CN1581792A - Network access anthentication method for improving network management performance - Google Patents
Network access anthentication method for improving network management performance Download PDFInfo
- Publication number
- CN1581792A CN1581792A CN 03143771 CN03143771A CN1581792A CN 1581792 A CN1581792 A CN 1581792A CN 03143771 CN03143771 CN 03143771 CN 03143771 A CN03143771 A CN 03143771A CN 1581792 A CN1581792 A CN 1581792A
- Authority
- CN
- China
- Prior art keywords
- user
- network
- access
- network access
- account number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
Network access facility determines users' accounts and relevant cipher automatically based on information of physical location, and initiates authentication procedure to authentication end by using determined account and cipher instead of the user. Thus, the invention realizes effects: users do not need to take part in authentication procedure, users do not need to input name and cipher, and do not need to use assistant client authentication end. These users are as manageable users. The invention is convenient for authentication of servers, dumb terminals and users, who have no limitation for using network, also for network managers for managing their users.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of network access verifying method that improves network administration properties.
Background technology
Development along with broadband network technology, the also variation day by day of service that Virtual network operator provides by network, Virtual network operator is for guaranteeing its operation interests, usually need carry out the control of network rights of using to the user of access network, promptly require the user of access network essential by after the authentication, just can normally use network, obtain the various services that Virtual network operator provides.
Currently used authentication mode mainly contains WEB (World Wide Web) authentication mode, 802.1 authentication modes etc.Wherein, based on the increasing Virtual network operator employing of the authenticating user identification technology quilt of WEB web portal pages, become authentication mode main in the broadband access gradually.The WEB authentication is a kind of authentication mode based on browser, and in the WEB authentication mode, the user submits to subscriber identity information (user account number and password) to carry out authentication by web browser.
With the WEB authentication is example, the user at first obtains an IP address by DHCP (DHCP) process, this moment, the user had only limited network rights of using, can visit some websites of qualification, as PORTAL SERVER (portal server) and some advertisement pages etc.; Then, the user can pass through browser access PORTAL SERVER, and inputs user account number (being user name) and password carries out authentication on web portal pages, to obtain bigger network rights of using.The user by authentication after, PORTAL SERVER then can issue a page to the user, be information such as user prompt online time, transmitting-receiving byte, and the user has also obtained corresponding authority.
Other authentication mode also has with WEB and authenticates similar characteristics, all needs the user to carry out manual operations, input user account number and password on the WEB page or other assistant client terminals, and initiatively initiate verification process by the user.
Yet, in the network environment of reality, also there is the user of some special access networks, comprise server, dumb terminal and superuser etc.Wherein, server just has certain visit/accessed authority usually under default situations, and server should not need artificial intervention in restarting process; And dumb terminal itself has only limited disposal ability, though it can obtain the IP address by the DHCP agreement, does not support to initiate verification process by browser or other terminal software; Superuser is meant that then some is in the user of specific physical location, and they have obtained the IP address does not need to initiate verification process later on and just have network rights of using partly or completely.
By in the top description as can be seen, authentication modes such as WEB authentication can't be applicable to special users such as server, dumb terminal and superuser.If but do not carry out the authentication and the mandate of access network at these special users, then can't carry out control and management effectively to these users effectively, reduced the manageability and the maintainability of network, this obviously wishes that with Virtual network operator the idea that improves network manageability and maintainability disagrees.
Summary of the invention
The purpose of this invention is to provide a kind of network access verifying method that improves network administration properties, carry out authentication, thereby improve the Network Management performance to make things convenient for server, dumb terminal and superuser.
The object of the present invention is achieved like this:
Described a kind of network access verifying method that improves network administration properties comprises:
Network access equipment is determined the user of access network, and obtains this access user's access information;
Determine this user's account number and password according to the user's who obtains access information;
Network access equipment is initiated verification process at this user according to this user's account number and password, and according to authentication result this user's authority is controlled.
The network access verifying method of described raising network administration properties also comprises:
Configuration need be replaced the user's of initiation verification process user profile by network access equipment in network access equipment, and described user profile comprises: user's access interface information, VLANID (VLAN ID);
Configuration generates the corresponding user account number and the rule of password according to user's access information in network access equipment.
Described network access equipment is determined the user of access network, and the access information that obtains this access user further comprises:
Behind the user access network, obtain IP (Internet protocol) address by DHCP (DHCP) process or human configuration;
Determine that this user is the user who is replaced initiating verification process by network access equipment;
Network access equipment obtains this access user's access information.
The described access information that obtains this access user is: network access equipment obtains its access information according to the physical location information that inserts the user.
Described access information is: insert one or more in user's the customer identification information of VLANID, MAC (medium access control) address, IP address and user's message carrying of groove position, access interface, access.
The user's that described basis is obtained access information determines that this user's account number and password comprise:
In network access equipment, generate this user's account number according to the rule of the generation user account number that disposes in user's access information and the network access equipment;
In network access equipment, search and definite user cipher corresponding according to the user account number that generates with this user account number.
The user's that described basis is obtained access information determines that this user's account number and password comprise: in network access equipment, generate this user's account number and password automatically according to the rule of generation user account number that disposes in user's access information and the network access equipment and password.
Described network access equipment is initiated verification process at this user according to this user's account number and password, and according to authentication result this user's authority is controlled further and to be comprised:
Be in the user of pre-connection state by network access equipment according to this, promptly do not pass through the account number and the password of the network access user of authentication and hold request authentication to authentication, if authentication is passed through, the network rights of using that the user obtains to stipulate, otherwise, this user's connection status still remains the pre-connection state, and the user can't normally use network.
Described authentication end is: local authentication end or RADIUS (long-range) certificate server.
The network access verifying method of described raising network administration properties also comprises: network access equipment is periodically initiated verification process automatically according to the user account number and the password that are in pre-connection state user.
By technique scheme as can be seen, method provided by the present invention can generate user account number and obtain corresponding password according to configuration network access equipment automatically according to the physical location information that the user inserts, initiate verification process then, whole authentication process replaces the user to finish by network access equipment, does not need user's participation.Being directed to server, dumb terminal and superuser etc. so neither needs them to carry out manual verification process, but but, greatly facilitate authentication, mandate and management to server, dumb terminal and superuser also the unified category of having brought leading subscriber into of these users.
In the method provided by the present invention, whether the user initiates verification process by network access equipment, and needed password all can pass through the order line flexible configuration during authentication of network access equipment participating user, simultaneously, the present invention can carry out authentication to the user of all access networks, the management of access customer that achieves a butt joint, thus the manageability and the maintainability of network insertion improved.
Description of drawings
Fig. 1 the specific embodiment of the present invention flow chart.
Embodiment
Among the present invention, the user neither needs to sign in to portal website and authenticates, do not need to authenticate by other assistant client terminals yet, but after the user obtains the IP address, by the physical location information of network access equipment according to user access network, include but not limited to slot number, port numbers, VLANID (VLAN ID) etc. generates this user's user account and password automatically, and replace the user to initiate verification process to RADIUS (long-range) certificate server or local authentication end etc. by network access equipment, carry out authentication, thereby realize at server, special user's such as dumb terminal and superuser network access authentication.
The specific implementation of the network access verifying method of raising network administration properties of the present invention may further comprise the steps as shown in Figure 1:
Step 100: during user access network, the user of access network who determines to be in the pre-connection state is for initiating verification process by network access equipment;
The described user who is in the pre-connection state is: in network access equipment, obtain the IP address by dhcp process or manual configuration, but the access user by authentication not; For the user who obtains IP address and network of relation parameter by DHCP, because network access equipment has participated in user's dhcp process, so when finding that the user has finished dhcp process, when having obtained the IP address, determine that then this user has inserted network, if thereby the user does not also obtain corresponding network rights of using through authentication, network access equipment determines that the user of this moment is in a kind of state of pre-connection; User for IP address by manual configuration and relevant network parameter, network access equipment need be surveyed the user who has disposed and whether be linked into network, when detecting this user during access network, if this user does not also obtain corresponding network rights of using by authentication, then this state of user is changed to the pre-connection state;
Usually in network, both having existed need be by user oneself input user account number and password, and the user of initiation verification process, also exist as server, dumb terminal and superuser etc. need be initiated the special user of verification process by network access equipment, so, when user access network, at first need to determine to insert the user for initiating the user of verification process by network access equipment, only be defined as and just continue to carry out following steps by the user that network access equipment is initiated verification process, and insert the user for other, then still authenticate according to original verification process;
For realizing the present invention, in network access equipment, need pre-configured which user to initiate authentication by network access equipment, so that according to the user profile that inserts the user, whether be the user who initiates verification process by network access equipment as the port of access or affiliated definite users such as VLAN.
Step 101: network access equipment is determined this user's access information according to access network user's physical location information, and described access information includes but not limited to: the identifying information etc. of VLANID, MAC (medium access control) address, IP address and user's message carrying that inserts user's groove position, access interface, access;
The user's that network access equipment need obtain access information content also is to dispose in network access equipment in advance, such as being configured to obtain access interface and the VLANID that inserts the user, perhaps is configured to obtain the MAC Address that inserts the user etc.
Step 102: network access equipment generates user account number and the password corresponding with this user according to the access information of determining automatically according to the automatic generation user subsides of setting and the rule of password;
Automatically generate the rule of user account number and password in network access equipment, setting in advance as required; User account number can generate according to the mode that rule is adopted as access information configuration prefix or suffix, also can select one or more access informations combinations to generate according to rule; User's password can generate according to access information with user's account number simultaneously, also can in network access equipment, dispose in advance, the corresponding user cipher of each user account number that may generate, after user account number generates, the user cipher corresponding with it according to the user account number index.
Step 103: network access equipment replaces this user to initiate verification process to the authentication end, promptly send authentication request packet to the authentication end, carrying this user's account number and password in the message, to carry out this access user's authentication, for the user who is in the pre-connection state obtains corresponding network rights of using;
Described authentication end comprises local authentication end, RADIUS authentication server or other authentication ends.
Step 104: the network rights of using of determining this access user according to authentication result;
If authentication is passed through, then this access user enters service connected state, obtains the network rights of using into its configuration;
If by authentication, then this access user is not still keeping the pre-connection state, authentification failure might be not dispose this user's corresponding account number information on the authentication end, or the user cipher configuration error of this user's correspondence on the network access equipment etc.
Among the present invention in order to guarantee after the reason that causes authentification failure is eliminated, this user can also initiate verification process once more, and by authentication, network access equipment needs periodically the user who is in the pre-connection state to be initiated verification process automatically, if not yet by authentication, then continue to wait for the network access equipment next cycle at this Client-initiated verification process, until this user by authentication.
Description by the invention described above specific implementation as can be seen, adopting the present invention is transparent to the whole process butt joint access customer that corresponding access user authenticates, the user also need not to participate in verification process; When the user is linked in the network, network access equipment will replace this user to initiate verification process automatically, after promptly having used authentication mode of the present invention, user's network rights of using are to be controlled by network access equipment, with respect to concerning the user with the mode access network that does not authenticate, the management control of use of the present invention is more convenient Virtual network operator butt joint access customer.
Claims (10)
1, a kind of network access verifying method that improves network administration properties is characterized in that comprising:
Network access equipment is determined the user of access network, and obtains this access user's access information;
Determine this user's account number and password according to the user's who obtains access information;
Network access equipment is initiated verification process at this user according to this user's account number and password, and according to authentication result this user's authority is controlled.
2, the network access verifying method of raising network administration properties according to claim 1 is characterized in that this method also comprises:
Configuration need be replaced the user's of initiation verification process user profile by network access equipment in network access equipment, and described user profile comprises: user's access interface information, VLANID (VLAN ID);
Configuration generates the corresponding user account number and the rule of password according to user's access information in network access equipment.
3, the network access verifying method of raising network administration properties according to claim 1 and 2 is characterized in that described network access equipment determines the user of access network, and the access information that obtains this access user further comprises:
Behind the user access network, obtain IP (Internet protocol) address by DHCP (DHCP) process or human configuration;
Determine that this user is the user who is replaced initiating verification process by network access equipment;
Network access equipment obtains this access user's access information.
4, the network access verifying method of raising network administration properties according to claim 1 is characterized in that the described access information that obtains this access user is: network access equipment obtains its access information according to the physical location information that inserts the user.
5, according to the network access verifying method of claim 1 or 4 described raising network administration properties, it is characterized in that described access information is: insert one or more in user's the customer identification information of VLANID, MAC (medium access control) address, IP address and user's message carrying of groove position, access interface, access.
6, the network access verifying method of raising network administration properties according to claim 1 and 2 is characterized in that the user's that described basis is obtained access information determines that this user's account number and password comprise:
In network access equipment, generate this user's account number according to the rule of the generation user account number that disposes in user's access information and the network access equipment;
In network access equipment, search and definite user cipher corresponding according to the user account number that generates with this user account number.
7, the network access verifying method of raising network administration properties according to claim 1, the access information that it is characterized in that the user that described basis is obtained determines that this user's account number and password comprise: in network access equipment, generate this user's account number and password automatically according to the rule of generation user account number that disposes in user's access information and the network access equipment and password.
8, the network access verifying method of raising network administration properties according to claim 1, it is characterized in that described network access equipment initiates verification process at this user according to this user's account number and password, and according to authentication result this user's authority controlled further and to be comprised:
Be in the user of pre-connection state by network access equipment according to this, promptly do not pass through the account number and the password of the network access user of authentication and hold request authentication to authentication, if authentication is passed through, the network rights of using that the user obtains to stipulate, otherwise, this user's connection status still remains the pre-connection state, and the user can't normally use network.
9, the network access verifying method of raising network administration properties according to claim 8 is characterized in that described authentication end is: local authentication end or RADIUS (long-range) certificate server.
10, according to the network access verifying method of claim 1 or 8 described raising network administration properties, it is characterized in that this method also comprises: network access equipment is periodically initiated verification process automatically according to the user account number and the password that are in pre-connection state user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031437710A CN1309213C (en) | 2003-08-01 | 2003-08-01 | Network access anthentication method for improving network management performance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031437710A CN1309213C (en) | 2003-08-01 | 2003-08-01 | Network access anthentication method for improving network management performance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1581792A true CN1581792A (en) | 2005-02-16 |
| CN1309213C CN1309213C (en) | 2007-04-04 |
Family
ID=34579513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031437710A Expired - Lifetime CN1309213C (en) | 2003-08-01 | 2003-08-01 | Network access anthentication method for improving network management performance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1309213C (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008052475A1 (en) * | 2006-10-27 | 2008-05-08 | Huawei Technologies Co., Ltd. | A method, system and device for multicast authenticating |
| CN101640592A (en) * | 2008-07-28 | 2010-02-03 | 深圳华为通信技术有限公司 | Authentication method, authentication system, terminal and server |
| CN101174952B (en) * | 2006-10-31 | 2010-05-19 | 中兴通讯股份有限公司 | Automatic authentication method and device for IPTV service |
| CN103249115A (en) * | 2013-05-07 | 2013-08-14 | 中国联合网络通信集团有限公司 | Policy configuration method and device |
| CN103688564A (en) * | 2011-05-13 | 2014-03-26 | 黑莓有限公司 | Automatic access to network nodes |
| CN103988169A (en) * | 2011-09-27 | 2014-08-13 | 亚马逊技术股份有限公司 | Policy compliance-based secure data access |
| CN104468460A (en) * | 2013-09-12 | 2015-03-25 | 方正宽带网络服务股份有限公司 | Automatic authentication apparatus for network access and automatic authentication method for network access |
| CN104462939A (en) * | 2014-12-31 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Inter-cluster node password information processing method and system |
| CN104883341A (en) * | 2014-02-28 | 2015-09-02 | 宇龙计算机通信科技(深圳)有限公司 | Application management device, terminal and application management method |
| CN108366010A (en) * | 2018-01-15 | 2018-08-03 | 华南理工大学 | A kind of Email filing system and its data processing method based on cloud storage |
| CN110677851A (en) * | 2019-08-29 | 2020-01-10 | 努比亚技术有限公司 | Terminal network access method and network access equipment access method |
| CN110753062A (en) * | 2019-10-25 | 2020-02-04 | 赛尔网络有限公司 | Authentication method, device, system and medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2348778A (en) * | 1999-04-08 | 2000-10-11 | Ericsson Telefon Ab L M | Authentication in mobile internet access |
| CN1241366C (en) * | 2001-06-19 | 2006-02-08 | 中兴通讯股份有限公司 | Allocation method of wide band access user |
| CN1228943C (en) * | 2001-11-22 | 2005-11-23 | 中兴通讯股份有限公司 | User authentication management method in Ethernet broadband access system |
| CN1185831C (en) * | 2001-12-13 | 2005-01-19 | 华为技术有限公司 | Method for managing users in wide hand city network |
-
2003
- 2003-08-01 CN CNB031437710A patent/CN1309213C/en not_active Expired - Lifetime
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008052475A1 (en) * | 2006-10-27 | 2008-05-08 | Huawei Technologies Co., Ltd. | A method, system and device for multicast authenticating |
| CN101174952B (en) * | 2006-10-31 | 2010-05-19 | 中兴通讯股份有限公司 | Automatic authentication method and device for IPTV service |
| CN101640592A (en) * | 2008-07-28 | 2010-02-03 | 深圳华为通信技术有限公司 | Authentication method, authentication system, terminal and server |
| CN103688564A (en) * | 2011-05-13 | 2014-03-26 | 黑莓有限公司 | Automatic access to network nodes |
| CN103988169A (en) * | 2011-09-27 | 2014-08-13 | 亚马逊技术股份有限公司 | Policy compliance-based secure data access |
| CN103988169B (en) * | 2011-09-27 | 2017-06-23 | 亚马逊技术股份有限公司 | Secure data based on tactful accordance is accessed |
| CN103249115B (en) * | 2013-05-07 | 2015-12-02 | 中国联合网络通信集团有限公司 | Tactics configuring method and device |
| CN103249115A (en) * | 2013-05-07 | 2013-08-14 | 中国联合网络通信集团有限公司 | Policy configuration method and device |
| CN104468460A (en) * | 2013-09-12 | 2015-03-25 | 方正宽带网络服务股份有限公司 | Automatic authentication apparatus for network access and automatic authentication method for network access |
| CN104883341A (en) * | 2014-02-28 | 2015-09-02 | 宇龙计算机通信科技(深圳)有限公司 | Application management device, terminal and application management method |
| CN104883341B (en) * | 2014-02-28 | 2019-01-25 | 宇龙计算机通信科技(深圳)有限公司 | Application management device, terminal and application management method |
| CN104462939A (en) * | 2014-12-31 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Inter-cluster node password information processing method and system |
| CN104462939B (en) * | 2014-12-31 | 2017-11-17 | 浪潮(北京)电子信息产业有限公司 | Encrypted message processing method and system between a kind of clustered node |
| CN108366010A (en) * | 2018-01-15 | 2018-08-03 | 华南理工大学 | A kind of Email filing system and its data processing method based on cloud storage |
| CN110677851A (en) * | 2019-08-29 | 2020-01-10 | 努比亚技术有限公司 | Terminal network access method and network access equipment access method |
| CN110753062A (en) * | 2019-10-25 | 2020-02-04 | 赛尔网络有限公司 | Authentication method, device, system and medium |
| CN110753062B (en) * | 2019-10-25 | 2022-01-04 | 赛尔网络有限公司 | Authentication method, device, system and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1309213C (en) | 2007-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1212716C (en) | Method of sharing subscriber confirming information in different application systems of internet | |
| Finseth | An access control protocol, sometimes called TACACS | |
| KR101265305B1 (en) | Preventing fraudulent internet account access | |
| US7783767B2 (en) | System and method for distributed media streaming and sharing | |
| JP4195450B2 (en) | Single sign-on method for packet radio network users roaming multi-country operator networks | |
| CN1523811A (en) | System and method for user authentication at the level of the access network during a connection of the user to the internet | |
| CN1309213C (en) | Network access anthentication method for improving network management performance | |
| CN101465856A (en) | Method and system for controlling user access | |
| US20020147929A1 (en) | Access control for distributed content servers | |
| CN1471259A (en) | User authentication system and user authentication method | |
| CN1252961C (en) | Method for authenticating group broadcast service | |
| CN1400771A (en) | Biostatistically verified VLAN | |
| MX2011003223A (en) | Service provider access. | |
| CN101064714A (en) | Service dispensing method | |
| CN1874226A (en) | Terminal access method and system | |
| CN1647451A (en) | Monitoring of information in a network environment | |
| WO2008034355A1 (en) | The method, device and system for network service authenticating | |
| CN107872445A (en) | Access authentication method, equipment and Verification System | |
| CN112039873A (en) | Method for accessing business system by single sign-on | |
| CN1725687A (en) | Security identification method | |
| CN1292200A (en) | Broadcast network with interactive services | |
| CN1538706A (en) | HTTP relocation method for WEB identification | |
| CN1248448C (en) | Broadband network access method | |
| US8112535B2 (en) | Securing a server in a dynamic addressing environment | |
| CN1486025A (en) | Checking method of PPPoE L2 transparent transmission port-username binding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230420 Address after: Room 910, 9th Floor, Building 1, No. 22 Jianguomenwai Street (Saite Building), Chaoyang District, Beijing, 100022 Patentee after: Beijing Zhifang Intellectual Property Management Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20070404 |