carried in the activation request received by the receiver 901.
  • the VPN server in the initial configuration, is configured with the IP address of the VPN gateway in the private network.
  • the VPN server sends the verification code message to the VPN gateway.
  • the VPN server authenticates the VPN server.
  • the VPN gateway allocates a private network address segment and an encryption key to the VPN server, and the VPN gateway uses the private network address segment and the encryption key.
  • each embodiment in this specification is described in a progressive manner, and the embodiments are the same. Similar parts can be referred to each other, and each embodiment focuses on differences from other embodiments.
  • the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
  • the apparatus and system embodiments described above are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé, un système et un dispositif pour permettre à un terminal utilisateur d'avoir accès à un réseau privé à distance. Durant une configuration initiale, une adresse IP d'une passerelle VPN dans un réseau privé est configurée dans un serveur VPN ; et lorsqu'un terminal utilisateur active le serveur VPN, le serveur VPN envoie un message de code de vérification à la passerelle VPN, la passerelle VPN authentifie le serveur VPN, après que l'authentification est réussie, la passerelle VPN attribue un champ d'adresse de réseau privé et une clé de chiffrement pour le serveur VPN, et la passerelle VPN envoie le champ d'adresse de réseau privé et la clé de chiffrement au serveur VPN, de telle sorte que le serveur VPN attribue l'adresse IP pour le terminal utilisateur dans le champ d'adresse de réseau privé, et des données transférées à la passerelle VPN sont chiffrées par utilisation de la clé de chiffrement. Ainsi, le terminal utilisateur peut avoir accès à un Intranet d'entreprise par l'intermédiaire du serveur VPN, et un flux de sécurité de bout en bout d'un accès d'utilisateur à une transmission de données est garanti au moyen du mécanisme de chiffrement et d'authentification sécurisé susmentionné.
PCT/CN2014/095582 2014-12-30 2014-12-30 Procédé, dispositif et système de mise en œuvre d'accès aléatoire WO2016106560A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201480038036.7A CN105493453B (zh) 2014-12-30 2014-12-30 一种实现远程接入的方法、装置及系统
PCT/CN2014/095582 WO2016106560A1 (fr) 2014-12-30 2014-12-30 Procédé, dispositif et système de mise en œuvre d'accès aléatoire

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/095582 WO2016106560A1 (fr) 2014-12-30 2014-12-30 Procédé, dispositif et système de mise en œuvre d'accès aléatoire

Publications (1)

Publication Number Publication Date
WO2016106560A1 true WO2016106560A1 (fr) 2016-07-07

Family

ID=55678513

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095582 WO2016106560A1 (fr) 2014-12-30 2014-12-30 Procédé, dispositif et système de mise en œuvre d'accès aléatoire

Country Status (2)

Country Link
CN (1) CN105493453B (fr)
WO (1) WO2016106560A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106937278A (zh) * 2017-05-09 2017-07-07 深圳市乃斯网络科技有限公司 移动终端设备自动获取ip方法及系统
CN111935213A (zh) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 一种基于分布式的可信认证虚拟组网系统及方法
CN112351040A (zh) * 2020-11-10 2021-02-09 宏图智能物流股份有限公司 一种应用于物流网络的网络请求有效性验证方法
CN114244762A (zh) * 2021-12-14 2022-03-25 乾讯信息技术(无锡)有限公司 基于无ip地址的网络vpn密码机的实现方法
CN114900374A (zh) * 2022-07-13 2022-08-12 深圳市乙辰科技股份有限公司 一种智能化异地的网络资源互通部署方法、系统及云平台
CN116055220A (zh) * 2023-03-20 2023-05-02 睿至科技集团有限公司 一种物联网终端安全防护管控方法及系统
CN116318876A (zh) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统及其运行方法

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130864B (zh) * 2016-07-06 2019-02-26 北京国电通网络技术有限公司 一种基于vpn的私有云接入方法和装置
CN106330653A (zh) * 2016-08-30 2017-01-11 成都极玩网络技术有限公司 基于轻量级安全虚拟专用网的智能分流网关
CN107135219B (zh) * 2017-05-05 2020-04-28 四川长虹电器股份有限公司 一种物联网信息安全传输方法
CN109495362B (zh) * 2018-12-25 2020-12-11 新华三技术有限公司 一种接入认证方法及装置
CN110278181B (zh) * 2019-01-29 2021-09-17 广州金越软件技术有限公司 一种关于跨网数据交换的即时协议转换系统
CN111538781B (zh) * 2020-04-13 2023-01-13 深圳创客区块链技术有限公司 区块链跨链密钥安全访问的方法、装置及存储介质
CN113645115B (zh) * 2020-04-27 2023-04-07 中国电信股份有限公司 虚拟专用网络接入方法和系统
CN114124584B (zh) * 2022-01-28 2022-05-17 卓望数码技术(深圳)有限公司 远程接入办公网络的方法、装置、系统、接网设备及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149899A1 (en) * 1999-01-29 2003-08-07 International Business Machines Corporation System and method for network address translation integration with IP security
JP2008199497A (ja) * 2007-02-15 2008-08-28 Nippon Telegr & Teleph Corp <Ntt> ゲートウェイ装置および認証処理方法
CN101820344A (zh) * 2010-03-23 2010-09-01 中国电信股份有限公司 Aaa服务器、家庭网络接入方法和系统
CN102571817A (zh) * 2012-02-15 2012-07-11 华为技术有限公司 访问应用服务器的方法及装置
CN102984045A (zh) * 2012-12-05 2013-03-20 网神信息技术(北京)股份有限公司 虚拟专用网的接入方法及虚拟专用网客户端

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1643691B1 (fr) * 2003-07-04 2007-12-05 Nippon Telegraph and Telephone Corporation Procede de mediation dans un rpv a acces a distance et dispositif de mediation
CN1581805A (zh) * 2004-05-17 2005-02-16 深圳市深信服电子科技有限公司 Vpn客户端安全策略交换和存储方法
CN102255920A (zh) * 2011-08-24 2011-11-23 杭州华三通信技术有限公司 一种vpn配置信息的发送方法和设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149899A1 (en) * 1999-01-29 2003-08-07 International Business Machines Corporation System and method for network address translation integration with IP security
JP2008199497A (ja) * 2007-02-15 2008-08-28 Nippon Telegr & Teleph Corp <Ntt> ゲートウェイ装置および認証処理方法
CN101820344A (zh) * 2010-03-23 2010-09-01 中国电信股份有限公司 Aaa服务器、家庭网络接入方法和系统
CN102571817A (zh) * 2012-02-15 2012-07-11 华为技术有限公司 访问应用服务器的方法及装置
CN102984045A (zh) * 2012-12-05 2013-03-20 网神信息技术(北京)股份有限公司 虚拟专用网的接入方法及虚拟专用网客户端

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106937278A (zh) * 2017-05-09 2017-07-07 深圳市乃斯网络科技有限公司 移动终端设备自动获取ip方法及系统
CN111935213A (zh) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 一种基于分布式的可信认证虚拟组网系统及方法
CN111935213B (zh) * 2020-06-29 2023-07-04 杭州创谐信息技术股份有限公司 一种基于分布式的可信认证虚拟组网系统及方法
CN112351040A (zh) * 2020-11-10 2021-02-09 宏图智能物流股份有限公司 一种应用于物流网络的网络请求有效性验证方法
CN112351040B (zh) * 2020-11-10 2022-07-29 宏图智能物流股份有限公司 一种应用于物流网络的网络请求有效性验证方法
CN114244762A (zh) * 2021-12-14 2022-03-25 乾讯信息技术(无锡)有限公司 基于无ip地址的网络vpn密码机的实现方法
CN114900374A (zh) * 2022-07-13 2022-08-12 深圳市乙辰科技股份有限公司 一种智能化异地的网络资源互通部署方法、系统及云平台
CN116318876A (zh) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统及其运行方法
CN116318876B (zh) * 2023-02-16 2023-09-12 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统
CN116055220A (zh) * 2023-03-20 2023-05-02 睿至科技集团有限公司 一种物联网终端安全防护管控方法及系统

Also Published As

Publication number Publication date
CN105493453A (zh) 2016-04-13
CN105493453B (zh) 2019-02-01

Similar Documents

Publication Publication Date Title
WO2016106560A1 (fr) Procédé, dispositif et système de mise en œuvre d&#39;accès aléatoire
TWI756439B (zh) 入網認證方法、裝置及系統
CN107040922B (zh) 无线网络连接方法、装置及系统
US9306911B2 (en) Credentials management in large scale virtual private network deployment
JP2020080530A (ja) データ処理方法、装置、端末及びアクセスポイントコンピュータ
CN108881308B (zh) 一种用户终端及其认证方法、系统、介质
TW201706900A (zh) 終端的認證處理、認證方法及裝置、系統
US20170126623A1 (en) Protected Subnet Interconnect
WO2021109963A1 (fr) Procédé de configuration de sécurité initiale, module de sécurité et terminal
CN1658547B (zh) 密钥分发方法
WO2013166696A1 (fr) Procédé de transmission de données, système et dispositif associés
WO2021109967A1 (fr) Procédé de configuration initiale et dispositif terminal
US20070086462A1 (en) Dynamic tunnel construction method for securely accessing to a private LAN and apparatus therefor
CN106535089B (zh) 机器对机器虚拟私有网络
CN102231725A (zh) 一种动态主机配置协议报文的认证方法、设备及系统
CN103391286A (zh) 一种应用于全ip远程监控网络系统及安全认证方法
US20230336529A1 (en) Enhanced privacy preserving access to a vpn service
US11870760B2 (en) Secure virtual personalized network
WO2009082950A1 (fr) Procédé, dispositif et système de distribution de clés
CN110519259B (zh) 云平台对象间通讯加密配置方法、装置及可读存储介质
CN112583599B (zh) 通信方法及装置
TWI537744B (zh) 不利用公用雲端型路由伺服器之私有雲端路由伺服器、私有網路服務及智慧型裝置客戶端架構
WO2014201783A1 (fr) Procédé, système et terminal de chiffrement et d&#39;authentification pour un réseau ad hoc
WO2012116633A1 (fr) Procédé d&#39;authentification dhcp, serveur dhcp et terminal client
WO2023240587A1 (fr) Procédé et appareil de configuration de permissions de dispositif, et dispositif terminal

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480038036.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14909372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14909372

Country of ref document: EP

Kind code of ref document: A1