CN102761546A - Authentication implementation method, system and related devices - Google Patents

Authentication implementation method, system and related devices Download PDF

Info

Publication number
CN102761546A
CN102761546A CN2012102254501A CN201210225450A CN102761546A CN 102761546 A CN102761546 A CN 102761546A CN 2012102254501 A CN2012102254501 A CN 2012102254501A CN 201210225450 A CN201210225450 A CN 201210225450A CN 102761546 A CN102761546 A CN 102761546A
Authority
CN
China
Prior art keywords
field
client
authentication
user information
dhcpv6
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012102254501A
Other languages
Chinese (zh)
Inventor
赵申
翟青涌
刘成功
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2012102254501A priority Critical patent/CN102761546A/en
Publication of CN102761546A publication Critical patent/CN102761546A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention discloses an authentication implementation method, system and related devices, wherein the method comprises the following steps that: a server receives password encryption fields and user information fields sent by a client through DHCPv6 option extended contents; and the server analyzes the received DHCPv6 option extended contents, and carries out authentication on the client based on the password encryption fields and the user information fields. According to the invention, the authentication is performed based on the existing DHCPv6 options, and passwords are encrypted by way of encryption, therefore, the passwords are more secure; and a server supporting the authentication mode is not required to be redesigned, thereby saving the construction cost of the system.

Description

A kind of authentication implementation method, system and relevant apparatus
Technical field
(DHCP for IPv6, DHCPv6) protocol technology relate in particular to a kind of authentication implementation method, system and relevant apparatus to the present invention relates in IPv6 (the Internet Protocol Version 6) network service to support the DHCP of IPv6.
Background technology
In today that broadband technology and broadband user shoot up, the crisis of IPv4 address space is of long duration, and this is the major impetus that causes the upgrading of IP technological vision.(China ' s Next Generation Internet CNGI) is national strategic project to CNGI, and the main target of this project is to be core with IPv6, builds the test platform of Next Generation Internet.The startup of this project indicates that the IPv6 of China has got into substantive developing stage.Operators at different levels are also stepping up paces and are disposing the IPv6 network, and the IPv6 broadband access network progressively gets into the commercial test operation stage.
The design concept of IPv6 basic agreement is to hope that the IPv6 network can become the access network of a plug and play.But for a lot of operators, more need there be condition mode (being dynamic address allocation) to come management address, so DHCPv6 arises at the historic moment.For operator and broadband user; Progressively bringing into use DHCPv6 is that its equipment is to have condition mode distributing IP v6 address and IPv6 prefix; And distribute computer domain name system (Domain Name System for IPv6 based on IPv6 with the stateless mode; DNSv6) and address family conversion route (Address Family Transition Router, AFTR) important option such as domain name.
DHCPv6 and Neighbor Discovery Protocol (Neighbor Discovery Protocol; NDP) compare; NDP belongs to the stateless address distributorship agreement; Be more suitable for supporting the IPv6 user of plug and play, issue then ability shortcoming of important option such as DNSv6 and AFTR domain name for the needs authentification of user and to IPv6 user.DHCPv6 and point-to-point protocol (Point to Point Protocol; PPP) agreement is compared; Though password authentication protocol (Password Authentication Protocol based on the PPP realization; PAP), inquiry Challenge-Handshake Authentication Protocol (Challenge Handshake Authentication Protocol; CHAP) and Microsoft-inquiry Challenge-Handshake Authentication Protocol (Microsoft-Challenge Handshake Authentication Protocol; MS-CHAP) etc. authentication mode advantage on safety certification is comparatively outstanding, but PPP can't be IPv6 user's distributing IP v6 address and IPv6 prefix, does not also possess the ability that issues important option such as DNSv6 and AFTR domain name to IPv6 user.
And, then have stateless service (for example, recursive calculation machine domain name system (Domain Name System, DNS) server address etc.) and status service (for example, address assignment and prefix proxy etc.) is arranged for DHCPv6.With DHCP (the Dynamic Host Configuration Protocol for IPv4 that supports IPv4; DHCPv4) unanimity; If user client and server are positioned at various network; And the direct communication each other because this client lacks an initialization address, via node (being also referred to as relay agent) is just transmitted divide into groups (being relay agent (RELAY) function) between server and this client so.These functions are that NDP and PPP can't realize at present.
The IPTV business is a kind ofly to have interactivity and practicality and service quality (Quality of Service based on the IP broadband network for the user provides; QoS) multimedia service of guarantee and security mechanism; Its terminal type comprises television set and other terminals; For example the interactive multimedia service terminal (be STB (Set Top Box, STB)), can the supporting business broadcast, optional function such as the uploading of function selecting, user's request information, Internet service and communication.Under the IPTV service environment, for realizing DHCPv6 function end to end, related various device has been formed IPTV DHCPv6 system with the equipment of realizing the distribution of authentification of user and address.
Fig. 1 is an IPTV business network topological diagram, has described the IPTV service bearer web frame of DHCPv6.Fig. 1 equipment at the middle and upper levels is used for transmission of analogue signal, and lower floor is used for transmission of digital signals.The flow process of IPTV authentification of user is:
Client, like STB to service end Broadband Remote Access Server (Broadband Remote Access Server; BRAS) send the DHCPv6 request message, the username and password of client is encapsulated in the DHCPv6 request message with clear-text way (like binary code).
The DHCPv6 request message is through home gateway (Home Gateway; HG), multiuser residential unit (Multiple Dwelling Unit; MDU)/and Digital Subscriber Line Access Multiplexer (DSLAM), optical line terminal (Optical Line Terminal, OLT)/limit switch (Limit SWitch, LSW); Send to BRAS, BRAS resolves and authentication the information in the DHCPv6 request message according to system configuration.BRAS resolves medium access control (the Media Access Control that the DHCPv6 request message obtains the user; MAC) the manufacturer's categorical data content of address, Option16 or Option17 option data content (non-encrypted content); With MAC Address as user name; Find the corresponding content of DCCP server/aaa server storage; With manufacturer's categorical data content or Option17 option data content match as Option16 in the DHCPv6 request message of password, the matching result unanimity is authentication success then, otherwise authentification failure.
Behind the authentication success, BRAS sends DHCPv6 advertisement message and announces to mandate behind the client certificate and address information, client obtain authorizing and address information after access network; Authentification failure is then waited for client timeout or dialing again.
Realizing MAC Address that plaintext authentication can also use the user as domain name, is username and password with manufacturer's categorical data content or the Option17 option data Context resolution of Option16 among the DHCPv6; Perhaps manufacturer's categorical data content or the Option17 option data Context resolution with Option16 among the DHCPv6 is user name and domain name, uses user's MAC address as password etc.
Fig. 2 has described equivalent of the apparatus the support of DHCPv6 OPTION is required: in client, like the STB place, insert among the DHCPv6 Option of DHCPv6 request message, Option1 and Option16 are essential option, and Option17 is option.
Based on the authentication of DHCPv6, existing implementation method mainly is to use the option (Option16 or Option17) in the DHCPv6 message to carry out common clear text key authentication.For service end, generally adopt Option16 or Option17 in the DHCPv6 message to accomplish authentication function.The concrete encapsulation format of Option16 and Option17 is by prescribed by standard.Option16 is in the DHCPv6 message that is sent to service end by client and carry client manufacturer information; Its encapsulation format is specifically as shown in Figure 3; Constitute by manufacturer's option type (OPTION_VENDOR_CLASS), option (option-len), enterprise number (enterprise-number) and manufacturer's categorical data (vendor-class-data); Wherein manufacturer's categorical data is filled in manufacturer's relevant information for can fill in the zone by client.Option17 is used for client and service end is exchanged manufacturer's information, and the DHCPv6 message that comprises this option can be filled in and sent to client and service end.Its encapsulation format is seen Fig. 4; Constitute by option data (OPTION_VENDOR_CLASS), option (option-len), enterprise number (enterprise-number) and option data (option-data); Wherein option data is filled in manufacturer's relevant information for can fill in the zone by client.
More than existing DHCPv6 option authentication mode, the manufacturer's categorical data of the Option16 in the DHCPv6 message or the option data content of Option17 are directly resolved in main employing, serve as authentication information (password or user name+password or domain name etc.).User's authentication information adopts clear-text way in transmission through network like this, exists potential safety hazard.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of authentication implementation method, system and relevant apparatus, in order to solve the existing unsafe problem of authentication.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of authentication implementation method, comprising: service end receives password encryption field and the user information field that client is sent through DHCPv6 option extension content; Service end is resolved the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
In the such scheme; Said service end receives before the password encryption field and user information field of client through the transmission of DHCPv6 option extension content; Further comprise: client adopts the generation of setting cipher mode to obtain the password encryption field in self DHCP unique identification DUID and password, sends password encryption field and user information field through DHCPv6 option extension content to service end.
In the such scheme; Said client is sent password encryption field and user information field through DHCPv6 option extension content to service end, is specially: client is sent password encryption field and user information field through the manufacturer's categorical data of the Option16 in the DHCPv6 option or the option data of Option17 to service end.
In the such scheme, saidly client is carried out authentication, is specially based on password encryption field and user information field:
Find the password of the said client of service end storage based on user information field; Adopt the cipher mode generation corresponding to obtain authentication information in the DUID and the password of client with client; Authentication information and the password encryption field that parsing obtains are mated; If consistent, then client is through authentication.
In the such scheme, said user information field is user name and domain name combined field or username field.
The present invention also provides a kind of authentication to realize system, comprising:
Client is used for sending password encryption field and user information field through DHCPv6 option extension content to service end;
Service end is used to resolve the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
In the such scheme, said client also is used for: adopt the generation of setting cipher mode to obtain the password encryption field in self DUID and password.
In the such scheme, said user information field is user name and domain name combined field or username field.
The present invention also provides a kind of client that realizes authentication, comprising:
Generation module is used for filling in password encryption field and user information field in DHCPv6 option extension content;
Sending module is used for sending DHCPv6 option extension content to service end, so that service end is resolved the DHCPv6 option extension content received and based on password encryption field and user information field client carried out authentication.
In the such scheme, said user information field is user name and domain name combined field or username field.
The present invention also provides a kind of service end that realizes authentication, comprising:
Parsing module is used to resolve the DHCPv6 option extension content of receiving, obtains password encryption field and user information field;
Authentication module is used for based on password encryption field and user information field client being carried out authentication.
In the such scheme, said user information field is user name and domain name combined field or username field.
Using the present invention can carry out authentication based on existing DHCPv6 option, adopts cipher mode to encrypt in password, safer.And use the present invention and need not change service end, formerly do not need to design again for the service end of supporting this authentication mode, saved the construction cost of system because the present invention is based on the chap authentication mode of PPP.Thereby the present invention is a kind of more aspect and more perfect, the safer certificate scheme based on the DHCPv6 option, and improves access-in user safety property.
Description of drawings
Fig. 1 is existing IPTV business network topology sketch map;
Fig. 2 supports to require sketch map for equivalent of the apparatus to DHCPv6 OPTION;
Fig. 3 is existing DHCPv6 Option16 encapsulation format sketch map;
Fig. 4 is existing DHCPv6 Option17 encapsulation format sketch map;
Fig. 5 is the simplification network topological diagram of application scenarios in the embodiment of the invention;
Fig. 6 is that a kind of authentication realizes the method flow sketch map in the embodiment of the invention;
Enciphered data encapsulation format sketch map among the DHCPv6 Option in Fig. 7 embodiment of the invention;
Fig. 8 is the interaction flow sketch map of client dialing authentication in the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment the present invention is elaborated.
In the present invention, in order to solve prior art problems,, proposed to adopt the DHCPv6 option to realize the solution of safety certification based on polynary IPv6 access way.
Basic thought of the present invention is: client is sent password encryption field and user information field through DHCPv6 option extension content to service end; Service end is resolved the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
Wherein, Said client is sent password encryption field and user information field through DHCPv6 option extension content to service end, is specially: client is sent password encryption field and user information field through the manufacturer's categorical data of the Option16 in the DHCPv6 option or the option data of Option17 to service end.
Said client was passed through DHCPv6 option extension content before service end is sent password encryption field and user information field; Also comprise: (DHCP Unique Identifier DUID) adopt to set cipher mode with password and generates and obtain the password encryption field client with self DHCP unique identification.
Said service end is carried out authentication based on password encryption field and user information field to client; Be specially: service end finds the password of the said client of service end storage based on user information field; Adopt the cipher mode generation corresponding to obtain authentication information in the DUID and the password of client with client; Authentication information and the password encryption field that parsing obtains are mated, if consistent, then client is through authentication.
The above user information field is user name and domain name combined field or username field.
Fig. 5 has showed the application scenarios of present embodiment, and Fig. 6 is that a kind of authentication realizes the method flow sketch map in the embodiment of the invention, and is as shown in Figure 6:
Step 601; Use in the process of DHCPv6 dial-up access network in client, in the mutual stage of DHCPv6, client is initiated DHCPv6 to service end and is sought message; This DHCPv6 seeks message and comprises IPv6 information such as IPv6 address, IPv6 prefix and QoS; Seek to comprise in the message Option16 or Option17 at this DHCPv6, in the option data of the manufacturer's categorical data of Option16 or Option17, comprise password encryption field and user name and domain name combined field, as shown in Figure 7.
Fig. 7 has showed the expansion content of Option16 or Option17, and promptly the manufacturer's categorical data of Option16 or the option data of Option17 are expanded content and comprised type (TYPE), length (LEN), password encryption field and user information field.To be client adopt 16 fixing md5 encryption modes (also can adopt other cipher modes, the algorithm that the AES that adopts adopts during with server side authentication is consistent) generation to obtain here in the DUID of self and password to the password encryption field.The username and password of client is provided by operator, and in service end storage is arranged, and the DUID of client is included in DHCPv6 and seeks in the message.User profile can be user name and domain name combined field, and user name and domain name combined field can adopt the mode of character string to encapsulate, and packing rule is " user name character string domain name character string " (example: 13100000000zte.com.cn).User profile also can be username field, promptly only comprises user name and does not carry the domain name filling, and then packing rule is " user name character string " (example: 13100000000).
Step 602, the DHCPv6 that BRAS received and resolved the client transmission seeks message, obtains the content in Option16 manufacturer's categorical data or the Option17 option data.
Step 603, BRAS judges the DHCPv6 that client is sent seeks whether to lack necessary information in the message, if user information field and password encryption field contents do not lack execution in step 604; If user information field or password encryption field contents disappearance are not carried out the option authentication, execution in step 605.
Step 604; BRAS judges service end whether support option Option16 or Option17; If service end has the relevant configuration of Option16 or Option17, then service end support option Option16 or Option17 further resolve user name and domain name combined field; Get access to user name or user name adds domain name, execution in step 606; If service end does not have the relevant configuration of Option16 or Option17, then do not support Option16 or Option17, can't carry out authentication based on option, execution in step 605.
Step 605, BRAS waits for client timeout or dialing again.
Step 606, BRAS judges further whether self supports local authentication, if the authenticated configuration of BRAS has the local method, then supports the local authentication mode, execution in step 607; If the authenticated configuration of BRAS does not have the local method, then do not support the local authentication mode, need to adopt non-local authentication mode, execution in step 608.
Step 607; BRAS uses user name or user name to add the client password of domain name lookup to the service end storage, uses the DUID (DHCPv6 that is included in the client transmission seeks in the message) of this password and client to use the MD5 algorithm to generate 16 MD5 sign indicating number, and the password encryption field of this MD5 sign indicating number and Option16 or Option17 expansion content is mated; Judge in step 609 whether authentication is successful; The matching result unanimity is then thought client through authentication, authentication success, execution in step 610; Think client if matching result is inconsistent not through authentication, authentication is unsuccessful, does not reply any message, execution in step 605.
Step 608; BRAS with DUID, user name or the user name of client add domain name, the password encryption field is sent to certificate server and carries out authentication; The authentication processing of certificate server is with identical described in the step 607; If authentification failure execution in step 605, if authentication success, notice BRAS and execution in step 610.
Step 610, BRAS searches IPv6 information at home server or certificate server, carries IPv6 information through DHCPv6 advertisement message and returns to client.IPv6 information is the relevant information that is used to carry out network insertion.
Fig. 8 is configured to non-local authentication for service end and is that DHCPv6 user uses the interaction flow of client dialing, is that the Radius server is an example with DHCPv6 Option16, certificate server, comprising when supporting DHCPv6 Option16:
Step 801, the user uses client to dial, and client is sent DHCPv6 and is sought message to service end request IPv6 information and request authentication.This DHCPv6 seeks message and carries DHCPv6 Option16, and in manufacturer's categorical data of Option16, comprises password encryption field as shown in Figure 7 and user name and domain name combined field.
Step 802; BRAS receives and also to resolve DHCPv6 and seek message, obtains password encryption field, user name and domain name combined field, confirm service end support option Option16 after; Further resolve user name and domain name combined field; Get access to user name and add domain name, BRAS judges self and does not support the local authentication mode, DUID, password encryption field, the user name of client is added domain name be sent to the Radius server and carry out authentication.
Step 803; The Radius server uses user name to add the password of domain name lookup to client, and the MD5 sign indicating number with the DUID of this password and client uses 16 of MD5 algorithm generations matees the password encryption field in this MD5 sign indicating number and the Option16 manufacturer categorical data; The matching result unanimity is then thought authentication success; In Radius whois lookup IPv6 information, carry IPv6 information through DHCPv6 advertisement message and return to BRAS, execution in step 804; Think that if matching result is inconsistent authentication is unsuccessful, do not reply any message, wait for client timeout or dialing again.
Step 804, the DHCPv6 advertisement message that BRAS will carry IPv6 information sends to client.
Step 805, client are received DHCPv6 advertisement message, choose DHCPv6 information useful in the IPv6 information, like IPv6 prefix and IPv6 address, and client can be initiated the DHCPv6 request message, to confirm IPv6 information to service end.
Step 806, BRAS receives the DHCPv6 request message of client, replys the DHCPv6 confirmation message, client receives that confirmation message then can use IPv6 information to carry out network insertion in step 807.
In embodiments of the present invention, authentication realizes that system mainly comprises: client and service end, wherein,
Client is used for sending password encryption field and user information field through DHCPv6 option extension content to service end;
Service end is used to resolve the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
Said client also is used for adopting the generation of setting cipher mode to obtain the password encryption field in self DUID and password.
Wherein, client can be for supporting TV, STB, computer or the wireless terminal etc. of DHCPv6.Service end can be BRAS, and this moment, BRAS can realize the function of certificate server; Service end also can be BRAS and certificate server, and certificate server can be DHCPv6 server, aaa authentication server or Radius server.
In embodiments of the present invention, realize that the client of authentication comprises: generation module and sending module, wherein,
Generation module is used for filling in password encryption field and user information field in DHCPv6 option extension content;
Sending module is used for sending DHCPv6 option extension content to service end, so that service end is resolved the DHCPv6 option extension content received and based on password encryption field and user information field client carried out authentication.
In embodiments of the present invention, the service end of realization authentication comprises:
Parsing module is used to resolve the DHCPv6 option extension content of receiving, obtains password encryption field and user information field;
Authentication module is used for based on password encryption field and user information field client being carried out authentication.
Said service end can be BRAS, and this moment, BRAS had the function of certificate server; Service end also can be BRAS and certificate server, and wherein, parsing module is positioned at BRAS, and authentication module is positioned at certificate server.
More than each relevant portion be embodied in the preceding method existing detailed description the in detail, repeat no more at this.
In above-mentioned application scenarios, use the present invention and can make original DHCPv6 Option16 or Option17 authentication safer, adopt MD5 algorithm or other AESs to encrypt in password.When the CHAP of PPP carries out md5 encryption, need service end in advance challenge code to be issued the md5 encryption that client could be accomplished password and challenge code.For DHCPv6, then can not in advance challenge code be sent to client, this reason also is the main difficult point of DHCPv6 option authentication.The present invention adopts the DUID in the DHCPv6 to encrypt as challenge code and has then solved this problem.Issue the mode of server side authentication as challenge code and password with AES with the DUID of client, solve the safety problem that original DHCPv6 option authentication mode brings.And use the present invention and need not change service end; Like BRAS or BRAS and certificate server; Former because the present invention is based on the chap authentication mode of PPP, does not need to design again for the service end of supporting this authentication mode, has saved the construction cost of system.Thereby the present invention is a kind of more aspect and more perfect, the safer certificate scheme based on the DHCPv6 option, and improves access-in user safety property.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.

Claims (12)

1. an authentication implementation method is characterized in that, comprising:
Service end receives password encryption field and the user information field that client is sent through DHCPv6 option extension content;
Service end is resolved the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
2. method according to claim 1 is characterized in that, said service end receives before the password encryption field and user information field of client through the transmission of DHCPv6 option extension content, further comprises:
Client adopts the generation of setting cipher mode to obtain the password encryption field in self DHCP unique identification DUID and password, sends password encryption field and user information field through DHCPv6 option extension content to service end.
3. method according to claim 2 is characterized in that, said client is sent password encryption field and user information field through DHCPv6 option extension content to service end, is specially:
Client is sent password encryption field and user information field through the manufacturer's categorical data of the Option16 in the DHCPv6 option or the option data of Option17 to service end.
4. according to claim 1,2 or 3 described methods, it is characterized in that, saidly client carried out authentication, be specially based on password encryption field and user information field:
Find the password of the said client of service end storage based on user information field; Adopt the cipher mode generation corresponding to obtain authentication information in the DUID and the password of client with client; Authentication information and the password encryption field that parsing obtains are mated; If consistent, then client is through authentication.
5. according to claim 1,2 or 3 described methods, it is characterized in that said user information field is user name and domain name combined field or username field.
6. an authentication realizes system, it is characterized in that, comprising:
Client is used for sending password encryption field and user information field through DHCPv6 option extension content to service end;
Service end is used to resolve the DHCPv6 option extension content of receiving, based on password encryption field and user information field client is carried out authentication.
7. system according to claim 6 is characterized in that, said client also is used for:
Adopt the generation of setting cipher mode to obtain the password encryption field in self DUID and password.
8. according to claim 6 or 7 described systems, it is characterized in that said user information field is user name and domain name combined field or username field.
9. a client that realizes authentication is characterized in that, comprising:
Generation module is used for filling in password encryption field and user information field in DHCPv6 option extension content;
Sending module is used for sending DHCPv6 option extension content to service end, so that service end is resolved the DHCPv6 option extension content received and based on password encryption field and user information field client carried out authentication.
10. client according to claim 9 is characterized in that, said user information field is user name and domain name combined field or username field.
11. a service end that realizes authentication is characterized in that, comprising:
Parsing module is used to resolve the DHCPv6 option extension content of receiving, obtains password encryption field and user information field;
Authentication module is used for based on password encryption field and user information field client being carried out authentication.
12. service end according to claim 11 is characterized in that, said user information field is user name and domain name combined field or username field.
CN2012102254501A 2012-07-02 2012-07-02 Authentication implementation method, system and related devices Pending CN102761546A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012102254501A CN102761546A (en) 2012-07-02 2012-07-02 Authentication implementation method, system and related devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012102254501A CN102761546A (en) 2012-07-02 2012-07-02 Authentication implementation method, system and related devices

Publications (1)

Publication Number Publication Date
CN102761546A true CN102761546A (en) 2012-10-31

Family

ID=47055867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012102254501A Pending CN102761546A (en) 2012-07-02 2012-07-02 Authentication implementation method, system and related devices

Country Status (1)

Country Link
CN (1) CN102761546A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014180415A1 (en) * 2013-12-09 2014-11-13 中兴通讯股份有限公司 Media stream packet nat traversal method, mdu and iptv system
CN110855573A (en) * 2019-11-30 2020-02-28 四川天邑康和通信股份有限公司 3DES (3 data encryption Standard) DHCP option60 decryption method based on linux bridge
CN111954102A (en) * 2020-07-16 2020-11-17 烽火通信科技股份有限公司 Routing control method and device in DHCPV6 PD scene

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040264439A1 (en) * 2003-06-25 2004-12-30 Sbc Properties, L.P. Remote Location VOIP Roaming Behind Firewalls
CN1859409A (en) * 2006-03-17 2006-11-08 华为技术有限公司 Method and system for improving network dynamic host configuration DHCP safety
CN1889577A (en) * 2006-07-18 2007-01-03 Ut斯达康通讯有限公司 IP address distributing method based on DHCP extended attribute
CN101083660A (en) * 2007-05-30 2007-12-05 北京润汇科技有限公司 Session control based IP network authentication method of dynamic address distribution protocol
CN101232369A (en) * 2007-01-22 2008-07-30 华为技术有限公司 Method and system for distributing cryptographic key in dynamic state host computer collocation protocol
CN101436936A (en) * 2008-12-15 2009-05-20 中兴通讯股份有限公司 Access authentication method and system based on DHCP protocol

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040264439A1 (en) * 2003-06-25 2004-12-30 Sbc Properties, L.P. Remote Location VOIP Roaming Behind Firewalls
CN1859409A (en) * 2006-03-17 2006-11-08 华为技术有限公司 Method and system for improving network dynamic host configuration DHCP safety
CN1889577A (en) * 2006-07-18 2007-01-03 Ut斯达康通讯有限公司 IP address distributing method based on DHCP extended attribute
CN101232369A (en) * 2007-01-22 2008-07-30 华为技术有限公司 Method and system for distributing cryptographic key in dynamic state host computer collocation protocol
CN101083660A (en) * 2007-05-30 2007-12-05 北京润汇科技有限公司 Session control based IP network authentication method of dynamic address distribution protocol
CN101436936A (en) * 2008-12-15 2009-05-20 中兴通讯股份有限公司 Access authentication method and system based on DHCP protocol

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014180415A1 (en) * 2013-12-09 2014-11-13 中兴通讯股份有限公司 Media stream packet nat traversal method, mdu and iptv system
CN110855573A (en) * 2019-11-30 2020-02-28 四川天邑康和通信股份有限公司 3DES (3 data encryption Standard) DHCP option60 decryption method based on linux bridge
CN111954102A (en) * 2020-07-16 2020-11-17 烽火通信科技股份有限公司 Routing control method and device in DHCPV6 PD scene
CN111954102B (en) * 2020-07-16 2022-05-17 烽火通信科技股份有限公司 Routing control method and device in DHCPV6 PD scene

Similar Documents

Publication Publication Date Title
CN110087236B (en) Protocol for establishing a secure communication session with an anonymous host over a wireless network
CN101296203B (en) Device, system and method for automatically configuring application terminal in family network
US8189567B2 (en) Method and nodes for registering a terminal
TWI274491B (en) Network interconnection apparatus, network interconnection method, name resolution apparatus and computer program
US9967738B2 (en) Methods and arrangements for enabling data transmission between a mobile device and a static destination address
CN101416176B (en) DynamicHost configuration and network access authentication
CN102123157B (en) Authentication method and system
EP2950499B1 (en) 802.1x access session keepalive method, device, and system
CN103580980A (en) Automatic searching and automatic configuration method and device of VN
CN101478576A (en) Method, apparatus and system for selecting service network
CN102231725B (en) Method, equipment and system for authenticating dynamic host configuration protocol message
CN103517377A (en) Wireless network access method, Wifi access point and terminal
US20150009916A1 (en) Pairing of devices through separate networks
KR20110039451A (en) Network address assignment
WO2015018069A1 (en) Method, device and system for acquiring service by network terminal
CN101471767B (en) Method, equipment and system for distributing cipher key
CN105323325A (en) Address assignment method for identity and position separation network, and access service node
CN113068181B (en) Multi-type intelligent terminal safety network access method
CN102413103B (en) Message verification method, system and equipment
EP2451131B1 (en) Method, apparatus and system for obtaining local domain name
CN102761546A (en) Authentication implementation method, system and related devices
CN102577299B (en) The Access Network authentication information bearing protocol simplified
CN102624707A (en) Method and system for negotiating internet protocol version 6 (IPv6) information
CN101635632A (en) Method, system and device for authentication and configuration
JP5029994B2 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, ADDRESS ALLOCATION DEVICE, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL PROGRAM

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20121031