INTEGRATIVE NETWORK MANAGEMENT METHOD AND APPARATUS FOR SUPPLYING CONNECTION BETWEEN NETWORKS BASED ON POLICY

US 20160308904A1
Filed: 02/16/2016
Published: 10/20/2016
Est. Priority Date: 04/15/2015
Status: Abandoned Application

First Claim

Patent Images

1. An integrative network management method in a managed network system, the method comprising:

maintaining in a database user management information for user equipment, configuration management information for managed devices, profile management information for profiles, and setting management information for tunnel setting;

providing a service list based on service profiles to the user equipment after completing authentication by referring to the database according to a request of the user equipment;

determining, with respect to each service of the service list, whether the corresponding service is a service using a hidden IP address by referring to the database; and

updating tunnel usage information depending on setting in a tunnel control system (TCS) with respect to a corresponding tunnel in the database by searching or generating the corresponding tunnel in the database in real time with respect to the service using the hidden IP address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus of integrative network management, which provide connection between private networks and real-time connection according to various policies depending on security or a quality of service (QoS), manages information required to provide the connection, and controls connection by using the managed information in order to defend and cope with various types of cyber attacks and fundamentally invalidate a cyber attack.

22 Citations

View as Search Results

16 Claims

1. An integrative network management method in a managed network system, the method comprising:
- maintaining in a database user management information for user equipment, configuration management information for managed devices, profile management information for profiles, and setting management information for tunnel setting;
  
  providing a service list based on service profiles to the user equipment after completing authentication by referring to the database according to a request of the user equipment;
  
  determining, with respect to each service of the service list, whether the corresponding service is a service using a hidden IP address by referring to the database; and
  
  updating tunnel usage information depending on setting in a tunnel control system (TCS) with respect to a corresponding tunnel in the database by searching or generating the corresponding tunnel in the database in real time with respect to the service using the hidden IP address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The integrative network management method of claim 1, wherein the tunnel usage information is notified to respective TCSs of an integrative network management apparatus side, a service server side, and the user equipment side in the managed network system to make the integrative network management apparatus side, the service server side, and the user equipment side interwork with each other by passing through a transport network by using a specific tunnel for the hidden IP address according to tunnel control in the TCSs.
  - 3. The integrative network management method of claim 2, wherein in the service using the hidden IP address, for communication through the tunnel among the TCSs, IP addresses of an access gateway connected to the user equipment, the service server, and the user equipment and a security gateway connected to the service server have random number values generated by a random number generation scheme.
  - 4. The integrative network management method of claim 1, wherein the tunnel usage information is information for setting traffics having a hidden IP address of the user equipment as a source IP address, a hidden IP address of the security gateway of the service server side as a destination IP address, and a differentiated services codepoint (DSCP) value, which are managed in connection profile information among the profile management information to use a specific tunnel according to the setting.
  - 5. The integrative network management method of claim 1, wherein the updating of the tunnel usage information includes:
    - (a) searching, when it is searched that entities for a source TCS and a destination TCS of a corresponding requested tunnel based on service profile information among the profile management information are present in tunnel profile information among the profile management information, an entity of tunnel control information among the setting management information, which includes information including entities of QoS profile information, security profile information, and the tunnel profile information for the source TCS and the destination TCS included in the service profile information; and
      
      (b) verifying a state value of the searched entity of the tunnel control information to examine whether the entity is set in the TCS.
  - 6. The integrative network management method of claim 5, wherein the updating of the tunnel usage information further includes:
    - (c) generating the entity including the source TCS and the destination TCS in tunnel profile information among the profile management information when the source TCS and the destination TCS of the requested tunnel are not present in the tunnel profile information; and
      
      (d) adding an entity of the tunnel control information including tunnel profile information including entities for the source TCS and the destination TCS searched in step (a) or generated in step (c), the QoS profile information, and the security profile information.
  - 7. The integrative network management method of claim 6, wherein the updating of the tunnel usage information further includes (e) notifying the entity of the tunnel control information to TCSs on the network and receiving a response thereto to reflect the response to the state value of the tunnel control information.
  - 8. The integrative network management method of claim 7, further comprising:
    - after step (e),adding the hidden IP address of the user equipment, the hidden IP address of the security gateway at the service server side, and the DSP value included in the service profile information to an entity of connection profile information among the profile management information so as to include the hidden IP address of the user equipment, the hidden IP address of the security gateway at the service server side, and the DSCP value included in the service profile information; and
      
      adding an entity of tunnel usage information among the setting management information so as to include the added entity of the tunnel control information and the added entity of the connection profile information.

9. An integrative network management apparatus in a managed network system, the apparatus comprising:
- a database storing and managing user management information for user equipment, configuration management information for managed devices, profile management information for profiles, and setting management information for tunnel setting;
  
  an authentication server performing authentication by referring to the database according to a request of user equipment; and
  
  a control server providing a service list based on service profiles to user equipment after completing the authentication, determining, with respect to each service of the service list, whether the corresponding service is a service using a hidden IP address by referring to the database, and updating tunnel usage information depending on setting in a tunnel control system (TCS) with respect to a corresponding tunnel in the database by searching or generating the corresponding tunnel in the database in real time with respect to the service using the hidden IP address.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The integrative network management apparatus of claim 9, wherein the tunnel usage information is notified to respective TCSs of the integrative network management apparatus side, a service server side, and the user equipment side in the managed network system to make the integrative network management apparatus side, the service server side, and the user equipment side interwork with each other by passing through a transport network by using a specific tunnel for the hidden IP address according to tunnel control in the TCSs.
  - 11. The integrative network management apparatus of claim 10, wherein in the service using the hidden IP address, for communication through the tunnel among the TCSs, IP addresses of an access gateway connected to the user equipment, the service server, and the user equipment and a security gateway connected to the service server have random number values generated by a random number generation scheme.
  - 12. The integrative network management apparatus of claim 9, wherein the tunnel usage information is information for setting traffics having a hidden IP address of the user equipment as a source IP address, a hidden IP address of the security gateway of the service server side as a destination IP address, and a differentiated services codepoint (DSCP) value, which are managed in connection profile information among the profile management information to use a specific tunnel according to the setting.
  - 13. The integrative network management apparatus of claim 9, wherein the control server searches, when it is searched that entities for a source TCS and a destination TCS of a corresponding requested tunnel based on service profile information among the profile management information are present in tunnel profile information among the profile management information, an entity of tunnel control information among the setting management information, which includes information including entities of QoS profile information, security profile information, and the tunnel profile information for the source TCS and the destination TCS included in the service profile information and thereafter,verifies a state value of the searched entity of the tunnel control information to examine whether the entity is set in the TCS.
  - 14. The integrative network management apparatus of claim 13, wherein the control server generates an entity including the source TCS and the destination TCS in tunnel profile information among the profile management information when the source TCS and the destination TCS of the requested tunnel are not present in the tunnel profile information andadds an entity of the tunnel control information including tunnel profile information including entities for the source TCS and the destination TCS which are searched or generated, the QoS profile information, and the security profile information.
  - 15. The integrative network management apparatus of claim 14, wherein the control server notifies the entity of the tunnel control information to TCSs on the network and receives a response thereto to reflect the response to the state value of the tunnel control information.
  - 16. The integrative network management apparatus of claim 15, wherein the control server adds the hidden IP address of the user equipment, the hidden IP address of the security gateway at the service server side, and the DSCP value included in the service profile information to an entity of connection profile information among the profile management information so as to include the hidden IP address of the user equipment, the hidden IP address of the security gateway at the service server side, and the DSCP value included in the service profile information andadds an entity of tunnel usage information among the setting management information so as to include the added entity of the tunnel control information and the added entity of the connection profile information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
YOON, Ho Sun, PARK, Pyung Koo, RYU, Ho Yong, SHIN, Young Soo, HONG, Sung Back

Application Number

US15/044,489
Publication Number

US 20160308904A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0843   based on generic templates

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

INTEGRATIVE NETWORK MANAGEMENT METHOD AND APPARATUS FOR SUPPLYING CONNECTION BETWEEN NETWORKS BASED ON POLICY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

INTEGRATIVE NETWORK MANAGEMENT METHOD AND APPARATUS FOR SUPPLYING CONNECTION BETWEEN NETWORKS BASED ON POLICY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others