CN101986598A - Authentication method, server and system - Google Patents
Authentication method, server and system Download PDFInfo
- Publication number
- CN101986598A CN101986598A CN 201010527519 CN201010527519A CN101986598A CN 101986598 A CN101986598 A CN 101986598A CN 201010527519 CN201010527519 CN 201010527519 CN 201010527519 A CN201010527519 A CN 201010527519A CN 101986598 A CN101986598 A CN 101986598A
- Authority
- CN
- China
- Prior art keywords
- windows
- user name
- authentication
- user
- domain server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an authentication method, an authentication server and an authentication system. The authentication method is used for realizing the linkage authentication of 802.1X and a Windows active directory (AD) domain, and comprises that: an 802.1X authentication server receives an authentication request carrying a username and a blank password of a user from the user; the 802.1X authentication server transmits the username and the blank password to a Windows AD domain server which verifies the username and the blank password; after the username and the blank password pass the verification, the 802.1X authentication server transmits a query request carrying the username to the Windows AD domain server; the Windows AD domain server judges whether the username belongs to an authorized user or not; and if the username belongs to the authorized user, the linkage authentication is successfully finished.
Description
Technical field
The embodiment of the invention relates to networking technology area, relates in particular to a kind of authentication method, server and system.
Background technology
802.1X agreement is a kind of access to netwoks control protocol based on port (Port-BasedNetwork Access Control abbreviates PBNAC as).Access to netwoks control based on port is meant the visit of access level (being the port of Ethernet switch or broadband access equipment) the control client of the network equipment to network.The port default of client access network device is the all-access authority of blocking-up user to network, and only handles a kind of certain protocol message.Be connected the client device on this generic port, the accesses network resource at first must process authenticate if desired, the client device ability accesses network resource of authentication success, if without authentication, and just can not the accesses network resource.
802.1X the basic framework schematic diagram of system can be as shown in Figure 1, wherein, 802.1X system can be made up of three parts, authentication petitioner (Supplicant System), authenticator (AuthenticatorSystem) and certificate server (Authentication System).Wherein, the authentication petitioner generally directly is called Authentication Client or client, it is the software that moves in the client device or the computer software of independent operating, effect is to receive the necessary information (being generally username and password) of authentication, form according to 802.1X agreement regulation is packaged into corresponding message, sends to the authenticator, handle the response message that the authenticator responds simultaneously, carry out the identifying procedure of client.The authenticator directly is called authenticating device or equipment sometimes, and the interface of user access network is provided.It is to support corresponding function by the software that moves in the equipment, receive the authentication request that the authentication petitioner initiates, and request handled accordingly, being packaged into upper-layer protocol (agreement on the IP layer) then is forwarded in the certificate server and authenticates, if thinking, certificate server authenticates petitioner's authentication success, the Internet resources that then allow the Authentication Client visit to need then do not allow Authentication Client accesses network resource by authentication petitioner authentification failure if certificate server is thought.Certificate server may operate among the authenticator, also may operate in independently in the hardware device, effect is that the authentication petitioner is authenticated (if the petitioner uses username and password to authenticate, whether correct with regard to verified users name and password so), if authentication petitioner authentication success, then send the message of authentication success,, then send the message of authentification failure to the authenticator if authenticate petitioner's authentification failure to the authenticator.
In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art:
In the 802.1X verification process of standard, be that not allow user cipher be empty, if user cipher be empty, multiple different processing mode then may occur: wherein a kind of is that certificate server is directly refused the user access network of password for sky; Another kind is that certificate server allows password to carry out the authentication in Windows AD territory for empty user, and allows the direct access network of user in Windows AD domain authentication by the back.
Directly refuse the processing mode that password is the user access network of sky for first kind, can adopt in the prior art 802.1X function of authenticating device is closed, wait until then that all users add to open the 802.1X function again behind the Windows AD territory and address the above problem.But, close the 802.1X function after, the safety of network can't ensure, can bring more serious potential safety hazard.
For second kind of processing mode that allows password to carry out Windows AD domain authentication and allow the direct access network of user in authentication by the back for empty user, password can occur and be the empty not limited situation of user access network, so prior art can not used this processing mode usually.
Summary of the invention
The embodiment of the invention provides a kind of authentication method, server and system, and during in order to 802.1X in the solution prior art and the interlock authentication of Windows AD territory, not allowing password is empty problem, has ensured the safety of network simultaneously.
The embodiment of the invention provides a kind of authentication method, is used to realize the interlock authentication in 802.1X and Windows AD territory, comprising:
802.1X certificate server receives user's authentication request, carries described user's user name and null password in the described authentication request;
Described 802.1X certificate server sends to Windows AD domain server with described user name and null password, by described Windows AD domain server described user name and null password is carried out verification;
After the verification succeeds, described 802.1X certificate server sends query requests to described Windows AD domain server, carries described user name in the described query requests;
Described Windows AD domain server judges whether described user name is authorized user;
When described user is called authorized user, the interlock authentication success.
The embodiment of the invention provides a kind of certificate server again, comprising:
Receiver module is used to receive user's authentication request, carries described user's user name and null password in the described authentication request;
Sending module is used for described user name and null password are sent to Windows AD domain server, by described Windows AD domain server described user name and null password is carried out verification;
The authority enquiry module is used for after described Windows AD server is to described user name and null password verification succeeds, sends query requests to described Windows AD domain server, carries described user name in the described query requests; Described user name is used for described Windows AD domain server and judges whether described user name is authorized user; When described user is called authorized user, the interlock authentication success.
The embodiment of the invention also provides a kind of Verification System, is used to realize the interlock authentication in 802.1X and Windows AD territory, comprising: 802.1X certificate server and Windows AD domain server;
Described 802.1X certificate server comprises:
Receiver module is used to receive user's authentication request, carries described user's user name and null password in the described authentication request;
Sending module is used for described user name and null password are sent to Windows AD domain server, by described Windows AD domain server described user name and null password is carried out verification;
The authority enquiry module is used for after described Windows AD domain server is to described user name and null password verification succeeds, sends query requests to described Windows AD domain server, carries described user name in the described query requests;
Described Windows AD domain server comprises:
The verification module is used for described user name and null password that the sending module of described 802.1X certificate server sends are carried out verification;
Judge module is used to judge whether the described user name that the authority enquiry module of described 802.1X certificate server sends is authorized user; When described user is called authorized user, the interlock authentication success.
The authentication method of the embodiment of the invention, server and Verification System, by after Windows AD domain server is to user name and null password verification succeeds, certificate server is the access rights of inquiring user name once more, could authentication success when having only the user for authorized user, make 802.1X and Windows AD territory when linking authentication, can realize the null password authentication, and obtain the authorization.This authentication method need not extra deployment, only need increase the mutual of a signaling, provides cost savings.And, need not to close the 802.1X function and can when 802.1X and the interlock authentication of Windows AD territory, realize the null password authentication, method is safe and reliable, does not have the potential safety hazard of prior art; But also effectively controlled the drawback that the null password user can unrestricted access network.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the basic framework schematic diagram of 802.1X system in the prior art;
The flow chart of the authentication method that Fig. 2 provides for the embodiment of the invention;
The interaction diagrams of the authentication method that Fig. 3 provides for the embodiment of the invention;
The structural representation of the certificate server that Fig. 4 provides for the embodiment of the invention;
The structural representation of the Verification System that Fig. 5 provides for the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The flow chart of the authentication method that Fig. 2 provides for the embodiment of the invention, this authentication method are used to realize the interlock authentication in 802.1X and Windows AD territory.As shown in Figure 2, this method comprises:
201:802.1X certificate server receives user's authentication request, carries user's user name and null password in this authentication request;
202:802.1X certificate server sends to Windows AD domain server with user name and null password, by Windows AD domain server user name and null password is carried out verification;
203: after the verification succeeds, the 802.1X certificate server sends query requests to Windows AD domain server, carries user name in the query requests;
204:Windows AD domain server judges whether user name is authorized user;
When the user is called authorized user, the interlock authentication success.
Below, in conjunction with the interaction diagrams of authentication method shown in Figure 3 the authentication method that the embodiment of the invention provides is described in detail.As shown in Figure 3, this method comprises:
301:802.1X after the authentication petitioner receives user's authentication request, send authentication beginning message with the triggering authentication process to the 802.1X authenticator;
Wherein, user's authentication request can be understood as: the authentication petitioner receives the username and password of authenticated user by input equipment (as mouse, keyboard etc.) input.In the present embodiment, password is empty.
Authentication beginning message can be the EAPOL-Start message.Wherein, EAPOL (ExtensibleAuthentication Protocol Over LAN) is a kind of Extensible Authentication Protocol based on local area network (LAN).
302:802.1X the authenticator sends the identity request message to the authentication petitioner, to obtain user's user name;
Wherein, the identity request message can be EAPOL-Request[Identity] message.
303:802.1X the authentication petitioner sends to the 802.1X authenticator with user name by the identity back message using;
Wherein, the identity back message using can be EAPOL-Response[Identity] message, wherein be packaged with user's user name.
304:802.1X the authenticator will authenticate identity back message using that the petitioner sends and be encapsulated in agreement remote customer dialing authentication system (Radius) agreement and be transmitted to certificate server;
Wherein, (Remote Authentication Dial In UserService abbreviates as the remote customer dialing authentication system protocol: Radius) be a kind of extendible application layer authentication agreement.Acting as encapsulation EAPOL message and passing to certificate server in the present embodiment.With EAPOL-Response[Identity] reason that is encapsulated in the Radius agreement of message is: the EAPOL message is a two-layer protocol, can not cross over the network segment and directly propagate, and propagates so it will be encapsulated in this class application layer protocol of Radius.Message after the encapsulation can be Radius/EAPOL-Response[Identity] message.
Need to prove in addition: Radius agreement itself can also provide the encapsulation of a lot of attributes except encapsulation EAPOL message, such as the encapsulation of user's information such as user name.
305:802.1X certificate server receives Radius/EAPOL-Response[Identity] behind the message, send password challenge message to the authenticator, to obtain user's password;
Wherein, password challenge message can be Radius/EAPOL-Request[Challenge] message, message content can be the random number of certain-length, is generally 32 bytes.
306: the authenticator receives the Radius/EAPOL-Request[Challenge that certificate server sends] behind the message, with the password challenge EAPOL-Request[Challenge that encapsulates in the message] message is transmitted to 802.1X authentication petitioner;
307: the authentication petitioner sends to the authenticator with password by the password response message;
Password response message wherein can be EAPOL-Response[MD5], be packaged with user's password, user's password is empty in the present embodiment.
308: the password response message that the authenticator will authenticate petitioner's transmission is encapsulated in the Radius agreement, is assembled into Radius/EAPOL-Response[MD5] message, be transmitted to certificate server;
309: certificate server receives Radius/EAPOL-Response[MD5] message, therefrom extract username and password, and be packaged into authentication request packet and send to Windows AD domain server;
Wherein, authentication request packet can be the LDAP-Bind-Request message, the effect of this message is to send authentication request to ldap server (being the 802.1X certificate server in the present embodiment), current connection session is tied in the context of ldap server.LDAP is the abbreviation of LDAP, is used for access classes to be similar to the database of telephone directory, the content of this database is with<title, value〉mode store data.Because Windows AD domain server supports ldap protocol to conduct interviews,, value so the user profile in the Windows AD domain server is exactly with<title〉mode store in the Windows AD domain server.
310:Windows AD domain server carries out verification to the username and password that receives;
Concrete verification mode can for:
Windows AD domain server inquires about whether there is this user name in the user profile of its preservation;
If there is no, verification succeeds then;
If exist, then whether the password of this user name correspondence of inquiry is empty in user profile;
If, verification succeeds then;
If not, then verification failure.
Need to prove that wherein user profile is the information that configuration is finished on Windows AD domain server in advance, this user profile comprises: have the user name and the password of visiting this Windows AD domain server content rights.User profile can exist for the form of list, and is as shown in table 1:
Table 1
| User name | Password | Authority |
| Zhang San | 123 | Allow the access server content |
| Li Si | 456 | The limiting access server content |
| The king five | Allow the access server content | |
| ?...... | ?...... | ?...... |
If there is not the user name of asking this authentication in user profile, then Windows AD domain server is given tacit consent to the anonymous authentication that is of this authentication, allows authentication success.But the user of anonymous authentication success is without any the authority of access server content, follow-uply also can't carry out any operation.
311:Windows AD territory sends to certificate server with check results;
Wherein, check results can be sent to certificate server by the LDAP-Bind-Response message.
312: certificate server receives check results, and when check results be successfully the time, certificate server transmission query requests is to Windows AD domain server, and whether inquire about the active user is authorized user; When check results is failure, authentification failure, execution in step 315.
Wherein, query requests can be the LDAP-QUERY-Request message, and user name is encapsulated in this message.
After 313:Windows AD domain server receives query requests, judge whether its user name of carrying belongs to anonymous;
Concrete, the user profile that the inquiry of Windows AD domain server is preserved in advance judges whether there is this user name in the user profile;
If there is this user name, then user name does not belong to anonymous, and this user is an authorized user, execution in step 314;
If there is no this user name, then user name belongs to anonymous, and this user is a unauthorized user, authentification failure, execution in step 315.
314:Windows AD domain server returns Query Result to certificate server;
Wherein, Query Result can send to certificate server by the LDAP-QUERY-Response message.
315: certificate server sends to the authenticator with the Query Result that receives;
When Query Result is a user name when not belonging to anonymous, representative of consumer is an authorized user, and the success of WindowsAD domain authentication sends authentication success (Radius/EAPOL-Success) message to the authenticator;
When Query Result belonged to anonymous for the user, representative of consumer was a unauthorized user, and the failure of WindowsAD domain authentication sends authentification failure (Radius/EAPOL-Failure) message to the authenticator.
316: the authenticator selects whether to open controlled ports according to the difference of the message that receives, and transmits authentication result and give the authentication petitioner;
Wherein, when the authenticator received the Radius/EAPOL-Success message, acquiescence authentication petitioner authentication success was opened controlled ports, and is transmitted the EAPOL-Success message to the authentication petitioner;
When the authenticator received the Radius/EAPOL-Failure message, acquiescence authentication petitioner authentification failure was not opened controlled ports, and is transmitted the EAPOL-Failure message to the authentication petitioner.
317: the authentication petitioner calls the corresponding interface that client-side program provides after receiving the EAPOL-Success or EAPOL-Failure of authenticator's transmission, finishes this authentication.
The embodiment of the invention provides a kind of authentication method, by after Windows AD domain server is to user name and null password verification succeeds, certificate server is the access rights of inquiring user name once more, could authentication success when having only the user for authorized user, make 802.1X and Windows AD territory link when authentication, can realize the null password authentication and obtain the authorization.This authentication method need not extra deployment, only need increase the mutual of a signaling, provides cost savings.And, need not to close the 802.1X function and can when 802.1X and the interlock authentication of Windows AD territory, realize the null password authentication, method is safe and reliable, does not have the potential safety hazard of prior art; But also effectively controlled the drawback that the null password user can unrestricted access network.
The structural representation of the certificate server that Fig. 4 provides for the embodiment of the invention, as shown in Figure 4, this certificate server can comprise: receiver module 401, sending module 402 and authority enquiry module 403.Wherein, receiver module 401 is used to receive user's authentication request, carries user's user name and null password in this authentication request.Sending module 402 is used for user name and null password are sent to Windows AD domain server, by Windows AD domain server user name and null password is carried out verification.Authority enquiry module 403 is used for after Windows AD domain server is to user name and null password verification succeeds, sends query requests to Windows AD domain server, carries user name in this query requests.User name in the query requests is used for Windows AD domain server and judges according to user name whether the user is authorized user, if this user is an authorized user, then this interlock authentication success allows this user access network.
Need to prove that for authority enquiry module 403 this authority enquiry module 403 can comprise transmitting element and receiving element; Transmitting element is used to send query requests, and query requests can be the LDAP-QUERY-Request message.Receiving element is used to receive Query Result, and Query Result is carried in the LDAP-QUERY-Response message.
The embodiment of the invention provides a kind of certificate server, by after Windows AD domain server is to user name and null password verification succeeds, the access rights of inquiring user name once more, could authentication success when having only the user for authorized user, make 802.1X and Windows AD territory link when authentication, can realize the null password authentication and obtain the authorization.This authentication method need not extra deployment, only need increase the mutual of a signaling, provides cost savings.And, need not to close the 802.1X function and can when 802.1X and the interlock authentication of Windows AD territory, realize the null password authentication, method is safe and reliable, does not have the potential safety hazard of prior art; But also effectively controlled the drawback that the null password user can unrestricted access network.
The structural representation of the Verification System that Fig. 5 provides for the embodiment of the invention, as shown in Figure 5, this system is used to realize the interlock authentication in 802.1X and Windows AD territory, the method for work of this system can not done herein and give unnecessary details with reference to authentication method shown in Figure 3.This system comprises: 802.1X certificate server 501 and Windows AD domain server 502;
Wherein, 802.1X certificate server 501 comprises:
Receiver module is used to receive user's authentication request, carries user's user name and null password in the authentication request;
Sending module is used for user name and null password are sent to Windows AD domain server, by Windows AD domain server user name and null password is carried out verification;
The authority enquiry module is used for after Windows AD domain server is to user name and null password verification succeeds, sends query requests to Windows AD domain server, carries user name in the query requests;
Windows AD domain server 502 comprises:
The verification module is used for user name and null password that the sending module of 802.1X certificate server sends are carried out verification;
Judge module is used to judge whether the user name that the authority enquiry module of 802.1X certificate server sends is authorized user; When the user is called authorized user, the interlock authentication success.
Under a kind of execution mode, the verification module of this Windows AD domain server 502 comprises:
First query unit, whether the user profile inquiry that is used for preserving in advance at Windows AD domain server exists user name; If there is no, verification succeeds then;
Second query unit, when being used for Query Result when first query unit and being user name and not existing, whether the password of inquiring user name correspondence is empty in the user profile that Windows AD domain server is preserved in advance; If, verification succeeds then; If not, then verification failure.
Under another execution mode, the judge module of this Windows AD domain server 502 comprises:
Query unit is used to inquire about the user profile of preserving in advance, judges in the user profile of preserving in advance whether have this user name; If there is this user name, this user's fame and position authorized user then.
The embodiment of the invention provides a kind of Verification System, by after Windows AD domain server is to user name and null password verification succeeds, the access rights of inquiring user name once more, could authentication success when having only the user for authorized user, make 802.1X and Windows AD territory when linking authentication, can realize the null password authentication, and obtain the authorization.This Verification System need not extra deployment, only need increase the mutual of a signaling, provides cost savings.And, need not to close the 802.1X function and can when 802.1X and the interlock authentication of Windows AD territory, realize the null password authentication, method is safe and reliable, does not have the potential safety hazard of prior art; But also effectively controlled the drawback that the null password user can unrestricted access network.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. an authentication method is used to realize the interlock authentication in 802.1X and Windows AD territory, it is characterized in that, comprising:
802.1X certificate server receives user's authentication request, carries described user's user name and null password in the described authentication request;
Described 802.1X certificate server sends to Windows AD domain server with described user name and null password, by described Windows AD domain server described user name and null password is carried out verification;
After the verification succeeds, described 802.1X certificate server sends query requests to described Windows AD domain server, carries described user name in the described query requests;
Described Windows AD domain server judges whether described user name is authorized user;
When described user is called authorized user, the interlock authentication success.
2. authentication method according to claim 1 is characterized in that, describedly by described WindowsAD domain server described user name and null password is carried out verification, comprising:
Whether the inquiry in the user profile of preserving in advance of described Windows AD domain server exists described user name;
If there is no, verification succeeds then;
If exist, whether described Windows AD domain server is inquired about described user name correspondence in described user profile password is empty;
If, verification succeeds then;
If not, then verification failure.
3. authentication method according to claim 1 and 2 is characterized in that, described Windows AD domain server judges that whether described user name is authorized user, comprising:
The user profile that described Windows AD domain server inquiry is preserved in advance judges in the described user profile of preserving in advance whether have described user name;
If there is described user name, then described user is called authorized user.
4. authentication method according to claim 1 is characterized in that, described 802.1X certificate server sends query requests to described Windows AD domain server, comprising:
Described 802.1X certificate server sends the LDAP-QUERY-Request message to described Windows AD domain server, carries described user name in the described LDAP-QUERY-Request message.
5. authentication method according to claim 4 is characterized in that, also comprises:
Described 802.1X certificate server receives the LDAP-QUERY-Response message that described Windows AD domain server sends, and carries Query Result in the described LDAP-QUERY-Response message.
6. a certificate server is characterized in that, comprising:
Receiver module is used to receive user's authentication request, carries described user's user name and null password in the described authentication request;
Sending module is used for described user name and null password are sent to Windows AD domain server, by described Windows AD domain server described user name and null password is carried out verification;
The authority enquiry module is used for after described Windows AD server is to described user name and null password verification succeeds, sends query requests to described Windows AD domain server, carries described user name in the described query requests; Described user name is used for described Windows AD domain server and judges whether described user name is authorized user; When described user is called authorized user, the interlock authentication success.
7. certificate server according to claim 6 is characterized in that, described authority enquiry module comprises: transmitting element and receiving element;
Described transmitting element is used to send described query requests, and described query requests is the LDAP-QUERY-Request message;
Described receiving element is used to receive Query Result, and described Query Result is carried in the LDAP-QUERY-Response message.
8. a Verification System is used to realize the interlock authentication in 802.1X and Windows AD territory, it is characterized in that, comprising: 802.1X certificate server and Windows AD domain server;
Described 802.1X certificate server comprises:
Receiver module is used to receive user's authentication request, carries described user's user name and null password in the described authentication request;
Sending module is used for described user name and null password are sent to Windows AD domain server, by described Windows AD domain server described user name and null password is carried out verification;
The authority enquiry module is used for after described Windows AD domain server is to described user name and null password verification succeeds, sends query requests to described Windows AD domain server, carries described user name in the described query requests;
Described Windows AD domain server comprises:
The verification module is used for described user name and null password that the sending module of described 802.1X certificate server sends are carried out verification;
Judge module is used to judge whether the described user name that the authority enquiry module of described 802.1X certificate server sends is authorized user; When described user is called authorized user, the interlock authentication success.
9. Verification System according to claim 8 is characterized in that, described verification module comprises:
First query unit, whether the user profile inquiry that is used for preserving in advance at described Windows AD domain server exists described user name; If there is no, verification succeeds then;
Second query unit, when being used for Query Result when described first query unit and being described user name and not existing, whether the password of the described user name correspondence of inquiry is empty in the user profile that described Windows AD domain server is preserved in advance; If, verification succeeds then; If not, then verification failure.
10. according to Claim 8 or 9 described Verification Systems, it is characterized in that described judge module comprises:
Query unit is used to inquire about described user profile of preserving in advance, judges in the described user profile of preserving in advance whether have described user name; If there is described user name, then described user is called authorized user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010527519 CN101986598B (en) | 2010-10-27 | 2010-10-27 | Authentication method, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010527519 CN101986598B (en) | 2010-10-27 | 2010-10-27 | Authentication method, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101986598A true CN101986598A (en) | 2011-03-16 |
| CN101986598B CN101986598B (en) | 2013-03-13 |
Family
ID=43710904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010527519 Active CN101986598B (en) | 2010-10-27 | 2010-10-27 | Authentication method, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101986598B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
| CN104270368A (en) * | 2014-10-08 | 2015-01-07 | 福建星网锐捷网络有限公司 | Authentication method, authentication server and authentication system |
| CN104782099A (en) * | 2012-11-21 | 2015-07-15 | 三菱电机株式会社 | Method and system for authenticating at least one terminal requesting access to at least one resource |
| CN106230683A (en) * | 2016-07-29 | 2016-12-14 | 北京北信源软件股份有限公司 | A kind of method and system of the certification dynamic vlan switching that links |
| CN106856471A (en) * | 2015-12-09 | 2017-06-16 | 北京艾科网信科技有限公司 | AD domains login authentication method under 802.1X |
| CN108322421A (en) * | 2017-01-16 | 2018-07-24 | 医渡云(北京)技术有限公司 | Computer system security management method and device |
| CN108881103A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of method and device accessing network |
| CN110321717A (en) * | 2018-03-28 | 2019-10-11 | 深圳联友科技有限公司 | A kind of file encrypting method and system |
| CN110933018A (en) * | 2018-09-20 | 2020-03-27 | 马上消费金融股份有限公司 | Network authentication method, device and computer storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1830512A1 (en) * | 2004-12-04 | 2007-09-05 | Huawei Technologies Co., Ltd. | A method and system for realizing the domain authentication and network authority authentication |
| CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
-
2010
- 2010-10-27 CN CN 201010527519 patent/CN101986598B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1830512A1 (en) * | 2004-12-04 | 2007-09-05 | Huawei Technologies Co., Ltd. | A method and system for realizing the domain authentication and network authority authentication |
| CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
| CN104782099A (en) * | 2012-11-21 | 2015-07-15 | 三菱电机株式会社 | Method and system for authenticating at least one terminal requesting access to at least one resource |
| CN104270368A (en) * | 2014-10-08 | 2015-01-07 | 福建星网锐捷网络有限公司 | Authentication method, authentication server and authentication system |
| CN104270368B (en) * | 2014-10-08 | 2017-11-03 | 福建星网锐捷网络有限公司 | Authentication method, certificate server and Verification System |
| CN106856471A (en) * | 2015-12-09 | 2017-06-16 | 北京艾科网信科技有限公司 | AD domains login authentication method under 802.1X |
| CN106856471B (en) * | 2015-12-09 | 2019-12-17 | 北京艾科网信科技有限公司 | AD domain login authentication method under 802.1X |
| CN106230683B (en) * | 2016-07-29 | 2019-06-21 | 北京北信源软件股份有限公司 | A kind of method and system of linkage certification dynamic vlan switching |
| CN106230683A (en) * | 2016-07-29 | 2016-12-14 | 北京北信源软件股份有限公司 | A kind of method and system of the certification dynamic vlan switching that links |
| CN108322421A (en) * | 2017-01-16 | 2018-07-24 | 医渡云(北京)技术有限公司 | Computer system security management method and device |
| CN108881103A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of method and device accessing network |
| CN110321717A (en) * | 2018-03-28 | 2019-10-11 | 深圳联友科技有限公司 | A kind of file encrypting method and system |
| CN110933018A (en) * | 2018-09-20 | 2020-03-27 | 马上消费金融股份有限公司 | Network authentication method, device and computer storage medium |
| CN110933018B (en) * | 2018-09-20 | 2021-01-15 | 马上消费金融股份有限公司 | Network authentication method, device and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101986598B (en) | 2013-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101986598B (en) | Authentication method, server and system | |
| USRE45532E1 (en) | Mobile host using a virtual single account client and server system for network access and management | |
| US8589675B2 (en) | WLAN authentication method by a subscriber identifier sent by a WLAN terminal | |
| CA2744971C (en) | Secure transaction authentication | |
| CN105027493B (en) | Safety moving application connection bus | |
| US6971005B1 (en) | Mobile host using a virtual single account client and server system for network access and management | |
| CN105162777B (en) | A kind of wireless network login method and device | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN102271134B (en) | Method and system for configuring network configuration information, client and authentication server | |
| DK2924944T3 (en) | Presence authentication | |
| CN105100095A (en) | Secure interaction method and apparatus for mobile terminal application program | |
| WO2009074082A1 (en) | Access controlling method?system and device | |
| CN102307099A (en) | Authentication method and system as well as authentication server | |
| US20150249639A1 (en) | Method and devices for registering a client to a server | |
| CN106230824A (en) | A kind of mobile device authentic authentication system and method | |
| CN104702562B (en) | Terminal fused business cut-in method, system and terminal | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN105763517A (en) | Router security access and control method and system | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| CN112929881A (en) | Machine card verification method applied to extremely simple network and related equipment | |
| CN101616414A (en) | Method, system and server that terminal is authenticated | |
| CN106302425B (en) | Communication method between nodes of virtualization system and virtualization system thereof | |
| CN102271120A (en) | Trusted network access authentication method capable of enhancing security | |
| US10356112B2 (en) | Method of mitigating cookie-injection and cookie-replaying attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |