WO2019088671A1 - Procédé de fourniture de service de sécurité de réseau et appareil pour cela - Google Patents
Procédé de fourniture de service de sécurité de réseau et appareil pour cela Download PDFInfo
- Publication number
- WO2019088671A1 WO2019088671A1 PCT/KR2018/013037 KR2018013037W WO2019088671A1 WO 2019088671 A1 WO2019088671 A1 WO 2019088671A1 KR 2018013037 W KR2018013037 W KR 2018013037W WO 2019088671 A1 WO2019088671 A1 WO 2019088671A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- nsf
- security
- management system
- i2nsf
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Definitions
- the present invention relates to a system, method and apparatus for providing a network security service, and more particularly, to an information model for a registration interface of network security functions (NSF) in an I2NSF (Interface to Network Security Functions) And a data model.
- NSF network security functions
- I2NSF Interface to Network Security Functions
- a method performed by a security controller includes: Transmitting an instantiation request message for the NSF to the developer's management system; And receiving from the developer management system a registration message indicating the registration of an NSF instance for the required NSF in response to the request message, May be generated by the management system.
- the NSF instance generated by the developer management system is consistent with the capability information or the signature and the NSF based on a predetermined information model.
- the method further comprises transmitting a de-instantiation request message to the developer management system for an unnecessary NSF in the security management system, wherein the NSF instance corresponding to the reverse instantiation request message is sent to the developer management system And then deleted.
- the registration message includes NSF capability information indicating security capabilities of the NSF instance, NSF access information used for network access to a new instance, or a role assigned to an entity And NSF role-based Access Control List (ACL) information that specifies an NSF's access policy to determine whether to allow entity access to the NSF.
- NSF capability information indicating security capabilities of the NSF instance
- NSF access information used for network access to a new instance or a role assigned to an entity And NSF role-based Access Control List (ACL) information that specifies an NSF's access policy to determine whether to allow entity access to the NSF.
- ACL Access Control List
- the NSF capability information includes at least one of a Network-Security Capabilities field, a Content-Security Capabilities field, an Attack Mitigation Capabilities field, or performance capabilities. .
- the performance capability may include processing information and bandwidth information.
- a security controller for managing a network security function (NSF) through a registration interface, comprising: a communication unit for wirelessly or wiredly communicating with an external device; And a processor operatively connected to the communication unit, wherein the processor transmits an instantiation request message for the NSF required for the security management system to a developer's management system, From the developer management system, a registration message indicating the registration of an NSF instance for the required NSF in response to the instantiation request message, wherein the NSF instance can be generated by the developer management system based on the instantiation request message.
- NSF network security function
- I2NSF Interface to Network Security Functions
- the elements of the I2NSF framework can exchange NSF capability sets in a standardized manner.
- FIG. 1 illustrates an I2NSF (Interface to Network Security Functions) system according to an embodiment of the present invention.
- I2NSF Interface to Network Security Functions
- FIG. 2 illustrates the architecture of an I2NSF system according to another embodiment of the present invention.
- FIG. 5 is a diagram illustrating an instance management sub-model according to an embodiment of the present invention.
- FIG. 6 is a diagram illustrating a registration sub-model according to an embodiment of the present invention.
- FIG. 7 is a diagram illustrating an NSF profile, in accordance with one embodiment of the present invention.
- FIG. 8 is a diagram schematically showing performance capability information according to an embodiment of the present invention.
- FIGS. 9 and 10 are views illustrating a Role-based Access Control List (ACL) according to an embodiment of the present invention.
- ACL Role-based Access Control List
- FIG. 11 is a diagram illustrating a high-level YANG data model of a registration interface according to an embodiment of the present invention.
- FIG. 14 is a diagram illustrating a high-level YANG data model of NSF capability information according to an embodiment of the present invention.
- 15 is a diagram illustrating a high-level YANG data model of NSF access information according to an embodiment of the present invention.
- 16 is a diagram illustrating a high-level YANG data model of an NSF performance capability according to an embodiment of the present invention.
- 17 is a diagram illustrating a high level YANG data model of a role based ACL according to an embodiment of the present invention.
- FIG. 18 is a diagram illustrating a data model of an I2NSF registration interface according to an embodiment of the present invention.
- 19 is a diagram illustrating XML output for a registration interface according to an embodiment of the present invention.
- FIG. 20 illustrates a block diagram of a network device according to an embodiment of the present invention.
- NFV Network Functions Virtualization
- I2NSF Interface to Network Security Functions
- the purpose of the I2NSF is to define a standardized interface for a heterogeneous network security function (NSF) provided by a number of security solution vendors.
- NSF network security function
- the present specification also proposes a security management architecture based on the I2NSF framework.
- the security management architecture may include an I2NSF user, a Security Management System, and / or the instance (s) of the NSF (s) in the lowest layer of the framework.
- the security management system may include a security controller and a developer's management system.
- the security controller may include a Security Policy Manager and an NSF Capability Manager.
- the present specification also proposes a data model for performing a mission for security services (e.g., VoIP-VoLTE) in the I2NSF security management system.
- a mission for security services e.g., VoIP-VoLTE
- Application Logic A component of the security management architecture that creates a user perspective security policy to block or mitigate security attacks.
- the user perspective policy is retrieved from the application logic.
- - Security Policy Manager A component that maps user-perspective security policies received from the policy updater to lower-level security policies and vice versa.
- NSF Capability Manager A component that stores the NSF capabilities registered by the developer management system via the registration interface and shares it with the Security Policy Manager to create a corresponding low-level security policy.
- Event Collector A component that receives events from a security controller, used to update (or create) a user perspective policy in the application logic.
- NSF Network security function
- the NSF may operate in various layers of various protocol stacks (e.g., a network layer or another Open System Interconnection (OSI) layer, etc.).
- OSI Open System Interconnection
- an NSF a firewall, an Intrusion Prevention System (IPS) / Intrusion Detection System (IDS), a Deep Packet Inspection (DPI) Application Visibility and Control (AVC), Network Virus and Malware Scanning, Sandbox, Data Loss Prevention (DLP), Distribute Denial of Service (DDoS) Mitigation, Transport Layer Security (TLS) proxies, anti-spoofing, and the like.
- IPS Intrusion Prevention System
- IDDS Intrusion Detection System
- DPI Deep Packet Inspection
- AVC Application Visibility and Control
- Sandbox Sandbox
- DLP Data Loss Prevention
- DLP Distribute Denial of Service
- TLS Transport Layer Security
- the architecture / framework of the I2NSF system and the respective components of the I2NSF system will be described. It also demonstrates how the I2NSF facilitates the implementation of security functions in a technology- and vendor-independent manner in Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) environments, ).
- SDN Software-Defined Networking
- NFV Network Functions Virtualization
- the I2NSF framework is used by a user (e.g., an application, an overlay or a cloud network management system, or an enterprise network manager or management system) of the I2NSF system to inform the I2NFS system which traffic (or traffic pattern) Requires a standard interface.
- the I2NSF system can recognize this standard interface as a set of security rules for monitoring and controlling the behavior of different traffic.
- the I2NSF framework also provides a standard interface for monitoring flow-based security functions where users are hosted and managed by different administrative domains.
- FIG. 1 illustrates an I2NSF (Interface to Network Security Functions) system according to an embodiment of the present invention.
- I2NSF Interface to Network Security Functions
- the I2NSF user communicates with the network operations management system through the I2NSF Consumer-Facing Interface.
- the network operations management system communicates with the NSF (s) through the I2NSF NSF-Facing Interface (I2NSF).
- the developer management system communicates with the network operations management system through the I2NSF registration interface.
- the I2NSF user may request information (e.g., NSF information) from another I2NSF component (e.g., a network operations management system) and / or a security service provided by another I2NSF component (e.g., developer management system) Service). ≪ / RTI >
- an I2NSF user may be an overlay network management system, an enterprise network manager system, another network domain administrator, and so on.
- the I2NSF user may be referred to as an I2NSF client.
- I2NSF consumer An entity that performs a role assigned to this I2NSF user component may be referred to as an I2NSF consumer.
- An example of an I2NSF consumer is the need to dynamically inform the underlay network to allow, rate-limit, or deny flow based on a particular field of a packet during a time span
- a video-conference network manager, enterprise network administrators and management systems that need to request a provider network to enforce specific I2NSF policies for a particular flow
- An IoT management system (IoT management system) that sends a request to an underlay network to block flows that match a set of specific conditions.
- I2NSF users can create and deploy high-level security policies. Specifically, I2NSF users need to use network security services to protect network traffic from a variety of malicious attacks. To request this security service, the I2NSF user can create a high-level security policy for the desired security service and notify the network operation management system thereof.
- the I2NSF user considers the type of NSF (s) required to implement the security policy rule configuration for each NSF (s) or security policy rule configuration I can not.
- One of the key roles of a network operations management system is to translate high-level security policies (or policy rules) from I2NSF users into low-level security policy rules for specific NSF (s) ).
- the network operations management system may first determine the type of NSF (s) required to enforce the policies required by the I2NSF user.
- the network operations management system may then create a low-level security policy for each required NSF (s).
- the network operations management system may set the generated lower level security policy to each NSF (s).
- I2NSF NSF-facing interface implies, NSF-facing interface (NFI)
- an information model refers to an expression of a concept of interest in the environment in a form independent of a data repository, a data definition language, a query language, an implementation language, and a protocol.
- an NSF instance may be created that is necessary in enforcing the security policy rules received from the I2NSF user. That is, in the I2NSF framework, the I2NSF user can determine the security services required for the system. If there is no NSF instance to enforce the security policy requested by the I2NSF user, the security controller may request the developer management system via the registration interface to create the required NSF instance.
- the NSF instance may be updated. After the NSF instance is registered with the I2NSF framework, the functionality of the NSF instance may change. These changes should be reported to the security controller. To do this, the developer management system can update some NSF instances and notify the security controller of the update via the registration interface.
- the conventional I2NSF registration interface was used only to register a new NSF instance in the security controller.
- embodiments of the present invention propose an information model that can be extended at any time to support NSF instantiation / reverse instantiation.
- the creation / removal of the NSF instance can be performed based on the instance management sub model among the registered interface information models, and the details configuring the NSF profile based on the registration sub model can be defined.
- the security controller may send an instantiation / re-instantiation request message to the developer management system as needed.
- the instantiation / re-instantiation request message may include NSF capability information.
- the developer management system that receives the request from the security controller may generate a corresponding NSF instance based on the NSF capability information and send a response message including information related to the processing result to the security controller.
- FIG. 6 is a diagram illustrating a registration sub-model according to an embodiment of the present invention.
- the NSF capability information indicates the ability to probe a new NSF instance.
- the NSF access information represents information that enables network access to a new instance of another component.
- NSF role-based ACL information specifies NSF's access policy to determine whether to allow or deny entity access to NSF based on the role assigned to the entity. Detailed model of NSF capability information, NSF access information, and NSF role based ACL information will be described in detail later.
- the NSF access information indicates information required to perform communication with the NSF.
- the NSF access information includes an Internet Protocol version 4 (IPv4) address, an Internet Protocol version 6 (IPv6) address, a port number, and / . ≪ / RTI >
- NSF Capability Information (or NSF Instance Capability)
- the NSF profile (or NSF capability information) indicating the checking capability of the NSF instance may include capability objects of various NSF instances.
- an NSF profile (or an NSF capability object) may include at least one of Network-Security Capabilities, Content-Security Capabilities, Attack Mitigation Capabilities, and performance capabilities. . ≪ / RTI >
- the network security capability indicates the ability to examine and process network traffic using a predefined security policy.
- Content Security Capability Indicates the ability to analyze traffic content delivered at the application layer.
- attack mitigation capabilities represent the ability to detect and mitigate various types of network attacks.
- FIG. 8 is a diagram schematically showing performance capability information according to an embodiment of the present invention.
- the registration interface proposed in this specification can control the use and restriction of the created instance, and can make an appropriate request according to the status.
- FIGS. 9 and 10 are views illustrating a Role-based Access Control List (ACL) according to an embodiment of the present invention.
- ACL Role-based Access Control List
- the high level YANG data model of the I2NSF registration interface may include a registration request field (or object, information) and an instance management request field (or object, information).
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG data model shown in Fig. 11 and the relationship therebetween can be explained by the contents shown in Fig. 11 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
- the registration request field of FIG. 11 described above may be extended as shown in FIG.
- the registration request (or the registration request object / field / information) may include capability information of the newly created NSF to inform the security controller of the capability.
- the registration request may also include network access information that allows the security controller to access the NSF.
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG data model shown in Fig. 12 and the relationship therebetween can be explained by the contents shown in Fig. 12 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
- FIG. 13 is a diagram illustrating a high-level YANG data model of an instance management request according to an embodiment of the present invention.
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG data model shown in FIG. 13 and the relationship therebetween can be explained by the contents shown in FIG. 13 and / or the contents described in FIG. 3 to FIG. 1 to 10 will be omitted from the description overlapping with the above description.
- FIG. 14 is a diagram illustrating a high-level YANG data model of NSF capability information according to an embodiment of the present invention.
- the NSF capability information field (or object, information) of FIGS. 12 and 13 described above can be extended as shown in FIG. [0064] [0052] If looking, the NSF capability information field may include an I2NSF capability field (or object, information), a performance capability field (or object, information).
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG data model shown in Fig. 14 and the relationship therebetween can be explained by the contents shown in Fig. 14 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
- 15 is a diagram illustrating a high-level YANG data model of NSF access information according to an embodiment of the present invention.
- the NSF access information field (or object, information) of Figs. 12 and 13 described above can be extended as shown in Fig. [0042]
- the NSF access information field may include an NSF address field (or object, information), an NSF port address field (or object, information).
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig. Furthermore, the object / field / information included in the YANG data model shown in Fig. 15 and the relationship therebetween can be explained by the contents shown in Fig. 15 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
- 16 is a diagram illustrating a high-level YANG data model of an NSF performance capability according to an embodiment of the present invention.
- 17 is a diagram illustrating a high level YANG data model of a role based ACL according to an embodiment of the present invention.
- the high level YANG data model of the registration interface may include a role based ACL as shown in FIG.
- FIG. 18 is a diagram illustrating a data model of an I2NSF registration interface according to an embodiment of the present invention.
- the YANG module for the information model of the data required for the registration interface between the security controller and the developer management system may be as shown in Fig.
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG module shown in Fig. 18 and the relationship therebetween can be explained by the contents shown in Fig. 18 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
- 19 is a diagram illustrating XML output for a registration interface according to an embodiment of the present invention.
- the IDS NSF can be registered using the VoIP / VoLTE security capability through the registration interface.
- the configuration XML for the above-described registration interface is as shown in FIG.
- the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
- the object / field / information included in the YANG module shown in FIG. 19 and the relationship therebetween can be explained by the contents shown in FIG. 19 and / or the contents described in FIG. 3 to FIG. 1 to 10 will be omitted from the description overlapping with the above description.
- the network device corresponds to the above-described I2NSF system (or security management system), or may be a device included in the I2NSF system.
- I2NSF system or security management system
- Examples of the devices included in the I2NSF system may include the above-described I2NSF, security controller, developer management system, NSF, and the like.
- the memory 2020 may be internal or external to the processor 2010 and may be coupled to the processor 2010 by various well known means.
- Embodiments in accordance with the present invention may be implemented by various means, for example, hardware, firmware, software, or a combination thereof.
- an embodiment of the present invention may include one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs) field programmable gate arrays, processors, controllers, microcontrollers, microprocessors, and the like.
- ASICs application specific integrated circuits
- DSPs digital signal processors
- DSPDs digital signal processing devices
- PLDs programmable logic devices
- an embodiment of the present invention may be embodied in the form of a module, a procedure, a function, and the like for performing the functions or operations described above, Lt; / RTI >
- the recording medium may include program commands, data files, data structures, and the like, alone or in combination.
- Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software.
- a device or terminal according to the present invention may be driven by instructions that cause one or more processors to perform the functions and processes described above.
- Such instructions may include, for example, interpreted instructions such as script commands, such as JavaScript or ECMAScript commands, or other instructions stored in executable code or computer readable media.
- the apparatus according to the present invention may be implemented in a distributed manner across a network, such as a server farm, or may be implemented in a single computer device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L'invention concerne un système de gestion de sécurité permettant de gérer une fonction de sécurité de réseau (NSF) par l'intermédiaire d'une interface d'enregistrement. Spécifiquement, un procédé effectué par un contrôleur de sécurité comprend les étapes suivantes : transmettre un message de demande d'instanciation pour la NSF nécessaire pour un système de gestion de sécurité à un système de gestion de développeur ; et recevoir, du système de gestion de développeur, un message d'enregistrement indiquant l'enregistrement d'une instance de NSF pour la NSF nécessaire en réponse au message de demande, l'instance de NSF pouvant être produite par le système de gestion de développeur en fonction du message de demande d'instanciation.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20170142840 | 2017-10-30 | ||
KR10-2017-0142840 | 2017-10-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019088671A1 true WO2019088671A1 (fr) | 2019-05-09 |
Family
ID=66332144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2018/013037 WO2019088671A1 (fr) | 2017-10-30 | 2018-10-30 | Procédé de fourniture de service de sécurité de réseau et appareil pour cela |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR102184114B1 (fr) |
WO (1) | WO2019088671A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290048A (zh) * | 2019-05-17 | 2019-09-27 | 国家工业信息安全发展研究中心 | 政府网络安全信息通报系统 |
US20210029175A1 (en) * | 2019-07-24 | 2021-01-28 | Research & Business Foundation Sungkyunkwan University | Security policy translation in interface to network security functions |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110042070A (ko) * | 2008-07-01 | 2011-04-22 | 인터내셔널 비지네스 머신즈 코포레이션 | 새로운 네트워크 자원이 서비스 랜드스케이프 인스턴스에 제공되는 경우 동적으로 네트워크 보안 정책 규칙을 갱신하는 방법 |
KR20140075809A (ko) * | 2011-11-01 | 2014-06-19 | 제이브이엘 벤쳐스, 엘엘씨 | 보안 요소를 관리하기 위한 시스템, 방법 및 컴퓨터 프로그램 제품 |
KR20150105421A (ko) * | 2013-01-11 | 2015-09-16 | 후아웨이 테크놀러지 컴퍼니 리미티드 | 네트워크 장치에 대한 네트워크 기능 가상화 |
KR20170010806A (ko) * | 2014-05-28 | 2017-02-01 | 후아웨이 테크놀러지 컴퍼니 리미티드 | 네트워크 관리 시스템을 가상화하기 위한 방법, 장치 및 시스템 |
KR20170095852A (ko) * | 2014-12-11 | 2017-08-23 | 비트데펜더 아이피알 매니지먼트 엘티디 | 네트워크 종점들의 보안 보호와 원격 관리를 위한 사용자 인터페이스 |
-
2018
- 2018-10-30 WO PCT/KR2018/013037 patent/WO2019088671A1/fr active Application Filing
- 2018-10-30 KR KR1020180131256A patent/KR102184114B1/ko active IP Right Grant
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110042070A (ko) * | 2008-07-01 | 2011-04-22 | 인터내셔널 비지네스 머신즈 코포레이션 | 새로운 네트워크 자원이 서비스 랜드스케이프 인스턴스에 제공되는 경우 동적으로 네트워크 보안 정책 규칙을 갱신하는 방법 |
KR20140075809A (ko) * | 2011-11-01 | 2014-06-19 | 제이브이엘 벤쳐스, 엘엘씨 | 보안 요소를 관리하기 위한 시스템, 방법 및 컴퓨터 프로그램 제품 |
KR20150105421A (ko) * | 2013-01-11 | 2015-09-16 | 후아웨이 테크놀러지 컴퍼니 리미티드 | 네트워크 장치에 대한 네트워크 기능 가상화 |
KR20170010806A (ko) * | 2014-05-28 | 2017-02-01 | 후아웨이 테크놀러지 컴퍼니 리미티드 | 네트워크 관리 시스템을 가상화하기 위한 방법, 장치 및 시스템 |
KR20170095852A (ko) * | 2014-12-11 | 2017-08-23 | 비트데펜더 아이피알 매니지먼트 엘티디 | 네트워크 종점들의 보안 보호와 원격 관리를 위한 사용자 인터페이스 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290048A (zh) * | 2019-05-17 | 2019-09-27 | 国家工业信息安全发展研究中心 | 政府网络安全信息通报系统 |
US20210029175A1 (en) * | 2019-07-24 | 2021-01-28 | Research & Business Foundation Sungkyunkwan University | Security policy translation in interface to network security functions |
US11632402B2 (en) * | 2019-07-24 | 2023-04-18 | Research & Business Foundation Sungkyunkwan University | Security policy translation in interface to network security functions |
Also Published As
Publication number | Publication date |
---|---|
KR20190049579A (ko) | 2019-05-09 |
KR102184114B1 (ko) | 2020-11-27 |
KR102184114B9 (ko) | 2022-04-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021060857A1 (fr) | Système de gestion de flux de commande de nœud à base de code d'exécution à distance et procédé associé | |
WO2013085281A1 (fr) | Procédé et dispositif de sécurité dans un service informatique en nuage | |
KR102136039B1 (ko) | 소프트웨어 정의 네트워크에서의 보안 | |
WO2019066295A1 (fr) | Système et procédé de journalisation de trafic web permettant de détecter un piratage web en temps réel | |
WO2023038387A1 (fr) | Système de commande d'accès réseau d'application sur la base d'un flux de données, et procédé associé | |
WO2018101565A1 (fr) | Structure de gestion de sécurité dans un environnement de virtualisation de réseau | |
US7474655B2 (en) | Restricting communication service | |
WO2014069777A1 (fr) | Commande de transit pour des données | |
WO2013065915A1 (fr) | Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant | |
WO2023033586A1 (fr) | Système de commande d'accès réseau d'une application d'après une commande de session tcp, et procédé associé | |
US11102174B2 (en) | Autonomous alerting based on defined categorizations for network space and network boundary changes | |
WO2022071985A1 (fr) | Optimisation dynamique d'accès d'application de client par l'intermédiaire d'un contrôleur d'optimisation de réseau (noc) de périphérie de service d'accès sécurisé (sase) | |
WO2016013846A1 (fr) | Procédé de traitement de message de demande dans un système de communications sans fil, et appareil associé | |
WO2016064235A2 (fr) | Procédé de gestion d'une ressource enfant d'un membre d'un groupe dans un système de communication sans fil, et dispositif associé | |
WO2023033588A1 (fr) | Système de commande de flux de données dans un terminal de virtualisation, et procédé associé | |
WO2021261728A1 (fr) | Dispositif de communication sécurisée pour une fournir une fonction sécurisée multifonctions, et procédé de fonctionnement associé | |
WO2019098678A1 (fr) | Procédé permettant de fournir un service de sécurité et dispositif associé | |
WO2019088671A1 (fr) | Procédé de fourniture de service de sécurité de réseau et appareil pour cela | |
WO2022114689A1 (fr) | Procédé et dispositif de détection de logiciel malveillant basée sur une image, et système de détection de point d'extrémité basé sur une intelligence artificielle et système de réponse l'utilisant | |
WO2016126021A1 (fr) | Procédé et appareil de traitement de requête pour l'arrêt de réception de notification dans un système de communication sans fil | |
WO2023211124A1 (fr) | Système de commande de connexion de réseau basée sur un contrôleur et procédé associé | |
WO2023090755A1 (fr) | Système de contrôle d'accès au réseau d'instance de virtualisation, et procédé associé | |
WO2023146304A1 (fr) | Système de commande de transmission et de réception d'un fichier d'une application et procédé associé | |
WO2014077544A1 (fr) | Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant | |
WO2023177238A1 (fr) | Système de commande de connexion au réseau basé sur un contrôleur, et son procédé |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18873268 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18873268 Country of ref document: EP Kind code of ref document: A1 |