会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明公开
    • NETWORK SECURITY METHOD AND DEVICE
    • NETZWERKSICHERHEITSVERFAHREN UND -VORRICHTUNG
    • EP3062466A1
    • 2016-08-31
    • EP14863034.6
    • 2014-11-12
    • Huawei Technologies Co., Ltd.
    • XU, YibinSUN, BingLI, Jun
    • H04L12/701H04L9/00
    • H04L63/20H04L63/0218H04L63/0236H04L63/104
    • Embodiments of the present invention provide a network security method and a device. The method includes: receiving, by a network device, a first data packet that includes a first security group tag (SGT), where the first SGT is used to identify a security group to which the first data packet belongs; recording a first correspondence, where the first correspondence is a correspondence between the first SGT and a source IP address of the first data packet; receiving a second data packet, where a destination IP address of the second data packet is the source IP address of the first data packet; acquiring the first SGT according to the destination IP address of the second data packet and the first correspondence; and acquiring, according to the acquired first SGT and a preset second correspondence, a network security policy and executing the policy on the second data packet, where the second correspondence is a correspondence between the first SGT and the network security policy.
    • 本发明的实施例提供一种网络安全方法和装置。 该方法包括:由网络设备接收包括第一安全组标签(SGT)的第一数据分组,其中第一SGT用于标识第一数据分组所属的安全组; 记录第一对应关系,其中第一对应关系是第一SGT与第一数据包的源IP地址之间的对应关系; 接收第二数据分组,其中第二数据分组的目的地IP地址是第一数据分组的源IP地址; 根据第二数据包的目的IP地址和第一对应来获取第一SGT; 并且根据所获取的第一SGT和预设的第二对应关系,获取网络安全策略并对第二数据分组执行策略,其中第二对应关系是第一SGT与网络安全策略之间的对应关系。
    • 4. 发明公开
    • PACKET PROCESSING METHOD, APPARATUS, AND DEVICE
    • 分组处理方法,装置和设备
    • EP3169036A1
    • 2017-05-17
    • EP16196618.9
    • 2016-10-31
    • Huawei Technologies Co., Ltd.
    • XU, YibinSUN, Bing
    • H04L29/06H04L12/70
    • The present invention discloses a packet processing method, apparatus, and device, and relates to the field of communications technologies. The method includes: receiving, by a forwarding plane, an item from a control plane of the forwarding plane, where the item includes an identifier of a connected terminal; receiving an access protocol packet; when the forwarding plane determines that the access protocol packet is not an authentication start packet, determining, by the forwarding plane according to the identifier of the connected terminal, whether a terminal served by the access protocol packet is the connected terminal, where the authentication start packet is an authentication packet that is used to start an authentication process for a terminal served by the authentication start packet; and discarding, by the forwarding plane, the access protocol packet when the access protocol packet is not the authentication start packet and when the terminal served by the access protocol packet is not the connected terminal. The present invention can improve user experience.
    • 本发明公开了一种报文处理方法,装置和设备,涉及通信技术领域。 该方法包括:转发平面接收来自转发平面的控制平面的物品,该物品包括连接终端的标识; 接收访问协议分组; 当所述转发平面确定所述接入协议报文不是认证开始报文时,所述转发平面根据所述连接终端的标识确定所述接入协议报文服务的终端是否为连接终端,所述认证开始 分组是用于启动由认证开始分组服务的终端的认证过程的认证分组; 当所述接入协议报文不是所述认证开始分组时,以及所述接入协议分组服务的终端不是所述连接终端时,所述转发平面丢弃所述接入协议报文。 本发明可以改善用户体验。
    • 7. 发明公开
    • METHOD, DEVICE AND SYSTEM FOR TRANSMITTING PACKET IN MULTICAST DOMAIN NAME SYSTEM
    • VERFAHREN,VORRICHTUNG UND SYSTEM ZURPAKETÜBERTRAGUNGIN EINEM MULTICAST-DOMENNENNAMENSYSTEM
    • EP3013020A1
    • 2016-04-27
    • EP14822797.8
    • 2014-07-01
    • Huawei Technologies Co., Ltd.
    • WANG, ChunningXU, Yibin
    • H04L29/12
    • H04L61/1511H04L12/18H04L12/4641H04L61/1541H04L61/6013H04L67/16
    • The present invention discloses a packet transmission method, apparatus, and system in a multicast domain name system mDNS, which are used to resolve a network bandwidth waste problem because generally much service information needs to be transmitted in an mDNS-based network. The method includes: converting, by a relay, a Known-Answer service query packet that is sent by a user terminal and used to query service information in an mDNS, into a unicast Known-Answer service query packet and sending the unicast Known-Answer service query packet to a gateway; receiving, by the relay, a unicast Known-Answer service answer packet that is sent by the gateway and includes service information unknown to the user terminal; and converting, by the relay, the unicast Known-Answer service answer packet into a multicast Known-Answer service answer packet and sending the multicast Known-Answer service answer packet to the user terminal.
    • 本发明公开了一种组播域名系统mDNS中的分组传输方法,装置和系统,用于解决网络带宽浪费问题,因为在基于mDNS的网络中需要传送大量服务信息。 该方法包括:通过中继将由用户终端发送并用于查询mDNS中的服务信息的已知应答服务查询分组转换为单播已知应答业务查询报文,并发送单播已知应答 业务查询报文到网关; 由所述中继器接收由所述网关发送的单播已知应答服务应答分组,并且包括所述用户终端未知的服务信息; 并通过中继将单播已知应答业务应答报文转换为组播已知应答业务应答报文,并向用户终端发送组播已知应答业务应答报文。
    • 8. 发明公开
    • ACCESS MANAGEMENT METHOD, AUTHENTICATION POINT, AND AUTHENTICATION SERVER
    • EP4192063A1
    • 2023-06-07
    • EP21857421.8
    • 2021-07-14
    • Huawei Technologies Co., Ltd.
    • HE, BinWENG, CairenXU, YibinWANG, Sisheng
    • H04W12/06
    • This application discloses an access management method, an authenticator, and an authentication server, applied to a scenario in which a terminal device accesses a network (for example, a campus network). After completing authentication, a terminal device sends a first packet to an authenticator, where the first packet carries a first IPv6 address of the terminal device and a MAC address of the terminal device. When determining that the first IPv6 address is a new IPv6 address, the authenticator sends, to an authentication server, a second packet carrying the first IPv6 address and the MAC address, so as to indicate the authentication server to send a first authorization policy to a policy enforcement point based on the first IPv6 address. The authenticator can send the new IPv6 address to the authentication server, to enable the authentication server to formulate the first authorization policy for network admission based on the first IPv6 address. Therefore, a service packet of the terminal device can be transmitted, through the policy enforcement point, to an address or a network segment that allows a user to access. Therefore, even if the IPv6 address of the terminal device changes, it can be ensured, as much as possible, that a service is not interrupted.
    • 10. 发明授权
    • METHOD, DEVICE AND SYSTEM FOR CONTROLLING ACCESS OF USER TERMINAL
    • 用于控制用户终端访问的方法,设备和系统
    • EP3001635B1
    • 2017-06-07
    • EP14822073.4
    • 2014-07-01
    • Huawei Technologies Co., Ltd.
    • SUN, BingXU, YibinTANG, Penghe
    • H04L29/06H04W12/08H04W12/06H04L29/08H04L29/12
    • H04L63/0876H04L61/6022H04L63/102H04L67/141H04W12/06H04W12/08
    • The present invention discloses a method, an apparatus, and a system for controlling access of a user terminal, where the method includes: receiving, by a controller, an authentication packet sent by an access switching node through an established data tunnel; obtaining, by the controller, a MAC address in a source MAC address field of the authentication packet; after access authentication implemented on a user terminal corresponding to the obtained MAC address succeeds, determining, from a maintained correspondence between a MAC address of a user terminal and an interface identifier, an interface identifier corresponding to the MAC address of the successfully-authenticated user terminal, where the interface identifier is an interface identifier of an interface on the access switching node connected to the user terminal; and sending, by the controller, the determined interface identifier to the access switching node through a control tunnel established between the controller and the access switching node, and instructing the access switching node to enable the interface corresponding to the interface identifier. In this way, network security can be improved in a case in which an implementation procedure of access authentication implemented on a user terminal is simplified.
    • 本发明公开了一种控制用户终端接入的方法,装置和系统,所述方法包括:控制器接收接入交换节点通过建立的数据隧道发送的认证报文; 所述控制器获取所述认证报文的源MAC地址字段中的MAC地址; 在所述获取的MAC地址对应的用户终端上实现的接入认证成功后,根据维护的用户终端的MAC地址与接口标识的对应关系,确定所述认证成功的用户终端的MAC地址对应的接口标识 所述接口标识为所述用户终端连接的接入交换节点上的接口的接口标识; 所述控制器通过所述控制器与所述接入交换节点之间建立的控制通道向所述接入交换节点发送所述确定的接口标识,并指示所述接入交换节点启用所述接口标识对应的接口。 这样,在用户终端实现接入认证的实现过程简化的情况下,可以提高网络安全性。