WO2017181800A1 - Adaptive portal authentication page system based on operating system, and method for same - Google Patents

Adaptive portal authentication page system based on operating system, and method for same Download PDF

Info

Publication number
WO2017181800A1
WO2017181800A1 PCT/CN2017/077407 CN2017077407W WO2017181800A1 WO 2017181800 A1 WO2017181800 A1 WO 2017181800A1 CN 2017077407 W CN2017077407 W CN 2017077407W WO 2017181800 A1 WO2017181800 A1 WO 2017181800A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
portal authentication
wireless terminal
access point
packet
Prior art date
Application number
PCT/CN2017/077407
Other languages
French (fr)
Chinese (zh)
Inventor
王斌
Original Assignee
上海斐讯数据通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海斐讯数据通信技术有限公司 filed Critical 上海斐讯数据通信技术有限公司
Publication of WO2017181800A1 publication Critical patent/WO2017181800A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a portal authentication page adaptation system and method thereof.
  • Portal authentication is an authentication method for Internet access. It is usually Web (web) authentication.
  • the Portal authentication web page is usually called a portal.
  • a portal When a user connects to a network that requires Portal authentication but is not authenticated, the terminal is forced to log in to a specific portal site to access the services contained therein free of charge; but when the user needs to use other information on the Internet, it must be on the portal.
  • Internet resources can only be used after the certification has passed.
  • Portal authentication is widely used because it has the advantages of client-free and forced advertisement.
  • the terminal obtains an IP (Internet Protocol) address through DHCP (Dynamic Host Configuration Protocol), and then initiates HTTP (Hyper Text Transfer Protocol) containing user information to any URL.
  • IP Internet Protocol
  • DHCP Dynamic Host Configuration Protocol
  • HTTP Hyper Text Transfer Protocol
  • the transport protocol requests the packet to authenticate to the Portal server.
  • the Portal server authenticates the user successfully, the same Portal authentication interface is pushed to all the terminals.
  • the browser sends an HTTP request message with the User Agent field
  • the User Agent field is only relevant to the browser type and can only distinguish between different browsers, but not different operating systems.
  • the present invention provides an operating system-based portal authentication page adaptation system and method thereof, which are capable of pushing different portal authentication pages according to different operating systems in the wireless terminal.
  • An operating system-based portal authentication page adaptive system comprising: a wireless terminal with a built-in operating system, a wireless access point, and a portal authentication server, wherein
  • the wireless access point is wirelessly connected to the wireless terminal, and the wireless access point intercepts a first Hypertext Transfer Protocol (HTTP) request message sent by the wireless terminal, and is based on The first HTTP request message forges a temporary redirect message and feeds back to the wireless terminal;
  • HTTP Hypertext Transfer Protocol
  • the temporary redirect message specifically includes a second uniform resource locator of the portal authentication server (Uniform Resource Locator) (hereinafter referred to as URL), the second URL includes a type parameter of a system type to which the operating system belongs in the wireless terminal;
  • URL Uniform Resource Locator
  • the portal authentication server is in communication with the wireless access point, and the portal authentication server receives, by the wireless access point, a second hypertext transmission including the second uniform resource locator sent by the wireless terminal.
  • the protocol requests the message, and then automatically pushes the corresponding portal authentication page to the wireless terminal.
  • the second URL mentioned here is a location that the wireless terminal needs to jump to perform portal authentication, so that when the authentication server receives the second HTTP request message, the second URL can be extracted therefrom, thereby obtaining The type of the system to which the operating system belongs in the wireless terminal is included, and finally the authentication server pushes the corresponding portal authentication page based on the system type.
  • the operation is simple and convenient, and the wireless terminal of different operating systems can jump to different portal authentication pages, improve the user experience, expand the application of the portal authentication system, and effectively solve the same push for all wireless terminals in the existing portal authentication system. The problem with the portal authentication page.
  • the wireless access point includes: a first control module, a packet interception module, a first packet generation module, a first storage module, and a message sending module, where
  • the first storage module is connected to the first control module, and the first storage module prestores a first uniform resource locator of the portal authentication server and a type parameter of a system type to which the wireless terminal belongs;
  • the packet intercepting module is connected to the first control module, and the packet intercepting module intercepts the first hypertext transfer protocol request message sent by the wireless terminal under the control of the first control module;
  • the first packet generating module is respectively connected to the packet intercepting module, the first storage module, and the first control module, and the first packet generating module is controlled by the first control module.
  • a first uniform resource locator of the portal authentication server and a type parameter of the system type to which the wireless terminal belongs to generate a second uniform resource locator, and generate a temporary redirect message based on the second uniform resource locator ;
  • the packet sending module is configured to connect the first packet generating module to the first control module, where the packet sending module is configured to send the temporary redirecting packet.
  • the wireless access point intercepts the first HTTP request message sent by the wireless terminal, and adds the system type to which the wireless terminal belongs to the first URL of the authentication server to obtain the second URL and feeds back to the wireless terminal.
  • the following wireless terminal adds the second URL to the second HTTP request message, so that the authentication server receives the second URL and obtains the system type to which the operating system belongs in the wireless terminal.
  • the authentication server includes: a second control module, a second storage module, a message receiving module, and a portal authentication page feedback module, where
  • the second storage module is connected to the second control module, and the second storage module prestores an association relationship between different operating system types and a corresponding portal authentication page;
  • the message receiving module is connected to the second control module, and the message receiving module receives the second HTTP request message sent by the wireless terminal under the control of the second control module;
  • the portal authentication page feedback module is respectively connected to the packet receiving module, the second storage module, and the second control module, and the portal authentication page feedback module is controlled by the second control module, based on the The second URL and the association relationship between the different operating system types pre-stored in the second storage module and the corresponding portal authentication page are fed back to the corresponding portal authentication page.
  • the wireless terminal includes: a monitoring module, a message transceiver module, a second message generation module, and a third control module, where
  • the monitoring module is connected to the third control module, and the monitoring module monitors whether the wireless terminal establishes a connection with the wireless access point under the control of the third control module;
  • the packet sending and receiving module is respectively connected to the monitoring module and the third control module, and the packet sending and receiving module sends an Internet address request message and receives the wireless under the control of the third control module. Temporary redirect message fed back by the access point;
  • the second packet generating module is respectively configured with the monitoring module, the packet sending and receiving module, and the third control The module is connected, and the second packet generating module generates a first HTTP request message based on the monitoring result of the monitoring module, and generates a second HTTP request message based on the temporary redirect message received by the packet sending and receiving module. Text.
  • the first storage module further pre-stores an association relationship between different operating systems and sub-option sorting in a preset option field in the Internet address request message.
  • the wireless access point further includes: an information extraction module and a system type determination module, where
  • the information extraction module is respectively connected to the packet intercepting module and the first control module, and the information extracting module extracts the preset option field included in the Internet address request packet intercepted by the packet intercepting module.
  • the system type determining module is respectively connected to the information extracting module, the first storage module, and the first control module, and the system type determining module is based on the sub-options included in the preset option field extracted by the information extracting module.
  • the sort determines the type of system to which the wireless terminal belongs and stores it in the first storage module.
  • the wireless terminal monitors whether it establishes an intranet connection with the wireless access point at all times, and only sends an Internet address request after detecting that the connection has been established. After that, the wireless access point intercepts the Internet address request and analyzes the order of the sub-options included in the preset option field included therein, thereby determining the system type to which the operating system belongs in the wireless terminal. It should be noted that the arrangement of the sub-options included in the preset option field is different based on different operating systems, and the order of the different operating systems is pre-stored in the wireless access point, so that the subsequent steps can be accurate. Push the corresponding portal authentication page to the wireless terminal. The whole process is simple and precise, and the operability is strong.
  • the invention also provides an operating system-based portal authentication page adaptation method, comprising:
  • the S1 wireless terminal sends the first HTTP request message
  • the S2 wireless access point intercepts the first HTTP request message, and generates a temporary redirect message based on the first HTTP request message falsification;
  • the S3 wireless access point feeds back the generated temporary redirection packet to the wireless terminal.
  • the S4 wireless terminal generates a second HTTP request message based on the received temporary redirection message
  • the S5 portal authentication server receives the second HTTP request message, and automatically pushes a corresponding portal authentication page to the wireless terminal based on the second hypertext transfer protocol request message request.
  • the second URL mentioned here is a location that the wireless terminal needs to jump to perform portal authentication, so that when the authentication server receives the second HTTP request message, the second URL can be extracted therefrom, thereby obtaining The type of the system to which the operating system belongs in the wireless terminal is included, and finally the authentication server pushes the corresponding portal authentication page based on the system type.
  • the operation is simple and convenient, and the wireless terminal of different operating systems can jump to different portal authentication pages, improve the user experience, expand the application of the portal authentication system, and effectively solve the same push for all wireless terminals in the existing portal authentication system. The problem with the portal authentication page.
  • the temporary redirect message specifically includes a second URL of the portal authentication server, where the second URL includes a type parameter of a system type to which the operating system belongs in the wireless terminal.
  • step S2 the method specifically includes:
  • the S21 wireless access point intercepts the first HTTP request message
  • the S22 wireless access point generates a second URL based on the first URL of the pre-stored portal authentication server and the type parameter of the system type to which the wireless terminal belongs, and generates a temporary redirect message based on the second URL;
  • step S3 specifically:
  • the S31 wireless access point generates a second URL based on a first URL of the built-in portal authentication server and a type parameter of the system type to which the wireless terminal belongs;
  • the S32 wireless access point generates a temporary redirect message based on the second URL
  • step S5 specifically:
  • the S51 portal authentication server receives the second HTTP
  • the S52 portal authentication server extracts, at the second URL in the second HTTP, a type parameter of a system type to which the wireless terminal belongs;
  • the S53 portal authentication server pushes the corresponding portal authentication page according to the association relationship between the pre-stored different operating system types and the corresponding portal authentication page.
  • step S1 the following steps are further included:
  • the S11 wireless terminal monitors whether it establishes a connection with the wireless access point
  • the S13 wireless access point intercepts the Internet address request message, and extracts a sequence of sub-options included in the preset option field included therein;
  • the S14 wireless access point determines the system type to which the wireless terminal belongs based on the sorting of the sub-options included in the extracted preset option field and stores the system type.
  • the wireless terminal monitors whether it establishes an intranet connection with the wireless access point at all times, and only sends an Internet address request after detecting that the connection has been established. After that, the wireless access point intercepts the Internet address request and analyzes the order of the sub-options included in the preset option field included therein, thereby determining the system type to which the operating system belongs in the wireless terminal. It should be noted that the arrangement of the sub-options included in the preset option field is different based on different operating systems, and the order of the different operating systems is pre-stored in the wireless access point, so that the subsequent steps can be accurate. Push the corresponding portal authentication page to the wireless terminal. The whole process is simple and precise, and the operability is strong.
  • FIG. 1 is a schematic structural diagram of an operating system-based portal authentication page adaptive system according to the present invention
  • FIG. 2 is a schematic structural diagram of an implementation manner of a wireless access point according to the present invention.
  • FIG. 3 is a schematic structural diagram of an authentication server in the present invention.
  • FIG. 4 is a schematic structural diagram of a wireless terminal according to the present invention.
  • FIG. 5 is a schematic structural diagram of another implementation manner of a wireless access point according to the present invention.
  • FIG. 6 is a schematic flowchart of an operating system-based portal authentication page adaptation method according to the present invention.
  • FIG. 7 is a schematic diagram of a process for determining, by a wireless access point, a type of an operating system in a wireless terminal according to the present invention.
  • 100-Portal Authentication Page Adaptive System 110-Wireless Terminal, 120-Wireless Access Point, 130-gate User authentication server, 111-monitoring module, 112-message transceiver module, 113-second packet generation module, 114-third control module, 121-first control module, 122-message interception module, 123-first Message generation module, 124-first storage module, 125-message sending module, 126-information extraction module, 127-system type determination module, 131-second control module, 132-second storage module, 133-message Receive module, 134-portal authentication page feedback module.
  • FIG. 1 is a schematic structural diagram of an operating system-based portal authentication page adaptation system 100 according to the present invention.
  • the portal authentication page adaptation system 100 includes: a wireless terminal with an internal operating system. 110.
  • the wireless access point 120 and the portal authentication server 130 wherein the wireless access point 120 is wirelessly connected to the wireless terminal 110, and the portal authentication server 130 is communicably connected to the wireless access point 120.
  • the wireless terminal 110 first sends a first HTTP request message based on the TCP (Transmission Control Protocol) 80 port; after the wireless access point 120 intercepts the first HTTP request message, based on the first HTTP
  • the request message forges a temporary redirect message (302 redirect message) and feeds it back to the wireless terminal 110.
  • TCP Transmission Control Protocol
  • the wireless terminal 110 After receiving the temporary redirect message, the wireless terminal 110 generates a second HTTP request message based on the temporary redirect message and sends it to the authentication server. After receiving the second HTTP request message, the portal authentication server 130 automatically pushes the corresponding portal authentication page to the wireless terminal 110 according to the information contained in the second HTTP request message.
  • the wireless terminal 110 may be a smart phone, a tablet, or the like.
  • the second URL of the portal authentication server 130 is specifically included in the temporary redirect message, and the type parameter of the system type to which the operating system belongs in the wireless terminal 110 is included in the second URL.
  • the wireless terminal 110 After receiving the temporary redirect message, the wireless terminal 110 obtains the second URL included therein, and then regenerates the second HTTP request message based on the second URL. In this way, the authentication server can obtain the second HTTP request message after receiving the second HTTP request message.
  • the included second URL further obtains a type parameter of the system type to which the operating system belongs in the wireless terminal 110.
  • the authentication server automatically pushes the portal authentication page corresponding to the Android system; if the operating system in the wireless terminal 110 is an IOS system, the authentication server automatically pushes the corresponding Portal authentication page, and so on.
  • the wireless access point 120 includes: a first control module 121, a packet intercepting module 122, a first packet generating module 123, a first storage module 124, and a packet.
  • the sending module 125 wherein the first control module 121 is connected to the packet intercepting module 122, the first packet generating module 123, the first storage module 124, and the message sending module 125, respectively, for controlling the working of the wireless access point 120.
  • the first packet generating module 123 is connected to the packet intercepting module 122 and the first storage module 124
  • the packet sending module 125 is connected to the first packet generating module 123.
  • the message intercepting module 122 intercepts the first HTTP request message sent by the wireless terminal 110 under the control of the first control module 121, and then sends it to the first message generating module 123.
  • the first message generating module 123 is based on the first URL of the portal authentication server 130 stored in the first storage module 124 and the wireless terminal 110 under the control of the first control module 121.
  • the type parameter of the system type generates a second URL (putting the system type parameter of the wireless terminal 110 into the first URL to obtain the second URL), and then generating a temporary redirect message based on the second URL, and sending the message through the message Module 125 feeds it back to wireless terminal 110.
  • the wireless terminal 110 regenerates the second HTTP request message based on the second URL it includes.
  • the authentication server includes: a second control module 131, a second storage module 132, a message receiving module 133, and a portal authentication page feedback module 134, wherein the second control module 131 respectively
  • the second storage module 132, the message receiving module 133, and the portal authentication page feedback module 134 are connected to control the authentication server to work.
  • the portal authentication page feedback module 134 is connected to the message receiving module 133 and the second storage module 132, respectively.
  • the message receiving module 133 receives the second HTTP request message sent by the wireless terminal 110 under the control of the second control module 131, and sends it to the portal authentication page feedback module 134.
  • the portal authentication page feedback module 134 receives the second HTTP request message, and then extracts the second URL included therein, and then acquires the system type to which the operating system belongs in the wireless terminal 110, and further operates according to different operations prestored in the second storage module 132.
  • the association relationship between the system type and its corresponding portal authentication page is fed back to the corresponding portal authentication page (ie, the corresponding portal authentication page is found in the association relationship stored in the second storage module 132 according to the parsed system type of the wireless terminal 110) .
  • the wireless terminal 110 includes: a monitoring module 111, a message transceiver module 112, a second message generation module 113, and a third control module 114, wherein the monitoring module 111 and the third module
  • the control module 114 is connected to the monitoring module 111 and the third control module 114
  • the second packet generating module 113 is connected to the monitoring module 111, the message transceiver module 112, and the third control module 114, respectively.
  • the wireless access point 120 further includes: an information extraction module 126 and a system type determination module 127, wherein the information extraction module 126 is respectively connected to the message intercepting module 122 and the first control module 121, and the system type determining module 127 is connected to the information extraction module 126, the first storage module 124, and the first control module 121, respectively.
  • the first storage module 124 further pre-stores the association relationship between the sub-options in the preset option fields in different operating systems and Internet address request messages.
  • the monitoring module 111 in the wireless terminal 110 monitors in real time whether the wireless terminal 110 is connected to the wireless device under the control of the third control module 114. Entry point 120 establishes a connection.
  • the message transceiver module 112 sends an Internet address request message (DHCP discovery message) to the DHCP server under the control of the third control module 114.
  • the wireless access point 120 serves as a necessary path between the wireless terminal 110 and the DHCP server, and the packet intercepting module in the wireless access point 120 before the DHCP server receives the Internet address request message.
  • the information extraction module 122 intercepts the Internet address request message and sends it to the information extraction module 126.
  • the information extraction module 126 extracts and analyzes the mutual The ordering of the sub-options contained in the preset option field included in the networked address request message is sent to the system type decision module 127.
  • the system type determining module 127 sorts the sub-options included in the preset option field extracted by the information extracting module 126 in the first storage module 124. The system type corresponding to the system is found and stored in the first storage module 124, thereby completing the acquisition of the system type of the operating system in the wireless terminal 110 in the wireless access point 120.
  • the wireless terminal 110 sends a DHCP discovery message for obtaining an IP address to the DHCP server.
  • the wireless access point 120 intercepts the DHCP discovery message
  • the wireless terminal 110 analyzes the order of the sub-items included in the option 55 field of the DHCP discovery message (the order of the sub-options included in the preset option field).
  • the operating system's system type is stored locally.
  • the wireless access point 120 intercepts the first HTTP request message, and then falsifies the temporary redirect message to the wireless terminal 110.
  • the temporary redirect message includes a second URL of the portal authentication. That is, the wireless access point 120 places the system type information of the operating system of the wireless terminal 110 found in the DHCP discovery message as a parameter in the first URL of the authentication server to obtain the second URL.
  • the wireless terminal 110 receives the temporary redirect message and sends the second HTTP request message including the second URL to the authentication server, the system type of the operating system of the wireless terminal 110 is merged with the second URL. Brought to the authentication server. After receiving the second URL, the authentication server knows the system type of the operating system of the wireless terminal 110, and can further push different portal authentication pages according to different operating systems.
  • the present invention further provides an operating system-based portal authentication page adaptation method.
  • the portal authentication page adaptation method includes: S1 wireless terminal 110 sends a first HTTP request message; S2 wireless connection The inbound point 120 intercepts the first HTTP request message, and generates a temporary redirection message based on the first HTTP request message spoofing; the S3 wireless access point 120 feeds the generated temporary redirection message back to the wireless terminal 110; The S4 wireless terminal 110 generates a second HTTP request message based on the received temporary redirect message; the S5 portal authentication server 130 receives the second HTTP request message, and automatically pushes the corresponding portal authentication page based on the second HTTP request message. To the wireless terminal 110.
  • the temporary redirect message specifically includes the second URL of the portal authentication server 130, and the second URL includes a type parameter of the system type to which the operating system belongs in the wireless terminal 110.
  • the wireless terminal 110 acquires the second URL included therein, and then regenerates the second HTTP request message based on the second URL.
  • the authentication server can obtain the second URL included in the second HTTP request message, and obtain the type parameter of the system type to which the operating system belongs in the wireless terminal 110.
  • the authentication server automatically pushes the portal authentication page corresponding to the Android system; if the operating system in the wireless terminal 110 is an IOS system, the authentication server automatically pushes the corresponding Portal authentication page, and so on.
  • step S2 the method specifically includes: the S21 wireless access point 120 intercepts the first HTTP request message; and the S22 wireless access point 120 is based on the pre-stored first URL of the portal authentication server 130 and the wireless terminal 110
  • the type parameter of the system type generates a second URL, and generates a temporary redirect message based on the second URL.
  • step S3 the method specifically includes: S31, the wireless access point 120 generates a second URL based on the first URL of the built-in portal authentication server 130 and the type parameter of the system type to which the wireless terminal 110 belongs; the S32 wireless access point 120 is based on the The second URL generates a temporary redirect message.
  • step S5 the method specifically includes: the S51 portal authentication server 130 receives the second HTTP; the S52 portal authentication server 130 extracts the type parameter of the system type to which the wireless terminal 110 belongs in the second URL in the second HTTP; and the S53 portal authentication server 130 The corresponding portal authentication page is pushed according to the association relationship between the pre-stored different operating system types and their corresponding portal authentication pages.
  • the method further includes the following steps: S11: the wireless terminal 110 monitors whether it establishes a connection with the wireless access point 120; and S12 establishes a connection between the wireless terminal 110 and the wireless access point 120.
  • the wireless terminal 110 sends an Internet address request message;
  • the S13 wireless access point 120 intercepts the Internet address request message, and extracts the order of the sub-options contained in the preset option field included therein;
  • the S14 wireless access point 120 extracts the The ordering of the sub-options contained in the preset option field determines the type of system to which the wireless terminal 110 belongs and stores it.
  • the wireless terminal 110 After the terminal 110 and the wireless access point 120 are associated, the wireless terminal 110 then obtains an IP address through the DHCP service. Since all the packets sent by the wireless terminal 110 pass through the wireless access point 120, the wireless access point 120 can learn the type of the operating system of the wireless terminal 110 by intercepting the DHCP discovery message of the wireless terminal 110.
  • the wireless access point 120 intercepts the HTTP message and spoofs the temporary redirect message to the wireless terminal 110.
  • the temporary redirect message includes a second URL of the portal authentication, and the learned wireless terminal 110 operation type information is included in the second URL.
  • the wireless terminal 110 When the wireless terminal 110 receives the temporary redirect message and sends the second HTTP request message to the authentication server, the wireless terminal 110 includes the second URL in the second HTTP request message.
  • the authentication server receives the second URL and knows the operating system type of the wireless terminal 110, and can push different Portal pages according to different operating systems. For example, the portal authentication page of the IOS system is different from the portal authentication page of the Android system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Provided in the present invention are an adaptive portal authentication page system based on an operating system, and method for same. The adaptive portal authentication page system comprises: a wireless access point connected to a wireless terminal in a wireless manner, intercepting a first hypertext transfer protocol request message sent by the wireless terminal, and forging and feeding a temporary redirect message back to the wireless terminal, wherein the temporary redirect message specifically comprises a second uniform resource locator in a portal authentication server, and the second uniform resource locator comprises a type parameter of the system type of an operating system in the wireless terminal; and the portal authentication server communicatively connected to the wireless terminal, receiving a second hypertext transfer protocol request message containing a second uniform resource locator and sent by the wireless terminal, and then automatically pushing a corresponding portal authentication page to the wireless terminal. The present invention enables wireless terminals having different operating systems to jump to different portal authentication pages, thus greatly improving user experience, and enhancing applicability of a portal authentication system.

Description

一种基于操作系统的门户认证页面自适应系统及其方法Operating system based portal authentication page adaptive system and method thereof 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种门户认证页面自适应系统及其方法。The present invention relates to the field of communications technologies, and in particular, to a portal authentication page adaptation system and method thereof.
背景技术Background technique
Portal(入口)认证是互联网接入的一种认证方式,通常为Web(网页)认证,Portal认证网页通常称为门户网站。当用户在使用终端连接需要Portal认证的网络但未经认证时,会强制终端登录到特定门户网站站点免费访问其中包含的服务;但是当用户需要使用互联网中的其他信息时,必须在门户网站上进行认证,只有认证通过了之后才可以使用互联网资源。Portal authentication is an authentication method for Internet access. It is usually Web (web) authentication. The Portal authentication web page is usually called a portal. When a user connects to a network that requires Portal authentication but is not authenticated, the terminal is forced to log in to a specific portal site to access the services contained therein free of charge; but when the user needs to use other information on the Internet, it must be on the portal. For authentication, Internet resources can only be used after the certification has passed.
在无线网络中,由于Portal认证具有免客户端、可强制推送广告等优势,故而得到广泛应用。在认证过程中,终端通过DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)获取IP(Internet Protocol,网络互连协议)地址,随后向任意网址发起包含用户信息的HTTP(Hyper Text Transfer Protocol,超文本传输协议)请求报文向Portal服务器进行认证。In the wireless network, Portal authentication is widely used because it has the advantages of client-free and forced advertisement. During the authentication process, the terminal obtains an IP (Internet Protocol) address through DHCP (Dynamic Host Configuration Protocol), and then initiates HTTP (Hyper Text Transfer Protocol) containing user information to any URL. The transport protocol) requests the packet to authenticate to the Portal server.
但是,在传统的Portal认证过程中,当Portal服务器对用户认证成功之后,会给所有的终端推送相同的Portal认证界面,虽然浏览器发送HTTP请求报文中有User Agent(用户代理)字段,但User Agent字段只与浏览器类型相关,只能区别不同的浏览器,而不能区别不同的操作系统。However, in the traditional Portal authentication process, after the Portal server authenticates the user successfully, the same Portal authentication interface is pushed to all the terminals. Although the browser sends an HTTP request message with the User Agent field, The User Agent field is only relevant to the browser type and can only distinguish between different browsers, but not different operating systems.
发明内容Summary of the invention
针对上述问题,本发明提供了一种基于操作系统的门户认证页面自适应系统及其方法,其能够根据无线终端中不同的操作系统推送不同的门户认证页面。In view of the above problems, the present invention provides an operating system-based portal authentication page adaptation system and method thereof, which are capable of pushing different portal authentication pages according to different operating systems in the wireless terminal.
本发明提供的技术方案如下: The technical solution provided by the present invention is as follows:
一种基于操作系统的门户认证页面自适应系统,包括:内置操作系统的无线终端、无线接入点以及门户认证服务器,其中,An operating system-based portal authentication page adaptive system, comprising: a wireless terminal with a built-in operating system, a wireless access point, and a portal authentication server, wherein
所述无线接入点,与所述无线终端无线连接,所述无线接入点截获所述无线终端发送的第一超文本传输协议(Hyper Text Transfer Protocol,以下简称HTTP)请求报文,并基于所述第一HTTP请求报文伪造暂时性重定向报文并反馈至所述无线终端;所述暂时性重定向报文中具体包含所述门户认证服务器的第二统一资源定位符(Uniform Resource Locator,以下简称URL),所述第二URL中包括无线终端中操作系统所属系统类型的类型参数;The wireless access point is wirelessly connected to the wireless terminal, and the wireless access point intercepts a first Hypertext Transfer Protocol (HTTP) request message sent by the wireless terminal, and is based on The first HTTP request message forges a temporary redirect message and feeds back to the wireless terminal; the temporary redirect message specifically includes a second uniform resource locator of the portal authentication server (Uniform Resource Locator) (hereinafter referred to as URL), the second URL includes a type parameter of a system type to which the operating system belongs in the wireless terminal;
所述门户认证服务器,与所述无线接入点通信连接,所述门户认证服务器经由所述无线接入点接收所述无线终端发送的包含所述第二统一资源定位符的第二超文本传输协议请求报文,进而自动推送相应的门户认证页面至所述无线终端。The portal authentication server is in communication with the wireless access point, and the portal authentication server receives, by the wireless access point, a second hypertext transmission including the second uniform resource locator sent by the wireless terminal. The protocol requests the message, and then automatically pushes the corresponding portal authentication page to the wireless terminal.
在本技术方案中,这里说的第二URL是无线终端进行门户认证需要跳转到的位置,这样,当认证服务器接收到了第二HTTP请求报文,就可以从中提取出第二URL,进而得到其中包含的该无线终端中操作系统所属的系统类型,最后认证服务器基于该系统类型推送相应的门户认证页面。其操作简单方便,不同操作系统的无线终端能够跳转到不同的门户认证页面,提高了用户体验,扩展了门户认证系统的应用,有效解决了现有门户认证系统中对所有的无线终端推送相同门户认证页面的问题。In the technical solution, the second URL mentioned here is a location that the wireless terminal needs to jump to perform portal authentication, so that when the authentication server receives the second HTTP request message, the second URL can be extracted therefrom, thereby obtaining The type of the system to which the operating system belongs in the wireless terminal is included, and finally the authentication server pushes the corresponding portal authentication page based on the system type. The operation is simple and convenient, and the wireless terminal of different operating systems can jump to different portal authentication pages, improve the user experience, expand the application of the portal authentication system, and effectively solve the same push for all wireless terminals in the existing portal authentication system. The problem with the portal authentication page.
进一步优选地,所述无线接入点中包括:第一控制模块、报文截取模块、第一报文生成模块、第一存储模块以及报文发送模块,其中,Further preferably, the wireless access point includes: a first control module, a packet interception module, a first packet generation module, a first storage module, and a message sending module, where
所述第一存储模块,与所述第一控制模块连接,所述第一存储模块中预存门户认证服务器的第一统一资源定位符和该无线终端所属系统类型的类型参数;The first storage module is connected to the first control module, and the first storage module prestores a first uniform resource locator of the portal authentication server and a type parameter of a system type to which the wireless terminal belongs;
所述报文截取模块,与所述第一控制模块连接,所述报文截取模块在所述第一控制模块的控制下截取无线终端发送的第一超文本传输协议请求报文;The packet intercepting module is connected to the first control module, and the packet intercepting module intercepts the first hypertext transfer protocol request message sent by the wireless terminal under the control of the first control module;
所述第一报文生成模块,分别与所述报文截取模块、第一存储模块和第一控制模块连接,所述第一报文生成模块在所述第一控制模块的控制下,基于第 一存储模块中存储的门户认证服务器的第一统一资源定位符和该无线终端所属系统类型的类型参数生成第二统一资源定位符,并基于该第二统一资源定位符生成暂时性重定向报文;The first packet generating module is respectively connected to the packet intercepting module, the first storage module, and the first control module, and the first packet generating module is controlled by the first control module. a first uniform resource locator of the portal authentication server and a type parameter of the system type to which the wireless terminal belongs to generate a second uniform resource locator, and generate a temporary redirect message based on the second uniform resource locator ;
所述报文发送模块,分别第一报文生成模块和第一控制模块连接,所述报文发送模块用于发送暂时性重定向报文。The packet sending module is configured to connect the first packet generating module to the first control module, where the packet sending module is configured to send the temporary redirecting packet.
在本技术方案中,无线接入点会截获无线终端发送的第一HTTP请求报文,并将该无线终端所属的系统类型加入认证服务器的第一URL中得到第二URL反馈至无线终端中。这样,后面无线终端会将该第二URL添加进第二HTTP请求报文中,以便认证服务器接收到该第二URL,获取该无线终端中操作系统所属的系统类型。In the technical solution, the wireless access point intercepts the first HTTP request message sent by the wireless terminal, and adds the system type to which the wireless terminal belongs to the first URL of the authentication server to obtain the second URL and feeds back to the wireless terminal. In this way, the following wireless terminal adds the second URL to the second HTTP request message, so that the authentication server receives the second URL and obtains the system type to which the operating system belongs in the wireless terminal.
进一步优选地,所述认证服务器中包括:第二控制模块、第二存储模块、报文接收模块以及门户认证页面反馈模块,其中,Further preferably, the authentication server includes: a second control module, a second storage module, a message receiving module, and a portal authentication page feedback module, where
所述第二存储模块,与所述第二控制模块连接,所述第二存储模块中预存不同操作系统类型与其对应的门户认证页面之间的关联关系;The second storage module is connected to the second control module, and the second storage module prestores an association relationship between different operating system types and a corresponding portal authentication page;
所述报文接收模块,与所述第二控制模块连接,所述报文接收模块在所述第二控制模块的控制下接收无线终端发送的第二HTTP请求报文;The message receiving module is connected to the second control module, and the message receiving module receives the second HTTP request message sent by the wireless terminal under the control of the second control module;
所述门户认证页面反馈模块,分别与所述报文接收模块、第二存储模块以及第二控制模块连接,所述门户认证页面反馈模块在所述第二控制模块的控制下,基于所述第二HTTP中第二URL和第二存储模块中预存的不同操作系统类型与其对应的门户认证页面之间的关联关系反馈相应的门户认证页面。The portal authentication page feedback module is respectively connected to the packet receiving module, the second storage module, and the second control module, and the portal authentication page feedback module is controlled by the second control module, based on the The second URL and the association relationship between the different operating system types pre-stored in the second storage module and the corresponding portal authentication page are fed back to the corresponding portal authentication page.
进一步优选地,所述无线终端中包括:监测模块、报文收发模块、第二报文生成模块和第三控制模块,其中,Further preferably, the wireless terminal includes: a monitoring module, a message transceiver module, a second message generation module, and a third control module, where
所述监测模块,与所述第三控制模块连接,所述监测模块在所述第三控制模块的控制下监测无线终端是否与无线接入点建立连接;The monitoring module is connected to the third control module, and the monitoring module monitors whether the wireless terminal establishes a connection with the wireless access point under the control of the third control module;
所述报文收发模块,分别与所述监测模块和所述第三控制模块连接,所述报文收发模块在所述第三控制模块的控制下,发送互联网地址请求报文以及接收所述无线接入点反馈的暂时性重定向报文;The packet sending and receiving module is respectively connected to the monitoring module and the third control module, and the packet sending and receiving module sends an Internet address request message and receives the wireless under the control of the third control module. Temporary redirect message fed back by the access point;
所述第二报文生成模块,分别与所述监测模块、报文收发模块以及第三控 制模块连接,所述第二报文生成模块基于所述监测模块的监测结果生成第一HTTP请求报文及基于所述报文收发模块接收到的暂时性重定向报文生成第二HTTP请求报文。The second packet generating module is respectively configured with the monitoring module, the packet sending and receiving module, and the third control The module is connected, and the second packet generating module generates a first HTTP request message based on the monitoring result of the monitoring module, and generates a second HTTP request message based on the temporary redirect message received by the packet sending and receiving module. Text.
进一步优选地,所述无线接入点中,所述第一存储模块中还预存有不同操作系统与互联网地址请求报文中预设选项字段中子选项排序的关联关系。Further preferably, in the wireless access point, the first storage module further pre-stores an association relationship between different operating systems and sub-option sorting in a preset option field in the Internet address request message.
进一步优选地,所述无线接入点还包括:信息提取模块和系统类型判定模块,其中,Further preferably, the wireless access point further includes: an information extraction module and a system type determination module, where
所述信息提取模块,分别与所述报文截取模块和第一控制模块连接,所述信息提取模块基于所述报文截取模块截取到的互联网地址请求报文提取其中包含的预设选项字段中包含的子选项的排序;The information extraction module is respectively connected to the packet intercepting module and the first control module, and the information extracting module extracts the preset option field included in the Internet address request packet intercepted by the packet intercepting module. The sorting of the included suboptions;
所述系统类型判定模块,分别与所述信息提取模块、第一存储模块和第一控制模块连接,所述系统类型判定模块基于所述信息提取模块提取的预设选项字段中包含的子选项的排序判定该无线终端所属的系统类型,并将其存储在第一存储模块中。The system type determining module is respectively connected to the information extracting module, the first storage module, and the first control module, and the system type determining module is based on the sub-options included in the preset option field extracted by the information extracting module. The sort determines the type of system to which the wireless terminal belongs and stores it in the first storage module.
在本技术方案中,无线终端会时刻监测其是否与无线接入点建立内网连接,只有在监测到已经建立了连接,才会发送互联网地址请求。之后,无线接入点截获了该互联网地址请求之后分析出其内部包含的预设选项字段中包含的子选项的排序,从而判断出该无线终端中操作系统所属的系统类型。要注意的是,这里的预设选项字段中包含的子选项的排列基于不同的操作系统是不同的,且在无线接入点中已经预存了不同操作系统对应的排列顺序,以此后续才能准确的将相应门户认证页面推送到无线终端。整个过程简单精确,可操作性强。In the technical solution, the wireless terminal monitors whether it establishes an intranet connection with the wireless access point at all times, and only sends an Internet address request after detecting that the connection has been established. After that, the wireless access point intercepts the Internet address request and analyzes the order of the sub-options included in the preset option field included therein, thereby determining the system type to which the operating system belongs in the wireless terminal. It should be noted that the arrangement of the sub-options included in the preset option field is different based on different operating systems, and the order of the different operating systems is pre-stored in the wireless access point, so that the subsequent steps can be accurate. Push the corresponding portal authentication page to the wireless terminal. The whole process is simple and precise, and the operability is strong.
本发明还提供了一种基于操作系统的门户认证页面自适应方法,包括:The invention also provides an operating system-based portal authentication page adaptation method, comprising:
S1无线终端发送第一HTTP请求报文;The S1 wireless terminal sends the first HTTP request message;
S2无线接入点截获所述第一HTTP请求报文,并基于所述第一HTTP请求报文伪造生成暂时性重定向报文;The S2 wireless access point intercepts the first HTTP request message, and generates a temporary redirect message based on the first HTTP request message falsification;
S3无线接入点将生成的暂时性重定向报文反馈回无线终端;The S3 wireless access point feeds back the generated temporary redirection packet to the wireless terminal.
S4无线终端基于接收到的暂时性重定向报文生成第二HTTP请求报文; The S4 wireless terminal generates a second HTTP request message based on the received temporary redirection message;
S5门户认证服务器接收所述第二HTTP请求报文,并基于所述第二超文本传输协议请求报文请求自动推送相应的门户认证页面至所述无线终端。The S5 portal authentication server receives the second HTTP request message, and automatically pushes a corresponding portal authentication page to the wireless terminal based on the second hypertext transfer protocol request message request.
在本技术方案中,这里说的第二URL是无线终端进行门户认证需要跳转到的位置,这样,当认证服务器接收到了第二HTTP请求报文,就可以从中提取出第二URL,进而得到其中包含的该无线终端中操作系统所属的系统类型,最后认证服务器基于该系统类型推送相应的门户认证页面。其操作简单方便,不同操作系统的无线终端能够跳转到不同的门户认证页面,提高了用户体验,扩展了门户认证系统的应用,有效解决了现有门户认证系统中对所有的无线终端推送相同门户认证页面的问题。In the technical solution, the second URL mentioned here is a location that the wireless terminal needs to jump to perform portal authentication, so that when the authentication server receives the second HTTP request message, the second URL can be extracted therefrom, thereby obtaining The type of the system to which the operating system belongs in the wireless terminal is included, and finally the authentication server pushes the corresponding portal authentication page based on the system type. The operation is simple and convenient, and the wireless terminal of different operating systems can jump to different portal authentication pages, improve the user experience, expand the application of the portal authentication system, and effectively solve the same push for all wireless terminals in the existing portal authentication system. The problem with the portal authentication page.
进一步优选地,所述暂时性重定向报文中具体包含所述门户认证服务器的第二URL,所述第二URL中包括无线终端中操作系统所属系统类型的类型参数。Further preferably, the temporary redirect message specifically includes a second URL of the portal authentication server, where the second URL includes a type parameter of a system type to which the operating system belongs in the wireless terminal.
进一步优选地,在步骤S2中,具体包括:Further preferably, in step S2, the method specifically includes:
S21无线接入点截获所述第一HTTP请求报文;The S21 wireless access point intercepts the first HTTP request message;
S22无线接入点基于预存的门户认证服务器的第一URL和该无线终端所属系统类型的类型参数生成第二URL,并基于该第二URL生成暂时性重定向报文;The S22 wireless access point generates a second URL based on the first URL of the pre-stored portal authentication server and the type parameter of the system type to which the wireless terminal belongs, and generates a temporary redirect message based on the second URL;
和/或,在步骤S3中,具体包括:And/or, in step S3, specifically:
S31无线接入点基于其内置的门户认证服务器的第一URL和该无线终端所属系统类型的类型参数生成第二URL;The S31 wireless access point generates a second URL based on a first URL of the built-in portal authentication server and a type parameter of the system type to which the wireless terminal belongs;
S32无线接入点基于该第二URL生成暂时性重定向报文;The S32 wireless access point generates a temporary redirect message based on the second URL;
和/或,在步骤S5中,具体包括:And/or, in step S5, specifically:
S51门户认证服务器接收所述第二HTTP;The S51 portal authentication server receives the second HTTP;
S52门户认证服务器在所述第二HTTP中的第二URL提取出该无线终端所属系统类型的类型参数;The S52 portal authentication server extracts, at the second URL in the second HTTP, a type parameter of a system type to which the wireless terminal belongs;
S53门户认证服务器根据预存的不同操作系统类型与其对应的门户认证页面之间的关联关系推送相应的门户认证页面。The S53 portal authentication server pushes the corresponding portal authentication page according to the association relationship between the pre-stored different operating system types and the corresponding portal authentication page.
进一步优选地,在步骤S1之前,还包括以下步骤: Further preferably, before step S1, the following steps are further included:
S11无线终端监测其是否与无线接入点建立连接;The S11 wireless terminal monitors whether it establishes a connection with the wireless access point;
S12若无线终端与无线接入点建立连接,则所述无线终端发送互联网地址请求报文;S12: If the wireless terminal establishes a connection with the wireless access point, the wireless terminal sends an Internet address request message;
S13无线接入点截获所述互联网地址请求报文,提取其中包含的预设选项字段中包含的子选项的排序;The S13 wireless access point intercepts the Internet address request message, and extracts a sequence of sub-options included in the preset option field included therein;
S14无线接入点基于提取出的预设选项字段中包含的子选项的排序判定该无线终端所属的系统类型并进行存储。The S14 wireless access point determines the system type to which the wireless terminal belongs based on the sorting of the sub-options included in the extracted preset option field and stores the system type.
在本技术方案中,无线终端会时刻监测其是否与无线接入点建立内网连接,只有在监测到已经建立了连接,才会发送互联网地址请求。之后,无线接入点截获了该互联网地址请求之后分析出其内部包含的预设选项字段中包含的子选项的排序,从而判断出该无线终端中操作系统所属的系统类型。要注意的是,这里的预设选项字段中包含的子选项的排列基于不同的操作系统是不同的,且在无线接入点中已经预存了不同操作系统对应的排列顺序,以此后续才能准确的将相应门户认证页面推送到无线终端。整个过程简单精确,可操作性强。In the technical solution, the wireless terminal monitors whether it establishes an intranet connection with the wireless access point at all times, and only sends an Internet address request after detecting that the connection has been established. After that, the wireless access point intercepts the Internet address request and analyzes the order of the sub-options included in the preset option field included therein, thereby determining the system type to which the operating system belongs in the wireless terminal. It should be noted that the arrangement of the sub-options included in the preset option field is different based on different operating systems, and the order of the different operating systems is pre-stored in the wireless access point, so that the subsequent steps can be accurate. Push the corresponding portal authentication page to the wireless terminal. The whole process is simple and precise, and the operability is strong.
附图说明DRAWINGS
下面将以明确易懂的方式,结合附图说明优选实施方式,对上述特性、技术特征、优点及其实现方式予以进一步说明。The above described features, technical features, advantages and implementations thereof will be further described in the following, in which the preferred embodiments are described in the <RTIgt;
图1为本发明中基于操作系统的门户认证页面自适应系统结构示意图;1 is a schematic structural diagram of an operating system-based portal authentication page adaptive system according to the present invention;
图2为本发明中无线接入点一种实施方式结构示意图;2 is a schematic structural diagram of an implementation manner of a wireless access point according to the present invention;
图3为本发明中认证服务器结构示意图;3 is a schematic structural diagram of an authentication server in the present invention;
图4为本发明中无线终端结构示意图;4 is a schematic structural diagram of a wireless terminal according to the present invention;
图5为本发明中无线接入点另一种实施方式结构示意图;5 is a schematic structural diagram of another implementation manner of a wireless access point according to the present invention;
图6为本发明中基于操作系统的门户认证页面自适应方法流程示意图;6 is a schematic flowchart of an operating system-based portal authentication page adaptation method according to the present invention;
图7为本发明中无线接入点判断无线终端中操作系统所属类型流程示意图。FIG. 7 is a schematic diagram of a process for determining, by a wireless access point, a type of an operating system in a wireless terminal according to the present invention.
附图标号说明:Description of the reference numerals:
100-门户认证页面自适应系统,110-无线终端,120-无线接入点,130-门 户认证服务器,111-监测模块,112-报文收发模块,113-第二报文生成模块,114-第三控制模块,121-第一控制模块,122-报文截取模块,123-第一报文生成模块,124-第一存储模块,125-报文发送模块,126-信息提取模块,127-系统类型判定模块,131-第二控制模块,132-第二存储模块,133-报文接收模块,134-门户认证页面反馈模块。100-Portal Authentication Page Adaptive System, 110-Wireless Terminal, 120-Wireless Access Point, 130-gate User authentication server, 111-monitoring module, 112-message transceiver module, 113-second packet generation module, 114-third control module, 121-first control module, 122-message interception module, 123-first Message generation module, 124-first storage module, 125-message sending module, 126-information extraction module, 127-system type determination module, 131-second control module, 132-second storage module, 133-message Receive module, 134-portal authentication page feedback module.
具体实施方式detailed description
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对照附图说明本发明的具体实施方式。显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图,并获得其他的实施方式。In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the specific embodiments of the present invention will be described below with reference to the accompanying drawings. Obviously, the drawings in the following description are only some embodiments of the present invention, and those skilled in the art can obtain other drawings according to the drawings without obtaining creative labor, and obtain Other embodiments.
如图1所示为本发明提供的基于操作系统的门户认证页面自适应系统100的结构示意图,从图中可以看出,在该门户认证页面自适应系统100中包括:内置操作系统的无线终端110、无线接入点120以及门户认证服务器130,其中,无线接入点120与无线终端110无线连接,门户认证服务器130与无线接入点120通信连接。在工作过程中,首先无线终端110基于TCP(Transmission Control Protocol传输控制协议)80端口发送第一HTTP请求报文;无线接入点120截获到该第一HTTP请求报文之后,基于该第一HTTP请求报文伪造暂时性重定向报文(302重定向报文)并将其反馈至无线终端110。无线终端110接收到该暂时性重定向报文之后,随即基于该暂时性重定向报文生成第二HTTP请求报文并发送至认证服务器。门户认证服务器130经由无线接入点120接收到该第二HTTP请求报文之后,根据第二HTTP请求报文中包含的信息自动推送相应的门户认证页面至无线终端110。在具体实施例中,上述无线终端110可以为智能手机、平板电脑等。FIG. 1 is a schematic structural diagram of an operating system-based portal authentication page adaptation system 100 according to the present invention. As can be seen from the figure, the portal authentication page adaptation system 100 includes: a wireless terminal with an internal operating system. 110. The wireless access point 120 and the portal authentication server 130, wherein the wireless access point 120 is wirelessly connected to the wireless terminal 110, and the portal authentication server 130 is communicably connected to the wireless access point 120. In the working process, the wireless terminal 110 first sends a first HTTP request message based on the TCP (Transmission Control Protocol) 80 port; after the wireless access point 120 intercepts the first HTTP request message, based on the first HTTP The request message forges a temporary redirect message (302 redirect message) and feeds it back to the wireless terminal 110. After receiving the temporary redirect message, the wireless terminal 110 generates a second HTTP request message based on the temporary redirect message and sends it to the authentication server. After receiving the second HTTP request message, the portal authentication server 130 automatically pushes the corresponding portal authentication page to the wireless terminal 110 according to the information contained in the second HTTP request message. In a specific embodiment, the wireless terminal 110 may be a smart phone, a tablet, or the like.
具体来说,在上述暂时性重定向报文中具体包含门户认证服务器130的第二URL,且在该第二URL中包括无线终端110中操作系统所属系统类型的类型参数。在上述工作过程中,无线终端110接收到该暂时性重定向报文之后,随即获取其中包含的第二URL,进而基于该第二URL重新生成第二HTTP请求报文。这样,认证服务器在接收到该第二HTTP请求报文后,就能获取其中 包含的第二URL,进而得到该无线终端110中操作系统所属系统类型的类型参数。在一个具体实施例中,如果无线终端110中的操作系统为安卓系统,则认证服务器自动推送安卓系统对应的门户认证页面;如果无线终端110中的操作系统为IOS系统,则认证服务器自动推送相应的门户认证页面,以此类推。Specifically, the second URL of the portal authentication server 130 is specifically included in the temporary redirect message, and the type parameter of the system type to which the operating system belongs in the wireless terminal 110 is included in the second URL. After receiving the temporary redirect message, the wireless terminal 110 obtains the second URL included therein, and then regenerates the second HTTP request message based on the second URL. In this way, the authentication server can obtain the second HTTP request message after receiving the second HTTP request message. The included second URL further obtains a type parameter of the system type to which the operating system belongs in the wireless terminal 110. In a specific embodiment, if the operating system in the wireless terminal 110 is an Android system, the authentication server automatically pushes the portal authentication page corresponding to the Android system; if the operating system in the wireless terminal 110 is an IOS system, the authentication server automatically pushes the corresponding Portal authentication page, and so on.
在一个实施例中,如图2所示,在上述无线接入点120中包括:第一控制模块121、报文截取模块122、第一报文生成模块123、第一存储模块124以及报文发送模块125,其中,第一控制模块121分别与报文截取模块122、第一报文生成模块123、第一存储模块124以及报文发送模块125连接,用于控制无线接入点120的工作。另外,第一报文生成模块123分别与报文截取模块122和第一存储模块124连接,报文发送模块125与第一报文生成模块123连接。在工作之前,我们在第一存储模块124中预存门户认证服务器130的第一URL和该无线终端110所属系统类型的类型参数。In an embodiment, as shown in FIG. 2, the wireless access point 120 includes: a first control module 121, a packet intercepting module 122, a first packet generating module 123, a first storage module 124, and a packet. The sending module 125, wherein the first control module 121 is connected to the packet intercepting module 122, the first packet generating module 123, the first storage module 124, and the message sending module 125, respectively, for controlling the working of the wireless access point 120. . In addition, the first packet generating module 123 is connected to the packet intercepting module 122 and the first storage module 124, and the packet sending module 125 is connected to the first packet generating module 123. Before the work, we pre-store the first URL of the portal authentication server 130 and the type parameter of the system type to which the wireless terminal 110 belongs in the first storage module 124.
在工作过程中,报文截取模块122在第一控制模块121的控制下截取到无线终端110发送的第一HTTP请求报文之后,随即将其发送至第一报文生成模块123中。第一报文生成模块123接收到该第一HTTP请求报文时,在第一控制模块121的控制下基于第一存储模块124中存储的门户认证服务器130的第一URL和该无线终端110所属系统类型的类型参数生成第二URL(将无线终端110的系统类型参数放入第一URL中得到第二URL),之后在基于该第二URL生成暂时性重定向报文,并通过报文发送模块125将其反馈回无线终端110。无线终端110接收到该暂时性重定向报文之后,随即基于其包括的第二URL重新生成第二HTTP请求报文。In the working process, the message intercepting module 122 intercepts the first HTTP request message sent by the wireless terminal 110 under the control of the first control module 121, and then sends it to the first message generating module 123. When receiving the first HTTP request message, the first message generating module 123 is based on the first URL of the portal authentication server 130 stored in the first storage module 124 and the wireless terminal 110 under the control of the first control module 121. The type parameter of the system type generates a second URL (putting the system type parameter of the wireless terminal 110 into the first URL to obtain the second URL), and then generating a temporary redirect message based on the second URL, and sending the message through the message Module 125 feeds it back to wireless terminal 110. After receiving the temporary redirect message, the wireless terminal 110 then regenerates the second HTTP request message based on the second URL it includes.
在一个实施例中,如图3所示,认证服务器中包括:第二控制模块131、第二存储模块132、报文接收模块133以及门户认证页面反馈模块134,其中,第二控制模块131分别与第二存储模块132、报文接收模块133以及门户认证页面反馈模块134连接,控制认证服务器工作。另外,门户认证页面反馈模块134分别与报文接收模块133和第二存储模块132连接。在工作之前,我们在第二存储模块132中预存不同操作系统类型与其对应的门户认证页面之间的关联关系(如,安卓系统与其门户认证页面之间的关联关系、IOS系统与其门户 认证页面之间的关联关系等等)。In an embodiment, as shown in FIG. 3, the authentication server includes: a second control module 131, a second storage module 132, a message receiving module 133, and a portal authentication page feedback module 134, wherein the second control module 131 respectively The second storage module 132, the message receiving module 133, and the portal authentication page feedback module 134 are connected to control the authentication server to work. In addition, the portal authentication page feedback module 134 is connected to the message receiving module 133 and the second storage module 132, respectively. Before the work, we pre-store the association relationship between different operating system types and their corresponding portal authentication pages in the second storage module 132 (for example, the relationship between the Android system and its portal authentication page, the IOS system and its portal) The relationship between the authentication pages, etc.).
在工作过程中,首先,报文接收模块133在第二控制模块131的控制下接收无线终端110发送的第二HTTP请求报文,并将其发送至门户认证页面反馈模块134。门户认证页面反馈模块134接收到该第二HTTP请求报文,随即提取其中包括的第二URL,进而获取无线终端110中操作系统所属的系统类型,进而根据第二存储模块132中预存的不同操作系统类型与其对应的门户认证页面之间的关联关系反馈相应的门户认证页面(即根据解析出来的无线终端110的系统类型在第二存储模块132中存储的关联关系中找到相应的门户认证页面)。In the working process, first, the message receiving module 133 receives the second HTTP request message sent by the wireless terminal 110 under the control of the second control module 131, and sends it to the portal authentication page feedback module 134. The portal authentication page feedback module 134 receives the second HTTP request message, and then extracts the second URL included therein, and then acquires the system type to which the operating system belongs in the wireless terminal 110, and further operates according to different operations prestored in the second storage module 132. The association relationship between the system type and its corresponding portal authentication page is fed back to the corresponding portal authentication page (ie, the corresponding portal authentication page is found in the association relationship stored in the second storage module 132 according to the parsed system type of the wireless terminal 110) .
在一个实施例中,如图4所示,无线终端110中包括:监测模块111、报文收发模块112、第二报文生成模块113和第三控制模块114,其中,监测模块111与第三控制模块114连接,报文收发模块112分别与监测模块111和第三控制模块114连接,第二报文生成模块113分别与监测模块111、报文收发模块112以及第三控制模块114连接。如图5所示,无线接入点120还包括:信息提取模块126和系统类型判定模块127,其中,信息提取模块126分别与报文截取模块122和第一控制模块121连接,系统类型判定模块127分别与信息提取模块126、第一存储模块124和第一控制模块121连接。且在该无线接入点120中,第一存储模块124中还预存有不同操作系统与互联网地址请求报文中预设选项字段中子选项排序的关联关系。In one embodiment, as shown in FIG. 4, the wireless terminal 110 includes: a monitoring module 111, a message transceiver module 112, a second message generation module 113, and a third control module 114, wherein the monitoring module 111 and the third module The control module 114 is connected to the monitoring module 111 and the third control module 114, and the second packet generating module 113 is connected to the monitoring module 111, the message transceiver module 112, and the third control module 114, respectively. As shown in FIG. 5, the wireless access point 120 further includes: an information extraction module 126 and a system type determination module 127, wherein the information extraction module 126 is respectively connected to the message intercepting module 122 and the first control module 121, and the system type determining module 127 is connected to the information extraction module 126, the first storage module 124, and the first control module 121, respectively. In the wireless access point 120, the first storage module 124 further pre-stores the association relationship between the sub-options in the preset option fields in different operating systems and Internet address request messages.
具体来说,在工作过程中,在报文收发模块112发送第一HTTP请求报文之前,无线终端110中的监测模块111在第三控制模块114的控制下实时监测无线终端110是否与无线接入点120建立连接。在监测到该无线终端110与无线接入点120建立连接之后,报文收发模块112随即在第三控制模块114的控制下发送互联网地址请求报文(DHCP discovery报文)至DHCP服务器。在这一过程中,无线接入点120作为无线终端110和DHCP服务器之间的必经之路,在DHCP服务器接收到该互联网地址请求报文之前,无线接入点120中的报文截取模块122截取该互联网地址请求报文并将其发送至信息提取模块126。该信息提取模块126接收到该互联网地址请求报文之后,随即提取并分析出该互 联网地址请求报文中包含的预设选项字段中包含的子选项的排序并将其发送至系统类型判定模块127。系统类型判定模块127接收到提取出的预设选项字段中包含的子选项的排序之后,随即基于该信息提取模块126提取的预设选项字段中包含的子选项的排序在第一存储模块124中查找到与之对应的系统类型并将其存储在第一存储模块124中,以此完成了无线接入点120中对该无线终端110中操作系统的系统类型的获取。Specifically, in the working process, before the message sending and receiving module 112 sends the first HTTP request message, the monitoring module 111 in the wireless terminal 110 monitors in real time whether the wireless terminal 110 is connected to the wireless device under the control of the third control module 114. Entry point 120 establishes a connection. After the wireless terminal 110 is connected to the wireless access point 120, the message transceiver module 112 sends an Internet address request message (DHCP discovery message) to the DHCP server under the control of the third control module 114. In this process, the wireless access point 120 serves as a necessary path between the wireless terminal 110 and the DHCP server, and the packet intercepting module in the wireless access point 120 before the DHCP server receives the Internet address request message. 122 intercepts the Internet address request message and sends it to the information extraction module 126. After the information extraction module 126 receives the Internet address request message, the information extraction module 126 extracts and analyzes the mutual The ordering of the sub-options contained in the preset option field included in the networked address request message is sent to the system type decision module 127. After receiving the sorting of the sub-options included in the extracted preset option field, the system type determining module 127 then sorts the sub-options included in the preset option field extracted by the information extracting module 126 in the first storage module 124. The system type corresponding to the system is found and stored in the first storage module 124, thereby completing the acquisition of the system type of the operating system in the wireless terminal 110 in the wireless access point 120.
在一个具体实施例中,无线终端110和无线接入点120建立关联后,随即无线终端110发送获取IP地址的DHCP discovery报文至DHCP服务器。无线接入点120截获到该DHCP discovery报文之后,进而从该DHCP discovery报文的option55选项的子项排列顺序(上述预设选项字段中包含的子选项的排序)分析出该无线终端110所用的操作系统的系统类型,并进行本地存储。In a specific embodiment, after the wireless terminal 110 and the wireless access point 120 are associated, the wireless terminal 110 sends a DHCP discovery message for obtaining an IP address to the DHCP server. After the wireless access point 120 intercepts the DHCP discovery message, the wireless terminal 110 analyzes the order of the sub-items included in the option 55 field of the DHCP discovery message (the order of the sub-options included in the preset option field). The operating system's system type is stored locally.
之后,当无线终端110发出基于TCP 80端口的第一HTTP请求报文后,无线接入点120截获道该第一HTTP请求报文之后,伪造暂时性重定向报文发给无线终端110。具体该暂时性重定向报文中包含门户认证的第二URL。即该无线接入点120把在DHCP discovery报文中发现的无线终端110操作系统的系统类型信息作为参数放在认证服务器的第一URL中得到第二URL。Then, after the wireless terminal 110 sends the first HTTP request message based on the TCP port 80, the wireless access point 120 intercepts the first HTTP request message, and then falsifies the temporary redirect message to the wireless terminal 110. Specifically, the temporary redirect message includes a second URL of the portal authentication. That is, the wireless access point 120 places the system type information of the operating system of the wireless terminal 110 found in the DHCP discovery message as a parameter in the first URL of the authentication server to obtain the second URL.
之后,当无线终端110收到暂时性重定向报文向认证服务器发送包含第二URL的第二HTTP请求报文时,即该无线终端110的操作系统的系统类型随着该第二URL一并带给了认证服务器。认证服务器收到该第二URL就获知了无线终端110的操作系统的系统类型,进而可以根据操作系统的不同推不同的门户认证页面。Then, when the wireless terminal 110 receives the temporary redirect message and sends the second HTTP request message including the second URL to the authentication server, the system type of the operating system of the wireless terminal 110 is merged with the second URL. Brought to the authentication server. After receiving the second URL, the authentication server knows the system type of the operating system of the wireless terminal 110, and can further push different portal authentication pages according to different operating systems.
如图6所示,本发明还提供了一种基于操作系统的门户认证页面自适应方法,具体,该门户认证页面自适应方法包括:S1无线终端110发送第一HTTP请求报文;S2无线接入点120截获第一HTTP请求报文,并基于该第一HTTP请求报文伪造生成暂时性重定向报文;S3无线接入点120将生成的暂时性重定向报文反馈回无线终端110;S4无线终端110基于接收到的暂时性重定向报文生成第二HTTP请求报文;S5门户认证服务器130接收第二HTTP请求报文,并基于第二HTTP请求报文自动推送相应的门户认证页面至无线终端110。 As shown in FIG. 6, the present invention further provides an operating system-based portal authentication page adaptation method. Specifically, the portal authentication page adaptation method includes: S1 wireless terminal 110 sends a first HTTP request message; S2 wireless connection The inbound point 120 intercepts the first HTTP request message, and generates a temporary redirection message based on the first HTTP request message spoofing; the S3 wireless access point 120 feeds the generated temporary redirection message back to the wireless terminal 110; The S4 wireless terminal 110 generates a second HTTP request message based on the received temporary redirect message; the S5 portal authentication server 130 receives the second HTTP request message, and automatically pushes the corresponding portal authentication page based on the second HTTP request message. To the wireless terminal 110.
具体来说,在该暂时性重定向报文中具体包含门户认证服务器130的第二URL,第二URL中包括无线终端110中操作系统所属系统类型的类型参数。无线终端110接收到该暂时性重定向报文之后,随即获取其中包含的第二URL,进而基于该第二URL重新生成第二HTTP请求报文。这样,认证服务器在接收到该第二HTTP请求报文后,就能获取其中包含的第二URL,进而得到该无线终端110中操作系统所属系统类型的类型参数。在一个具体实施例中,如果无线终端110中的操作系统为安卓系统,则认证服务器自动推送安卓系统对应的门户认证页面;如果无线终端110中的操作系统为IOS系统,则认证服务器自动推送相应的门户认证页面,以此类推。Specifically, the temporary redirect message specifically includes the second URL of the portal authentication server 130, and the second URL includes a type parameter of the system type to which the operating system belongs in the wireless terminal 110. After receiving the temporary redirect message, the wireless terminal 110 acquires the second URL included therein, and then regenerates the second HTTP request message based on the second URL. In this way, after receiving the second HTTP request message, the authentication server can obtain the second URL included in the second HTTP request message, and obtain the type parameter of the system type to which the operating system belongs in the wireless terminal 110. In a specific embodiment, if the operating system in the wireless terminal 110 is an Android system, the authentication server automatically pushes the portal authentication page corresponding to the Android system; if the operating system in the wireless terminal 110 is an IOS system, the authentication server automatically pushes the corresponding Portal authentication page, and so on.
更具体来说,在步骤S2中,具体包括:S21无线接入点120截获第一HTTP请求报文;S22无线接入点120基于预存的门户认证服务器130的第一URL和该无线终端110所属系统类型的类型参数生成第二URL,并基于该第二URL生成暂时性重定向报文。在步骤S3中,具体包括:S31无线接入点120基于其内置的门户认证服务器130的第一URL和该无线终端110所属系统类型的类型参数生成第二URL;S32无线接入点120基于该第二URL生成暂时性重定向报文。在步骤S5中,具体包括:S51门户认证服务器130接收第二HTTP;S52门户认证服务器130在第二HTTP中的第二URL提取出该无线终端110所属系统类型的类型参数;S53门户认证服务器130根据预存的不同操作系统类型与其对应的门户认证页面之间的关联关系推送相应的门户认证页面。More specifically, in step S2, the method specifically includes: the S21 wireless access point 120 intercepts the first HTTP request message; and the S22 wireless access point 120 is based on the pre-stored first URL of the portal authentication server 130 and the wireless terminal 110 The type parameter of the system type generates a second URL, and generates a temporary redirect message based on the second URL. In step S3, the method specifically includes: S31, the wireless access point 120 generates a second URL based on the first URL of the built-in portal authentication server 130 and the type parameter of the system type to which the wireless terminal 110 belongs; the S32 wireless access point 120 is based on the The second URL generates a temporary redirect message. In step S5, the method specifically includes: the S51 portal authentication server 130 receives the second HTTP; the S52 portal authentication server 130 extracts the type parameter of the system type to which the wireless terminal 110 belongs in the second URL in the second HTTP; and the S53 portal authentication server 130 The corresponding portal authentication page is pushed according to the association relationship between the pre-stored different operating system types and their corresponding portal authentication pages.
更具体来说,如图7所示,在步骤S1之前,还包括以下步骤:S11无线终端110监测其是否与无线接入点120建立连接;S12若无线终端110与无线接入点120建立连接,则无线终端110发送互联网地址请求报文;S13无线接入点120截获互联网地址请求报文,提取其中包含的预设选项字段中包含的子选项的排序;S14无线接入点120基于提取出的预设选项字段中包含的子选项的排序判定该无线终端110所属的系统类型并进行存储。More specifically, as shown in FIG. 7, before step S1, the method further includes the following steps: S11: the wireless terminal 110 monitors whether it establishes a connection with the wireless access point 120; and S12 establishes a connection between the wireless terminal 110 and the wireless access point 120. The wireless terminal 110 sends an Internet address request message; the S13 wireless access point 120 intercepts the Internet address request message, and extracts the order of the sub-options contained in the preset option field included therein; and the S14 wireless access point 120 extracts the The ordering of the sub-options contained in the preset option field determines the type of system to which the wireless terminal 110 belongs and stores it.
我们知道,不同的操作系统会把DHCP的option 55选项中的子项的特定排列顺序作为操作系统的特征(类似于指纹),这样每个操作系统的DHCP的option 55选项中的子项的特定排列顺序都是不一样的。在具体实施例中,无线 终端110和无线接入点120建立关联后,无线终端110随即会通过DHCP服务获取IP地址。由于无线终端110发送的所有报文都要通过无线接入点120,即无线接入点120可通过截获无线终端110的DHCP discovery报文来获知无线终端110的操作系统类型。We know that different operating systems will use the specific ordering of the subkeys in the option 55 of DHCP as a feature of the operating system (similar to a fingerprint), so that the subkeys in the option 55 of the DHCP option for each operating system are specific. The order of the rankings is different. In a specific embodiment, wireless After the terminal 110 and the wireless access point 120 are associated, the wireless terminal 110 then obtains an IP address through the DHCP service. Since all the packets sent by the wireless terminal 110 pass through the wireless access point 120, the wireless access point 120 can learn the type of the operating system of the wireless terminal 110 by intercepting the DHCP discovery message of the wireless terminal 110.
当无线终端110在门户认证前,第一次进行HTTP请求时(发送第一HTTP请求报文),无线接入点120会截获该HTTP报文并伪造暂时性重定向报文发送给无线终端110,其中,该暂时性重定向报文中包含门户认证的第二URL,且在该第二URL中包括已获知的无线终端110操作类型信息。When the wireless terminal 110 performs the HTTP request for the first time (the first HTTP request message is sent), the wireless access point 120 intercepts the HTTP message and spoofs the temporary redirect message to the wireless terminal 110. The temporary redirect message includes a second URL of the portal authentication, and the learned wireless terminal 110 operation type information is included in the second URL.
当无线终端110收到暂时性重定向报文向认证服务器发送第二HTTP请求报文时,会在该第二HTTP请求报文中包含这个第二URL。这样,认证服务器收到这个第二URL就获知了无线终端110的操作系统类型,可以根据操作系统的不同推不同的Portal页面。如IOS系统的门户认证页面和安卓系统的门户认证页面不同。When the wireless terminal 110 receives the temporary redirect message and sends the second HTTP request message to the authentication server, the wireless terminal 110 includes the second URL in the second HTTP request message. In this way, the authentication server receives the second URL and knows the operating system type of the wireless terminal 110, and can push different Portal pages according to different operating systems. For example, the portal authentication page of the IOS system is different from the portal authentication page of the Android system.
应当说明的是,上述实施例均可根据需要自由组合。以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。 It should be noted that the above embodiments can be freely combined as needed. The above description is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should be considered as the scope of protection of the present invention.

Claims (10)

  1. 一种基于操作系统的门户认证页面自适应系统,其特征在于,所述门户认证页面自适应系统中包括:内置操作系统的无线终端、无线接入点以及门户认证服务器,其中,An operating system-based portal authentication page adaptive system, wherein the portal authentication page adaptive system includes: a wireless terminal with a built-in operating system, a wireless access point, and a portal authentication server, where
    所述无线接入点,与所述无线终端无线连接,所述无线接入点截获所述无线终端发送的第一超文本传输协议请求报文,并基于所述第一超文本传输协议请求报文伪造暂时性重定向报文并反馈至所述无线终端;所述暂时性重定向报文中具体包含所述门户认证服务器的第二统一资源定位符,所述第二统一资源定位符中包括无线终端中操作系统所属系统类型的类型参数;The wireless access point is wirelessly connected to the wireless terminal, and the wireless access point intercepts a first hypertext transfer protocol request message sent by the wireless terminal, and requests a report according to the first hypertext transfer protocol. The spoofing the temporary redirection packet and the feedback to the wireless terminal; the temporary redirection packet specifically includes the second uniform resource locator of the portal authentication server, where the second uniform resource locator includes Type parameter of the system type to which the operating system belongs in the wireless terminal;
    所述门户认证服务器,与所述无线接入点通信连接,所述门户认证服务器经由所述无线接入点接收所述无线终端发送的包含所述第二统一资源定位符的第二超文本传输协议请求报文,进而自动推送相应的门户认证页面至所述无线终端。The portal authentication server is in communication with the wireless access point, and the portal authentication server receives, by the wireless access point, a second hypertext transmission including the second uniform resource locator sent by the wireless terminal. The protocol requests the message, and then automatically pushes the corresponding portal authentication page to the wireless terminal.
  2. 如权利要求1所述的门户认证页面自适应系统,其特征在于,所述无线接入点中包括:第一控制模块、报文截取模块、第一报文生成模块、第一存储模块以及报文发送模块,其中,The portal authentication page adaptation system of claim 1 , wherein the wireless access point comprises: a first control module, a packet interception module, a first packet generation module, a first storage module, and a report Text sending module, wherein
    所述第一存储模块,与所述第一控制模块连接,所述第一存储模块中预存门户认证服务器的第一统一资源定位符和该无线终端所属系统类型的类型参数;The first storage module is connected to the first control module, and the first storage module prestores a first uniform resource locator of the portal authentication server and a type parameter of a system type to which the wireless terminal belongs;
    所述报文截取模块,与所述第一控制模块连接,所述报文截取模块在所述第一控制模块的控制下截取无线终端发送的第一超文本传输协议请求报文;The packet intercepting module is connected to the first control module, and the packet intercepting module intercepts the first hypertext transfer protocol request message sent by the wireless terminal under the control of the first control module;
    所述第一报文生成模块,分别与所述报文截取模块、第一存储模块和第一控制模块连接,所述第一报文生成模块在所述第一控制模块的控制下,基于第一存储模块中存储的门户认证服务器的第一统一资源定位符和该无线终端所属系统类型的类型参数生成第二统一资源定位符,并基于该第二统一资源定位符生成暂时性重定向报文;The first packet generating module is respectively connected to the packet intercepting module, the first storage module, and the first control module, and the first packet generating module is controlled by the first control module. a first uniform resource locator of the portal authentication server and a type parameter of the system type to which the wireless terminal belongs to generate a second uniform resource locator, and generate a temporary redirect message based on the second uniform resource locator ;
    所述报文发送模块,分别第一报文生成模块和第一控制模块连接,所述 报文发送模块用于发送暂时性重定向报文。The packet sending module is respectively connected to the first packet generating module and the first control module, where The message sending module is configured to send a temporary redirect message.
  3. 如权利要求1所述的门户认证页面自适应系统,其特征在于,所述认证服务器中包括:第二控制模块、第二存储模块、报文接收模块以及门户认证页面反馈模块,其中,The portal authentication page adaptation system according to claim 1, wherein the authentication server comprises: a second control module, a second storage module, a message receiving module, and a portal authentication page feedback module, wherein
    所述第二存储模块,与所述第二控制模块连接,所述第二存储模块中预存不同操作系统类型与其对应的门户认证页面之间的关联关系;The second storage module is connected to the second control module, and the second storage module prestores an association relationship between different operating system types and a corresponding portal authentication page;
    所述报文接收模块,与所述第二控制模块连接,所述报文接收模块在所述第二控制模块的控制下接收无线终端发送的第二超文本传输协议请求报文;The message receiving module is connected to the second control module, and the message receiving module receives the second hypertext transfer protocol request message sent by the wireless terminal under the control of the second control module;
    所述门户认证页面反馈模块,分别与所述报文接收模块、第二存储模块以及第二控制模块连接,所述门户认证页面反馈模块在所述第二控制模块的控制下,基于所述第二超文本传输协议中第二统一资源定位符和第二存储模块中预存的不同操作系统类型与其对应的门户认证页面之间的关联关系反馈相应的门户认证页面。The portal authentication page feedback module is respectively connected to the packet receiving module, the second storage module, and the second control module, and the portal authentication page feedback module is controlled by the second control module, based on the The second uniform resource locator in the second hypertext transfer protocol and the association relationship between the different operating system types pre-stored in the second storage module and the corresponding portal authentication page are fed back to the corresponding portal authentication page.
  4. 如权利要求2或3所述的门户认证页面自适应系统,其特征在于,所述无线终端中包括:监测模块、报文收发模块、第二报文生成模块和第三控制模块,其中,The portal authentication page adaptation system according to claim 2 or 3, wherein the wireless terminal comprises: a monitoring module, a packet transceiver module, a second packet generation module, and a third control module, wherein
    所述监测模块,与所述第三控制模块连接,所述监测模块在所述第三控制模块的控制下监测无线终端是否与无线接入点建立连接;The monitoring module is connected to the third control module, and the monitoring module monitors whether the wireless terminal establishes a connection with the wireless access point under the control of the third control module;
    所述报文收发模块,分别与所述监测模块和所述第三控制模块连接,所述报文收发模块在所述第三控制模块的控制下,发送互联网地址请求报文以及接收所述无线接入点反馈的暂时性重定向报文;The packet sending and receiving module is respectively connected to the monitoring module and the third control module, and the packet sending and receiving module sends an Internet address request message and receives the wireless under the control of the third control module. Temporary redirect message fed back by the access point;
    所述第二报文生成模块,分别与所述监测模块、报文收发模块以及第三控制模块连接,所述第二报文生成模块基于所述监测模块的监测结果生成第一超文本传输协议请求报文及基于所述报文收发模块接收到的暂时性重定向报文生成第二超文本传输协议请求报文。The second packet generating module is respectively connected to the monitoring module, the packet sending and receiving module, and the third control module, and the second packet generating module generates a first hypertext transfer protocol based on the monitoring result of the monitoring module. The request message and the second hypertext transfer protocol request message are generated based on the temporary redirect message received by the message sending and receiving module.
  5. 如权利要求4所述的门户认证页面自适应系统,其特征在于,所述无线接入点中,所述第一存储模块中还预存有不同操作系统与互联网地址请求报 文中预设选项字段中子选项排序的关联关系。The portal authentication page adaptation system according to claim 4, wherein in the wireless access point, different operating systems and Internet address request reports are pre-stored in the first storage module. The association of sub-option sorting in the preset option field in the text.
  6. 如权利要求5所述的门户认证页面自适应系统,其特征在于,所述无线接入点还包括:信息提取模块和系统类型判定模块,其中,The portal authentication page adaptation system of claim 5, wherein the wireless access point further comprises: an information extraction module and a system type determination module, wherein
    所述信息提取模块,分别与所述报文截取模块和第一控制模块连接,所述信息提取模块基于所述报文截取模块截取到的互联网地址请求报文提取其中包含的预设选项字段中包含的子选项的排序;The information extraction module is respectively connected to the packet intercepting module and the first control module, and the information extracting module extracts the preset option field included in the Internet address request packet intercepted by the packet intercepting module. The sorting of the included suboptions;
    所述系统类型判定模块,分别与所述信息提取模块、第一存储模块和第一控制模块连接,所述系统类型判定模块基于所述信息提取模块提取的预设选项字段中包含的子选项的排序判定该无线终端所属的系统类型,并将其存储在第一存储模块中。The system type determining module is respectively connected to the information extracting module, the first storage module, and the first control module, and the system type determining module is based on the sub-options included in the preset option field extracted by the information extracting module. The sort determines the type of system to which the wireless terminal belongs and stores it in the first storage module.
  7. 一种基于操作系统的门户认证页面自适应方法,其特征在于,所述门户认证页面自适应方法包括:An operating system-based portal authentication page adaptation method, wherein the portal authentication page adaptation method comprises:
    S1无线终端发送第一超文本传输协议请求报文;The S1 wireless terminal sends the first hypertext transfer protocol request message;
    S2无线接入点截获所述第一超文本传输协议请求报文,并基于所述第一超文本传输协议请求报文伪造生成暂时性重定向报文;The S2 wireless access point intercepts the first hypertext transfer protocol request message, and generates a temporary redirect message based on the first hypertext transfer protocol request message forgery;
    S3无线接入点将生成的暂时性重定向报文反馈回无线终端;The S3 wireless access point feeds back the generated temporary redirection packet to the wireless terminal.
    S4无线终端基于接收到的暂时性重定向报文生成第二超文本传输协议请求报文;The S4 wireless terminal generates a second hypertext transfer protocol request message based on the received temporary redirect message;
    S5门户认证服务器接收所述第二超文本传输协议请求报文,并基于所述第二超文本传输协议请求报文自动推送相应的门户认证页面至所述无线终端。The S5 portal authentication server receives the second hypertext transfer protocol request message, and automatically pushes a corresponding portal authentication page to the wireless terminal based on the second hypertext transfer protocol request message.
  8. 如权利要求7所述的门户认证页面自适应方法,其特征在于,所述暂时性重定向报文中具体包含所述门户认证服务器的第二统一资源定位符,所述第二统一资源定位符中包括无线终端中操作系统所属系统类型的类型参数。The portal authentication page adaptation method according to claim 7, wherein the temporary redirect message specifically includes a second uniform resource locator of the portal authentication server, and the second uniform resource locator The type parameter of the system type to which the operating system belongs in the wireless terminal is included.
  9. 如权利要求8所述的门户认证页面自适应方法,其特征在于,The portal authentication page adaptation method according to claim 8, wherein
    在步骤S2中,具体包括:In step S2, the method specifically includes:
    S21无线接入点截获所述第一超文本传输协议请求报文;The S21 wireless access point intercepts the first hypertext transfer protocol request message;
    S22无线接入点基于预存的门户认证服务器的第一统一资源定位符和该 无线终端所属系统类型的类型参数生成第二统一资源定位符,并基于该第二统一资源定位符生成暂时性重定向报文;The S22 wireless access point is based on the first uniform resource locator of the pre-stored portal authentication server and the Generating a second uniform resource locator for the type parameter of the system type to which the wireless terminal belongs, and generating a temporary redirect message based on the second uniform resource locator;
    和/或,在步骤S3中,具体包括:And/or, in step S3, specifically:
    S31无线接入点基于其内置的门户认证服务器的第一统一资源定位符和该无线终端所属系统类型的类型参数生成第二统一资源定位符;The S31 wireless access point generates a second uniform resource locator based on the first uniform resource locator of the built-in portal authentication server and the type parameter of the system type to which the wireless terminal belongs;
    S32无线接入点基于该第二统一资源定位符生成暂时性重定向报文;The S32 wireless access point generates a temporary redirect message based on the second uniform resource locator;
    和/或,在步骤S5中,具体包括:And/or, in step S5, specifically:
    S51门户认证服务器接收所述第二超文本传输协议;Receiving, by the S51 portal authentication server, the second hypertext transfer protocol;
    S52门户认证服务器在所述第二超文本传输协议中的第二统一资源定位符提取出该无线终端所属系统类型的类型参数;The S52 portal authentication server extracts a type parameter of a system type to which the wireless terminal belongs in the second uniform resource locator in the second hypertext transfer protocol;
    S53门户认证服务器根据预存的不同操作系统类型与其对应的门户认证页面之间的关联关系推送相应的门户认证页面。The S53 portal authentication server pushes the corresponding portal authentication page according to the association relationship between the pre-stored different operating system types and the corresponding portal authentication page.
  10. 如权利要求7或8或9所述的门户认证页面自适应方法,其特征在于,在步骤S1之前,还包括以下步骤:The portal authentication page adaptation method according to claim 7 or 8 or 9, wherein before step S1, the method further comprises the following steps:
    S11无线终端监测其是否与无线接入点建立连接;The S11 wireless terminal monitors whether it establishes a connection with the wireless access point;
    S12若无线终端与无线接入点建立连接,则所述无线终端发送互联网地址请求报文;S12: If the wireless terminal establishes a connection with the wireless access point, the wireless terminal sends an Internet address request message;
    S13无线接入点截获所述互联网地址请求报文,提取其中包含的预设选项字段中包含的子选项的排序;The S13 wireless access point intercepts the Internet address request message, and extracts a sequence of sub-options included in the preset option field included therein;
    S14无线接入点基于提取出的预设选项字段中包含的子选项的排序判定该无线终端所属的系统类型并进行存储。 The S14 wireless access point determines the system type to which the wireless terminal belongs based on the sorting of the sub-options included in the extracted preset option field and stores the system type.
PCT/CN2017/077407 2016-04-22 2017-03-21 Adaptive portal authentication page system based on operating system, and method for same WO2017181800A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610254820.2A CN105933900A (en) 2016-04-22 2016-04-22 Portal authentication page self-adaptive system based on operating system and method thereof
CN201610254820.2 2016-04-22

Publications (1)

Publication Number Publication Date
WO2017181800A1 true WO2017181800A1 (en) 2017-10-26

Family

ID=56839743

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/077407 WO2017181800A1 (en) 2016-04-22 2017-03-21 Adaptive portal authentication page system based on operating system, and method for same

Country Status (2)

Country Link
CN (1) CN105933900A (en)
WO (1) WO2017181800A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327599A (en) * 2020-01-21 2020-06-23 新华三信息安全技术有限公司 Authentication process processing method and device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933900A (en) * 2016-04-22 2016-09-07 上海斐讯数据通信技术有限公司 Portal authentication page self-adaptive system based on operating system and method thereof
CN106447580A (en) * 2016-10-10 2017-02-22 天津泰达城市轨道投资发展有限公司 Display method based on rail transit construction safety risk management and control platform and display device thereof
CN107809427A (en) * 2017-10-26 2018-03-16 迈普通信技术股份有限公司 Page push method, apparatus, system and information acquisition method, device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1143679A2 (en) * 2000-04-07 2001-10-10 International Business Machines Corporation A conversational portal for providing conversational browsing and multimedia broadcast on demand
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN101702717A (en) * 2009-11-24 2010-05-05 杭州华三通信技术有限公司 Method, system and equipment for authenticating Portal
CN101778168A (en) * 2010-02-05 2010-07-14 中国电信股份有限公司 Method and system for optimization display of wed pages on browser of mobile terminal
CN105933900A (en) * 2016-04-22 2016-09-07 上海斐讯数据通信技术有限公司 Portal authentication page self-adaptive system based on operating system and method thereof

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355566A (en) * 2008-09-04 2009-01-28 中兴通讯股份有限公司 Method and system for down transmitting strongly-pushing page information through remote authentication dialing user server
CN102932785B (en) * 2011-08-12 2015-07-01 中国移动通信集团浙江有限公司 Rapid authentication method, system and equipment of wireless local area network
CN103634794B (en) * 2013-10-30 2019-04-26 邦讯技术股份有限公司 By the WLAN terminal personal identification method for integrating Portal
CN103747000B (en) * 2014-01-13 2017-08-25 深信服科技股份有限公司 Access the authentication method and device of wireless network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1143679A2 (en) * 2000-04-07 2001-10-10 International Business Machines Corporation A conversational portal for providing conversational browsing and multimedia broadcast on demand
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN101702717A (en) * 2009-11-24 2010-05-05 杭州华三通信技术有限公司 Method, system and equipment for authenticating Portal
CN101778168A (en) * 2010-02-05 2010-07-14 中国电信股份有限公司 Method and system for optimization display of wed pages on browser of mobile terminal
CN105933900A (en) * 2016-04-22 2016-09-07 上海斐讯数据通信技术有限公司 Portal authentication page self-adaptive system based on operating system and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327599A (en) * 2020-01-21 2020-06-23 新华三信息安全技术有限公司 Authentication process processing method and device
CN111327599B (en) * 2020-01-21 2022-05-27 新华三信息安全技术有限公司 Authentication process processing method and device

Also Published As

Publication number Publication date
CN105933900A (en) 2016-09-07

Similar Documents

Publication Publication Date Title
CN110300117B (en) IOT device and user binding authentication method, device and medium
US11831629B2 (en) Server for providing a token
US8079076B2 (en) Detecting stolen authentication cookie attacks
CN104158808B (en) Portal authentication method and its device based on APP applications
KR101095447B1 (en) Apparatus and method for preventing distributed denial of service attack
CN106603491B (en) Portal authentication method based on https protocol and router
EP3297243B1 (en) Trusted login method and device
WO2017181800A1 (en) Adaptive portal authentication page system based on operating system, and method for same
CN103825881B (en) The reorientation method and device of WLAN user are realized based on wireless access controller AC
CN102710667B (en) Method for realizing Portal authentication server attack prevention and broadband access server
CN105873055B (en) Wireless network access authentication method and device
CN106559405B (en) Portal authentication method and equipment
CN103796278A (en) Mobile terminal wireless network access control method
CN110557358A (en) Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related device
CN110505188B (en) Terminal authentication method, related equipment and authentication system
CN105991518A (en) Network access authentication method and device
WO2018036415A1 (en) Authentication proxy method, apparatus and device
CN102469069A (en) Method and device for preventing portal authentication attack
CN112311766B (en) Method and device for acquiring user certificate and terminal equipment
EP3963862B1 (en) Intermediary handling of identity services to guard against client side attack vectors
CN105357209A (en) WEB authentication method and WEB authentication device
CN107395582A (en) Portal authentication devices and system
CN107634969B (en) Data interaction method and device
CN106789884A (en) A kind of portal authentication method and system
CN110856145A (en) IOT device and user binding method, device and medium based on near field authentication

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17785285

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17785285

Country of ref document: EP

Kind code of ref document: A1