30 results about "Network Access Protection" patented technology

A system or method for network access protection executes steps for receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password, obtaining a client machine identifier from the client machine in response to receiving the request for access, and controlling access to the network resource in response to the access request by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information.

The invention discloses a trusted network access and access control system. The control system comprises a network access requester, a network access decision-maker and a network access controller. When the network access requester accesses to the network, platform identity authentication is carried out, and secure and trusted states of the requester are detected; the secure and trusted states are sent to the network access decision-maker, and the decision-maker judges the secure and trust level of the requester and gives a network access decision; the network access decision is sent to the network access controller, and the controller limits the requested network access. The invention further discloses a trusted network access and access control method. The control system carries out the platform identity authentication on the basis of TCM and ensures the network access control while avoids identity forging. Network areas are divided on the basis of a digital label technology and dynamically updated, network self-adaption is realized, and the access security of different logical areas is ensured. Secure and trusted strategies are configured, and combined with the TCM cryptographic algorithm, so that the security and credibility of the platform state of the requester are ensured.

The invention provides a dynamic networking method and equipment for network access points. According to the embodiment of the invention, the traditional network-centered idea is changed into the user-centered idea and services are provided for users, thereby preventing the user from sensing the network environment frequently and providing a data transmission service of the user in a low-speed or static mode by an APG. Moreover, during the movement process of the user, the user service transmission can be realized based on dynamic APG updating and AP cooperation in the APG. Therefore, the number of times for user switching can be reduced and user switching in the APG does not need to use the core network, thereby reducing the signaling load of the core network.

Aspects of the present disclosure provide for yield management models for dynamically pricing access to wireless communication services. In some examples, access to a network is intermediated by a surrogate access point, which may act as a proxy or relay, expanding communication services to client devices that otherwise may lack a subscription, or may lack a suitable communication interface, to communicate directly with the wireless network. Here, the surrogate access point may be a subscriber device or user equipment. By utilizing the yield management model, the surrogate access point may receive compensation for sharing its connection to the network with nearby client devices. Other aspects, embodiments, and features are also claimed and described.

The invention discloses a trusted network access method and a trusted network access system for a mobile terminal, and belongs to the technical field of trusted network access. The method comprises the following steps that: 1) the mobile terminal loads an integrity measurement collector and detects the integrity of the integrity measurement collector, and a policy decision point loads an integrity measurement verifier and detects the integrity of the integrity measurement verifier; 2) the mobile terminal transmits a network access request to a policy enforcement point; 3) after receiving the network access request, the policy enforcement point transmits a network access judgment request to the policy decision point, and authenticates the user identity of the mobile terminal; 4) after the user identity passes authentication, platform identity authentication is performed between the policy decision point and the mobile terminal, the policy decision point and the mobile terminal mutually authenticate system integrity, and a platform trust relationship between the policy decision point and the mobile terminal is established; and 7) the policy decision point transmits a suggestion indicating whether to access the policy enforcement point according to the platform trust relationship, and the policy enforcement point authorizes network access permission to the mobile terminal according to the suggestion. By the method and the system, network resources can be well protected.

The invention provides a download method and a download system based on a home gateway, and the home gateway, and the home gateway, wherein the method comprises the following steps: a download request message, including the document address and the document name of at least one document to be downloaded, sent by a user terminal is received by the home gateway; if the downlink data in the network access process does not appear within the preset time of a first downlink channel used for performing the network access, the document corresponding to the document address and the document name is downloaded through the first downlink channel, and the downloading of the document is stopped until the downlink data occur on the first downlink channel. Through the download method and the download system based on the home gateway, and the home gateway provided by the invention, the document can be downloaded through the home gateway when the user terminal does not perform the network access, thereby the network bandwidth is more fully and reasonably utilized, the download in the prior art when the user terminal performs the network access is avoided; and the occupation of a large quantity of bandwidths can influence the normal network access business of a user.

A technique for downloading a profile for access to a communication network by a security module. This access profile has been prepared by a network operator and is available from a server configured to provide this access profile by downloading to the security module. The security module obtains a first verification datum prepared by the network operator. A secure downloading session is established thereafter. During establishment, session keys are jointly generated between the server and the security module and the server is authenticated by the security module using a public downloading key. The security module verifies authenticity of the public downloading key by using the first verification datum enabling verification that the server uses a secret downloading key corresponding to that provided by the network operator during preparation of the first verification datum. When the public downloading key is not authentic, the security module interrupts downloading of the access profile.

Improved techniques for implementing Network Copy Protection for database programs are disclosed. The techniques can provide Network Copy Protection across various platforms and/or connection protocols. Accordingly, the database programs can detect unlicensed use of the software even when different platforms and/or connection protocols are used by two instances (software copies) of the same database program. When unlicensed use of software is detected, access to data can be denied. As will be appreciated, in addition to supporting more conventional communication protocols, more prevalent connection protocols can be supported.

The invention discloses a network access method and system based on access authentication, wherein the method comprises the steps of: S10, judging whether information in an access authentication success state is sent to a terminal or not; S20, if the fact that the information in the access authentication success state is sent is determined, redirecting a page accessed by the terminal; and S30, according to the redirected page information, controlling the terminal and a network server to establish a session, so that access is realized. By means of the access method, the problem that a current wireless product cannot access a network for a short time in a network access process after access authentication based on a hypertext transfer protocol over a secure socket layer is successful can be solved; access is relatively efficient and intelligent; and thus, the user experience is relatively smooth.

The invention discloses a network audit subsystem applied to a cloud audit system. The network audit subsystem comprises a network audit processing engine, a host traffic acquisition proxy and a network traffic acquisition proxy, wherein the network audit processing engine is used for auditing virtual machine traffic and physical machine traffic in a network acquired from cloud data; the host traffic acquisition proxy is used for acquiring the virtual machine traffic and distributing the virtual machine traffic to the network audit processing engine; and the network traffic acquisition proxy is used for acquiring the physical machine traffic and distributing the physical machine traffic to the network audit processing engine. The invention generally aims to acquire network data packets from network equipment, hosts and the like for analyzing and recording according to a certain rule and strategy setting. All acquired network access records are written into a database; the system can perform work such as network security vulnerability analysis and intrusion detection; data can be supplied to an audit data center for analysis, presentation and the like; and the data are to be storedin the database for later checking.

The invention relates to an intelligent network firewall device which comprises a firewall module used for limiting data traffic in accordance with a blocking strategy according to the issued blocking strategy, a honey pot module used for arranging a virtual honey pot system in accordance with preset requirements using unoccupied Internet protocol (IP) addresses and/or ports in a network, monitoring access traffic to the virtual honey pot system, and then determining and recording attack IP addresses and/or ports according to the access traffic, and a safety strategy module used for generating a new blocking strategy according to the attack IP addresses and/or ports recorded by the honey pot module and issuing the net blocking strategy to the firewall module. The invention further relates to a network attack protection method. The virtual honey pot system in a firewall device is used for attracting illegal network attacks, and therefore network attack IP addresses and/or ports can be identified, the safety strategies of the firewall device are dynamically adjusted, the network attack situation which changes dynamically can be adapted to, and new network safety requirements can be adapted to.

The invention relates to an environment information collection method and device for the network access party. The method comprises that present operation data of the network access party is obtained; according to the operate data, whether operation of the network access party satisfies the monitoring condition is determined; when the operation of the network access party satisfies the monitoring condition, an environment information collection command is sent to an access device corresponding to the network access party so that the access device collects environment information of the network access party; and the environment information collected by the access device is received and stored. According to the environment information collection method and device provided by the invention, more detailed information of the network access party can be collected, and hidden safety troubles in operation can be fundamentally solved.

The invention discloses a dynamic cookie verification method and device for network protection, the cookie in the http request transmitted by the client can be verified; after verification, the http request is sent to the server for processing; a network attacker is prevented from using a large number of unverified requests to carry out DDOS attack on the server and comsuming processing resourcesof servers, and the network infrastructure will not be paralyzed and even damaged; meanwhile, for the http request which does not pass the verification, the behavior of the client side is judged through the inserted cookie processing module, and after it is judged that the behavior of the client side is a safe and normal machine rather than an automatic malicious program, the client side can be screened to prevent malicious attacks.

The invention discloses a network access method in a charge overdue and out-of-service state, a distribution server as well as a system. The method comprises the following steps: whether a mobile terminal is in the charge overdue and out-of-service state is judged, a traffic-free mode is started, a data access request for network access is sent to a proxy server in the mode when the mobile terminal is in the charge overdue and out-of-service state, wherein the data access request contains the communication identification of the mobile phone, and the communication identification has traffic-free internet surfing permission when the mobile terminal is in the charge overdue and out-of-service state; the mobile terminal receives requested data acquired by the proxy server from a resource server on the basis of the data access request, data transmission during network access is marked with traffic-free identification, and all or part of data traffic produced in the network access process of the mobile terminal is calculated into an assigned service provider by a mobile network operator on the basis of the traffic-free identification, so that the technical problem that network access cannot be performed through the network of the mobile network operator when the mobile terminal is in the charge overdue and out-of-service state in the prior art is solved.