CN105933333A - Authentication charging method and export gateway of enterprise network - Google Patents
Authentication charging method and export gateway of enterprise network Download PDFInfo
- Publication number
- CN105933333A CN105933333A CN201610441623.1A CN201610441623A CN105933333A CN 105933333 A CN105933333 A CN 105933333A CN 201610441623 A CN201610441623 A CN 201610441623A CN 105933333 A CN105933333 A CN 105933333A
- Authority
- CN
- China
- Prior art keywords
- list item
- egress gateways
- user
- certificate server
- data message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides an authentication charging method of an enterprise network. The method comprises following steps that an export gateway receives user table items fed back by an authentication server after a switch initiates authentication to the authentication server according to an authentication request sent by a user and the authentication is successful; the export gateway receives data messages sent by the user and searches the user table items according to the data messages; and the export gateway processes the data messages according to the search results of the user table items. Moreover, the invention also provides an authentication charging export gateway of the enterprise network. Through adoption of the method and the export gateway, the new application demands that the access to the network needs to be authenticated, the access to inner network is free, and the access to an outer network is charged according to traffic are satisfied.
Description
Technical field
The present invention relates to network communication field, especially relate to method and the egress gateways of a kind of Enterprise Net Attestation charging.
Background technology
At present, along with the fast development of Internet technology, network security has become as a global problem.Should be used for from existing market, the user accessing network be carried out authentication and has become the important means guaranteed network security.In terms of deployment model, the deployment model of certification mainly has access and standard to go out two kinds.Fig. 1 is the deployment schematic diagram that standard goes out certification.In Fig. 1, terminal is connected to internal network (being called for short " Intranet " in Fig. 1) by access switch, and such as enterprise network or campus network, concrete, terminal is attached to certain port of this access switch.Access switch can also be connected to external network by egress gateways, such as the Internet.Fig. 1 merely illustrates a terminal, can connect multiple terminal under certain access switch.Can also connect between access switch and egress gateways and have convergence switch.
When using standard to go out certification deployment model, NAS(Network Access
Security, the equipment opening certification is referred to as NAS) undertaken by egress gateways.In this mode, terminal networks access switch, and access switch does not do network and controls directly to E-Packet (referred to as transparent transmission), and therefore, terminal i.e. may have access to the resource of internal network without certification.When terminal the Internet to be accessed, the surfing flow of user can be by NAS(egress gateways) intercept, only certification accesses the Internet by rear just permission.
Terminal is connected to internal network by access switch, and such as enterprise network or campus network, concrete, terminal is attached to certain port of this access switch.Access switch can also be connected to external network by egress gateways, such as the Internet.Fig. 1 merely illustrates a terminal, can connect multiple terminal under certain access switch.Can also connect between access switch and egress gateways and have convergence switch.
When using admission authentication deployment model, NAS(Network Access
Security, the equipment opening certification is referred to as NAS) undertaken by access switch.In this mode, terminal networks after access switch, and flow will be by NAS(access switch) intercept, therefore, after only certification is passed through, just allow to access internal network and external network.Along with the development of application, occur in that access network needs certification, access internal network free, access external network and press the new opplication demand of flow charging.Such as: student accesses campus network needs certification, access campus network free, access the Internet and then charge by flow.
Summary of the invention
In order to solve above-mentioned technical problem, embodiments of the invention adopt the following technical scheme that.
A kind of method of Enterprise Net Attestation charging, it is applied in the system comprising switch, certificate server and egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, comprises the following steps:
The certification sent according to user when described switch is asked after described certificate server initiates certification success, and described egress gateways receives user's list item of described certificate server feedback.
Described egress gateways receives the data message that described user sends, and searches described user's list item according to described data message.
Described data message is processed by described egress gateways according to the lookup result of described user's list item.
Optionally, the step that described data message is processed by described egress gateways according to the lookup result of described user's list item specifically includes:
When described egress gateways does not finds described user's list item, and the most described egress gateways directly forwards described data message;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Optionally, described in described egress gateways find described user's list item, and described user's list item, comprise permission forward labelling, flow information that the most described egress gateways updates described user and forward described data message step after also include:
Optionally, the flow information of described user, according to described user's list item, is updated to described certificate server in default cycle T 1 by described egress gateways.
Optionally, when there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms that, when described egress gateways does not has described user's list item, described egress gateways receives described user's list item from described certificate server again;When on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, described egress gateways deletes described user's list item according to the notice of described certificate server.
Optionally, the method also includes: described egress gateways receives the heartbeat message that described certificate server sends in default cycle T 2, confirm that the passage between described certificate server and described egress gateways is normal, when described egress gateways confiscates described heartbeat message in described default cycle T 2, then comprise, described in deletion, the user's list item abandoning labelling.
Accordingly, the embodiment of the present invention also provides for the egress gateways of a kind of Enterprise Net Attestation charging, it is applied in the system comprising switch, certificate server and described egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, including:
User's list item maintenance module, the certification for sending according to user when described switch asks, after described certificate server initiates certification success, to receive user's list item of described certificate server feedback.
Data message receiver module, for receiving the data message that described user sends.
Enquiry module, for searching described user's list item according to described data message.
Processing module, for processing described data message according to the lookup result of described user's list item.
Optionally, described processing module specifically for, when described egress gateways does not finds described user's list item, and the most described egress gateways directly forwards described data message;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Optionally, also include: more new module, for according to described user's list item, in default cycle T 1, the flow information of described user is updated to described certificate server.
Optionally, described user's list item maintenance module, it is additionally operable to when there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms, when described egress gateways does not has described user's list item, again to receive described user's list item from described certificate server.
Described user's list item maintenance module, be additionally operable to when on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, delete described user's list item according to the notice of described certificate server.
Optionally, this egress gateways also includes: passage maintenance module, receives, for described egress gateways, the heartbeat message that described certificate server sends, confirm that the passage between described certificate server and described egress gateways is normal in default cycle T 2.
Described user's list item maintenance module, is additionally operable to confiscate described heartbeat message in described default cycle T 2, then comprises, described in deletion, the user's list item abandoning labelling.
Having the beneficial effects that of the embodiment of the present invention: meeting access network needs certification, accesses internal network free, accesses external network and presses the new opplication demand of flow charging, and without repeatedly certification.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in describing below is only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of system structure schematic diagram of prior art.
A kind of method flow diagram that Fig. 2 provides for the embodiment of the present invention.
A kind of method flow diagram that Fig. 3 provides for the embodiment of the present invention.
A kind of method flow diagram that Fig. 4 provides for the embodiment of the present invention.
A kind of method flow diagram that Fig. 5 provides for the embodiment of the present invention.
A kind of structure drawing of device that Fig. 6 provides for the embodiment of the present invention.
A kind of structure drawing of device that Fig. 7 provides for the embodiment of the present invention.
A kind of structure drawing of device that Fig. 8 provides for the embodiment of the present invention.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into the scope of protection of the invention.
One embodiment of the invention provides a kind of method of Enterprise Net Attestation charging, it is applied in the system comprising switch, certificate server and egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, as in figure 2 it is shown, comprise the following steps:
S101, the certification sent according to user when described switch is asked after described certificate server initiates certification success, user's list item of described egress gateways reception described certificate server feedback.
S103, described egress gateways receives the data message that described user sends, and searches described user's list item according to described data message.
S105, described data message is processed by described egress gateways according to the lookup result of described user's list item.
Having the beneficial effects that of the embodiment of the present invention, meeting access network needs certification, accesses internal network free, accesses external network and presses the new opplication demand of flow charging, and without repeatedly certification.
Optionally, in an embodiment of the present invention, step S105 specifically includes:
When described egress gateways does not finds described user's list item, the most described egress gateways directly forwards described data message, having the beneficial effects that of this embodiment, ensure Consumer's Experience, avoid the occurrence of user on access switch certification pass through, but because user's list item is not synchronized to egress gateways in time, cause data message to be dropped at egress gateways and the external networks such as the Internet cannot be accessed;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
When described egress gateways finds described user's list item, and described user's list item comprises abandon labelling, the most described egress gateways directly abandons described data message, in this embodiment, when subscriber arrearage, certificate server is synchronized to user's list item instruction egress gateways of egress gateways and directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Optionally, as it is shown on figure 3, in an embodiment of the present invention, described find described user's list item when described egress gateways, and described user's list item comprise permission forward labelling, flow information that the most described egress gateways updates described user and forward described data message step after also include:
S107, the flow information of described user, according to described user's list item, is updated to described certificate server in default cycle T 1 by described egress gateways.
Optionally, as shown in Figure 4, in an embodiment of the present invention, also include:
S109, when there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms that, when described egress gateways does not has described user's list item, described egress gateways receives described user's list item from described certificate server again.
S111, when on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, described egress gateways deletes described user's list item according to the notice of described certificate server.
Having the beneficial effect that of this embodiment, can guarantee that certificate server is consistent with user's list item of egress gateways total energy, makes charging result the most accurate.
Optionally, as it is shown in figure 5, in an embodiment of the present invention, also include:
S113, described egress gateways receives the heartbeat message that described certificate server sends in default cycle T 2, confirm that the passage between described certificate server and described egress gateways is normal, when described egress gateways confiscates described heartbeat message in described default cycle T 2, then comprise, described in deletion, the user's list item abandoning labelling.
Optionally, the switch in above-described embodiment can be the combination between one of access switch, convergence switch, core switch or combination between any two or three.
Another embodiment of the present invention provides the egress gateways of a kind of Enterprise Net Attestation charging, it is applied in the system comprising switch, certificate server and described egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, as shown in Figure 6, including:
User's list item maintenance module 201, the certification for sending according to user when described switch asks, after described certificate server initiates certification success, to receive user's list item of described certificate server feedback.
Data message receiver module 203, for receiving the data message that described user sends.
Enquiry module 205, for searching described user's list item according to described data message.
Processing module 207, for processing described data message according to the lookup result of described user's list item.
Optionally, processing module 207 specifically for,
When described egress gateways does not finds described user's list item, and the most described egress gateways directly forwards described data message;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Optionally, as it is shown in fig. 7, in an embodiment of the present invention, egress gateways also includes:
More new module 209, for according to described user's list item, is updated to described certificate server by the flow information of described user in default cycle T 1.
Optionally, in an embodiment of the present invention,
User's list item maintenance module 201, it is additionally operable to when there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms, when described egress gateways does not has described user's list item, again to receive described user's list item from described certificate server.
User's list item maintenance module 201, be additionally operable to when on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, delete described user's list item according to the notice of described certificate server.
Having the beneficial effect that of this embodiment, can guarantee that certificate server is consistent with user's list item of egress gateways total energy, makes charging result the most accurate.
Optionally, as shown in Figure 8, in an embodiment of the present invention, also include:
Passage maintenance module 211, receives, for described egress gateways, the heartbeat message that described certificate server sends in default cycle T 2, confirms that the passage between described certificate server and described egress gateways is normal.
Described user's list item maintenance module 201, is additionally operable to confiscate described heartbeat message in described default cycle T 2, then comprises, described in deletion, the user's list item abandoning labelling.
Optionally, the switch in above-described embodiment can be the combination between one of access switch, convergence switch, core switch or combination between any two or three.
Having the beneficial effects that of the embodiment of the present invention, meeting access network needs certification, accesses internal network free, accesses external network and presses the new opplication demand of flow charging, and without repeatedly certification.
Last it is noted that above example is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to previous embodiment, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein portion of techniques feature is carried out equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. the method for an Enterprise Net Attestation charging, it is characterized in that, it is applied in the system comprising switch, certificate server and egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, comprises the following steps:
The certification sent according to user when described switch is asked after described certificate server initiates certification success, and described egress gateways receives user's list item of described certificate server feedback;
Described egress gateways receives the data message that described user sends, and searches described user's list item according to described data message;
Described data message is processed by described egress gateways according to the lookup result of described user's list item.
Method the most according to claim 1, it is characterised in that the step that described data message is processed by described egress gateways according to the lookup result of described user's list item specifically includes:
When described egress gateways does not finds described user's list item, and the most described egress gateways directly forwards described data message;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Method the most according to claim 2, it is characterized in that, described in described egress gateways find described user's list item, and described user's list item, comprise permission forward labelling, flow information that the most described egress gateways updates described user and forward described data message step after also include:
The flow information of described user, according to described user's list item, is updated to described certificate server in default cycle T 1 by described egress gateways.
Method the most according to claim 3, it is characterised in that also include:
When there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms that, when described egress gateways does not has described user's list item, described egress gateways receives described user's list item from described certificate server again;When on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, described egress gateways deletes described user's list item according to the notice of described certificate server.
Method the most according to claim 4, it is characterised in that also include:
Described egress gateways receives the heartbeat message that described certificate server sends in default cycle T 2, confirm that the passage between described certificate server and described egress gateways is normal, when described egress gateways confiscates described heartbeat message in described default cycle T 2, then comprise, described in deletion, the user's list item abandoning labelling.
6. the egress gateways of an Enterprise Net Attestation charging, it is characterized in that, it is applied in the system comprising switch, certificate server and described egress gateways, wherein, described switch is connected with the internal network being positioned within described egress gateways and is connected with the external network being positioned at beyond described egress gateways by described egress gateways, described certificate server is connected with described egress gateways by described switch, including:
User's list item maintenance module, the certification for sending according to user when described switch asks, after described certificate server initiates certification success, to receive user's list item of described certificate server feedback;
Data message receiver module, for receiving the data message that described user sends;
Enquiry module, for searching described user's list item according to described data message;
Processing module, for processing described data message according to the lookup result of described user's list item.
Egress gateways the most according to claim 6, it is characterised in that described processing module specifically for,
When described egress gateways does not finds described user's list item, and the most described egress gateways directly forwards described data message;Or,
Comprising permission in described egress gateways finds described user's list item, and described user's list item and forward labelling, the most described egress gateways updates the flow information of described user and forwards described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways directly abandons described data message;Or,
Comprising in described egress gateways finds described user's list item, and described user's list item and abandon labelling, the most described egress gateways intercepts described data message, and described data message is redirected to specific webpage, and described specific webpage comprises described subscriber arrearage information.
Egress gateways the most according to claim 7, it is characterised in that also include:
More new module, for according to described user's list item, is updated to described certificate server by the flow information of described user in default cycle T 1.
Egress gateways the most according to claim 8, it is characterised in that
Described user's list item maintenance module, it is additionally operable to when there being described user's list item on described certificate server, but do not receive flow information from described egress gateways to update, the most described certificate server confirms, when described egress gateways does not has described user's list item, again to receive described user's list item from described certificate server;
Described user's list item maintenance module, be additionally operable to when on described certificate server without described user's list item, but continue in the given time from described egress gateways receive flow information update time, delete described user's list item according to the notice of described certificate server.
Egress gateways the most according to claim 6, it is characterised in that also include:
Passage maintenance module, receives, for described egress gateways, the heartbeat message that described certificate server sends in default cycle T 2, confirms that the passage between described certificate server and described egress gateways is normal,
Described user's list item maintenance module, is additionally operable to confiscate described heartbeat message in described default cycle T 2, then comprises, described in deletion, the user's list item abandoning labelling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610441623.1A CN105933333A (en) | 2016-06-20 | 2016-06-20 | Authentication charging method and export gateway of enterprise network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610441623.1A CN105933333A (en) | 2016-06-20 | 2016-06-20 | Authentication charging method and export gateway of enterprise network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105933333A true CN105933333A (en) | 2016-09-07 |
Family
ID=56830806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610441623.1A Pending CN105933333A (en) | 2016-06-20 | 2016-06-20 | Authentication charging method and export gateway of enterprise network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105933333A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012032A (en) * | 2019-04-28 | 2019-07-12 | 新华三技术有限公司 | A kind of user authen method and device |
| CN111107106A (en) * | 2019-12-31 | 2020-05-05 | 奇安信科技集团股份有限公司 | Authentication method, authentication system, firewall device and storage medium |
| CN112769830A (en) * | 2021-01-12 | 2021-05-07 | 杭州迪普科技股份有限公司 | TCP session aging control method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553368A (en) * | 2003-06-02 | 2004-12-08 | ��Ϊ��������˾ | Network verifying, authorizing and accounting system and method |
| CN1855933A (en) * | 2005-04-06 | 2006-11-01 | 神州数码网络(北京)有限公司 | System and method for certification and charge of network |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| CN101296098A (en) * | 2008-06-25 | 2008-10-29 | 中兴通讯股份有限公司 | Multi-authentication domain charging method |
| CN101465856A (en) * | 2008-12-31 | 2009-06-24 | 杭州华三通信技术有限公司 | Method and system for controlling user access |
| CN102469078A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团公司 | Method, system and device for accessing campus network to external network |
-
2016
- 2016-06-20 CN CN201610441623.1A patent/CN105933333A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553368A (en) * | 2003-06-02 | 2004-12-08 | ��Ϊ��������˾ | Network verifying, authorizing and accounting system and method |
| CN1855933A (en) * | 2005-04-06 | 2006-11-01 | 神州数码网络(北京)有限公司 | System and method for certification and charge of network |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| CN101296098A (en) * | 2008-06-25 | 2008-10-29 | 中兴通讯股份有限公司 | Multi-authentication domain charging method |
| CN101465856A (en) * | 2008-12-31 | 2009-06-24 | 杭州华三通信技术有限公司 | Method and system for controlling user access |
| CN102469078A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团公司 | Method, system and device for accessing campus network to external network |
Non-Patent Citations (3)
| Title |
|---|
| 佚名: "融合安全 易用领先——校园网准入准出一体化解决方案", 《HTTPS://WENKU.BAIDU.COM/VIEW/4BB96669011CA300A6C39089.HTML》 * |
| 吉翔: "802.1X与网关联动技术的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 孙刚凝: "基于 EAD 的校园网准入/准出认证机制的设计和实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012032A (en) * | 2019-04-28 | 2019-07-12 | 新华三技术有限公司 | A kind of user authen method and device |
| CN110012032B (en) * | 2019-04-28 | 2021-11-23 | 新华三技术有限公司 | User authentication method and device |
| CN111107106A (en) * | 2019-12-31 | 2020-05-05 | 奇安信科技集团股份有限公司 | Authentication method, authentication system, firewall device and storage medium |
| CN112769830A (en) * | 2021-01-12 | 2021-05-07 | 杭州迪普科技股份有限公司 | TCP session aging control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10531297B2 (en) | Authentication method and server, and computer storage medium | |
| CN110263936B (en) | Horizontal federal learning method, device, equipment and computer storage medium | |
| US11658975B2 (en) | Authorization for network function registration | |
| CN110234112B (en) | Message processing method, system and user plane function device | |
| CN105516960B (en) | Non-perception authentication method and system, and management method and system based on method and system | |
| WO2018137713A1 (en) | Internal network slice authentication method, slice authentication proxy entity, and session management entity | |
| CN107580360A (en) | A kind of network is cut into slices method, equipment and the network architecture of selection | |
| CN108833181A (en) | NG-CN network slice systems and network are sliced selection method | |
| US20180048633A1 (en) | Perception-free authentication method and system, and control method and system based on the same | |
| US10491414B1 (en) | System and method of providing a controlled interface between devices | |
| CN109413194B (en) | User information cloud cooperative processing and transferring method for mobile communication system | |
| CN109429272A (en) | Shunt method and relevant device under a kind of roaming scence | |
| CN105873055B (en) | Wireless network access authentication method and device | |
| CN109413649A (en) | A kind of access authentication method and device | |
| CN105828413A (en) | Safety method of D2D mode B discovery, terminal and system | |
| CN108882305A (en) | A kind of shunt method and device of data packet | |
| CN109891921A (en) | The certification of Successor-generation systems | |
| CN105933333A (en) | Authentication charging method and export gateway of enterprise network | |
| CN112073997B (en) | Communication method and device | |
| CN114567880B (en) | Communication method, system and computer readable storage medium | |
| CN103199990A (en) | Method and device for routing protocol authentication transfer | |
| CN113099449B (en) | Authentication method and system of distributed core network and home subscriber server | |
| US20170310561A1 (en) | Network Control Method and Apparatus | |
| CN104469770A (en) | WLAN authentication method, platform and system for third-party application | |
| EP1993245A1 (en) | A system and method for realizing message service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160907 |