WO2014073948A1 - System and method for managing public network - Google Patents

System and method for managing public network Download PDF

Info

Publication number
WO2014073948A1
WO2014073948A1 PCT/MY2013/000182 MY2013000182W WO2014073948A1 WO 2014073948 A1 WO2014073948 A1 WO 2014073948A1 MY 2013000182 W MY2013000182 W MY 2013000182W WO 2014073948 A1 WO2014073948 A1 WO 2014073948A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
server
client
sequence
packet
Prior art date
Application number
PCT/MY2013/000182
Other languages
French (fr)
Inventor
Mohd Ariff Abdullah
Muhammad Faheem Mohd Ezani
Shariq Haseeb
Original Assignee
Mimos Bhd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Bhd. filed Critical Mimos Bhd.
Publication of WO2014073948A1 publication Critical patent/WO2014073948A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

A system for managing public network (6), comprising: a central unit (1); and at least a local unit (2) having at least an access point (3) with client data stored therein, communicating with the central unit (1) characterized by: the central unit (1), comprising: a central database server (7) for storing client data, a control server (8) for accessing and managing client data in the central database server (7); and a gateway server (9) for managing and authenticating accesses to the central database server (7) and the control server (8); the local unit (2), each comprising: a synchronize proxy server (10) for fetching data from the central unit (1) to authenticate access into the public network (6); a token server (11) for generating random tokens and provide feedback to the client (5); and a sequence server (12) for generating random sequence numbers and provide feedback to the clients.

Description

SYSTEM AND METHOD FOR MANAGING PUBLIC NETWORK
Field of the invention The present invention relates to system and method for managing public network, and more particularly relates to a system and method for enforcing public network with security features.
Background of the invention
Wireless network connection has gained popularity as-ah alternative to the wired network counterpart due to the ease of physical connection relieving the hassle of physically connecting the wires to a router. It is not only commonly found in public locations such as cafeterias, restaurants, and hotels, the use of wireless connection in offices and homes has also been increasing over the years.
However, the convenience of connection also imposes problems to the security of the wireless network. A person in the wireless covered area might gain unauthorized access to the network and jeopardize the information transmitted within the network. This is especially plausible in a conventional wireless network system in which access authorization only involves an authentication key input, that is easily hacked. Malicious threats potentially encountered include spoofing, masquerading, and packet injection attacks will damage the integrity of information being passed around. High security implementations will increase the complexity and overhead of a network, which is not suitable in public networks.
Various prior arts divulged methods relating to providing and managing public network. US Patent Application Publication No. 20040022186 A1 discloses a method for preventing unauthorized access into the public network by monitoring access points and traffic passing through the access point and applying traffic filter to the identified unauthorized access point. This method only prevents unauthorized access into the network but does not assure the integrity of information. W
2
US Patent Application Publication No. 20080250478 A1 discloses a method for providing public network through access points. Wireless network routers which provide wireless access of internet are associated with a profile identifier for displaying on the client devices. Connection to the network is allowed when the 5 client devices requests for the same is authorized by an authentication key input.
Therefore, the method of providing public network is still vulnerable to malicious threat.
US Patent No. 7565529 B2 discloses a method for authentication and managing io network system for wireless local area network applications. The method requires a hardware authenticating key containing a validation certificate to connect to the end user device for granting access to the network. Similarly, the disclosed method does not address the problem of encountering malicious threats that would impair the information integrity.
15
Therefore, there is a need to provide a method for enforcing public network with reinforced security features while at the same time retaining the simplicity and low operational cost of the network.
20 Summary of the invention
It is an object of the present invention to provide a public network system and method for authenticating devices for access to the network which is impervious to masquerading threats, and ensuring the integrity of information transmitted 25 within the network.
It is also an object of the present invention to provide a public network system having a centralized coordination of devices authentication between all access points and a fallback local unit that caters security needs if the backhaul fails.
30
The present invention relates to a system for managing public network, comprising: a central unit; and at least a local unit having at least an access point with client data stored therein, communicating with the central unit characterized by: the central unit, comprising: a central database server for storing client data, a control server for accessing and managing client data in the central database server; and a gateway server for managing and authenticating accesses to the central database server and the control server; the local unit, each comprising: a synchronize proxy server for fetching data from the central unit to authenticate access into the public network; a token server for generating random tokens and provide feedback to the client for network access authentication; and a sequence server for generating random sequence numbers and provide feedback to the clients for network access authentication.
The present invention also relates to a method for managing public, comprises the steps of: receiving client demand in the form of a packet from an access point; authorizing the client demand by checking the client data stored in a local database which will be synchronized with a central database server if the client data is not found in the local database; deciding whether the packet is a request packet or a data packet; generating and sending a response comprising new token and new sequence numbers when the packet is request packet, wherein the new token and new sequence numbers are fetched from a token server and a sequence server respectively; checking the new token and the new sequence numbers generated for the client against a token map and a sequence map respectively for existing record of said client, and replacing the existing record with the new token and the new sequence numbers, after generating the response; verifying the token and the sequence numbers when the packet is a data packet; dropping the packet that is invalid in one or both of the token and sequence numbers.
Brief descriptions of drawings
Figure 1 is a diagram illustrating a general architecture of the system for managing public network according to the present invention;
Figure 2 is a diagram illustrating the components in the local unit and the central unit according to the present invention; Figure 3 is a block diagram illustrating the central unit according to the present invention; Figure 4 is a block diagram illustrating the synchronization process of client data in the local unit according to the present invention;
Figure 5 is a block diagram illustrating the token fetching process in the local unit according to the present invention;
Figure 6 is a block diagram illustrating the sequence numbers fetching process in the local unit according to the present invention;
Figure 7 is a block diagram illustrating the authentication process of a non- restricted client in an access point according to the present invention;
Figure 8 is a block diagram illustrating the process of generating response upon receipt of request packet in the access point according to the present invention; Figure 9 is a block diagram illustrating the process of authentication of data packet in the access point according to the present invention;
Figure 10 is a flow diagram illustrating the process of client data synchronization and client device authentication according to the present invention;
Figure 11 is a flow diagram illustrating the process of token generation according to the present invention;
Figure 12 is a flow chart illustrating the process of sequence numbers generation according to the present invention;
Figure 13 is a flow chart illustrating the process of client authentication via client data, token, and sequence number according to the present invention. Detailed description of the preferred embodiments
The present invention will now be described in more detail with reference to the accompanying drawings, in which preferred embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The term "client" used throughout the description should be construed as the device of the end user which is intended to connect to the public network (6). The client (5) can be any computing platform that is able to connect to a network, including but not limited to mobile device, tablet, laptop, personal digital assistant (PDA), and personal computer.
With reference to Figure 1 and 2, the present invention relates to a system for managing public network (6), comprising a central unit (1) and at least a local unit (2) having at least an access point (3) with client data stored therein, and the local unit (2) is in communication with the central unit (1). The present invention is characterized by the central unit comprising a central database server (7) for storing client data, a control server (8) for accessing and managing client data in the central database server (7), and a gateway server (9) for managing and authenticating accesses to the central database server (7) and the control server (8). The local unit (2) of the present invention, each comprising a synchronize proxy server (10) for fetching data from the central unit (1) to authenticate access into the public network (6), a token server (11) for generating random tokens and provide feedback to the client (5) for network access authentication, and a sequence server (12) for generating random sequence numbers and provide feedback to the clients for network access authentication.
With reference to Figure 1 which shows a general simplified system structure of the present invention, it can be seen that the system of the present invention involves a central unit (1) and a plurality of local units (2) which are in synchronization via a public network (6). Each of the local units (2) comprises a plurality of access points (3) for providing connectivity to the clients (5). In a preferred embodiment, the network coverage area (4) provided by the plurality of access points (3) is a wireless network hotspot in which the clients (5) can access to the public network (6) by means of wireless connection.
According to Figure 2, the central unit (1) comprises a central database server (7), a control server (8), and a gateway server (9). The local unit (2) comprises a plurality of access points (3), a synchronize proxy server (10), a token server (11), and a sequence server (12). While the plurality of access points (3) provide connectivity to the clients (5), it also authorizes the access of clients (5) into the network (6), with the aid from synchronize proxy server (10), token server (11), and sequence server (12). In a preferred embodiment, one central unit (1) is connected to a plurality of local units (2) via the public network (6).
The synchronize proxy server (10) contains client data in the form of a control list which is a list of the permissible clients (5) identified by one or any combination of the device identifiers such as media access control (MAC) address and license key of device.
The token server (11) generates token for the clients (5) for further authentication. The token is client-specific encrypted key which is valid only in that local network during a predetermined period, fairly short in length for preventing masquerading threats whereby the attackers disguise into authorized clients for connecting the network (6).
The sequence server (12) generates sequence numbers to the clients (5) for data authentication. The clients (5) are assigned with a series of sequence numbers for each session of connection. The series of sequence numbers is randomly generated numbers arranged in a particular sequence, such that the clients (5) will need to follow the exact sequence of the sequence numbers for transferring data packets because each sequence number in the series is only valid for one data packet. The sequence number authentication ensures the integrity of information transmitted within the network (6), especially from packet injection threat. Figure 3 is a block diagram showing the central unit (1) and the interaction of the components therein. The central database server (7) stores client data in the form of a control list. The central database server (7) can be accessed by the local unit (2) for synchronization through the gateway server (9), and more specifically, updating the client data in the synchronize proxy server (10) according to that of the central database server (7). In addition, the client data in the central database server (7) can be accessed, maintained, and modified by adding new client entry into the control list or altering the existing client in the control list. These operations on the central database server (7) are performed by the control server (8) via a control interface provided by the gateway server (9).
The client data which is in the form of a control list specifies clients (5) authorized for accessing the public network (6). The client data also includes access privileges of the clients (5). The access privileges are exemplified by categorizing the clients (5) into restricted and non-restricted clients. The restricted clients are required to pass through three layer authentication, conferred by the synchronize proxy server (10), the token server (11), and the sequence server (12). On the other hand, the non-restricted clients are only required to pass through authentication from synchronize proxy server (10) to connect to the network (6). Figure 4 shows the components in the local unit (2) comprising the plurality of access points (3), the synchronize proxy server (10), the token server (1 ), and the sequence server (12). A local database (13) in the synchronize proxy server (10) functions to store client data, preferably in the form of a control list. The client data in the local database (13) will be fetched into the access point (3) by the local synchronizer (15) upon receiving request from the access point (3). Preferably, the client data will be stored as access point control list (16). If the client is not found in the client data of local database (13), a central synchronizer (14) will perform synchronization with the central database server (7). Figure 5 is a block diagram illustrating the token fetching process in the local unit (2) comprising the synchronize proxy server (10), token server (11), and a sequence server (12). Token fetching process is carried out in the token server (11). A token generator (17) generates a random token and stores the token in the token map (18). A token manager (19) fetches the token from the token map (18) and provides the token to the access point (3), preferably to be stored in access point token map (20). Figure 6 is a block diagram illustrating the local unit (2) comprising the synchronize proxy server (10), token server (11), and the sequence server (12). Figure 6 represent the process of fetching sequence numbers upon receiving sequence numbers request. A sequence generator (21) generates sequence numbers and stores in a sequence map (22). The new sequence numbers are fetched by a sequence manager (23) which in turn sends to the access point (3), preferably to be stored in access point sequence map (24).
The components in the access point (3) are illustrated in Figure 7, 8, and 9. The access point (3) comprises a packet inspector (25) for client (5) authentication against client data in the form of an access point control list (16). The client data in the access point control list (16) is fetched from local database (13). A packet authenticator (26) is used for authenticating tokens and sequence numbers by checking with access point token map (20) and access point sequence map (24). A packet builder (27) is used for generating response to client request for the token and sequence number by obtaining the token and sequence numbers from access point token map (20) and access point sequence map (24).
Figure 7 is a block diagram showing the authentication of a non-restricted client in the access point (3). The non-restricted client only requires one layer authentication, which is by client data matching. The client (5) sends a request packet to the access point (3), and is then inspected by a packet inspector (25) against the access point control list (16). If the client (5) is found in the access point control list (16), access to the network is granted without further authentication.
Figure 8 and Figure 9 illustrates the processing of a packet from a restricted client in the access point (3). After the packet inspector (25) checks the request packet against the access point control list (16), the packet builder (27) then proceeds to obtain the token and sequence number already fetched and stored in the access point token map (20) and access point sequence map (24) respectively and send back to the client (5) as a response.
With reference to Figure 9, after the client (5) receives the response from the packet builder (27), the data packet is then sent for authentication for network access. Likewise, the data packet requires authentication, preferably by checking the access point control list (16) by the packet authenticator (25). The packet authenticator (26) then authenticates the data packet by checking the access point token map (20) and access point sequence map (24). A match with the record in the access point token map (20) and access point sequence map (24) grants access into the network. Otherwise, the data packet is considered as spoof data which will be dropped.
Figure 10 is a flow diagram showing the process of client data synchronization. When a client demand is received at the access point (3), client data fetched from the local database (13) will be checked for the presence of the particular client (5). Authentication proceeds to next stage if the client (5) record is found in the local database (13). Otherwise, the local database (13) will be triggered to synchronize with the central database server (7) for updating the client data to the local database (13). Then, the local database (13) will be checked again for the presence of the client (5) record. The client (5) authorization will be denied if no record of the client (5) can be found in local database (13) after synchronization with the central database server (7). The client data contains either media access control address, license key or a combination thereof. With reference to figure 11 , when a token request is received, new token will be generated and stored in the token map (18). In the event that the token map (18) already has an existing token from the same client (5), then the new generated token will replace the existing token. The token will then be fetched to the access point (3).
Figure 12 is a flow diagram showing the process of sequence numbers generation. Similarly, when a sequence number request is received, new sequence number will be generated and stored in the sequence map (22). If existing sequence numbers from the same client (5) is found in the sequence map (22), the existing sequence number will be replaced by the newly generated sequence numbers. Then, the sequence numbers will be sent to the access point (3). With reference to Figure 8, 9, and 13, the Figure 13 describes the overall method for managing the public network (6). The client demand will be received in the form of a packet at the access point (3). Then, the packet inspector (25) checks the client demand packet against the client data in the form of a control list fetched by the local synchronizer (15) from the local database (13), to determine whether the client (5) is an authorized client, and whether the client is a restricted client or non- restricted client. If the client is a non- restricted client, access to the network will be granted without further authentication. For a restricted client, the packet of client demand is inspected for whether it is a request packet or data packet. If the client demand is a request packet, the access point (3) provides a token fetched from the token server (11) and a sequence number (12) fetched from the sequence server (12) for building a response packet to send back to the client (5). If the packet is a data packet, which is comprised of token and sequence number for network connection, the data packet will be checked by the packet authenticator (26) for determination whether the token and the sequence number are valid. If it is determined that any one of the token and the sequence number is invalid, the data packet will be dropped and network access is denied. Although the present invention has been described in a specific embodiment as in the above description, it is understood that the above description does not limit the invention to the above given details. It will be apparent to those skilled in the art that various changes and modification may be made therein without departing from the principle of the invention or from the scope of the appended claims.

Claims

14/073948 12 Claims
1. A system for managing public network (6), comprising:
a central unit (1); and
at least a local unit (2) having at least an access point (3) with client data stored therein, communicating with the central unit (1) characterized by:
the central unit (1), comprising:
a central database server (7) for storing client data, a control server (8) for accessing and managing client data in the central database server (7); and
a gateway server (9) for managing and authenticating accesses to the central database server (7) and the control server (8); the local unit (2), each comprising:
a synchronize proxy server (10) for fetching data from the central unit (1) to authenticate access into the public network (6); a token server (11) for generating random tokens and provide feedback to the client (5) for network access authentication; and
a sequence server (12) for generating random sequence numbers and provide feedback to the clients for network access authentication.
2. A system for managing public network (6) according to claim 1 , wherein the access point (3) comprising:
a packet inspector (25) for client (5) authentication against client data; a packet authenticator (26) for authenticating tokens and sequence numbers; and
a packet builder (27) for generating response to client request for the token and sequence number.
3. A system for managing public network (6) according to claim 1 , wherein the central database server (7) stores client data comprising access control list and access privileges of the clients.
4. A system for managing public network (6) according to claim 1 , wherein the gateway server (9) provides a control interface for operation of the control server (8).
A system for managing public network (6) according to claim 1 , wherein the synchronize proxy server (10) comprising:
a local database (13) for storing client data;
a central synchronizer (14) for synchronizing client data between central database server (7) and the local database (13); and
a local synchronizer (15) for synchronizing client data between the local database (13) and the access point (3).
A system for managing public network (6) according to claim 1 , wherein the token server (11) comprising:
a token generator (17) for generating random tokens;
a token map (18) for storing the. tokens; and
a token manager (19) for fetching tokens from the token generator (17) and the token map (18).
A system for managing public network (6) according to claim 1 , wherein the sequence server (12) comprising:
a sequence generator (21) for generating random sequence numbers; a sequence map (22) for storing the sequence numbers; and
a sequence manager (23) for fetching sequence numbers from the sequence generator (21) and the sequence map (22).
A method for managing public network (6) in accordance to the system as described in claim 1 , comprises the steps of: receiving client demand in the form of a packet from an access point
(3);
authorizing the client demand by checking the client data stored in a local database (2) which will be synchronized with a central database server (7) if the client data is not found in the local database (2);
deciding whether the packet is a request packet or a data packet; generating and sending a response comprising new token and new sequence numbers when the packet is request packet, wherein the new token and new sequence numbers are fetched from a token server (11) and a sequence server (12) respectively;
checking the new token and the new sequence numbers generated for the client against a token map (20) and a sequence map (24) respectively for existing record of said client, and replacing the existing record with the new token and the new sequence numbers, after generating the response; verifying the token and the sequence numbers when the packet is a data packet by checking the token with the token map (20) stored with the token generated and checking the sequence numbers with the sequence map (24) stored with the sequence numbers generated, wherein the token is valid for a predetermined period of time;
dropping the packet that is invalid in one or both of the token and sequence numbers.
A method for managing public network (6) according to claim 8, wherein the client data contains either media access control address, license key or a combination thereof.
0. A method for managing public network (6) according to claim 8, wherein the response for the request packet is generated by a packet builder (27) in the access point (3).
PCT/MY2013/000182 2012-11-09 2013-10-17 System and method for managing public network WO2014073948A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2012700927 2012-11-09
MYPI2012700927A MY164425A (en) 2012-11-09 2012-11-09 System and method for managing public network

Publications (1)

Publication Number Publication Date
WO2014073948A1 true WO2014073948A1 (en) 2014-05-15

Family

ID=49753438

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2013/000182 WO2014073948A1 (en) 2012-11-09 2013-10-17 System and method for managing public network

Country Status (2)

Country Link
MY (1) MY164425A (en)
WO (1) WO2014073948A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704199A (en) * 2015-04-28 2016-06-22 包健 Method for managing LED display screen control system by using WeChat
US10587611B2 (en) 2017-08-29 2020-03-10 Microsoft Technology Licensing, Llc. Detection of the network logon protocol used in pass-through authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040022186A1 (en) 2002-07-30 2004-02-05 International Business Machines Corporation Methods, apparatus and program product for controlling network security
US20080250478A1 (en) 2007-04-05 2008-10-09 Miller Steven M Wireless Public Network Access
US7565529B2 (en) 2004-03-04 2009-07-21 Directpointe, Inc. Secure authentication and network management system for wireless LAN applications
US20100299725A1 (en) * 2009-05-22 2010-11-25 Buffalo Inc. Wireless lan access point device and unauthorized management frame detection method
US20110090896A1 (en) * 2009-10-15 2011-04-21 Bob Bradley Methods for synchronizing data in a network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040022186A1 (en) 2002-07-30 2004-02-05 International Business Machines Corporation Methods, apparatus and program product for controlling network security
US7565529B2 (en) 2004-03-04 2009-07-21 Directpointe, Inc. Secure authentication and network management system for wireless LAN applications
US20080250478A1 (en) 2007-04-05 2008-10-09 Miller Steven M Wireless Public Network Access
US20100299725A1 (en) * 2009-05-22 2010-11-25 Buffalo Inc. Wireless lan access point device and unauthorized management frame detection method
US20110090896A1 (en) * 2009-10-15 2011-04-21 Bob Bradley Methods for synchronizing data in a network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704199A (en) * 2015-04-28 2016-06-22 包健 Method for managing LED display screen control system by using WeChat
US10587611B2 (en) 2017-08-29 2020-03-10 Microsoft Technology Licensing, Llc. Detection of the network logon protocol used in pass-through authentication

Also Published As

Publication number Publication date
MY164425A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
US8024488B2 (en) Methods and apparatus to validate configuration of computerized devices
CN101227468B (en) Method, device and system for authenticating user to network
CA2448853C (en) Methods and systems for authentication of a user for sub-locations of a network location
US9887997B2 (en) Web authentication using client platform root of trust
WO2016141856A1 (en) Verification method, apparatus and system for network application access
CN109561066A (en) Data processing method and device, terminal and access point computer
CN102685086A (en) File access method and system
CN101986598B (en) Authentication method, server and system
CN108173827B (en) Block chain thinking-based distributed SDN control plane security authentication method
US20110078784A1 (en) Vpn system and method of controlling operation of same
WO2016188335A1 (en) Access control method, apparatus and system for user data
CN101599967A (en) Authority control method and system based on the 802.1x Verification System
JP2016521029A (en) Network system comprising security management server and home network, and method for including a device in the network system
JP4698751B2 (en) Access control system, authentication server system, and access control program
US8272039B2 (en) Pass-through hijack avoidance technique for cascaded authentication
CN106789858B (en) Access control method and device and server
CN115333840A (en) Resource access method, system, device and storage medium
CN101867588A (en) Access control system based on 802.1x
CN105635321A (en) Registration method for dynamic networking equipment
KR101319586B1 (en) Cloud computing network system and method for authenticating client
KR101510290B1 (en) Apparatus for implementing two-factor authentication into vpn and method for operating the same
US20170295142A1 (en) Three-Tiered Security and Computational Architecture
US10298588B2 (en) Secure communication system and method
CN106850592A (en) A kind of information processing method, server and terminal
Tiwari et al. Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using Kerberos

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13802722

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13802722

Country of ref document: EP

Kind code of ref document: A1