CN102123153B - Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host - Google Patents
Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host Download PDFInfo
- Publication number
- CN102123153B CN102123153B CN2011100650326A CN201110065032A CN102123153B CN 102123153 B CN102123153 B CN 102123153B CN 2011100650326 A CN2011100650326 A CN 2011100650326A CN 201110065032 A CN201110065032 A CN 201110065032A CN 102123153 B CN102123153 B CN 102123153B
- Authority
- CN
- China
- Prior art keywords
- ipv4
- ipv6
- stack main
- main frames
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000000977 initiatory effect Effects 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for authenticating an IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host, comprising the following steps: replying an HTTP (Hyper Text Transport Protocol) redirecting command to the dual-stack host while the dual-stack host initiates an IPv6 connection request; receiving an IPv4 connection request initiated by the dual-stack host according to the HTTP redirecting command; and identifying the IPv4 connection request. The invention further provides a corresponding device and a corresponding system. By utilizing the method, device and system for authenticating the IPv4/IPv6 dual-stack host provided by the invention, the authentications of an IPv4 application access and an IPv6 application access can be simultaneously realized, thereby providing convenience for a user.
Description
Technical field
The present invention relates to the communications field, specially refer to authentication method, the Apparatus and system of the two stack main frames of a kind of IPv4 and IPv6.
Background technology
At present, procotol is indubitable by IPv4 to the trend that IPv6 moves, yet due to the scale of network and huge IPv4 user and the equipment of quantity in network at present, IPv4 must be an incremental process to the transition of IPv6, when experiencing the benefit that IPv6 brings still can with remaining IPv4 telex network in network, IPv4 and IPv6 will face the situation that coexists within very long one period.
With reference to Fig. 1, authenticating user identification mechanism in present most security gateway system all is based on traditional IPv4 network design, and be merely able to single IPv4 address is authenticated, can not tackle simultaneously the IPv4 resource of two stack main frames and the access request of IPv6 resource.If present authentication mechanism is directly expanded to the net environment of two stack main frames, will make IPv4 application access and IPv6 application access for same main frame to authenticate respectively, to the user, brought inconvenience.
Summary of the invention
Main purpose of the present invention, for a kind of IPv4 and IPv6 authentication method, the Apparatus and system of two stack main frames are provided, can realize the authentication of IPv4 application access and IPv6 application access simultaneously, to the user, provides convenience.
The present invention proposes the authentication method of a kind of IPv4 and the two stack main frames of IPv6, comprising:
When two stack main frames are initiated the request of IPv6 connection, to described pair of stack host response HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates;
Receive the request of described pair of stack main frame according to the IPv4 connection of described HTTP redirection order initiation;
In IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects;
The request that described IPv4 is connected authenticates.
Preferably, after carrying out the request of the two stack main frames of described reception according to the IPv4 connection of HTTP redirection order initiation, also comprise:
Obtain described IPv4 and connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address.
Preferably, after the described request that IPv4 is connected of execution authenticates, also comprise:
When described pair of stack main frame initiated the request of IPv6 connection again, according to the corresponding relation of described IPv4 address and IPv6 address, described request is authenticated.
The present invention also proposes the authenticate device of a kind of IPv4 and the two stack main frames of IPv6, comprising:
Redirection module, for when two stack main frames are initiated the request of IPv6 connection, to described pair of stack host response HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates;
Receiver module, be used to receiving the request of described pair of stack main frame according to the IPv4 connection of described HTTP redirection order initiation;
Preserve module, for the IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects;
The first authentication module, authenticate for the request that described IPv4 is connected.
Preferably, the authenticate device of the two stack main frames of described IPv4 and IPv6 also comprises:
Acquisition module, connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address be used to obtaining described IPv4.
Preferably, the authenticate device of the two stack main frames of described IPv4 and IPv6 also comprises:
The second authentication module, when when described pair of stack main frame, again initiating request that IPv6 connects, authenticate described request according to the corresponding relation of described IPv4 address and IPv6 address.
The present invention also proposes the Verification System of the two stack main frames of a kind of IPv4 and IPv6, comprises the authenticate device of the two stack main frames of IPv4 and IPv6 and a pair of stack main frame at least, and the authenticate device of described IPv4 and IPv6 pair of stack main frames comprises:
Redirection module, for when two stack main frames are initiated the request of IPv6 connection, to described pair of stack host response HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates;
Receiver module, be used to receiving the request of described pair of stack main frame according to the IPv4 connection of described HTTP redirection order initiation;
Preserve module, for the IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects;
The first authentication module, authenticate for the request that described IPv4 is connected.
Preferably, the authenticate device of the two stack main frames of described IPv4 and IPv6 also comprises:
Acquisition module, connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address be used to obtaining described IPv4.
Preferably, the authenticate device of the two stack main frames of described IPv4 and IPv6 also comprises:
The second authentication module, when when described pair of stack main frame, again initiating request that IPv6 connects, authenticate described request according to the corresponding relation of described IPv4 address and IPv6 address.
Authentication method, the Apparatus and system of the two stack main frames of a kind of IPv4 that the present invention proposes and IPv6, by the IPv6 authentication is converted into to the IPv4 authentication, can realize simultaneously the authentication of IPv4 application access and IPv6 application access, to the user, provide convenience, further, can be at the above-mentioned corresponding relation of setting up Ipv4 address and IPv6 address in to the IPv6 verification process, for follow-up IPv6 authentication provides mode more efficiently.
The accompanying drawing explanation
Fig. 1 is the system architecture schematic diagram of prior art of the present invention;
Fig. 2 is the schematic flow sheet of authentication method one embodiment of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 3 is the schematic flow sheet of the another embodiment of authentication method of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 4 is the schematic flow sheet of another embodiment of authentication method of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 5 is the structural representation of authenticate device one embodiment of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 6 is the structural representation of the another embodiment of authenticate device of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 7 is the structural representation of another embodiment of authenticate device of IPv4 of the present invention and the two stack main frames of IPv6;
Fig. 8 is the schematic flow sheet of Verification System one embodiment of IPv4 of the present invention and the two stack main frames of IPv6;
The realization of the object of the invention, functional characteristics and advantage, in connection with embodiment, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
With reference to Fig. 2, authentication method one embodiment of the two stack main frames of a kind of IPv4 of the present invention and IPv6 is proposed, comprising:
Step S10, when two stack main frames are initiated request that IPv6 connect, to described pair of stack host response HTTP redirection order;
Two stack main frames initiate by http protocol or HTTPS agreement the request that network connects, when the packet of this request passes through gateway, gateway is intercepted and captured the request data package of two stack main frames, and judge whether this network connects is that IPv6 connects, if, the source address that connects to this network is replied the HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates.
The request that the IPv4 that step S11, described pair of stack main frame of reception are initiated according to described HTTP redirection order connects;
Gateway, by the HTTP redirection order, makes two stack main frames initiate to set up to gateway the request that IPv4 connects.Gateway listens to the request of the IPv4 connection that two stack main frames are new, with it, connects and obtains IPv4 address corresponding to two stack main frames.
Step S12, the request that described IPv4 is connected authenticate.
According to the IPv4 address of two stack main frames, in admittable regulation, search the rules of competence under this IPv4 address, if do not belong to authentication by the user, connection is redirected to the authentication login interface that gateway generates, complete the authentication to the IPv4 address; Otherwise, directly let pass.
In the present embodiment, by the IPv6 authentication is converted into to the IPv4 authentication, can realize simultaneously the authentication of IPv4 application access and IPv6 application access, to the user, provide convenience.
With reference to Fig. 3, the another embodiment of authentication method of the two stack main frames of IPv4 of the present invention and IPv6 is proposed, after execution step S11, also can comprise:
Step S13, obtain described IPv4 and connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address.
Gateway listens to the new IPv4 connection request of user, with it, connects and obtains IPv4 address corresponding to two stack main frames, obtains the corresponding relation of two stack host ip v4 addresses and IPv6 address, and the mark corresponding authority.
After execution step S12, also can comprise:
Step S14, when described pair of stack main frame initiated request that IPv6 connects again, according to the corresponding relation of described IPv4 address and IPv6 address, described request is authenticated.
After gateway has been preserved the corresponding relation of the IPv4 address of two stack main frames and IPv6 address, when this IPv6 address, initiating network next time just can be directly while connecting authenticates the IPv4 address of correspondence, gateway by IPv4 address/IPv6 address corresponding relation and the authentication strategy in search the rules of competence corresponding to IPv4 address, if belong to by two stack main frames of authentication, the packet of directly letting pass passes through, and identifying procedure finishes.
In the present embodiment, by preserving the corresponding relation of IPv4 address and IPv6 address, for follow-up IPv6 authentication provides mode more efficiently.
With reference to Fig. 4, another embodiment of authentication method of the two stack main frames of IPv4 of the present invention and IPv6 is proposed, in the above-described embodiments, after execution step S11, also can comprise:
In step S15, the IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects.
In the IPv4 that gateway generates is redirected the page, preserve the destination address that former IPv6 connects, and need in internal memory, not distribute in addition shelf space, avoided redirected mistake.Such as gateway can generate following Redirect Address: http://w.x.y.z/login/ ipv6addr=fe80::1& Url=http: //ipv6.google.com, wherein w.x.y.z is gateway address, the two stack host ip v6s address of ipv6addr for preserving, and url is destination address, can obtain easily IPv6 address and the destination address of former connection in this way, and avoid the mistake that is redirected.
With reference to Fig. 5, authenticate device 10 1 embodiment of the two stack main frames of IPv4 of the present invention and IPv6 are proposed, comprising:
The first authentication module 13, authenticate for the request that described IPv4 is connected.
This device can be two stack main frames, can be also built-in or is placed on the device of two stack main frames.Two stack main frames initiate by http protocol or HTTPS agreement the request that network connects, when the packet of this request passes through gateway, gateway is intercepted and captured the request data package of two stack main frames, and judge whether this network connects is that IPv6 connects, if, redirection module 11 is replied the HTTP redirection order to the source address that this network connects, and by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates.
Gateway, by the HTTP redirection order, makes two stack main frames initiate to set up to gateway the request that IPv4 connects.Receiver module 12 listens to the request of the IPv4 connection that two stack main frames are new, with it, connects and obtains IPv4 address corresponding to two stack main frames.
The rules of competence under this IPv4 address are searched in the IPv4 address of the two stack main frames of the first authentication module 13 basis in admittable regulation, if do not belong to authentication, do not pass through the user, connection is redirected to the authentication login interface that gateway generates, completes the authentication to the IPv4 address; Otherwise, directly let pass.
In the present embodiment, by the IPv6 authentication is converted into to the IPv4 authentication, can realize simultaneously the authentication of IPv4 application access and IPv6 application access, to the user, provide convenience.
With reference to Fig. 6, the another embodiment of authenticate device 10 of the two stack main frames of IPv4 of the present invention and IPv6 is proposed, in authenticate device 10 1 embodiment of IPv4 and the two stack main frames of IPv6, also can comprise:
The second authentication module 15, when when described pair of stack main frame, again initiating request that IPv6 connects, authenticate described request according to the corresponding relation of described IPv4 address and IPv6 address.
After acquisition module 14 has been preserved the corresponding relation of the IPv4 address of two stack main frames and IPv6 address, when network connection is next time initiated in this IPv6 address, the second authentication module 15 just can be directly authenticates the IPv4 address of correspondence, the second authentication module 15 by IPv4 address/IPv6 address corresponding relation and the authentication strategy in search the rules of competence corresponding to IPv4 address, if belong to by two stack main frames of authentication, the packet of directly letting pass passes through, and identifying procedure finishes.
In the present embodiment, by preserving the corresponding relation of IPv4 address and IPv6 address, for follow-up IPv6 authentication provides mode more efficiently.
With reference to Fig. 7, another embodiment of authenticate device of the two stack main frames of IPv4 of the present invention and IPv6 is proposed, in the above-described embodiments, also can comprise:
With reference to Fig. 8, the Verification System of the two stack main frames of IPv4 of the present invention and IPv6 is proposed, comprise the authenticate device 10 of the two stack main frames of IPv4 and IPv6 and a pair of stack main frame 20 at least, the authenticate device of the two stack main frames of described IPv4 and IPv6 is the authenticate device 10 of Fig. 5 to IPv4 shown in Figure 7 and the two stack main frames of IPv6, its operation principle is identical with structure, repeats no more herein.
In the present embodiment, by the IPv6 authentication is converted into to the IPv4 authentication, can realize simultaneously the authentication of IPv4 application access and IPv6 application access, to the user, provide convenience.
The foregoing is only the preferred embodiments of the present invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical fields, all in like manner be included in scope of patent protection of the present invention.
Claims (7)
1. the authentication method of an IPv4 and IPv6 pair of stack main frames, is characterized in that, comprising:
When two stack main frames are initiated the request of IPv6 connection, to described pair of stack host response HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates;
Receive the request of described pair of stack main frame according to the IPv4 connection of described HTTP redirection order initiation;
In IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects;
The request that described IPv4 is connected authenticates.
2. the authentication method of the two stack main frames of IPv4 as claimed in claim 1 and IPv6, is characterized in that, after carrying out the request of the two stack main frames of described reception according to the IPv4 connection of HTTP redirection order initiation, also comprises:
Obtain described IPv4 and connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address.
3. the authentication method of the two stack main frames of IPv4 as claimed in claim 2 and IPv6, is characterized in that, after the described request that IPv4 is connected of execution authenticates, also comprises:
When described pair of stack main frame initiated the request of IPv6 connection again, according to the corresponding relation of described IPv4 address and IPv6 address, described request is authenticated.
4. the authenticate device of an IPv4 and IPv6 pair of stack main frames, is characterized in that, comprising:
Redirection module, for when two stack main frames are initiated the request of IPv6 connection, to described pair of stack host response HTTP redirection order, by being redirected of http protocol, the connection of two stack main frames is redirected to the IPv4 certification page that gateway generates;
Receiver module, be used to receiving the request of described pair of stack main frame according to the IPv4 connection of described HTTP redirection order initiation;
Preserve module, for the IPv4 certification page after being redirected, preserve the destination address that described IPv6 connects;
The first authentication module, authenticate for the request that described IPv4 is connected.
5. the authenticate device of the two stack main frames of IPv4 as claimed in claim 4 and IPv6, is characterized in that, also comprises:
Acquisition module, connect the corresponding relation between the IPv6 address corresponding with the IPv6 connection, corresponding IPv4 address be used to obtaining described IPv4.
6. the authenticate device of the two stack main frames of IPv4 as claimed in claim 5 and IPv6, is characterized in that, also comprises:
The second authentication module, when when described pair of stack main frame, again initiating request that IPv6 connects, authenticate described request according to the corresponding relation of described IPv4 address and IPv6 address.
7. the Verification System of the two stack main frames of an IPv4 and IPv6, comprise the authenticate device of the two stack main frames of IPv4 and IPv6 and a pair of stack main frame at least, the authenticate device of described IPv4 and IPv6 pair of stack main frames is the authenticate device of the described IPv4 of any one and IPv6 pair of stack main frames in claim 4 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100650326A CN102123153B (en) | 2011-03-17 | 2011-03-17 | Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100650326A CN102123153B (en) | 2011-03-17 | 2011-03-17 | Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102123153A CN102123153A (en) | 2011-07-13 |
CN102123153B true CN102123153B (en) | 2013-11-20 |
Family
ID=44251606
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011100650326A Expired - Fee Related CN102123153B (en) | 2011-03-17 | 2011-03-17 | Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102123153B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102904863A (en) * | 2011-07-28 | 2013-01-30 | 中兴通讯股份有限公司 | Method and gateway for controlling accessing of host of IPoE (IP over Ethernet) dual-stack user |
CN104468619B (en) * | 2014-12-26 | 2018-06-15 | 新华三技术有限公司 | A kind of method and authentication gateway for realizing double stack web authentications |
CN105591929B (en) * | 2015-10-28 | 2019-10-08 | 新华三技术有限公司 | Lightweight dual stack group authentication method off the net and device |
CN113014550A (en) * | 2021-02-07 | 2021-06-22 | 南京林业大学 | Access control and authentication method for IPoE IPv 4IPv6 in campus network of colleges and universities |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005117342A1 (en) * | 2004-05-12 | 2005-12-08 | Togewa Holding Ag | Method and device for content-based billing in ip-networks |
WO2007088174A1 (en) * | 2006-01-31 | 2007-08-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Packet redirection in a communication network |
CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
CN101719939A (en) * | 2009-12-09 | 2010-06-02 | 赛尔网络有限公司 | Method for accessing network and certification of IPv6/IPv4 dual stack mainframe |
-
2011
- 2011-03-17 CN CN2011100650326A patent/CN102123153B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005117342A1 (en) * | 2004-05-12 | 2005-12-08 | Togewa Holding Ag | Method and device for content-based billing in ip-networks |
WO2007088174A1 (en) * | 2006-01-31 | 2007-08-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Packet redirection in a communication network |
CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
CN101719939A (en) * | 2009-12-09 | 2010-06-02 | 赛尔网络有限公司 | Method for accessing network and certification of IPv6/IPv4 dual stack mainframe |
Also Published As
Publication number | Publication date |
---|---|
CN102123153A (en) | 2011-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101670344B1 (en) | Access control method and system, and access point | |
CN101702717B (en) | Method, system and equipment for authenticating Portal | |
CN108881308B (en) | User terminal and authentication method, system and medium thereof | |
CN104580116B (en) | A kind of management method and equipment of security strategy | |
CN101873332B (en) | WEB authentication method and equipment based on proxy server | |
CN103825881A (en) | Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC) | |
CN105516171B (en) | Portal keep-alive system and method, Verification System and method based on authentication service cluster | |
CN102143177B (en) | Portal authentication method, Portal authentication device,Portal authentication equipment and Portal authentication system | |
CN110061993B (en) | Log generation method and device containing public network exit address and access equipment | |
CN103916492B (en) | A kind of network equipment access control method and device | |
CN102123153B (en) | Method, device and system for authenticating IPv4/IPv6 (internet protocol version 4/internet protocol version 6) dual-stack host | |
CN102571762A (en) | Method and device for single sign-on | |
CN102638472B (en) | Portal authentication method and equipment | |
CN101656609A (en) | Single sign-on method, system and device thereof | |
CN104836812A (en) | Portal authentication method, device and system | |
CN102710667A (en) | Method for realizing Portal authentication server attack prevention and broadband access server | |
CN105516061A (en) | Remote server access method and web server | |
CN104468619A (en) | Method and gateway for achieving dual-stack web authentication | |
CN106603556B (en) | Single-point logging method, apparatus and system | |
CN103220149B (en) | A kind of portal authentication method and equipment | |
CN107078922A (en) | The discovery of access point controller based on cloud | |
CN109067729B (en) | Authentication method and device | |
WO2013120315A1 (en) | Method for processing domain name information, wireless router, and client | |
JP2010231396A (en) | Communication system, communication device and authentication device | |
CN103986793B (en) | A kind of method and system of lifting Portal certification IP address service efficiencies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518052 room 410-413, science and technology innovation service center, No. 1 Qilin Road, Shenzhen, Guangdong, China Patentee before: Sangfor Technologies Co.,Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131120 |