Method, device and system for realizing secure access

An access device and secure access technology, applied in the field of information security, can solve problems such as the inability to solve multi-VPN services, the inability to implement fine-grained access rights allocation and flexible changes for users, etc.

Active Publication Date: 2019-05-07
CHINA TELECOM CORP LTD
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] A technical problem solved by the embodiments of the present disclosure is that fine-grained user access rights allocation and flexible change cannot be realized, and the problem of supporting multiple VPN services isolated from each other on the same network infrastructure cannot be solved.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for realizing secure access
  • Method, device and system for realizing secure access
  • Method, device and system for realizing secure access

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0072] The following will clearly and completely describe the technical solutions in the embodiments of the present disclosure with reference to the accompanying drawings in the embodiments of the present disclosure. Apparently, the described embodiments are only some of the embodiments of the present disclosure, not all of them. The following description of at least one exemplary embodiment is merely illustrative in nature and in no way intended as any limitation of the disclosure, its application or uses. Based on the embodiments in the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present disclosure.

[0073] Relative arrangements of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.

[0074] At the same time, it should be understood ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method, a device and a system for realizing secure access, and relates to the field of information security. Wherein when the control device successfully authenticates the authentication information sent by the user terminal, the control device instructs the access device to establish a VPN tunnel with the user terminal; Sending authorization information corresponding to the user authority to an access device, so that the access device distributes a virtual network tag and an NAT address for the user terminal; And an access control strategy is arranged by using the user permission and the access control strategy is sent to the access device, so that the access device performs corresponding access control strategy configuration, and the service data flow of the userterminal is audited so as to perform corresponding security access control on the service data flow. According to the invention, fine-grained access authority distribution and flexible change of theuser are realized through combination of authentication and the access control strategy, so that a security control mechanism is independent from an underlying equipment processing level, and the problem that multiple VPN services isolated from each other are supported on the same network infrastructure is solved.

Description

technical field [0001] The present disclosure relates to the field of information security, in particular to a method, device and system for implementing secure access. Background technique [0002] During the process of migrating the enterprise network to the cloud, there is a need for users to remotely access the cloud resource pool. Currently, VPN (Virtual Private Network, virtual private network) is the main method of remote access. [0003] There are two problems in remote access to the cloud resource pool through VPN: First, the granularity of access control is not fine enough, all resource access within the access range can only be fully allowed or completely denied, and different access rights cannot be set according to user identification. It is also impossible to trace user behavior; in addition, each virtual private cloud carried requires an independent VPN device, which requires high construction costs and requires a fixed network topology, making it difficult t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/46H04L29/06H04L29/12
Inventor 樊宁何明沈军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products