CN101232372A - Authentication method, authentication system and authentication device - Google Patents
Authentication method, authentication system and authentication device Download PDFInfo
- Publication number
- CN101232372A CN101232372A CNA2007100026904A CN200710002690A CN101232372A CN 101232372 A CN101232372 A CN 101232372A CN A2007100026904 A CNA2007100026904 A CN A2007100026904A CN 200710002690 A CN200710002690 A CN 200710002690A CN 101232372 A CN101232372 A CN 101232372A
- Authority
- CN
- China
- Prior art keywords
- authentication
- requester
- authenticator
- request
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an authentication method, which comprises the following steps that: an authentication requester firstly sends an authentication request to an authenticator who provides access service; the authenticator forwards the sending first-time authentication request to an authentication server which storages the information of the authentication requester; the authentication server informs the authenticator about the authentication information of the authentication requester after the successful authentication of the first-time authentication request; when the authentication requester sends the authentication request again, the authenticator utilizes the authentication information to carry out the local authentication of the authentication requester. The invention further provides an authentication system and an authentication device.
Description
Technical field
The present invention relates to the communications field, more specifically, relate to authentication method, Verification System and authenticate device.
Background technology
Along with the high speed development of internet (Internet), broadband access technology emerges in an endless stream, and wherein Ethernet is because its higher performance has occupied most of market of broadband access gradually.Personal computer can link to each other with Ethernet switch by wired mode, perhaps by wireless mode and WAP (wireless access point) (Access Point, be called for short AP) link to each other, receive in the core net by ethernet line again, as intranet or metropolitan area network etc., but traditional Ethernet access way lacks manageability, can't realize the functions such as authentication to the user.Operator can only adopt the mode of monthly payment that the user is chargeed, and all there is unfairness to a certain extent in this concerning user and operator.The several frequently seen Ethernet cut-in method of Chu Xianing subsequently, wherein a kind of is exactly 802.1x agreement by the exploitation of IEEE (Institute of Electrical andElectronics Engineers, Institute of Electrical and Electronics Engineers) 802 working groups.Being typically provided with the long-distance user in network dials in authentication service (RemoteAuthentication Dialin User service abbreviates RADIUS as) certificate server and comes the legitimacy of authenticating computer user identity.In the networking of reality, personal computer can directly be connected on the Ethernet switch, also can be cascaded on the Ethernet switch by hub, ethernet switching device etc., can also pass through asymmetric digital subscriber line (AsymmetricDigital Subscriber Line, be called for short ADSL) and DSLAM equipment (DigitalSubscriber Line Access Multiplexer, the digital subscriber line access and multiplexing device) link to each other, what wherein transmit in adsl line is the message of ethernet format.In WLAN (wireless local area network), can adopt wireless ethernet agreements such as IEEE 802.11,802.11a, 802.11b, 802.11g to connect personal computer and wireless network access point.
Extensible Authentication Protocol (Extensible Authentication Protocol, abbreviation EAP) authentication is to be peer-peer protocol (Point-to-Point Protocol, abbreviation PPP) a kind of new authentication framework of design, can comprise multiple authentication method, such as EAP-MD5 (Message Digest 5 commonly used, eap-message digest 5, a kind of cryptographic algorithm), EAP-TLS (Transport Layer Security, Transport Layer Security), LEAP (LightweightExtensible Authentication Protocol, but light power extended authentication agreement), OTP (oneTime Password, disposal password), SIM (Subscriber Identification Module, Subscriber Identity Module) or the like.Yet, the concrete authentication method of knowing at present of under this authentication architecture of EAP, developing, often different with existence on the complexity in fail safe.When complexity is big more, the resource that expends is then many more, and the process of authentication then is very complicated more, and fail safe is also just high more so, and vice versa.
802.1x agreement is called the access-control protocol based on port, it is a kind of authentication protocol based on ethernet technology, 802.1x with its protocol security, realization characteristic of simple, for using ADSL, VDSL, local area network (LAN) (Local Area Network, abbreviation LAN), the user of WLAN (wireless local area network) multiple broadband access methods such as (Wireless Local Area Network are called for short WLAN) provides authentication mode.802.1x EAPOL is provided the encapsulation of (EAP overLAN, local area network (LAN) carrying EAP agreement), and the framework that supports the EAP authentication.
802.1x the application architecture 100 of agreement as shown in Figure 1, comprising: authentication requester 10, authenticator 20 and certificate server 30.
Authentication requester is generally client terminal system, can be an entity that is positioned at local area network (LAN) or WLAN (wireless local area network) point-to-point link one end.Usually authentication requester software will be installed, the user initiates the verification process of 802.1x agreement by starting this authentication requester software.For supporting the access control based on port, authentication requester need be supported the EAPOL agreement.
The authenticator is generally the network equipment of supporting the 802.1x agreement, can be the entity that is positioned at the local area network (LAN) or the online point-to-point link other end of wireless local.Authentication requester is by the network access port of authenticator's access to LAN, and this network access port can be authenticator's a physical port, also can be medium access control (Media Access Control the is called for short MAC) address of authentication requester.Network access port is divided into two empty ports: controlled ports 22 and uncontrolled port 24 (controlled ports is that port of opening, but not controlled ports is that closed port).Uncontrolled port is in the diconnected state all the time, is mainly used to transmit the EAPOL message identifying, and authentication can be sent or accept to the assurance authentication requester all the time.Controlled ports then is used for the business transferring message, gets clogged under unauthorized state, is communicated with under licensing status.For adapting to different applied environments, the controlled direction of the operation of controlled ports can be configured to bi-direction controlled and unidirectional controlled dual mode.Among Fig. 1, authenticator's controlled ports is in unverified, unauthorized state, so the service that can't the access registrar person provides of authentication requester.
Certificate server is generally radius server, be used to store the information of relevant authentication requester, username and password such as authentication requester, and the right parameter of authentication requester etc., Access Control List (ACL) of committed access rate (Committed Access Rate, be called for short CAR) parameter, priority, authentication requester or the like for example.After certificate server authenticates authentication requester by certain authentication method, certificate server can pass to the authenticator to the relevant information of authentication requester, make up dynamic Access Control List (ACL) by the authenticator, the follow-up flow of authentication requester is accepted the supervision and the control of above-mentioned parameter.
Authenticator's port authentication entity communicates by uncontrolled port and authentication requester port authentication entity, operation EAPOL agreement between the two; Operation EAP agreement between authenticator's port authentication entity and the certificate server.If authenticator and certificate server are integrated in the same system, the EAP agreement can not be adopted in communication so between the two, and any concrete authentication method can be according to fail safe and user's needs selection under the EAP framework as for adopting.In the 802.1x agreement, used the EAP authentication mode.The user provides authentication informations such as user name, user cipher, by certain EAP authentication mode that comprises in the 802.1x agreement, carries out the authentication of user identity legitimacy to the authenticator.Receive user's authentication information as the authenticator after, can to the certificate server of correspondence, authenticate by EAP (EAP overRADIUS the is called for short EAPOR) agreement that is carried on the radius protocol.
Be that example is described the 802.1x authentication method below with EAP-MD5.During actual the use, can use the authentication method of all EAP.Fig. 2 is the schematic diagram according to the EAP-MD5 authentication method of prior art.Idiographic flow is as follows:
1) after having set up physical connection between user and the authenticator, user authentication request person begins message to the authenticator EAPOL that to send a destination address be multicast address 01-80-C2-00-00-03, and beginning 802.1x inserts;
2) authenticator is the EAP request message of authentication requester address to authentication requester transmission destination address, requires authentication requester that user name is reported up;
3) authentication requester is responded the request that an EAP response message is given the authenticator, comprising user name;
4) authenticator sends the access request message with the message format of EAP Over RADIUS to the RADIUS authentication server, and the EAP response message that has user name that authentication requester is issued the authenticator is contained in the inside, submits user name to the RADIUS authentication server;
5) the RADIUS authentication server produces the challenge word of a 128bit;
6) one of RADIUS authentication server response authenticator inserts challenge word message, and EAP challenge word request message is contained in the inside, gives the challenge word of authenticator user's correspondence;
7) authenticator sends to authentication requester by having the EAP request message of challenging word, gives the user and challenges word;
8) after authentication requester is received and had the EAP request message of challenging word, password is generated the challenge word that has password with challenging after the MD5 algorithm done in word, in the EAP response message, comprise the challenge word that has password and in response, it is sent to the authenticator;
9) authenticator's challenge word that will have a password is delivered to radius user's certificate server by inserting request message, is authenticated by the RADIUS authentication server;
10) radius user's certificate server judges according to user profile whether the user is legal, responds authentication success/failure message then to the authenticator; If consultation parameter is carried in success, and user's related service attribute is given subscriber authorisation;
11) authenticator gives user response EAP authentication success/failure message according to authentication result, notice authentification of user result; If authentification failure, then flow process leaves it at that; If success then can be carried out flow processs such as follow-up mandate, charging.
Authentication requester is by after the 802.1x authentication success, and the user has just enjoyed the right that he should enjoy, and for example can be linked in campus area network or the metropolitan area network, then is linked among the INTERNET.When the user does not want to continue to enjoy this right, authentication requester sends the message notifying authenticator of rolling off the production line, the authenticator receives that this message is just closed controlled ports so that stop user's right, and announce this user to certificate server and ask to roll off the production line, after certificate server receives that the authenticator transmits the next message that rolls off the production line, cooperate equipment such as DHCP (Dynamic HostConfiguration Protocol, DHCP) server and charging center to finish the recovery operation and the work of charging termination of IP address.
But work as authentication requester, for example be that a personal computer is because reasons such as deadlock or outage roll off the production line suddenly, have little time to send and roll off the production line message to the authenticator, cause authenticator and certificate server can't learn that this user rolls off the production line, and then can't notify recovery that Dynamic Host Configuration Protocol server and charging center carry out the IP address and the termination work that this user is chargeed, this will bring loss to operator and user.In order to address this problem, provide following several solutions in the correlation technique:
Relevant solution one:
At present most producers adopt in the practical application is that a kind of mechanism of query/response is discovered as the user and do not sent rolling off the production line suddenly under the message situation that rolls off the production line.Specific implementation has following several mode, mainly is divided into the authenticator and initiatively sends query message and authentication requester and initiatively be sent in two kinds of situations of report from a liner literary composition.
1) authenticator initiatively sends query message: the authenticator regularly sends query message, inquires whether specific user is online, and interlude can be set by software, is generally 30 seconds; After authentication requester was received authenticator's query message, it was also online with notification authentication person oneself to send response message to the authenticator, and the authenticator receives the response message of authentication requester, will be at the dead timer zero setting again of this authentication requester.For fear of may not receiving because some unkownable factors cause authentication requester to send the response message authenticator, so generally speaking, the time of dead timer is three times of transmission query message time, that is to say that the authenticator sends the response message of also not receiving authentication requester after three query messages, the authenticator just thinks that this authentication requester rolls off the production line so, close controlled ports so that stop user's right, the notification authentication server is regained the IP address and is stopped this user's charging.
2) authentication requester initiatively is sent in the report from a liner literary composition: authentication requester regularly is sent in the report from a liner literary composition, and authenticator oneself is also online in announcement, and can set blanking time by software, is generally 30 seconds; After the authenticator receives the online message of authentication requester, will be at the dead timer zero setting again of this authentication requester.For fear of may not receiving because of the online message authentication person that some unkownable factors cause authentication requester to send, so generally speaking the time of dead timer is three times that authentication requester is sent in the report from a liner literary composition time, when the death time is zero, the authenticator just thinks that this authentication requester rolls off the production line so, close controlled ports so that stop user's right, the notification authentication server is regained the IP address and is stopped this user's charging.
The defective of relevant solution one is that real-time is not strong, and response message or online message are not authenticated, and may cause safety problem.Give an example, after certain user is through authentication, the switch or the AP that are attached thereto have opened controlled ports, and go offline suddenly as this user, thereby same network or another disabled user who monitors on one side can be by falsely using this user MAC Address and forge response message or online message reaches and falsely uses all rights that the original subscriber enjoys the original subscriber.
Do not authenticate the defective not strong at relevant a pair of response message of solution or online message, proposed following solution two and three in the correlation technique with real-time.
Relevant solution two:
Do not authenticate at response message or online message, this programme authenticates response message or online message, the most completely method be exactly termly authentication requester authenticate again.Such first can guarantee that the user who passes through is legal, and second can determine that also legal users is online.Usually, re-authentication is to be initiated by the authenticator, need define a timer of initiating the re-authentication flow process like this in the authenticator; Certainly the re-authentication flow process also can be initiated by authentication requester.Fig. 3 shows the re-authentication flow process according to relevant solution two, because this flow process and identifying procedure is basic identical first, so no longer elaborate here.
Yet the re-authentication flow process of scheme two has caused following problem with identifying procedure is identical first: the burden that the first, has increased authentication requester; The second, the message number is various, and interaction times is frequent, has increased the burden of network; Three, the message number is various, and interaction times is frequent, causes the re-authentication time longer; Four, increased the burden of certificate server, generally speaking, certificate server is to manage a large amount of users' simultaneously, original only is the participation that needs certificate server when the user reaches the standard grade and rolls off the production line, after adopting re-authentication, suppose that the re-authentication timer is 30 seconds, just need authenticate once in so per 30 seconds that certificate server may can't bear the heavy load to the user.
Relevant solution three:
Not strong at the property carried out, the method that provides a kind of user to roll off the production line Real-time Notification suddenly in the correlation technique.
As shown in Figure 4, authentication requester (personal computer) 12 (also can be other intermediate equipment by IP PHONE 18, for example hub or switch) be connected on the authenticator 16, pass through the authentication of certificate server 20 and enjoy the access right, when authentication requester 12 or link 22 break down, authenticator 16 can't discover (if do not use above-mentioned scheme one scheme two, only 802.1x can't discover), provide a kind of in this scheme and discovered the mechanism that authentication requester 12 rolls off the production line by IP PHONE (IP phone) 18.When IP PHONE 18 finds that authentication requester 12 or link 22 break down, it is that the message that rolls off the production line (forgery can send the off-line message bag that source MAC is an authentication requester 12 by IP PHONE 18) that authentication requester 12 sends is announced rolling off the production line of oneself that IP PHONE 18 is forged into to authenticator's 16 one of transmission, and authenticator 16 informs that certificate server 20 carries out the recovery of IP address and the termination of charging afterwards.
Such scheme does not have large-scale application at present, and its requirement is upgraded to equipment all between authenticator and the authentication requester, does not therefore possess practicable operability.
Relevant solution four:
At the shortcoming of the increase certificate server in the scheme two burden, provide a kind of method of authentication server proxies to alleviate the burden of certificate server in the correlation technique.
As shown in Figure 6, between AP and Radius server, introduce the Radius agency, this agency is the Radius server for the AP point, it for the Radius server AP point, when between AP and Radius server, communicating by letter, intercept, and note the Radius server and issue authenticate key material that AP orders as when mobile terminal locations changes, send the re-authentication request to another AP, this asks on the Radius agency another AP to the Radius server forwards, the Radius agency searches its data storehouse, see if there is the authenticate key material of this portable terminal,, then serve as the Radius server and send the authenticate key material to AP if having, if no, to the re-authentication request of this portable terminal of Radius server forwards.
Increased a device authentication server agent in this scheme, in network, increase an equipment increase the complexity of network, simultaneously also reduced fail safe, and when following a plurality of AP or authenticator below the authentication server proxies, over-burden can to cause authentication server proxies equally.
Therefore, need the roll off the production line technical scheme of problem of a kind of solution that alleviates the certificate server burden of exploitation.
Summary of the invention
Consider the shortcoming of front prior art, the invention provides a kind of authenticator of utilization and carry out authentication method, system and the device that local authentication alleviates the burden of certificate server and accelerates re-authentication speed.
In an embodiment of the present invention, provide a kind of authentication method, may further comprise the steps: authentication requester is initiated authentication request to the authenticator that access service is provided first; The authenticator is transmitted to the authentication request of initiating first the certificate server of the information of the relevant authentication requester of storage; Certificate server is informed the authenticator to after authentication request is carried out authentication success first with the authentication information of authentication requester; And when authentication requester once more when the authenticator initiates authentication request, the authenticator utilizes authentication information that authentication requester is carried out local authentication.
In above-mentioned authentication method, the authenticator utilizes authentication information that authentication requester is carried out local authentication and may further comprise the steps: the authentication information that the authenticator informs certificate server is stored in this locality, and authentication information comprises the sign of authentication requester; When authentication requester once more when the authenticator initiates authentication request, the authenticator utilizes sign to retrieve authentication information from this locality, and authentication requester is authenticated.
In above-mentioned authentication method, authentication information comprises the password of authentication requester and the authentication mode of certificate server and authentication requester employing.
In above-mentioned authentication method, the authenticator utilizes sign to retrieve authentication information from this locality, authentication requester is authenticated may further comprise the steps: the authenticator utilizes authentication mode to the information of authentication request and the password of local authentication requester of being preserved compare checking once more.
In above-mentioned authentication method, authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
In above-mentioned authentication method, certificate server comprises that the long-distance user dials in the authentication service certificate server, and whether authentication request to be used to detect authentication requester online once more.
In above-mentioned authentication method, the 802.1x agreement is adopted in the communication between authenticator and the certificate server, and the authenticator comprises a plurality of WAP (wireless access point), and authentication request is used for the switching of authentication requester between a plurality of authenticators once more.
In above-mentioned authentication method, it is further comprising the steps of: when the authenticator receives the authentication request of authentication requester, search in self database,, otherwise determine that authentication request is an authentication request first if having then determine that authentication request is not an authentication request first.
In above-mentioned authentication method, further comprising the steps of: as in the authentication request that authentication requester is initiated, to comprise the information of originally on which authenticator, having passed through authentication about authentication requester; And the authenticator is when receiving the authentication request of authentication requester, utilizes information to judge that whether authentication request is authentication request first.
In an embodiment of the present invention, also provide a kind of Verification System, having comprised: authentication requester is used to initiate authentication request; The authenticator, it is used for providing access service to authentication requester, if the authentication request that authentication requester is initiated is an authentication request first, the certificate server that is transmitted to the information of the relevant authentication requester of storage is handled, if authentication request once more, then local the processing; Certificate server, it is used for authentication request is first authenticated, and behind the authentication success, the authentication information of authentication requester is informed the authenticator.
In above-mentioned Verification System, the authenticator comprises: memory, be used to preserve the authentication information that certificate server is informed, and authentication information comprises the sign of authentication requester; And authentication module, be used for when authentication requester once more when the authenticator initiates authentication request, utilize sign to retrieve authentication information from this locality, authentication requester is authenticated.
In above-mentioned Verification System, authentication information comprises the password of authentication requester and the authentication mode of certificate server and authentication requester employing.
In above-mentioned Verification System, authentication module utilizes authentication mode to the information of authentication request and the password of local authentication requester of being preserved compare checking once more.
In above-mentioned Verification System, authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
In above-mentioned Verification System, certificate server comprises that the long-distance user dials in the authentication service certificate server, and the authenticator comprises a plurality of WAP (wireless access point), and whether authentication request to be used to detect authentication requester online once more.
In above-mentioned Verification System, the 802.1x agreement is adopted in the communication between authentication requester, authenticator and the certificate server, and authentication request is used for the switching of authentication requester between a plurality of authenticators once more.
In an embodiment of the present invention, a kind of authenticate device also is provided, be used for providing access service to authentication requester, if the authentication request that authentication requester is initiated is an authentication request first, the certificate server that then is transmitted to the information of the relevant authentication requester of storage is handled, if authentication request once more, then local the processing.
In above-mentioned authenticate device, comprising: memory, be used to preserve the authentication information that certificate server is informed, authentication information comprises the sign of authentication requester; And authentication module, be used for when authentication requester once more when authenticate device is initiated authentication request, utilize sign to retrieve authentication information from this locality, authentication requester is authenticated.
In above-mentioned authenticate device, authentication information comprises the password of authentication requester and the authentication mode of certificate server and authentication requester employing.
In above-mentioned authenticate device, authentication module utilizes authentication mode to the information of authentication request and the password of local authentication requester of being preserved compare checking once more.
In above-mentioned authenticate device, authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
The above-mentioned embodiment of the invention provides a kind of certificate server burden that alleviates, and carries out authentication method, system and the device of re-authentication fast, also can be implemented in the quick re-authentication that switches when different AP insert among the WLAN by the foregoing description simultaneously.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the application architecture according to the 802.1x agreement;
Fig. 2 is the schematic diagram according to the EAP-MD5 authentication method of prior art;
Fig. 3 shows the re-authentication flow process according to relevant solution two;
Fig. 4 shows the schematic diagram according to the network system of relevant solution three;
Fig. 5 shows the schematic diagram according to the Verification System of the embodiment of the invention;
Fig. 6 shows the flow chart according to the authentication method of the embodiment of the invention;
Fig. 7 shows the signaling process figure of authentication method embodiment illustrated in fig. 6;
The schematic diagram of the Verification System when Fig. 8 shows authenticator according to the embodiment of the invention and is AP; And
Fig. 9 shows the signaling process figure of authentication method embodiment illustrated in fig. 8.
Embodiment
Below with reference to the accompanying drawings and in conjunction with the embodiments, describe the present invention in detail.
Fig. 5 shows the schematic diagram according to the Verification System of the embodiment of the invention, comprising: authentication requester 10 is used to initiate authentication request; The authenticator 20, it is used for providing access service to authentication requester, if the authentication request that authentication requester is initiated is an authentication request first, the certificate server that is transmitted to the information of the relevant authentication requester of storage is handled, if authentication request once more, then local the processing; Certificate server 30, it is used for authentication request is first authenticated, and behind the authentication success, the authentication information of authentication requester is informed the authenticator.
Fig. 6 shows the flow chart according to the authentication method of the embodiment of the invention, may further comprise the steps:
Step S10, authentication requester is initiated authentication request to the authenticator that access service is provided first;
Step S20, the authenticator is transmitted to the certificate server of the information of the relevant authentication requester of storage with the authentication request of initiating first, and authentication information can comprise the authentication mode of the password of authentication requester and certificate server and authentication requester employing;
Step S30, certificate server is informed the authenticator to after authentication request is carried out authentication success first with the authentication information of authentication requester; And
Step S40, when authentication requester once more when the authenticator initiates authentication request, the authenticator utilizes authentication information that authentication requester is carried out local authentication, the authenticator carries out local authentication and can may further comprise the steps: the authentication information that the card person informs certificate server is stored in this locality, and authentication information comprises the sign of authentication requester; When authentication requester once more when the authenticator initiates authentication request, the authenticator utilizes this sign to retrieve authentication information from this locality, and authentication requester is authenticated.
The authenticator utilizes this sign to retrieve authentication information from this locality, and authentication requester is authenticated and can may further comprise the steps: the authenticator utilizes authentication mode to the information of authentication request and the password of local authentication requester of being preserved compare checking once more.
A kind of Verification System also is provided in the embodiment of the invention, has comprised: authentication requester is used to initiate authentication request; The authenticator, it is used for providing access service to authentication requester, if the authentication request that authentication requester is initiated is an authentication request first, the certificate server that is transmitted to the information of the relevant authentication requester of storage is handled, if authentication request once more, then local the processing; Certificate server, it is used for authentication request is first authenticated, and behind the authentication success, the authentication information of authentication requester is informed the authenticator.
In above-mentioned Verification System, the authenticator can comprise: memory, be used to preserve the authentication information that certificate server is informed, and authentication information comprises the sign of authentication requester; And authentication module, be used for when authentication requester once more when the authenticator initiates authentication request, utilize sign to retrieve authentication information from this locality, authentication requester is authenticated.
Authentication information can comprise the password of authentication requester and the authentication mode of certificate server and authentication requester employing.Authentication module utilizes authentication mode to the information of authentication request and the password of local authentication requester of being preserved compare checking once more.
In concrete practice, certificate server can be that the long-distance user dials in the authentication service certificate server, and whether authentication request to be used to detect authentication requester online once more.
In addition, the communication between authenticator and the certificate server can be adopted the 802.1x agreement, and described authenticator comprises a plurality of AP, and authentication request is used for the switching of authentication requester between a plurality of authenticators once more, and Fig. 8 shows this situation.
The authenticator is in order to judge that whether described authentication request is for first, can be when receiving the authentication request of authentication requester, search in self database,, otherwise determine that authentication request is an authentication request first if having then determine that authentication request is not an authentication request first.Perhaps can in the authentication request that authentication requester is initiated, comprise the information of originally on which authenticator, having passed through authentication about authentication requester; And the authenticator is when receiving the authentication request of authentication requester, utilizes information to judge that whether authentication request is authentication request first.
In an embodiment of the present invention, a kind of authenticate device of authenticator's function of the Verification System that is used for realizing the foregoing description also is provided, be used for providing access service to authentication requester, if the authentication request that authentication requester is initiated is an authentication request first, the certificate server that then is transmitted to the information of the relevant authentication requester of storage is handled, if authentication request once more, then local the processing.Because the above realization of having described the authenticator in detail is so repeat no more the realization of this authenticate device here.
Authentication first in the foregoing description is different too big with the authentication first of above-mentioned correlation technique, after the function that need increase is authentication success, certificate server is except the user name of authentication requester, the right parameter of authentication requester etc., committed access rate (Committed Access Rate for example, be called for short CAR) parameter, priority, the Access Control List (ACL) of authentication requester or the like parameter sends to the authenticator, also need to tell the authenticator password of authentication requester, inform the authenticator simultaneously, when authenticating first, adopted which kind of authentication method of EAP between authentication requester and the certificate server.The purpose of doing like this is to realize re-authentication in order not need the participation of certificate server in the re-authentication process.
Fig. 7 shows the signaling process figure of authentication method embodiment illustrated in fig. 6.
As shown in Figure 7, behind authentication success first, certificate server is the user name of this authentication requester, information notification authenticators such as password, in the re-authentication process then, verification process just only occurs between authentication requester and the authenticator, need not the participation of certificate server.
Idiographic flow is as follows:
1. after having set up physical connection between user and the authenticator, user authentication request person begins message to the authenticator EAPOL that to send a destination address be multicast address 01-80-C2-00-00-03, and beginning 802.1x inserts;
2. the authenticator is the EAP request message of authentication requester address to authentication requester transmission destination address, requires authentication requester that user name is reported up;
3. authentication requester is responded the request that an EAP response message is given the authenticator, comprising user name.The authenticator searches the information whether local data base has this user, if having, then adopts certain EAP method of registering in the database that this user is authenticated, and turns step 7, if this user's information not in the local data base is carried out the operation of step 4;
4. the authenticator sends the access request message with the message format of EAP Over RADIUS to the RADIUS authentication server, and the EAP response message that has user name that authentication requester is issued the authenticator is contained in the inside, submits user name to the RADIUS authentication server;
5.RADIUS certificate server produces the challenge word of a 128bit;
6.RADIUS certificate server is responded one of authenticator and inserted challenge word message, EAP challenge word request message is contained in the inside, gives the challenge word of authenticator user's correspondence;
7. the authenticator sends to authentication requester by having the EAP request message of challenging word, gives the user and challenges word;
8. after authentication requester is received and had the EAP request message of challenging word, password is generated the challenge word that has password with challenging after the MD5 algorithm done in word, in the EAP response message, comprise the challenge word that has password and in response, it is sent to the authenticator;
9. authenticator's challenge word that will have a password is delivered to radius user's certificate server by inserting request message, is authenticated by the RADIUS authentication server;
10.RADIUS subscriber authentication server judges according to user profile whether the user is legal, responds authentication success/failure message then to the authenticator.If consultation parameter is carried in success, and user's related service attribute is given subscriber authorisation;
11. the authenticator according to authentication result, gives user response EAP authentication success/failure message, notice authentification of user result.If authentification failure, then flow process leaves it at that.If success can be carried out flow processs such as follow-up mandate, charging;
(can adopt the message format that has defined, for example the EAP message also can be self-defining message 12. the authenticator sends a request message to certificate server; Can be carried on above the radius protocol, also can be self-defining proprietary protocol), carried the user name of this authentication requester, corresponding information and parameter to this authentication requester of certificate server request, certificate server is the corresponding information of this authentication requester, and for example the information such as authentication method of the Access Control List (ACL) of user name, password, committed access rate parameter, priority, authentication requester, employing EAP send to the authenticator.The authenticator is kept at these information in its data storehouse.Certainly the authenticator also can only keep three of user name, password and EAP authentication methods, because other parameter there is no use in the re-authentication process;
(re-authentication can be that authentication requester is initiated 13. the re-authentication timer triggers authentication once more, also can be that the authenticator initiates, here be initiated as example with the authenticator), it is the EAP request message of authentication requester address that the authenticator sends destination address to authentication requester, requires authentication requester that user name is reported up;
14. authentication requester is responded the request that an EAP response message is given the authenticator, comprising user name;
15. the authenticator searches the information whether local data base has this user, finding has this user profile in the local data base, and can obtain this user profile and adopt which kind of EAP authentication method, is example with MD5;
16. the authenticator produces the challenge word of a 128bit;
17. the authenticator sends to authentication requester by having the EAP request message of challenging word, gives the user and challenges word;
18. after authentication requester is received and had the EAP request message of challenging word, password is generated the challenge word that has password with challenging after the MD5 algorithm done in word, in the EAP response message, comprises the challenge word that has password and in response, it is sent to the authenticator;
19. certificate server judges according to user profile whether the user is legal, if legal then execution in step 20, if would not do not conform to rule execution in step 21;
Prepare next re-authentication 20. reset the re-authentication timer, keep the controlled ports connection status to provide service to authentication requester; Can announce this authentication requester still online and legal (can all announce once in each re-authentication success, also can in every re-authentication success back announcement several times once also can not announce after the re-authentication success) to certificate server as required;
21., then disconnect controlled ports and continue to provide service to authentication requester, and this authentication requester of announcement certificate server is not online or illegal, so that carry out the termination that dhcp address reclaims and charges with termination if authentication is unsuccessful.
Above-mentioned process also can be applied to the quick re-authentication that the portable terminal of (another embodiment) among the WLAN switches in different AP access points, as shown in Figure 8.In Fig. 8, authentication requester is a portable terminal, and the authenticator is AP.When the portable terminal when position moves to lower position above Fig. 8, need carry out re-authentication provides service so that allow following AP access point open controlled ports to portable terminal, existing technology is to carry out re-authentication by certificate server or authentication control point (being similar to an equipment of the authentication server proxies of correlation technique solution four), bring too many burden so also might for certificate server and authentication control point, use above-mentioned method when between AP switches, carrying out re-authentication, can alleviate the burden at certificate server and authentication control point significantly and bring the speed that authenticates faster.
Ren Zheng flow process is consistent with above-mentioned flow process first, when the AP below portable terminal switches to, sends EAPOL and begins message startup re-authentication flow process, idiographic flow following (Fig. 9):
1. after having set up physical connection between user and the authenticator, the EAPOL that user authentication request person is multicast address 01-80-C2-00-00-03 to destination address of authenticator AP2 transmission begins message, and beginning 802.1x inserts.With above-mentioned different to be that this EAPOL message need carry this portable terminal original through the address of the authenticator AP1 of authentication, this difference also can be placed in the EAP response message certainly;
2. the authenticator is the EAP request message of authentication requester address to authentication requester transmission destination address, requires authentication requester that user name is reported up;
3. authentication requester is responded the request that an EAP response message is given the authenticator, comprising user name.If EAP begins not comprise in the message address of former authenticator AP1, can in this message, comprise the address of this AP1;
4. authenticator AP2 sends the request message of the user name that has authentication requester to former authenticator AP1;
5. former authenticator AP1 searches local data base, if the user profile of this authentication requester arranged then send this user's information, for example the Access Control List (ACL) of user name, password, committed access rate parameter, priority, authentication requester, adopt the information such as authentication method of EAP to send to authenticator AP2.Authenticator AP2 is kept at these information in its data storehouse.Certainly authenticator AP2 also can only keep three of user name, password and EAP authentication methods, because other parameter there is no use in the re-authentication process.If AP1 searches the information less than this authentication requester, then the return authentication failure message finishes this authentication;
6. authenticator AP2 produces the challenge word of a 128bit;
7. authenticator AP2 sends to authentication requester by having the EAP request message of challenging word, gives the user and challenges word;
8. after authentication requester is received and had the EAP request message of challenging word, password is generated the challenge word that has password with challenging after the MD5 algorithm done in word, in the EAP response message, comprise the challenge word that has password and in response, it is sent to authenticator AP2;
9. the challenge word information sent according to the user of authenticator AP2 judges whether the user is legal, if legal then execution in step 10, if would not do not conform to rule execution in step 11;
10.AP2 send the authentication success message to portable terminal, open controlled ports and provide service to authentication requester, send user profile deletion message simultaneously and delete the message Free up Memory of this authentication requester with notice AP1 to AP1;
11. re-authentication is unsuccessful, send the authentification failure message to portable terminal, do not open controlled ports, simultaneously send this authentication requester authentification failure message to AP1, he may be just under attack whether to carry out re-authentication or prompting authentication requester to this authentication requester by the AP1 decision.
Above listed examples flow chart is all described with this comparatively simple EAP authentication mode of EAP-MD5.The authentication mode of EAP has tens kinds at present, and for a person skilled in the art, the above embodiments obviously can be applied to these authentication modes of EAP.
As can be seen, the above embodiments are the improvement to correlation technique solution two, a kind of certificate server burden that alleviates is provided, has carried out the method for re-authentication fast, also can be implemented in the quick re-authentication that switches when different AP insert among the WLAN by the foregoing description simultaneously.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.Should be understood that the variation in these concrete enforcements is conspicuous for a person skilled in the art, do not break away from spiritual protection range of the present invention.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (21)
1. an authentication method is characterized in that, may further comprise the steps:
Authentication requester is initiated authentication request to the authenticator that access service is provided first;
Described authenticator is transmitted to the described authentication request of initiating first the certificate server of the information of the relevant described authentication requester of storage;
Described certificate server is informed described authenticator with the authentication information of described authentication requester after described authentication request is first carried out authentication success; And
When described authentication requester once more when described authenticator initiates authentication request, described authenticator utilizes described authentication information that described authentication requester is carried out local authentication.
2. authentication method according to claim 1 is characterized in that, described authenticator utilizes described authentication information that described authentication requester is carried out local authentication and may further comprise the steps:
The described authentication information that described authenticator informs described certificate server is stored in this locality, and described authentication information comprises the sign of described authentication requester;
When described authentication requester once more when described authenticator initiates authentication request, described authenticator utilizes described sign to retrieve described authentication information from this locality, and described authentication requester is authenticated.
3. authentication method according to claim 2 is characterized in that, described authentication information comprises the password of described authentication requester and the authentication mode of described certificate server and the employing of described authentication requester.
4. authentication method according to claim 3 is characterized in that, described authenticator utilizes described sign to retrieve described authentication information from this locality, described authentication requester is authenticated may further comprise the steps:
Described authenticator utilizes described authentication mode that the information of described authentication request once more and the password of local described authentication requester of being preserved are compared checking.
5. authentication method according to claim 4 is characterized in that described authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
6. authentication method according to claim 5 is characterized in that, described certificate server comprises that the long-distance user dials in the authentication service certificate server, and whether described authentication request once more is used to detect described authentication requester online.
7. authentication method according to claim 5, it is characterized in that, the 802.1x agreement is adopted in communication between described authenticator and the described certificate server, described authenticator comprises a plurality of WAP (wireless access point), and described authentication request once more is used for the switching of described authentication requester between a plurality of described authenticators.
8. authentication method according to claim 1 is characterized in that, and is further comprising the steps of:
When described authenticator receives the authentication request of described authentication requester, search,, otherwise determine that described authentication request is an authentication request first if having then determine that described authentication request is not an authentication request first in self database.
9. authentication method according to claim 1 is characterized in that, and is further comprising the steps of:
In the authentication request that described authentication requester is initiated, comprise the information of originally on which authenticator, having passed through authentication about described authentication requester; And
When described authenticator receives the authentication request of described authentication requester, utilize described information to judge that whether described authentication request is authentication request first.
10. a Verification System is characterized in that, comprising:
Authentication requester is used to initiate authentication request;
The authenticator, it is used for providing access service to described authentication requester, if the authentication request that described authentication requester is initiated is an authentication request first, the certificate server that then is transmitted to the information of the relevant described authentication requester of storage is handled, if authentication request once more, then local the processing;
Described certificate server, it is used for described authentication request is first authenticated, and behind the authentication success, the authentication information of described authentication requester is informed described authenticator.
11. Verification System according to claim 10 is characterized in that, described authenticator comprises:
Memory is used to preserve the described authentication information that described certificate server is informed, described authentication information comprises the sign of described authentication requester; And
Authentication module, be used for when described authentication requester once more when described authenticator initiates authentication request, utilize described sign to retrieve described authentication information from this locality, described authentication requester is authenticated.
12. Verification System according to claim 11 is characterized in that, described authentication information comprises the password of described authentication requester and the authentication mode of described certificate server and the employing of described authentication requester.
13. Verification System according to claim 12 is characterized in that, described authentication module utilizes described authentication mode that the information of described authentication request once more and the password of local described authentication requester of being preserved are compared checking.
14. Verification System according to claim 13 is characterized in that, described authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
15. Verification System according to claim 14, it is characterized in that, described certificate server comprises that the long-distance user dials in the authentication service certificate server, and described authenticator comprises a plurality of WAP (wireless access point), and whether described authentication request once more is used to detect described authentication requester online.
16. Verification System according to claim 14, it is characterized in that, the 802.1x agreement is adopted in communication between described authentication requester, described authenticator and the described certificate server, and described authentication request once more is used for the switching of described authentication requester between a plurality of described authenticators.
17. authenticate device, it is characterized in that, be used for providing access service to authentication requester, if the authentication request that described authentication requester is initiated is an authentication request first, the certificate server that then is transmitted to the information of the relevant described authentication requester of storage is handled, if authentication request once more, then local the processing.
18. authenticate device according to claim 17 is characterized in that, comprising:
Memory is used to preserve the described authentication information that described certificate server is informed, described authentication information comprises the sign of described authentication requester; And
Authentication module, be used for when described authentication requester once more when described authenticate device is initiated authentication request, utilize described sign to retrieve described authentication information from this locality, described authentication requester is authenticated.
19. authenticate device according to claim 18 is characterized in that, described authentication information comprises the password of described authentication requester and the authentication mode of described certificate server and the employing of described authentication requester.
20. authenticate device according to claim 19 is characterized in that, described authentication module utilizes described authentication mode that the information of described authentication request once more and the password of local described authentication requester of being preserved are compared checking.
21. authenticate device according to claim 20 is characterized in that, described authentication mode comprises the authentication mode of Extensible Authentication Protocol defined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100026904A CN101232372B (en) | 2007-01-26 | 2007-01-26 | Authentication method, authentication system and authentication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100026904A CN101232372B (en) | 2007-01-26 | 2007-01-26 | Authentication method, authentication system and authentication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101232372A true CN101232372A (en) | 2008-07-30 |
| CN101232372B CN101232372B (en) | 2011-02-02 |
Family
ID=39898573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100026904A Active CN101232372B (en) | 2007-01-26 | 2007-01-26 | Authentication method, authentication system and authentication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101232372B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827112A (en) * | 2010-05-25 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for recognizing client software through network authentication server |
| CN101867912A (en) * | 2010-06-07 | 2010-10-20 | 华为终端有限公司 | Authentication method of access network and terminal |
| CN102158464A (en) * | 2010-02-11 | 2011-08-17 | 上海博泰悦臻电子设备制造有限公司 | Vehicle-mounted equipment and system and vehicle-mounted login method |
| CN102299859A (en) * | 2011-09-20 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Mutual information forwarding method and device |
| WO2012075863A1 (en) * | 2010-12-09 | 2012-06-14 | 华为技术有限公司 | Centralized 802.1x authentication method, device and system of wireless local area network |
| CN102625310A (en) * | 2012-03-13 | 2012-08-01 | 中国联合网络通信集团有限公司 | Wireless network access method and authentication method and device |
| CN101764693B (en) * | 2009-12-24 | 2013-01-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| CN103200172A (en) * | 2013-02-19 | 2013-07-10 | 中兴通讯股份有限公司 | Method and system for keep-alive of 802.1X access conversation |
| CN105071939A (en) * | 2015-07-15 | 2015-11-18 | 傅程燕 | User information authentication method and user information authentication system |
| WO2015176500A1 (en) * | 2014-05-21 | 2015-11-26 | 西安中兴新软件有限责任公司 | Single sign-on authentication method, device and system, and computer storage medium |
| CN105306448A (en) * | 2015-09-22 | 2016-02-03 | 深圳前海华视移动互联有限公司 | Method for accessing extranet data, car-mounted multimedia terminal and kernel Netfilter module of car-mounted multimedia terminal |
| CN105592037A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | MAC address authentication method and device |
| CN106936942A (en) * | 2017-03-07 | 2017-07-07 | 迈普通信技术股份有限公司 | A kind of dhcp address recovery system and method |
| CN107046689A (en) * | 2017-05-08 | 2017-08-15 | 北京工业大学 | A kind of BLE wearable device safety certifying methods of lightweight |
| JP2017170782A (en) * | 2016-03-24 | 2017-09-28 | コニカミノルタ株式会社 | Information processor, setting continuation method and program |
| CN108769075A (en) * | 2018-07-06 | 2018-11-06 | 广东微云科技股份有限公司 | A kind of method and system of addressing login service device |
| CN108880788A (en) * | 2017-05-08 | 2018-11-23 | 西门子股份公司 | Authentication method and control system in the control system for technical equipment |
| CN112749182A (en) * | 2019-10-30 | 2021-05-04 | 深圳市傲冠软件股份有限公司 | Method, audit terminal, device and storage medium for agent access to Oracle database |
| CN113472714A (en) * | 2020-03-12 | 2021-10-01 | 华为技术有限公司 | Method and device for authenticating terminal equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040255037A1 (en) * | 2002-11-27 | 2004-12-16 | Corvari Lawrence J. | System and method for authentication and security in a communication system |
| US7275157B2 (en) * | 2003-05-27 | 2007-09-25 | Cisco Technology, Inc. | Facilitating 802.11 roaming by pre-establishing session keys |
| CN1703004B (en) * | 2005-02-28 | 2010-08-25 | 联想(北京)有限公司 | Method for implementing network access authentication |
-
2007
- 2007-01-26 CN CN2007100026904A patent/CN101232372B/en active Active
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764693B (en) * | 2009-12-24 | 2013-01-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| CN102158464A (en) * | 2010-02-11 | 2011-08-17 | 上海博泰悦臻电子设备制造有限公司 | Vehicle-mounted equipment and system and vehicle-mounted login method |
| CN101827112A (en) * | 2010-05-25 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for recognizing client software through network authentication server |
| CN101827112B (en) * | 2010-05-25 | 2016-05-11 | 中兴通讯股份有限公司 | The method and system of recognizing client software through network authentication server |
| CN101867912A (en) * | 2010-06-07 | 2010-10-20 | 华为终端有限公司 | Authentication method of access network and terminal |
| US9071968B2 (en) | 2010-12-09 | 2015-06-30 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for centralized 802.1X authentication in wireless local area network |
| WO2012075863A1 (en) * | 2010-12-09 | 2012-06-14 | 华为技术有限公司 | Centralized 802.1x authentication method, device and system of wireless local area network |
| CN102299859A (en) * | 2011-09-20 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Mutual information forwarding method and device |
| CN102625310B (en) * | 2012-03-13 | 2016-06-15 | 中国联合网络通信集团有限公司 | Wireless network access method, authentication method and device |
| CN102625310A (en) * | 2012-03-13 | 2012-08-01 | 中国联合网络通信集团有限公司 | Wireless network access method and authentication method and device |
| WO2014127630A1 (en) * | 2013-02-19 | 2014-08-28 | 中兴通讯股份有限公司 | 802.1x access session keepalive method, device, and system |
| CN103200172A (en) * | 2013-02-19 | 2013-07-10 | 中兴通讯股份有限公司 | Method and system for keep-alive of 802.1X access conversation |
| RU2639696C2 (en) * | 2013-02-19 | 2017-12-21 | ЗетТиИ Корпорейшн | Method, device and system for maintaining activity of access session on 802,1x standard |
| CN103200172B (en) * | 2013-02-19 | 2018-06-26 | 中兴通讯股份有限公司 | A kind of method and system of 802.1X accesses session keepalive |
| US9918353B2 (en) | 2013-02-19 | 2018-03-13 | Zte Corporation | 802.1X access session keepalive method, device, and system |
| WO2015176500A1 (en) * | 2014-05-21 | 2015-11-26 | 西安中兴新软件有限责任公司 | Single sign-on authentication method, device and system, and computer storage medium |
| CN105592037A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | MAC address authentication method and device |
| CN105592037B (en) * | 2015-07-10 | 2019-03-15 | 新华三技术有限公司 | A kind of MAC address authentication method and apparatus |
| CN105071939A (en) * | 2015-07-15 | 2015-11-18 | 傅程燕 | User information authentication method and user information authentication system |
| CN105071939B (en) * | 2015-07-15 | 2018-12-28 | 傅程燕 | A kind of user information authentication method and system |
| CN105306448A (en) * | 2015-09-22 | 2016-02-03 | 深圳前海华视移动互联有限公司 | Method for accessing extranet data, car-mounted multimedia terminal and kernel Netfilter module of car-mounted multimedia terminal |
| CN107317946A (en) * | 2016-03-24 | 2017-11-03 | 柯尼卡美能达株式会社 | Information processor and setting continuation method |
| JP2017170782A (en) * | 2016-03-24 | 2017-09-28 | コニカミノルタ株式会社 | Information processor, setting continuation method and program |
| US10178277B2 (en) | 2016-03-24 | 2019-01-08 | Konica Minolta, Inc. | Information processing apparatus, setting continuation method and non-transitory computer-readable recording medium encoded with setting continuation program |
| CN106936942A (en) * | 2017-03-07 | 2017-07-07 | 迈普通信技术股份有限公司 | A kind of dhcp address recovery system and method |
| CN108880788A (en) * | 2017-05-08 | 2018-11-23 | 西门子股份公司 | Authentication method and control system in the control system for technical equipment |
| CN107046689A (en) * | 2017-05-08 | 2017-08-15 | 北京工业大学 | A kind of BLE wearable device safety certifying methods of lightweight |
| US11163870B2 (en) | 2017-05-08 | 2021-11-02 | Siemens Aktiengesellschaft | Plant-specific, automated certificate management |
| CN108880788B (en) * | 2017-05-08 | 2021-12-03 | 西门子股份公司 | Authentication method in a control system for a technical installation and control system |
| CN108769075A (en) * | 2018-07-06 | 2018-11-06 | 广东微云科技股份有限公司 | A kind of method and system of addressing login service device |
| CN108769075B (en) * | 2018-07-06 | 2021-05-18 | 广东微云科技股份有限公司 | Method and system for addressing login server |
| CN112749182A (en) * | 2019-10-30 | 2021-05-04 | 深圳市傲冠软件股份有限公司 | Method, audit terminal, device and storage medium for agent access to Oracle database |
| CN112749182B (en) * | 2019-10-30 | 2023-01-31 | 深圳市傲冠软件股份有限公司 | Method for accessing Oracle database by proxy, audit terminal, device and computer readable storage medium |
| CN113472714A (en) * | 2020-03-12 | 2021-10-01 | 华为技术有限公司 | Method and device for authenticating terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101232372B (en) | 2011-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101232372B (en) | Authentication method, authentication system and authentication device | |
| JP3869392B2 (en) | User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method | |
| EP1869822B1 (en) | Method and device for multi-session establishment | |
| CN1319337C (en) | Authentication method based on Ethernet authentication system | |
| US20060070116A1 (en) | Apparatus and method for authenticating user for network access in communication system | |
| CN103222292A (en) | Dynamic account creation with secured hotspot network | |
| EP2384038B1 (en) | Method and system for realizing network locking and unlocking by a terminal device | |
| CN101379795A (en) | address assignment by a DHCP server while client credentials are checked by an authentication server | |
| CN101599967B (en) | Authorization control method and system based on 802.1x authentication system | |
| CN101371491A (en) | Method and arrangement for the creation of a wireless mesh network | |
| US20070165582A1 (en) | System and method for authenticating a wireless computing device | |
| CN101695022B (en) | Management method and device for service quality | |
| CN101986598B (en) | Authentication method, server and system | |
| CN102547701A (en) | Authentication method and wireless access point as well as authentication server | |
| CN103370955A (en) | Seamless WI-FI subscription remediation | |
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| CN104581722A (en) | Network connection method and device based on WPS (Wireless Fidelity Protected Setup) | |
| CN102185840B (en) | A kind of authentication method, equipment and system | |
| CN113194476B (en) | Equipment activation and authentication binding method | |
| CN101640685A (en) | Method and system for delivering private attribute information | |
| CN101697550A (en) | Method and system for controlling access authority of double-protocol-stack network | |
| EP3635988B1 (en) | Improvements in and relating to network communications | |
| CN100591068C (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN101198148B (en) | Information distribution method for mobile terminal | |
| US8811272B2 (en) | Method and network for WLAN session control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |