CN101640685A - Method and system for delivering private attribute information - Google Patents

Method and system for delivering private attribute information Download PDF

Info

Publication number
CN101640685A
CN101640685A CN200910168524A CN200910168524A CN101640685A CN 101640685 A CN101640685 A CN 101640685A CN 200910168524 A CN200910168524 A CN 200910168524A CN 200910168524 A CN200910168524 A CN 200910168524A CN 101640685 A CN101640685 A CN 101640685A
Authority
CN
China
Prior art keywords
user
message
privately owned
radius server
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200910168524A
Other languages
Chinese (zh)
Inventor
杨杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Star Net Communication Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CN200910168524A priority Critical patent/CN101640685A/en
Publication of CN101640685A publication Critical patent/CN101640685A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to a method and a system for delivering private attribute information, wherein the method comprises the following steps: a user terminal sends a user message with user private attribute; and a RADIUS server analyzes the user private attribute in the user message. The user private attribute is sent to the RADIUS server by the user message and the RADIUS server sends private attribute of a manufacturer to the user terminal, therefore, the embodiment of the invention enhances the safety and the compatibility of the user terminal and the RADIUS server during the delivery ofthe message comprising the private attribute and improves the capacity and the efficiency of message delivery. The user terminal obtains the address of a downloaded software, a user terminal system upgrading or anti-agent identifier and the like according to the private attribute of the manufacturer, thereby ensuring that the version of an operating system of the user terminal can be updated in time and the system is upgraded successfully, preventing the operating system of the user terminal from easily being attacked by virus, and avoiding the information of the user terminal being cracked or pirated by other persons.

Description

A kind of method and system of transmitting private attribute information
Technical field
The present invention relates to the network communications technology, transmit the method and system of private attribute information between particularly a kind of user side and the radius server.
Background technology
Remote authentication dial-in user service (Remote Authentication Dial In UserService, RADIUS) be present most widely used checking, authorization and accounting (Authentication, Authorization, Accounting, agreement AAA) that defines by RFC2865, RFC2866.
RADIUS is a kind of client/server (Client/Sever, C/S) agreement of structure, its client be exactly at first network get involved server (Net Access Server, NAS), now, the computer of any operation radius client software can become the client of RADIUS.The radius protocol authentication mechanism is flexible, can adopt comprise CHAP (Challenge HandshakeAuthentication Protocol, CHAP) or multiple mode such as Unix login authentication.RADIUS is a kind of extendible agreement, and because radius protocol is simply clear and definite, therefore obtained extensive use, comprise plain old telephone online, sub-district broadband access network, IP phone, based on dial user's Virtual Private Dialup Network business (Virtual Private Dialup Networks, VPDN), business such as mobile phone pre-payment.IEEE has proposed the 802.1x standard, and this is a kind of standard based on port, is used for the access authentication to wireless network, also adopts radius protocol when authentication.
IEEE802.1x is a kind of network insertion control technology based on port, inserts level at the physics of lan device access device is authenticated and controls, and physics herein inserts the port that level refers to switch device.If the subscriber equipment that is connected on this generic port can just can be visited the resource in the local area network (LAN) by authentication; If can not then can't visit the resource in the local area network (LAN) by authentication, be equivalent to disconnect physically connection.
IEEE802.1x has defined the network insertion control protocol based on port, it should be noted that this agreement is only applicable to the connected mode of point-to-point between access device and access interface, and its middle port can be a physical port, also can be logic port.The typical application mode has: a physical port of switch only connects an end station (based on physical port).
Comprise three parts in the IEEE802.1x architecture: customer access equipment, access control unit and certificate server.Wherein, access control unit (as switch) realizes the Verification System part of 802.1x, and the client of 802.1x generally is installed in the client personal computer, is typically the client that carries windows xp operating system; 802.1x the certificate server system generally reside in the AAA center of operator, adopt radius server.Same operation EAP (Extensible Authentication Protocol between access control unit and the certificate server, EAP) agreement, encapsulated verify data in the EAP frame, this agreement is carried in other high-level agreements, as RADIUS, arrive certificate server so that pass through complicated network.
Each physical port inside of access control unit includes controlled ports and uncontrolled port.Uncontrolled port is in the diconnected state all the time, and controlled ports is only just opened under the state that authentication is passed through, and is used for delivery network resource and service.Controlled ports can be configured to bi-direction controlled and only imports controlled dual mode, to adapt to different applied environments.The input controlled way is applied in the occasion that needs desktop management, for example computer of keeper's Remote Wake Up.
The EAP authentication protocol is a general authentication framework, uses in the connection of wireless network or point-to-point usually.EAP is not an authentication mechanism, but EAP provides needed general utility functions of authentication mechanism and negotiation mechanism, and these authentication mechanisms are called EAP mechanism.
Radius server can be by adopting PEAP (ProtectedExtensible Authentication Protocol; PEAP) encrypt; it is a kind of authentication protocol that uses in the wireless network that PEAP has Microsoft's CHAP version 2 (PEAP Microsoft Challenge HandshakeAuthentication Protocol version 2, PEAP-MS-CHAP V2).
But, in the prior art, can not directly transmit the privately owned attribute of privately owned attribute of user and manufacturer between user side and the radius server, hinder the transmission of privately owned attribute of user and the privately owned attribute of manufacturer, be unfavorable for that user side comes upgrade-system and maintenance system etc. by obtaining the privately owned attribute of manufacturer.
Summary of the invention
The embodiment of the invention provides a kind of method of transmitting private attribute information, is used to solve the problem of user side and privately owned attribute of radius server transmission user and the privately owned attribute of manufacturer.
In order to address the above problem, the invention provides a kind of method of transmitting private attribute information, wherein, comprising:
User side sends the user's message that has the privately owned attribute of user;
Radius server is resolved the privately owned attribute of user in the described user's message.
Wherein, the described radius server privately owned attribute of user of resolving in the described user's message also comprises: verify according to the privately owned attribute of described user whether described user side is the validated user of described radius server.
Wherein, be under the situation of validated user at described user side, described radius server foldback has the radius server message of the privately owned attribute of manufacturer to user side.
Wherein, not under the situation of validated user at described user side, described radius server will disconnect and being connected of described user side.
Wherein, described user's message adopts PEAP PEAP to have the CHAP version 2 MS-CHAP V2 of Microsoft, and the privately owned attribute kit of described user is contained in the name field in the user's message;
Described radius server message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described manufacturer is contained in the information field in the radius server message.
The embodiment of the invention by user's message the privately owned attribute of user is sent to radius server and radius server sends the privately owned attribute of manufacturer to user side, fail safe and compatibility that user side and radius server transmission comprise the message of privately owned attribute have been strengthened, capacity and efficient that message transmits have been improved, user side obtains downloading the address of software according to the privately owned attribute of manufacturer, user terminal system upgrading permission or anti-agent identification etc., guaranteed the upgrading in time and smoothly upgrading etc. of system of version of the operating system of user side, the operating system susceptible viral that can prevent user side is attacked, and the information of avoiding user side is by function that other people crack or usurp.
User side comprises transmitting element, and described transmitting element is used to send the user's message that has the privately owned attribute of user;
Radius server comprises resolution unit, and described resolution unit is used for resolving the privately owned attribute of user of described user's message.
Wherein, described resolution unit also is used for verifying according to the privately owned attribute of described user whether described user side is the validated user of described radius server.
Wherein, described radius server also comprises, the foldback unit is used for foldback and has the radius server message of the privately owned attribute of manufacturer to user side.
Wherein, described user's message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described user is contained in the name field in the user's message;
Described radius server message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described manufacturer is contained in the information field in the radius server message.
Wherein, the privately owned attribute of described user comprises: check code, user side IP address or the user side MAC Address of the version of the operating system that user side is installed, vendor code, user side install software;
The privately owned attribute of described manufacturer comprises: address, user terminal system upgrading permission or the anti-agent identification of downloading software.
The embodiment of the invention has realized transmitting message that contains the privately owned attribute of user and the message that includes the privately owned attribute of manufacturer between user side and radius server, can make user side and radius server further realize safety certification, and because the message format that uses manufacturer to determine voluntarily also can guarantee the fail safe in transmission course of privately owned attribute of user and the privately owned attribute of manufacturer.
Description of drawings
Fig. 1 is the flow chart of the specific embodiment one of the method for embodiment of the invention transmission private attribute information;
Fig. 2 is the user's message form schematic diagram of the specific embodiment one of the method for embodiment of the invention transmission private attribute information;
Fig. 3 is the flow chart of the specific embodiment two of the method for embodiment of the invention transmission private attribute information;
Fig. 4 is the radius server message format schematic diagram of the specific embodiment two of the method for embodiment of the invention transmission private attribute information;
Fig. 5 is the structural representation one of the specific embodiment one of the system of embodiment of the invention transmission private attribute information;
Fig. 6 is the structural representation two of the specific embodiment one of the system of embodiment of the invention transmission private attribute information;
Fig. 7 is the structural representation three of the specific embodiment one of the system of embodiment of the invention transmission private attribute information;
Fig. 8 is the structural representation of the specific embodiment two of the system of embodiment of the invention transmission private attribute information.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is done detailed description further.
The embodiment of the invention is transmitted the specific embodiment one of the method for private attribute information
Fig. 1 is the flow chart of the specific embodiment one of the method for embodiment of the invention transmission private attribute information.As shown in Figure 1, the method specific embodiment one of embodiment of the invention transmission private attribute information comprises the steps:
Step 101, user side send the user's message that has the privately owned attribute of user.
When user side sends the privately owned attribute of user to radius server, user side generates the user's message that has the privately owned attribute of user, user's message utilizes PEAP-MS-CHAP V2 agreement to transmit, and Fig. 2 is the user's message form schematic diagram of the specific embodiment one of the method for embodiment of the invention transmission private attribute information.As shown in Figure 2, the privately owned attribute kit of user is contained in the name field of user's message, it is the name field among Fig. 2, user's message comprises information such as the user name, password of user side, also include the privately owned attribute of user in the user's message, the form of the privately owned attribute of user is manufacturer's regulation, and (Type-Length-Value TLV) waits form to the type-length-value that has relatively more commonly used.Radius server according to information such as the user name in the user's message, password whether confirm by with the connection request of user side, can also further verify user's information by the privately owned attribute of user in the parsing user's message, to guarantee the information transmission security between user and the radius server.The privately owned attribute of user is meant the attribute that user side is proprietary, can comprise version, the vendor code of the operating system that user side is installed, check code, user side IP address or the user side MAC Address etc. of user side install software.The user's message that user side sends sends to radius server by switch, when user's message passes through switch, operations such as switch can be encrypted user's message, encapsulation are to improve the fail safe of user's message, also can not carry out any operation, directly user's message be passed to radius server and get final product.
User's message also can utilize the CHAP of ms-chap version to transmit, and just PEAP-MS-CHAP V2 agreement has more fail safe and secret advantage than MS-CHAP agreement.
Step 102, radius server are resolved the privately owned attribute of user in the user's message.
Radius server is resolved user's message after receiving the user's message that the user sends over by switch.Radius server is resolved by PEAP-MS-CHAP V2 agreement the information in the user's message earlier, to obtain the information such as username and password of user side, if information such as the username and password of this user side and this user are when stored user information is inconsistent in radius server, then radius server can disconnect and being connected of this user side, when if information such as the username and password of user side are consistent with the radius server stored user information, then allow to continue to keep being connected with radius server with this user, whether radius server and then retrieval be to comprising the privately owned attribute of user in the user's message, if comprise the privately owned attribute of user in the user's message, then radius server is resolved the privately owned attribute of user again.
The privately owned attribute of user can be included in the name field of user's message, radius server retrieves the privately owned attribute of user from the name field of user's message, and then the privately owned attribute of the user in the user's message is resolved according to the TLV form, obtain the specifying information in the privately owned attribute of user, the specifying information of the privately owned attribute of user comprises user side IP address, user's medium access control sublayer (Media AccessControl, MAC) specifying informations such as check code of version, vendor code or the user side install software of the system of address, user side installation; Anti-crack the install software etc. that checking can prevent non-manufacturer of the system appointment that user side is installed; If radius server does not retrieve the privately owned attribute of user in the user's message, then saved the operation that the privately owned attribute of user is resolved.
The embodiment of the invention is transmitted the specific embodiment two of the method for private attribute information
Fig. 3 is the flow chart of the specific embodiment two of the method for embodiment of the invention transmission private attribute information.As shown in Figure 3, transmit in the embodiment of the invention on the basis of specific embodiment one of method of private attribute information, the specific embodiment two that the embodiment of the invention is transmitted the method for private attribute information also comprises the steps:
Whether step 301, radius server are validated user according to the privately owned attribute checking of user user side.
Radius server is resolved the specifying information that obtains the privately owned attribute of user, comprises the specifying informations such as check code of version, vendor code and the user side software of the system that user side IP address, MAC Address, user side are installed.Radius server can verify further whether user side is validated user according to the specifying information of the privately owned attribute of user; For example after illegally cracking, be installed in user side when software, at this moment the software check code in the privately owned attribute of user will be different with the software check code that radius server is preserved, then radius server is the disabled user with this user side, forbids that user side authentication passes through.If the result of radius server checking is a validated user for user side, then enter step 302; If the checking result then enters step 303 for this user side is not a validated user.
Step 302, radius server foldback have the radius server message of the privately owned attribute of manufacturer to user side.
Radius server disposes the privately owned attribute of corresponding manufacturer according to the specifying information of the privately owned attribute of user, generate and the corresponding radius server message that has the privately owned attribute of manufacturer of the privately owned attribute of user, the radius server message can transmit by PEAP-MS-CHAP V2 agreement.The privately owned attribute of manufacturer comprises address, the user terminal system upgrading of downloading software or prevents agent identification etc.Anti-agent functionality is to prevent the shared account number online of a plurality of users, surfs the Net the means of fee evasion by sharing an account number.Anti-agent functionality needs the support of user side, radius server only is whether will open anti-agent functionality by the privately owned attribute notice of user user side, relatively the form of privately owned attribute commonly used is by manufacturer's regulation for the form that there is a privately owned attribute in manufacturer, and relatively Chang Yong form is a TLV form etc.User side MAC agreement mainly is responsible for control and the physical medium that is connected physical layer, when sending data, the MAC agreement can judge whether to send data in advance, to add some control informations to data if can send, data and control information send to physical layer with the form of regulation the most at last; When receiving data, the MAC agreement is at first judged the information of input and whether error of transmission is taken place, if there is not mistake, then can remove control information again, is sent to logical link control layer then.
The radius server message also can utilize the similar agreements such as CHAP of ms-chap version to transmit, be not restricted to PEAP-MS-CHAP V2 agreement, in actual applications, PEAP-MS-CHAP V2 agreement has more fail safe and confidentiality than MS-CHAP agreement.
The radius server foldback has the radius server message of the privately owned attribute of manufacturer and gives user side, and Fig. 4 is the radius server message format schematic diagram of the specific embodiment two of the method for embodiment of the invention transmission private attribute information.As shown in Figure 4, the privately owned attribute of manufacturer can be included in the information field in the radius server message, i.e. message field among Fig. 4.User side is according to the privately owned attribute of TLV format analysis manufacturer, to obtain the specifying information of the privately owned attribute of manufacturer.
For example, the version of the operating system that user side is installed in the privately owned attribute of the user that radius server obtains is rudimentary version, and there is privately owned attribute in radius server can add user terminal system upgrading permission in the information field in the radius server message manufacturer.
Step 303, radius server disconnection are connected with user side.
If the checking result is not a validated user for this user side, radius server can directly disconnect and being connected of described user side, and also can send a checking result for after being not the message of validated user, disconnects and being connected of user side again.
In actual applications, if in user's message, do not include the privately owned attribute of user, the radius server retrieval is less than including the privately owned attribute of user in the user's message, then radius server will only can carry out resolving according to the PEAP-MS-CHAPV2 agreement to user's message, save the step that the privately owned attribute of the user in the user's message is resolved.If do not comprise the information of the privately owned attribute of manufacturer in the radius server message, the user side retrieval is less than including the privately owned attribute of manufacturer in the radius server message, and user side has also saved the operation that the privately owned attribute of manufacturer is resolved.The form of privately owned attribute of user and the privately owned attribute of manufacturer is not limited to the TLV form, as long as convenient transmission, reception and parsing.
The embodiment of the invention has realized can be to user's message that comprises the privately owned attribute of user and transmission, parsing and the reception that comprises the radius server message of the privately owned attribute of manufacturer, also can be to transmission, parsing and the reception of the user's message that do not comprise the privately owned attribute of user and the radius server message that does not comprise the privately owned attribute of manufacturer, realized the message that comprises privately owned attribute and the compatibility of the transmission that does not comprise the message of privately owned attribute, parsing and reception.
The embodiment of the invention by user's message the privately owned attribute of user is sent to radius server and radius server sends the privately owned attribute of manufacturer to user side, fail safe and compatibility that user side and radius server transmission comprise the message of privately owned attribute have been strengthened, capacity and efficient that message transmits have been improved, user side obtains the address of software download and system upgrade permission etc. according to the privately owned attribute of manufacturer, guaranteed the upgrading in time and smoothly upgrading etc. of system of version of the operating system of user side, the operating system susceptible viral that can effectively prevent user side is attacked, avoid the information of user side to be cracked by other people or the information of user side stolen etc., the data message that also can prevent radius server is by illegal download or usurp, and has improved the safety of data in user side operating system and the radius server.
The embodiment of the invention is transmitted the specific embodiment one of the system of private attribute information
Fig. 5 is the structural representation one of the specific embodiment one of the system of embodiment of the invention transmission private attribute information.As shown in Figure 5, the system of the mutual transmission information of the embodiment of the invention comprises user side 21, radius server 22 and switch 23, and wherein, user side 21 is used to send the user's message that has the privately owned attribute of user; Radius server 22 is used for resolving the privately owned attribute of user of user's message, and is under the situation of validated user at user side 21, and foldback has the radius server message of the privately owned attribute of manufacturer; Switch 23 is used for mutual user's message and the radius server message that includes privately owned attribute that transmit between user side 21 and radius server 22.
Fig. 6 is the structural representation two of the specific embodiment one of the system of embodiment of the invention transmission private attribute information.As shown in Figure 6, the user side 21 that the embodiment of the invention is transmitted the system of private attribute information can be connected on 3 radius servers 22 by switch 23, in actual applications, user side 21 can be connected on a plurality of radius servers 22, radius server 22 also can be connected with a plurality of user sides 21, forms the communication network of the privately owned attribute of transmission of user side 21 and radius server 22.
Fig. 7 is the structural representation three of the specific embodiment one of the system of embodiment of the invention transmission private attribute information.As shown in Figure 7, user side 21 comprises transmitting element 211, and transmitting element 211 is used to send the user's message that has the privately owned attribute of user.Radius server 22 comprises resolution unit 221, is used for resolving the privately owned attribute of user of user's message.Send, receive and resolve user's message and the radius server message that adopts PEAP-MS-CHAP V2 agreement between user side 21 and the radius server 22, user's message and radius server message can have the privately owned attribute of privately owned attribute of user and manufacturer respectively, also can not have the privately owned attribute of privately owned attribute of user and manufacturer, realize the transmission of message between user side 21 and radius server 22 of two kinds of forms.
The embodiment of the invention is transmitted the specific embodiment two of the system of private attribute information
Fig. 8 is the structural representation of the specific embodiment two of the system of embodiment of the invention transmission private attribute information.As shown in Figure 8, user side 21 comprises the transmitting element 211 that is used to send the user's message that has the privately owned attribute of user; Radius server 22 comprises the resolution unit 221 of the privately owned attribute of user that is used for resolving user's message, and radius server 22 also comprises foldback unit 222, is used for foldback and has the radius server message of the privately owned attribute of manufacturer to user side.
The workflow of the system of the mutual transmission information of the embodiment of the invention is specially:
User side 21 initiates to connect radius server 22, transmitting element 211 in the user side 21 sends user's message, adopt PEAP-MS-CHAP V2 agreement to transmit in the user's message, can include the privately owned attribute of user in the user's message, wherein, the user's message that user side 21 sends comprises the information such as username and password of user side, the privately owned attribute of user can be included in the name field of user's message and transmit, the privately owned attribute of user is meant the attribute that the user is proprietary, user side IP address for example, the user side MAC Address, the version of the operating system that user side is installed or vendor code etc., the form of privately owned attribute of user and the privately owned attribute of user is manufacturer's regulation of the operating system of being installed by user side, the form of the privately owned attribute of user is relatively commonly used the TLV form, but in actual applications, be not limited to adopt the TLV form.
The user's message that the transmitting element 211 of user side 21 sends is through after the transmission of switch 33, arrive radius server 22, switch 23 can encapsulate and operation such as encryption user's message, to increase the fail safe and the confidentiality of user's message, and then be delivered to radius server 22, switch 23 also can not taked any operation, is directly passed to radius server 22.
After radius server 22 receives user's message, resolution unit 221 on the radius server 22 adopts PEAP-MS-CHAP V2 agreement that user's message is resolved earlier, obtain the information such as username and password of user side, resolution unit 221 is by the information analysis such as username and password to user side 21, whether the username and password that detects the user side of storing in username and password and the radius server 22 in the user's message 21 is consistent, if inconsistent words, illustrate that user side 21 is not the validated user of radius server 22, then radius server 22 can disconnect with user side 21 between be connected, if the username and password of the user side 32 of storage is consistent in the username and password in the user's message and the radius server 22, illustrate that then user side 21 is validated users of radius server 22, radius server 22 meeting maintenances are connected with user side 21, and will resolve the privately owned attribute of the user who has in the user's message.
Be under the situation of validated user of radius server 22 at user side 21, radius server 22 also will detect whether include the privately owned attribute of user in the user's message, the privately owned attribute kit of user is contained in the name field in the user's message, then, 22 pairs of privately owned attributes of user of radius server are resolved according to the form of the privately owned attribute of user, and what the form of the privately owned attribute of user adopted in embodiments of the present invention is the TLV form.Do not comprise the privately owned attribute of user in the user's message if radius server 22 detects, then radius server can omit the operating procedure that privately owned attribute is resolved.
If detecting, radius server 22 includes in the user's message after the privately owned attribute of user, 221 pairs of privately owned attributes of user of resolution unit on the radius server 22 are resolved, obtain the specifying information of the privately owned attribute of user of user side, the specifying information of the privately owned attribute of user can comprise information such as the version of operating system of user side IP address, user side MAC Address, installation of user side 21 or vendor code, radius server 22 can further be verified according to the specifying information of the privately owned attribute of user and the identity of user side prevent that the information of user side is stolen.According to the specifying information content in the user's message that includes the privately owned attribute of user, radius server 22 generates the radius server message, and configuration and the suitable privately owned attribute of manufacturer of the privately owned attribute of user in the radius server message, then, the radius server message adopts PEAP-MS-CHAP V2 agreement to be returned to user side.The privately owned attribute of manufacturer comprises information such as the needed software download of user side address, system upgrade permission or software installation password, the form of the privately owned attribute of manufacturer is the form that adopts manufacturer to stipulate voluntarily, can adopt and the same form of the privately owned attribute of user, the TLV form that the privately owned attribute of user adopts in the embodiment of the invention, in actual applications, the form of the privately owned attribute employing of privately owned attribute of user and manufacturer is not limited to the TLV form.
The privately owned attribute kit of manufacturer is contained in the information field of radius server message, and the foldback unit 222 in the radius server 22 is returned to user side 21 with the radius server message then.The information that provides according to the privately owned attribute of user of user side 21, radius server 22 can foldback have the radius server message of the privately owned attribute of manufacturer yet, for example when the operating system of user side does not need to upgrade, then do not send the privately owned attribute of manufacturer to user side; The version of the operating system that user side is installed in the privately owned attribute of the user that radius server obtains is rudimentary version, and there is privately owned attribute in radius server can add user terminal system upgrading permission in the information field in the radius server message manufacturer.
After user side 21 receives the radius server message that radius server 22 foldbacks come, user side 21 adopts PEAP-MS-CHAP V2 agreement to resolving in the radius server message earlier, and then detecting whether to include the privately owned attribute of manufacturer in the radius server message, the privately owned attribute of manufacturer can be included in the information field in the radius server message.User side 21 according to the form of the privately owned attribute of manufacturer for example the TLV form resolve the privately owned attribute of manufacturer that is included in the radius server message in the information field, obtain the information that comprises that software download address, system upgrade permission or software are installed the privately owned attributes of manufacturer such as password, user side 21 can be according to the network address of the Information Acquisition System of these privately owned attributes of manufacturer upgrading etc., or downloads relevant data such as software the operating system of user side etc. is upgraded and version updating.
User's message in the embodiment of the invention and radius server message all adopt the PEAP-MS-CHAPV2 agreement to transmit, and are limited to PEAP-MS-CHAP V2 agreement but have more than in actual applications, also can adopt other agreement such as MS-CHAP agreement etc.
The transmitting element of user side can send the user's message that adopts PEAP-MS-CHAP V2 agreement in the system of embodiment of the invention transmission private attribute information, can include the privately owned attribute of user in the user's message, also can not include the privately owned attribute of user, resolution unit adopts PEAP-MS-CHAP V2 agreement to resolve user's message earlier, and then resolves the privately owned attribute of user in the user's message; User side adopts PEAP-MS-CHAP V2 protocol analysis RAD IUS server message, can comprise the privately owned attribute of manufacturer in the radius server message, also can not comprise the privately owned attribute of manufacturer; The privately owned attribute of privately owned attribute of user and manufacturer adopts the form of being stipulated voluntarily by business men, adopts the TLV form in embodiments of the present invention, but is not limited to the TLV form in actual applications, as long as transmission, parsing and the reception of convenient privately owned attribute are just passable.The privately owned attribute of user also can be included in other field of user's message, and the privately owned attribute of same manufacturer also can be included in other message of radius server message.The system that the embodiment of the invention is transmitted private attribute information has realized having increased the efficient and the transfer capacity of transmission message between user side and the radius server to including privately owned attribute message and not including the compatibility of transmission, parsing and reception of two kinds of form messages of privately owned attribute message.
Transmitting element is installed by the user side in prior art by the system that the embodiment of the invention is transmitted private attribute information, realize in radius server end installation resolution unit and foldback unit, do not need existing network is upgraded on a large scale or transforms, just can realize the compatibility transmission of two kinds of message formats, the low cost that helps the system of embodiment of the invention transmission private attribute information is popularized.
The embodiment of the invention has realized transmitting user's message that includes the privately owned attribute of user and the radius server message that includes the privately owned attribute of manufacturer between user side and radius server, help guaranteeing the timely upgrading and the renewal of the operating system that user side uses, reduce the chance of virus attack, strengthen the fail safe of user side operating system, and realized the compatibility transmission of two kinds of message formats, and, because the form that uses manufacturer to determine voluntarily, also can guarantee the fail safe in transmission course of privately owned attribute of user and the privately owned attribute of manufacturer, prevent to be intercepted or be embedded into virus etc. in the transmission course of message.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.

Claims (10)

1, a kind of method of transmitting private attribute information is characterized in that, comprising:
User side sends the user's message that has the privately owned attribute of user;
Radius server is resolved the privately owned attribute of user in the described user's message.
2, the method for transmission private attribute information according to claim 1 is characterized in that:
The privately owned attribute of user that described radius server is resolved in the described user's message also comprises: verify according to the privately owned attribute of described user whether described user side is the validated user of described radius server.
3, the method for transmission private attribute information according to claim 2 is characterized in that:
At described user side is under the situation of validated user, and described radius server foldback has the radius server message of the privately owned attribute of manufacturer to user side.
4, the method for transmission private attribute information according to claim 2 is characterized in that:
At described user side is not under the situation of validated user, and described radius server will disconnect and being connected of described user side.
5, the method for transmission private attribute information according to claim 3 is characterized in that:
Described user's message adopts PEAP PEAP to have the CHAP version 2 MS-CHAP V2 of Microsoft, and the privately owned attribute kit of described user is contained in the name field in the user's message;
Described radius server message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described manufacturer is contained in the information field in the radius server message.
6, a kind of system that transmits private attribute information is characterized in that, comprising:
User side comprises transmitting element, and described transmitting element is used to send the user's message that has the privately owned attribute of user;
Radius server comprises resolution unit, and described resolution unit is used for resolving the privately owned attribute of user of described user's message.
7, the system of transmission private attribute information according to claim 6 is characterized in that:
Described resolution unit also is used for verifying according to the privately owned attribute of described user whether described user side is the validated user of described radius server.
8, the system of transmission private attribute information according to claim 7 is characterized in that, described radius server also comprises:
The foldback unit is used for foldback and has the radius server message of the privately owned attribute of manufacturer to user side.
9, the system of transmission private attribute information according to claim 8 is characterized in that:
Described user's message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described user is contained in the name field in the user's message;
Described radius server message adopts PEAP-MS-CHAP V2 agreement, and the privately owned attribute kit of described manufacturer is contained in the information field in the radius server message.
10, according to Claim 8 or the system of 9 described transmission private attribute informations, it is characterized in that,
The privately owned attribute of described user comprises: check code, user side IP address or the user side MAC Address of the version of the operating system that user side is installed, vendor code, user side install software;
The privately owned attribute of described manufacturer comprises: address, user terminal system upgrading permission or the anti-agent identification of downloading software.
CN200910168524A 2009-08-12 2009-08-12 Method and system for delivering private attribute information Pending CN101640685A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910168524A CN101640685A (en) 2009-08-12 2009-08-12 Method and system for delivering private attribute information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910168524A CN101640685A (en) 2009-08-12 2009-08-12 Method and system for delivering private attribute information

Publications (1)

Publication Number Publication Date
CN101640685A true CN101640685A (en) 2010-02-03

Family

ID=41615476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910168524A Pending CN101640685A (en) 2009-08-12 2009-08-12 Method and system for delivering private attribute information

Country Status (1)

Country Link
CN (1) CN101640685A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101924636A (en) * 2010-08-16 2010-12-22 北京星网锐捷网络技术有限公司 Relevant authentication information issuing method, device and network equipment
CN101958900A (en) * 2010-09-27 2011-01-26 中兴通讯股份有限公司 Service processing method and device for server
CN102271134A (en) * 2011-08-11 2011-12-07 北京星网锐捷网络技术有限公司 Method and system for configuring network configuration information, client and authentication server
CN102333070A (en) * 2011-05-26 2012-01-25 杭州华三通信技术有限公司 Method and device for obtaining information
CN102833264A (en) * 2012-09-07 2012-12-19 北京星网锐捷网络技术有限公司 Method and device for preventing authenticated user from escaping from fee through agent and authenticated client side
CN104468194A (en) * 2014-11-05 2015-03-25 北京星网锐捷网络技术有限公司 Network device compatible method and forwarding server
CN106454833A (en) * 2016-12-21 2017-02-22 锐捷网络股份有限公司 Method and system for realizing wireless 802.1X authentication
CN113973109A (en) * 2020-07-22 2022-01-25 华为技术有限公司 File downloading method, equipment and system

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101924636A (en) * 2010-08-16 2010-12-22 北京星网锐捷网络技术有限公司 Relevant authentication information issuing method, device and network equipment
CN101958900A (en) * 2010-09-27 2011-01-26 中兴通讯股份有限公司 Service processing method and device for server
CN101958900B (en) * 2010-09-27 2014-12-10 中兴通讯股份有限公司 Service processing method and device for server
WO2012041029A1 (en) * 2010-09-27 2012-04-05 中兴通讯股份有限公司 Method and device for server processing service
CN102333070A (en) * 2011-05-26 2012-01-25 杭州华三通信技术有限公司 Method and device for obtaining information
CN102271134B (en) * 2011-08-11 2014-07-30 北京星网锐捷网络技术有限公司 Method and system for configuring network configuration information, client and authentication server
CN102271134A (en) * 2011-08-11 2011-12-07 北京星网锐捷网络技术有限公司 Method and system for configuring network configuration information, client and authentication server
CN102833264A (en) * 2012-09-07 2012-12-19 北京星网锐捷网络技术有限公司 Method and device for preventing authenticated user from escaping from fee through agent and authenticated client side
CN102833264B (en) * 2012-09-07 2016-03-30 北京星网锐捷网络技术有限公司 Prevent authenticated user from passing through to act on behalf of the method for fee evasion, device and Authentication Client
CN104468194A (en) * 2014-11-05 2015-03-25 北京星网锐捷网络技术有限公司 Network device compatible method and forwarding server
CN104468194B (en) * 2014-11-05 2018-05-22 北京星网锐捷网络技术有限公司 The compatibility method and forwarding server of a kind of network equipment
CN106454833A (en) * 2016-12-21 2017-02-22 锐捷网络股份有限公司 Method and system for realizing wireless 802.1X authentication
CN113973109A (en) * 2020-07-22 2022-01-25 华为技术有限公司 File downloading method, equipment and system

Similar Documents

Publication Publication Date Title
KR100494558B1 (en) The method and system for performing authentification to obtain access to public wireless LAN
KR100645512B1 (en) Apparatus and method for authenticating user for network access in communication
JP3570310B2 (en) Authentication method and authentication device in wireless LAN system
US7539862B2 (en) Method and system for verifying and updating the configuration of an access device during authentication
CN101640685A (en) Method and system for delivering private attribute information
CN101232372B (en) Authentication method, authentication system and authentication device
CN101919278B (en) Wireless device authentication using digital certificates
US7546632B2 (en) Methods and apparatus to configure a network device via an authentication protocol
CN101867476B (en) 3G virtual private dialing network user safety authentication method and device thereof
US20110170696A1 (en) System and method for secure access
CN1997026B (en) An expansion security authentication method based on 802.1X protocol
WO2009037700A2 (en) Remote computer access authentication using a mobile device
US20070165582A1 (en) System and method for authenticating a wireless computing device
CN101296138B (en) Wireless terminal configuration generating method, system and device
US20040010713A1 (en) EAP telecommunication protocol extension
CN108738019B (en) User authentication method and device in converged network
CN101707522A (en) Method and system for authentication and connection
CN101697550A (en) Method and system for controlling access authority of double-protocol-stack network
CN103475491A (en) Remote maintenance system which is logged in to safely without code and achieving method
WO2006079953A1 (en) Authentication method and device for use in wireless communication system
WO2009153402A1 (en) Method, arrangement and computer program for authentication data management
CN101699905A (en) Wireless intelligent terminal, webmaster platform and management method by webmaster platform
WO2015100874A1 (en) Home gateway access management method and system
US20230007491A1 (en) Managing a subscription identifier associated with a device
CN101848228A (en) Method and system for authenticating computer terminal server ISP identity by using SIM cards

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100203