WO2010034209A1 - Method, system and device for revaluating security state - Google Patents

Method, system and device for revaluating security state Download PDF

Info

Publication number
WO2010034209A1
WO2010034209A1 PCT/CN2009/072555 CN2009072555W WO2010034209A1 WO 2010034209 A1 WO2010034209 A1 WO 2010034209A1 CN 2009072555 W CN2009072555 W CN 2009072555W WO 2010034209 A1 WO2010034209 A1 WO 2010034209A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security domain
security
evaluation
rsd
Prior art date
Application number
PCT/CN2009/072555
Other languages
French (fr)
Chinese (zh)
Inventor
任兰芳
尹瀚
贾科
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010034209A1 publication Critical patent/WO2010034209A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, system and apparatus for re-evaluating a security state. Background technique
  • RSD Access Security Domain
  • RSD Remote Security Domain
  • the RSD needs to perform security state evaluation on the terminal.
  • RSD does not directly collect and evaluate the security status information of the terminal, but after receiving the access request of the terminal, the RSD sends a terminal security status assertion request to the ASD of the terminal, after receiving the security state assertion of the terminal ASD, according to This result responds to the terminal's access request.
  • Only terminals that meet the RSD security policy requirements are allowed to access RSD. After the terminal obtains the allowed access response of the RSD, the terminal can communicate with the RSD or enjoy a certain service.
  • Embodiments of the present invention provide a method, system, and apparatus for re-evaluating a security state to timely adjust appropriate control of a terminal according to a result of re-evaluation.
  • an embodiment of the present invention provides a method for re-evaluating a security state, including:
  • the embodiment of the invention further provides a system for reassessing the security status, including:
  • a first security domain configured to re-evaluate a terminal accessing the second security domain, and send the re-evaluation result to the second security domain;
  • a second security domain configured to perform corresponding control on the access of the terminal according to the re-evaluation result.
  • An embodiment of the present invention further provides a device for re-evaluating a security state, including:
  • a re-evaluation module configured to re-evaluate a terminal accessing the second security domain
  • a sending module configured to send the re-evaluation result to the second security domain.
  • An embodiment of the present invention further provides a device for re-evaluating a security state, including:
  • a receiving module configured to receive a result of the re-evaluation sent from the first security domain
  • control module configured to perform corresponding control on access of the terminal according to the result of the re-evaluation.
  • FIG. 1 is a flow chart of a method for reassessing a safety state according to a first embodiment of the present invention
  • FIG. 2 is a flow chart of a method for reassessing a safety state according to a second embodiment of the present invention
  • FIG. 4 is a flowchart of execution of re-evaluation of a terminal by an RSD according to Embodiment 2 of the present invention
  • FIG. 5 is a flowchart of execution of re-evaluation of a terminal by another RSD according to Embodiment 2 of the present invention
  • FIG. 6 is a flow chart showing an execution process of another RSD for re-evaluating a terminal according to Embodiment 2 of the present invention.
  • FIG. 7 is a system structural diagram of a safety state re-evaluation according to Embodiment 3 of the present invention
  • FIG. 8 is a structural diagram of a safety state re-evaluation apparatus according to Embodiment 4 of the present invention
  • a device structure diagram for re-evaluation of a safety state is proposed. detailed description
  • a method for re-evaluating a security state according to the first embodiment of the present invention, as shown in FIG. 1, may include:
  • Step S101 Perform re-evaluation on the terminal accessing the second security domain.
  • Step S102 Send the re-evaluation result to the second security domain.
  • the second security domain After the re-evaluation result is sent to the second security domain, the second security domain The re-evaluation result can also be received, and corresponding access to the terminal is controlled according to the re-evaluation result. Further, the method may further include:
  • Step S103 The second security domain receives the re-evaluation result, and performs corresponding control on the access of the terminal according to the re-evaluation result.
  • the second security domain and the first security domain may be a security domain or a server in the network, and may be an authentication server or an evaluation server.
  • the second security domain relies on the security domain RSD.
  • the first security domain takes the assertion of the security domain ASD as an example.
  • the terminal can be a smart terminal, a mobile phone, a PDA (Personal Digital Assistant, a personal data processor), a normal PC (personal computer), a notebook, and an AP (Access Point) support TNC (Trusted Network Connect, Trusted Network Connection) Evaluated device.
  • the re-evaluation of the trigger condition of the terminal that is communicating across the domain may include: the ASD transmitting an assertion trigger condition of the terminal security status re-evaluation result to the RSD; and/or the RSD transmitting the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal Trigger condition.
  • the assertion triggering condition for the ASD to send the terminal security state re-evaluation result to the RSD includes: the configuration of the security policy of the terminal ASD is changed, and the security policy configuration of the terminal ASD needs to periodically perform security state evaluation on the terminal, and the terminal Requesting the ASD to re-evaluate one or more of the security status assessments of the terminal.
  • the triggering condition for the RSD to send the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal includes: the RSD discovers that the suspicious behavior of the terminal occurs, the security policy of the RSD itself changes, and the terminal is required to re-evaluate, The RSD subscribes to the ASD for information about the terminal security status re-evaluation result, and requests the ASD to send the evaluation result information to the RSD in time, or to specify one of a fixed re-evaluation period, once the evaluation result changes. Or several.
  • the appropriate control of the terminal according to the result of the re-evaluation includes: if the security status of the terminal is only partially complying with the security policy requirements of the second security domain, The terminal can only partially access the second security domain, and the result of the re-evaluation indicates that the security state of the terminal completely meets the second security domain policy requirement, and the second security domain continues to maintain communication with the terminal. And changing the access status of the terminal to fully access the second security domain; or
  • the re-evaluation result indicates that the security status of the terminal only partially meets the requirements of the second security domain,
  • the second security domain allows the terminal to access to continue to maintain communication with the terminal, and the access at this time is to partially access the second security domain;
  • the re-evaluation result indicates that the security status of the terminal does not meet the security policy requirements of the second security domain.
  • the second security domain terminates all connections with the terminal; or
  • the second security domain performs role mapping on the terminal that is allowed to access according to the re-evaluation result of the terminal, and maps the terminal that does not belong to the second security domain to the terminal in the second security domain.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • a method for re-evaluating the security state according to the second embodiment of the present invention includes: Step S201:
  • the RSD performs an initial evaluation when the terminal requests to access the network, and determines whether the security state assertion provided by the ASD satisfies the RSD.
  • the security policy requires that when the security state assertion provided by the ASD meets the RSD security policy requirements, after completing the initial evaluation of the terminal requesting access to the network and establishing communication between the terminal and the RSD, the ASD sends the terminal security state to the RSD.
  • step S202 When the assertion of the evaluation result is made, go to step S202, when the RSD sends the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal, go to step S203, when the security state assertion provided by the ASD fails to meet the RSD security policy requirement, Go to step S204.
  • Step S202 after the terminal completes the initial evaluation and establishes communication with the RSD for a period of time,
  • the ASD sends an assertion of the terminal security status re-evaluation result to the RSD, and the RSD will promptly enter the terminal.
  • the line is reassessed and the appropriate control of the terminal is adjusted in time based on the results of the reassessment.
  • the communication between the RSDs is specifically cross-domain communication, specifically the cross-domain communication between the ASD domain and the RSD domain.
  • the ASD of the provider of the security state assertion of the terminal sends an assertion of the re-evaluation result of the terminal security state to the RSD, and the RSD adjusts according to the result.
  • the ASD of the security state asserted by the terminal may also send an assertion of the security status re-evaluation result to the terminal, so that the terminal forwards the assertion of the security status re-evaluation result to the RSD, and the RSD adjusts according to the result. Appropriate control of the terminal.
  • the trigger condition of the assertion of the security state of the terminal asserting the ASD of the provider to the RSD to send the terminal security state re-evaluation result includes, but is not limited to, the following scenario, the configuration of the security policy of the terminal ASD is changed, or the security policy configuration of the terminal ASD is configured. It is required to periodically perform a security status assessment on the terminal, or the terminal requests the ASD to re-evaluate its security status. Driven by the above trigger conditions, ASD will re-evaluate the security status of the terminal and generate a corresponding re-evaluation result, and will actively send the result of the re-evaluation to the RSD.
  • Step S203 after the initial evaluation of the terminal is completed, and the communication is established with the RSD for a period of time, when the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the ASD is required to re-evaluate the security state of the terminal and send a heavy weight for the terminal.
  • the evaluation result is asserted, the RSD can re-evaluate the terminal in time, and adjust the appropriate control of the terminal in time according to the result of the re-evaluation.
  • the RSD After the RSD completes the initial evaluation of the terminal and starts communication with the terminal, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, and requires the ASD to re-evaluate the terminal security status and send the terminal to the terminal.
  • the RSD can adjust the appropriate control of the terminal in time based on the result.
  • the RSD sends a re-evaluation request to the terminal's ASD or subscribes to the re-evaluation result information, requesting
  • ASD re-evaluates the terminal security status and sends an assertion trigger for the terminal re-evaluation result
  • the conditions include, but are not limited to, the following scenarios: RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, requires re-evaluation of the terminal, or RSD subscribes to the ASD for information about the terminal security status re-evaluation result. ASD is required to send this information to the RSD in a timely manner as soon as its evaluation results change, or to specify a fixed reassessment period or frequency.
  • step S202 the access request is specifically an assertion that the ASD sends the terminal security state re-evaluation result to the RSD.
  • step S203 the service request is specifically, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal.
  • the network for re-evaluation includes, but is not limited to, a fixed network, a wireless network, and other converged networks.
  • Step S204 When the security state assertion provided by the ASD does not meet the RSD security policy requirement, the RSD does not directly respond to the denial of access, but requests other security state assertions to the ASD, and the RSD is re-established according to the ASD. Other security state assertions provided respond to requests from the terminal.
  • step S201 the execution process of the initial evaluation when the RSD requests the terminal to access the network is as shown in FIG. 3, and includes:
  • Step S301 The terminal initiates an access request to the server of the RSD.
  • Step S302 the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
  • the security state assertion refers to a statement of terminal security status information, security evaluation results, and security event metadata associated with the terminal, and based on the security status assertion, it can be determined whether the terminal is secure.
  • Step S303 After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
  • Step S304 the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal.
  • Step S305 according to the foregoing evaluation result, the RSD makes a response whether to allow the terminal to access.
  • Step S306 the initial evaluation process is completed, and the terminal that allows access can establish a connection with the RSD to communicate.
  • the RSD can re-request new or other types of security state assertions.
  • the reassessment at this time can be determined by pre-negotiating between ASD and RSD, requiring ASD to provide up-to-date or specific security status assertion related information to complete the initial evaluation process.
  • step S202 the RSD re-evaluates the terminal in time, and adjusts the appropriate control to the terminal according to the result of the re-evaluation.
  • the execution process is as shown in FIG. 4, and the process includes: Step S401, the terminal initial The evaluation is completed and communication begins with the RSD.
  • the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access.
  • the RSD may be completely allowed to access, and the terminal may access all resources in the RSD, or may partially allow access, gP, and the terminal may only access some resources in the RSD. . If the security status of the terminal is in full compliance with the RSD policy, the terminal is allowed to access the RSD. If the security status of the terminal meets the RSD policy requirements, the RSD may only allow the terminal to access the terminal.
  • Step S402 After the terminal accesses the RSD and communicates with the RSD for a period of time, the terminal may initiate a re-evaluation request to the ASD, requesting the ASD to perform a re-evaluation process on the terminal.
  • the ASD performs security status on the terminal. Re-evaluation of information and corresponding re-evaluation results.
  • Step S403 the ASD sends the current re-evaluation result assertion to the RSD.
  • the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
  • Step S404 the RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result. Specifically, when the re-evaluation result sent by the ASD is to allow access, the terminal and the RSD can be continued. The communication between the terminal and the RSD can also be ended when the terminal security state assertion cannot satisfy the requirements of the RSD. When the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
  • timely adjustment of appropriate controls for the terminal includes but is not limited to:
  • the terminal can only partially access the RSD, and the result of the re-evaluation shows that the security status of the terminal fully complies with the RSD policy requirements, then the RSD will continue to be maintained. Communicate with the terminal, and change the access status of the terminal to fully access the RSD, and enjoy all the services of the RSD;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements.
  • the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
  • the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
  • step S203 the RSD re-evaluates the terminal in time, and adjusts the execution process of the appropriate control to the terminal according to the result of the re-evaluation.
  • the method includes the following steps: Step S501: Initial evaluation of the terminal is completed. , and start communication with the RSD.
  • the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access.
  • the RSD may be completely allowed to access, and the terminal may access all resources in the RSD. It can be partially allowed access, gP, and the terminal can only access some resources in the RSD. If the security status of the terminal fully complies with the policy requirements of the RSD, the terminal is allowed to access the RSD completely. If the security status of the terminal meets the requirements of the RSD policy, the RSD may only allow the terminal to access.
  • Step S502 After the terminal accesses the RSD and communicates with the RSD for a period of time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to send the re-evaluation result for the terminal to the RSD.
  • the RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, and requires the terminal to be re-evaluated. At this time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to re-evaluate the terminal. It is sent to the RSD. In addition, the RSD can also actively subscribe to the ASD for information about the terminal security status re-evaluation result. The ASD requests the RSD to send this information to the RSD in time, or to specify a fixed re-evaluation period or frequency.
  • Step S503 the ASD performs re-evaluation of the security status information on the terminal, and generates a corresponding re-evaluation result.
  • Step S504 the ASD sends the current re-evaluation result assertion to the RSD.
  • the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
  • Step S505 The RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result sent by the ASD.
  • the communication between the terminal and the RSD can be continued.
  • the terminal security state assertion cannot satisfy the RSD requirement, the communication between the terminal and the RSD can also be ended.
  • the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
  • timely adjustment of appropriate control for the terminal includes but is not limited to: If the initial access evaluation, the security status of the terminal only partially meets the requirements of the RSD security policy, the terminal can only partially access the RSD. The result of the reassessment shows that the security status of the terminal is in full compliance with the RSD policy requirements, then the RSD will continue to maintain communication with the terminal and connect the terminal. Into the state of the full access to the RSD, you can enjoy all the services of the RSD;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
  • the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements.
  • the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
  • the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
  • step S204 the RSD does not directly reject the access response, and the execution process of requesting other security state assertions to the ASD is as shown in FIG. 6, and includes:
  • Step S601 The terminal initiates an access request to the server of the RSD.
  • Step S602 the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
  • Step S603 After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
  • Step S604 the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal, and determines that the security status assertion of the terminal does not satisfy the security policy requirement of the RSD.
  • Step S605 The RSD sends an assertion request of the other security state of the terminal to the ASD of the provider of the terminal security state assertion.
  • Step S606 after receiving the assertion request of the other security state of the RSD, the ASD responds to the other security state assertion of the terminal requested by the RSD.
  • Step S607 according to the result of the re-evaluation, the RSD makes a response whether to allow the terminal to access.
  • Step S608 the re-evaluation process is completed, and the terminal that is allowed to access can establish a connection with the RSD to communicate.
  • the terminal's access request may be denied.
  • the two network devices may be applicable to the same terminal.
  • the two network devices may belong to different security domains (or belong to the same security domain, or belong to different networks or the same network) to the same terminal.
  • This embodiment is also applicable to appropriate control of terminal security state evaluation by various networks such as enterprise networks, telecommunication networks, and mobile networks.
  • the terminal does not have to access two different security domains, but may be shared security assessment information between the same network, the same security domain, or different networks.
  • the security state of the terminal entering the network is ensured to meet the security policy requirements of the current network in the whole connection process of the terminal, and the network security is not Cause a certain threat.
  • the RSD can re-request other assertions, thereby improving the efficiency of the network.
  • a system for re-evaluating a security state according to Embodiment 3 of the present invention, as shown in FIG. 7, includes:
  • the ASD 71 is configured to re-evaluate the terminal 73 accessing the RSD 72, and send the result of the re-evaluation to the RSD 72;
  • the RSD 72 is configured to perform corresponding control of the access of the terminal 73 based on the result of the re-evaluation sent by the ASD 71.
  • the terminal 73 is configured to communicate with the RSD 72, and the terminal 73 is a device supporting a trusted network connection evaluation, and the type includes a smart terminal, a mobile phone, a personal data processor, a personal computer, a notebook, and an access point. Or several.
  • a re-evaluation module 81 configured to re-evaluate a terminal accessing the RSD
  • a sending module 82 configured to send the result of the re-evaluation by the re-evaluation module 81 to the RSD, so that the
  • the RSD makes appropriate control over the access of the terminal.
  • the re-evaluation module 81 includes:
  • the receiving unit 811 is configured to receive a re-evaluation request initiated by the terminal, to perform a re-evaluation process on the terminal.
  • the sending unit 812 is configured to send an assertion of the terminal security state re-evaluation result to the RSD after the receiving unit 811 performs the re-evaluation process on the terminal.
  • the triggering condition of the assertion of the re-evaluation result includes a change in the configuration of the security policy of the terminal ASD; the security policy configuration of the terminal ASD requires periodic assessment of the security status of the terminal; The terminal performs one or more of the security status assessments.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • a device for re-evaluating a security state according to the fifth embodiment of the present invention, the device is RSD 9, and the network device is deployed in the second security domain, as shown in FIG. 9, including:
  • the receiving module 91 is configured to receive a result of the re-evaluation from the ASD transmission
  • the control module 92 is configured to perform appropriate control on the access of the terminal according to the result of the re-evaluation received by the receiving module 91.
  • the device further includes:
  • the sending module 93 is configured to send a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the re-evaluation request or the subscription re-evaluation result information.
  • the trigger condition includes the RSD discovery The suspicious behavior of the terminal occurs; the security policy of the RSD itself is changed, and the terminal is required to be re-evaluated; the RSD subscribes to the ASD for information about the re-evaluation result of the security status of the terminal, and the requirement is as described above.
  • the evaluation result changes, and the ASD sends the evaluation result information to the RSD in time, or specifies one or several of the fixed re-evaluation periods.
  • the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
  • the present invention can be implemented by hardware, or can be implemented by means of software plus a necessary general hardware platform.
  • the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

Abstract

The present invention provides a method, a system and a device for revaluating security state. Said method includes: the terminal accessing the second security domain is revaluated; the result of said revaluation is sent to said second security domain. By means of the revaluation after the terminal accessed the relying security domain (RSD), the present invention ensures that the security state of the terminal accessing the network always meets the requirement of security policy of the current network in the whole connection process of the terminal and would not threaten the network security to a certain extent.

Description

一种安全状态重评估的方法、 系统及装置 技术领域  Method, system and device for reassessing safety state
本发明涉及通信技术领域, 特别是涉及一种安全状态重评估的方法、 系 统及装置。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a method, system and apparatus for re-evaluating a security state. Background technique
随着因特网的飞速发展和普遍应用, 病毒技术也迅速发展, 当病毒大规 模爆发时, 网络中传输的大量数据流量会因病毒而产生垃圾数据, 造成资源 浪费, 严重影响了网络效率和安全, 对用户的终端和业务产生了不利的影响 和安全威胁, 而且用户终端的病毒侵入很容易, 终端会存在系统漏洞或病毒 库过期等安全隐患。 对终端进行安全控制, 通过严格的终端安全评估, 可以 保证网络的安全。  With the rapid development and universal application of the Internet, virus technology has also developed rapidly. When a large-scale virus outbreak occurs, a large amount of data traffic transmitted in the network will generate garbage data due to viruses, resulting in waste of resources, which seriously affects network efficiency and security. It has adverse effects and security threats on the user's terminal and service, and the virus intrusion of the user terminal is very easy, and the terminal may have security risks such as system vulnerabilities or virus database expiration. Security control of the terminal and strict network security assessment ensure network security.
随着移动技术的发展以及移动终端的普及,越来越多的用户希望可以随 时接入网络享受各种各样的服务, 此时, 不仅需要对终端进行网络初始接入 时候的安全防护以及高效安全评估, 而且需要在终端整个通信的过程中保证 该终端不会对网络造成一定的威胁, 这就需要在网络侧根据一定的策略定期 对终端进行安全状态的重评估。  With the development of mobile technology and the popularity of mobile terminals, more and more users hope to access the network at any time to enjoy a variety of services. At this time, it is not only necessary to provide security protection and efficient when the terminal is initially accessed. Security assessment, and it is necessary to ensure that the terminal does not pose a certain threat to the network during the entire communication process of the terminal. This requires that the network periodically re-evaluate the security status of the terminal according to certain policies.
现有技术中, 当一个 ASD (Asserting Security Domain, 断言安全域) 的 终端跨域访问 RSD (Relying Security Domain, 依赖安全域) 时, RSD需要 对该终端进行安全状态评估。 RSD不直接对终端进行安全状态信息的收集与 评估, 而是在接收到终端的接入请求之后, RSD向终端的 ASD发送终端安 全状态断言请求, 在接收到终端 ASD的安全状态断言之后, 根据这一结果 对终端的接入请求做出响应。 只有满足 RSD安全策略要求的终端才允许访 问 RSD。 当终端得到 RSD的允许接入响应之后, 终端就可以与 RSD之间进 行通信或者享受某项服务。  In the prior art, when an ASD (Asserting Security Domain) terminal cross-domain access RSD (Relying Security Domain), the RSD needs to perform security state evaluation on the terminal. RSD does not directly collect and evaluate the security status information of the terminal, but after receiving the access request of the terminal, the RSD sends a terminal security status assertion request to the ASD of the terminal, after receiving the security state assertion of the terminal ASD, according to This result responds to the terminal's access request. Only terminals that meet the RSD security policy requirements are allowed to access RSD. After the terminal obtains the allowed access response of the RSD, the terminal can communicate with the RSD or enjoy a certain service.
在实现本发明过程中, 发明人发现现有技术中至少存在如下问题: 在终端与 RSD之间进行通信之后, RSD不再对终端的安全状态进行重 评估或是其它的任何关注, 在终端与 RSD的整个通信过程中, RSD也不会 对终端的安全状态进行重评估。 发明内容 In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art: After communication between the terminal and the RSD, the RSD no longer focuses on the security state of the terminal. Evaluation or any other concern, RSD does not re-evaluate the security status of the terminal during the entire communication between the terminal and the RSD. Summary of the invention
本发明实施例提供一种安全状态重评估的方法、 系统及装置, 以根据重 评估的结果及时调整对终端的合适的控制。  Embodiments of the present invention provide a method, system, and apparatus for re-evaluating a security state to timely adjust appropriate control of a terminal according to a result of re-evaluation.
为了达到上述目的, 本发明实施例提出了一种安全状态重评估的方法, 包括:  In order to achieve the above object, an embodiment of the present invention provides a method for re-evaluating a security state, including:
对访问第二安全域的终端进行重评估;  Re-evaluating the terminal accessing the second security domain;
将所述重评估结果向所述第二安全域发送。  Transmitting the re-evaluation result to the second security domain.
本发明实施例还提出了一种安全状态重评估的系统, 包括:  The embodiment of the invention further provides a system for reassessing the security status, including:
第一安全域, 用于对访问第二安全域的终端进行重评估, 并向所述第二 安全域发送所述重评估结果;  a first security domain, configured to re-evaluate a terminal accessing the second security domain, and send the re-evaluation result to the second security domain;
第二安全域,用于根据所述重评估结果对所述终端的访问做出相应的控 制。  And a second security domain, configured to perform corresponding control on the access of the terminal according to the re-evaluation result.
本发明实施例还提出了一种安全状态重评估的装置, 包括:  An embodiment of the present invention further provides a device for re-evaluating a security state, including:
重评估模块, 用于对访问第二安全域的终端进行重评估;  a re-evaluation module, configured to re-evaluate a terminal accessing the second security domain;
发送模块, 用于将所述重评估结果向所述第二安全域发送。  And a sending module, configured to send the re-evaluation result to the second security domain.
本发明实施例还提出了一种安全状态重评估的装置, 包括:  An embodiment of the present invention further provides a device for re-evaluating a security state, including:
接收模块, 用于接收来自第一安全域发送的重评估的结果;  a receiving module, configured to receive a result of the re-evaluation sent from the first security domain;
控制模块, 用于根据所述重评估的结果对终端的访问做出相应的控制。 与现有技术相比, 本发明实施例具有以下优点:  And a control module, configured to perform corresponding control on access of the terminal according to the result of the re-evaluation. Compared with the prior art, the embodiment of the invention has the following advantages:
通过对终端接入 RSD—段时间之后的重评估, 保证进入网络的终端安 全状态在终端整个连接的过程中始终满足当前网络的安全策略要求, 不会对 网络的安全造成一定的威胁。 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。 By re-evaluating the terminal after accessing the RSD-segment time, the security state of the terminal entering the network is guaranteed to meet the security policy requirements of the current network during the entire connection process of the terminal, and does not pose a certain threat to the security of the network. In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1为本发明 施例一提出的一种安全状态重评估的方法流程图; 图 2为本发明 施例二提出的一种安全状态重评估的方法流程图; 图 3为本发明 施例二提出的 RSD对终端请求接入网络时的初始评估 的执行流程图;  1 is a flow chart of a method for reassessing a safety state according to a first embodiment of the present invention; FIG. 2 is a flow chart of a method for reassessing a safety state according to a second embodiment of the present invention; An execution flow chart of the initial evaluation of the proposed RSD to the terminal requesting access to the network;
图 4为本发明 施例二提出的 RSD对终端进行重评估的执行流程图; 图 5为本发明 施例二提出的另一种 RSD对终端进行重评估的执行流 程图;  4 is a flowchart of execution of re-evaluation of a terminal by an RSD according to Embodiment 2 of the present invention; FIG. 5 is a flowchart of execution of re-evaluation of a terminal by another RSD according to Embodiment 2 of the present invention;
图 6为本发明 施例二提出的另一种 RSD对终端进行重评估的执行流 程图;  6 is a flow chart showing an execution process of another RSD for re-evaluating a terminal according to Embodiment 2 of the present invention;
图 7为本发明 施例三提出的一种安全状态重评估的系统结构图; 图 8为本发明 施例四提出的一种安全状态重评估的装置结构图; 图 9为本发明 施例五提出的一种安全状态重评估的装置结构图。 具体实施方式  7 is a system structural diagram of a safety state re-evaluation according to Embodiment 3 of the present invention; FIG. 8 is a structural diagram of a safety state re-evaluation apparatus according to Embodiment 4 of the present invention; A device structure diagram for re-evaluation of a safety state is proposed. detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作 出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例一提出的一种安全状态重评估的方法, 如图 1所示, 可以 包括:  A method for re-evaluating a security state according to the first embodiment of the present invention, as shown in FIG. 1, may include:
步骤 S101 , 对访问第二安全域的终端进行重评估;  Step S101: Perform re-evaluation on the terminal accessing the second security domain.
步骤 S102, 将所述重评估结果向所述第二安全域发送。  Step S102: Send the re-evaluation result to the second security domain.
具体的, 在将所述重评估结果向所述第二安全域发送之后, 第二安全域 还可以接收该重评估结果, 并根据该重评估结果对该终端的访问做出相应控 制。 进一步的, 该方法还可以包括: Specifically, after the re-evaluation result is sent to the second security domain, the second security domain The re-evaluation result can also be received, and corresponding access to the terminal is controlled according to the re-evaluation result. Further, the method may further include:
步骤 S103 , 第二安全域接收该重评估结果, 并根据该重评估结果对该 终端的访问做出相应控制。  Step S103: The second security domain receives the re-evaluation result, and performs corresponding control on the access of the terminal according to the re-evaluation result.
从安全的角度来看, 一个网络中的所有系统实际上由多个安全域构成, 每一个安全域简称域。第二安全域和第一安全域可以是安全域或者网络中的 服务器, 可以是认证服务器, 也可以是评估服务器等设备, 在本发明的所有 实施例中, 第二安全域以依赖安全域 RSD为例, 第一安全域以断言安全域 ASD为例。 而终端可以是智能终端、 手机、 PDA (Personal Digital Assistant, 个人数据处理机)、 普通 PC (personal computer, 个人电脑)、 笔记本以及 AP (Access Point, 接入点) 等支持 TNC (Trusted Network Connect, 可信网 络连接) 评估的设备。  From a security perspective, all systems in a network are actually composed of multiple security domains, each of which is referred to as a domain. The second security domain and the first security domain may be a security domain or a server in the network, and may be an authentication server or an evaluation server. In all embodiments of the present invention, the second security domain relies on the security domain RSD. For example, the first security domain takes the assertion of the security domain ASD as an example. The terminal can be a smart terminal, a mobile phone, a PDA (Personal Digital Assistant, a personal data processor), a normal PC (personal computer), a notebook, and an AP (Access Point) support TNC (Trusted Network Connect, Trusted Network Connection) Evaluated device.
重评估正在跨域通信的终端的触发条件可以包括: ASD向 RSD发送终 端安全状态重评估结果的断言触发条件;和 /或所述 RSD向该终端的 ASD发 送重评估请求或订阅重评估结果信息的触发条件。该 ASD向该 RSD发送终 端安全状态重评估结果的断言触发条件包括: 该终端 ASD的自身安全策略 配置发生改变、 该终端 ASD的安全策略配置规定需要周期性的对终端进行 安全状态评估、 该终端请求 ASD重新对该终端进行安全状态评估中的一种 或几种。 该 RSD向该终端的 ASD发送重评估请求或订阅重评估结果信息的 触发条件包括: 该 RSD发现该终端发生了可疑行为、 该 RSD自身的安全策 略发生改变, 要求对所述终端进行重评估、 该 RSD向该 ASD订阅关于所述 终端安全状态重评估结果信息, 要求一旦所述评估结果发生变化, 该 ASD 向该 RSD及时发送所述评估结果信息, 或者规定固定的重评估周期中的一 种或几种。  The re-evaluation of the trigger condition of the terminal that is communicating across the domain may include: the ASD transmitting an assertion trigger condition of the terminal security status re-evaluation result to the RSD; and/or the RSD transmitting the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal Trigger condition. The assertion triggering condition for the ASD to send the terminal security state re-evaluation result to the RSD includes: the configuration of the security policy of the terminal ASD is changed, and the security policy configuration of the terminal ASD needs to periodically perform security state evaluation on the terminal, and the terminal Requesting the ASD to re-evaluate one or more of the security status assessments of the terminal. The triggering condition for the RSD to send the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal includes: the RSD discovers that the suspicious behavior of the terminal occurs, the security policy of the RSD itself changes, and the terminal is required to re-evaluate, The RSD subscribes to the ASD for information about the terminal security status re-evaluation result, and requests the ASD to send the evaluation result information to the RSD in time, or to specify one of a fixed re-evaluation period, once the evaluation result changes. Or several.
该根据重评估的结果对该终端进行合适的控制包括: 如果初始接入评估 时, 所述终端的安全状态只是部分符合第二安全域的安全策略要求, 所述终 端只能部分接入所述第二安全域, 而重评估的结果显示所述终端的安全状态 完全符合所述第二安全域策略要求,所述第二安全域继续保持与所述终端的 通信, 并将所述终端的接入状态改为完全接入所述第二安全域; 或 The appropriate control of the terminal according to the result of the re-evaluation includes: if the security status of the terminal is only partially complying with the security policy requirements of the second security domain, The terminal can only partially access the second security domain, and the result of the re-evaluation indicates that the security state of the terminal completely meets the second security domain policy requirement, and the second security domain continues to maintain communication with the terminal. And changing the access status of the terminal to fully access the second security domain; or
如果初始接入评估时,所述终端的安全状态完全符合所述第二安全域安 全策略要求,所述重评估结果显示所述终端的安全状态只是部分符合所述第 二安全域要求,所述第二安全域允许所述终端接入以继续保持与所述终端的 通信, 此时的接入是部分接入所述第二安全域;  If the security status of the terminal fully meets the security policy requirements of the second security domain, the re-evaluation result indicates that the security status of the terminal only partially meets the requirements of the second security domain, The second security domain allows the terminal to access to continue to maintain communication with the terminal, and the access at this time is to partially access the second security domain;
如果初始接入评估时,所述终端的安全状态完全符合所述第二安全域安 全策略要求,所述重评估结果说明所述终端安全状态不符合所述第二安全域 安全策略要求, 所述第二安全域中止与该所述终端当前的所有连接; 或  If the security status of the terminal is in compliance with the security policy requirements of the second security domain, the re-evaluation result indicates that the security status of the terminal does not meet the security policy requirements of the second security domain. The second security domain terminates all connections with the terminal; or
所述第二安全域根据所述终端重评估结果对所述允许接入的终端进行 角色映射,将不属于所述第二安全域的终端映射为所述第二安全域域内的终 The second security domain performs role mapping on the terminal that is allowed to access according to the re-evaluation result of the terminal, and maps the terminal that does not belong to the second security domain to the terminal in the second security domain.
^山 ^Mountain
¾。  3⁄4.
可见, 本发明实施例中, 通过对终端接入 RSD—段时间之后的重评估, 保证进入网络的终端安全状态在终端整个连接的过程中始终满足当前网络 的安全策略要求, 不会对网络的安全造成一定的威胁。  It can be seen that, in the embodiment of the present invention, the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
本发明实施例二提出的一种安全状态重评估的方法,如图 2所示,包括: 步骤 S201, RSD对终端请求接入网络时进行初始评估, 并判断 ASD提 供的安全状态断言是否满足 RSD安全策略要求, 当 ASD提供的安全状态断 言满足 RSD安全策略要求时, 在完成对终端请求接入网络时的初始评估并 建立终端与 RSD之间的通信之后, 当 ASD向 RSD发送终端安全状态重评 估结果的断言时,转到步骤 S202, 当 RSD向终端的 ASD发送重评估请求或 者订阅重评估结果信息时, 转到步骤 S203 , 当 ASD提供的安全状态断言不 能满足 RSD安全策略要求时, 转到步骤 S204。  A method for re-evaluating the security state according to the second embodiment of the present invention, as shown in FIG. 2, includes: Step S201: The RSD performs an initial evaluation when the terminal requests to access the network, and determines whether the security state assertion provided by the ASD satisfies the RSD. The security policy requires that when the security state assertion provided by the ASD meets the RSD security policy requirements, after completing the initial evaluation of the terminal requesting access to the network and establishing communication between the terminal and the RSD, the ASD sends the terminal security state to the RSD. When the assertion of the evaluation result is made, go to step S202, when the RSD sends the re-evaluation request or the subscription re-evaluation result information to the ASD of the terminal, go to step S203, when the security state assertion provided by the ASD fails to meet the RSD security policy requirement, Go to step S204.
步骤 S202, 当终端完成初始评估, 并与 RSD建立通信一段时间之后, Step S202, after the terminal completes the initial evaluation and establishes communication with the RSD for a period of time,
ASD向 RSD发送终端安全状态重评估结果的断言, RSD会及时对该终端进 行重评估, 并根据重评估的结果及时调整对终端的合适的控制。 该终端与The ASD sends an assertion of the terminal security status re-evaluation result to the RSD, and the RSD will promptly enter the terminal. The line is reassessed and the appropriate control of the terminal is adjusted in time based on the results of the reassessment. The terminal and
RSD之间建立通信具体为跨域通信,具体是 ASD域与 RSD域之间的跨域通 信。 The communication between the RSDs is specifically cross-domain communication, specifically the cross-domain communication between the ASD domain and the RSD domain.
具体的, 在 RSD完成对终端的初始评估, 并与该终端开始通信之后, 该终端的安全状态断言的提供方的 ASD会向 RSD发送终端安全状态重评估 结果的断言, RSD根据该结果及时调整对终端的合适的控制。此外, 该终端 的安全状态断言的提供方的 ASD还可以将该安全状态重评估结果的断言发 送给该终端, 使得该终端向 RSD转发该安全状态重评估结果的断言, RSD 根据该结果及时调整对终端的合适的控制。  Specifically, after the RSD completes the initial evaluation of the terminal and starts communication with the terminal, the ASD of the provider of the security state assertion of the terminal sends an assertion of the re-evaluation result of the terminal security state to the RSD, and the RSD adjusts according to the result. Appropriate control of the terminal. In addition, the ASD of the security state asserted by the terminal may also send an assertion of the security status re-evaluation result to the terminal, so that the terminal forwards the assertion of the security status re-evaluation result to the RSD, and the RSD adjusts according to the result. Appropriate control of the terminal.
该终端的安全状态断言的提供方的 ASD向 RSD发送终端安全状态重评 估结果的断言的触发条件包括但不限于以下场景, 终端 ASD的自身安全策 略配置发生改变、 或是终端 ASD的安全策略配置规定需要周期性的对终端 进行安全状态评估、 或是终端请求 ASD重新对其进行安全状态评估。 在上 述触发条件的驱使下, ASD会对该终端的安全状态重新进行评估并产生相应 的重评估结果, 并将该一重评估结果主动发送给 RSD。  The trigger condition of the assertion of the security state of the terminal asserting the ASD of the provider to the RSD to send the terminal security state re-evaluation result includes, but is not limited to, the following scenario, the configuration of the security policy of the terminal ASD is changed, or the security policy configuration of the terminal ASD is configured. It is required to periodically perform a security status assessment on the terminal, or the terminal requests the ASD to re-evaluate its security status. Driven by the above trigger conditions, ASD will re-evaluate the security status of the terminal and generate a corresponding re-evaluation result, and will actively send the result of the re-evaluation to the RSD.
步骤 S203 , 当终端初始评估完成, 并与 RSD建立通信一段时间之后, 当 RSD向终端的 ASD发送重评估请求或者订阅重评估结果信息,要求 ASD 对终端安全状态进行重评估并发送针对该终端重评估结果的断言时, RSD可 以及时对该终端进行重评估, 并根据重评估的结果及时调整对终端的合适的 控制。  Step S203, after the initial evaluation of the terminal is completed, and the communication is established with the RSD for a period of time, when the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the ASD is required to re-evaluate the security state of the terminal and send a heavy weight for the terminal. When the evaluation result is asserted, the RSD can re-evaluate the terminal in time, and adjust the appropriate control of the terminal in time according to the result of the re-evaluation.
具体的, 在 RSD完成对终端的初始评估, 并与该终端开始通信之后, RSD向终端的 ASD发送重评估请求或者订阅重评估结果信息,要求 ASD对 终端安全状态进行重评估并发送针对终端重评估结果的断言时, RSD可以根 据该结果及时调整对终端的合适的控制。  Specifically, after the RSD completes the initial evaluation of the terminal and starts communication with the terminal, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, and requires the ASD to re-evaluate the terminal security status and send the terminal to the terminal. When asserting the results of the evaluation, the RSD can adjust the appropriate control of the terminal in time based on the result.
该 RSD向终端的 ASD发送重评估请求或者订阅重评估结果信息, 要求 The RSD sends a re-evaluation request to the terminal's ASD or subscribes to the re-evaluation result information, requesting
ASD 对终端安全状态进行重评估并发送针对终端重评估结果的断言的触发 条件包括但不限于以下场景, RSD 发现该终端发生了某些可疑行为、 或是 RSD自身的安全策略发生改变, 要求对终端进行重评估、 或是 RSD向 ASD 订阅关于终端安全状态重评估结果信息, 要求一旦其评估结果发生变化, ASD就向 RSD及时发送这一信息, 或者规定固定的重评估周期或频率。 ASD re-evaluates the terminal security status and sends an assertion trigger for the terminal re-evaluation result The conditions include, but are not limited to, the following scenarios: RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, requires re-evaluation of the terminal, or RSD subscribes to the ASD for information about the terminal security status re-evaluation result. ASD is required to send this information to the RSD in a timely manner as soon as its evaluation results change, or to specify a fixed reassessment period or frequency.
在上述步骤 S202和步骤 S203中, 并没有先后的顺序关系, 只是发送重 评估请求的对象不同, 在步骤 S202中为接入请求, 具体为 ASD向 RSD发 送终端安全状态重评估结果的断言,在步骤 S203中为服务请求,具体为 RSD 向终端的 ASD发送重评估请求或者订阅重评估结果信息。 本实施例中, 该 进行重评估的网络包括但不限于固网、 无线网以及其它融合网络。  In the above steps S202 and S203, there is no sequential relationship, but the object for transmitting the re-evaluation request is different. In step S202, the access request is specifically an assertion that the ASD sends the terminal security state re-evaluation result to the RSD. In step S203, the service request is specifically, the RSD sends a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal. In this embodiment, the network for re-evaluation includes, but is not limited to, a fixed network, a wireless network, and other converged networks.
步骤 S204, 当 ASD提供的安全状态断言不满足 RSD安全策略要求时, 该 RSD不会直接做出拒绝接入的响应, 而是向该 ASD请求其它的安全状态 断言, 该 RSD会根据该 ASD重新提供的其它安全状态断言对终端的请求做 出响应。  Step S204: When the security state assertion provided by the ASD does not meet the RSD security policy requirement, the RSD does not directly respond to the denial of access, but requests other security state assertions to the ASD, and the RSD is re-established according to the ASD. Other security state assertions provided respond to requests from the terminal.
具体的, 在步骤 S201中, 该 RSD对终端请求接入网络时的初始评估的 执行流程如图 3所示, 包括:  Specifically, in step S201, the execution process of the initial evaluation when the RSD requests the terminal to access the network is as shown in FIG. 3, and includes:
步骤 S301 , 终端向 RSD的服务器发起接入请求。  Step S301: The terminal initiates an access request to the server of the RSD.
步骤 S302, RSD确定该终端安全状态断言的提供方的 ASD,并向该 ASD 发送终端安全状态断言请求。  Step S302, the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
该安全状态断言是指对终端安全状态信息、安全评估结果以及与终端相 关的安全事件元数据的一种声明, 根据该安全状态断言可以判断出该终端是 否是安全的。  The security state assertion refers to a statement of terminal security status information, security evaluation results, and security event metadata associated with the terminal, and based on the security status assertion, it can be determined whether the terminal is secure.
步骤 S303 , ASD接收到 RSD的终端断言请求之后, 识别该终端断言请 求是对应哪个终端的, 并响应 RSD所请求的该终端的安全状态断言。  Step S303: After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
步骤 S304, RSD根据该终端的安全状态断言对该终端的 ASD发来的安 全状态进行评估。  Step S304, the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal.
步骤 S305 , 根据上述评估结果, RSD做出是否允许该终端接入的响应。 步骤 S306, 完成初始评估过程, 该允许接入的终端就可以与 RSD之间 建立连接进行通信。 Step S305, according to the foregoing evaluation result, the RSD makes a response whether to allow the terminal to access. Step S306, the initial evaluation process is completed, and the terminal that allows access can establish a connection with the RSD to communicate.
当终端的 ASD提供的安全状态断言不能满足 RSD的要求时, RSD可以 重新请求新的或者其它类型的安全状态断言。这时的重评估,可以通过 ASD 与 RSD之间预先协商确定, 要求 ASD提供最新的或者特定的安全状态断言 相关信息, 以完成初始评估过程。  When the security state assertion provided by the terminal's ASD does not meet the RSD requirements, the RSD can re-request new or other types of security state assertions. The reassessment at this time can be determined by pre-negotiating between ASD and RSD, requiring ASD to provide up-to-date or specific security status assertion related information to complete the initial evaluation process.
具体的, 在步骤 S202中, 该 RSD会及时对该终端进行重评估, 并根据 重评估的结果及时调整对终端的合适的控制,其执行流程如图 4所示,包括: 步骤 S401 , 终端初始评估完成, 并与 RSD之间开始通信。  Specifically, in step S202, the RSD re-evaluates the terminal in time, and adjusts the appropriate control to the terminal according to the result of the re-evaluation. The execution process is as shown in FIG. 4, and the process includes: Step S401, the terminal initial The evaluation is completed and communication begins with the RSD.
具体的, RSD完成对终端请求接入的初始安全状态评估,对于允许接入 的终端, 该终端可以与 RSD之间进行通信。 对于允许接入该 RSD的终端, 可以是完全允许接入该 RSD, gp, 终端可以访问该 RSD内的所有资源, 也 可以是部分允许接入, gP, 终端只能访问该 RSD 内的部分资源。 如果终端 的安全状态完全符合 RSD的策略要求, 则允许终端完全接入 RSD, 如果终 端的部分安全状态符合 RSD策略要求, 则 RSD可能只允许终端部分接入。  Specifically, the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access. For the terminal that is allowed to access the RSD, the RSD may be completely allowed to access, and the terminal may access all resources in the RSD, or may partially allow access, gP, and the terminal may only access some resources in the RSD. . If the security status of the terminal is in full compliance with the RSD policy, the terminal is allowed to access the RSD. If the security status of the terminal meets the RSD policy requirements, the RSD may only allow the terminal to access the terminal.
步骤 S402, 终端接入 RSD并与 RSD进行通信一段时间之后, 该终端可 以向 ASD发起重评估请求, 请求 ASD对终端执行重评估过程。  Step S402: After the terminal accesses the RSD and communicates with the RSD for a period of time, the terminal may initiate a re-evaluation request to the ASD, requesting the ASD to perform a re-evaluation process on the terminal.
具体的, 当终端的 ASD自身安全策略发生改变, 或者终端 ASD的策略 规定需要对终端进行周期性的重评估, 或者 ASD接收到终端发送的上述重 评估请求时, ASD就会对终端进行安全状态信息的重评估,并产生相应的重 评估结果。  Specifically, when the ASD security policy of the terminal changes, or the policy of the terminal ASD requires periodic re-evaluation of the terminal, or the ASD receives the re-evaluation request sent by the terminal, the ASD performs security status on the terminal. Re-evaluation of information and corresponding re-evaluation results.
步骤 S403 , ASD将当前的重评估结果断言发送给 RSD。  Step S403, the ASD sends the current re-evaluation result assertion to the RSD.
此外, ASD还可以将当前的重评估结果断言发送该终端,使得该终端向 RSD转发该安全状态重评估结果的断言。  In addition, the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
步骤 S404, RSD根据该重评估结果, 及时调整对终端的合适的控制。 具体的,当 ASD发来的重评估结果为允许接入时,可以继续终端与 RSD 之间的通信, 当终端安全状态断言不能满足 RSD 的要求时, 也可以结束终 端与 RSD之间的通信。 当不能满足 RSD的要求时, RSD可以重新请求新的 或者其它类型的安全状态断言。 Step S404, the RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result. Specifically, when the re-evaluation result sent by the ASD is to allow access, the terminal and the RSD can be continued. The communication between the terminal and the RSD can also be ended when the terminal security state assertion cannot satisfy the requirements of the RSD. When the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
根据 ASD发来的重评估结果, 及时调整对终端的合适的控制包括但不 限于:  According to the re-evaluation results sent by ASD, timely adjustment of appropriate controls for the terminal includes but is not limited to:
如果初始接入评估时, 终端的安全状态只是部分符合 RSD安全策略要 求, 终端只能部分接入 RSD,而重评估的结果显示终端的安全状态完全符合 RSD策略要求, 那么此时 RSD将继续保持与终端的通信, 并将终端的接入 状态改为完全接入 RSD, 可以享受 RSD的所有服务;  If the security status of the terminal is only partially compliant with the RSD security policy, the terminal can only partially access the RSD, and the result of the re-evaluation shows that the security status of the terminal fully complies with the RSD policy requirements, then the RSD will continue to be maintained. Communicate with the terminal, and change the access status of the terminal to fully access the RSD, and enjoy all the services of the RSD;
如果初始接入评估时, 终端的安全状态完全符合 RSD安全策略要求, 而重评估结果显示终端的安全状态只是部分符合 RSD要求, RSD也允许终 端接入继续保持与终端的通信,但是此时的接入只能是部分接入, 这时 RSD 就会限制终端的某些服务;  If the initial access evaluation, the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
如果初始接入评估时, 终端的安全状态完全符合 RSD安全策略要求, 而重评估结果说明终端安全状态不再符合 RSD安全策略要求, 此时 RSD就 会中止的与该终端当前的所有连接不再为其提供服务; 这种情况下, RSD可 能会将该终端划分到一定的隔离区域, 也可能会通知 ASD进行修复。  If the initial access evaluation is performed, the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements. At this time, the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
此外, RSD 可以根据终端重评估的结果对允许接入的终端进行角色映 射, 将原本不属于自己的终端映射为该 RSD域内的终端, 使得终端能够访 问与本域内其角色相对应的所有网络资源。  In addition, the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
具体的, 在步骤 S203中, 该 RSD及时对该终端进行重评估, 并根据重 评估的结果及时调整对终端的合适的控制的执行流程如图 5所示, 包括: 步骤 S501 , 终端初始评估完成, 并与 RSD之间开始通信。  Specifically, in step S203, the RSD re-evaluates the terminal in time, and adjusts the execution process of the appropriate control to the terminal according to the result of the re-evaluation. As shown in FIG. 5, the method includes the following steps: Step S501: Initial evaluation of the terminal is completed. , and start communication with the RSD.
具体的, RSD完成对终端请求接入的初始安全状态评估,对于允许接入 的终端, 该终端可以与 RSD之间进行通信。 对于允许接入该 RSD的终端, 可以是完全允许接入该 RSD, gp, 终端可以访问该 RSD内的所有资源, 也 可以是部分允许接入, gP, 终端只能访问该 RSD 内的部分资源。 如果终端 的安全状态完全符合 RSD的策略要求, 则允许终端完全接入 RSD, 如果终 端的部分安全状态符合 RSD策略要求, 则 RSD可能只允许终端部分接入。 Specifically, the RSD completes an initial security state assessment for requesting access by the terminal, and the terminal can communicate with the RSD for the terminal that is allowed to access. For a terminal that allows access to the RSD, the RSD may be completely allowed to access, and the terminal may access all resources in the RSD. It can be partially allowed access, gP, and the terminal can only access some resources in the RSD. If the security status of the terminal fully complies with the policy requirements of the RSD, the terminal is allowed to access the RSD completely. If the security status of the terminal meets the requirements of the RSD policy, the RSD may only allow the terminal to access.
步骤 S502, 终端接入 RSD并与 RSD进行通信一段时间之后, RSD向 ASD发送重评估请求, 请求 ASD将针对终端的重评估结果发送给 RSD。  Step S502: After the terminal accesses the RSD and communicates with the RSD for a period of time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to send the re-evaluation result for the terminal to the RSD.
具体的, RSD发现该终端发生了某些可疑行为, 或者 RSD自身的安全 策略发生改变, 要求对终端进行重评估, 这时, RSD向 ASD发送重评估请 求, 请求 ASD将针对终端的重评估结果发送给 RSD; 另外, RSD也可以主 动向 ASD订阅关于终端安全状态重评估结果信息, 要求一旦其评估结果发 生变化, ASD就向 RSD及时发送这一信息, 或者规定固定的重评估周期或 频率。  Specifically, the RSD finds that the terminal has some suspicious behavior, or the RSD's own security policy changes, and requires the terminal to be re-evaluated. At this time, the RSD sends a re-evaluation request to the ASD, requesting the ASD to re-evaluate the terminal. It is sent to the RSD. In addition, the RSD can also actively subscribe to the ASD for information about the terminal security status re-evaluation result. The ASD requests the RSD to send this information to the RSD in time, or to specify a fixed re-evaluation period or frequency.
步骤 S503, ASD对终端进行安全状态信息的重评估, 并产生相应的重 评估结果。  Step S503, the ASD performs re-evaluation of the security status information on the terminal, and generates a corresponding re-evaluation result.
步骤 S504, ASD将当前的重评估结果断言发送给 RSD。 此外, ASD还 可以将当前的重评估结果断言发送该终端, 使得该终端向 RSD转发该安全 状态重评估结果的断言。  Step S504, the ASD sends the current re-evaluation result assertion to the RSD. In addition, the ASD can also assert the current re-evaluation result to the terminal, causing the terminal to forward the assertion of the security status re-evaluation result to the RSD.
步骤 S505 , RSD根据 ASD发来的重评估结果,及时调整对终端的合适 的控制。  Step S505: The RSD adjusts the appropriate control to the terminal in time according to the re-evaluation result sent by the ASD.
具体的,当 ASD发来的重评估结果为允许接入时,可以继续终端与 RSD 之间的通信, 当终端安全状态断言不能满足 RSD 的要求时, 也可以结束终 端与 RSD之间的通信。 当不能满足 RSD的要求时, RSD可以重新请求新的 或者其它类型的安全状态断言。  Specifically, when the re-evaluation result sent by the ASD is to allow access, the communication between the terminal and the RSD can be continued. When the terminal security state assertion cannot satisfy the RSD requirement, the communication between the terminal and the RSD can also be ended. When the RSD requirements are not met, the RSD can re-request new or other types of security state assertions.
根据 ASD发来的重评估结果, 及时调整对终端的合适的控制包括但不 限于: 如果初始接入评估时, 终端的安全状态只是部分符合 RSD安全策略 要求, 终端只能部分接入 RSD, 而重评估的结果显示终端的安全状态完全符 合 RSD策略要求, 那么此时 RSD将继续保持与终端的通信, 并将终端的接 入状态改为完全接入 RSD, 可以享受 RSD的所有服务; According to the re-evaluation results sent by ASD, timely adjustment of appropriate control for the terminal includes but is not limited to: If the initial access evaluation, the security status of the terminal only partially meets the requirements of the RSD security policy, the terminal can only partially access the RSD. The result of the reassessment shows that the security status of the terminal is in full compliance with the RSD policy requirements, then the RSD will continue to maintain communication with the terminal and connect the terminal. Into the state of the full access to the RSD, you can enjoy all the services of the RSD;
如果初始接入评估时, 终端的安全状态完全符合 RSD安全策略要求, 而重评估结果显示终端的安全状态只是部分符合 RSD要求, RSD也允许终 端接入继续保持与终端的通信,但是此时的接入只能是部分接入, 这时 RSD 就会限制终端的某些服务;  If the initial access evaluation, the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result shows that the security status of the terminal only partially meets the RSD requirements, and the RSD also allows the terminal access to continue to maintain communication with the terminal, but at this time Access can only be part of the access, then RSD will limit some services of the terminal;
如果初始接入评估时, 终端的安全状态完全符合 RSD安全策略要求, 而重评估结果说明终端安全状态不再符合 RSD安全策略要求, 此时 RSD就 会中止的与该终端当前的所有连接不再为其提供服务; 这种情况下, RSD可 能会将该终端划分到一定的隔离区域, 也可能会通知 ASD进行修复。  If the initial access evaluation is performed, the security status of the terminal fully complies with the RSD security policy requirements, and the re-evaluation result indicates that the terminal security status no longer meets the RSD security policy requirements. At this time, the RSD will abort all current connections with the terminal. Serve it; in this case, RSD may divide the terminal into a certain isolation area, and may also notify ASD to fix it.
此外, RSD 可以根据终端重评估的结果对允许接入的终端进行角色映 射, 将原本不属于自己的终端映射为该 RSD域内的终端, 使得终端能够访 问与本域内其角色相对应的所有网络资源。  In addition, the RSD can perform role mapping on the terminal that is allowed to access according to the result of the terminal re-evaluation, and map the terminal that is not originally its own to the terminal in the RSD domain, so that the terminal can access all the network resources corresponding to the roles in the domain. .
具体的, 在步骤 S204中, 该 RSD不直接拒绝接入响应, 向 ASD请求 其它的安全状态断言的执行流程如图 6所示, 包括:  Specifically, in step S204, the RSD does not directly reject the access response, and the execution process of requesting other security state assertions to the ASD is as shown in FIG. 6, and includes:
步骤 S601 , 终端向 RSD的服务器发起接入请求。  Step S601: The terminal initiates an access request to the server of the RSD.
步骤 S602, RSD确定该终端安全状态断言的提供方的 ASD,并向该 ASD 发送终端安全状态断言请求。  Step S602, the RSD determines the ASD of the provider of the terminal security state assertion, and sends a terminal security state assertion request to the ASD.
步骤 S603 , ASD接收到 RSD的终端断言请求之后, 识别该终端断言请 求是对应哪个终端的, 并响应 RSD所请求的该终端的安全状态断言。  Step S603: After receiving the terminal assertion request of the RSD, the ASD identifies which terminal the assertion request corresponds to, and responds to the security state assertion of the terminal requested by the RSD.
步骤 S604, RSD根据该终端的安全状态断言对该终端的 ASD发来的安 全状态进行评估, 判定该终端的安全状态断言不满足该 RSD 的安全策略要 求。  Step S604, the RSD asserts the security status sent by the ASD of the terminal according to the security status of the terminal, and determines that the security status assertion of the terminal does not satisfy the security policy requirement of the RSD.
步骤 S605 ,该 RSD向该终端安全状态断言的提供方的 ASD发送该终端 的其它安全状态的断言请求。  Step S605: The RSD sends an assertion request of the other security state of the terminal to the ASD of the provider of the terminal security state assertion.
步骤 S606, ASD接收到 RSD 的其它安全状态的断言请求之后, 响应 RSD所请求的该终端的其它安全状态断言。 步骤 S607 , 根据上述重评估的结果, RSD做出是否允许该终端接入的 响应。 Step S606, after receiving the assertion request of the other security state of the RSD, the ASD responds to the other security state assertion of the terminal requested by the RSD. Step S607, according to the result of the re-evaluation, the RSD makes a response whether to allow the terminal to access.
步骤 S608 , 完成重评估过程, 该允许接入的终端就可以与 RSD之间建 立连接进行通信。  Step S608, the re-evaluation process is completed, and the terminal that is allowed to access can establish a connection with the RSD to communicate.
当终端的 ASD提供的其它安全状态断言仍不能满足该 RSD的要求时, 可以拒绝该终端的接入请求了。  When the other security state assertions provided by the terminal's ASD still fail to meet the RSD requirements, the terminal's access request may be denied.
上述实施例中, 均可以适用于任意两个网络设备, 该两个网络设备可以 是属于不同安全域(或者是属于同一个安全域, 或者属于不同网络、 或者是 同一网络)之间对同一终端通过安全状态评估进行合适的控制。 本实施例也 适用于企业网、 电信网以及移动网等各种网络对终端安全状态评估的合适的 控制。 本发明所有实施例中, 终端不一定是访问两个不同的安全域, 而可以 是同一个网络、 同一个安全域或者不同网络之间的共享安全评估信息。  In the foregoing embodiment, the two network devices may be applicable to the same terminal. The two network devices may belong to different security domains (or belong to the same security domain, or belong to different networks or the same network) to the same terminal. Proper control through safety status assessment. This embodiment is also applicable to appropriate control of terminal security state evaluation by various networks such as enterprise networks, telecommunication networks, and mobile networks. In all embodiments of the present invention, the terminal does not have to access two different security domains, but may be shared security assessment information between the same network, the same security domain, or different networks.
可见, 本实施例中, 通过对终端接入 RSD—段时间之后的重评估, 保 证进入网络的终端安全状态在终端整个连接的过程中始终满足当前网络的 安全策略要求, 不会对网络的安全造成一定的威胁。 而且当终端的 ASD在 初次提供的安全状态断言不满足 RSD要求时, RSD也可以重新请求其它的 断言, 从而提高了网络的效率。  It can be seen that, in this embodiment, by re-evaluating the terminal after accessing the RSD-time, the security state of the terminal entering the network is ensured to meet the security policy requirements of the current network in the whole connection process of the terminal, and the network security is not Cause a certain threat. Moreover, when the ASD of the terminal does not satisfy the RSD requirement when the initial security state assertion is satisfied, the RSD can re-request other assertions, thereby improving the efficiency of the network.
本发明实施例三提出的一种安全状态重评估的系统,如图 7所示,包括: A system for re-evaluating a security state according to Embodiment 3 of the present invention, as shown in FIG. 7, includes:
ASD 71 , 用于对访问 RSD 72的终端 73进行重评估, 并向 RSD 72发送 该重评估的结果; The ASD 71 is configured to re-evaluate the terminal 73 accessing the RSD 72, and send the result of the re-evaluation to the RSD 72;
RSD 72, 用于根据 ASD 71发送的重评估的结果对该终端 73的访问做 出相应的控制。  The RSD 72 is configured to perform corresponding control of the access of the terminal 73 based on the result of the re-evaluation sent by the ASD 71.
终端 73, 用于与该 RSD 72进行通信, 该终端 73为支持可信网络连接 评估的设备, 其类型包括智能终端、 手机、 个人数据处理机、 个人电脑、 笔 记本以及接入点中的一种或几种。  The terminal 73 is configured to communicate with the RSD 72, and the terminal 73 is a device supporting a trusted network connection evaluation, and the type includes a smart terminal, a mobile phone, a personal data processor, a personal computer, a notebook, and an access point. Or several.
可见, 本发明实施例中, 通过对终端接入 RSD—段时间之后的重评估, 保证进入网络的终端安全状态在终端整个连接的过程中始终满足当前网络 的安全策略要求, 不会对网络的安全造成一定的威胁。 It can be seen that, in the embodiment of the present invention, by re-evaluating the terminal after accessing the RSD-time, Ensure that the security status of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not pose a certain threat to the security of the network.
本发明实施例四提出的一种安全状态重评估的装置, 该网络装置部署在 第一安全域内, 如图 8所示, 包括:  A device for re-evaluating a security state according to the fourth embodiment of the present invention, the network device being deployed in the first security domain, as shown in FIG. 8, comprising:
重评估模块 81, 用于对访问 RSD的终端进行重评估;  a re-evaluation module 81, configured to re-evaluate a terminal accessing the RSD;
发送模块 82,用于将重评估模块 81重评估的结果向 RSD发送, 以使该 a sending module 82, configured to send the result of the re-evaluation by the re-evaluation module 81 to the RSD, so that the
RSD对终端的访问做出合适的控制。 The RSD makes appropriate control over the access of the terminal.
进一步的, 该重评估模块 81包括:  Further, the re-evaluation module 81 includes:
接收单元 811, 用于接收终端发起的重评估请求, 以对该终端执行重评 估过程。  The receiving unit 811 is configured to receive a re-evaluation request initiated by the terminal, to perform a re-evaluation process on the terminal.
发送单元 812, 用于在接收单元 811对该终端执行重评估过程之后, 向 RSD发送终端安全状态重评估结果的断言。该重评估结果的断言的触发条件 包括所述终端 ASD的自身安全策略配置发生改变; 所述终端 ASD的安全策 略配置规定需要周期性的对终端进行安全状态评估; 所述终端请求 ASD重 新对所述终端进行安全状态评估中的一种或几种。  The sending unit 812 is configured to send an assertion of the terminal security state re-evaluation result to the RSD after the receiving unit 811 performs the re-evaluation process on the terminal. The triggering condition of the assertion of the re-evaluation result includes a change in the configuration of the security policy of the terminal ASD; the security policy configuration of the terminal ASD requires periodic assessment of the security status of the terminal; The terminal performs one or more of the security status assessments.
可见, 本发明实施例中, 通过对终端接入 RSD—段时间之后的重评估, 保证进入网络的终端安全状态在终端整个连接的过程中始终满足当前网络 的安全策略要求, 不会对网络的安全造成一定的威胁。  It can be seen that, in the embodiment of the present invention, the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
本发明实施例五提出的一种安全状态重评估的装置, 该装置为 RSD 9, 并且该网络装置部署在第二安全域内, 如图 9所示, 包括:  A device for re-evaluating a security state according to the fifth embodiment of the present invention, the device is RSD 9, and the network device is deployed in the second security domain, as shown in FIG. 9, including:
接收模块 91, 用于接收来自 ASD发送的重评估的结果;  The receiving module 91 is configured to receive a result of the re-evaluation from the ASD transmission;
控制模块 92, 用于根据接收模块 91接收的重评估的结果对该终端的访 问做出合适的控制。  The control module 92 is configured to perform appropriate control on the access of the terminal according to the result of the re-evaluation received by the receiving module 91.
进一步的, 该装置还包括:  Further, the device further includes:
发送模块 93, 用于向终端的 ASD发送重评估请求或订阅重评估结果信 息, 该重评估请求或订阅重评估结果信息。 该触发条件包括所述 RSD发现 所述终端发生了可疑行为; 所述 RSD 自身的安全策略发生改变, 要求对所 述终端进行重评估; 所述 RSD向所述 ASD订阅关于所述终端安全状态重评 估结果信息, 要求一旦所述评估结果发生变化, 所述 ASD向所述 RSD及时 发送所述评估结果信息, 或者规定固定的重评估周期中的一种或几种。 The sending module 93 is configured to send a re-evaluation request or a subscription re-evaluation result information to the ASD of the terminal, the re-evaluation request or the subscription re-evaluation result information. The trigger condition includes the RSD discovery The suspicious behavior of the terminal occurs; the security policy of the RSD itself is changed, and the terminal is required to be re-evaluated; the RSD subscribes to the ASD for information about the re-evaluation result of the security status of the terminal, and the requirement is as described above. The evaluation result changes, and the ASD sends the evaluation result information to the RSD in time, or specifies one or several of the fixed re-evaluation periods.
可见, 本发明实施例中, 通过对终端接入 RSD—段时间之后的重评估, 保证进入网络的终端安全状态在终端整个连接的过程中始终满足当前网络 的安全策略要求, 不会对网络的安全造成一定的威胁。  It can be seen that, in the embodiment of the present invention, the re-evaluation of the terminal after accessing the RSD-time period ensures that the security state of the terminal entering the network always meets the security policy requirements of the current network during the entire connection process of the terminal, and does not Security poses a certain threat.
通过以上的实施方式的描述, 本领域的技术人员可以清楚地了解到本发 明可以通过硬件实现, 也可以可借助软件加必要的通用硬件平台的方式来实 现。 基于这样的理解, 本发明的技术方案可以以软件产品的形式体现出来, 该软件产品可以存储在一个非易失性存储介质(可以是 CD-ROM, U盘, 移 动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等) 执行本发明各个实施例所述的方法。  Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by hardware, or can be implemented by means of software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.
以上所述仅是本发明的优选实施方式, 应当指出, 对于本技术领域的普 通技术人员来说, 在不脱离本发明原理的前提下, 还可以做出若干改进和润 饰, 这些改进和润饰也应视本发明的保护范围。  The above description is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. The scope of protection of the invention should be considered.

Claims

权利要求书 Claim
1、 一种安全状态重评估的方法, 其特征在于, 处于第一安全域的终端 访问第二安全域, 包括:  A method for re-evaluating a security state, wherein the terminal in the first security domain accesses the second security domain, including:
对访问第二安全域的终端进行重评估;  Re-evaluating the terminal accessing the second security domain;
将所述重评估结果向所述第二安全域发送。  Transmitting the re-evaluation result to the second security domain.
2、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  2. The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
根据所述终端的第一安全域的自身安全策略配置发生改变的触发条件, 对所述访问第二安全域的终端重评估。  The terminal that accesses the second security domain is re-evaluated according to the trigger condition that the first security domain of the terminal is configured to change.
3、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  3. The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
根据所述终端的第一安全域的安全策略配置规定需要周期性的对所述 终端进行安全状态评估的触发条件, 对访问第二安全域的终端重评估。  According to the security policy configuration of the first security domain of the terminal, a trigger condition for periodically performing security state assessment on the terminal is required, and the terminal accessing the second security domain is re-evaluated.
4、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  4. The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
根据所述终端请求第一安全域重新对所述终端进行安全状态评估的触 发条件, 对访问第二安全域的终端重评估。  The terminal accessing the second security domain is re-evaluated according to the trigger condition that the terminal requests the first security domain to re-evaluate the security state of the terminal.
5、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
根据所述第二安全域发现所述终端发生了可疑行为的触发条件,对访问 第二安全域的终端重评估。  And determining, according to the second security domain, that the terminal triggers a suspicious behavior, and re-evaluating the terminal accessing the second security domain.
6、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  6. The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
根据所述第二安全域自身的安全策略发生改变,要求对所述终端进行重 评估的触发条件, 对访问第二安全域的终端重评估。  According to the change of the security policy of the second security domain itself, a trigger condition for re-evaluating the terminal is required, and the terminal accessing the second security domain is re-evaluated.
7、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括: 7. The method of claim 1, wherein the pair accesses the second security domain The terminal performs a reassessment including:
根据所述第二安全域向所述第一安全域订阅关于所述终端安全状态重 评估结果信息, 要求一旦所述评估结果发生变化, 所述第一安全域向所述第 二安全域及时发送所述评估结果信息,或者规定固定的重评估周期的触发条 件, 对访问第二安全域的终端重评估。  Subscribing, according to the second security domain, the first security domain to the terminal security state re-evaluation result information, requesting that the first security domain sends the second security domain to the second security domain in time after the evaluation result changes The evaluation result information, or a trigger condition for specifying a fixed re-evaluation period, is re-evaluated to the terminal accessing the second security domain.
8、 如权利要求 1所述的方法, 其特征在于, 在所述对访问第二安全域 的终端进行重评估之后, 还包括:  The method according to claim 1, wherein after the re-evaluating the terminal accessing the second security domain, the method further includes:
所述第二安全域接收所述重评估结果, 根据所述重评估结果对所述终端 的访问做出相应控制。  The second security domain receives the re-evaluation result, and performs corresponding control on the access of the terminal according to the re-evaluation result.
9、 如权利要求 8所述的方法, 其特征在于, 所述对终端的访问做出相 应的控制包括:  9. The method of claim 8, wherein the controlling the access to the terminal comprises:
如果初始接入评估时,所述终端的安全状态只是部分符合第二安全域的 安全策略要求, 所述终端只能部分接入所述第二安全域, 而重评估的结果显 示所述终端的安全状态完全符合所述第二安全域策略要求,所述第二安全域 继续保持与所述终端的通信,将所述终端的接入状态改为完全接入所述第二 安全域; 或  If the security status of the terminal is only partially complying with the security policy requirements of the second security domain, the terminal can only partially access the second security domain, and the result of the re-evaluation shows the terminal. The security status is in full compliance with the second security domain policy requirement, the second security domain continues to maintain communication with the terminal, and the access status of the terminal is changed to fully access the second security domain; or
如果初始接入评估时,所述终端的安全状态完全符合所述第二安全域安 全策略要求,所述重评估结果显示所述终端的安全状态只是部分符合所述第 二安全域要求,所述第二安全域允许所述终端接入以继续保持与所述终端的 通信, 此时的接入是部分接入所述第二安全域; 或  If the security status of the terminal fully meets the security policy requirements of the second security domain, the re-evaluation result indicates that the security status of the terminal only partially meets the requirements of the second security domain, The second security domain allows the terminal to access to continue to maintain communication with the terminal, and the access at this time is to partially access the second security domain; or
如果初始接入评估时,所述终端的安全状态完全符合所述第二安全域安 全策略要求,所述重评估结果说明所述终端安全状态不符合所述第二安全域 安全策略要求, 所述第二安全域中止与该所述终端当前的所有连接; 或 所述第二安全域根据所述终端重评估结果对所述允许接入的终端进行 角色映射,将不属于所述第二安全域的终端映射为所述第二安全域域内的终 端, 允许该终端访问对应的资源。 If the security status of the terminal is in compliance with the security policy requirements of the second security domain, the re-evaluation result indicates that the security status of the terminal does not meet the security policy requirements of the second security domain. The second security domain terminates all connections with the terminal; or the second security domain performs role mapping on the terminal that is allowed to access according to the terminal re-evaluation result, and does not belong to the second security domain. The terminal is mapped to a terminal in the second security domain, and the terminal is allowed to access the corresponding resource.
10、 如权利要求 1所述的方法, 其特征在于, 在所述对访问第二安全域 的终端进行重评估之前, 还包括: The method according to claim 1, wherein before the re-evaluating the terminal accessing the second security domain, the method further includes:
第二安全域对所述终端请求接入网络时进行初始评估;  The second security domain performs an initial evaluation when the terminal requests access to the network;
判断第一安全域提供的安全状态断言是否满足所述第二安全域的安全 策略要求;  Determining whether the security status assertion provided by the first security domain satisfies the security policy requirement of the second security domain;
当所述第一安全域提供的所述安全状态断言不满足所述第二安全域的 安全策略要求时, 根据所述第一安全域提供的其它安全状态断言进行重评 估。  When the security status assertion provided by the first security domain does not satisfy the security policy requirement of the second security domain, the re-evaluation is performed according to other security state assertions provided by the first security domain.
11、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括:  The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
第一安全域接收所述终端发起的重评估请求, 以对所述终端执行重评估 过程;  Receiving, by the first security domain, the re-evaluation request initiated by the terminal, to perform a re-evaluation process on the terminal;
所述第一安全域将所述重评估的结果断言向所述第二安全域发送。 The first security domain asserts the result of the re-evaluation to the second security domain.
12、 如权利要求 1所述的方法, 其特征在于, 所述对访问第二安全域的 终端进行重评估包括: The method according to claim 1, wherein the re-evaluating the terminal accessing the second security domain comprises:
第二安全域向第一安全域发送重评估请求, 以使所述第一安全域对所述 终端进行安全状态信息的重评估, 生成重评估结果;  The second security domain sends a re-evaluation request to the first security domain, so that the first security domain performs re-evaluation of the security status information on the terminal to generate a re-evaluation result;
所述第二安全域接收所述第一安全域生成的重评估结果断言。  The second security domain receives a re-evaluation result assertion generated by the first security domain.
13、 如权利要求 1所述的方法, 其特征在于, 所述将重评估结果向所述 第二安全域发送包括:  13. The method according to claim 1, wherein the transmitting the re-evaluation result to the second security domain comprises:
第一安全域直接向第二安全域发送所述重评估的结果; 和 /或  Transmitting, by the first security domain, the result of the re-evaluation directly to the second security domain; and/or
所述第一安全域向所述终端发送所述重评估的结果, 以使所述终端将所 述重评估的结果转发给所述第二安全域。  The first security domain sends the result of the re-evaluation to the terminal, so that the terminal forwards the result of the re-evaluation to the second security domain.
14、 一种网络系统, 其特征在于, 包括:  14. A network system, comprising:
第一安全域, 用于对访问第二安全域的终端进行重评估, 向所述第二安 全域发送所述重评估结果; 第二安全域,用于根据所述重评估结果对所述终端的访问做出相应的控 制。 a first security domain, configured to re-evaluate a terminal accessing the second security domain, and send the re-evaluation result to the second security domain; And a second security domain, configured to perform corresponding control on access to the terminal according to the re-evaluation result.
15、 如权利要求 14所述的系统, 其特征在于, 还包括:  15. The system of claim 14, further comprising:
终端, 用于与所述第二安全域进行通信, 所述终端为支持可信网络连接 评估的设备, 其类型包括智能终端、 或手机、 或个人数据处理机、 或个人电 脑、 或笔记本。  And a terminal, configured to communicate with the second security domain, where the terminal is a device supporting a trusted network connection evaluation, and the type includes a smart terminal, or a mobile phone, or a personal data processor, or a personal computer, or a notebook.
16、 一种网络装置, 其特征在于, 该网络装置部署在第一安全域内, 包 括:  A network device, wherein the network device is deployed in the first security domain, and includes:
重评估模块, 用于对访问第二安全域的终端进行重评估;  a re-evaluation module, configured to re-evaluate a terminal accessing the second security domain;
发送模块, 用于将所述重评估结果向所述第二安全域发送。  And a sending module, configured to send the re-evaluation result to the second security domain.
17、 如权利要求 16所述的装置, 其特征在于, 所述重评估模块包括: 接收单元, 用于接收所述终端发起的重评估请求, 以对所述终端执行重 评估过程;  The apparatus according to claim 16, wherein the re-evaluation module comprises: a receiving unit, configured to receive a re-evaluation request initiated by the terminal, to perform a re-evaluation process on the terminal;
发送单元, 用于在执行所述重评估过程之后, 向第二安全域发送所述终 端安全状态重评估结果的断言。  And a sending unit, configured to send an assertion of the terminal security state re-evaluation result to the second security domain after performing the re-evaluation process.
18、 一种网络装置, 其特征在于, 该网络装置部署在第二安全域内, 包 括:  18. A network device, wherein the network device is deployed in a second security domain, and includes:
接收模块, 用于接收来自第一安全域发送的重评估结果;  a receiving module, configured to receive a re-evaluation result sent by the first security domain;
控制模块, 用于根据所述重评估结果对终端的访问做出相应的控制。 And a control module, configured to perform corresponding control on the access of the terminal according to the re-evaluation result.
19、 如权利要求 18所述的装置, 其特征在于, 还包括: The device of claim 18, further comprising:
发送模块,用于向所述终端的第一安全域发送重评估请求或订阅重评估  a sending module, configured to send a re-evaluation request or a subscription re-evaluation to the first security domain of the terminal
PCT/CN2009/072555 2008-09-28 2009-06-30 Method, system and device for revaluating security state WO2010034209A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2008101684807A CN101582792A (en) 2008-09-28 2008-09-28 Method, system and device for reevaluating security state
CN200810168480.7 2008-09-28

Publications (1)

Publication Number Publication Date
WO2010034209A1 true WO2010034209A1 (en) 2010-04-01

Family

ID=41364767

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/072555 WO2010034209A1 (en) 2008-09-28 2009-06-30 Method, system and device for revaluating security state

Country Status (2)

Country Link
CN (1) CN101582792A (en)
WO (1) WO2010034209A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917430B (en) * 2010-08-11 2012-05-23 西安西电捷通无线网络通信股份有限公司 Indirect interaction realization method applicable to federated trusted network connection model and system thereof
CN104618395B (en) * 2015-03-04 2017-08-25 浪潮集团有限公司 A kind of dynamic cross-domain access control system and method connected based on trustable network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location
CN1656773A (en) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 Method for authenticating a user to a service of a service provider
CN101242272A (en) * 2008-03-11 2008-08-13 南京邮电大学 Realization method for cross-grid secure platform based on mobile agent, assertion

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656773A (en) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 Method for authenticating a user to a service of a service provider
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location
CN101242272A (en) * 2008-03-11 2008-08-13 南京邮电大学 Realization method for cross-grid secure platform based on mobile agent, assertion

Also Published As

Publication number Publication date
CN101582792A (en) 2009-11-18

Similar Documents

Publication Publication Date Title
EP3657894B1 (en) Network security management method and apparatus
EP2941855B1 (en) Authenticating a wireless dockee to a wireless docking service
WO2021018200A1 (en) Session management method and apparatus
WO2014101228A1 (en) Capability exposure system, gateway, proxy, and method of wireless network
US20150009862A1 (en) Wireless Network Connection Establishment Method and Terminal Device
KR101574827B1 (en) Network connection manager
US20100284299A1 (en) Support of home network base station local internet protocol access
WO2020224622A1 (en) Information configuration method and device
WO2006069522A1 (en) A method, system and apparatus for realizing the data service safety of the mobile communication system
WO2012055339A1 (en) Authentication routing system, method and authentication router of cloud computing service
US20150230074A1 (en) Charging Control Method, Device, and System for Data Service of Roaming Subscriber
WO2018161802A1 (en) Traffic flow control method and device
WO2009109118A1 (en) Access control method of a terminal, network equipment and system
WO2009092315A1 (en) Wireless personal area network accessing method
WO2022233265A1 (en) Network access method and apparatus
WO2022179614A1 (en) Native computing power service implementation method and apparatus, network device, and terminal
JP2023519873A (en) Connection establishment method, communication device and system
TW202203110A (en) Methods, architectures, apparatuses and systems directed to transaction management in blockchain-enabled wireless systems
EP3906713B1 (en) Providing network access via mobile device peer to peer sharing
WO2017091951A1 (en) Method and user equipment for performing notification of system messages
WO2009105976A1 (en) Method, system and device for permission control
WO2013182126A1 (en) Unified management and control method and platform for ubiquitous terminal
WO2018188426A1 (en) Message transmission control method and device
WO2010034209A1 (en) Method, system and device for revaluating security state
US8950000B1 (en) Application digital rights management (DRM) and portability using a mobile device for authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09815579

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09815579

Country of ref document: EP

Kind code of ref document: A1