CN109962917A - Authentication information processing method and equipment, system, storage medium - Google Patents
Authentication information processing method and equipment, system, storage medium Download PDFInfo
- Publication number
- CN109962917A CN109962917A CN201910234255.7A CN201910234255A CN109962917A CN 109962917 A CN109962917 A CN 109962917A CN 201910234255 A CN201910234255 A CN 201910234255A CN 109962917 A CN109962917 A CN 109962917A
- Authority
- CN
- China
- Prior art keywords
- authentication information
- information processing
- processing equipment
- access device
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of authentication information processing method and equipment, system, storage medium.This method comprises: authentication information processing equipment obtains the response message that address allocating device is directed to access device, the network address and physical address of the access device are carried in the response message, then, the authentication information processing equipment is according to the response message, determine the authentication information of the access device, to, the authentication information is sent to certificate server by the authentication information processing equipment, so that the certificate server carries out access authentication to the access device according to the authentication information.Method of the invention, has widened the networking scene of unaware certification, and improves the flexibility of unaware certification.
Description
Technical field
The present invention relates to computer technology more particularly to a kind of authentication information processing method and equipment, system, storage Jie
Matter.
Background technique
Unaware certification is as a kind of easily access means, when can be logged on after terminal logins network for the first time,
Automated validation can be completed without inputting account name and password again.Unaware authentication requesting authentication information processing equipment is (directly
The equipment for initiating certification to certificate server) physical address of access device can be got, in this way, can be set in the access
When the standby certification of initiation again, automated validation is realized using the physical address got.
Currently, authentication information processing equipment can get the physical address of access device, it is necessary to meet the following two kinds
Any case of networking: being two layers of networking between authentication information processing equipment and access device, in this way, authentication information processing is set
The standby physical address that access device can be got by double layer network;Alternatively, referring to FIG. 1, access device and authentication information
There are the controls of wireless access point and configuration protocol (Control And Provisioning of between processing equipment
Wireless Access Points Protocol Specification, capwap) tunnel, in this way, authentication information processing is set
The standby physical address that access device can be got by the tunnel capwap.
But the networking for being unsatisfactory for aforementioned any case, then it cannot achieve unaware certification, unaware caused to be recognized
The application scenarios of card are limited, and flexibility is lower.
Summary of the invention
The present invention provides a kind of authentication information processing method and equipment, system, storage medium, to be unsatisfactory for existing nothing
Under the premise of perception certification networking requirement, the implementation method of another unaware certification is provided, to extend answering for unaware certification
With scene, its flexibility is improved.
In a first aspect, the present invention provides a kind of authentication information processing method, comprising:
Authentication information processing equipment obtains the response message that address allocating device is directed to access device, in the response message
Carry the network address and physical address of the access device;
The authentication information processing equipment determines the authentication information of the access device according to the response message;
The authentication information is sent to certificate server by the authentication information processing equipment, so that the authentication service
Device carries out access authentication to the access device according to the authentication information.
Second aspect, the present invention provide a kind of authentication information processing equipment, comprising:
Module is obtained, the response message for being directed to access device for obtaining address allocating device is taken in the response message
Between network address and physical address with the access device;
Determining module, for determining the authentication information of the access device according to the response message;
Transceiver module, for the authentication information to be sent to certificate server so that the certificate server according to
The authentication information carries out access authentication to the access device.
The third aspect, the present invention provide a kind of authentication information processing equipment, comprising:
Memory;
Processor;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor with reality
Now method as described in relation to the first aspect.
Fourth aspect, the present invention provide a kind of authentication information processing system, comprising:
Authentication information processing equipment, for executing method as described in relation to the first aspect;
Address allocating device, for and sending response message to distribute address according to the certification request of access device;
Certificate server, authentication information for being sent according to the authentication information processing equipment to the access device into
Row access authentication.
5th aspect, the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize method as described in relation to the first aspect.
In technical solution provided by the invention, authentication information processing equipment can get address allocating device for access
The response message of equipment, in this way, can therefrom determine the authentication information of access device and be sent to certificate server, so that recognizing
It demonstrate,proves server and is based on authentication information realization unaware certification, it is convenient and efficient, moreover, compared to existing unaware certificate scheme,
Technical solution provided in an embodiment of the present invention is for the group-network construction between authentication information processing equipment and access device without special
It limits, is not only suitable for existing two layers of networking, is equally applicable to widen unaware across three layers of networking (at least three layers of networking) and recognized
The networking scene of card, in addition, technical solution provided in an embodiment of the present invention is further mentioned without the additional configuration tunnel capwap
The high flexibility of unaware certification.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.
Fig. 1 is a kind of existing configuration diagram of authentication information processing system;
Fig. 2 is a kind of configuration diagram of authentication information processing system provided by the embodiment of the present invention;
Fig. 3 is a kind of flow diagram of authentication information processing method provided by the embodiment of the present invention;
Fig. 4 is a kind of configuration diagram of authentication information processing system provided by the embodiment of the present invention;
Fig. 5 is a kind of functional block diagram of authentication information processing equipment provided by the embodiment of the present invention;
Fig. 6 is a kind of entity structure schematic diagram of authentication information processing equipment provided by the embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Noun according to the present invention is explained first:
Unaware certification: after referring to that access device accesses for the first time, authentication information processing equipment by access device physically
Location is sent to certificate server, and certificate server can tie up the physical address of access device and authenticating identity information
It is fixed, in this way, certificate server can be based on authentication information processing equipment again when the access device requests login authentication again
The physical address of transmission, to determine corresponding authenticating identity information, thus, it is automatically based upon these authenticating identity information realizations
Certification to access device.Wherein, the process that access device accesses again inputs account name and password etc. again without user and recognizes
Identity information is demonstrate,proved, without webpage certification is executed again, can conveniently access network.
Certificate server: refer to for being accessed according to authenticating identity information (account, password etc.) to access device
The server of certification, main purpose is management customer access network server, and is mentioned to the user for wherein having access authority
For service.
Wherein, certificate server involved by the embodiment of the present invention can include but is not limited to: portal website's certification clothes
It is engaged in device (portal/AAA server), wherein AAA refers to verifying (Authentication), authorization (Authorization)
With book keeping operation (Accounting).
Authentication information processing equipment: it is directed to the equipment that certificate server initiates certification.
Wherein, authentication information processing equipment involved by the embodiment of the present invention can include but is not limited to: portal broadband
Access server (portal Broad Access Server, portal BAS).In the embodiment of the present invention, portal BAS can
Think the equipment that arbitrarily can initiate certification to certificate server, can include but is not limited to: internet behavior equipment or access control
Device (Access Controller, AC) processed etc..Wherein, internet behavior equipment is used to carry out network log-in management to accessing user,
For example, can include but is not limited at least one of following aspect: web page access filtering, network application control, bandwidth traffic
Management, information transmit-receive audit, user behavior analysis.
Address allocating device: refer to the equipment or server for distributing network address for access device.
Address allocating device involved by the embodiment of the present invention can include but is not limited to: agreement is arranged in DynamicHost
(Dynamic Host Configuration Protocol, DHCP) server, referred to as DHCP Server or DHCP service
Device.The responsibility of Dynamic Host Configuration Protocol server is and to ensure to distribute to each work station when work stations log is come in time-division distribution network address
Network address it is different.
Access device: refer to the equipment that request accesses aforementioned portal network.
In a kind of possible design, access device can include but is not limited to following at least one: access points
(Access Point, AP) and terminal device.Wherein, terminal device can be wireless terminal and be also possible to catv terminal.Wirelessly
Terminal can be directed to user and provide voice and/or the equipment of other business datum connectivity, the hand with wireless connecting function
It holds formula equipment or is connected to other processing equipments of radio modem.Wireless terminal can be through wireless access network (Radio
Access Network, abbreviation RAN) it is communicated with one or more equipments of the core network, wireless terminal can be mobile terminal,
Such as mobile phone (or be " honeycomb " phone) and the computer with mobile terminal, for example, it may be portable, pocket,
Hand-held, built-in computer or vehicle-mounted mobile device, they exchange language and/or data with wireless access network.Example again
Such as, wireless terminal can also be personal communication service (Personal Communication Service, abbreviation PCS) phone,
Wireless phone, Session initiation Protocol (Session Initiation Protocol, abbreviation SIP) phone, wireless local loop
(Wireless Local Loop, abbreviation WLL) stand, personal digital assistant (PersonalDigital Assistant, referred to as
The equipment such as PDA).Wireless terminal is referred to as system, subscriber unit (Subscriber Unit), subscriber station (Subscriber
Station), movement station (Mobile Station), mobile station (Mobile), distant station (Remote Station), long-range end
Hold (Remote Terminal), access device (Access Terminal), user terminal (User Terminal), Yong Hudai
(User Agent), user equipment (User Device or User Equipment) are managed, is not limited thereto.Optionally, on
Stating terminal device can also be the equipment such as smartwatch, tablet computer.
In addition, there are also other different forms of expression for access device based on different realization scenes.For example, in bank's group
In the realization scene of net, access device can be payment devices.
The specific application scenarios of the present invention are the certification scene for access device.It further, can be for for connecing
Enter the unaware certification scene of equipment.
As described in aforementioned background art, the precondition of unaware certification is: certificate server can be obtained or be identified
The physical address of access device;In this way, certificate server could be based on the physical address information to its authenticating identity information realization
Unaware certification.And in order to meet the precondition, the prior art generally uses authentication information processing equipment and access device two
The design of layer networking, alternatively, having the design in the tunnel capwap between access device and authentication information processing equipment.
But for both application scenarios are not satisfied, then it cannot achieve unaware certification.
For example, in a kind of possible networking scene, if authentication information processing equipment and access device are across three layers of group
Net, and access device forwards data by way of locally forwarding (being different from the tunnel capwap), thus, authentication information processing is set
The standby physical address that can not get access device also can not just send it to certificate server and complete unaware certification.Needle
To this networking scene, additionally uses in the prior art and Simple Network Management Protocol is passed through by authentication information processing equipment
(Simple Network Management Protocol, SNMP) agreement obtains address resolution to the gateway of access device
Agreement (Address Resolution Protocol, ARP) table, to obtain the scheme of the physical address of access device.But
The delay of this scheme is more serious, and authentication information processing equipment access gateway also can additionally increase a large amount of data flow
Amount, causes enormous pressure to the performance of gateway, is also difficult to realize in actual application scenarios.
Technical solution provided by the invention, it is intended to solve the technical problem as above of the prior art, and propose that following solution is thought
Road: when access device accesses network, network address is generally distributed by Dynamic Host Configuration Protocol server, and is directed to and connects in Dynamic Host Configuration Protocol server
Enter in the response message of equipment, the general network address and physical address for carrying access device therefore can be by authentication information
Equipment is managed to undertake the communication between access device and Dynamic Host Configuration Protocol server, thus, authentication information processing equipment is available to be arrived
Dynamic Host Configuration Protocol server feeds back to the response message of access device, and obtains the authentication informations such as physical address therein.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Embodiment one
The embodiment of the invention provides a kind of authentication information processing methods.
Please refer to a kind of architecture diagram of authentication information processing system shown in Fig. 2.As shown in Fig. 2, the authentication information is handled
System 200, comprising:
Authentication information processing equipment 210, for executing authentication information processing method provided by the embodiment of the present invention;
Address allocating device 220, for and sending response message to distribute address according to the certification request of access device;
Certificate server 230, the authentication information for being sent according to the authentication information processing equipment set the access
It is standby to carry out access authentication.
The explanation of each equipment (or server) is detailed in preceding description in system as shown in Figure 2, repeats no more.
Hereinafter, being provided for the embodiments of the invention certification letter in conjunction with authentication information processing system 200 as shown in Figure 2
Breath processing method is illustrated.This method is implemented in authentication information processing equipment 210, referring to FIG. 3, this method includes following step
It is rapid:
S302, authentication information processing equipment obtain the response message that address allocating device is directed to access device, the response
The network address and physical address of the access device are carried in message.
Wherein, network address involved by the embodiment of the present invention can include but is not limited to: Internet protocol address
The address (Internet Protocol Address, IP);Network address involved by the embodiment of the present invention may include but not
It is limited to: the address media access control address (Media Access Control Address, MAC).
Specifically, address allocating device can be Dynamic Host Configuration Protocol server.Dynamic Host Configuration Protocol server is used for obtaining IP address in DHCP
Family (DHCP client is access device in this programme) with (pass through authentication information in this programme in Dynamic Host Configuration Protocol server interactive process
The interaction that processing equipment is realized, therefore, interact with Dynamic Host Configuration Protocol server really as DHCP user is authentication information
Processing equipment), if Dynamic Host Configuration Protocol server acquisition IP address is normal, it will to one ACK broadcast packet of DHCP user feedback (response report
Text), with confirm DHCP user application IP address be it is legal, later, DHCP user can use this IP address.And
" Your (client) IP Address " and " Client MAC Address " the two words are generally comprised in ACK broadcast packet
Section, therefore it may only be necessary to read the two fields, so that it may obtain the IP address and MAC Address of access device.
Since Dynamic Host Configuration Protocol server is for obtaining IP address, that is to say, that in the friendship of Dynamic Host Configuration Protocol server and DHCP user
During mutually, access device is that therefore IP address does not pass through the response message of analysis DHCP feedback, so that it may access
Before equipment gets IP address, the relationship between IP address and MAC Address is got, has better real-time.Moreover, address
When distributing equipment is that an access device distributes IP address, that is, aforementioned process is generated, and authentication information processing equipment is in the process
Middle acquisition response message, can be obtained newest MAC Address, to cope with the changed scene of MAC Address.
In addition, address allocating device is used to distribute network address for access device, before executing the step, it is also necessary to by
Access device issues access request to address allocating device, in order to which address allocating device can be returned according to the access request
Response message.
In specific implementation, aforementioned access request can be forwarded to address allocating device with authenticated information processing equipment, and
Response message is transmitted to access device by address allocating device, is set it is, authentication information processing equipment undertakes address distribution
The standby data forwarding function between access device, so, it is ensured that the response message that address allocating device returns, which flows through, to be recognized
Information processing equipment is demonstrate,proved, authentication information processing equipment can also get response message in repeating process.
In addition, access request can also be forwarded without authentication information processing equipment, and be led in alternatively possible design
It crosses other gateways and is transmitted to address allocating device;But address allocating device returns to the response message of access device, then needs
The forwarding of authenticated information processing equipment is wanted, so that authentication information processing equipment can get response message.
S304, the authentication information processing equipment determine the authentication information of the access device according to the response message.
Address allocating device returns in the response message of access device, carries the network address and physics of access device
Address, thus, it may be determined that the authentication information of access device.The embodiment of the present invention it is determined here that authentication information may include but not
It is limited to: authenticating identity information and address information.Wherein, address information can include but is not limited to: physical address.Authenticating identity letter
Breath can include but is not limited to: account name, identity unique identification, in addition, authenticating identity information can also include: account number cipher
Information such as (input are got when being accessed for the first time by access device).
In a kind of possible design, can directly extract the physical address of the access device carried in response message, and by its
It is determined as authentication information;Alternatively, can also be by the physical address and network address of the access device carried in response message, jointly
It is determined as authentication information.
In alternatively possible design, authentication information processing equipment can also carry physically in message according to response
Location, to determine the authenticating identity information of corresponding access device.
Specifically, if having prestored the corresponding pass between physical address and authenticating identity information in authentication information processing equipment
System, the then corresponding authenticating identity information of physical address carried in the available response message, using as authentication information.
Wherein, aforementioned corresponding relationship can be to acquire in Self-certified server.It is, execute aforementioned S304 it
Before, authentication information processing equipment obtains the corresponding relationship of the certificate server maintenance, the authentication information processing equipment
Store the corresponding relationship.This acquisition modes, it is desirable that maintained physical address in certificate server and authenticating identity is believed
It is realized under the premise of breath.In other words, for the access device to network for the first time, it may not safeguard that the correspondence is closed in certificate server
System, then when the access device networks for the first time, the authentication information which determines can be by the way of aforementioned addresses information.
In addition, in some special application scenarios, it can also be by artificial preconfigured mode, by aforementioned corresponding pass
Be with there are authentication information processing equipment or authentication information processing equipment can be read or communicate obtain equipment in.
S306, the authentication information is sent to certificate server by the authentication information processing equipment, so that described recognize
It demonstrate,proves server and access authentication is carried out to the access device according to the authentication information.
Based on the acquisition of aforementioned authentication information, authentication information is sent to certificate server by authentication information processing equipment, most
The access authentication to access device is completed by certificate server eventually.
In addition, certificate server is after getting the physical address of access device, also if access device is to access for the first time
It can establish the corresponding relationship between physical address and authenticating identity information (comprising account number cipher).In this way, in the access device
It is subsequent when accessing again, the corresponding certification of physical address of authentication information processing equipment transmission can be found according to the corresponding relationship
Identity information, thus, complete unaware certification.
In order to make it easy to understand, the embodiment of the present invention provides the interaction flow such as another authentication information processing method, the party
Practical method includes: verification process and again verification process for the first time.It is found that verification process can execute one or many, sheet again
Inventive embodiments are not particularly limited this.
Specifically, verification process includes the following steps: for the first time
S1-02, access device send access request to authentication information processing equipment.
The access request is forwarded to address allocating device by S1-04, authentication information processing equipment.
S1-06, address allocating device are that access device distributes network address, and sends and respond to authentication information processing equipment
Message.
S1-08, authentication information processing equipment obtain physical address and network address in response message.
The access request for carrying physical address and network address is sent to certification clothes by S1-10, authentication information processing equipment
Business device.
S1-12, certificate server obtain the account and password of access device input.
The step can be directed to certification page by certificate server, access the authentication page by access device when realizing
Face, and the form for acquiring the account number cipher of user's input is realized.
S1-14, certificate server carry out access verifying to access device according to aforementioned information.
Aforementioned information includes at least: network address, physical address, account, password.
S1-16, if certification passes through, certificate server provides service for access device.
It is found that verification process is consistent with the subsequent process of verification process again for the first time, no longer in common certification scene
It repeats.
And under the scene of unaware certification, in aforementioned verification process for the first time, it can further include following steps:
S1-18, certificate server establish the corresponding relationship between the physical address of access device and account, password.
As a result, under unaware certification scene, subsequent verification process again be may include steps of:
S2-02, access device send access request to authentication information processing equipment.
The access request is forwarded to address allocating device by S2-04, authentication information processing equipment.
S2-06, address allocating device are that access device distributes network address, and sends and respond to authentication information processing equipment
Message.
S2-08, authentication information processing equipment obtain the physical address in response message.
The physical address of access device is sent to certificate server by S2-10, authentication information processing equipment.
S2-12, certificate server obtain account corresponding with the physical address of the access device according to aforementioned corresponding relationship
Number, password.
S2-14, certificate server carry out access verifying to access device according to account, password.
Based on previous designs, method described in aforementioned any implementation provided in an embodiment of the present invention, for certification
Group-network construction between information processing equipment and access device is not particularly limited.That is, authentication information processing equipment with connect
Entering between equipment to be two layers of group-network construction shown in figure 1, alternatively, can between authentication information processing equipment and access device
Think across three layers of group-network construction.Wherein, refer to have between authentication information processing equipment and access device across three layers of group-network construction
At least two layer exchange devices.
Specifically, can be with reference to the configuration diagram of another authentication information processing system shown in Fig. 4.Fig. 4 is shown
A kind of possible networking structure is comprising the first linking Internet area, the second linking Internet area, third linking Internet
Area.Wherein, Fig. 4 shows two third linking Internet areas.
As shown in figure 4, third linking Internet area is deployed with access device AP and the first gateway, the first gateway is provided with this
The firewall on ground.Second linking Internet area is deployed with access controller AC, specifically, include: Dynamic Host Configuration Protocol server (this programme
Address allocating device), internet behavior equipment (the authentication information processing equipment that can be used as this programme), switch device (can be used as
The authentication information processing equipment of this programme), and it is located at the virtual network device (Virtual in the second linking Internet area
Private Network, VPN) and the gateway in the first linking Internet area between establish the first remote access virtual network
(Internet Protocol Security VPN, IPSEC VPN) communicates (tunnel is identified as in Fig. 4), the first IPSEC
VPN traffic can be used for carrying data traffic between the second linking Internet area and third linking Internet area, control flow.Example
Such as, which can be used for carrying surfing flow, message identifying, system the record information in third linking Internet area
(SYSLOG), the information such as DHCP, domain name system information (Domain Name System, DNS).In this way, third linking Internet
The surfing flow in area is transmitted to the second linking Internet area by the first IPSEC VPN, later, passes through the second linking Internet area
Internet behavior equipment concentrate audit.And the first linking Internet area is deployed with the (certification of this programme of portal/AAA server
Server), the 2nd IPSEC VPN, the 2nd IPSEC are established between the first linking Internet area and the second linking Internet area
VPN is for being carried to the authentication information for being transmitted to the first linking Internet area.In this way, the message identifying in the first linking Internet area
It is transmitted to the second linking Internet area through the first IPSEC VPN, is transmitted to third linking Internet using the 3rd IPSEC VPN
Area.
As previously mentioned, the internet behavior equipment and switch device in the second linking Internet area can be used as this programme
Authentication information processing equipment.
In system architecture as shown in Figure 4, authentication information processing equipment can be set access by way of locally forwarding
The access request that preparation rises is transmitted to address allocating device.
Alternatively, can also realize the forwarding of the access request by other means in other system architectures.For example,
In system architecture as shown in Figure 1, these data can also be forwarded by the tunnel capwap.
Moreover, as shown in figure 4, the address information stream of Dynamic Host Configuration Protocol server passes through authentication information processing equipment, in this way, certification
Information processing equipment can get the MAC and IP address of access device in real time.When specifically carrying out system deployment, a kind of possibility
Design in, can be as shown in figure 4, setting internet exterior wall for the gateway of Dynamic Host Configuration Protocol server.
Aforementioned any implementation provided in an embodiment of the present invention is not only suitable for existing two layers of networking, also applicable
In the networking scene for across three layers of networking, having widened unaware certification, in addition, technical solution provided in an embodiment of the present invention without
The additional configuration tunnel capwap, further improves the flexibility of unaware certification.
It is understood that step or operation are only example, the embodiment of the present application some or all of in above-described embodiment
The deformation of other operations or various operations can also be performed.In addition, each step can be presented not according to above-described embodiment
With sequence execute, and it is possible to do not really want to execute all operationss in above-described embodiment.
Embodiment two
Authentication information processing method provided by one, the embodiment of the present invention further provide in realization based on the above embodiment
State the apparatus embodiments of each step and method in embodiment of the method.
The embodiment of the invention provides a kind of authentication information processing equipments, referring to FIG. 5, the authentication information processing equipment
210, comprising:
Module 211 is obtained, the response message for being directed to access device for obtaining address allocating device, in the response message
It carries between the network address and physical address of the access device;
Determining module 212, for determining the authentication information of the access device according to the response message;
Transceiver module 213, for the authentication information to be sent to certificate server, so that the certificate server root
Access authentication is carried out to the access device according to the authentication information.
In a kind of possible design, determining module 212 is specifically used for:
The physical address and the network address are determined as the authentication information;Alternatively,
The physical address is determined as the authentication information.
In alternatively possible design, determining module 212 is specifically used for:
According to the corresponding relationship prestored, the corresponding authenticating identity information of the physical address is obtained, and by the certification body
Part information is determined as the authentication information;
Wherein, corresponding relationship of the corresponding relationship between physical address and authenticating identity information.
In addition, the authentication information processing equipment 210 further include: memory module;
The acquisition module 211, be also used to be determined according to the response message access device authentication information it
Before, obtain the corresponding relationship of the certificate server maintenance;
The memory module (Fig. 5 is not shown), for storing the corresponding relationship.
In the embodiment of the present invention, for two layers of networking or across three between the authentication information processing equipment and the access device
Layer networking.
In addition, transceiver module 213 is also used in alternatively possible design:
In a manner of locally forwarding, the access request that the access device is initiated is transmitted to the address allocating device.
In the embodiment of the present invention, the authentication information processing equipment includes: access controller or internet behavior equipment.
The authentication information processing equipment 210 of embodiment illustrated in fig. 5 can be used for executing the technical solution of above method embodiment,
Its implementing principle and technical effect can be with further reference to the associated description in embodiment of the method, optionally, at the authentication information
Managing equipment 210 can be with internet behavior equipment or AC.
It should be understood that the division of the modules of authentication information processing equipment shown in figure 5 above 210 is only a kind of logic function
The division of energy, can completely or partially be integrated on a physical entity in actual implementation, can also be physically separate.And these
Module can be realized all by way of processing element calls with software;It can also all realize in the form of hardware;May be used also
Realize that part of module passes through formal implementation of hardware by way of processing element calls with part of module with software.For example, receiving
Hair module 213 can be the processing element individually set up, and also can integrate in authentication information processing equipment 210, such as in AC
Some chip in realize, in addition it is also possible to be stored in the memory of authentication information processing equipment 210 in the form of program
In, it is called by some processing element of authentication information processing equipment 210 and executes the function of the above modules.Other modules
Realization it is similar therewith.Furthermore these modules completely or partially can integrate together, can also independently realize.Described here
Processing element can be a kind of integrated circuit, the processing capacity with signal.During realization, each step of the above method or
The above modules can be completed by the integrated logic circuit of the hardware in processor elements or the instruction of software form.
For example, the above module can be arranged to implement one or more integrated circuits of above method, such as:
One or more specific integrated circuits (Application Specific Integrated Circuit, ASIC), or, one
Or multi-microprocessor (digital singnal processor, DSP), or, one or more field programmable gate array
(Field Programmable Gate Array, FPGA) etc..For another example, when some above module dispatches journey by processing element
When the form of sequence is realized, which can be general processor, such as central processing unit (Central Processing
Unit, CPU) or it is other can be with the processor of caller.For another example, these modules can integrate together, with system on chip
The form of (system-on-a-chip, SOC) is realized.
Also, the embodiment of the invention provides a kind of authentication information processing equipments, referring to FIG. 6, the authentication information is handled
Equipment 210, comprising:
Memory 2110;
Processor 2120;And
Computer program;
Wherein, computer program is stored in memory 2110, and is configured as being executed by processor 2120 to realize such as
Method described in above-described embodiment.
Wherein, the number of processor 2120 can be one or more, processor 2120 in authentication information processing equipment 210
It is referred to as processing unit, certain control function may be implemented.The processor 2120 can be general processor or
Application specific processor etc..In a kind of optionally design, processor 2120 can also have instruction, and described instruction can be by the place
It manages device 2120 to run, so that the authentication information processing equipment 210 executes method described in above method embodiment.
In another possible design, authentication information processing equipment 210 may include circuit, and the circuit may be implemented
The function of sending or receiving or communicate in preceding method embodiment.
Optionally, the number of memory 2110 can be one or more, storage in the authentication information processing equipment 210
There are instruction or intermediate data on device 2110, described instruction can be run on the processor 2120, so that the certification
Information processing equipment 210 executes method described in above method embodiment.Optionally, it can also be deposited in the memory 2110
Contain other related datas.Optionally it also can store instruction and/or data in processor 2120.It the processor 2120 and deposits
Reservoir 2110 can be separately provided, and also can integrate together.
In addition, as shown in fig. 6, being additionally provided with transceiver 2130 in the authentication information processing equipment 210, wherein described
Transceiver 2130 is properly termed as Transmit-Receive Unit, transceiver, transmission circuit or transceiver etc., for test equipment or other
Terminal device carries out data transmission or communicates, and details are not described herein.
As shown in fig. 6, memory 2110, processor 2120 are connected and communicated with transceiver 2130 by bus.
If the authentication information processing equipment 210 is for realizing the method corresponded in Fig. 3, for example, can be by transceiver
2130 acquisition response messages simultaneously send authentication information to certificate server.And processor 2120 for complete accordingly determine or
Control operation optionally can also store corresponding instruction in memory 2110.The specific processing mode of all parts can
With the associated description with reference to previous embodiment.
In addition, it is stored thereon with computer program the embodiment of the invention provides a kind of readable storage medium storing program for executing, the computer
Program is executed by processor to realize the method as described in embodiment one.
And the embodiment of the invention provides a kind of authentication information processing systems, referring to FIG. 2, the authentication information is handled
System 200, comprising:
Authentication information processing equipment 210, for executing authentication information processing method provided by the embodiment of the present invention;
Address allocating device 220, for and sending response message to distribute address according to the certification request of access device;
Certificate server 230, the authentication information for being sent according to the authentication information processing equipment set the access
It is standby to carry out access authentication.
Specifically, the part that each equipment is not described in detail in the authentication information processing system 200, it can be with reference pair embodiment one
Related description.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.The present invention is directed to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claims are pointed out.
Claims (11)
1. a kind of authentication information processing method characterized by comprising
Authentication information processing equipment obtains the response message that address allocating device is directed to access device, carries in the response message
The network address and physical address of the access device;
The authentication information processing equipment determines the authentication information of the access device according to the response message;
The authentication information is sent to certificate server by the authentication information processing equipment, so that the certificate server root
Access authentication is carried out to the access device according to the authentication information.
2. the method according to claim 1, wherein the authentication information processing equipment is reported according to the response
Text determines the authentication information of the access device, comprising:
The physical address and the network address are determined as the authentication information by the authentication information processing equipment;Alternatively,
The physical address is determined as the authentication information by the authentication information processing equipment.
3. the method according to claim 1, wherein the authentication information processing equipment is reported according to the response
Text determines the authentication information of the access device, comprising:
The authentication information processing equipment obtains the corresponding authenticating identity letter of the physical address according to the corresponding relationship prestored
Breath, and the authenticating identity information is determined as the authentication information;
Wherein, corresponding relationship of the corresponding relationship between physical address and authenticating identity information.
4. according to the method described in claim 3, it is characterized in that, the authentication information processing equipment is reported according to the response
Text, before the authentication information for determining the access device, the method also includes:
The authentication information processing equipment obtains the corresponding relationship of the certificate server maintenance;
The authentication information processing equipment stores the corresponding relationship.
5. the method according to claim 1, wherein the authentication information processing equipment and the access device it
Between for two layers of networking or across three layers of networking.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
The authentication information processing equipment is transmitted to institute in a manner of locally forwarding, by the access request that the access device is initiated
State address allocating device.
7. the method according to claim 1, wherein the authentication information processing equipment includes: access controller
Or internet behavior equipment.
8. a kind of authentication information processing equipment characterized by comprising
Module is obtained, the response message for being directed to access device for obtaining address allocating device carries institute in the response message
It states between the network address of access device and physical address;
Determining module, for determining the authentication information of the access device according to the response message;
Transceiver module, for the authentication information to be sent to certificate server, so that the certificate server is according to
Authentication information carries out access authentication to the access device.
9. a kind of authentication information processing equipment characterized by comprising
Memory;
Processor;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor to realize such as
The described in any item methods of claim 1-7.
10. a kind of computer readable storage medium, which is characterized in that it is stored thereon with computer program,
The computer program is executed by processor to realize the method according to claim 1 to 7.
11. a kind of authentication information processing system characterized by comprising
Authentication information processing equipment, for executing the method according to claim 1 to 7;
Address allocating device, for and sending response message to distribute address according to the certification request of access device;
Certificate server, the authentication information for being sent according to the authentication information processing equipment connect the access device
Enter certification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910234255.7A CN109962917A (en) | 2019-03-26 | 2019-03-26 | Authentication information processing method and equipment, system, storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910234255.7A CN109962917A (en) | 2019-03-26 | 2019-03-26 | Authentication information processing method and equipment, system, storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109962917A true CN109962917A (en) | 2019-07-02 |
Family
ID=67024936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910234255.7A Pending CN109962917A (en) | 2019-03-26 | 2019-03-26 | Authentication information processing method and equipment, system, storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109962917A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837470A (en) * | 2019-11-06 | 2020-02-25 | 中国银行股份有限公司 | Method and device for testing bank card network transaction |
| CN113727344A (en) * | 2020-05-25 | 2021-11-30 | 北京锐云通信息技术有限公司 | Multi-factor authentication method in different scene safe internet access |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103874069A (en) * | 2014-03-24 | 2014-06-18 | 杭州华三通信技术有限公司 | MAC authentication device and method of wireless terminal |
| CN106790734A (en) * | 2016-01-29 | 2017-05-31 | 新华三技术有限公司 | A kind of network address assignment method and device |
| CN107547501A (en) * | 2017-05-26 | 2018-01-05 | 新华三技术有限公司 | Identity identifying method and device |
| CN107800697A (en) * | 2017-10-26 | 2018-03-13 | 新华三技术有限公司 | Access authentication method and device |
| CN108200023A (en) * | 2017-12-25 | 2018-06-22 | 锐捷网络股份有限公司 | Unaware authentication method and device |
-
2019
- 2019-03-26 CN CN201910234255.7A patent/CN109962917A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103874069A (en) * | 2014-03-24 | 2014-06-18 | 杭州华三通信技术有限公司 | MAC authentication device and method of wireless terminal |
| CN106790734A (en) * | 2016-01-29 | 2017-05-31 | 新华三技术有限公司 | A kind of network address assignment method and device |
| CN107547501A (en) * | 2017-05-26 | 2018-01-05 | 新华三技术有限公司 | Identity identifying method and device |
| CN107800697A (en) * | 2017-10-26 | 2018-03-13 | 新华三技术有限公司 | Access authentication method and device |
| CN108200023A (en) * | 2017-12-25 | 2018-06-22 | 锐捷网络股份有限公司 | Unaware authentication method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837470A (en) * | 2019-11-06 | 2020-02-25 | 中国银行股份有限公司 | Method and device for testing bank card network transaction |
| CN110837470B (en) * | 2019-11-06 | 2024-01-23 | 中国银行股份有限公司 | Bank card network transaction testing method and device |
| CN113727344A (en) * | 2020-05-25 | 2021-11-30 | 北京锐云通信息技术有限公司 | Multi-factor authentication method in different scene safe internet access |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102884819B (en) | System and method for WLAN roaming traffic authentication | |
| KR101243713B1 (en) | Wireless lan access point and method for accessing wireless lan | |
| CN108075987A (en) | A kind of multi-path data transmission method and equipment | |
| CN108833238A (en) | Equipment matches network method | |
| CN104735027B (en) | A kind of safety certifying method and authentication server | |
| CN105981345B (en) | The Lawful intercept of WI-FI/ packet-based core networks access | |
| CN102172062B (en) | Communication system, connection control device, mobile terminal, base station control method, service request method and program | |
| CN103023856B (en) | Method, system and the information processing method of single-sign-on, system | |
| CN103873449B (en) | Method for network access and system | |
| CN110086757A (en) | Communication means and communication device | |
| CN103716213A (en) | Method for operation in fixed access network and method for operation in user equipment | |
| CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
| CN108737585A (en) | The distribution method and device of IP address | |
| CN106027565A (en) | PPPOE (Point-to-Point Protocol over Ethernet)-based Intranet-Extranet uniform authentication method and device | |
| CN102739684A (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN105592180B (en) | A kind of method and apparatus of Portal certification | |
| CN103067337A (en) | Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system | |
| CN109769249A (en) | A kind of authentication method, system and its apparatus | |
| CN109962917A (en) | Authentication information processing method and equipment, system, storage medium | |
| CN104144491A (en) | Method and system used for positioning WiFi terminal in real time | |
| CN107135506A (en) | A kind of portal authentication methods, apparatus and system | |
| CN109067729A (en) | A kind of authentication method and device | |
| CN104168564B (en) | Authentication method and device based on GPRS network and integrated identification network | |
| CN105850095B (en) | Authentication associated method and system | |
| CN103563419B (en) | The security association of universal guiding structure type is realized for the terminal in mobile telecom network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190702 |