In a security networking scenario, a network element may automatically applies to a public key infrastructure (PKI, Public Key Infrastructure) system of an operator for a device certificate, and the PKI system issues a certificate for the network element after identity identification of the network element is passed. Taking the certificate as an identity credential, the network element may pass through a security gateway and a firewall of the operator, and is trusted by a network element in a security domain. The certificate is borne over a physical entity implementing a function of the network element, the physical entity implementing the function of the network element may be referred to as a network element device, and the certificate borne over the network element device is bound to an identity of the network element device (briefly referred to as network element device identity). The certificate borne over the network element device may be specifically borne over one board of the network element device.
If the network element is removed or the network element device is changed for the network element, the removed network element device may enter a range (such as an equipment vendor or an outsourcing repair service supplier) out of the control of the operator, but the certificate on the network element device is still valid. Once the certificate is leaked, a risk that the certificate is used to intrude into a network of the operator arises. For example, a person who gains access to the network element device uses the certificate on the network element device to gain access to the network of the operator so as to attack a network using the network element device, where possible attack manners include:
copying the certificate, gaining access to the network by using another device, and initiating an attack on the network;
controlling the network element device to gain access to a network without permission, and initiating a flood attack on a network in the security domain; and
controlling the network element device to initiate one or another attacks on a network element in the security domain.