WO2010034209A1 - Procédé, système et dispositif destinés à réévaluer un état de sécurité - Google Patents

Procédé, système et dispositif destinés à réévaluer un état de sécurité Download PDF

Info

Publication number
WO2010034209A1
WO2010034209A1 PCT/CN2009/072555 CN2009072555W WO2010034209A1 WO 2010034209 A1 WO2010034209 A1 WO 2010034209A1 CN 2009072555 W CN2009072555 W CN 2009072555W WO 2010034209 A1 WO2010034209 A1 WO 2010034209A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security domain
security
evaluation
rsd
Prior art date
Application number
PCT/CN2009/072555
Other languages
English (en)
Chinese (zh)
Inventor
任兰芳
尹瀚
贾科
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010034209A1 publication Critical patent/WO2010034209A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, system and apparatus for re-evaluating a security state. Background technique
  • RSD Access Security Domain
  • RSD Remote Security Domain
  • the RSD needs to perform security state evaluation on the terminal.
  • RSD does not directly collect and evaluate the security status information of the terminal, but after receiving the access request of the terminal, the RSD sends a terminal security status assertion request to the ASD of the terminal, after receiving the security state assertion of the terminal ASD, according to This result responds to the terminal's access request.
  • Only terminals that meet the RSD security policy requirements are allowed to access RSD. After the terminal obtains the allowed access response of the RSD, the terminal can communicate with the RSD or enjoy a certain service.
  • Embodiments of the present invention provide a method, system, and apparatus for re-evaluating a security state to timely adjust appropriate control of a terminal according to a result of re-evaluation.
  • an embodiment of the present invention provides a method for re-evaluating a security state, including:
  • the embodiment of the invention further provides a system for reassessing the security status, including:
  • a first security domain configured to re-evaluate a terminal accessing the second security domain, and send the re-evaluation result to the second security domain;
  • a second security domain configured to perform corresponding control on the access of the terminal according to the re-evaluation result.
  • An embodiment of the present invention further provides a device for re-evaluating a security state, including:
  • a re-evaluation module configured to re-evaluate a terminal accessing the second security domain
  • a sending module configured to send the re-evaluation result to the second security domain.
  • An embodiment of the present invention further provides a device for re-evaluating a security state, including:
  • a receiving module configured to receive a result of the re-evaluation sent from the first security domain
  • control module configured to perform corresponding control on access of the terminal according to the result of the re-evaluation.
  • FIG. 1 is a flow chart of a method for reassessing a safety state according to a first embodiment of the present invention
  • FIG. 2 is a flow chart of a method for reassessing a safety state according to a second embodiment of the present invention
  • FIG. 4 is a flowchart of execution of re-evaluation of a terminal by an RSD according to Embodiment 2 of the present invention
  • FIG. 5 is a flowchart of execution of re-evaluation of a terminal by another RSD according to Embodiment 2 of the present invention
  • FIG. 6 is a flow chart showing an execution process of another RSD for re-evaluating a terminal according to Embodiment 2 of the present invention.
  • FIG. 7 is a system structural diagram of a safety state re-evaluation according to Embodiment 3 of the present invention
  • FIG. 8 is a structural diagram of a safety state re-evaluation apparatus according to Embodiment 4 of the present invention
  • a device structure diagram for re-evaluation of a safety state is proposed. detailed description
  • a method for re-evaluating a security state according to the first embodiment of the present invention, as shown in FIG. 1, may include:
  • Step S101 Perform re-evaluation on the terminal accessing the second security domain.
  • Step S102 Send the re-evaluation result to the second security domain.
  • the second security domain After the re-evaluation result is sent to the second security domain, the second security domain The re-evaluation result can also be received, and corresponding access to the terminal is controlled according to the re-evaluation result. Further, the method may further include:
  • Step S103 The second security domain receives the re-evaluation result, and performs corresponding control on the access of the terminal according to the re-evaluation result.
  • the second security domain and the first security domain may be a security domain or a server in the network, and may be an authentication server or an evaluation server.
  • the second security domain relies on the security domain RSD.
  • the first security domain takes the assertion of the security domain ASD as an example.
  • the terminal can be a smart terminal, a mobile phone, a PDA (Personal Digital Assistant, a personal data processor), a normal PC (personal computer), a notebook, and an AP (Access Point) support TNC (Trusted Network Connect, Trusted Network Connection) Evaluated device.
  • the re-evaluation of the trigger condition of the terminal that is communicating across the domain may include: the ASD transmitting an assertion trigger condition of the terminal security status re-evaluation result to the RSD; and/or the RSD transmitting the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal Trigger condition.
  • the assertion triggering condition for the ASD to send the terminal security state re-evaluation result to the RSD includes: the configuration of the security policy of the terminal ASD is changed, and the security policy configuration of the terminal ASD needs to periodically perform security state evaluation on the terminal, and the terminal Requesting the ASD to re-evaluate one or more of the security status assessments of the terminal.
  • the triggering condition for the RSD to send the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal includes: the RSD discovers that the suspicious behavior of the terminal occurs, the security policy of the RSD itself changes, and the terminal is required to re-evaluate, The RSD subscribes to the ASD for information about the terminal security status re-evaluation result, and requests the ASD to send the evaluation result information to the RSD in time, or to specify one of a fixed re-evaluation period, once the evaluation result changes. Or several.
  • the appropriate control of the terminal according to the result of the re-evaluation includes: if the security status of the terminal is only partially complying with the security policy requirements of the second security domain, The terminal can only partially access the second security domain, and the result of the re-evaluation indicates that the security state of the terminal completely meets the second security domain policy requirement, and the second security domain continues to maintain communication with the terminal. And changing the access status of the terminal to fully access the second security domain; or
  • the re-evaluation result indicates that the security status of the terminal only partially meets the requirements of the second security domain,
  • the second security domain allows the terminal to access to continue to maintain communication with the terminal, and the access at this time is to partially access the second security domain;
  • the re-evaluation result indicates that the security status of the terminal does not meet the security policy requirements of the second security domain.
  • the second security domain terminates all connections with the terminal; or
  • the second security domain performs role mapping on the terminal that is allowed to access according to the re-evaluation result of the terminal, and maps the terminal that does not belong to the second security domain to the terminal in the second security domain.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • a method for re-evaluating the security state according to the second embodiment of the present invention includes: Step S201:
  • the RSD performs an initial evaluation when the terminal requests to access the network, and determines whether the security state assertion provided by the ASD satisfies the RSD.
  • the security policy requires that when the security state assertion provided by the ASD meets the RSD security policy requirements, after completing the initial evaluation of the terminal requesting access to the network and establishing communication between the terminal and the RSD, the ASD sends the terminal security state to the RSD.
  • step S202 When the assertion of the evaluation result is made, go to step S202, when the RSD sends the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal, go to step S203, when the security state assertion provided by the ASD fails to meet the RSD security policy requirement, Go to step S204.
  • Step S202 after the terminal completes the initial evaluation and establishes communication with the RSD for a period of time,
  • the ASD sends an assertion of the terminal security status re-evaluation result to the RSD, and the RSD will promptly enter the terminal.
  • the line is reassessed and the appropriate control of the terminal is adjusted in time based on the results of the reassessment.
  • the communication between the RSDs is specifically cross-domain communication, specifically the cross-domain communication between the ASD domain and the RSD domain.
  • the ASD of the provider of the security state assertion of the terminal sends an assertion of the re-evaluation result of the terminal security state to the RSD, and the RSD adjusts according to the result.
  • the ASD of the security state asserted by the terminal may also send an assertion of the security status re-evaluation result to the terminal, so that the terminal forwards the assertion of the security status re-evaluation result to the RSD, and the RSD adjusts according to the result. Appropriate control of the terminal.
  • the trigger condition of the assertion of the security state of the terminal asserting the ASD of the provider to the RSD to send the terminal security state re-evaluation result includes, but is not limited to, the following scenario, the configuration of the security policy of the terminal ASD is changed, or the security policy configuration of the terminal ASD is configured. It is required to periodically perform a security status assessment on the terminal, or the terminal requests the ASD to re-evaluate its security status. Driven by the above trigger conditions, ASD will re-evaluate the security status of the terminal and generate a corresponding re-evaluation result, and will actively send the result of the re-evaluation to the RSD.
  • Step S203 after the initial evaluation of the terminal is completed, and the communication is established with the RSD for a period of time, when the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the ASD is required to re-evaluate the security state of the terminal and send a heavy weight for the terminal.
  • the evaluation result is asserted, the RSD can re-evaluate the terminal in time, and adjust the appropriate control of the terminal in time according to the result of the re-evaluation.
  • the RSD After the RSD completes the initial evaluation of the terminal and starts communication with the terminal, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, and requires the ASD to re-evaluate the terminal security status and send the terminal to the terminal.
  • the RSD can adjust the appropriate control of the terminal in time based on the result.
  • the RSD sends a re-evaluation request to the terminal's ASD or subscribes to the re-evaluation result information, requesting
  • ASD re-evaluates the terminal security status and sends an assertion trigger for the terminal re-evaluation result
  • the conditions include, but are not limited to, the following scenarios: RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, requires re-evaluation of the terminal, or RSD subscribes to the ASD for information about the terminal security status re-evaluation result. ASD is required to send this information to the RSD in a timely manner as soon as its evaluation results change, or to specify a fixed reassessment period or frequency.
  • step S202 the access request is specifically an assertion that the ASD sends the terminal security state re-evaluation result to the RSD.
  • step S203 the service request is specifically, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal.
  • the network for re-evaluation includes, but is not limited to, a fixed network, a wireless network, and other converged networks.
  • Step S204 When the security state assertion provided by the ASD does not meet the RSD security policy requirement, the RSD does not directly respond to the denial of access, but requests other security state assertions to the ASD, and the RSD is re-established according to the ASD. Other security state assertions provided respond to requests from the terminal.
  • step S201 the execution process of the initial evaluation when the RSD requests the terminal to access the network is as shown in FIG. 3, and includes:
  • Step S301 The terminal initiates an access request to the server of the RSD.
  • Step S302 the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
  • the security state assertion refers to a statement of terminal security status information, security evaluation results, and security event metadata associated with the terminal, and based on the security status assertion, it can be determined whether the terminal is secure.
  • Step S303 After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
  • Step S304 the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal.
  • Step S305 according to the foregoing evaluation result, the RSD makes a response whether to allow the terminal to access.
  • Step S306 the initial evaluation process is completed, and the terminal that allows access can establish a connection with the RSD to communicate.
  • the RSD can re-request new or other types of security state assertions.
  • the reassessment at this time can be determined by pre-negotiating between ASD and RSD, requiring ASD to provide up-to-date or specific security status assertion related information to complete the initial evaluation process.
  • step S202 the RSD re-evaluates the terminal in time, and adjusts the appropriate control to the terminal according to the result of the re-evaluation.
  • the execution process is as shown in FIG. 4, and the process includes: Step S401, the terminal initial The evaluation is completed and communication begins with the RSD.
  • the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access.
  • the RSD may be completely allowed to access, and the terminal may access all resources in the RSD, or may partially allow access, gP, and the terminal may only access some resources in the RSD. . If the security status of the terminal is in full compliance with the RSD policy, the terminal is allowed to access the RSD. If the security status of the terminal meets the RSD policy requirements, the RSD may only allow the terminal to access the terminal.
  • Step S402 After the terminal accesses the RSD and communicates with the RSD for a period of time, the terminal may initiate a re-evaluation request to the ASD, requesting the ASD to perform a re-evaluation process on the terminal.
  • the ASD performs security status on the terminal. Re-evaluation of information and corresponding re-evaluation results.
  • Step S403 the ASD sends the current re-evaluation result assertion to the RSD.
  • the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
  • Step S404 the RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result. Specifically, when the re-evaluation result sent by the ASD is to allow access, the terminal and the RSD can be continued. The communication between the terminal and the RSD can also be ended when the terminal security state assertion cannot satisfy the requirements of the RSD. When the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
  • timely adjustment of appropriate controls for the terminal includes but is not limited to:
  • the terminal can only partially access the RSD, and the result of the re-evaluation shows that the security status of the terminal fully complies with the RSD policy requirements, then the RSD will continue to be maintained. Communicate with the terminal, and change the access status of the terminal to fully access the RSD, and enjoy all the services of the RSD;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements.
  • the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
  • the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
  • step S203 the RSD re-evaluates the terminal in time, and adjusts the execution process of the appropriate control to the terminal according to the result of the re-evaluation.
  • the method includes the following steps: Step S501: Initial evaluation of the terminal is completed. , and start communication with the RSD.
  • the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access.
  • the RSD may be completely allowed to access, and the terminal may access all resources in the RSD. It can be partially allowed access, gP, and the terminal can only access some resources in the RSD. If the security status of the terminal fully complies with the policy requirements of the RSD, the terminal is allowed to access the RSD completely. If the security status of the terminal meets the requirements of the RSD policy, the RSD may only allow the terminal to access.
  • Step S502 After the terminal accesses the RSD and communicates with the RSD for a period of time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to send the re-evaluation result for the terminal to the RSD.
  • the RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, and requires the terminal to be re-evaluated. At this time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to re-evaluate the terminal. It is sent to the RSD. In addition, the RSD can also actively subscribe to the ASD for information about the terminal security status re-evaluation result. The ASD requests the RSD to send this information to the RSD in time, or to specify a fixed re-evaluation period or frequency.
  • Step S503 the ASD performs re-evaluation of the security status information on the terminal, and generates a corresponding re-evaluation result.
  • Step S504 the ASD sends the current re-evaluation result assertion to the RSD.
  • the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
  • Step S505 The RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result sent by the ASD.
  • the communication between the terminal and the RSD can be continued.
  • the terminal security state assertion cannot satisfy the RSD requirement, the communication between the terminal and the RSD can also be ended.
  • the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
  • timely adjustment of appropriate control for the terminal includes but is not limited to: If the initial access evaluation, the security status of the terminal only partially meets the requirements of the RSD security policy, the terminal can only partially access the RSD. The result of the reassessment shows that the security status of the terminal is in full compliance with the RSD policy requirements, then the RSD will continue to maintain communication with the terminal and connect the terminal. Into the state of the full access to the RSD, you can enjoy all the services of the RSD;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements.
  • the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
  • the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
  • step S204 the RSD does not directly reject the access response, and the execution process of requesting other security state assertions to the ASD is as shown in FIG. 6, and includes:
  • Step S601 The terminal initiates an access request to the server of the RSD.
  • Step S602 the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
  • Step S603 After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
  • Step S604 the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal, and determines that the security status assertion of the terminal does not satisfy the security policy requirement of the RSD.
  • Step S605 The RSD sends an assertion request of the other security state of the terminal to the ASD of the provider of the terminal security state assertion.
  • Step S606 after receiving the assertion request of the other security state of the RSD, the ASD responds to the other security state assertion of the terminal requested by the RSD.
  • Step S607 according to the result of the re-evaluation, the RSD makes a response whether to allow the terminal to access.
  • Step S608 the re-evaluation process is completed, and the terminal that is allowed to access can establish a connection with the RSD to communicate.
  • the terminal's access request may be denied.
  • the two network devices may be applicable to the same terminal.
  • the two network devices may belong to different security domains (or belong to the same security domain, or belong to different networks or the same network) to the same terminal.
  • This embodiment is also applicable to appropriate control of terminal security state evaluation by various networks such as enterprise networks, telecommunication networks, and mobile networks.
  • the terminal does not have to access two different security domains, but may be shared security assessment information between the same network, the same security domain, or different networks.
  • the security state of the terminal entering the network is ensured to meet the security policy requirements of the current network in the whole connection process of the terminal, and the network security is not Cause a certain threat.
  • the RSD can re-request other assertions, thereby improving the efficiency of the network.
  • a system for re-evaluating a security state according to Embodiment 3 of the present invention, as shown in FIG. 7, includes:
  • the ASD 71 is configured to re-evaluate the terminal 73 accessing the RSD 72, and send the result of the re-evaluation to the RSD 72;
  • the RSD 72 is configured to perform corresponding control of the access of the terminal 73 based on the result of the re-evaluation sent by the ASD 71.
  • the terminal 73 is configured to communicate with the RSD 72, and the terminal 73 is a device supporting a trusted network connection evaluation, and the type includes a smart terminal, a mobile phone, a personal data processor, a personal computer, a notebook, and an access point. Or several.
  • a re-evaluation module 81 configured to re-evaluate a terminal accessing the RSD
  • a sending module 82 configured to send the result of the re-evaluation by the re-evaluation module 81 to the RSD, so that the
  • the RSD makes appropriate control over the access of the terminal.
  • the re-evaluation module 81 includes:
  • the receiving unit 811 is configured to receive a re-evaluation request initiated by the terminal, to perform a re-evaluation process on the terminal.
  • the sending unit 812 is configured to send an assertion of the terminal security state re-evaluation result to the RSD after the receiving unit 811 performs the re-evaluation process on the terminal.
  • the triggering condition of the assertion of the re-evaluation result includes a change in the configuration of the security policy of the terminal ASD; the security policy configuration of the terminal ASD requires periodic assessment of the security status of the terminal; The terminal performs one or more of the security status assessments.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • a device for re-evaluating a security state according to the fifth embodiment of the present invention, the device is RSD 9, and the network device is deployed in the second security domain, as shown in FIG. 9, including:
  • the receiving module 91 is configured to receive a result of the re-evaluation from the ASD transmission
  • the control module 92 is configured to perform appropriate control on the access of the terminal according to the result of the re-evaluation received by the receiving module 91.
  • the device further includes:
  • the sending module 93 is configured to send a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the re-evaluation request or the subscription re-evaluation result information.
  • the trigger condition includes the RSD discovery The suspicious behavior of the terminal occurs; the security policy of the RSD itself is changed, and the terminal is required to be re-evaluated; the RSD subscribes to the ASD for information about the re-evaluation result of the security status of the terminal, and the requirement is as described above.
  • the evaluation result changes, and the ASD sends the evaluation result information to the RSD in time, or specifies one or several of the fixed re-evaluation periods.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • the present invention can be implemented by hardware, or can be implemented by means of software plus a necessary general hardware platform.
  • the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un procédé, à un système et à un dispositif destinés à réévaluer un état de sécurité. Ledit procédé comprend les étapes suivantes : le terminal qui accède au deuxième domaine de sécurité est réévalué; le résultat de ladite réévaluation est envoyé audit deuxième domaine de sécurité. Au moyen de la réévaluation effectuée une fois que le terminal a accédé au domaine de sécurité de confiance (RSD), la présente invention garantit que l'état de sécurité du terminal qui accède au réseau satisfait toujours aux exigences de politique de sécurité du réseau actuel dans tout le processus de connexion du terminal et ne menace pas la sécurité du réseau dans une certaine mesure.
PCT/CN2009/072555 2008-09-28 2009-06-30 Procédé, système et dispositif destinés à réévaluer un état de sécurité WO2010034209A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810168480.7 2008-09-28
CNA2008101684807A CN101582792A (zh) 2008-09-28 2008-09-28 一种安全状态重评估的方法、***及装置

Publications (1)

Publication Number Publication Date
WO2010034209A1 true WO2010034209A1 (fr) 2010-04-01

Family

ID=41364767

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/072555 WO2010034209A1 (fr) 2008-09-28 2009-06-30 Procédé, système et dispositif destinés à réévaluer un état de sécurité

Country Status (2)

Country Link
CN (1) CN101582792A (fr)
WO (1) WO2010034209A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917430B (zh) * 2010-08-11 2012-05-23 西安西电捷通无线网络通信股份有限公司 适合协同可信网络连接模型的间接交互实现方法及其***
CN104618395B (zh) * 2015-03-04 2017-08-25 浪潮集团有限公司 一种基于可信网络连接的动态跨域访问控制***及方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location
CN1656773A (zh) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 用于对服务供应商的服务验证用户的方法
CN101242272A (zh) * 2008-03-11 2008-08-13 南京邮电大学 基于移动代理和断言的网格跨域安全平台的实现方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656773A (zh) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 用于对服务供应商的服务验证用户的方法
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location
CN101242272A (zh) * 2008-03-11 2008-08-13 南京邮电大学 基于移动代理和断言的网格跨域安全平台的实现方法

Also Published As

Publication number Publication date
CN101582792A (zh) 2009-11-18

Similar Documents

Publication Publication Date Title
EP3657894B1 (fr) Procédé de gestion de sécurité de réseau et appareil
EP2941855B1 (fr) Authentification d'un dispositif sans fil accueilli auprès d'un service d'accueil sans fil
WO2021018200A1 (fr) Procédé et appareil de gestion de session
WO2014101228A1 (fr) Système, passerelle, serveur mandataire et procédé de présentation de capacités d'un réseau sans fil
US20150009862A1 (en) Wireless Network Connection Establishment Method and Terminal Device
KR101574827B1 (ko) 데이터 통신용 컴퓨터를 동작하는 방법, 컴퓨터 프로그램 제품 및 전자 디바이스
US20100284299A1 (en) Support of home network base station local internet protocol access
WO2006069522A1 (fr) Procede, systeme et appareil permettant de realiser la securite d'un service de donnees d'un systeme de communication mobile
WO2018161802A1 (fr) Procédé et dispositif de commande de flux de trafic
WO2022179614A1 (fr) Procédé et appareil de mise en œuvre de service de puissance de calcul natif, dispositif de réseau et terminal
US20150230074A1 (en) Charging Control Method, Device, and System for Data Service of Roaming Subscriber
WO2022233265A1 (fr) Procédé et appareil d'accès à un réseau
WO2009092315A1 (fr) Procédé d'accès à un réseau personnel sans fil
JP2023519873A (ja) 接続確立方法、通信装置、およびシステム
TW202203110A (zh) 關於區塊鏈啟用無線系統中的交易管理的方法、架構、設備、及系統
EP3906713B1 (fr) Fourniture d'accès réseau par l'intermédiaire d'un partage pair à pair de dispositif mobile
WO2017091951A1 (fr) Procédé et équipement d'utilisateur permettant d'exécuter une notification de messages système
WO2009105976A1 (fr) Procédé, système et dispositif de commande d'autorisation
WO2013182126A1 (fr) Procédé et plate-forme de gestion et de commande unifiée pour terminal omniprésent
WO2018188426A1 (fr) Procédé et dispositif de commande de transmission de message
WO2010034209A1 (fr) Procédé, système et dispositif destinés à réévaluer un état de sécurité
WO2012146202A1 (fr) Procédé et système servant à établir une connexion de commande de ressource radio
US8950000B1 (en) Application digital rights management (DRM) and portability using a mobile device for authentication
WO2023184561A1 (fr) Procédés et appareils de communication par relais, dispositif de communication et support de stockage
WO2022032692A1 (fr) Procédé, appareil et système de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09815579

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09815579

Country of ref document: EP

Kind code of ref document: A1