CN101296081A - Authentication, method, system, access body and device for distributing IP address after authentication - Google Patents
Authentication, method, system, access body and device for distributing IP address after authentication Download PDFInfo
- Publication number
- CN101296081A CN101296081A CNA2007101030199A CN200710103019A CN101296081A CN 101296081 A CN101296081 A CN 101296081A CN A2007101030199 A CNA2007101030199 A CN A2007101030199A CN 200710103019 A CN200710103019 A CN 200710103019A CN 101296081 A CN101296081 A CN 101296081A
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- dhcp
- client
- dhcp client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method, a system, an access entity and device for authentication and distribution of an IP address after the authentication, relating to the computer technology field. The authentication method provided by the embodiment of the invention comprises the following steps of: receiving a DHCP message from a DHCP client of dynamic host configuration protocol; obtaining an authentication message from the DHCP message and the authentication type of the authentication message; authenticating the DHCP client by the authentication message according to the authentication type. The method can distribute the IP address to the DHCP client after the authentication. Since the original DHCP message is adopted for transmitting the authentication message, a new DHCP message type is not needed to be added to bear the authentication message, and an extensible authentication message EAP is supported to be used for realizing the authentication function; and the method has the advantages of good extensibility, less modification to the existing DHCP protocol, having no influence on the existing functions of the DHCP and having easily achievable backward compatibility.
Description
Technical field
The present invention relates to field of computer technology, particularly point out method, system, access entity and the device of card, distributing IP address after authentication.
Background technology
In (IP, Internet Protocol) technical field, after client joins the Internet, need from the Internet, obtain the IP address in the Internet.The mode that client obtains the IP address has multiple, here main the introduction adopted DHCP (DHCP, Dynamic HostConfiguration Protocol) mode, client obtains each process of IP address when below in conjunction with Fig. 1 employing DHCP mode being described.
The discovery stage: promptly dhcp client (Client) is sought the stage of Dynamic Host Configuration Protocol server (Server);
101: send DHCP and find message (DISCOVER);
In the time of the dhcp client logging in network first time, its can be to DHCPDISCOVER message of Web broadcast.
Stage is provided, and promptly Dynamic Host Configuration Protocol server provides the stage of IP address;
102: reply DHCP message (OFFER) is provided;
Each has the Dynamic Host Configuration Protocol server of idle IP address all to send the received DHCPDISCOVER message of DHCPOFFER message response.The configuration parameter that in the DHCPOFFER message that sends, comprises configuration address (yiaddr, Your IP Address) field and other DHCP option (options).Wherein, comprise the IP address that to distribute to dhcp client in the yiaddr field.
Choice phase, promptly dhcp client is selected the stage of the IP address that certain Dynamic Host Configuration Protocol server provides;
103: send DHCP request message (Request);
If dhcp client is received many DHCPOffer that Dynamic Host Configuration Protocol server is responded in the network; usually can select the DHCPOFFER that receives at first; and in network broadcasting DHCPRequest message, tell all Dynamic Host Configuration Protocol server it will specify the affiliated Dynamic Host Configuration Protocol server of the DHCPOFFER that picked out for the IP address is provided self.
The stage of recognition, i.e. the stage of the IP address that Dynamic Host Configuration Protocol server affirmation is provided;
104: reply DHCP confirmation message (ACK);
After the Dynamic Host Configuration Protocol server under the DHCPOFFER that is picked out receives the DHCP Request of dhcp client, can send a DHCPACK to dhcp client, to confirm the formally effective of IP lease.Configuration parameter in the DHCP ACK message can not have conflict with the configuration parameter in the message among the DHCPOFFER in 102.In carrying out 104 process, if the required address of dhcp client such as has been assigned with at situation, Dynamic Host Configuration Protocol server is then responded a DHCP (NAK) unconfirmed message.
After dhcp client is received the DHCPACK message, also can send an address resolution protocol (ARP, Address Resolution Protocol) message, whether have miscellaneous equipment using this IP address above the requester network to network; If find that this IP is occupied, dhcp client can be sent DHCP refusal (Decline) message and give Dynamic Host Configuration Protocol server, and refusal is accepted its DHCP Offer, and resends DHCPDISCOVER information.
After dhcp client is chosen Dynamic Host Configuration Protocol server, other unchecked Dynamic Host Configuration Protocol server all will be provided by the IP address that once provided.
Dhcp client is in the process that obtains the IP address, and network all can authenticate reallocation IP address, back to dhcp client for the consideration of aspects such as safety or charging.Below in conjunction with Fig. 2 employing challenge-handshake authentication protocol (CHAP is described, Challenge-HandshakeAuthentication protocol) authentication method authenticates with its scheme that obtains the IP address dhcp client and describes, referring to Fig. 2, existing DHCP is increased by 4 kinds of type of messages, DHCP authentication challenge word (DHCPAUTH-Challenge), DHCP authentication response (DHCPAUTH-Response), DHCP authentication success (DHCPAUTH-Success), DHCP authentification failure (DHCPAUTH-Failure).
201: send the DHCPDISCOVER message;
Dhcp client is to Dynamic Host Configuration Protocol server or authenticated/authorized/Accounting Client (AAAClient, Authentication Authorization Accounting) sends the DHCPDISCOVER message, wherein, in the DHCPDISCOVER message, carry (W/DHCP-auth-protochap) option, be illustrated in and carry the chap data in the message.Here the Dynamic Host Configuration Protocol server of indication or AAA client in the middle of network, are entities in fact, and when this entity and dhcp client carried out information interaction, can be described as was the pairing Dynamic Host Configuration Protocol server of dhcp client; When this entity and aaa server carried out information interaction, can be described as was the pairing AAA client of aaa server.
202: reply the DHCPAUTH-Challenge message;
Dynamic Host Configuration Protocol server or AAA client are replied the DHCPAUTH-Challenge message, comprise the challenge word in message, and the challenge word is a numerical variable that produces at random.
203: send the DHCPAUTH-Response message;
Dhcp client sends the DHCPAUTH-Response message to Dynamic Host Configuration Protocol server or AAA client, puts in the DHCPAUTH-Response message with the answer that the challenge word encrypting user password that receives produces.
204: send and insert request (RADIUS Access-Request) message;
Dynamic Host Configuration Protocol server or AAA client send to authentication in the dial-in user service remote authentication server (RADIUSSever) with the message that receives by the RADIUSAccess-Request message.
205: reply and insert approval (RADIUS Access-Accept) message;
After radius server authenticates, reply RADIUS Access-Accept message and show authentication result;
206: reply the DHCPAUTH-Success/Failure message;
Dynamic Host Configuration Protocol server or AAA client reply to dhcp client with authentication result by the DHCPAUTH-Success/Failure message;
207: reply the DHCPOFFER message;
After authentication was passed through, Dynamic Host Configuration Protocol server or AAA client sent the DHCPOFFER message to dhcp client, and added the IP address in message;
208: send DHCP Request message;
Dhcp client sends DHCP Request message to Dynamic Host Configuration Protocol server or AAA client;
209: reply the DHCPACK message;
Dynamic Host Configuration Protocol server or AAA client are replied the DHCPACK message to dhcp client, confirm that the lease of IP address comes into force.
Above-mentioned adopt CHAP to authenticate to dhcp client after, dhcp client obtains the scheme of IP address, obtain the IP address though can realize authenticating the back, this scheme increases new type of message and comes devolved authentication information on original DHCP agreement, changes bigger to existing DHCP agreement.For the existing client of not supporting new DHCP type of message, be difficult to ensure compatible.
Summary of the invention
Embodiments of the invention provide a kind of method of authentication, comprising:
Receive DHCP message from dynamic-configuration host protocol dhcp client, obtain the auth type under authentication message, the described authentication message in the described DHCP message, by described authentication message described dhcp client is authenticated according to described auth type.
Embodiments of the invention provide a kind of method of distributing IP address after authentication, comprising:
Receive DHCP message from dynamic-configuration host protocol dhcp client, obtain the auth type under authentication message, the described authentication message in the described DHCP message, by described authentication message described dhcp client is authenticated according to described auth type;
After described authentication is passed through, to described dhcp client distributing IP address.
Embodiments of the invention provide a kind of system of authentication, comprising:
Insert entity, be used to receive DHCP message from dhcp client after, obtain the auth type under authentication message, the described authentication message in the described DHCP message, according to described auth type described authentication message is sent;
Aaa server is used to utilize the described authentication message of acquisition that described dhcp client is authenticated.
Embodiments of the invention provide a kind of access entity, comprising:
Receiving element is used to receive the DHCP message from dhcp client;
Acquiring unit is used for obtaining the auth type under authentication message, the described authentication message in described DHCP message;
Transmitting element is used for according to described auth type described authentication message being sent.
Embodiments of the invention provide a kind of device that sends authentication information, comprising:
Record cell is used for the auth type under authentication message, the described authentication message is recorded in the DHCP message;
Transmitting element is used to send described DHCP message.
Method, system, access entity and the device of the authentication that provides by the embodiment of the invention, authentication back distributing IP are provided with auth type on original DHCP message, make original DHCP message transmit different authentication informations, change less to the DHCP message.The authentication method, system and the access entity that adopt the embodiment of the invention to provide authenticate dhcp client, because not needing to add new DHCP type of message just can realize sending authentication information and verification process, therefore, can not use to impact, help compatibility existing dhcp client to existing DHCP.
Description of drawings
Fig. 1 is the schematic diagram that client obtains the IP address when adopting DHCP;
Fig. 2 is the schematic diagram that dhcp client obtains the address of IP after by chap authentication;
Fig. 3 is the flow chart of the embodiment of the invention one;
Fig. 4 is the structure chart of the DHCP authentication option in the embodiment of the invention one;
Fig. 5 is the flow chart of the embodiment of the invention two;
Fig. 6 is the structure drawing of device of the embodiment of the invention three;
Fig. 7 is the system construction drawing of the embodiment of the invention four.
Embodiment
Elaborate each embodiment of the present invention below in conjunction with accompanying drawing.At first embodiments of the invention one are described in conjunction with Fig. 3.Embodiment one is that dhcp client is by authenticating the login process that the back obtains the IP address.Authentication mode among the embodiment one adopts Extensible Authentication Protocol (EAP, Extensible Authentication Protocol) scheme to realize verification process.Certainly, also can adopt other authentication mode to realize verification process,, not influence implementation procedure as authentication modes such as CHAP.The following describes each step of this embodiment, referring to Fig. 3,
301: send the DHCPDISCOVER message;
Dynamic Host Configuration Protocol server or the AAA client of dhcp client in network sends the DHCPDISCOVER message, and adds the option (option) that name is called DHCP authentication (DHCP-auth) in message, is used to carry the message that authenticates.
Wherein, the structure of DHCP authentication option comprises the code DHCP-auth that represents this authentication option referring to Fig. 4, the length (Length) of entrained data (Data), auth type (Auth-type).With the different auth type of different coded representation, every kind of auth type represents entrained data are the authentication messages that belong to which class authentication, as represent it is the EAP authentication with code 1, represent it is chap authentication with code 2.In Data, can comprise a plurality of sub-options (Suboption), as Suboptionl, Suboption2 etc., available different sub-option carries different messages or parameter.Sub-option code among each Suboption is represented message or the parameter type that this sub-option is entrained, as the entrained parameter of sub-option code 1 (Suboption 1code) expression with Suboptionl is EAP load, its Length subsequently represents the length of back face option data 1 (Suboptin 1data), and Suboptin 1 data of back is entrained EAP load data.Among the Data that at every turn carries, comprise a Suboption at least, be used to carry authentication message.
For showing that at the DHCPDISCOVER message that is sent requirement authenticates, the authentication sign can be set in message, in the present embodiment, authentication sign is set is in the reservation bit field (Flags) in message an authentication (Authentication) bit is set, be called the A bit.Represent when being set to " 1 " that requirement authenticates with the A bit.In the present embodiment, go bail for and stay second of bit field (Flags).
302: send the Access-Request message;
After Dynamic Host Configuration Protocol server or AAA client are received message from dhcp client, the capital judges whether the A bit is set in the message earlier, if be provided with the A bit, then show and to authenticate, judging auth type by Auth-type again is after EAP authenticates, send corresponding request (Access-Request) message that inserts to aaa server, this message can be supported the message of the aaa protocol of EAP authentication for Radius agreement or Diameter or other, and adds the signal (EAP-Message/Start) that starts EAP in message.
303: reply the EAP-Request/Identity message;
After aaa server is received the Access-Request message, reply EAP request (EAP-Request/Identity) message, expression requires dhcp client that himself sign is provided.
304: reply the DHCPOFFER message;
After Dynamic Host Configuration Protocol server or AAA client are received the EAP-Request/Identity message, this message content is put among the option DHCP-auth of DHCPOFFER message, replied to dhcp client.
305: send the DHCPDISCOVER message;
After dhcp client is received message, learning from the option DHCP-auth of DHCPOFFER message needs to reply self identification, self identification is filled in the EAP response message (EAP-Response/Identity), again this message content is put among the option DHCP-auth of DHCPDISCOVER message, sent the DHCPDISCOVER message to Dynamic Host Configuration Protocol server or AAA client at last.
306: send the EAP-Response/Identity message;
After Dynamic Host Configuration Protocol server or AAA client are received message, from message, propose the EAP-Response/Identity message, send to aaa server.
307: send the EAP-Request/#2 message;
Aaa server issues another EAP-request message (EAP-Request/#2) and gives Dynamic Host Configuration Protocol server or AAA client.
308: send the DHCPOFFER message;
After Dynamic Host Configuration Protocol server or AAA client are received the EAP-Request/#2 message, this message content is put among the option DHCP-auth of DHCPOFFER message, sent to dhcp client.
309: reply the DHCPDISCOVER message;
Dhcp client obtains the EAP-Request/#2 message from the option DHCP-auth of DHCPOFFER message after, corresponding EAP response message (EAP-Response/#2) content is put among the option DHCP-auth of DHCPDISCOVER message, replied the DHCPDISCOVER message to Dynamic Host Configuration Protocol server or AAA client at last.
310: reply the EAP-Response/#2 message;
After Dynamic Host Configuration Protocol server or AAA client are received message, from message, propose the EAP-Response/#2 message, send to aaa server.
In above-mentioned 303 to 306 the step, be the process that aaa server obtains the dhcp client sign.Certainly, generally speaking, in the EAP verification process, aaa server is the sign that will obtain dhcp client, but is not necessary.
In 307 to 310 step, it is the process of transmitting EAP message once more between aaa server and the dhcp client, the degree of transitivity of EAP authentication message is relevant with EAP authentication mode type, may transmit repeatedly, thereby it is right exist to transmit the DHCPOFFER/DHCPDISCOVER message that repeatedly carries the EAP-Request/Response message between dhcp client and Dynamic Host Configuration Protocol server or AAA client; Between Dynamic Host Configuration Protocol server or AAA client and aaa server, exist the message that transmits repeatedly EAP-Request/EAP-Response right, pass through, but these messages are to occurring once to I haven't seen you for ages up to authentication.
311: reply the EAP-Success message;
Aaa server is represented authentication success to Dynamic Host Configuration Protocol server or AAA client answer EAP-Success message after authentication is passed through to dhcp client; Otherwise send EAP-Failure and represent authentification failure.
312: reply the DHCPOFFER message;
After Dynamic Host Configuration Protocol server or AAA client are received the EAP-Success message, this message content is put among the option DHCP-auth of DHCPOFFER message, and insert the IP address that Dynamic Host Configuration Protocol server is distributed to dhcp client in the yiaddr field in the DHCPOFFER message, send the DHCPOFFER message to dhcp client.
313: send the DHCPREQUEST message;
After dhcp client is received message, read the IP address among the yiaddr, send the DHCPREQUEST message to Dynamic Host Configuration Protocol server or AAA client.
314: reply the DHCPACK message;
After Dynamic Host Configuration Protocol server or AAA client are received message, send a DHCPACK message, to confirm the formally effective of IP address lease to dhcp client.
So far, dhcp client access network success.Be not limited to embodiment one for the DHCPDCICOVER/DHCPOFFER message increases the DHCP-auth option that authentication sign, auth type and increase be used for devolved authentication information in the foregoing description one, can in each embodiment of the present invention, be applied.
Owing to carry auth type in the DHCP message that is sent, therefore, interpolation is carried the DHCP authentication option and is not limited to the EAP certificate scheme in the DHCP message, also can be used for chap authentication or PAP (PAP, Password authentication protocol) authentication waits other certificate scheme, utilizes the DHCP authentication option to carry authentication message by the transmission of DHCP message in verification process.
Below by embodiments of the invention two, the verification process when authentication mode adopts chap authentication is described.Referring to Fig. 5,
501: send the DHCPDISCOVER message;
Dhcp client sends the DHCPDISCOVER message to Dynamic Host Configuration Protocol server or AAA client, is chap authentication with corresponding coded representation auth type in the DHCP authentication option, and authentication is set in message identifies to show that requirement authenticates.
502: reply the DHCPOFFER message;
Dynamic Host Configuration Protocol server or AAA client are received message, judge this message by authentication sign and carry authentication message, and to judge this authentication by auth type be chap authentication.Therefore, the authentication sign is set in the DHCPOFFER message of replying, and will challenges word and put in the DHCP-auth option and be sent to dhcp client by the DHCPOFFER message.
503: send the DHCPDISCOVER message;
After dhcp client is received message, obtain the challenge word, produce with challenge word encrypting user password and to answer (Response) and put in the DHCP-auth option in the DHCPDISCOVER message, send to Dynamic Host Configuration Protocol server or AAA client after the DHCPDISCOVER message is provided with authentication sign and auth type.
504: send the Access-Request message;
After Dynamic Host Configuration Protocol server or AAA client were received message, the Response content from the DHCP-auth option sent to aaa server by the Access-Request message.
505: reply the Access-Accept message;
Aaa server obtains Response from receive message, and restores user cipher by Response, after the affirmation user cipher is correct, replys the Access-Accept message to Dynamic Host Configuration Protocol server or AAA client.
506: reply the DHCPOFFER message;
After Dynamic Host Configuration Protocol server or AAA client are received the message of Access-Accept, send the DHCPOFFER message, and in yiaddr field, add the IP address to dhcp client.
507: send the DHCPREQUEST message;
After dhcp client is received message, read the IP address in the yiaddr field, send the DHCPREQUEST message to Dynamic Host Configuration Protocol server or AAA client.
508: reply the DHCPACK message;
After Dynamic Host Configuration Protocol server or AAA client are received message, send a DHCPACK message, to confirm the formally effective of IP address lease to dhcp client.
So far, dhcp client access network success.
For each embodiment of the present invention, in the process of dhcp client by authentication and acquisition IP address, after Dynamic Host Configuration Protocol server or AAA client are received the DHCPDISCOVER message, if the authentication sign is not set in the discovery message, then can sends the message that the authentication sign is arranged and send the message that contains authentication information to require dhcp client to dhcp client.
For example, in the step 302 of embodiment one, Dynamic Host Configuration Protocol server or AAA client are received in the DHCPDISCOVER message, if the A bit is not set in the inspection outgoing packet, Dynamic Host Configuration Protocol server or AAA client can send the DHCPOFFER message that is provided with the A bit to dhcp client, if dhcp client is supported authentication function, can send the DHCPDISCOVER message that is provided with the A bit and carries the DCHP-auth option to Dynamic Host Configuration Protocol server or AAA client, after Dynamic Host Configuration Protocol server or AAA client are received this message, can carry out follow-up authenticating step.If dhcp client is not supported authentication function, then can send the DHCPREQUEST message to Dynamic Host Configuration Protocol server or AAA client, after Dynamic Host Configuration Protocol server or AAA client are received, find that dhcp client does not just send the DHCPREQUEST message through authentication, then can send DHCP refusal message (NAK) and refuse this request to dhcp client.Whether support that for embodiment two checking dhcp clients the process that authenticates is identical.
In the implementation procedure of the foregoing description one, embodiment two, Dynamic Host Configuration Protocol server or AAA client realize also can placing and adopt in the network access server (NAS, Network Access Server), do not influence the realization of verification process.
What the foregoing description was described is by DHCPDISCOVER/DHCPOFFER message devolved authentication information in the DHCP message and the process that authenticates, and provides device, system that reaches authentication that realizes devolved authentication information and each embodiment that inserts entity below.
The device embodiment three that the present invention sends authentication information is at first described, referring to Fig. 6,
In embodiment three, the device that sends authentication information comprises:
Transmitting element 603 is used to send described DHCP message.
Wherein, described device also comprises:
Described record cell 602 is used for described authentication message is recorded in the sub-option of described DHCP authentication option.
Described device also comprises:
Template(-let) 604 is used for the process in record cell 602 executable operations, and the length of authentication message type and described authentication message is provided to record cell 602;
Described record cell 602 is used for the length records of described authentication message, described authentication message type and described authentication message at same sub-option.
Device among the above-described embodiment three is used to send authentication information, can be used for realizing verification process in the network entity such as dhcp client in the network.System for realizing authentication describes by embodiments of the invention four, referring to Fig. 7,
Embodiments of the invention four provide a kind of system of authentication, comprising:
Wherein, described aaa server 703 is used to utilize described authentication message that dhcp client is carried out EAP authentication, chap authentication or pap authentication.
Wherein, described aaa server 703 comprises authentication ' unit 704, is used to utilize described authentication message that described dhcp client 701 is authenticated;
Wherein, described access entity 702 comprises:
Receiving element 706 is used to receive the DHCP message from dhcp client 701;
Acquiring unit 708 is used for obtaining the auth type under authentication message, the described authentication message in described DHCP message;
Transmitting element 709 is used for according to described auth type described authentication message being sent.
Also include the authentication sign in the described DHCP message;
Described access entity 702 also comprises: judging unit 707, authentication unit 711,
Described judging unit 707 is used for judging in the described DHCP message of described receiving element 706 whether have described authentication sign,
If exist, trigger described acquiring unit 708 executable operations; If there is no described authentication sign is notified described authentication unit 711;
Described authentication unit 711 is used to verify whether described dhcp client 701 supports authentication, if support, then notifies receiving element 706.
Inserting entity 702 also comprises:
Above-mentioned each embodiment of the present invention, adding the authentication sign is not necessary step, also more existing DHCP messages can be fixed as the message that is used to carry authentication message, auth type between dhcp client and Dynamic Host Configuration Protocol server or the AAA client, the message that conduct is used to authenticate as messages such as DHCPDISCOVER, DHCPOFFER, and do not add the authentication sign, also can realize the process that authenticates.If but after adding the authentication sign on original DHCP message, can show that this DHCP message is used for devolved authentication message, the realization of the verification process of being more convenient for.
Can realize the dhcp client distributing IP address after authentication by the method that sends authentication message among the embodiment, owing to be to adopt original DHCP message to send authentication message.Therefore, do not need to add new DHCP type of message carrying authentication message, but support to use extended authentication message EAP to realize authentication function to network, ductility is good, change to existing DHCP agreement is little, do not influence the DHCP prior function, and back compatible realizes easily.
For method, system, access entity and the device of being set forth among each embodiment of the present invention, within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1, a kind of authentication method is characterized in that, comprising:
Receive DHCP message from dynamic-configuration host protocol dhcp client, obtain the auth type under authentication message, the described authentication message in the described DHCP message, by described authentication message described dhcp client is authenticated according to described auth type.
2, method according to claim 1 is characterized in that, obtains authentication message in the described DHCP message to be:
In the DHCP authentication option of described DHCP message, obtain authentication message.
3, method according to claim 1 is characterized in that,
Also include the authentication sign in the described DHCP message;
Further comprise before described the obtaining:
Judge whether there is described authentication sign in the described DHCP message that receives,, then carry out subsequent operation if exist;
If there is no described authentication sign verifies that whether described dhcp client supports authentication, if support, then carries out subsequent operation.
4, method according to claim 3 is characterized in that,
Described authentication is designated and keeps the authentication bit that is provided with among the bit field Flags in the described DHCP message.
5, method according to claim 3 is characterized in that, verifies whether described dhcp client supports authentication to comprise:
Send the DHCP message that is provided with the authentication sign to described dhcp client;
After receiving the DHCP message of described dhcp client answer, judge whether be provided with the authentication sign in the DHCP message of being received,, think that then described dhcp client support authenticates if having.
6, method according to claim 2 is characterized in that, the described authentication message of obtaining is to obtain from the sub-option of described DHCP authentication option;
Described DHCP authentication option comprises more than one sub-option at least;
Also include the type of described sub-option and the length of this sub-option in the described sub-option.
7, method according to claim 1 is characterized in that, described dhcp client is authenticated be:
Described dhcp client is carried out Extensible Authentication Protocol EAP authentication, challenge handshake authentication protocol chap authentication or PAP pap authentication.
8, a kind of method of distributing IP address after authentication is characterized in that, comprising:
Receive DHCP message from dynamic-configuration host protocol dhcp client, obtain the auth type under authentication message, the described authentication message in the described DHCP message, by described authentication message described dhcp client is authenticated according to described auth type;
After described authentication is passed through, to described dhcp client distributing IP address.
9, a kind of system of authentication is characterized in that, comprising:
Insert entity, be used to receive DHCP message from dhcp client after, obtain the auth type under authentication message, the described authentication message in the described DHCP message, according to described auth type described authentication message is sent;
Aaa server is used to utilize the described authentication message of acquisition that described dhcp client is authenticated.
10, system according to claim 9 is characterized in that, described access entity comprises:
Receiving element is used to receive the DHCP message from dhcp client;
Acquiring unit is used for obtaining the auth type under authentication message, the described authentication message in described DHCP message;
Transmitting element is used for according to described auth type described authentication message being sent to aaa server.
11, system according to claim 9 is characterized in that,
Also include the authentication sign in the described DHCP message;
Described access entity also comprises: judging unit, and authentication unit,
Described judging unit is used for judging in the described DHCP message of described receiving element whether have described authentication sign,
If exist, trigger described acquiring unit executable operations; If there is no described authentication sign is notified described authentication unit;
Described authentication unit is used to verify whether described dhcp client supports authentication, if support, then notifies receiving element.
12, system according to claim 9 is characterized in that,
Described aaa server is used to utilize described authentication message that dhcp client is carried out EAP authentication, chap authentication or pap authentication.
13, system according to claim 9 is characterized in that,
Described aaa server comprises authentication ' unit, is used to utilize described authentication message that dhcp client is authenticated.
14, system according to claim 13 is characterized in that, described aaa server also comprises:
Notification unit, be used for described authentication ' unit described dhcp client is authenticated pass through after, notify described access entity.
15, system according to claim 11 is characterized in that, described access entity also comprises:
Allocation units are used to receive by after the notice that authenticates, and the distributing IP address is sent to described dhcp client with described IP address by described transmitting element.
16, a kind of access entity is characterized in that, comprising:
Receiving element is used to receive the DHCP message from dhcp client;
Acquiring unit is used for obtaining the auth type under authentication message, the described authentication message in described DHCP message;
Transmitting element is used for according to described auth type described authentication message being sent.
17, access entity according to claim 16 is characterized in that, described access entity is Dynamic Host Configuration Protocol server or AAA client.
18, a kind of device that sends authentication information is characterized in that, comprising:
Record cell is used for the auth type under authentication message, the described authentication message is recorded in the DHCP message;
Transmitting element is used to send described DHCP message.
19, device according to claim 18 is characterized in that, described device also comprises:
The unit is set, was used for before described transmitting element sends described DHCP message, the authentication sign is set in described DHCP message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101030199A CN101296081A (en) | 2007-04-29 | 2007-04-29 | Authentication, method, system, access body and device for distributing IP address after authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101030199A CN101296081A (en) | 2007-04-29 | 2007-04-29 | Authentication, method, system, access body and device for distributing IP address after authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101296081A true CN101296081A (en) | 2008-10-29 |
Family
ID=40066117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007101030199A Pending CN101296081A (en) | 2007-04-29 | 2007-04-29 | Authentication, method, system, access body and device for distributing IP address after authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101296081A (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101902507A (en) * | 2010-08-02 | 2010-12-01 | 华为技术有限公司 | Method, device and system for distributing addresses |
CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
CN101599967B (en) * | 2009-06-29 | 2012-08-15 | 杭州华三通信技术有限公司 | Authorization control method and system based on 802.1x authentication system |
CN103024099A (en) * | 2012-12-28 | 2013-04-03 | 太仓市同维电子有限公司 | DHCP (dynamic host configuration protocol)-option-message-based automatic configuration method for network access device |
CN103179127A (en) * | 2013-03-28 | 2013-06-26 | 华为技术有限公司 | Method, apparatus and system for handling message |
CN102006581B (en) * | 2009-09-03 | 2013-09-11 | 中兴通讯股份有限公司 | Method and device for forcibly renewing internet protocol (IP) address |
US8837741B2 (en) | 2011-09-12 | 2014-09-16 | Qualcomm Incorporated | Systems and methods for encoding exchanges with a set of shared ephemeral key data |
US9143937B2 (en) | 2011-09-12 | 2015-09-22 | Qualcomm Incorporated | Wireless communication using concurrent re-authentication and connection setup |
US9226144B2 (en) | 2011-09-12 | 2015-12-29 | Qualcomm Incorporated | Systems and methods of performing link setup and authentication |
CN105991597A (en) * | 2015-02-15 | 2016-10-05 | 中兴通讯股份有限公司 | Authentication processing method and device |
CN107172103A (en) * | 2017-07-14 | 2017-09-15 | 迈普通信技术股份有限公司 | A kind of ARP authentication methods, apparatus and system |
CN107454042A (en) * | 2016-05-31 | 2017-12-08 | 中兴通讯股份有限公司 | Message sending, receiving method and device |
CN111064699A (en) * | 2019-10-25 | 2020-04-24 | 苏州浪潮智能科技有限公司 | Client management method, device and storage medium |
CN112242995A (en) * | 2020-09-10 | 2021-01-19 | 西安电子科技大学 | One-way safety authentication method and system in digital content protection system |
CN112788028A (en) * | 2021-01-10 | 2021-05-11 | 何顺民 | Method and system for acquiring network parameters |
-
2007
- 2007-04-29 CN CNA2007101030199A patent/CN101296081A/en active Pending
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599967B (en) * | 2009-06-29 | 2012-08-15 | 杭州华三通信技术有限公司 | Authorization control method and system based on 802.1x authentication system |
CN102006581B (en) * | 2009-09-03 | 2013-09-11 | 中兴通讯股份有限公司 | Method and device for forcibly renewing internet protocol (IP) address |
CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
CN101902507B (en) * | 2010-08-02 | 2013-01-23 | 华为技术有限公司 | Method, device and system for distributing addresses |
CN101902507A (en) * | 2010-08-02 | 2010-12-01 | 华为技术有限公司 | Method, device and system for distributing addresses |
US9426648B2 (en) | 2011-09-12 | 2016-08-23 | Qualcomm Incorporated | Systems and methods of performing link setup and authentication |
US9439067B2 (en) | 2011-09-12 | 2016-09-06 | George Cherian | Systems and methods of performing link setup and authentication |
US8837741B2 (en) | 2011-09-12 | 2014-09-16 | Qualcomm Incorporated | Systems and methods for encoding exchanges with a set of shared ephemeral key data |
US9143937B2 (en) | 2011-09-12 | 2015-09-22 | Qualcomm Incorporated | Wireless communication using concurrent re-authentication and connection setup |
US9226144B2 (en) | 2011-09-12 | 2015-12-29 | Qualcomm Incorporated | Systems and methods of performing link setup and authentication |
CN103024099A (en) * | 2012-12-28 | 2013-04-03 | 太仓市同维电子有限公司 | DHCP (dynamic host configuration protocol)-option-message-based automatic configuration method for network access device |
CN103179127B (en) * | 2013-03-28 | 2016-03-02 | 华为技术有限公司 | A kind of method of processing messages, Apparatus and system |
CN103179127A (en) * | 2013-03-28 | 2013-06-26 | 华为技术有限公司 | Method, apparatus and system for handling message |
CN105991597A (en) * | 2015-02-15 | 2016-10-05 | 中兴通讯股份有限公司 | Authentication processing method and device |
CN107454042A (en) * | 2016-05-31 | 2017-12-08 | 中兴通讯股份有限公司 | Message sending, receiving method and device |
CN107172103A (en) * | 2017-07-14 | 2017-09-15 | 迈普通信技术股份有限公司 | A kind of ARP authentication methods, apparatus and system |
CN107172103B (en) * | 2017-07-14 | 2019-09-17 | 迈普通信技术股份有限公司 | A kind of ARP authentication method, apparatus and system |
CN111064699A (en) * | 2019-10-25 | 2020-04-24 | 苏州浪潮智能科技有限公司 | Client management method, device and storage medium |
CN112242995A (en) * | 2020-09-10 | 2021-01-19 | 西安电子科技大学 | One-way safety authentication method and system in digital content protection system |
CN112242995B (en) * | 2020-09-10 | 2021-12-21 | 西安电子科技大学 | One-way safety authentication method and system in digital content protection system |
CN112788028A (en) * | 2021-01-10 | 2021-05-11 | 何顺民 | Method and system for acquiring network parameters |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101296081A (en) | Authentication, method, system, access body and device for distributing IP address after authentication | |
CN101032142B (en) | Means and methods for signal sign-on access to service network through access network | |
US8627410B2 (en) | Dynamic radius | |
CN101127600B (en) | A method for user access authentication | |
TWI536854B (en) | User-based authentication for realtime communications | |
CN1628449B (en) | Method, system and device for transferring accounting information | |
EP2106089A1 (en) | A method and system for authenticating users | |
CN103067337B (en) | Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system | |
CN102271134B (en) | Method and system for configuring network configuration information, client and authentication server | |
CN101141253A (en) | Implementing authentication method and system | |
CN105592180B (en) | A kind of method and apparatus of Portal certification | |
CN101656712B (en) | Method for recovering IP session, network system and network edge device | |
CN105656901A (en) | Method and apparatus of communicating authorization to dual-stack operation | |
CN101083528A (en) | Dynamic host configuring protocol based security access method and system | |
US20100107231A1 (en) | Failure indication | |
CN102238159A (en) | Access control method, equipment and system based on point-to-point protocol (PPP) | |
CN101350809A (en) | Method and system for implementing authentication | |
EP2663049B1 (en) | Authentication method based on dhcp, dhcp server and client | |
CN102075567B (en) | Authentication method, client, server, feedthrough server and authentication system | |
KR100744536B1 (en) | Method for DHCP message authentication | |
CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server | |
CN106330894B (en) | SAVI proxy authentication system and method based on link-local address | |
CN101902507B (en) | Method, device and system for distributing addresses | |
US8589519B2 (en) | Method and device for uniform resource identifier handling of user device | |
KR100459935B1 (en) | A Method For User authentication in Public Wireless Lan Service Network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20081029 |