[go: up one dir, main page]

WO2016082363A1 - Procédé et appareil de gestion de données d'utilisateur - Google Patents

Procédé et appareil de gestion de données d'utilisateur Download PDF

Info

Publication number
WO2016082363A1
WO2016082363A1 PCT/CN2015/073522 CN2015073522W WO2016082363A1 WO 2016082363 A1 WO2016082363 A1 WO 2016082363A1 CN 2015073522 W CN2015073522 W CN 2015073522W WO 2016082363 A1 WO2016082363 A1 WO 2016082363A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
access
global
ipsec
service card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/073522
Other languages
English (en)
Chinese (zh)
Inventor
唐骁琨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016082363A1 publication Critical patent/WO2016082363A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks

Definitions

  • the present invention relates to the field of communications, and in particular to a user data management method and apparatus.
  • IPsec Internet Protocol Security
  • IETF Internet Engineering Task Force
  • IPsec remote access is a virtual private network (VPN) access technology based on IPsec tunnel encryption protection.
  • VPN virtual private network
  • remote access uses a client-server model.
  • IKE Internet Key Exchange
  • remote access requires extended authentication and mode configuration exchange between the first phase and the second phase.
  • the first phase provides device-level authentication by means of a pre-shared key or certificate; and the extended authentication is outside the use of existing widely used authentication mechanisms, such as Remote Authentication Dial-In User Service (Remote Authentication Dial-In User Service, RADIUS), Secure ID (SecurID) and One Time Programmable (OTP) provide user-level authentication.
  • RADIUS Remote Authentication Dial-In User Service
  • SecurID Secure ID
  • OTP One Time Programmable
  • the client After the client expands the authentication, it enters the mode configuration exchange phase.
  • the client obtains the configuration information required to access the internal network from the IPsec VPN gateway, including the internal IP address assigned by the gateway, the internal DNS server, and the IP address of the WINS server.
  • the IKE is negotiated in the second phase to generate a security association. The negotiation is complete. After that, the remote client can access the internal network resources protected by the IPsec VPN gateway by using the assigned internal IP address under the protection of the previously established IPsec tunnel.
  • the IPsec VPN gateway is responsible for managing and maintaining remote access client information.
  • all remote users are connected to the master to facilitate maintenance of user information.
  • the capacity of the centralized system access user is limited.
  • the device usually needs to bear other services at the same time.
  • the user access speed and IPsec packet processing performance are weak.
  • Distributed systems have significant advantages over centralized systems in terms of performance and capacity.
  • the distributed system is generally composed of the main control, line card, and IPsec service card.
  • the main control is mainly responsible for various management tasks, such as gateway configuration management and routing table management;
  • the line card is mainly responsible for packet forwarding;
  • the service card is mainly responsible for processing application protocols.
  • the IPsec protocol, the hardware encryption and decryption chip of the service card can provide powerful IPsec processing capability.
  • the IPsec service cards are processed at the same time, and the problem introduced is that users are distributed over multiple service cards, resulting in very complicated user management.
  • the present invention provides a user data management method and apparatus, so as to at least solve the problem that the related technology is reduced in management efficiency due to excessive access users.
  • a user data management method including:
  • the user information in the user information list includes at least one of the following: a user group, a service card address, and IPsec configuration information, where the IPsec configuration information is used to configure an intranet resource for the access user; the user information list further includes: The user index table is used to index access users.
  • the access user index table is composed of an IPsec interface and a user intranet IP.
  • the accessed user is managed by the global user table by at least one of the following methods:
  • the first step is to determine, according to the preset threshold, whether the number of access users in the user group is greater than a preset threshold in the global user table; if the determination result is yes, the access interface is closed;
  • an abnormal service card is obtained by querying the global user table; all users on the upper line in the abnormal service card are deleted;
  • the access user is searched according to the access user index table, and the preset operation is performed on the access user.
  • the preset operation includes at least one of the following: query and delete.
  • the method further includes: generating an entry according to the user information in the global user table; and establishing communication with the user access device according to the entry.
  • establishing communication with the user access device according to the entry includes: mode 1: receiving an encrypted message sent by the user access device; decapsulating the encrypted message by using an Internet protocol security IPsec, and obtaining the decapsulated inner layer The packet is sent to the intranet device corresponding to the user access device.
  • mode 1 receiving an encrypted message sent by the user access device; decapsulating the encrypted message by using an Internet protocol security IPsec, and obtaining the decapsulated inner layer The packet is sent to the intranet device corresponding to the user access device.
  • the second method is to receive the plaintext sent by the intranet device, and encapsulate the plaintext by using the Internet Protocol security IPsec to obtain the encapsulated packet; and send the packet to the user access device.
  • a user data management apparatus including:
  • a receiving module configured to receive a list of user information including Internet Protocol security IPsec configuration information; a generating module configured to generate a global user node according to user information in the user information list; and a management module configured to join the global user node to the global user In the table, users who are accessed through the global user table are managed.
  • the user information in the user information list includes at least one of the following: a user group, a service card address, and IPsec configuration information, where the IPsec configuration information is used to configure an intranet resource for the access user; the user information list further includes: The user index table is used to index access users.
  • the access user index table is composed of an IPsec interface and a user intranet IP.
  • the management module is configured to manage the accessed user through the global user table by using at least one of the following manners: the first management unit is configured to determine, according to the preset threshold, whether the number of access users of the user group is in the global user table. If the result is YES, the access interface is closed; the second management unit is configured to obtain an abnormal service card by querying the global user table; deleting all users of the online line in the abnormal service card; The management unit is configured to search for an access user according to the access user index table, and perform a preset operation on the access user, where the preset operation includes at least one of the following: querying and deleting.
  • the device further includes: an entry generating module, configured to generate a table according to user information in the global user table after managing the accessed user through the global user table; and the communication module is configured to generate according to the entry generating module The entry establishes communication with the user access device.
  • an entry generating module configured to generate a table according to user information in the global user table after managing the accessed user through the global user table
  • the communication module is configured to generate according to the entry generating module The entry establishes communication with the user access device.
  • the communication module includes: a first receiving unit configured to receive an encrypted message sent by the user access device; and a decapsulation unit configured to perform Internet Protocol security IPsec decapsulation on the encrypted message received by the first receiving unit And obtaining the decapsulated inner layer packet; the first sending unit is configured to send the decapsulated memory message to the intranet device corresponding to the user access device; or the second receiving unit is configured to receive the intranet The plaintext sent by the device; the encapsulation unit is configured to encapsulate the plaintext through the Internet Protocol security IPsec encapsulation, and the second sending unit is configured to send the packet to the user access device.
  • a user information list containing Internet Protocol security IPsec configuration information is received; a global user node is generated according to user information in the user information list; and a global user node is added to the global user table.
  • the problem of reduced management efficiency due to excessive access users is solved, thereby improving the efficiency of managing access users.
  • FIG. 1 is a flowchart of a user data management method according to an embodiment of the present invention.
  • FIG. 2 is a structural diagram of a user information list according to an embodiment of the present invention.
  • FIG. 3 is a structural diagram of managing a user through a global user table according to an embodiment of the present invention.
  • FIG. 4 is a block diagram showing the structure of a user data management apparatus according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • FIG. 6 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • FIG. 7 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • FIG. 8 is a schematic illustration of an operating environment suitable for use in accordance with an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of a process for processing an IPC VPN gateway to a client access request according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a user data management method according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • Step S102 Receive a user information list including Internet Protocol security IPsec configuration information.
  • Step S104 Generate a global user node according to the user information in the user information list.
  • Step S106 The global user node is added to the global user table, and the accessed user is managed by the global user table.
  • the user data management method provided by the embodiment of the present invention is applicable to an Internet Protocol Security (IPsec) gateway device, where at least one of the following is included in the gateway device: a main control, a service card, and a line card.
  • Steps 102 to 106 are applied to the master control.
  • the master generates a global user node according to the user information in the user information list reported by the received service card, and adds the generated global user node to the global user table, and manages the global user table.
  • Access user Before the step 102, the service card receives the negotiation form of the access user forwarded by the line card, performs IPsec processing according to the negotiation message, and obtains the internal network address and user group configuration information corresponding to the access user, and according to the above internal network address. And the user group configuration information is generated on the user node of the service card, and the user node is added to the user information list of the service board, and the user information list is uploaded to the main control, and then step S102 is performed.
  • IPsec Internet Protocol
  • the user information list including the Internet Protocol security IPsec configuration information is received; the global user node is generated according to the user information in the user information list; the global user node is added to the global user table, and the access is managed through the global user table.
  • the user solves the problem that the management efficiency is reduced due to too many access users, thereby achieving the effect of improving the management efficiency of the access user.
  • the user information in the user information list includes at least one of the following: a user group, a service card address, and IPsec configuration information, where the IPsec configuration information is used to configure an intranet resource for the access user;
  • the user information list further includes: an access user index table, which is used to index the access user, and the access user index table is composed of an IPsec interface and a user intranet IP.
  • FIG. 2 is a structural diagram of a user information list according to an embodiment of the present invention, including:
  • the user information list in the service card uses the IPsec interface and the user intranet IP as an index, and is used to index the corresponding user node;
  • the user information stored at the user node includes at least one of the following: an access user group, a service card address, an external network address of the access user, and IPsec configuration information.
  • the IPsec configuration information is the IPsec configuration of the negotiation packet processed by the IKE protocol on the service card. That is, the access user uses the network resources and network devices available on the intranet according to the assigned intranet IP address.
  • FIG. 3 is a structural diagram of managing a user through a global user table according to an embodiment of the present invention, as follows:
  • the first step is to determine, according to the preset threshold, whether the number of access users in the user group is greater than a preset threshold in the global user table; if the determination result is yes, the access interface is closed;
  • the IPsec VPN gateway stores the user node under the user group corresponding to the IPsec interface according to the parameters carried in the negotiation of the access user. These users can go online from different business cards.
  • the master can know the distribution of each user group's access users in each service card in real time. When the number of users in the user group reaches the maximum allowed number, the master notifies the client to turn off the user access function.
  • an abnormal service card is obtained by querying the global user table; all users on the upper line in the abnormal service card are deleted;
  • the service card When the service card uploads user information, it carries the service card address information, and the master controls all users who are online on the service card. These users can belong to different user groups. When the service card is abnormal or is pulled out from the device, the master can sense and delete all users who are online on the service card.
  • the access user is searched according to the access user index table, and the preset operation is performed on the access user.
  • the preset operation includes at least one of the following: query and delete.
  • the master Use the access user's IPsec interface and the user's intranet IP as the key value for indexing.
  • the purpose of this index table is to quickly find users.
  • the gateway administrator needs to kick a user to go offline, the master obtains the input IPsec interface and the user's intranet IP. After the master finds the user, the user deletes the user and notifies the service card to delete. .
  • the master can also quickly find the user and display the user information through the obtained query request.
  • the method further includes: generating an entry according to the user information in the global user table; and establishing communication with the user access device according to the entry.
  • establishing communication with the user access device according to the entry includes: mode 1: receiving an encrypted message sent by the user access device; decapsulating the encrypted message by using an Internet protocol security IPsec, and obtaining the decapsulated inner layer The packet is sent to the intranet device corresponding to the user access device.
  • mode 1 receiving an encrypted message sent by the user access device; decapsulating the encrypted message by using an Internet protocol security IPsec, and obtaining the decapsulated inner layer The packet is sent to the intranet device corresponding to the user access device.
  • the second method is to receive the plaintext sent by the intranet device, and encapsulate the plaintext by using the Internet Protocol security IPsec to obtain the encapsulated packet; and send the packet to the user access device.
  • a user data management device is provided, which is used to implement the above-mentioned embodiments and preferred embodiments, and has not been described again.
  • the term "module” can be implemented A combination of software and/or hardware for the intended function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 4 is a structural block diagram of a user data management apparatus according to an embodiment of the present invention. As shown in FIG. 4, the apparatus includes: a receiving module 22, a generating module 24, and a management module 26, where
  • the receiving module 22 is configured to receive a list of user information including Internet Protocol security IPsec configuration information
  • the generating module 24 is connected to the receiving module 22 and configured to generate a global user node according to the user information in the user information list;
  • the management module 26 is connected to the generating module 24, and is configured to add the global user node to the global user table, and manage the accessed user through the global user table.
  • the user information in the user information list includes at least one of the following: a user group, a service card address, and IPsec configuration information, where the IPsec configuration information is used to configure an intranet resource for the access user; the user information list further includes: The user index table is used to index access users.
  • the access user index table is composed of an IPsec interface and a user intranet IP.
  • FIG. 5 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • the management module 26 further includes: a first management unit 261, a second management unit 262, and a third management unit. 263.
  • the management module 26 is configured to manage the accessed user by using a global user table by using at least one of the following manners:
  • the first management unit 261 is configured to determine, according to the preset threshold, whether the number of access users of the user group is greater than a preset threshold in the global user table; if the determination result is yes, the access interface is closed;
  • the second management unit 262 is configured to obtain an abnormal service card by querying the global user table, and delete all users of the online line in the abnormal service card;
  • the third management unit 263 is configured to search for an access user according to the access user index table, and perform a preset operation on the access user, where the preset operation includes at least one of the following: query, delete.
  • FIG. 6 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • the apparatus includes, in addition to all the modules shown in FIG. 4, an entry generation module 42 and communication. Module 44, wherein
  • the entry generation module 42 is configured to generate an entry according to user information in the global user table after managing the accessed user through the global user table;
  • the communication module 44 is connected to the entry generation module 42 and configured to establish communication with the user access device according to the entry generated by the entry generation module 42.
  • FIG. 7 is a structural block diagram of a user data management apparatus according to a preferred embodiment of the present invention.
  • the communication module 44 includes: a first receiving unit 441, a decapsulation unit 442, a first sending unit 443, and a second receiving unit 444. Encapsulation unit 445 and second transmission unit 446, wherein
  • the first receiving unit 441 is configured to receive an encrypted message sent by the user access device.
  • the decapsulation unit 442 is connected to the first receiving unit 441, and configured to perform Internet Protocol security IPsec decapsulation on the encrypted packet received by the first receiving unit 441 to obtain a decapsulated inner layer packet.
  • the first sending unit 443 is connected to the decapsulation unit 442, and is configured to send the memory packet decapsulated by the decapsulation unit 442 to the intranet device corresponding to the user access device;
  • the second receiving unit 444 is configured to receive the plaintext sent by the intranet device
  • the encapsulating unit 445 is connected to the second receiving unit 444, and is configured to encapsulate the plaintext through the Internet Protocol security IPsec to obtain the encapsulated packet.
  • the second sending unit 446 is connected to the encapsulating unit 445 and configured to send the packet to the user access device.
  • the technical problem to be solved by the present invention is to overcome the problem of complicated management of IPsec remote access users in a distributed system existing in the prior art, and to provide a distributed user management method for cooperation between a master control and a service card.
  • the IPsec service card is responsible for remote access user negotiation, each IPsec service card maintains a user information list, and the user information is sent to the main control at the same time; the main control maintains the global user table according to the sent information.
  • the user information list maintains all user information of the online service of the service card; the global user table maintains all user information of the service cards of the gateway.
  • the user information includes a private network address assigned to the access user, mode configuration information, a service card address, and the like.
  • the remote access client initiates negotiation, and the line card selects an IPsec service card to process the negotiation packet.
  • the service card If the negotiation is successful, the service card generates a local user node and synchronizes the user information to the master.
  • the master receives the user information sent by the service card, generates a user node, and joins the global user table.
  • the master sends a line card according to the user information generation entry, and the line card checks the sent entry to ensure that the IPsec data packet sent between the subsequent access user and the intranet device is sent to the service card that the user goes online. Process it.
  • the IPsec service card deletes the user node and notifies the master to delete it.
  • the remote access client accesses the public network and obtains the public network IP address (2.1.1.X). Now the client wants to access the intranet resources protected by the IPsec VPN gateway. The client initiates remote access negotiation to the gateway, and requests the gateway to allocate the internal network IP address (1.1.1.X) and other configuration information. After successful, the intranet resource can be accessed by using the intranet address. Data packets sent between the intranet host and the client are protected by IPsec tunnel encryption.
  • the IPsec VPN gateway processes the client access request as follows:
  • the gateway administrator configures the parameters of the negotiation to ensure that the client access negotiation succeeds.
  • the main configuration includes:
  • Step1 Negotiate the relevant parameters of the first phase and the second phase. Usually the negotiation parameters are selected under the configuration template.
  • Step2.IPsec interface An IPsec interface is a logical interface that carries the IPsec protocol. You need to bind the previously generated configuration template to the IPsec interface. When the client negotiates, it first finds the IPsec interface and then obtains the configuration bound to it.
  • Step3. User group. Configure the parameters related to extended authentication and mode configuration in the user group, and the maximum number of access allowed by the user group.
  • the line card packet receiving and receiving module receives the negotiation message sent by the client, selects a service card according to a specific algorithm, and delivers the message to the service card for processing. Subsequent negotiation messages sent by the client are also delivered to the same service card for processing.
  • the service card After receiving the negotiation packet, the service card sends the packet to the IPsec processing module.
  • the IPsec processing module is responsible for the IKE protocol related functions, including the first phase negotiation, the extended authentication/mode configuration negotiation, and the second phase negotiation.
  • the IPsec processing module After the negotiation is successful, the IPsec processing module generates a local user node according to the intranet address and user group configuration information allocated for the client, and joins the user information list.
  • the data structure of the business card user information list is shown in Figure 2:
  • the service card user information list maintains all remote user nodes accessed by the service card.
  • the user information list is indexed using the IPsec interface + user private network IP as the key value.
  • the user information stored by the user node includes: an access user group, a service card address, a client public network address, mode configuration information, and the like.
  • the service card IPsec processing module After the service card IPsec processing module generates the local user node, the user information is sent to the master IPsec processing module to generate a global user node and join the global user table. As shown in Figure 3, the master global user table provides three ways to manage access users:
  • the IPsec VPN gateway stores the user node under the user group corresponding to the IPsec interface according to the parameters carried in the negotiation of the access user. These users can go online from different business cards.
  • the master can know the distribution of each user group's access users in each service card in real time. When the number of users in the user group reaches the maximum allowed number, the master notifies the client to turn off the user access function.
  • the service card When the service card sends user information, it carries the service card address information, and the master controls all users who go online. These users can belong to different user groups. When the service card is abnormal or is pulled out from the device, the master can sense and delete all users who are online on the service card.
  • IPsec interface + user private network IP As the key value for indexing.
  • the purpose of this index table is to quickly find users.
  • the gateway administrator needs to kick a user offline, enter the IPsec interface + user private network IP that the user accesses. After the master finds the user, the user deletes the user and notifies the service card to delete.
  • an administrator views the specific information of a user, it can also quickly find the user and display the user information.
  • the master IPsec processing module generates various entries according to the user information in the global user table, and sends the packet to the line card. These entries are used by the gateway to process IPsec encryption and decryption data packets of the client after the client accesses successfully.
  • the line card packet sending and receiving module performs the following processing according to the delivered entry:
  • the ciphertext sent by the client to the intranet device is delivered to the service card of the client for IPsec decapsulation, and then the service card sends the inner packet back to the line card, and the line card forwards the packet to the client. Access to intranet devices.
  • the service card sent by the intranet device to the client is delivered to the client's online service card for IPsec encapsulation, and then the service card sends the encapsulated packet back to the line card and forwards it to the client.
  • the requirements of all the access users of the management gateway can be realized, including viewing user information, kicking the user offline, user table and associated module linkage, etc., and having the advantages of fast user positioning and diversified management modes:
  • the maximum number of allowed access users is set under the user group. When the maximum number is reached, subsequent requests to access the user group are rejected.
  • the user in the user group can be online on multiple service cards. Therefore, only the master global user table can obtain the current number of access users in the user group. After the master discovers that the number of users reaches the upper limit, the service card is notified to disable the access function of the user group, and the service card rejects all IKE negotiation that is accessed to the user group; due to the timing, the master user group is closed. After the function, the local user node sent by the service card may still be received. At this time, the global user table cannot be added, but the service card should be notified to delete the redundant user. When the user goes offline and the number of users is lower than the maximum number, the master informs the service card to enable the access function of the user group.
  • the administrator can view the user access status of each user group or each service card, and the specific configuration information of each user.
  • the user table and the associated module can be linked. For example, after configuring the management module, after the administrator modifies the gateway configuration, the master can notify the service card to perform corresponding processing. For example, the user group bound to the IPsec interface is deleted, and the master control notifies each service card to delete all access users belonging to the user group, and notifies the client.
  • the administrator can kick the user down the line by accessing the user index table. You can also use the IPsec interface, user group, or service card as the unit to kick the user offline.
  • the master deletes the user from the global user list and notifies the service card to delete.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • a user information list including Internet Protocol security IPsec configuration information is received; a global user node is generated according to user information in the user information list; and a global user node is added to the global user table.
  • the user accessing the user through the global user table solves the problem that the management efficiency is reduced due to excessive access users, thereby improving the efficiency of managing the access user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un appareil de gestion de données d'utilisateur. Le procédé comprend les étapes suivantes : recevoir une liste d'informations d'utilisateur contenant des informations de configuration de sécurité de protocole Internet (IPsec); selon des informations d'utilisateur dans la liste d'informations d'utilisateur, produire un nœud d'utilisateur global; et ajouter le nœud d'utilisateur global dans une table d'utilisateurs globale, et gérer des utilisateurs d'accès par l'intermédiaire de la table d'utilisateurs globale. Grâce à la présente invention, on résout le problème dans l'état de la technique de l'efficacité de gestion réduite causée par des utilisateurs d'accès excessifs.
PCT/CN2015/073522 2014-11-25 2015-03-02 Procédé et appareil de gestion de données d'utilisateur Ceased WO2016082363A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410690360.9A CN105610599B (zh) 2014-11-25 2014-11-25 用户数据管理方法及装置
CN201410690360.9 2014-11-25

Publications (1)

Publication Number Publication Date
WO2016082363A1 true WO2016082363A1 (fr) 2016-06-02

Family

ID=55990145

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073522 Ceased WO2016082363A1 (fr) 2014-11-25 2015-03-02 Procédé et appareil de gestion de données d'utilisateur

Country Status (2)

Country Link
CN (1) CN105610599B (fr)
WO (1) WO2016082363A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107896233B (zh) * 2017-12-28 2021-09-10 广州汇智通信技术有限公司 一种sctp流数据管理方法、系统及设备
CN111147382B (zh) * 2019-12-31 2021-09-21 杭州迪普科技股份有限公司 报文转发方法和装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014007A (zh) * 2010-12-29 2011-04-13 武汉日电光通信工业有限公司 一种分布式系统服务管理系统及方法
US20120226804A1 (en) * 2010-12-29 2012-09-06 Murali Raja Systems and methods for scalable n-core stats aggregation
CN103686725A (zh) * 2012-09-26 2014-03-26 成都鼎桥通信技术有限公司 用户数据管理方法、设备和系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014007A (zh) * 2010-12-29 2011-04-13 武汉日电光通信工业有限公司 一种分布式系统服务管理系统及方法
US20120226804A1 (en) * 2010-12-29 2012-09-06 Murali Raja Systems and methods for scalable n-core stats aggregation
CN103686725A (zh) * 2012-09-26 2014-03-26 成都鼎桥通信技术有限公司 用户数据管理方法、设备和系统

Also Published As

Publication number Publication date
CN105610599B (zh) 2019-03-01
CN105610599A (zh) 2016-05-25

Similar Documents

Publication Publication Date Title
JP7641276B2 (ja) マルチテナントソフトウェア定義ワイドエリアネットワーク(sd-wan)ノードを提供するための方法、システム、およびコンピュータ読取可能媒体
US11165604B2 (en) Method and system used by terminal to connect to virtual private network, and related device
CN103067158B (zh) 加密解密方法、加密解密装置及密钥管理系统
WO2017161706A1 (fr) Procédé de commande d'accès à une ressource de réseau dans un réseau local, dispositif et équipement de passerelle
CN114500120B (zh) 一种公共云的扩展方法、设备、系统及存储介质
CN109413194B (zh) 用于移动通信系统的用户信息云端协同处理及转移方法
JP2024525557A (ja) アクセス制御方法、アクセス制御システム、および関連デバイス
AU2018287525A1 (en) Systems and methods for data encryption for cloud services
EP4323898B1 (fr) Procédés et systèmes implémentés par ordinateur pour établir et/ou commander une connectivité de réseau
CN115499177A (zh) 云桌面访问方法、零信任网关、云桌面客户端和服务端
US10931662B1 (en) Methods for ephemeral authentication screening and devices thereof
CN106685785B (zh) 一种基于IPsec VPN代理的Intranet接入系统
CN115622742B (zh) 一种资源访问控制方法及装置
CN116915486A (zh) 一种云服务通信系统
CN112887278A (zh) 一种私有云和公有云的互联系统及方法
CN108600207A (zh) 基于802.1x与savi的网络认证与访问方法
CN105591748B (zh) 一种认证方法和装置
KR101329968B1 (ko) IPSec VPN 장치들 사이의 보안 정책을 결정하기 위한 방법 및 시스템
WO2017080381A1 (fr) Procédé pour traiter des données inter domaine, premier serveur et second serveur
WO2020029793A1 (fr) Système, dispositif et procédé de gestion de comportement d'accès internet
Li et al. SDN-based access authentication and automatic configuration for IPsec
WO2016082363A1 (fr) Procédé et appareil de gestion de données d'utilisateur
CN112751664B (zh) 一种物联网组网方法、装置和计算机可读存储介质
CN106537962B (zh) 无线网络配置、接入和访问方法、装置及设备
CN116016529A (zh) IPSec VPN设备负载均衡管理方法和装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862193

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862193

Country of ref document: EP

Kind code of ref document: A1