Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Terminal-based network access control system

A network access control and access control list technology, which is applied in the field of computer communication, can solve problems such as high hardware requirements, inability to isolate, administrator maintenance problems, etc., and achieve the effect of simple configuration and maintenance and protection of security

Active Publication Date: 2012-07-18
FUJIAN CENTM INFORMATION
View PDF3 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Traditional network isolation technology control is generally implemented by configuring switches or firewalls, which has high hardware requirements and poor compatibility. When user access rights need to change dynamically, frequent switch settings must be set, and switches are mostly Scattered, it is very troublesome to configure, and configuring a large number of ACLs (Access Control List) on the switch or firewall will affect the performance of the switch, resulting in a decrease in network performance, and some non-network management switches cannot support such configurations; at the same time, for users External 3G network card or wireless network card and other Internet access methods, it is impossible to restrict network access and control network traffic by configuring switches or firewalls
[0003] In the traditional network isolation technology, if it is necessary to limit the access rights of a certain terminal to the network, it is necessary to configure the firewall, or the ACL table or VLAN (Virtual Local Area Network) of devices such as switches. Frequently changing the configuration of the switch or firewall increases the pressure on the hardware and also brings difficulties to the maintenance of the administrator. At the same time, the traditional method can only limit the data flow through the switch or the firewall. The wireless network card, 3G network card and other equipment cannot be limited
Its traditional network isolation technology has the complexity and equipment compatibility issues brought by a large number of configurations, as well as the following security issues:
It is necessary to configure the switches connected by users to restrict their access to the network
If unmanaged switches are used on the access layer, they cannot be effectively isolated
[0005] 2) If users access the Internet through an external 3G network card or wireless network card, they cannot achieve the purpose of restricting network access and controlling network traffic by configuring switches or firewalls, thus causing security risks
However, this invention cannot dynamically change the network access rights of the client according to the security of the client itself, including switching between internal and external networks; it cannot dynamically configure security control information, and cannot restrict the client from connecting to other networks to bypass network access control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Terminal-based network access control system
  • Terminal-based network access control system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] See figure 1 As shown, a terminal-based network access control system of the present invention includes a network admission control module 1, a network restriction module 2, and a network card middle layer filter drive module 3;

[0019] The network admission control module 1 performs network authentication according to the identity of the user to determine whether the terminal device used by the user is allowed to connect to the network;

[0020] The network restriction module 2 is responsible for parsing the network access control policy issued by the server, and converting it into an access control list (ie ACL table) that can be processed by the network card middle layer filter driver module 3. The access control list Including the IP address / IP address range field, the local port range field, the remote port range field, the protocol type field used by the internet, the flow direction field and authority field of the network data frame in the terminal device; the access...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a terminal-based network access control system. The terminal-based network access control system comprises a network access control module, a network limit module and a network card middle layer filtering driving module, wherein the network access control module performs network authentication according to the identity of a user to determine whether to allow terminal equipment used by the user to connect a network; the network limit module is used for analyzing a network access control policy transmitted by a server, converting the network access control policy into an access control list and distributing the access control list to the network card middle layer filtering driving module; and the network card middle layer filtering driving module is used for filtering data frames received by a network card of the terminal equipment to intercept network access action forbidden in the network access control policy. By the system, network access actions to a computer can be limited at a terminal, and different computers or users can only access to appointed networks. Under the condition that the safety state of the user is changed, the user can be isolated in an appointed network area, and influence to others is prevented.

Description

【Technical Field】 [0001] The invention relates to the field of computer communication, in particular to a terminal-based network access control system. 【Background technique】 [0002] Traditional network isolation technology control is generally achieved by configuring switches or firewalls. It has high hardware requirements and poor compatibility. When user access rights need to be dynamically changed, frequent switches need to be set, and most switches Distributed, it is very troublesome to configure, and the configuration of a large number of ACLs (access control lists) on the switch or firewall will affect the performance of the switch, resulting in a decrease in network performance. Some non-network management switches cannot support this type of configuration; at the same time, for users If you connect an external 3G network card or wireless network card to access the Internet, you cannot configure a switch or firewall to limit network access and control network traffic. [...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 张辉
Owner FUJIAN CENTM INFORMATION
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com