CN108809969B - Authentication method, system and device - Google Patents

Authentication method, system and device Download PDF

Info

Publication number
CN108809969B
CN108809969B CN201810542887.5A CN201810542887A CN108809969B CN 108809969 B CN108809969 B CN 108809969B CN 201810542887 A CN201810542887 A CN 201810542887A CN 108809969 B CN108809969 B CN 108809969B
Authority
CN
China
Prior art keywords
terminal
information
long connection
authentication
application client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810542887.5A
Other languages
Chinese (zh)
Other versions
CN108809969A (en
Inventor
郝兆旭
刘靖靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810542887.5A priority Critical patent/CN108809969B/en
Publication of CN108809969A publication Critical patent/CN108809969A/en
Application granted granted Critical
Publication of CN108809969B publication Critical patent/CN108809969B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides an authentication method, a system and a device thereof, wherein the method comprises the following steps: after receiving a long connection request sent by a first terminal, establishing long connection with the first terminal; receiving a notification message sent by an application client, wherein the notification message carries user information obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the application client obtains the URL information of the network management server from a two-dimensional code of the first terminal; sending the user information to the first terminal through the long connection; receiving an authentication request carrying the user information sent by the first terminal; and authenticating the first terminal according to the authentication request. According to the technical scheme, the network management server can authenticate the terminal, so that the network management server can participate in the authentication process, and once authentication fails, the network management server can acquire the reason of the authentication failure.

Description

Authentication method, system and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to an authentication method, system and apparatus.
Background
The application and Wi-Fi (Wireless-Fidelity) function is a Wi-Fi solution provided for Wi-Fi merchants (such as merchants with offline operating places), and based on the application and Wi-Fi function, in the offline operating places of the Wi-Fi merchants, users can quickly surf the internet by scanning two-dimensional codes and the like without inputting fussy Wi-Fi passwords and other information, so that the user experience is improved, and the competitiveness of the Wi-Fi merchants is improved.
At present, in the Wi-Fi function, although a user does not need to input information such as a Wi-Fi password, the user still needs to be authenticated, the authentication process of the user is completed by an application server, a Wi-Fi merchant cannot participate in the authentication process of the user, once the authentication of the user fails, the Wi-Fi merchant cannot know the reason of the authentication failure, and a solution cannot be provided for the user. Moreover, the Wi-Fi merchant cannot acquire the user information, cannot provide personalized services for the user, and cannot provide help for the operation of the Wi-Fi merchant.
Disclosure of Invention
The application provides an authentication method, which is applied to a network management server and comprises the following steps:
after receiving a long connection request sent by a first terminal, establishing long connection with the first terminal;
receiving a notification message sent by an application client, wherein the notification message carries user information obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the application client obtains the URL information of the network management server from a two-dimensional code of the first terminal;
sending the user information to the first terminal through the long connection;
receiving an authentication request carrying the user information sent by the first terminal;
and authenticating the first terminal according to the authentication request.
The application provides an authentication system, including wireless device and the above-mentioned network management server of right, wherein: after receiving a wireless connection request sent by a first terminal, the wireless device sends a redirection message carrying URL information for accessing a network management server to the first terminal, so that the first terminal redirects a long connection request to the network management server, and generates a two-dimensional code according to the URL information.
The application provides an authentication device, is applied to network management server, the device includes:
the system comprises an establishing module, a sending module and a receiving module, wherein the establishing module is used for establishing long connection with a first terminal after receiving a long connection request sent by the first terminal;
the receiving module is used for receiving a notification message sent by an application client, wherein the notification message carries user information obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the URL information of the network management server is obtained from a two-dimensional code of the first terminal;
a sending module, configured to send the user information to the first terminal through the long connection;
the receiving module is further configured to receive an authentication request carrying the user information and sent by the first terminal;
and the authentication module is used for authenticating the first terminal according to the authentication request.
Based on the technical scheme, in the embodiment of the application, the network management server can establish long connection with the first terminal, obtain user information from the notification message after receiving the notification message sent by the application client, and send the user information to the first terminal through the long connection; and then, the network management server receives an authentication request which is sent by the first terminal and carries the user information, and authenticates the first terminal according to the authentication request. Based on the mode, the network management server can authenticate the terminal, the authentication process of the terminal can be completed by the network management server, so that the network management server can participate in the authentication process, once the authentication fails, the network management server can acquire the reason of the authentication failure, and a solution can be provided for a user. Moreover, the network management server can acquire the user information, and then provide personalized service for the user, and help is provided for operation and popularization of the Wi-Fi merchant, so that the terminal accesses the network through Wi-Fi.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.
FIG. 1 is a schematic diagram of an application scenario in an embodiment of the present application;
FIG. 2 is a flow diagram of an authentication method in one embodiment of the present application;
FIG. 3 is a flow chart of an authentication method in another embodiment of the present application;
fig. 4 is a block diagram of an authentication apparatus according to an embodiment of the present application;
fig. 5 is a hardware configuration diagram of a network management server according to an embodiment of the present application.
Detailed Description
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
An authentication method provided in this embodiment of the present application may be applied to a system including a first terminal, a second terminal, a wireless device, a network management server, and an application server, and refer to fig. 1, which is a schematic view of an application scenario in this embodiment of the present application. The system can realize the Wi-Fi connecting function, is a Wi-Fi solution provided for Wi-Fi merchants, and can quickly surf the internet by scanning two-dimensional codes and the like in an off-line operating place of the Wi-Fi merchants, so that the user experience is improved, and the competitiveness of the Wi-Fi merchants is improved.
The first terminal may be a notebook Computer, a PC (Personal Computer), and the like, and is a terminal used by the user and needing to access the network. In this embodiment of the application, the first terminal may be a terminal that needs to be authenticated, that is, the first terminal can use the wireless device of the Wi-Fi merchant to access the network after passing the authentication.
The second terminal may be a mobile terminal, a smart phone, an iPAD, a notebook computer, a PC, or the like, is a terminal installed with an application client, and has a function of scanning a two-dimensional code, and certainly, the second terminal may also be other types of terminals, and the type of the terminal is not limited. Furthermore, the application client may be a client (such as APP) interacting with the application server, and the user information can be obtained from the application server.
The wireless device may be an AP (Access Point), an AC (Access Controller), a wireless router, and the like, and is a device with a Wifi function provided by a Wi-Fi merchant, and is usually deployed in an offline operating place of the Wi-Fi merchant, that is, the first terminal may Access the network through the wireless device.
The network management server is a server with an authentication function, is a server provided by a Wi-Fi merchant, and can be generally deployed in an offline operation place of the Wi-Fi merchant. In a traditional manner, a Wifi merchant cannot participate in an authentication process of a user, but in this embodiment, a Wi-Fi merchant may deploy a network management server and participate in the authentication process of the user through the network management server, that is, the network management server may authenticate the first terminal, and once authentication fails, the network management server may obtain a reason of the authentication failure, so as to provide a solution for the user. Moreover, the network management server can acquire the user information, and then provide personalized service for the user, and help is provided for the operation and popularization of the Wi-Fi merchant.
Based on the above application scenario, as shown in fig. 2, a flowchart of an authentication method is provided, where the method may include:
in step 201, a first terminal sends a wireless connection request to a wireless device.
Specifically, when the user accesses the network through the first terminal, the first terminal may send a wireless connection request to the wireless device, where the wireless connection request is used to establish a wireless connection between the first terminal and the wireless device.
For example, the first terminal may search for an SSID (Service Set Identifier) of the wireless device and send a wireless connection request to the wireless device corresponding to the SSID, thereby connecting to the wireless device. For a wireless device without a password set, the first terminal may directly transmit a wireless connection request to thereby connect to the wireless device; for the wireless device with the password, the user may input the password, and the first terminal sends the wireless connection request carrying the password, so as to connect to the wireless device, which is not limited.
Step 202, after receiving the wireless connection request, the wireless device sends a redirection message to the first terminal, where the redirection message includes URL (Uniform resource Locator) information of the network management server, verification information of the network management server, and tag information of the first terminal.
After receiving the wireless connection request, the wireless device may allocate tag information (e.g., ticket) to the first terminal, where the tag information has uniqueness, that is, different tag information is allocated to different first terminals. For example, the wireless device may randomly generate a character string, which may serve as tag information of the first terminal. Of course, the above is only an example of the tag information, and the tag information is not limited thereto.
The wireless device can pre-configure the URL information and the verification information of the network management server, and based on the URL information and the verification information, after receiving the wireless connection request, the wireless device can inquire the URL information and the verification information of the network management server from local configuration. The URL information may be URL information for accessing the network management server, the authentication information may be a unique identifier of the network management server, and the network management server has registered the authentication information to the application server, without limitation on the type of the authentication information.
Step 203, after receiving the redirection message, the first terminal generates a two-dimensional code according to the URL information, the verification information and the tag information, and displays the two-dimensional code to the user. That is, the contents of the two-dimensional code may include, but are not limited to: the URL information, the authentication information, and the tag information.
The redirection message may carry script information (e.g., JavaScript information), and the script information is used to implement a two-dimensional code generation function. After receiving the redirection message, the first terminal may parse the script information from the redirection message and execute the script information (e.g., execute the script information through a browser). Because the script information is used for realizing the two-dimensional code generation function, after the script information is run, the two-dimensional code can be generated, and the content of the two-dimensional code can include: URL information, authentication information, and tag information.
Step 204, after receiving the redirection message, the first terminal sends a long connection request to the network management server corresponding to the URL information, where the long connection request may carry the tag information.
After receiving the redirection message, the first terminal may execute step 203 and step 204, and the execution order is not limited, and step 203 may be executed first, or step 204 may be executed first.
The redirection message is used for triggering the first terminal to redirect to the network management server for authentication, so that the first terminal can send a long connection request to the network management server after receiving the redirection message. For example, a long connection request based on Ajax (Asynchronous JavaScript And eXtensible Markup Language, web page development technology for creating interactive web applications) is sent to the network management server.
Step 205, after receiving the long connection request, the network management server establishes a long connection with the first terminal, obtains the tag information from the long connection request, and establishes a corresponding relationship between the long connection and the tag information.
After the network management server establishes the long connection with the first terminal, the long connection may be maintained, for example, an aging timer may be set for the long connection, and the timeout time of the aging timer may be configured according to experience, which is not limited, for example, a larger time, such as 60 seconds, may be configured. Before the aging timer is overtime, if the user information is already sent to the first terminal through the long connection (the subsequent process will introduce the sending process of the user information), the long connection is disconnected. Or after the aging timer is overtime, the long connection is disconnected, the first terminal retransmits the long connection request, and the network management server establishes the long connection with the first terminal again.
And step 206, the second terminal scans the two-dimensional code, opens an application client of the second terminal, and the application client analyzes the URL information, the verification information and the tag information from the two-dimensional code.
After the first terminal generates the two-dimensional code and displays the two-dimensional code to the user, the user may scan the two-dimensional code through the second terminal (for example, the user opens the code scanning function of the second terminal to scan the two-dimensional code, at this time, the application client may not be opened, as long as the code scanning function of the second terminal is provided, and of course, the application client may also be opened to scan the two-dimensional code). When the two-dimensional code is scanned, an application client of the second terminal can be actively opened; for example, the two-dimensional code has a function of automatically opening the application client, so that the application client of the second terminal can be actively opened when the second terminal scans the two-dimensional code, and the application client can analyze the URL information, the verification information and the tag information from the two-dimensional code.
Step 207, the application client sends a user information request message to the application server, where the user information request message may carry the authentication information and a user login identifier of the application client, that is, the user may log in to the application client through the user login identifier, and then use the function provided by the application client.
And step 208, after receiving the user information request message, the application server performs authentication according to the authentication information. If the verification is passed, the user information corresponding to the user login identification of the application client can be inquired, and the user information is returned to the application client. If the verification fails, the user information may be prohibited from being returned to the application client. For convenience of description, verification is taken as an example in the present embodiment.
The application server can analyze the verification information of the network management server from the user information request message and inquire whether the verification information is registered locally. If yes, the network management server is registered in the application server, so that the verification can be determined to be passed; if not, the network management server is not registered in the application server, so that the verification can be determined not to be passed.
The application server can record the corresponding relation between the user login identification of the application client and the user information. Based on this, the application server can analyze the user login identification of the application client from the user information request message, and obtain the user information corresponding to the user login identification by inquiring the corresponding relation. For example, the user information may include, but is not limited to: the openId can be a unique identifier of a user, the tid can be information obtained after encryption of a mobile phone number, and the user information is not limited.
Step 209, after receiving the user information, the application client sends a notification message to the network management server corresponding to the URL information, where the notification message may carry the tag information and the user information.
Step 210, after receiving the notification message, the network management server stores the user information in a valid user table, or stores the user information and the tag information in the valid user table.
Therefore, after receiving the notification message, the network management server can analyze the tag information and the user information from the notification message and store the user information in the legal user table, or store the user information and the tag information in the legal user table.
In an example, after receiving the notification message, the network management server may further obtain personalized information, and push the personalized information to the application client, where the personalized information is not limited, for example, a Wi-Fi merchant may be deployed in the network management server, and information that helps the operation and popularization of the Wi-Fi merchant. For example, the personalized information may be advertisement information of a Wi-Fi merchant, etc., without limitation.
Step 211, the network management server queries the long connection corresponding to the tag information, sends the user information to the first terminal through the long connection, and disconnects the long connection between the network management server and the first terminal.
In step 205, the network management server already establishes a corresponding relationship between the long connection and the tag information, so in step 211, the network management server may query the long connection corresponding to the tag information and send the user information to the first terminal through the long connection, and since the user information is already sent to the first terminal, the network management server may also disconnect the long connection with the first terminal.
In step 212, after receiving the user information, the first terminal sends an authentication request to the network management server, where the authentication request carries the user information and address information (such as an IP address) of the first terminal.
Step 213, after receiving the authentication request, the network management server queries whether the user information is stored in the valid user table; if so, determining that the first terminal passes the authentication; if not, determining that the first terminal is not authenticated. For convenience of description, the authentication is taken as an example in the present embodiment.
If the user information is stored in the valid user table, it indicates that the first terminal has performed the authentication procedure in steps 201-212, and therefore, the network management server may determine that the first terminal passes the authentication. If the user information is not stored in the valid user table, it indicates that the first terminal does not perform the authentication procedure in steps 201-212, and therefore, the network management server may determine that the first terminal is not authenticated.
In step 214, if the first terminal passes the authentication, the network management server sends the address information of the first terminal to the wireless device. For example, the network management server sends an authentication success message to the wireless device, where the authentication success message carries the address information to indicate that the address information is authenticated address information.
In step 215, the wireless device records the address information of the first terminal in the authentication information table after receiving the address information, so as to indicate that the address information is authenticated address information.
The authentication information table is used for recording all address information passing authentication, so that after receiving the authentication success message, the wireless device can analyze the address information of the first terminal from the authentication success message and store the address information into the authentication information table to indicate that the address information is the address information passing authentication.
Step 216, when receiving the user message sent by the first terminal, the wireless device queries whether the address information (such as the source IP address) of the user message is located in the authentication information table; if yes, allowing the user message to pass, namely allowing the first terminal to access the network; if not, the user message can be refused to pass.
When receiving a user message sent by a first terminal, the wireless device may analyze address information of the first terminal (e.g., a source IP address of the user message) from the user message. If the address information is in the authentication information table, the first terminal is authenticated, and the first terminal is allowed to access the network, so that the user message can be allowed to pass; if the address information is not in the authentication information table, it indicates that the first terminal is not authenticated, and the first terminal is prohibited from accessing the network, so that the user message can be rejected from passing.
In the above embodiment, the application client and the application server may be determined according to actual situations, for example, the application client may be a wechat client, the application server may be a wechat server, the authentication information may be public number information, the user login identifier may be a micro signal, and the personalized information may be public number information, and of course, the public number information and the micro signal are only an example, and are not limited thereto. For another example, the application client may be a microblog client, the application server may be a microblog server, and the verification information may be a microblog number, which does not limit the types of the application client and the application server.
Based on the technical scheme, in the embodiment of the application, the network management server can establish long connection with the first terminal, obtain user information from the notification message after receiving the notification message sent by the application client, and send the user information to the first terminal through the long connection; and then, the network management server receives an authentication request which is sent by the first terminal and carries the user information, and authenticates the first terminal according to the authentication request. Based on the mode, the network management server can authenticate the terminal, the terminal authentication process can be completed by the network management server, so that the network management server can participate in the authentication process, once the authentication fails, the network management server can acquire the reason of the authentication failure, and a solution can be provided for a user. Moreover, the network management server can acquire the user information, and then provide personalized service for the user, and help is provided for operation and popularization of the Wi-Fi merchant, so that the terminal accesses the network through Wi-Fi. The method can reduce the interaction times of the application client and the application server as much as possible, avoid the interaction between the network management server and the application server, and enable the first terminal to access the network in a Wi-Fi connection mode.
Based on the same application concept as the method described above, another authentication method is also proposed in the embodiment of the present application, where the method may be applied to a network management server, and as shown in fig. 3, the method may include:
step 301, after receiving a long connection request sent by a first terminal, establishing a long connection with the first terminal.
Step 302, receiving a notification message sent by the application client, where the notification message carries user information obtained by the application client from the application server, and the notification message is sent by the application client according to the URL information after obtaining the URL information of the network management server from the two-dimensional code of the first terminal.
Step 303, the user information is sent to the first terminal through the long connection.
Step 304, receiving an authentication request carrying the user information sent by the first terminal.
Step 305, authenticating the first terminal according to the authentication request.
In one example, the long connection request may further include tag information of the first terminal; the notification message may further include the tag information of the first terminal obtained from the two-dimensional code by the application client.
Based on this, after the network management server establishes the long connection with the first terminal, the network management server may also establish a correspondence between the long connection and the tag information included in the long connection request.
Further, the sending the user information to the first terminal through the long connection may include: the network management server inquires the corresponding relation through the label information included in the notification message to obtain long connection corresponding to the label information, and sends the user information to the first terminal through the long connection.
In one example, after the network management server establishes the long connection with the first terminal, an aging timer may be further set for the long connection; before the aging timer is overtime, if user information is sent to the first terminal through the long connection, the long connection is disconnected; or after the aging timer is overtime, the long connection is disconnected.
In one example, after receiving the notification message sent by the application client, the user information may also be recorded in a valid user table; further, the authentication request may also carry address information of the first terminal, and the authenticating the first terminal according to the authentication request may include, but is not limited to: and if the user information carried in the authentication request exists in the legal user table, determining that the first terminal passes the authentication, and sending the address information of the first terminal to the wireless equipment so that the wireless equipment allows the first terminal to access the network according to the address information.
In an example, after receiving the notification message sent by the application client, the network management server may further obtain the personalized information, and push the personalized information to the application client.
The authentication method of fig. 3 is similar to the authentication method of fig. 2, and is not repeated here.
Based on the same application concept as the method, the embodiment of the present application further provides an authentication system, including a wireless device and a network management server, where: after receiving a wireless connection request sent by a first terminal, the wireless device can send a redirection message carrying URL information for accessing a network management server to the first terminal, so that the first terminal redirects a long connection request to the network management server and generates a two-dimensional code according to the URL information; after receiving the long connection request, the network management server can establish long connection with the first terminal; in addition, the network management server can receive a notification message sent by the application client, wherein the notification message carries user information obtained by the application client from the application server, and the notification message is sent by the application client according to the URL information after the application client obtains the URL information from the two-dimensional code; then, the network management server sends the user information to the first terminal through the long connection, receives an authentication request which is sent by the first terminal and carries the user information, and authenticates the first terminal according to the authentication request.
The authentication system is similar to the authentication method shown in fig. 2 or fig. 3, and will not be described again here.
Based on the same application concept as the method, an embodiment of the present application further provides an authentication apparatus applied to a network management server, which is shown in fig. 4 and is a structural diagram of the apparatus, where the apparatus includes:
an establishing module 401, configured to establish a long connection with a first terminal after receiving a long connection request sent by the first terminal;
a receiving module 402, configured to receive a notification message sent by an application client, where the notification message carries user information obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the application client obtains the URL information of the network management server from a two-dimensional code of the first terminal;
a sending module 403, configured to send the user information to the first terminal through the long connection;
the receiving module 402 is further configured to receive an authentication request carrying the user information sent by the first terminal;
an authentication module 404, configured to authenticate the first terminal according to the authentication request.
The long connection request further comprises label information of the first terminal; the notification message further comprises tag information of the first terminal, which is obtained by the application client from the two-dimensional code; the establishing module 401 is further configured to establish a corresponding relationship between the long connection and the tag information included in the long connection request; the sending module 403 is specifically configured to, when sending the user information to the first terminal through the long connection: and querying the corresponding relation through the label information included in the notification message to obtain the long connection corresponding to the label information, and sending the user information to the first terminal through the long connection.
In one example, the apparatus may further comprise (not shown in the figures): the processing module is used for setting an aging timer for the long connection after the long connection is established with the first terminal; before the aging timer is overtime, if user information is sent to the first terminal through the long connection, the long connection is disconnected; or after the aging timer is overtime, the long connection is disconnected.
The authentication module 404 is further configured to record the user information in a legal user table;
the authentication request also carries address information of the first terminal;
the authentication module 404, when authenticating the first terminal according to the authentication request, is specifically configured to: and if the user information carried in the authentication request exists in the legal user table, determining that the first terminal passes the authentication, and sending the address information of the first terminal to the wireless equipment, so that the wireless equipment allows the first terminal to access the network according to the address information.
The sending module 403 is further configured to obtain personalized information and push the personalized information to the application client.
In terms of hardware, a schematic diagram of a hardware architecture of the network management server provided in the embodiment of the present application may specifically refer to fig. 5, and may include: a machine-readable storage medium and a processor, wherein:
a machine-readable storage medium: the instruction code is stored.
A processor: the machine-readable storage medium is used for communicating with, reading and executing the instruction codes stored in the machine-readable storage medium, so as to realize the authentication operation disclosed in the above example of the application.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (11)

1. An authentication method applied to a network management server includes:
after receiving a long connection request sent by a first terminal, establishing long connection with the first terminal;
receiving a notification message sent by an application client, wherein the notification message carries user information of the application client, which is obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the URL information of the network management server is obtained by the application client from a two-dimensional code of the first terminal;
sending the user information to the first terminal through the long connection;
receiving an authentication request carrying the user information sent by the first terminal;
authenticating the first terminal according to the authentication request;
wherein the application client does not belong to the first terminal.
2. The method of claim 1,
the long connection request further comprises label information of the first terminal; the notification message further comprises tag information of the first terminal, which is obtained by the application client from the two-dimensional code;
after the long connection is established with the first terminal, the method further includes:
establishing a corresponding relation between the long connection and the label information included in the long connection request;
the sending the user information to the first terminal through the long connection includes:
and querying the corresponding relation through the label information included in the notification message to obtain the long connection corresponding to the label information, and sending the user information to the first terminal through the long connection.
3. The method of claim 2, further comprising:
after a long connection is established with the first terminal, setting an aging timer for the long connection; before the aging timer is overtime, if user information is sent to the first terminal through the long connection, the long connection is disconnected; or after the aging timer is overtime, the long connection is disconnected.
4. The method of claim 1, wherein after receiving the notification message sent by the application client, the method further comprises: recording the user information in a legal user table;
the authentication request also carries address information of the first terminal, and the authentication of the first terminal according to the authentication request comprises the following steps: and if the user information carried in the authentication request exists in the legal user table, determining that the first terminal passes the authentication, and sending the address information of the first terminal to the wireless equipment, so that the wireless equipment allows the first terminal to access the network according to the address information.
5. The method of claim 1,
after receiving the notification message sent by the application client, the method further includes:
and acquiring personalized information and pushing the personalized information to the application client.
6. An authentication system comprising a wireless device and the network management server of any one of claims 1-5, wherein:
after receiving a wireless connection request sent by a first terminal, the wireless device sends a redirection message carrying URL information for accessing a network management server to the first terminal, so that the first terminal redirects a long connection request to the network management server, and generates a two-dimensional code according to the URL information.
7. An authentication apparatus applied to a network management server, the apparatus comprising:
the system comprises an establishing module, a sending module and a receiving module, wherein the establishing module is used for establishing long connection with a first terminal after receiving a long connection request sent by the first terminal;
the receiving module is used for receiving a notification message sent by an application client, wherein the notification message carries user information of the application client, which is obtained by the application client from an application server, and the notification message is sent by the application client according to URL information after the URL information of the network management server is obtained by the application client from a two-dimensional code of the first terminal;
a sending module, configured to send the user information to the first terminal through the long connection;
the receiving module is further configured to receive an authentication request carrying the user information and sent by the first terminal;
the authentication module is used for authenticating the first terminal according to the authentication request;
wherein the application client does not belong to the first terminal.
8. The apparatus of claim 7,
the long connection request further comprises label information of the first terminal; the notification message further comprises tag information of the first terminal, which is obtained by the application client from the two-dimensional code;
the establishing module is further configured to establish a corresponding relationship between the long connection and the tag information included in the long connection request;
the sending module is specifically configured to, when sending the user information to the first terminal through the long connection: and querying the corresponding relation through the label information included in the notification message to obtain the long connection corresponding to the label information, and sending the user information to the first terminal through the long connection.
9. The apparatus of claim 8, further comprising: the processing module is used for setting an aging timer for the long connection after the long connection is established with the first terminal; before the aging timer is overtime, if user information is sent to the first terminal through the long connection, the long connection is disconnected; or after the aging timer is overtime, the long connection is disconnected.
10. The apparatus of claim 7,
the authentication module is also used for recording the user information in a legal user table;
the authentication request also carries address information of the first terminal;
the authentication module is specifically configured to, when authenticating the first terminal according to the authentication request: and if the user information carried in the authentication request exists in the legal user table, determining that the first terminal passes the authentication, and sending the address information of the first terminal to the wireless equipment, so that the wireless equipment allows the first terminal to access the network according to the address information.
11. The apparatus of claim 7, wherein the sending module is further configured to obtain personalized information and push the personalized information to the application client.
CN201810542887.5A 2018-05-30 2018-05-30 Authentication method, system and device Active CN108809969B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810542887.5A CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810542887.5A CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Publications (2)

Publication Number Publication Date
CN108809969A CN108809969A (en) 2018-11-13
CN108809969B true CN108809969B (en) 2020-11-06

Family

ID=64089494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810542887.5A Active CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Country Status (1)

Country Link
CN (1) CN108809969B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111277543B (en) * 2018-12-04 2022-08-26 华为技术有限公司 Information synchronization method, authentication method and device
CN109769249B (en) * 2019-01-30 2022-03-01 新华三技术有限公司 Authentication method, system and device
CN113010893B (en) * 2019-12-19 2024-05-17 华为云计算技术有限公司 Software management method, device and system
CN113285929B (en) * 2021-05-10 2023-03-24 新华三技术有限公司 Terminal validity detection method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001973A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
CN103067378A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Log-in control method and system based on two-dimension code
JP2013171496A (en) * 2012-02-22 2013-09-02 Hisao Kitamura Privilege application service management system
CN103634119A (en) * 2013-12-13 2014-03-12 北京星网锐捷网络技术有限公司 Authentication method, application client, application server and authentication server
CN105825374A (en) * 2016-03-11 2016-08-03 北京纳衡仪器仪表有限公司 Paid service operation management system apparatus and method for public place
WO2016147591A1 (en) * 2015-03-17 2016-09-22 Ricoh Company, Ltd. Transmission system, transmission terminal, method and program
CN106651277A (en) * 2017-01-04 2017-05-10 南阳师范学院 Regional logistics information-based network transmission system and data analysis method
CN107277812A (en) * 2017-07-11 2017-10-20 上海斐讯数据通信技术有限公司 A kind of wireless network authentication method and system based on Quick Response Code
CN107454064A (en) * 2017-07-11 2017-12-08 上海斐讯数据通信技术有限公司 A kind of visitor's authentication method and system based on public number
CN107529164A (en) * 2017-09-07 2017-12-29 上海斐讯数据通信技术有限公司 A kind of portal certifications, wireless network access method and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013171496A (en) * 2012-02-22 2013-09-02 Hisao Kitamura Privilege application service management system
CN103001973A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
CN103067378A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Log-in control method and system based on two-dimension code
CN103634119A (en) * 2013-12-13 2014-03-12 北京星网锐捷网络技术有限公司 Authentication method, application client, application server and authentication server
WO2016147591A1 (en) * 2015-03-17 2016-09-22 Ricoh Company, Ltd. Transmission system, transmission terminal, method and program
CN105825374A (en) * 2016-03-11 2016-08-03 北京纳衡仪器仪表有限公司 Paid service operation management system apparatus and method for public place
CN106651277A (en) * 2017-01-04 2017-05-10 南阳师范学院 Regional logistics information-based network transmission system and data analysis method
CN107277812A (en) * 2017-07-11 2017-10-20 上海斐讯数据通信技术有限公司 A kind of wireless network authentication method and system based on Quick Response Code
CN107454064A (en) * 2017-07-11 2017-12-08 上海斐讯数据通信技术有限公司 A kind of visitor's authentication method and system based on public number
CN107529164A (en) * 2017-09-07 2017-12-29 上海斐讯数据通信技术有限公司 A kind of portal certifications, wireless network access method and system

Also Published As

Publication number Publication date
CN108809969A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
CN108809969B (en) Authentication method, system and device
EP2878115B1 (en) Online user account login method and server system implementing the method
CN102821104B (en) Authorization method, authorization device and authorization system
US10299118B1 (en) Authenticating a person for a third party without requiring input of a password by the person
CN107070945B (en) Identity login method and equipment
TWI706265B (en) Third-party authorized login method and system
KR101214839B1 (en) Authentication method and authentication system
JP6472513B2 (en) Method and terminal for transmitting verification information
US20160373428A1 (en) Smart phone login using qr code
CN101702717B (en) Method, system and equipment for authenticating Portal
WO2017079795A1 (en) A distributed user profile identity verification system for e-commerce transaction security
CN107566323B (en) Application system login method and device
US10834067B2 (en) Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network
CN104144419A (en) Identity authentication method, device and system
WO2015134554A1 (en) Automatic detection of authentication methods by a gateway
CN108234386B (en) Method and apparatus for authentication
JP2007264835A (en) Authentication method and system
CN105873055B (en) Wireless network access authentication method and device
CN109769249B (en) Authentication method, system and device
US20170034164A1 (en) Multifactor authentication for mail server access
CN106658498A (en) Portal approved quick roaming method and WiFi device
JP2018055582A (en) Communication management program, communication management method and communication management apparatus
CN111698196A (en) Authentication method and micro-service system
EP3329650B1 (en) Providing multi-factor authentication credentials via device notifications
US10165126B2 (en) Method for securing a transaction between a mobile terminal and a server of a service provider through a platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant