CN104468552A - Access control method and device - Google Patents
Access control method and device Download PDFInfo
- Publication number
- CN104468552A CN104468552A CN201410712872.0A CN201410712872A CN104468552A CN 104468552 A CN104468552 A CN 104468552A CN 201410712872 A CN201410712872 A CN 201410712872A CN 104468552 A CN104468552 A CN 104468552A
- Authority
- CN
- China
- Prior art keywords
- attribute information
- user terminal
- network access
- attribute
- access equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/503—Internet protocol [IP] addresses using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides an access control method and device, and relates to the field of communication. According to the access control method and device, access control can be achieved in various network scenarios. The method comprises the steps that after the user account of a user terminal is authenticated by an AAA authentication server, the access control device receives the access attribute information of network access equipment and the user attribute information of the user terminal, which are sent by the AAA authentication server, wherein the access attribute information comprises the information for indicating the network scenario to be accessed of the user terminal, and the user attribution information comprises the information for indicating the user terminal; a first intelligent binding strategy corresponding to the network scenario to be accessed, which is indicated by the access attribute information of the network access equipment and the user attribute information of the user terminal according to the corresponding relation of the stored access attribute information, the stored user attribute information and the intelligent binding strategy. The access control method and device are applied to network access.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of connection control method and device.
Background technology
Along with the develop rapidly of computer and Internet technology, the units such as government, bank, enterprise all need accessing Internet to carry out handling official business and the sharing of data, can attract from various artificial attack all over the world unavoidably like this, such as information leakage, information stealth, data tampering, data deletion, computer virus etc.Therefore, the access control of network just seems particularly important.
Existing connection control method only accesses for wireless terminal WLAN (Wireless LocalArea Networks, WLAN).Concrete, as shown in Figure 1, accessing user terminal to network access device, user terminal sends account and password to network access equipment, network access equipment sends account and password to AAA (Authentication, Authorization, Accounting, checking, mandate, book keeping operation) certificate server again, and aaa authentication server carries out certification to account and password, after certification, binding device is according to the intelligent binding strategy access wlan network of the WLAN stored.But above-mentioned connection control method is only for wlan network, do not support network scenarios such as access 3G network, cable access network etc.
Summary of the invention
Embodiments of the invention provide a kind of connection control method and device, can realize access control in multiple network scene.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, provides a kind of connection control method, comprising:
After the user account of aaa authentication server authentication user terminal, access control apparatus receives the switch-in attribute information of network access equipment and the customer attribute information of user terminal of the transmission of described aaa authentication server; Wherein, described switch-in attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed, and described customer attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed;
According to the corresponding relation of the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, so that described user terminal accesses described network according to described first intelligent binding strategy.
Second aspect, provides a kind of access control apparatus, comprising:
Receiving element, for receiving the switch-in attribute information of network access equipment and the customer attribute information of user terminal of the transmission of aaa authentication server; Wherein, described switch-in attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed, and described customer attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed;
Determining unit, for the corresponding relation according to the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, so that described user terminal accesses described network according to described first intelligent binding strategy.
Compared to prior art, the real method and apparatus provided of the present invention is no longer merely able to according to the device attribute information of WLAN and unique intelligent binding strategy access WLAN corresponding to WLAN, but can according to the bind properties information under different access networks scene, from the binding strategy for multiple network scene, select a kind of suitable waiting to bind intelligent binding strategy, thus make user terminal can access this network, no longer only be limited to a kind of WLAN net, the control as access WLAN net can also be carried out in other networks.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of structural representation of network access system;
The flow chart of a kind of connection control method that Fig. 2 provides for the embodiment of the present invention;
The flow chart of the another kind of connection control method that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of access control apparatus that Fig. 4 provides for the embodiment of the present invention;
The structural representation of the another kind of access control apparatus that Fig. 5 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In order to meet department of home government, public security, army, maintain secrecy, the network security demand of finance, the critical network system such as security and scientific research institutions.Network access system can protect whole Intranet, comprises manageable (corporate desktop, laptop computer, server) and not manageable (outside visitor, affiliate, client) terminal.Can force the safety of the enterprise network terminal, ensure that enterprise network protection mechanism is not interrupted, configuration is correct, and patch has up-to-date ageing, makes network security obtain more effectively promoting.Meanwhile control gateway based on equipment access, identity, uniqueness and safety certification can also be carried out for the computer of long-range access Intranet.
Embodiment one
The embodiment of the present invention provides a kind of connection control method, is applied to network access system, and this network access system can comprise aaa authentication server, network access equipment, user terminal and access control apparatus, as shown in Figure 2, can comprise:
Step 101, after the user account of aaa authentication server authentication user terminal, access control apparatus receives the switch-in attribute information of network access equipment and the customer attribute information of user terminal that aaa authentication server sends; Wherein, this switch-in attribute information comprises the information of indicating user terminal network scenarios to be accessed, and this customer attribute information comprises the information of indicating user terminal network scenarios to be accessed.
Step 102, access control apparatus are according to the corresponding relation of the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of network access equipment and the customer attribute information of user terminal indicate, so that user terminal accesses described network according to the first intelligent binding strategy.
Compared to prior art, the real method provided of the present invention is no longer merely able to access WLAN according to the device attribute information of WLAN and unique intelligent binding strategy corresponding to WLAN, but can according to the bind properties information under different access networks scene, from the binding strategy for multiple network scene, select a kind of suitable waiting to bind intelligent binding strategy, thus make user terminal can access this network, no longer only be limited to a kind of WLAN net, the control as access WLAN net can also be carried out in other networks.
Further, after step 102, described method can also comprise: access control apparatus adds up the quantity of current bindings example corresponding to the first intelligent binding strategy; If determine, the quantity of binding example is less than binding example threshold, then generate binding example corresponding to a first intelligent binding strategy.
Further, described customer attribute information comprises: the attribute of described user account and described user terminal, described switch-in attribute information comprises: the attribute of described network access equipment, step 102 specifically can comprise: the corresponding relation that access control apparatus is organized according to the account stored and user, determines user's group that described user account is corresponding; According to the corresponding relation of the user's group stored, attribute and intelligent binding strategy, determine that the attribute of the attribute of the user group corresponding with described user account, described user terminal and described network access equipment is waited to bind intelligent binding strategy described in corresponding.
Further, for 3G (3rd-Generation, G mobile communication) network insertion, the attribute of described network access equipment comprises the MAC of described network access equipment (Media Access Control, medium access control) address; The attribute of described user terminal comprises the system banner of described terminal equipment and the system MAC Address of described terminal equipment.
Further, for wired network access, the attribute of described network access equipment comprises the port numbers of the MAC Address of described network access equipment, described network access equipment; The attribute of described user terminal comprises the MAC Address of user terminal, IP (InternetProtocol, the agreement interconnected between the network) address of user terminal.
Embodiment two
The embodiment of the present invention provides a kind of connection control method, supposes the network access system being applied to bank, and the network access system of this bank can comprise aaa authentication server, network access equipment, user terminal and access control apparatus.The present invention is for mobile phone access 3G net, and the method can comprise:
The network that step 201, mobile phone select according to user sends access request to network access equipment, and this request comprises the user property of mobile phone, user account and user cipher.
User can select wired network, 3G, 4G (4th-Generation, forth generation mobile communication technology), WLAN etc. according to actual conditions.When user uses the desktop computer of wired connection, user can select wired network, and when user uses mobile phone, user can select WLAN, 3G or 4G according to current wireless net situation.Access request comprises the user property of user terminal, such as, and the system banner of terminal equipment, the system MAC Address of terminal equipment.System banner is used to indicate current system, can be mobile phone A ndroid (Android) system, mobile phone Saipan system, mobile phone apple system, mobile phone Windows system etc.User account herein and user cipher can be that user manually inputs, and also can be automatically to preserve.
Step 202, network access equipment send the user property of mobile phone, user account and user cipher to aaa authentication server by RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication service) agreement.
Step 203, aaa authentication server judge that user account and user cipher mate.If so, then step 204 is performed; If not, then step 210 is performed.
Concrete, aaa authentication server judges whether this user account is the account of having preserved, and if not, then performs 210; If so, then according to the corresponding relation of the account of having preserved and password, obtains the password corresponding with this user account, judge that whether user cipher is identical with the password of correspondence.If identical, then perform step 204, if different, then perform step 210.
Step 204, aaa authentication server send attribute information to access control apparatus, and this attribute information comprises the switch-in attribute of the user property of mobile phone, user account and user cipher, network access equipment.
User binds the MAC Address that this switch-in attribute can comprise network access equipment, and this MAC Address represents that this network access equipment place network is 3G network, and this attribute information is the general name of switch-in attribute information in embodiment one and customer attribute information.
The corresponding relation that step 205, access control apparatus are organized according to the account stored and user, determines user's group that user account is corresponding.
Concrete, user's group of bank can be divided into enterprise customer's group, personal user's group and administrator's group.Access control apparatus can in advance by account according to user's component class, preserve account and user group corresponding relation.The classification of user's group carries out distributing according to the operational rights of different user.Such as, the user of personal user's group can only carry out small amount trading, and enterprise customer's group can carry out wholesale trading, and management group can manage each user, equally not right with transaction etc.Even if therefore only for the different operating of different users group, intelligent binding strategy is also differentiated (specifically can as table 1).
Step 206, access control apparatus according to the corresponding relation of user's group, attribute and intelligent binding strategy, determine the attribute of the attribute of the user group corresponding with user account, mobile phone and network access equipment corresponding wait bind intelligent binding strategy.
Table 1 shows the corresponding relation of attribute information and intelligent binding strategy in 3G network.Can find out that the user that personal user organizes can use mobile phone 3G to access, but enterprise customer's group and enterprise customer's group forbid that mobile phone 3G accesses, but can be accessed by notebook 3G, therefore, the intelligent binding strategy that the embodiment of the present invention provides artificially designs according to actual conditions, just seldom describes at this.Suppose that user's group is personal user's group, just can determine according to user property in table 1 and switch-in attribute and treat that binding strategy (the in embodiment one first intelligent binding strategy) is 3G strategy 1.
Table 1
Intelligence binding strategy can configure one or more mobile phone (user terminal) and access device attribute binding rule, comprising: specified attribute bound values, do not limit attribute bound values, binding example threshold in one or more.The present embodiment is to bind example threshold for rule.
The already present quantity treating the binding example that binding strategy is corresponding of step 207, access control apparatus statistics.
This treats that binding strategy can corresponding multiple binding example, and different binding examples can for different users.
Step 208, access control apparatus judge whether the quantity of already present binding example is less than default example threshold.If so, then step 209 is performed; If not, then step 210 is performed.
Step 209, when the quantity of already present binding example is less than default example threshold, access control apparatus generates one and treats the example that binding strategy is corresponding, makes mobile phone can access the network of bank.
Step 210, when the quantity of already present binding example is more than or equal to default example threshold, access control apparatus refusal mobile phone access.
Compared to prior art, the real method and apparatus provided of the present invention is no longer merely able to access WLAN according to the device attribute information of WLAN and unique intelligent binding strategy corresponding to WLAN, but can according to the bind properties information under different access networks scene, from the binding strategy for multiple network scene, select a kind of suitable waiting to bind intelligent binding strategy, thus make user terminal can access this network, no longer only be limited to a kind of WLAN net, the control as access WLAN net can also be carried out in other networks.
Embodiment three
The embodiment of the present invention provides a kind of access control apparatus 30, comprising:
Receiving element 301, for receiving the switch-in attribute information of network access equipment and the customer attribute information of user terminal of the transmission of aaa authentication server; Wherein, described switch-in attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed, and described customer attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed.
Determining unit 302, for the corresponding relation according to the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, so that described user terminal accesses described network according to described first intelligent binding strategy.
Compared to prior art, the real device provided of the present invention is no longer merely able to according to the device attribute information of WLAN and unique intelligent binding strategy access WLAN corresponding to WLAN, but can according to the bind properties information under different access networks scene, from the binding strategy for multiple network scene, select a kind of suitable waiting to bind intelligent binding strategy, thus make user terminal can access this network, no longer only be limited to a kind of WLAN net, the control as access WLAN net can also be carried out in other networks.
Describedly wait that binding intelligent binding strategy comprises binding example threshold, described device 30 comprises:
Statistic unit 303, for adding up the quantity of current bindings example corresponding to described first intelligent binding strategy.
Judging unit 304, waits whether the quantity of binding binding example corresponding to intelligent binding strategy is less than described binding example threshold described in judging;
Generation unit 305, for when determining that the quantity of described binding example is less than described binding example threshold, generates the binding example that a described first intelligent binding strategy is corresponding.
Further, described customer attribute information comprises: the attribute of user account and described user terminal, and described switch-in attribute information comprises: the attribute of network access equipment, described determining unit 302 specifically for:
According to the corresponding relation that the account stored and user are organized, determine user's group that described user account is corresponding;
According to the corresponding relation of the user's group stored, attribute and intelligent binding strategy, determine that the attribute of the attribute of the user group corresponding with described user account, described user terminal and described network access equipment is waited to bind intelligent binding strategy described in corresponding.
Further, for 3G network access, the attribute of described network access equipment comprises the MAC Address of described network access equipment; The attribute of described user terminal comprises the system banner of described terminal equipment and the system MAC Address of described terminal equipment.
Further, for wired network access, the attribute of described network access equipment comprises the port numbers of the MAC Address of described network access equipment, described network access equipment; The attribute of described user terminal comprises the MAC Address of user terminal, the IP address of user terminal.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (10)
1. a connection control method, is characterized in that, comprising:
After the user account of aaa authentication server authentication user terminal, access control apparatus receives the switch-in attribute information of network access equipment and the customer attribute information of user terminal of the transmission of described aaa authentication server; Wherein, described switch-in attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed, and described customer attribute information comprises the information indicating described user terminal;
According to the corresponding relation of the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, so that described user terminal accesses described network according to described first intelligent binding strategy.
2. method according to claim 1, is characterized in that,
Described first intelligent binding strategy comprises binding example threshold;
The corresponding relation of described switch-in attribute information, customer attribute information and intelligent binding strategy according to storing, after determining the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, described method comprises:
Add up the quantity of current bindings example corresponding to described first intelligent binding strategy;
If determine, the quantity of described binding example is less than described binding example threshold, then generate binding example corresponding to a described first intelligent binding strategy.
3. method according to claim 1 and 2, is characterized in that, described customer attribute information comprises: the attribute of described user account and described user terminal, described switch-in attribute information: the attribute comprising described network access equipment,
The corresponding relation of described switch-in attribute information, customer attribute information and intelligent binding strategy according to storing, determine that the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate comprises:
According to the corresponding relation that the account stored and user are organized, determine user's group that described user account is corresponding;
According to the corresponding relation of the user's group stored, attribute and intelligent binding strategy, determine that the attribute of the attribute of the user group corresponding with described user account, described user terminal and described network access equipment is waited to bind intelligent binding strategy described in corresponding.
4. method according to claim 3, is characterized in that, for the access of G mobile communication 3G network, the attribute of described network access equipment comprises the medium access control MAC Address of described network access equipment; The attribute of described user terminal comprises the system banner of described terminal equipment and the system MAC Address of described terminal equipment.
5. method according to claim 3, is characterized in that, for wired network access, the attribute of described network access equipment comprises the port numbers of the MAC Address of described network access equipment, described network access equipment; The attribute of described user terminal comprises the Protocol IP address interconnected between the network of the MAC Address of user terminal, user terminal.
6. an access control apparatus, is characterized in that, comprising:
Receiving element, for receiving the switch-in attribute information of network access equipment and the customer attribute information of user terminal of the transmission of aaa authentication server; Wherein, described switch-in attribute information comprises the information of the described user terminal of instruction network scenarios to be accessed, and described customer attribute information comprises the information indicating described user terminal;
Determining unit, for the corresponding relation according to the switch-in attribute information stored, customer attribute information and intelligent binding strategy, determine the first intelligent binding strategy corresponding with the network scenarios to be accessed that the switch-in attribute information of described network access equipment and the customer attribute information of described user terminal indicate, so that described user terminal accesses described network according to described first intelligent binding strategy.
7. device according to claim 6, is characterized in that, described first intelligent binding strategy comprises binding example threshold, and described device comprises:
Statistic unit, for adding up the quantity of current bindings example corresponding to described first intelligent binding strategy;
Generation unit, for when determining that the quantity of described binding example is less than described binding example threshold, generates the binding example that a described first intelligent binding strategy is corresponding.
8. the device according to claim 6 or 7, is characterized in that, described customer attribute information comprises: the attribute of described user account and described user terminal, and described switch-in attribute information comprises: the attribute of described network access equipment,
Described determining unit specifically for:
According to the corresponding relation that the account stored and user are organized, determine user's group that described user account is corresponding;
According to the corresponding relation of the user's group stored, attribute and intelligent binding strategy, determine that the attribute of the attribute of the user group corresponding with described user account, described user terminal and described network access equipment is waited to bind intelligent binding strategy described in corresponding.
9. device according to claim 8, is characterized in that, for 3G network access, the attribute of described network access equipment comprises the MAC Address of described network access equipment; The attribute of described user terminal comprises the system banner of described terminal equipment and the system MAC Address of described terminal equipment.
10. device according to claim 8, is characterized in that, for wired network access, the attribute of described network access equipment comprises the port numbers of the MAC Address of described network access equipment, described network access equipment; The attribute of described user terminal comprises the MAC Address of user terminal, the IP address of user terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410712872.0A CN104468552B (en) | 2014-11-28 | 2014-11-28 | A kind of connection control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410712872.0A CN104468552B (en) | 2014-11-28 | 2014-11-28 | A kind of connection control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104468552A true CN104468552A (en) | 2015-03-25 |
| CN104468552B CN104468552B (en) | 2018-10-19 |
Family
ID=52913924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410712872.0A Active CN104468552B (en) | 2014-11-28 | 2014-11-28 | A kind of connection control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468552B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105554753A (en) * | 2015-11-27 | 2016-05-04 | 北京博思汇众科技股份有限公司 | Mobile communication network access system and method |
| CN105871862A (en) * | 2016-04-19 | 2016-08-17 | 杭州华三通信技术有限公司 | Network resource accessing method and device |
| CN106230668A (en) * | 2016-07-14 | 2016-12-14 | 杭州华三通信技术有限公司 | Connection control method and device |
| CN106911489A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | A kind of automatic adaptation method of access device, managing device and system |
| WO2017128270A1 (en) * | 2016-01-29 | 2017-08-03 | Hewlett Packard Enterprise Development Lp | Enterprise-based network selection |
| WO2019062570A1 (en) * | 2017-09-27 | 2019-04-04 | 阿里巴巴集团控股有限公司 | Device configuration method and apparatus |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215597A (en) * | 2011-05-30 | 2011-10-12 | 杭州华三通信技术有限公司 | Access policy management method and device |
| CN103313343A (en) * | 2012-03-13 | 2013-09-18 | 百度在线网络技术(北京)有限公司 | Method and equipment for implementing user access control |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
| EP2747371A1 (en) * | 2012-12-24 | 2014-06-25 | Alcatel Lucent | Access policy definition with respect to a data object |
-
2014
- 2014-11-28 CN CN201410712872.0A patent/CN104468552B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215597A (en) * | 2011-05-30 | 2011-10-12 | 杭州华三通信技术有限公司 | Access policy management method and device |
| CN103313343A (en) * | 2012-03-13 | 2013-09-18 | 百度在线网络技术(北京)有限公司 | Method and equipment for implementing user access control |
| EP2747371A1 (en) * | 2012-12-24 | 2014-06-25 | Alcatel Lucent | Access policy definition with respect to a data object |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105554753A (en) * | 2015-11-27 | 2016-05-04 | 北京博思汇众科技股份有限公司 | Mobile communication network access system and method |
| CN105554753B (en) * | 2015-11-27 | 2019-01-04 | 北京博思汇众科技股份有限公司 | Mobile communications network access system and method |
| CN106911489A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | A kind of automatic adaptation method of access device, managing device and system |
| WO2017128270A1 (en) * | 2016-01-29 | 2017-08-03 | Hewlett Packard Enterprise Development Lp | Enterprise-based network selection |
| US11382030B2 (en) | 2016-01-29 | 2022-07-05 | Hewlett Packard Enterprise Development Lp | Enterprise-based network selection |
| CN105871862A (en) * | 2016-04-19 | 2016-08-17 | 杭州华三通信技术有限公司 | Network resource accessing method and device |
| CN106230668A (en) * | 2016-07-14 | 2016-12-14 | 杭州华三通信技术有限公司 | Connection control method and device |
| CN106230668B (en) * | 2016-07-14 | 2020-01-03 | 新华三技术有限公司 | Access control method and device |
| WO2019062570A1 (en) * | 2017-09-27 | 2019-04-04 | 阿里巴巴集团控股有限公司 | Device configuration method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104468552B (en) | 2018-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104468552A (en) | Access control method and device | |
| CN102047262B (en) | Authentication for distributed secure content management system | |
| CN108337677B (en) | Network authentication method and device | |
| CN103249045A (en) | Identification method, device and system | |
| US8590017B2 (en) | Partial authentication for access to incremental data | |
| CN103746983A (en) | Access authentication method and authentication server | |
| CN108022100B (en) | Cross authentication system and method based on block chain technology | |
| US20190068568A1 (en) | Distributed profile and key management | |
| US9781125B2 (en) | Enrollment in a device-to-device network | |
| CN113542201B (en) | Access control method and equipment for Internet service | |
| US20140096214A1 (en) | Radius policy multiple authenticator support | |
| CN107026813A (en) | Access authentication method, system and the portal server of WiFi network | |
| CN103532912A (en) | Browser service data processing method and apparatus | |
| CN101764808A (en) | Authentication processing method and system for automatic login as well as server | |
| US20150288658A1 (en) | Access point apparatus for configuring multiple security tunnel, and system having the same and method thereof | |
| CN109218334A (en) | Data processing method, device, access control equipment, certificate server and system | |
| US20180198675A1 (en) | Techniques for accessing logical networks via a virtualized gateway | |
| CN102769629A (en) | Client-side password storage method and service system | |
| CN114244568A (en) | Security access control method, device and equipment based on terminal access behavior | |
| US20170019498A1 (en) | Role-Based Access to Shared Resources | |
| CN104883341A (en) | Application management device, terminal and application management method | |
| CN114157438A (en) | Network equipment management method and device and computer readable storage medium | |
| Xu et al. | Analysing the resilience of the internet of things against physical and proximity attacks | |
| CN109801423A (en) | A kind of control method for vehicle and system based on bluetooth | |
| CN105991576B (en) | A kind of delivery method and equipment of security strategy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |