CN101557290A - Port positioning real-time authentication method - Google Patents
Port positioning real-time authentication method Download PDFInfo
- Publication number
- CN101557290A CN101557290A CNA2009101069982A CN200910106998A CN101557290A CN 101557290 A CN101557290 A CN 101557290A CN A2009101069982 A CNA2009101069982 A CN A2009101069982A CN 200910106998 A CN200910106998 A CN 200910106998A CN 101557290 A CN101557290 A CN 101557290A
- Authority
- CN
- China
- Prior art keywords
- address
- side apparatus
- local side
- user
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a port positioning real-time authentication method which comprises the following steps: after receiving an IP address request message sent by a user, local terminal equipment adds local terminal equipment information to the IP address request message and transmits the IP address request message to an authentication server; and after judging that the IP address request message is valid, the authentication server returns the IP address request message to the user. The port positioning real-time authentication method can effectively prevent an IP address from being stolen.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method of port positioning real-time authentication.
Background technology
At present, along with based on the popularizing of IP (Internet Protocol, Internet protocol) technology and networking, business of networking has become the part of people's life.Along with the general application of a lot of mini PC, operator need provide convenient to the user, more fast network.The development trend of broadband services is to provide a kind of convenient network to the client, and the network around utilizing is whenever and wherever possible surfed the Net, sends out E_MAIL (Email), accompanied the family and friends to chat.
What just adopting at the Xdsl of extensive use (X Digital Subsriber Loop) at present is the interconnection technique of point-to-point, is to discern the user by user's subscribers feeder.Another uses more widely, and access way is to adopt PPPOE (Point to Point Protocol over Ethernet) and DHCP (Dynamic Host ConfigurationProtocol, DHCP) access network user.Adopt the narrowband systems of above-mentioned access way can not satisfy people's demand, PON (Passive Optical Network, passive optical-fiber network) access device adopts broadband access technology, use user's MAC Address at user's incoming end, the details of port information, QinQ double-layer label and access device indicate the user.The extensive use of PON access device makes BRAS (the Broadband Remote Access Server BAS Broadband Access Server) server of its upstream can't or be difficult to obtain user's information from the Ethernet data bag, thereby can not carry out unified authentication management to user port, it is stolen effectively to take precautions against the IP address.
Summary of the invention
Technical problem to be solved by this invention provides a kind of method of taking precautions against the stolen port positioning real-time authentication in IP address effectively.
The invention provides a kind of method of port positioning real-time authentication, described method comprises the steps:
Step a: local side apparatus adds described local side apparatus information to described IP address request after receiving the IP address request that the user sends, and transmits the described IP address request of giving and give certificate server;
Step b: described certificate server judges that described IP address request returns described IP address message after legal and give described user.
Further, in the present invention, also have following characteristics, described IP address request comprises user profile, and in step b, described certificate server judges that the legal detailed process of described IP address request is as follows:
Described certificate server is judged the legitimacy of described local side apparatus information, described certificate server sends the registrar of described user profile to described user, described registrar is judged the legitimacy of described user profile, if it is all legal that described local side apparatus and described user profile are judged, judge that then described IP address request is legal.
Further, in the present invention, also have following characteristics, described method also comprises the steps:
Step c: described user receives behind the described IP address message configuration of IP address and sends the IP address to described local side apparatus and uses request message;
Steps d: described local side apparatus is received after request message is used in described IP address and is judged that described user is transmitted to described certificate server after legal;
Step f: described certificate server returns the IP address and uses and to check and approve message and give described local side apparatus, and described local side apparatus is received that IP address that described certificate server returns uses to check and approve and transmitted described IP address after the message and use and check and approve message and give described user.
Further, in the present invention, also have following characteristics, in step b, described certificate server returns transmits described IP address message to described local side apparatus before described IP address message is given described user, and described local side apparatus stores MAC Address, VLAN and the port information of described local side apparatus; Described IP address uses request message to carry user profile, in steps d, described local side apparatus judges that the legal detailed process of described user is as follows: described local side apparatus compares the legitimacy of confirming the user with MAC Address, VLAN and the port information of the described local side apparatus that the user's registration information of described registrar and described local side apparatus store.
Further, in the present invention, also have following characteristics, in step b, described certificate server returns transmits described IP address message to described local side apparatus before described IP address message is given described user, described IP address message comprises the time of described user's use IP address, described local side apparatus is set and is transmitted described IP address message after the time that the user uses the IP address temporarily and give described user, described method comprises the steps: that further described user is when described user uses the time of IP address to expire temporarily, send the IP address and use request message to described local side apparatus, described local side apparatus is examined described user and is returned the IP address after legal and use and check and approve message and give described user.
Further, in the present invention, also have following characteristics, described method comprises the steps: that further described local side apparatus in time of described use IP address during near the phase, sends the IP address and uses request message to renew a contract to described certificate server.
Further, in the present invention, also have following characteristics, if it is unsuccessful to renew a contract, described local side apparatus sends the IP address request to certificate server.
Further, in the present invention, also have following characteristics, described local side apparatus information comprises that described local side apparatus is at the legal information of operator and MAC Address, VLAN and the port information of described local side apparatus.
Further, in the present invention, also have following characteristics, described user profile comprises user's registration information, user's MAC Address.
Compared to prior art, the present invention binds together local side product information and IP address request information and carries out port locations.It is stolen that the present invention can effectively take precautions against the IP address.
Description of drawings
Fig. 1 is that the system of preferred embodiment port positioning real-time authentication method of the present invention connects block diagram;
Fig. 2 is the particular flow sheet of preferred embodiment port positioning real-time authentication method of the present invention.
Embodiment
See also Fig. 1, the system of invention preferred embodiment port positioning real-time authentication method of the present invention connects block diagram, and a plurality of users connect a local side apparatus, the common upper strata local side apparatus that connects of each local side apparatus, the upper strata local side apparatus connects a registrar, and registrar connects certificate server.
Specify port positioning real-time authentication method of the present invention below in conjunction with Fig. 2, the idiographic flow of preferred embodiment port positioning real-time authentication method of the present invention is as follows:
Step 201: when the user dynamically applies for the IP address, send DISCOVER message (IP address request) and give local side apparatus, DISCOVER message comprises option60 field (user profile), the option60 field comprises this user's registration information, user's MAC (MediaAccess Control, medium access control) address information;
Step 202: local side apparatus receives DISCOVER message, add OPTION82 field (local side apparatus information) and give DISCOVER message, the OPTION82 field comprises local side apparatus at the legal information of operator and MAC Address, VLAN and the port information of local side apparatus, transmits the DISCOVER message that has the OPTIOIN82 field and gives certificate server;
Step 203: certificate server is resolved the legitimacy that the OPTIOIN82 field is determined local side apparatus after receiving DISCOVER message; Send DISCOVER message and resolve the legitimacy that OPTIOIN60 determines the user to user's registrar.
Step 204: user's registrar is resolved OPTIOIN60 and is determined whether the user is legal, if legal, returns the legal authentication information of user to certificate server;
Step 205: certificate server returns OFFER message (ip address message) and gives local side apparatus, described OFFER message comprises the time of user's use IP address, local side apparatus is set the time that the user uses the IP address temporarily, and note the IP address that the user applies for, the MAC Address of local side apparatus, behind VLAN and the port information, transmit OFFER message and give the user;
Step 206: the user receives after the OFFER message, disposes the IP address of oneself;
Step 207: the user sends out REQUEST message (request message is used in the IP address) and gives local side apparatus, REQUEST message carries user profile, the information (MAC Address of the local side apparatus of storage, VLAN and port information) that local side apparatus stores the user's registration information of registrar and local side apparatus is transmitted to certificate server after comparing and confirming user legal then;
Step 208: certificate server returns ACK message (the ip address is used and checked and approved message) to local side apparatus and gives the user;
Step 209: when the user used the time of IP address to expire temporarily, the user sent out REQUEST message and gives local side apparatus;
Step 210: local side apparatus compares the legitimacy of confirming the user with the information of user and local side apparatus storage after receiving REQUEST message, directly return ACK message to the user if the user is legal.
Step 211: local side apparatus is judged when if the time of user's use IP address soon expires, and sends REQUREST message and goes renewed treaty to certificate server; If certificate server can not be renewed a contract, then send DISCOVER message to certificate server.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. the method for a port positioning real-time authentication comprises the steps:
Step a: local side apparatus adds described local side apparatus information to described IP address request after receiving the IP address request that the user sends, and transmits the described IP address request of giving and give certificate server;
Step b: described certificate server judges that described IP address request returns described IP address message after legal and give described user.
2. the method for claim 1, it is characterized in that: described IP address request comprises user profile, in step b, described certificate server judges that the legal detailed process of described IP address request is as follows:
Described certificate server is judged the legitimacy of described local side apparatus information, described certificate server sends the registrar of described user profile to described user, described registrar is judged the legitimacy of described user profile, if it is all legal that described local side apparatus and described user profile are judged, judge that then described IP address request is legal.
3. the method for claim 1, it is characterized in that: described method also comprises the steps:
Step c: described user receives behind the described IP address message configuration of IP address and sends the IP address to described local side apparatus and uses request message;
Steps d: described local side apparatus is received after request message is used in described IP address and is judged that described user is transmitted to described certificate server after legal;
Step f: described certificate server returns the IP address and uses and to check and approve message and give described local side apparatus, and described local side apparatus is received that IP address that described certificate server returns uses to check and approve and transmitted described IP address after the message and use and check and approve message and give described user.
4. method as claimed in claim 3, it is characterized in that: in step b, described certificate server returns transmits described IP address message to described local side apparatus before described IP address message is given described user, and described local side apparatus stores MAC Address, VLAN and the port information of described local side apparatus; Described IP address uses request message to carry user profile, in steps d, described local side apparatus judges that the legal detailed process of described user is as follows: described local side apparatus compares the legitimacy of confirming the user with MAC Address, VLAN and the port information of the described local side apparatus that the user's registration information of described registrar and described local side apparatus store.
5. method as claimed in claim 3, it is characterized in that: in step b, described certificate server returns transmits described IP address message to described local side apparatus before described IP address message is given described user, described IP address message comprises the time of described user's use IP address, described local side apparatus is set and is transmitted described IP address message after the time that the user uses the IP address temporarily and give described user, described method comprises the steps: that further described user is when described user uses the time of IP address to expire temporarily, send the IP address and use request message to described local side apparatus, described local side apparatus is examined described user and is returned the IP address after legal and use and check and approve message and give described user.
6. method as claimed in claim 5 is characterized in that: described method comprises the steps: that further described local side apparatus in time of described use IP address during near the phase, sends the IP address and uses request message to renew a contract to described certificate server.
7. method as claimed in claim 6 is characterized in that: if it is unsuccessful to renew a contract, described local side apparatus sends the IP address request to certificate server.
8. the method for claim 1, it is characterized in that: described local side apparatus information comprises that described local side apparatus is at the legal information of operator and MAC Address, VLAN and the port information of described local side apparatus.
9. method as claimed in claim 2 is characterized in that: described user profile comprises user's registration information, user's MAC Address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009101069982A CN101557290A (en) | 2009-05-15 | 2009-05-15 | Port positioning real-time authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009101069982A CN101557290A (en) | 2009-05-15 | 2009-05-15 | Port positioning real-time authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101557290A true CN101557290A (en) | 2009-10-14 |
Family
ID=41175244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2009101069982A Pending CN101557290A (en) | 2009-05-15 | 2009-05-15 | Port positioning real-time authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101557290A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102487396A (en) * | 2010-12-02 | 2012-06-06 | 中兴通讯股份有限公司 | User position determining method and system |
| CN103095863A (en) * | 2013-01-10 | 2013-05-08 | 上海斐讯数据通信技术有限公司 | Method for achieving acquisition of internet protocol (IP) by different virtual local area network (VLAN) users |
| CN107181759A (en) * | 2017-07-05 | 2017-09-19 | 杭州迪普科技股份有限公司 | The authentication method and device of a kind of user equipment |
-
2009
- 2009-05-15 CN CNA2009101069982A patent/CN101557290A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102487396A (en) * | 2010-12-02 | 2012-06-06 | 中兴通讯股份有限公司 | User position determining method and system |
| CN102487396B (en) * | 2010-12-02 | 2015-04-01 | 中兴通讯股份有限公司 | User position determining method and system |
| CN103095863A (en) * | 2013-01-10 | 2013-05-08 | 上海斐讯数据通信技术有限公司 | Method for achieving acquisition of internet protocol (IP) by different virtual local area network (VLAN) users |
| CN107181759A (en) * | 2017-07-05 | 2017-09-19 | 杭州迪普科技股份有限公司 | The authentication method and device of a kind of user equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100388739C (en) | Method and system for contributing DHCP addresses safely | |
| CN101296203B (en) | Device, system and method for automatically configuring application terminal in family network | |
| CN101075962B (en) | Method and apparatus for realizing DHCP repeater in two-layer network exchanger | |
| CN101141492B (en) | Method and system for implementing DHCP address safety allocation | |
| CN101064714B (en) | Service dispensing method | |
| US7657633B2 (en) | System and method to identify customer premise equipment devices | |
| TWI520639B (en) | Method, apparatus and system for dynamically creating serving groups | |
| EP2790381B1 (en) | Method, device and system for processing IPV6 messages | |
| CN100525317C (en) | Method for distributing service based on terminal mark | |
| CN100499672C (en) | Method for distributing service based on terminal physical position | |
| US20100023603A1 (en) | Method, system and apparatus for provisioning a communication client | |
| EP3108643B1 (en) | Ipoe dual-stack subscriber for routed residential gateway configuration | |
| CN101789906A (en) | Method and system for access authentication of user | |
| US7165111B2 (en) | System and method to identify devices employing point-to-point-over Ethernet encapsulation | |
| CN101459591B (en) | Method for implementing user interface positioning on passive optical network access equipment | |
| EP3108642B1 (en) | Ipoe dual-stack subscriber for bridged residential gateway configuration | |
| CN101188628B (en) | Method, system, network device for distributing service information | |
| CN102487396B (en) | User position determining method and system | |
| CN101557290A (en) | Port positioning real-time authentication method | |
| JP2008042735A (en) | Management method of mac address learning function, and network device | |
| CN106411928A (en) | Authentication method and device of client access server and VDI system | |
| CN103001930A (en) | Remote data communication system | |
| US20050195751A1 (en) | System and method for identifying devices using a point to point protocol | |
| CN101127654A (en) | Method and system for association between devices in network | |
| CN100550901C (en) | The method of obtaining broadband user access port information for broadwide access server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20091014 |