CN100589389C - A kind of method of not having account number input realization authentication - Google Patents
A kind of method of not having account number input realization authentication Download PDFInfo
- Publication number
- CN100589389C CN100589389C CN200710194845A CN200710194845A CN100589389C CN 100589389 C CN100589389 C CN 100589389C CN 200710194845 A CN200710194845 A CN 200710194845A CN 200710194845 A CN200710194845 A CN 200710194845A CN 100589389 C CN100589389 C CN 100589389C
- Authority
- CN
- China
- Prior art keywords
- host configuration
- configuration protocol
- relay agent
- agent information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000004519 manufacturing process Methods 0.000 claims description 32
- 230000008676 import Effects 0.000 abstract description 7
- 230000002950 deficient Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000005096 rolling process Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of method that the account number input realizes authentication of not having, by remote customer dialing authentication system radius server and dynamic host configuration protocol DHCP server subscriber equipment is authenticated, may further comprise the steps: (1) preserves the relay agent information account number corresponding with described relay agent information in radius server; (2) subscriber equipment sends the dynamic address request to Dynamic Host Configuration Protocol server, comprises relay agent information in the described dynamic address request; (3) after Dynamic Host Configuration Protocol server receives described dynamic address request, relay agent information subsidiary in the described request is transmitted to radius server; (4) after radius server receives described relay agent information, find account number corresponding, described account number is authenticated with it according to described relay agent information.The present invention has overcome general certificate server can't import the bad defective that authenticates control of account number equipment for some.
Description
Technical field
The present invention relates to the communications field, specifically, relate to a kind of method that the account number input realizes authentication of not having.
Background technology
Along with the internet, applications high speed development, there are the various equipment that need obtain network legal power in the network of operator's management by authentication, authentication mode all was to import modes such as account number, granting digital certificate to realize by the user in the past.RADIUS authentication server (Remote Authentication Dial In UserService, the remote customer dialing authentication system) is present most widely used aaa protocol (AAA=Authentication, Authorization, Accounting, authentication authorization and accounting, mandate, charging).The typical operation of aaa protocol is checking username and password whether legal (authentication), and distributing IP address (mandates) registered and reached the standard grade/roll off the production line the time (charging), dials and all use large-scale RADIUS authentication server in telecommunications industry arrowband/broadband.
And some equipment is to carry out the account number input in the reality, or some user does not want to import account number, do not want to use digital certificate; Particularly, wish that the client inserts the netting twine online and promptly begins to charge, and need not import account number as some special places such as hotels, or the like.For these demands, can't realize by present radius server.
Summary of the invention
Technical problem to be solved by this invention provides a kind of method that the account number input realizes authentication of not having, and realizes simply, effectively there not being the authentication of input account user equipment.
In order to solve the problems of the technologies described above, the invention provides a kind of method that the account number input realizes authentication of not having, by remote customer dialing authentication system radius server and dynamic host configuration protocol DHCP server subscriber equipment is authenticated, said method comprising the steps of:
(1) in radius server, preserves relay agent information and the account number corresponding with described relay agent information;
(2) subscriber equipment sends the dynamic address request to Dynamic Host Configuration Protocol server, comprises relay agent information in the described dynamic address request;
(3) after Dynamic Host Configuration Protocol server receives described dynamic address request, relay agent information subsidiary in the described request is transmitted to radius server;
(4) after radius server receives described relay agent information, find account number corresponding, described account number is authenticated with it according to described relay agent information.
Further, described method is further comprising the steps of:
(5) as if authentication success, radius server sends to Dynamic Host Configuration Protocol server with the message of authentication success;
(6) after Dynamic Host Configuration Protocol server receives the message of described authentication success, be the user equipment allocation address.
Further, step also comprises in (5): if authentification failure, then radius server sends to Dynamic Host Configuration Protocol server with the message of authentification failure, and is corresponding,
Step also comprises in (6): after Dynamic Host Configuration Protocol server receives the message of described authentification failure, be not the user equipment allocation address.
Further, described method also is included as step from Dynamic Host Configuration Protocol server to the function of radius server forward relay proxy information is set.
Further, described method is further comprising the steps of:
(7) if determining subscriber equipment rolls off the production line, Dynamic Host Configuration Protocol server sends to radius server with the relay agent information of subscriber equipment and the message that rolls off the production line, and radius server is provided with equipment according to described relay agent information and rolls off the production line.
Further, describedly according to relay agent information equipment is set and rolls off the production line, comprising: radius server finds and the corresponding user account number of described relay agent information according to relay agent information, and described account number is descended line traffic control.
Further, the described subscriber equipment that determines rolls off the production line, and comprising: Dynamic Host Configuration Protocol server initiatively determines subscriber equipment and rolls off the production line.
Further, the described subscriber equipment that determines rolls off the production line, and comprising: initiatively send dynamic address to Dynamic Host Configuration Protocol server when subscriber equipment rolls off the production line and discharge notice.
Adopt RADIUS authentication of the present invention in conjunction with DHCP (Dynamic Host ConfigurationProtocol, DHCP) method of option parameter management, the control subscriber equipment authenticates under no account number input condition, satisfied the authentication of not importing account number, can't importing subscriber equipment under the account number situation with simple, effective and efficient manner, overcome general certificate server and can't import the bad defective that authenticates control of account number equipment for some.
Description of drawings
Fig. 1 does not have the method flow diagram that the account number input realizes authentication for the present invention.
Fig. 2 is function and the information interaction schematic diagram that Dynamic Host Configuration Protocol server of the present invention and radius server are realized separately.
Embodiment
The present invention realizes authentification of user by RADIUS authentication in conjunction with the DHCP option parameter management.Specifically, subscriber equipment of the present invention is subsidiary option 82 (relay agent information option) access information when carrying out the dynamic address request, when equipment carries out the dynamic address request, Dynamic Host Configuration Protocol server is passed to radius server with the information of option 82, radius server is according to the corresponding relation of pre-configured account number and described option 82 information, find the pairing account number of described option 82 information, described account number is authenticated, authentication back and this equipment generation ticket that charges.
Below in conjunction with accompanying drawing to a preferred embodiment of the present invention will be described in detail.
With reference to shown in Figure 1, for the present invention does not have the method flow diagram that the account number input realizes authentication.Said method comprising the steps of:
Step 101: preserve relay agent information at radius server and reach and the corresponding account number of described relay agent information;
During radius server configuration DHCP option 82 information, be applicable to all dhcp relay agent equipment that can be used as, radius server can dispose the information of different-format of the DHCP option 82 of dissimilar equipment;
Step 102: subscriber equipment sends the dynamic address request to Dynamic Host Configuration Protocol server, comprises relay agent information option in the described dynamic address request;
Here subscriber equipment can be that the PC that uses of user, server, printer etc. obtain the equipment that Internet resources carry out network operation;
After step 103:DHCP server receives described dynamic address request, relay agent information subsidiary in the described request is transmitted to radius server;
In the present invention, be provided with the function of when obtaining the request of client dynamic address, transmitting at Dynamic Host Configuration Protocol server to RADIUS;
After step 104:RADIUS server receives described relay agent information, find account number corresponding according to described relay agent information, described account number is authenticated, if authentication success with it, then the message with authentication success sends to Dynamic Host Configuration Protocol server, execution in step 105; If authentification failure, then the message with authentification failure sends to Dynamic Host Configuration Protocol server, execution in step 106;
Like this, need not the user and before authentication, input account number, password, just can authenticate subscriber equipment;
After step 105:DHCP server receives the message of described authentication success, be the user equipment allocation address, execution in step 107;
Like this, subscriber equipment has obtained the address, has obtained the authority of accesses network;
Step 106:DHCP server receives the message of described authentification failure, and Dynamic Host Configuration Protocol server is not the user equipment allocation address, finishes.
Step 107: subscriber equipment is when rolling off the production line, the address that Dynamic Host Configuration Protocol server obtains subscriber equipment discharges request, Dynamic Host Configuration Protocol server sends to radius server with the relay agent information of equipment and the notice that rolls off the production line, and radius server descends line traffic control according to relay agent information to equipment.
Certainly, step 107 proposes subscriber equipment and sends address release request, also can judge initiatively whether subscriber equipment rolls off the production line by Dynamic Host Configuration Protocol server in fact, and the present invention is to judging that the mode that subscriber equipment rolls off the production line does not limit.
The described control of rolling off the production line comprises: finish to charge.
By above flow process of the present invention is narrated as can be known, the present invention mainly realizes authentication by Dynamic Host Configuration Protocol server and radius server collaborative work, will the function that Dynamic Host Configuration Protocol server and radius server are finished separately be described once more by the description to Fig. 2 below.
With reference to shown in Figure 2, function and the information interaction schematic diagram realized separately for Dynamic Host Configuration Protocol server of the present invention and radius server.
The major function that Dynamic Host Configuration Protocol server of the present invention is at first finished is: resolve option 82 information (relay agent information) in the request of subscriber equipment dynamic address, afterwards described option 82 information are transmitted to radius server, radius server is then after listening to the transmission message of DHCP, obtain subscriber equipment option 82 information, and then according to subscriber equipment option 82 information, the account of associated configuration, judge that by described account whether subscriber equipment is by authentication, after the authentication, authentication result is sent to Dynamic Host Configuration Protocol server, Dynamic Host Configuration Protocol server is monitored the message that radius server sends, the access authentication result, and determine whether to distribute the address according to authentication result, if wherein authentication result is an authentication success, then be the user equipment allocation address, if authentication result is an authentification failure, then Dynamic Host Configuration Protocol server is not the user equipment allocation address.
Below in conjunction with the example in concrete the application technical scheme of the present invention is described in further detail:
In this example, below replace " relay agent information " with " option 82 ";
At first, pre-configured particular content is as follows:
Radius server configuration DHCP option 82 corresponding accounts, the checks not match formula limits to support can be used as the various device of dhcp relay agent during option 82 configurations.
DHCP disposes new function, and described new function is: when equipment carried out the dynamic address request, subsidiary option 82 information of the request of obtaining sent to RADIUS and authenticate.
Radius server and Dynamic Host Configuration Protocol server define privately owned port, and this is used for UDP between two servers (User Datagram Protocol, User Datagram Protocol) message bag communication to port.
Secondly, subscriber equipment sends the dynamic address request, subsidiary option 82 information in the described request, and with the mode access authentication of Address requests.
Once more, the particular content of Dynamic Host Configuration Protocol server processing Address requests is as follows:
After Dynamic Host Configuration Protocol server acquisition subscriber equipment carries out the dynamic address solicited message, from request, obtain subsidiary option 82 information, send to radius server, wait for the return messages of radius server by privately owned udp port with radius server.
The 4th, the particular content that RADIUS authenticates is as follows:
Radius server is received subsidiary DHCP option 82 information of subscriber equipment dynamic address request that Dynamic Host Configuration Protocol server sends over, according to option 82 that has disposed and account number corresponding relation, judge that this subscriber equipment whether by authentication, sends to Dynamic Host Configuration Protocol server with authentication result by privately owned UDP communication; If by authentication, begin to charge.
The 5th, Dynamic Host Configuration Protocol server is received radius server return authentication result's message, if authentication success is given the user equipment allocation address, authentification failure does not then distribute the address.
The 6th, subscriber equipment obtains corresponding network legal power by authenticating, dynamically obtain the address success.
At last, the particular content that rolls off the production line of subscriber equipment is as follows:
Dynamic Host Configuration Protocol server judges whether subscriber equipment rolls off the production line, method is divided into initiatively and passive two kinds, Dynamic Host Configuration Protocol server judges initiatively whether subscriber equipment rolls off the production line, the notice if following alignment radius server transmission subscriber equipment rolls off the production line, option 82 information of attendant equipment in the notice that rolls off the production line, according to option 82 and user account number corresponding relation subscriber equipment is rolled off the production line after radius server is received, finish to charge; The passive judgement of DHCP is rolled off the production line and is referred to subscriber equipment and send dynamic address to Dynamic Host Configuration Protocol server when rolling off the production line and discharge notice, and Dynamic Host Configuration Protocol server is that the message bag that rolls off the production line that will have option 82 sends to radius server equally, rolls off the production line.
After these a series of processing, configuration process by RADIUS and Dynamic Host Configuration Protocol server, at different user devices when carrying out the dynamic address request, according to its option 82 information subscriber equipment is authenticated, realized that simply, effectively subscriber equipment does not have the authentication operation of account number input, has satisfied some authentication processing that can't import account number and be inconvenient to import account user equipment.
Should be understood that; for those of ordinary skills; can be equal to change or replacement by technical conceive according to the present invention, and all this change of extra creative work or protection ranges that alternative all should belong to claims of the present invention of need not.
Claims (8)
1, a kind of method of not having account number input realization authentication authenticates subscriber equipment by remote customer dialing authentication system radius server and dynamic host configuration protocol DHCP server, it is characterized in that, said method comprising the steps of:
(1) in radius server, preserves relay agent information and the account number corresponding with described relay agent information;
(2) subscriber equipment sends the dynamic address request to Dynamic Host Configuration Protocol server, comprises relay agent information in the described dynamic address request;
(3) after Dynamic Host Configuration Protocol server receives described dynamic address request, relay agent information subsidiary in the described request is transmitted to radius server;
(4) after radius server receives described relay agent information, find account number corresponding, described account number is authenticated with it according to described relay agent information.
2, the method for claim 1 is characterized in that, described method is further comprising the steps of:
(5) as if authentication success, radius server sends to Dynamic Host Configuration Protocol server with the message of authentication success;
(6) after Dynamic Host Configuration Protocol server receives the message of described authentication success, be the user equipment allocation address.
3, method as claimed in claim 2 is characterized in that, step also comprises in (5): if authentification failure, then radius server sends to Dynamic Host Configuration Protocol server with the message of authentification failure, and is corresponding,
Step also comprises in (6): after Dynamic Host Configuration Protocol server receives the message of described authentification failure, be not the user equipment allocation address.
4, the method for claim 1 is characterized in that, described method also is included as step from Dynamic Host Configuration Protocol server to the function of radius server forward relay proxy information is set.
5, the method for claim 1 is characterized in that, described method is further comprising the steps of:
(7) if determining subscriber equipment rolls off the production line, Dynamic Host Configuration Protocol server sends to radius server with the relay agent information of subscriber equipment and the message that rolls off the production line, and radius server is provided with equipment according to described relay agent information and rolls off the production line.
6, method as claimed in claim 5, it is characterized in that, describedly according to relay agent information equipment is set and rolls off the production line, comprising: radius server finds and the corresponding user account number of described relay agent information according to relay agent information, and described account number is descended line traffic control.
7, method as claimed in claim 5 is characterized in that, the described subscriber equipment that determines rolls off the production line, and comprising: Dynamic Host Configuration Protocol server initiatively determines subscriber equipment and rolls off the production line.
8, method as claimed in claim 5 is characterized in that, the described subscriber equipment that determines rolls off the production line, and comprising: initiatively send dynamic address to Dynamic Host Configuration Protocol server when subscriber equipment rolls off the production line and discharge notice.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710194845A CN100589389C (en) | 2007-11-27 | 2007-11-27 | A kind of method of not having account number input realization authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710194845A CN100589389C (en) | 2007-11-27 | 2007-11-27 | A kind of method of not having account number input realization authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101170412A CN101170412A (en) | 2008-04-30 |
CN100589389C true CN100589389C (en) | 2010-02-10 |
Family
ID=39390893
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200710194845A Expired - Fee Related CN100589389C (en) | 2007-11-27 | 2007-11-27 | A kind of method of not having account number input realization authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100589389C (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101741817B (en) * | 2008-11-21 | 2013-02-13 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
CN102905263B (en) * | 2012-09-28 | 2015-04-22 | 杭州华三通信技术有限公司 | Method and device for enabling third generation (3G) user to safely access to network |
-
2007
- 2007-11-27 CN CN200710194845A patent/CN100589389C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101170412A (en) | 2008-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101056178B (en) | A method and system for controlling the user network access right | |
CN101340334B (en) | Network access method, system and apparatus | |
CN100539595C (en) | A kind of IP address assignment method based on the DHCP extended attribute | |
CN101110847B (en) | Method, device and system for obtaining medium access control address | |
CN104158824B (en) | Genuine cyber identification authentication method and system | |
KR101013507B1 (en) | Method, system and apparatus for accounting in network | |
CN101465856A (en) | Method and system for controlling user access | |
CN100544343C (en) | The implementation method of user login name and IP address binding | |
CN101227481A (en) | Apparatus and method of IP access based on DHCP protocol | |
CN102244866A (en) | Portal verifying method and access controller | |
EP2472815A1 (en) | User online bandwidth adjustment method and remote authentication dial in user service server | |
CN101217482A (en) | A method traversing NAT sending down strategy and a communication device | |
CN101447879A (en) | Charging method and access equipment therefor | |
CN103916853A (en) | Control method for access node in wireless local-area network and communication system | |
CN1835514B (en) | Management method of broadband access of DHCP customer's terminal mode | |
CN104954508B (en) | A kind of system and its auxiliary charging method for DHCP protocol auxiliary charging | |
CN101895587A (en) | Method, device and system for preventing users from modifying IP addresses privately | |
CN104601743A (en) | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet | |
CN101184099A (en) | Second IP address assignment method based on dynamic host machine configuration protocol access authentication | |
CN101272247A (en) | Method and equipment and system for implementing user authentication based on DHCP | |
CN100589389C (en) | A kind of method of not having account number input realization authentication | |
CN101232369B (en) | Method and system for distributing cryptographic key in dynamic state host computer collocation protocol | |
CN101184100A (en) | User access authentication method based on dynamic host machine configuration protocol | |
KR20070088712A (en) | Method for setting up connections for access of roaming user terminals to data networks | |
CN103873585A (en) | Radius authentication device and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100210 |
|
CF01 | Termination of patent right due to non-payment of annual fee |