CN106656911A - Portal authentication method, access device and management server - Google Patents
Portal authentication method, access device and management server Download PDFInfo
- Publication number
- CN106656911A CN106656911A CN201510715637.3A CN201510715637A CN106656911A CN 106656911 A CN106656911 A CN 106656911A CN 201510715637 A CN201510715637 A CN 201510715637A CN 106656911 A CN106656911 A CN 106656911A
- Authority
- CN
- China
- Prior art keywords
- certification
- terminal
- result
- portal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a Portal authentication method, an access device, a management server, and a Portal server. An access device sends a result query request to a management server and receives a first corresponding relation returned by the management server in response to the result query request, wherein the first corresponding relation comprises first authentication ID and a first authorization result, and the first corresponding relation is provided by a Portal server for the management server; and the access device, according to authentication indication in the first authorization result and the first authentication ID, determines whether a first terminal succeeds in Portal authentication, and according to authorization information in the first authorization result, determines whether to forward a hyper text transfer protocol (HTTP) message of the first terminal such that Portal authentication can be completed under the condition that an NAT device exists between the first terminal and the Portal server.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of door (Portal) authentication method, access
Equipment, management server and Portal server.
Background technology
Portal certifications are a kind of authentication modes of conventional accessing terminal to network, during accessing terminal to network, are visited
Arbitrary internet (WEB) page is asked, so as to initiate HTTP (Hyper Text Transfer
Protocol, abbreviation HTTP) message, by network access equipment (referred to as access device) by the HTTP
Message redirecting is to Portal server, and it is close that terminal is input into account in the certification page that Portal server is provided
Code is authenticated, and certification just can normally access network after passing through.Because Portal certifications need not install certification
Client software, terminal is capable of achieving certification by browser, therefore is widely used.
Portal certifications be usually directed to Portal server and checking, authorization and accounting (Authentication,
Authorization, Accounting, abbreviation AAA) server, wherein, Portal server is used to show
Authentication information and show authentication result that certification page, receiving terminal are input on certification page, AAA clothes
Business device is used for terminal identity certification and notifies the Authorization result of access device terminal, specific Portal certifications stream
Journey includes:
Step one:Any webpage of terminal access, initiates HTTP (Hyper Text Transfer
Protocol, abbreviation HTTP) message, if access device finds that this terminal is also unverified passing through, will be described
HTTP message is redirected to Portal server.
Step 2:Terminal input the certifications such as user name, password letter in the certification page that Portal server is provided
Cease, and authentication information is submitted to into Portal server and be authenticated.
Step 3:Portal server sends the authentication request packet of proprietary protocol to access device, the privately owned association
The authentication information such as the user name of carried terminal, password in the authentication request packet of view.
Step 4:Access device sends remote subscriber and dials in the service for checking credentials (Remote Authentication Dial in
User Service, abbreviation RADIUS) agreement authentication request packet to aaa server, the RADIUS
The authentication information such as the user name of carried terminal, password in the authentication request packet of agreement.
Step 5:The use carried in the authentication request packet of the radius protocol that aaa server verification is received
The authentication informations such as name in an account book, password, it is determined whether the terminal that certification is characterized by the authentication information, Yi Jigen
Determine the Authorization result of the terminal according to authentication result.
Step 6:Authorization result is returned to access device by aaa server by radius protocol message.
Step 7:Access device is authorized according to Authorization result to terminal.
Step 8:Access device sends certification response message to Portal server by proprietary protocol.
Step 9:Portal server return authentication results page is to terminal.
Step 10:If certification passes through, access device allows terminal access network.
However, now in increasing Portal certification scenes, between access device and Portal server,
Need to carry out network address translation (Network Address between access device and aaa server
Translation, abbreviation NAT), such as WLAN (wireless local area network, abbreviation WLAN)
In certification scene, the access device of WLAN --- access point (Access Point, AP) is dispersed in each
Place, Portal server and aaa server are deployed in the data center of public cloud, and AP and Portal takes
NAT device is there may be between business device, aaa server so that Portal server and AAA are serviced
Device is sent to the message of access device and can not be received by access device sometimes, and then may cause above-mentioned steps
The Portal server being located in three in public cloud directly can not send Portal certification requests to access device,
Lead to not complete Portal certifications.
The content of the invention
The embodiment of the present invention provides a kind of portal authentication method, access device, management server and Portal
Server, there is nothing in the case of NAT device between access device and Portal server, aaa server
Method completes the problem of Portal certifications.
A kind of first aspect, there is provided portal authentication method, is applied to carry out network address translation
In the network of NAT, access device to management server sends result queries request, the result queries request
Include the device identification ID of the access device;The access device receives the management server and responds institute
The result queries response that result queries request is returned is stated, the result queries response includes that the first correspondence is closed
System, first corresponding relation includes the first certification ID and the first Authorization result;First corresponding relation
The management server is supplied to by Portal server;The access device is according to first Authorization result
In certification indicate and the first certification ID, determine first terminal whether by Portal certifications, and according to
Authorization message in first Authorization result determines whether to forward the Hyper text transfer of the first terminal to assist
View HTTP message, so as to there is NAT device between the first terminal and the Portal server
In the case of complete Portal certifications.
With reference in a first aspect, in the first possible implementation of first aspect, in the access device
Send before result queries request to management server, also include:
If the not actuated timer that the result queries request is sent for triggering, the access device starts
The timer;
The access device to management server sends result queries request, including:
If the timer expiry, the access device sends the result queries to management server please
Ask.
With reference to the first possible implementation of first aspect, in second possible realization of first aspect
In mode, after the expiry of the timer, also include:
The access device deletes the timer;Or
The access device resets the timer and reclocking.
Access device is asked by arranging timers trigger result queries, with the pipe in NAT device outer net
Reason server sets up connection so that follow-up management server can issue Authorization result to being in by this connection
The access device of NAT device Intranet, so as to exist between the first terminal and the Portal server
Portal certifications are completed in the case of NAT device.
With reference to first aspect and first aspect the first to any one in second possible implementation
Kind, in the third possible implementation of first aspect, send out to management server in the access device
Before sending result queries request, also include:
The access device receives the HTTP message from the first terminal for not passing through Portal certifications;
The access device sends the uniform resource position mark URL for redirecting to the first terminal so that
The first terminal initiates certification request according to the URL of the redirection to the Portal server, with
The Portal server is set Portal certifications to be carried out to the first terminal and is provided to the management server
First corresponding relation;The URL of the redirection includes the device id and the first certification ID.
With reference to the third possible implementation of first aspect, in the 4th kind of possible realization of first aspect
In mode, also include the second corresponding relation in result queries response, second corresponding relation includes the
Two certification ID and the second Authorization result;The second certification ID is different with the first certification ID.
Multiple corresponding relations are once carried in by responding in result queries, access device can once obtain many
Individual Authorization result, completes multiple Portal certifications, so as to improve Portal authentication efficiencies.
With reference to first aspect and first aspect the first to any one in the 4th kind of possible implementation
Kind, in the 5th kind of possible implementation of first aspect, the device id is to connect described in unique mark
Enter the MAC address or numbering of equipment.
With reference to first aspect and first aspect the first to any one in the 5th kind of possible implementation
Kind, in the 6th kind of possible implementation of first aspect, the first certification ID is based on described first
The address of terminal generates, and is
The MAC Address of the first terminal and random number and value;Or
The internet protocol address of the first terminal and random number and value;Or
MAC Address and random number and value to the first terminal does the value obtained after Hash operation;Or
IP address and random number and value to the first terminal does the value obtained after Hash operation.
The certification ID that access device is generated by using this mode, can identifying Portal certifications each time
To increase the security of certification.
A kind of second aspect, there is provided portal authentication method, is applied to carry out network address translation
In the network of NAT, management server receives the result queries request that access device sends, the result queries
Request includes the device identification ID of the access device;The management server please according to the result queries
Ask, determine corresponding first corresponding relation of the device id, first corresponding relation includes the first certification
ID and the first Authorization result;First corresponding relation is supplied to the management service by Portal server
Device;The management server to the access device returning result inquiry response, in the result queries response
Including first corresponding relation so that the access device according to first corresponding relation in terminal and institute
Stating and Portal certifications are completed in the case of exist between Portal server NAT device.
With reference to second aspect, in the first possible implementation of second aspect, in the management service
Device is received before the result queries request that access device sends, and is also included:
The management server receives the device id that the Portal server provides and described first pair
Should be related to, first corresponding relation is stored in into the first buffer queue, the queue ID of first buffer queue
For the device id.
Management server arranges buffer queue storage corresponding relation according to device id, can improve search efficiency.
With reference to the first possible implementation of second aspect, in second possible realization of second aspect
In mode, the management server is asked according to the result queries, determines the device id corresponding
One corresponding relation, including:
The management server determines first buffer queue according to the device id,
First corresponding relation is obtained from first buffer queue.
With reference to the first possible implementation of second aspect, in the third possible realization of second aspect
In mode, the management server is asked according to the result queries, determines the device id corresponding
One corresponding relation, including:
The management server determines first buffer queue according to the device id;
Obtain all corresponding relations in first buffer queue, including first corresponding relation and second
Corresponding relation, second corresponding relation includes the second certification ID and the second Authorization result, described second
Certification ID is different with the first certification ID;
Correspondingly, second corresponding relation is also included in the result queries response.
So, in the result queries of one access device of response, all correspondences are obtained from buffer queue and is closed
System so that the one query of access device can complete multiple Portal certifications, so as to improve Portal certifications
Efficiency.
With reference to the first possible implementation of second aspect or second aspect, at the 4th kind of second aspect
In possible implementation, the management server to the access device returning result inquiry response it
Afterwards, also include:
The management server notifies the device id and the first certification ID to service to the Portal
Device so that the Portal server return authentication results page gives corresponding terminal.
Access device in NAT device Intranet is replaced by the management server in NAT device outer net,
To notify that Portal server which Authorization result is issued, it is possible to reduce access device and Portal server
Between through NAT device interaction times, improve authentication efficiency.
A kind of third aspect, there is provided portal authentication method, is applied to carry out network address translation
In the network of NAT, Portal server obtains the first Authorization result according to the authentication information that terminal is submitted to, with
First Authorization result distinguishes the device identification ID and the first certification ID of corresponding access device;Described
One Authorization result includes certification instruction and authorization message;The Portal server by the first corresponding relation and
The device id is sent to management server preservation, and first corresponding relation includes that described first authorizes knot
Fruit and the first certification ID, so that the access device inquires about first correspondence according to the device id
Relation, and existed between terminal and the Portal server according to first corresponding relation for getting
Portal certifications are completed in the case of NAT device.
With reference to the third aspect, in the first possible implementation of the third aspect, the Portal services
Device obtains the first Authorization result according to the authentication information that terminal is submitted to, corresponding respectively with first Authorization result
Access device device id and the first certification ID, including:
The Portal server receives the terminal by the uniform resource position mark URL of redirection to institute
State the certification request of Portal server initiation;The URL of the redirection is supplied to by the access device
The terminal, the URL of the redirection includes the device id and the first certification ID;
The Portal server return authentication page includes described setting to the terminal, the certification page
Standby ID and the first certification ID;
The Portal server receives the authentication information that the terminal is submitted to, and the authentication information includes described
The equipment that the end message and the certification page that terminal is input on the certification page includes
ID and the first certification ID;
The end message is sent to checking, authorization and accounting aaa server by the Portal server
It is authenticated;
The Portal server receives described that the aaa server is returned based on the end message
One Authorization result;Or, the Portal server receives the aaa server is based on the end message
The authentication result of return, and first Authorization result is generated based on the authentication result;
The Portal server obtains corresponding with the first Authorization result difference from the authentication information
The device id and the first certification ID.
The authentication information that terminal is submitted to is sent to aaa server by Portal server by direct, without
Access device is forwarding, it is possible to reduce pass through between access device and Portal server, aaa server
The interaction times of NAT device.
With reference to the first possible implementation of the third aspect or the third aspect, at second of the third aspect
In possible implementation, in the Portal server by first corresponding relation and the device id
After being sent to management server preservation, also include:
The Portal server receives the device id and described first of the management server notice to be recognized
Card ID;
The Portal server determines the terminal according to the device id and the first certification ID
Address;
The Portal server sends the authentication result page according to the address of the terminal to the terminal.
A kind of fourth aspect, there is provided access device, the access device has to be realized being accessed in said method
The function of equipment behavior.The function can be realized by hardware, it is also possible to be performed by hardware corresponding soft
Part is realized.The hardware or software include one or more modules corresponding with above-mentioned functions.
In a kind of possible implementation, the access device includes transmitter, receiver and processor, institute
State and be connected with each other by bus between transmitter, the receiver and the processor;Wherein
The transmitter, for sending result queries request to management server, in the result queries request
Including the device identification ID of the access device;
The receiver, for receiving the management server result that the result queries request is returned is responded
Inquiry response, result queries response includes the first corresponding relation, and first corresponding relation includes the
One certification ID and the first Authorization result;First corresponding relation is supplied to the pipe by Portal server
Reason server;
The processor, indicates and first certification for the certification in first Authorization result
Whether ID, determine first terminal by Portal certifications, and the mandate letter in first Authorization result
Breath determines whether to forward the HTTP HTTP message of the first terminal, so as to described first
Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
In alternatively possible implementation, the access device includes:
Transmitting element, for sending result queries request to management server, wraps in the result queries request
Include the device identification ID of the access device;
Receiving unit, the result that the result queries request return is responded for receiving the management server is looked into
Response is ask, the result queries response includes the first corresponding relation, and first corresponding relation includes first
Certification ID and the first Authorization result;First corresponding relation is supplied to the management by Portal server
Server;
Processing unit, indicates and the first certification ID for the certification in first Authorization result,
Whether first terminal is determined by Portal certifications, and the authorization message in first Authorization result is true
The HTTP HTTP message for whether forwarding the first terminal is determined, so as in the first terminal
Portal certifications are completed in the case of there is NAT device and the Portal server between.
A kind of 5th aspect, there is provided management server, the management server has to be realized in said method
The function of management server behavior.The function can be realized by hardware, it is also possible to perform phase by hardware
The software answered is realized.The hardware or software include one or more modules corresponding with above-mentioned functions.
In a kind of possible implementation, the management server includes transmitter, receiver and processor,
It is connected with each other by bus between the transmitter, the receiver and the processor;Wherein
The receiver, for receiving the result queries request of access device transmission, the result queries request
Include the device identification ID of the access device;
The processor, for asking according to the result queries, determines the device id corresponding first
Corresponding relation, first corresponding relation includes the first certification ID and the first Authorization result;Described first pair
Should be related to and the management server is supplied to by door Portal server;
The transmitter, for the access device returning result inquiry response, the result queries response
Include first corresponding relation so that the access device according to first corresponding relation in terminal and
Portal certifications are completed in the case of there is NAT device between the Portal server.
In alternatively possible implementation, the access device includes:
Receiving unit, for receiving the result queries request of access device transmission, in the result queries request
Including the device identification ID of the access device;
Processing unit, for asking according to the result queries, determines that the device id is corresponding first pair
Should be related to, first corresponding relation includes the first certification ID and the first Authorization result;First correspondence
Relation is supplied to the management server by door Portal server;
Transmitting element, for the access device returning result inquiry response, in the result queries response
Including first corresponding relation so that the access device according to first corresponding relation in terminal and institute
Stating and Portal certifications are completed in the case of exist between Portal server NAT device.
A kind of 6th aspect, there is provided Portal server, the Portal server has realizes above-mentioned side
The function of Portal server behavior in method.The function can be realized by hardware, it is also possible to by hardware
Perform corresponding software to realize.The hardware or software include one or more moulds corresponding with above-mentioned functions
Block.
In a kind of possible implementation, the Portal server includes transmitter, receiver and processor,
It is connected with each other by bus between the transmitter, the receiver and the processor;Wherein
The receiver, for the authentication information that receiving terminal is submitted to;
The processor, for obtaining the first Authorization result according to the authentication information, authorizes with described first
As a result the device identification ID and the first certification ID of corresponding access device are distinguished;
The transmitter, preserves for the first corresponding relation and the device id to be sent to into management server,
First corresponding relation includes first Authorization result and the first certification ID, so that the access sets
It is standby that first corresponding relation is inquired about according to the device id, and closed according to first correspondence for getting
Tie up to and Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
In alternatively possible implementation, the Portal server includes:
Receiving unit, for the authentication information that receiving terminal is submitted to;
Processing unit, for obtaining the first Authorization result according to the authentication information, with described first knot is authorized
The device identification ID and the first certification ID of the corresponding access device of fruit difference;
Transmitting element, preserves for the first corresponding relation and the device id to be sent to into management server,
First corresponding relation includes first Authorization result and the first certification ID, so that the access sets
It is standby that first corresponding relation is inquired about according to the device id, and closed according to first correspondence for getting
Tie up to and Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
The scheme provided using the application, will be authorized by the Portal server in NAT device outer net
Result cache is being in together in the management server of NAT device outer net, by connecing in NAT device Intranet
Enter equipment and actively obtain Authorization result to management server, solve access device and Portal server, AAA
The problem of Portal certifications cannot be carried out in the case of there are NAT networks between server, and is reduced and is connect
Enter the interaction times between equipment and Portal server, aaa server, improve across NAT networks
Authentication performance under Portal certification scenes.
Description of the drawings
Fig. 1 is networking schematic diagram when there is NAT device between a kind of access device and Portal server;
Fig. 2 is a kind of signal of the system architecture of portal authentication method application provided in an embodiment of the present invention
Figure;
Fig. 3 is a kind of interaction diagrams of portal authentication method provided in an embodiment of the present invention;
Fig. 4 A are a kind of structural representation of access device provided in an embodiment of the present invention;
Fig. 4 B are the structural representation of another kind of access device provided in an embodiment of the present invention;
Fig. 5 A are a kind of structural representation of management server provided in an embodiment of the present invention;
Fig. 5 B are the structural representation of another kind of management server provided in an embodiment of the present invention;
Fig. 6 A are a kind of structural representation of Portal server provided in an embodiment of the present invention;
Fig. 6 B are the structural representation of another kind of Portal server provided in an embodiment of the present invention.
Specific embodiment
In traditional Portal certifications, communication between devices need not move through NAT device, access device and
It is two-way intercommunication between Portal server, between access device and aaa server, but there is NAT
Under the scene of equipment, between access device and Portal server, between access device and aaa server
Two-way intercommunication can not be accomplished.
The networking being illustrated in figure 1 between a kind of access device and Portal server when there is NAT device
Schematic diagram, Intranet of the access device in NAT device, Portal server is located at the outer net of NAT device,
Message between access device and Portal server will be forwarded by NAT device.Connecing in Intranet
Enter equipment actively can be connected with Portal server foundation, but the Portal server in outer net can not be led
Dynamic foundation with access device is connected.
By taking Fig. 1 as an example, service to the Portal positioned at outer net when the access device 1 positioned at Intranet sends message
During device, NAT device can be changed to the message that access device 1 sends, by the source internet protocol of message
View (Internet Protocol, abbreviation IP) address 192.168.1.10 (i.e. the IP address of access device 1)
Be converted to outer net IP address 210.32.122.58 of NAT device, and by the source port of message, for example,
Port numbers are 8000, are converted to a new port, and such as port numbers are 11000, and NAT device meeting
Record port 11000, IP address 210.32.122.58 and port 8000, IP address 192.168.1.10 are reflected
Relation is penetrated, now access device 1 and Portal server establish connection, it is possible to communicated.And such as
Fruit is that the Portal server for being located at outer net actively sends message to the access device 1 positioned at Intranet, and message is only
The outer net IP address of NAT device can be destined to, but now have outer net on NAT device to Intranet
Port and IP address mapping relations, therefore NAT device cannot forward the message to access device 1.
Even if access device is established with Portal server being connected, port and IP address on NAT device is reflected
Penetrate relation also will not long-term existence, if do not had between access device and Portal server in setting time section
Message comes and goes, then mapping relations will be aging, deleted, the message that afterwards Portal server is returned
Will be unable to be sent to again and (be now equivalent to Portal server and actively send report to access device to access device
The situation of text), the communication failure between access device and Portal server.After mapping relations are deleted,
Only access device actively sends message and sets up new mapping relations, Portal server to Portal server
Communication and between access device just can be carried out, and newly-established mapping relations and the last mapping relations set up
It is not necessarily identical.
For the scene for having NAT device between this access device and Portal server, aaa server,
In order to solve the problems, such as two-way intercommunication, it may be considered that in access device and Portal server, aaa server
Between set up the long connection of transmission control protocol (Transmission Control Protocol, abbreviation TCP).
So-called TCP length connection, does not have even if representing between access device and Portal server, aaa server
During the message of transmission in need, the TCP length connection also will not be interrupted.The passage connected by TCP length,
Portal server and aaa server can send message to access device at any time.But in order to ensure TCP
Long connection is not interrupted, and access device is needed periodically by the passage of TCP length connection to Portal server
Heartbeat message is sent with aaa server, to ensure that the port and IP address that store on NAT device are reflected
Penetrate relation not to be deleted.Setting up the mode of TCP length connection needs to take with Portal server and AAA always
Business device keeps connection, can consume the memory source and port resource of Portal server and aaa server.
A kind of portal authentication method is embodiments provided, by the Portal server positioned at outer net
Authorization result is buffered in the management server for being located on outer net, from the access device in Intranet actively to
Management server obtains Authorization result, solves between access device and Portal server, aaa server
Cannot complete Portal certifications in the case of there is NAT device, and reduce access device and
Interaction times between Portal server, aaa server, improve communication between devices need through
The authentication performance of the Portal certifications under NAT device scene.Compare access device and Portal server,
TCP length is set up between aaa server and connects this mode, reduced to Portal server and AAA
The memory source of server and the consumption of port resource.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is a part of embodiment of the invention, rather than all
Embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative labor
The every other embodiment obtained under the premise of dynamic, belongs to the scope of protection of the invention.
Portal authentication method provided in an embodiment of the present invention, is applied in the system shown in Fig. 2, the system
Including terminal, access device, NAT device, management server, Portal server and aaa server,
Wherein,
Terminal, also referred to as user equipment (User Equipment, abbreviation UE), terminal can be moved
Mobile phone, computer or vehicle-mounted mobile etc..Terminal do not pass through Portal certifications before, by clear
Device of looking at accesses external network, and the certification page of Portal server, terminal can be redirected to by access device
Account and password are input on certification page carries out Portal certifications, after by Portal certifications, you can
It is normal to access external network.
Access device, is the network equipment that terminal is connected to network, can be the hardware such as switch, router
Equipment, for the HTTP message not sent by the terminal of Portal certifications to be redirected to into Portal services
Device carries out authentication, the Authorization result of institute's management terminal is obtained, according to the Authorization result for getting to terminal
Authorized.
NAT device, can be plugged on access device, or autonomous device, terminal and access device
Positioned at the Intranet of NAT device, management server, Portal server and aaa server set positioned at NAT
Standby outer net.
Management server, for preserving the Authorization result of Portal server offer, and sets access is received
Device identification (Identifier, the abbreviation ID) correspondence with the access device is returned when standby result queries are asked
Authorization result, under can also notifying the Authorization result of terminal under Portal server which access device
Send out.
Portal server, for showing the certification letter that certification page, receiving terminal are input on certification page
Breath, the authentication information of reception is transmitted directly to into aaa server carries out terminal identity certification, and will authorize
As a result management server preservation is sent to, and is receiving the notice that management server Authorization result has been issued
When return authentication results page to the corresponding terminal of Authorization result for having issued.
Aaa server, the information for having all terminals, for terminal identity certification.Aaa server has
Polytype, conventional aaa server have Active Directory (Active Directory, AD) server,
LDAP (Lightweight Directory Access Protocol, LDAP) server,
Radius server etc..
In the embodiment of the present invention, management server, Portal server and aaa server may be incorporated in one
On individual physical server, it is also possible to separately deployment.
Management server and Portal server are separately disposed, it is possible to reduce the company of access device and outer net equipment
Connect.Because Portal server there may be multiple stage, if the function of management server is by Portal server reality
Existing, i.e., management server and Portal server merge deployment, then need on every Portal server all
Deployment management server, access device is also required to connect multiple stage Portal server.And if management server and
Portal server is separately disposed, then can be connect by management server unification connection multiple stage Portal server
Enter equipment to only need to be connected with management server.
In addition, management server and Portal server are separately disposed, can also avoid exposing access device
Interface.Reason is, if management server and Portal server merge deployment, when Portal server by
Third party then needs to open the interface of access device to third-party Portal server when providing, in order to the
The Portal server of tripartite knows the interface protocol of access device, and then interacts with access device.And if managing
Reason server and Portal server are separately disposed, due to not requiring that access device and Portal server do right
Connect, therefore the interface of access device can be shielded to Portal server, in addition this mode is also reduced and connect
Enter the coupling between equipment and Portal server.
Fig. 3 show the interaction diagrams of portal authentication method provided in an embodiment of the present invention, methods described
In may be applicable to the network for carry out NAT, methods described includes:
S301:Access device receives the HTTP message from the first terminal for not passing through Portal certifications.
Wherein, the HTTP message is sent by the first terminal when arbitrary webpage is accessed.
In practical application, the row for having a terminal that have recorded by Portal certifications are generally safeguarded on access device
Table, access device after HTTP message is received, by the terminal that judges to send the HTTP message whether
Determine the terminal for sending the HTTP message whether by Portal certifications in list.
S302:The access device sends URL (the Uniform Resource for redirecting
Locator, abbreviation URL) give the first terminal.
In the embodiment of the present invention, the access device returns to the URL of the redirection of the first terminal
In include the access device device id and based on the first terminal address generate the first certification
ID。
Follow-up Portal server carries out Portal certifications to the first terminal and sends out to the management server
When sending the first Authorization result, will be first Authorization result together with the device id and first certification
ID sends jointly to management server.
The management server according to the corresponding device id of Authorization result, can distinguish each Authorization result should under
Which access device issued.The device id can be the media interviews of access device described in energy unique mark
Control (Media Access Control, abbreviation MAC) address or the numbering of access device.
Certification ID is used to identify Portal certifications each time.The Portal certifications that different terminals are initiated, generate
Certification ID be different.The multiple Portal certifications that same terminal is initiated, the certification ID for generating each time
It is also different, can so increases the security of certification, prevents someone from intercepting and capturing the mandate before certain terminal
As a result, and by the Authorization result intercepted and captured carry out counterfeit certification.Certification ID is generated by the access device that terminal connects,
Can be generated according to the address of terminal;For example, it may be the MAC Address of terminal and random number and value,
Or can be the IP address and random number and value of terminal, or can be the MAC Address to terminal and
Random number and value do the value obtained after Hash operation, or can also be the IP address to terminal with it is random
Several and value does the value obtained after Hash operation.
As follows is the URL examples of a redirection:
http://portalserver/portalDeviceid=a123c56312bd&authid=ab238463c523
Wherein, deviceid=a123c56312bd represents device id, and authid=ab238463c523 is represented and recognized
Card ID.
S303:The first terminal initiates certification according to the URL of the redirection to Portal server please
Ask.
S304:The Portal server is received after the certification request of the first terminal, to described first
The terminal return authentication page.
In the embodiment of the present invention, will be including above-mentioned redirection in the certification page that the Portal server is returned
The device ids of the access device that include of URL and the first certification ID.The device id and
The first certification ID may be stored in the hiding field of certification page, be not terminal finding.
S305:The first terminal input the end messages such as user name, password on certification page.
S306:The first terminal submits authentication information to the Portal server, the authentication information bag
Including end message and the certification page that the first terminal is input on the certification page includes
The device id and the first certification ID.
S307:End message in the authentication information is sent to AAA services by the Portal server
Device is authenticated.
In the embodiment of the present invention, end message is directly sent to aaa server by Portal server, is not required to
To forward through access device, so can reduce access device and Portal server, aaa server it
Between through NAT device interaction times.
For different types of aaa server, Portal server sends terminal letter using different agreements
Breath, for example, if aaa server is Radius servers, Portal server is assisted using Radius
View, if aaa server is AD servers, Portal server adopts AD agreements, if AAA
Server is ldap server, then Portal server adopts ldap protocol.
S308:The aaa server determines the first Authorization result of the first terminal according to authentication result.
An Authorization result mapping table can be safeguarded on aaa server, the Authorization result mapping table is used for
The terminal for indicating different IP addresses passes through in certification or which type of should issue in the case that certification does not pass through
Authorization result.
In the embodiment of the present invention, Authorization result includes that certification is indicated, whether Portal is passed through for instruction terminal
Certification.Optionally, authorization message is also included in the Authorization result, for the IP that instruction terminal is able to access that
Address realm.Certainly, terminal unrestricted can also access any IP address.Access device is based on and awards
Power result is able to decide whether the HTTP message that forwarding terminal sends.
S309:First Authorization result is returned to the Portal server by the aaa server.
Optionally, in another embodiment of the invention, the Authorization result mapping table can be taken by Portal
It is engaged in device to safeguard, the authentication result of terminal is directly sent to Portal server by aaa server, by Portal
The authentication result that server is returned according to aaa server is determining the Authorization result of terminal.
S310:The Portal server by first Authorization result, and with first Authorization result
Respectively the device id of the corresponding access device and the first certification ID send jointly to management server
Preserve.
The Portal server can obtain right respectively with first Authorization result from the authentication information
The device id answered and the first certification ID.
Optionally, in another embodiment of the invention, Portal server can be by the device id and institute
State the first certification ID and connect end message and be together sent to aaa server, and by aaa server it is determined that
After first Authorization result, directly by first Authorization result, the device id and described first is recognized
Card ID is sent to management server preservation.
In the embodiment of the present invention, the management server can be stored according to device id to Authorization result packet.
The management server typically can be, but not limited to store Authorization result by the form of buffer queue, for example also
Authorization result can be stored by the form of form, the embodiment of the present invention is said by taking buffer queue as an example
It is bright, do not constitute limitation of the invention.
The management server is receiving first Authorization result, device id and the first certification ID
Afterwards, if the queue ID that there is the first buffer queue is identical with the device id, the management server will
First Authorization result and the first certification ID, i.e. the first corresponding relation are stored in the first caching team
Row.The buffer queue be used to preserving it is receiving from Portal server or aaa server but also not under
Issue the information such as Authorization result, device id and the certification ID of access device.If there is no first caching
Queue, then the management server the first buffer queue is set, the queue ID of first buffer queue is
The device id, and by first Authorization result and the first certification ID, i.e., described first correspondence is closed
System is stored in together in first buffer queue.
Alternatively, can also be by the device id and first corresponding relation (first Authorization result
With the first certification ID) it is collectively stored in buffer queue.
S311:The access device to the management server sends result queries request, the result queries
Request includes the device id of the access device.
Optionally, the result queries request can be authorized dedicated for obtaining by what proprietary protocol was defined
As a result message.
Optionally, in another embodiment, if access device on startup just with the management server set up
The connection of TCP length, then the management server can preserve and it establishes setting for the access device of connection
The information of standby ID, the such as corresponding relation of the device id of the IP address of access device and access device, it is described
Management server can determine the access according to the IP address of the access device for sending the result queries request
The equipment that can not also include the access device in the device id of equipment, therefore result queries request
ID。
Optionally, access device described in the embodiment of the present invention can be being received from the first terminal
After HTTP message, if the not actuated timer that the result queries request is sent for triggering, described
Access device starts the timer.If having been turned on the timer, then it represents that access device is receiving
Before stating the HTTP message of first terminal, also have received another not by the second terminal of Portal certifications
HTTP message and start the timer, then access device is without the need for repeated priming timer.
If the timer expiry, trigger the access device and send the result queries to management server
Request.Because result queries ask actively to be initiated by the access device in NAT device Intranet, therefore tie
Fruit inquiry request can be forwarded to management server, and connection is established between access device and management server can
With proper communication, need under the scene of NAT device, positioned at NAT so as to solve communication between devices
The Portal server of equipment outer net issues Authorization result without the access device that normal direction is located at NAT device Intranet
Problem.
Optionally, in the embodiment of the present invention after the expiry of the timer, the access device can be deleted
The timer, it is also possible to which reset the timer and reclocking.
That is, timer can be periodic, or disposable described in the embodiment of the present invention.
During peak period, access device can be considered as periodic timer, in non-peak period, access device
Disposable timer can be considered as.In practical application, the cycle of periodic timer can be set
It is set to the 2-3 seconds.
S312:The management server is received after the result queries request of the access device, according to
The result queries request, determines that the device id that the result queries request includes is corresponding first pair
Should be related to, first corresponding relation includes the first certification ID and first Authorization result.
Optionally, management server can first determine that the result queries request includes in the embodiment of the present invention
Access device device id, or the equipment for being to determine the access device for sending result queries request
ID, then according to the device id determined, determines that first buffer queue, i.e. queue ID are described true
The buffer queue of the device id made, and first corresponding relation is obtained from first buffer queue.
In the embodiment of the present invention, the management server is determining first caching according to the device id
After queue, all corresponding relations in first buffer queue, including first correspondence can also be obtained
Relation and the second corresponding relation, second corresponding relation includes the second certification ID and the second Authorization result,
The second certification ID is different with the first certification ID.Correspondingly, manage described in follow-up S313
In the result queries response that reason server is returned in addition to including first corresponding relation, will also be including institute
The second corresponding relation is stated, so described access device, just can be once by sending a result queries request
Property gets the Authorization result of multiple terminals that the access device is managed.
S313:The management server is to the access device returning result inquiry response, the result queries
Response includes first corresponding relation.
In the embodiment of the present invention, except including described first in the result queries response that the access device is received
Corresponding relation, i.e., outside described first Authorization result and the first certification ID, can also include other many
The Authorization result of the Authorization result of individual terminal and the plurality of terminal distinguishes corresponding certification ID, wherein, it is described
The corresponding certification ID of Authorization result of multiple terminals is different.Optionally, in the result queries response
The Authorization result that the plurality of terminal can also be included distinguishes corresponding device id, wherein, the plurality of terminal
The corresponding device id of Authorization result be identical.
The all corresponding relations included in first buffer queue are sent to into institute in the management server
After stating access device, the management server will delete first buffer queue, will have been issued to connect
The corresponding relation for entering equipment is deleted from the management server.
Optionally, in the embodiment of the present invention, can return to the access device in the management server and tie
After fruit inquiry response, the Authorization result correspondence of the access device will be handed down to by the management server
The device id and the first certification ID directly notify the Portal server, connect so as to reduce
Enter between equipment and Portal server, aaa server through the interaction times of NAT device.
Because when terminal is connected to Portal server by the URL for redirecting, terminal and Portal are serviced
The short connection of TCP is established between device, short being connected in setting time of the TCP can be always maintained at
Until Portal server is short to TCP during terminal by the passage returned packet of the short connections of the TCP
Connection will be switched off;The equipment that the URL of address and the redirection that Portal server can record terminal includes
The corresponding relation of ID and certification ID, therefore, Portal server is receiving what the management server was notified
After the device id and the first certification ID, can according to the device id and the first certification ID,
The address of corresponding terminal is determined, and based on the short connections of TCP between Portal server and the terminal
Passage, according to the address of the terminal for determining, sends the authentication result page, to notify to the terminal
The flow process for stating terminal its Portal certification terminates.
S314:The access device receives the management server and responds the upper of the result queries request return
After stating result queries response, the certification in first Authorization result is indicated and the first certification ID,
Whether the first terminal is determined by Portal certifications, and the mandate letter in first Authorization result
Breath determines whether to forward the HTTP message of the first terminal, so as in the first terminal and the Portal
Portal certifications are completed in the case of there is NAT device between server.
In the embodiment of the present invention, the access device, can be with when the address based on terminal generates certification ID
Preserve the certification ID for generating;Subsequently received result queries response, access device is wrapped during result queries are responded
The certification ID for including, the certification ID preserved with the access device compares.If the access device is preserved
Certification ID in there are a certification ID and result queries to respond the 3rd certification ID for including consistent, then
The authentication result that can be included according to corresponding 3rd Authorization results of the 3rd certification ID is determining described
Whether, by certification, further, access device can be according to the described 3rd for the terminal that three certification ID are characterized
The IP address range that the terminal of Authorization result defined can be accessed, it is determined whether forward the terminal to send
HTTP message.Access device is to deleting the preserve on access device the described 3rd after the authorization terminal
Certification ID.
If there is no any one certification ID in the certification ID that the access device is preserved to respond with result queries
The 4th certification ID for including is consistent, then show that corresponding 4th Authorization results of the 4th certification ID are imitative
Emit, access device can ignore the 4th Authorization result.
If there is no any one certification ID in the certification ID that result queries response includes to set with the access
Standby the 5th certification ID for preserving is consistent, then show that the access device does not also receive the 5th certification ID
Corresponding Authorization result, the access device continues to preserve the 5th certification ID.
Based on the portal authentication method that above-described embodiment is provided, the embodiment of the present invention provides a kind of access device
400, for realizing above-mentioned portal authentication method in access device function, as shown in Figure 4 A, access sets
Standby 400 include transmitter 401, receiver 402 and processor 403, wherein, the transmitter 401, institute
State and be connected with each other by bus 404 between receiver 402 and the processor 403.
The transmitter 401, for sending result queries request to management server, the result queries please
Asking includes the device id of the access device.
The receiver 402, responds what the result queries request was returned for receiving the management server
Result queries are responded, and the result queries response includes the first corresponding relation, the first corresponding relation bag
Include the first certification ID and the first Authorization result;First corresponding relation is supplied to institute by Portal server
State management server.
The processor 403, indicates for the certification in first Authorization result and described first recognizes
Card ID, determines whether first terminal passes through Portal certifications, and the mandate in first Authorization result
Information determines whether the HTTP message for forwarding the first terminal, so as in the first terminal and described
Portal certifications are completed in the case of there is NAT device between Portal server.
The access device 400 also connects respectively the management server and the end including some communication interfaces
End.
Optionally, before the transmitter 401 sends result queries request to management server, the place
Reason device 403 is additionally operable to:If the not actuated timer that the result queries request is sent for triggering, starts
The timer.
Optionally, the transmitter 401 sends result queries request to management server, specifically includes:If
The timer expiry, then the transmitter 401 is to the management server transmission result queries request.
Optionally, after the expiry of the timer, the processor 403 is additionally operable to:Delete the timing
Device;Or, the reset timer and reclocking.
Optionally, it is described to connect before the transmitter 401 sends result queries request to management server
Receive device 402 to be additionally operable to:Receive the HTTP message from the first terminal for not passing through Portal certifications.
Accordingly, the transmitter 401 is additionally operable to, and sends the URL for redirecting to the first terminal so that
The first terminal initiates certification request according to the URL of the redirection to Portal server, so that institute
Stating Portal server carries out Portal certifications to the first terminal and provides described to the management server
First corresponding relation;The URL of the redirection includes the device id and the first certification ID.
Optionally, the second corresponding relation is also included in the result queries request that the receiver 402 is received,
Second corresponding relation includes the second certification ID and the second Authorization result;The second certification ID with it is described
First certification ID is different.
Optionally, the device id is the MAC Address or numbering of access device described in energy unique mark.
Optionally, the first certification ID is given birth to by the processor 403 according to the address of the first terminal
It can be the MAC Address and random number and value of the first terminal into, such as the first certification ID;
Or, the first certification ID can be the IP address and random number and value of the first terminal;Or, institute
State the first certification ID can be the MAC Address to the first terminal with random number and value do Hash fortune
The value obtained after calculation;Or, the first certification ID can be the IP address to the first terminal with it is random
Several and value does the value obtained after Hash operation.
The processor 403 can be general processor, including central processing unit (Central Processing
Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;Can also be
Digital signal processor (Digital Signal Processing, abbreviation DSP), special IC
(Application Specific Integrated Circuit, abbreviation ASIC), field programmable gate array (Field
- Programmable Gate Array, abbreviation FPGA) or other PLDs etc..
When the processor 403 is CPU, the access device 400 can also include:Memory, uses
In storage program.Specifically, program can include program code, and described program code includes computer operation
Instruction.Memory may include random access memory (random access memory, abbreviation RAM),
It is likely to also include nonvolatile memory (non-volatile memory), for example, at least one disk is deposited
Reservoir.The processor 403 performs the program code stored in the memory, realizes above-mentioned functions.
The embodiment of the present invention also provides a kind of access device 4000, for realizing above-mentioned portal authentication method in
The function of access device.As shown in Figure 4 B, the access device 4000 includes transmitting element 4001, connects
Receive unit 4002 and processing unit 4003;Wherein
The transmitting element 4001, for sending result queries request, the result queries to management server
Request includes the device id of the access device.
The receiving unit 4002, for receiving the management server result queries request return is responded
Result queries response, result queries response includes the first corresponding relation, first corresponding relation
Including the first certification ID and the first Authorization result;First corresponding relation is supplied to by Portal server
The management server.
The processing unit 4003, indicates and described first for the certification in first Authorization result
Certification ID, determines whether first terminal passes through Portal certifications, and awarding in first Authorization result
Power information determines whether the HTTP message for forwarding the first terminal, so as in the first terminal and described
Portal certifications are completed in the case of there is NAT device between Portal server.
It should be noted that the transmitting element 4001 can also carry out the transmitter 401 shown in Fig. 4 A
Other performed operations, the receiving unit 4002 can also carry out the receiver 402 shown in Fig. 4 A
Other performed operations, the processing unit 4003 can also carry out the processor 403 shown in Fig. 4 A
Other performed operations.For sake of simplicity, will not be described here.
Based on the portal authentication method that above-described embodiment is provided, the embodiment of the present invention provides a kind of management service
Device 500, for realizing above-mentioned portal authentication method in access device function, as shown in Figure 5A, pipe
Reason server 500 includes transmitter 501, receiver 502 and processor 503, wherein, the transmitter
501st, receiver 502 and processor 503 are connected with each other by bus 504.
The receiver 502, for receiving the result queries request of access device transmission, the result queries
Request includes the device id of the access device.
The processor 503, for asking according to the result queries, determines the device id corresponding the
One corresponding relation, first corresponding relation includes the first certification ID and the first Authorization result;Described first
Corresponding relation is supplied to the management server by Portal server.
The transmitter 501, for the access device returning result inquiry response, the result queries
Response includes first corresponding relation so that the access device according to first corresponding relation at end
Portal certifications are completed in the case of there is NAT device between end and the Portal server.
The management server 500 also connects respectively the access device and described including some communication interfaces
Portal server.
Optionally, it is described before the receiver 502 receives the result queries request that access device sends
Receiver 502 is additionally operable to, and receives the device id that the Portal server is provided, and described first authorizes
As a result with the first certification ID.
The processor 503 is additionally operable to, by first corresponding relation, i.e., described first Authorization result and institute
The first certification ID is stated, the first buffer queue is stored in, the queue ID of first buffer queue is the equipment
ID。
Optionally, the processor 503 is determining the device id correspondence according to result queries request
The first corresponding relation when, specifically include:According to the device id, first buffer queue is determined, from
First corresponding relation is obtained in first buffer queue.
Optionally, the processor 503 is determining the device id correspondence according to result queries request
The first corresponding relation when, specifically include:According to the device id, first buffer queue is determined;Obtain
The all corresponding relations in first buffer queue are taken, including first corresponding relation and the second correspondence are closed
System, second corresponding relation includes the second certification ID and the second Authorization result, the second certification ID
It is different with the first certification ID;Correspondingly, the result queries that the transmitter 501 is returned
Also include second corresponding relation in response.
In the transmitter 501 to after the access device returning result inquiry response, the processor
503 are additionally operable to:Delete first buffer queue.
Optionally, it is described in the transmitter 501 to after the access device returning result inquiry response
Transmitter 501 is additionally operable to:The device id and the first certification ID are notified to service to the Portal
Device so that the Portal server return authentication results page gives corresponding terminal.
The processor 503 can be general processor, including central processing unit, network processing unit etc.;Also
Can be digital signal processor, special IC, field programmable gate array or other programmable patrol
Collect device etc..
When the processor 503 is CPU, the management server 500 can also include:Memory,
For storage program.Specifically, program can include program code, and described program code is grasped including computer
Instruct.Memory may include random access memory, it is also possible to also including nonvolatile memory, example
Such as at least one magnetic disc store.The processor 503 performs the program code stored in the memory,
Realize above-mentioned functions.
The embodiment of the present invention also provides a kind of management server 5000, for realizing above-mentioned portal authentication method
The function of middle management server.As shown in Figure 5 B, the management server 5000 include transmitting element 5001,
Receiving unit 5002 and processing unit 5003;Wherein
The receiving unit 5002, for receiving the result queries request of access device transmission, the result is looked into
Asking request includes the device id of the access device.
The processing unit 5003, for asking according to the result queries, determines the device id correspondence
The first corresponding relation, first corresponding relation includes the first certification ID and the first Authorization result;It is described
First corresponding relation is supplied to the management server by door Portal server.
The transmitting element 5001, for the access device returning result inquiry response, the result to be looked into
Asking response includes first corresponding relation, so that the access device exists according to first corresponding relation
Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
It should be noted that transmitting element 5001 can also carry out the transmitter 501 shown in Fig. 5 A being held
Other capable operations, receiving unit 5002 can also carry out performed by the receiver 502 shown in Fig. 5 A
Other operations, processing unit 5003 can also carry out other performed by the processor 503 shown in Fig. 5 A
Operation.For sake of simplicity, will not be described here.
Based on the portal authentication method that above-described embodiment is provided, the embodiment of the present invention provides a kind of Portal clothes
Business device 600, for realizing above-mentioned portal authentication method in Portal server function, as shown in Figure 6A,
Portal server 600 includes transmitter 601, receiver 602 and processor 603, wherein, the transmission
Connected by bus 604 between device 601, the receiver 602 and the processor 603.
The receiver 602, for the authentication information that receiving terminal is submitted to.
The processor 603, for obtaining the first Authorization result according to the authentication information, with described first
Authorization result distinguishes the device id and the first certification ID of corresponding access device.
The transmitter 601, protects for the first corresponding relation and the device id to be sent to into management server
Deposit, first corresponding relation includes first Authorization result and the first certification ID, connects so as to described
Enter equipment and first corresponding relation is inquired about according to the device id, and according to described first pair for getting
Should be related to that completing Portal in the case of there is NAT device between terminal and the Portal server recognizes
Card.
The Portal server 600 also includes that some communication interfaces connect the management server and the end
End.
Optionally, the first Authorization result is obtained in the processor 603, with first Authorization result difference
Before the device id of corresponding access device and the first certification ID, the receiver 602 is additionally operable to:Receive
The certification request that the terminal is initiated by the URL for redirecting to the Portal server, it is described to reset
To URL be supplied to the URL of the terminal, the redirection to include described setting by the access device
Standby ID and the first certification ID.
Accordingly, the transmitter 601 is additionally operable to, and the return authentication page gives the terminal, the authentication page
Face includes the device id and the first certification ID.
Accordingly, the receiver 602 is additionally operable to, and receives the authentication information that the terminal is submitted to, described to recognize
Card information is included in the end message that the terminal is input on the certification page and the certification page
Including the device id and the first certification ID.
Accordingly, the transmitter 601 is additionally operable to, and the end message is sent to into aaa server and is entered
Row certification.
Optionally, the processor 603 is obtaining the first Authorization result and first Authorization result difference
When the device id of corresponding access device and the first certification ID, specifically include:Obtain the receiver 602
First Authorization result that the aaa server for receiving is returned based on the end message, or obtain
The authentication result that the aaa server that the receiver 602 is received is returned based on the end message,
And first Authorization result is generated based on the authentication result;Obtain from the authentication information and described
One Authorization result distinguishes the corresponding device id and the first certification ID.
Optionally, first corresponding relation and the device id are sent to into pipe in the transmitter 601
After reason server is preserved, the receiver 602 is additionally operable to:Receive the described of the management server notice
Device id and the first certification ID.
The optional processor 603 is additionally operable to, according to the device id and the first certification ID, really
The address of the fixed terminal.
Optionally, the transmitter 601 is additionally operable to, and according to the address of the terminal, sends to the terminal
The authentication result page.
The processor 603 can be general processor, including central processing unit, network processing unit etc.;Also
Can be digital signal processor, special IC, field programmable gate array or other programmable patrol
Collect device etc..
When the processor 603 is CPU, the Portal server 600 can also include:Memory,
For storage program.Specifically, program can include program code, and described program code is grasped including computer
Instruct.Memory may include random access memory, it is also possible to also including nonvolatile memory, example
Such as at least one magnetic disc store.The processor 603 performs the program code stored in the memory,
Realize above-mentioned functions.
The embodiment of the present invention also provides a kind of Portal server 6000, for realizing above-mentioned Portal authenticating parties
The function of Portal server in method.As shown in Figure 6B, the Portal server 6000 includes sending single
Unit 6001, receiving unit 6002 and processing unit 6003;Wherein
The receiving unit 6002, for the authentication information that receiving terminal is submitted to.
The processing unit 6003, for obtaining the first Authorization result according to the authentication information, with described the
One Authorization result distinguishes the device identification ID and the first certification ID of corresponding access device.
The transmitting element 6001, for the first corresponding relation and the device id to be sent to into management service
Device is preserved, and first corresponding relation includes first Authorization result and the first certification ID, with toilet
State access device and first corresponding relation is inquired about according to the device id, and according to described for getting
One corresponding relation completes Portal in the case of there is NAT device between terminal and the Portal server
Certification.
It should be noted that processing unit 6003 can also carry out the processor 603 shown in Fig. 6 A being held
Other capable operations, transmitting element 6001 can also carry out performed by the transmitter 601 shown in Fig. 6 A
Other operations, receiving unit 6002 can also carry out other performed by the receiver 602 shown in Fig. 6 A
Operation.For sake of simplicity, will not be described here.
In sum, using technical scheme provided in an embodiment of the present invention, will be authorized by Portal server
As a result preserve on the management server, from the access device positioned at Intranet actively to the management service positioned at outer net
Device obtains Authorization result, solves and have between access device and Portal server, aaa server NAT
The problem of Portal certifications cannot be completed in the case of equipment.And technical scheme provided in an embodiment of the present invention
The interaction times between access device and Portal server, aaa server can be effectively reduced, for example,
Assume that each access device has the terminal access authentication of 50 times peak period is per second, according to above-mentioned steps one to
The Portal certificate schemes of step 10, each certification needs access device and Portal server, AAA services
Have between device and interact twice, interaction is shown in above-mentioned steps three and step 4, and step 6 and step 8,
6000 interactions are needed between access device so per minute and Portal server, aaa server;And
Using new flow process provided in an embodiment of the present invention, if the cycle of timer be set to 2 seconds, access
It is per minute between equipment and Portal server, management server to only need to 30 interactions, total interaction time
Number only has one of two percentages of tradition Portal certificate schemes.It is reduced to only have if each access device is per second
The terminal access authentication of 0.25 time, reaches according to the traditional Portal certificate schemes described in step one to step 10
Interaction times just maintain an equal level with the interaction times reached using the scheme of the embodiment of the present invention.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot
Close the form of the embodiment in terms of software and hardware.And, the present invention can be adopted and wherein wrapped at one or more
Computer non-volatile memory medium (including but not limited to disk storage containing computer usable program code
Device, CD-ROM, optical memory etc.) on implement computer program form.
The present invention is produced with reference to method according to embodiments of the present invention, equipment (system) and computer program
The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/
Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, embedded
The processor of formula processor or other programmable data processing devices is producing a machine so that by calculating
The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one
The device of the function of specifying in individual flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas process to set
In the standby computer-readable memory for working in a specific way so that in being stored in the computer-readable memory
Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart
The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing devices, made
Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place
Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
Those skilled in the art can carry out various changes and modification without deviating from this to the embodiment of the present invention
The scope of inventive embodiments.So, if these modifications of the embodiment of the present invention and modification belong to power of the present invention
Within the scope of profit requirement and its equivalent technologies, then the present invention is also intended to comprising these changes and modification.
Claims (22)
1. a kind of door portal authentication method, is applied to carry out the network of network address translation NAT
In, it is characterised in that methods described includes:
Access device to management server sends result queries request, and the result queries request includes described
The device identification ID of access device;
The access device receives the result of the management server response result queries request return and looks into
Response is ask, the result queries response includes the first corresponding relation, and first corresponding relation includes first
Certification ID and the first Authorization result;First corresponding relation is supplied to the management by Portal server
Server;
Certification instruction and the first certification ID of the access device in first Authorization result, really
Whether first terminal is determined by Portal certifications, and the authorization message in first Authorization result determines
Whether forward the HTTP HTTP message of the first terminal, so as in the first terminal and
Portal certifications are completed in the case of there is NAT device between the Portal server.
2. the method for claim 1, it is characterised in that in the access device to management service
Device is sent before result queries request, is also included:
The access device receives the HTTP message from the first terminal for not passing through Portal certifications;
The access device sends the uniform resource position mark URL for redirecting to the first terminal so that
The first terminal initiates certification request according to the URL of the redirection to the Portal server, with
The Portal server is set Portal certifications to be carried out to the first terminal and is provided to the management server
First corresponding relation;The URL of the redirection includes the device id and the first certification ID.
3. method as claimed in claim 2, it is characterised in that also include in the result queries response
Second corresponding relation, second corresponding relation includes the second certification ID and the second Authorization result;Described
Two certification ID are different with the first certification ID.
4. the method as described in any one in claim 1-3, it is characterised in that the device id is
The MAC address or numbering of access device described in unique mark.
5. the method as described in any one in claim 1-4, it is characterised in that first certification
Addresses of the ID based on the first terminal generates, and is
The MAC Address of the first terminal and random number and value;Or
The internet protocol address of the first terminal and random number and value;Or
MAC Address and random number and value to the first terminal does the value obtained after Hash operation;Or
IP address and random number and value to the first terminal does the value obtained after Hash operation.
6. a kind of door portal authentication method, is applied to carry out the network of network address translation NAT
In, it is characterised in that methods described includes:
Management server receives the result queries request that access device sends, and the result queries request includes
The device identification ID of the access device;
The management server is asked according to the result queries, determines that the device id is corresponding first pair
Should be related to, first corresponding relation includes the first certification ID and the first Authorization result;First correspondence
Relation is supplied to the management server by Portal server;
The management server to the access device returning result inquiry response, in the result queries response
Including first corresponding relation so that the access device according to first corresponding relation in terminal and institute
Stating and Portal certifications are completed in the case of exist between Portal server NAT device.
7. method as claimed in claim 6, it is characterised in that receive in the management server and access
Before the result queries request that equipment sends, also include:
The management server receives the device id that the Portal server provides and described first pair
Should be related to, first corresponding relation is stored in into the first buffer queue, the queue ID of first buffer queue
For the device id.
8. method as claimed in claim 7, it is characterised in that
The management server is asked according to the result queries, determines that the device id is corresponding first pair
Should be related to, including:
The management server determines first buffer queue according to the device id;
Obtain all corresponding relations in first buffer queue, including first corresponding relation and second
Corresponding relation, second corresponding relation includes the second certification ID and the second Authorization result, described second
Certification ID is different with the first certification ID;
Correspondingly, second corresponding relation is also included in the result queries response.
9. a kind of door portal authentication method, is applied to carry out the network of network address translation NAT
In, it is characterised in that methods described includes:
Portal server obtains the first Authorization result according to the authentication information that terminal is submitted to, awards with described first
Power result distinguishes the device identification ID and the first certification ID of corresponding access device;First Authorization result
Include certification instruction and authorization message;
First corresponding relation and the device id are sent to management server and are preserved by the Portal server,
First corresponding relation includes first Authorization result and the first certification ID, so that the access sets
It is standby that first corresponding relation is inquired about according to the device id, and closed according to first correspondence for getting
Tie up to and Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
10. method as claimed in claim 9, it is characterised in that the Portal server is according to terminal
The authentication information of submission obtains the first Authorization result, with the corresponding access device of the first Authorization result difference
Device id and the first certification ID, including:
The Portal server receives the terminal by the uniform resource position mark URL of redirection to institute
State the certification request of Portal server initiation;The URL of the redirection is supplied to by the access device
The terminal, the URL of the redirection includes the device id and the first certification ID;
The Portal server return authentication page includes described setting to the terminal, the certification page
Standby ID and the first certification ID;
The Portal server receives the authentication information that the terminal is submitted to, and the authentication information includes described
The equipment that the end message and the certification page that terminal is input on the certification page includes
ID and the first certification ID;
The end message is sent to checking, authorization and accounting aaa server by the Portal server
It is authenticated;
The Portal server receives described that the aaa server is returned based on the end message
One Authorization result;Or, the Portal server receives the aaa server is based on the end message
The authentication result of return, and first Authorization result is generated based on the authentication result;
The Portal server obtains corresponding with the first Authorization result difference from the authentication information
The device id and the first certification ID.
11. methods as described in claim 9 or 10, it is characterised in that in the Portal server
First corresponding relation and the device id are sent to after management server preservation, are also included:
The Portal server receives the device id and described first of the management server notice to be recognized
Card ID;
The Portal server determines the terminal according to the device id and the first certification ID
Address;
The Portal server sends the authentication result page according to the address of the terminal to the terminal.
12. a kind of access device, it is characterised in that include:
Transmitter, for sending result queries request to management server, the result queries request includes
The device identification ID of the access device;
Receiver, for receiving the management server result queries that the result queries request is returned are responded
Response, the result queries response includes the first corresponding relation, and first corresponding relation is recognized including first
Card ID and the first Authorization result;First corresponding relation is supplied to the management clothes by Portal server
Business device;
Processor, indicates and the first certification ID, really for the certification in first Authorization result
Whether first terminal is determined by Portal certifications, and the authorization message in first Authorization result determines
Whether forward the HTTP HTTP message of the first terminal, so as in the first terminal and
Portal certifications are completed in the case of there is NAT device between the Portal server.
13. access devices as claimed in claim 12, it is characterised in that in the transmitter to management
Server is sent before result queries request,
The receiver is additionally operable to, and receives the HTTP from the first terminal for not passing through Portal certifications
Message;
The transmitter is additionally operable to, and sends the uniform resource position mark URL for redirecting to the first terminal,
So that the first terminal initiates certification request according to the URL of the redirection to the Portal server,
So that the Portal server carries out Portal certifications to the first terminal and carries to the management server
For first corresponding relation;The URL of the redirection includes the device id and first certification
ID。
14. access devices as claimed in claim 13, it is characterised in that the institute that the receiver is received
State and also include in result queries response the second corresponding relation, second corresponding relation includes the second certification ID
With the second Authorization result;The second certification ID is different with the first certification ID.
15. access devices as described in any one in claim 12-14, it is characterised in that described to set
Standby ID is the MAC address or numbering of access device described in unique mark.
16. access devices as described in any one in claim 12-15, it is characterised in that described
Addresses of the one certification ID by the processor based on the first terminal generates, and is
The MAC Address of the first terminal and random number and value;Or
The internet protocol address of the first terminal and random number and value;Or
MAC Address and random number and value to the first terminal does the value obtained after Hash operation;Or
IP address and random number and value to the first terminal does the value obtained after Hash operation.
17. a kind of management servers, it is characterised in that include:
Receiver, for receiving the result queries request of access device transmission, wraps in the result queries request
Include the device identification ID of the access device;
Processor, for asking according to the result queries, determines corresponding first correspondence of the device id
Relation, first corresponding relation includes the first certification ID and the first Authorization result;First correspondence is closed
System is supplied to the management server by door Portal server;
Transmitter, for the access device returning result inquiry response, wrapping in the result queries response
Include first corresponding relation so that the access device according to first corresponding relation in terminal and described
Portal certifications are completed in the case of there is NAT device between Portal server.
18. management servers as claimed in claim 17, it is characterised in that receive in the receiver
Before the result queries request that access device sends,
The receiver is additionally operable to, and receives the device id that the Portal server provides and described the
One corresponding relation;
The processor is additionally operable to, and first corresponding relation is stored in into the first buffer queue, and described first delays
The queue ID for depositing queue is the device id.
19. management servers as claimed in claim 18, it is characterised in that the processor is in basis
Result queries request, when determining corresponding first corresponding relation of the device id, specifically includes:
According to the device id, first buffer queue is determined;
Obtain all corresponding relations in first buffer queue, including first corresponding relation and second
Corresponding relation, second corresponding relation includes the second certification ID and the second Authorization result, described second
Certification ID is different with the first certification ID;
Correspondingly, also include that the described second correspondence is closed in the result queries response that the transmitter is returned
System.
20. a kind of door Portal server, it is characterised in that include:
Receiver, for the authentication information that receiving terminal is submitted to;
Processor, for obtaining the first Authorization result according to the authentication information, with first Authorization result
The device identification ID and the first certification ID of the corresponding access device of difference;
Transmitter, preserves, institute for the first corresponding relation and the device id to be sent to into management server
The first corresponding relation is stated including first Authorization result and the first certification ID, so as to the access device
First corresponding relation is inquired about according to the device id, and according to first corresponding relation for getting
Portal certifications are completed in the case of there is NAT device between terminal and the Portal server.
21. Portal server as claimed in claim 20, it is characterised in that in the processor root
The authentication information submitted to according to terminal obtains the first Authorization result, corresponding respectively with first Authorization result to connect
Before entering the device id and the first certification ID of equipment,
The receiver is additionally operable to, receive the terminal by the uniform resource position mark URL that redirects to
The certification request that the Portal server is initiated, the URL of the redirection is provided by the access device
To the terminal, the URL of the redirection includes the device id and the first certification ID;
The transmitter is additionally operable to, and the return authentication page gives the terminal, and the certification page includes described
Device id and the first certification ID;
The receiver is additionally operable to, and receives the authentication information that the terminal is submitted to, and the authentication information includes institute
State the end message and the certification page that terminal is input on the certification page include described in set
Standby ID and the first certification ID;
The transmitter is additionally operable to, and the end message is sent to into checking, authorization and accounting AAA services
Device is authenticated;
The processor obtains the first Authorization result in the authentication information submitted to according to terminal, awards with described first
When power result distinguishes the device id and the first certification ID of corresponding access device, specifically include:
Obtain the aaa server that the receiver receives is returned based on the end message described the
One Authorization result;Or, the aaa server for obtaining the receiver reception is based on the end message
The authentication result of return, and first Authorization result is generated based on the authentication result;
The device id corresponding with the first Authorization result difference and institute are obtained from the authentication information
State the first certification ID.
22. Portal server as described in claim 20 or 21, it is characterised in that the transmitter
First corresponding relation and the device id are sent to after management server preservation,
The receiver is additionally operable to, and receives the device id and described first that the management server is notified
Certification ID;
The processor is additionally operable to, and according to the device id and the first certification ID, determines the terminal
Address;
The transmitter is additionally operable to, and according to the address of the terminal, to the terminal authentication result page is sent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510715637.3A CN106656911B (en) | 2015-10-29 | 2015-10-29 | A kind of portal authentication method, access device and management server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510715637.3A CN106656911B (en) | 2015-10-29 | 2015-10-29 | A kind of portal authentication method, access device and management server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106656911A true CN106656911A (en) | 2017-05-10 |
CN106656911B CN106656911B (en) | 2019-10-01 |
Family
ID=58830781
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510715637.3A Active CN106656911B (en) | 2015-10-29 | 2015-10-29 | A kind of portal authentication method, access device and management server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106656911B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107733931A (en) * | 2017-11-30 | 2018-02-23 | 新华三技术有限公司 | Portal authentication method, device and portal server |
CN107733926A (en) * | 2017-11-28 | 2018-02-23 | 杭州迪普科技股份有限公司 | A kind of method and device of the portal certifications based on NAT |
CN109194695A (en) * | 2018-10-31 | 2019-01-11 | 新华三技术有限公司 | Gate verification method, system and computer readable storage medium |
CN109474588A (en) * | 2018-11-02 | 2019-03-15 | 杭州迪普科技股份有限公司 | A kind of terminal authentication method and device |
CN109951478A (en) * | 2019-03-19 | 2019-06-28 | 新华三技术有限公司 | Authorization management method and device |
CN110505188A (en) * | 2018-05-18 | 2019-11-26 | 华为技术有限公司 | A kind of terminal authentication method, relevant device and Verification System |
CN110958128A (en) * | 2018-09-26 | 2020-04-03 | 浙江宇视科技有限公司 | Alarm reporting scheduling method and device |
CN111049946A (en) * | 2019-12-24 | 2020-04-21 | 深信服科技股份有限公司 | Portal authentication method, Portal authentication system, electronic equipment and storage medium |
CN111092904A (en) * | 2019-12-27 | 2020-05-01 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN113709741A (en) * | 2021-09-23 | 2021-11-26 | 北京华信傲天网络技术有限公司 | Authentication access system of local area network |
CN113949562A (en) * | 2021-10-15 | 2022-01-18 | 迈普通信技术股份有限公司 | Portal authentication method, device and system, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582856A (en) * | 2009-06-29 | 2009-11-18 | 杭州华三通信技术有限公司 | Session setup method of Portal server and BAS (broadband access server) device and system thereof |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
CN103209159A (en) * | 2012-01-13 | 2013-07-17 | 中国电信股份有限公司 | Portal authentication method and system |
CN104104516A (en) * | 2014-07-30 | 2014-10-15 | 杭州华三通信技术有限公司 | Portal authentication method and device |
-
2015
- 2015-10-29 CN CN201510715637.3A patent/CN106656911B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582856A (en) * | 2009-06-29 | 2009-11-18 | 杭州华三通信技术有限公司 | Session setup method of Portal server and BAS (broadband access server) device and system thereof |
CN103209159A (en) * | 2012-01-13 | 2013-07-17 | 中国电信股份有限公司 | Portal authentication method and system |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
CN104104516A (en) * | 2014-07-30 | 2014-10-15 | 杭州华三通信技术有限公司 | Portal authentication method and device |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107733926A (en) * | 2017-11-28 | 2018-02-23 | 杭州迪普科技股份有限公司 | A kind of method and device of the portal certifications based on NAT |
CN107733931B (en) * | 2017-11-30 | 2021-03-09 | 新华三技术有限公司 | Portal authentication method and device and portal server |
CN107733931A (en) * | 2017-11-30 | 2018-02-23 | 新华三技术有限公司 | Portal authentication method, device and portal server |
CN110505188A (en) * | 2018-05-18 | 2019-11-26 | 华为技术有限公司 | A kind of terminal authentication method, relevant device and Verification System |
CN110505188B (en) * | 2018-05-18 | 2021-10-22 | 华为技术有限公司 | Terminal authentication method, related equipment and authentication system |
CN110958128A (en) * | 2018-09-26 | 2020-04-03 | 浙江宇视科技有限公司 | Alarm reporting scheduling method and device |
CN110958128B (en) * | 2018-09-26 | 2022-11-25 | 浙江宇视科技有限公司 | Alarm reporting scheduling method and device |
CN109194695A (en) * | 2018-10-31 | 2019-01-11 | 新华三技术有限公司 | Gate verification method, system and computer readable storage medium |
CN109474588A (en) * | 2018-11-02 | 2019-03-15 | 杭州迪普科技股份有限公司 | A kind of terminal authentication method and device |
CN109951478A (en) * | 2019-03-19 | 2019-06-28 | 新华三技术有限公司 | Authorization management method and device |
CN109951478B (en) * | 2019-03-19 | 2021-06-29 | 新华三技术有限公司 | Authorization management method and device |
CN111049946A (en) * | 2019-12-24 | 2020-04-21 | 深信服科技股份有限公司 | Portal authentication method, Portal authentication system, electronic equipment and storage medium |
CN111049946B (en) * | 2019-12-24 | 2023-03-24 | 深信服科技股份有限公司 | Portal authentication method, portal authentication system, electronic equipment and storage medium |
CN111092904A (en) * | 2019-12-27 | 2020-05-01 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN111092904B (en) * | 2019-12-27 | 2022-04-26 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN113709741A (en) * | 2021-09-23 | 2021-11-26 | 北京华信傲天网络技术有限公司 | Authentication access system of local area network |
CN113949562A (en) * | 2021-10-15 | 2022-01-18 | 迈普通信技术股份有限公司 | Portal authentication method, device and system, electronic equipment and storage medium |
CN113949562B (en) * | 2021-10-15 | 2023-11-17 | 迈普通信技术股份有限公司 | Portal authentication method, device, system, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106656911B (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106656911A (en) | Portal authentication method, access device and management server | |
CN105307108B (en) | A kind of Internet of Things information exchange communication means and system | |
CN1874217B (en) | Method for determining route | |
CN101741817B (en) | System, device and method for multi-network integration | |
KR102150750B1 (en) | Trusted login method and device | |
WO2021115449A1 (en) | Cross-domain access system, method and device, storage medium, and electronic device | |
CN107409125A (en) | The efficient strategy implement using network token for service user planar approach | |
CN101582856B (en) | Session setup method of portal server and BAS (broadband access server) device and system thereof | |
CA2419853A1 (en) | Location-independent packet routing and secure access in a short-range wireless networking environment | |
CN101990183A (en) | Method, device and system for protecting user information | |
CN105516171B (en) | Portal keep-alive system and method, Verification System and method based on authentication service cluster | |
CN106131066B (en) | A kind of authentication method and device | |
JP2018522323A (en) | Voice communication processing method and system, electronic apparatus, and storage medium | |
US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
US10951616B2 (en) | Proximity-based device authentication | |
CN107872445A (en) | Access authentication method, equipment and Verification System | |
CN109151821A (en) | A kind of message processing method and device | |
CN109548022A (en) | Method for mobile terminal user to remotely access local network | |
CN109769249A (en) | A kind of authentication method, system and its apparatus | |
CN105763658B (en) | For being addressed method, addressable server and the system of equipment dynamic IP addressing | |
CN106453349A (en) | An account number login method and apparatus | |
CN110086839A (en) | A kind of dynamic access method and device of remote equipment | |
CN104469770B (en) | Towards WLAN authentication methods, platform and the system of third-party application | |
CN107172211A (en) | Communication connection request method for building up and server | |
CN104735050B (en) | A kind of fusion mac certifications and the authentication method of web authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |