CN102075504A - Method and system for realizing two-layer Portal authentication and Portal server - Google Patents
Method and system for realizing two-layer Portal authentication and Portal server Download PDFInfo
- Publication number
- CN102075504A CN102075504A CN2009102384857A CN200910238485A CN102075504A CN 102075504 A CN102075504 A CN 102075504A CN 2009102384857 A CN2009102384857 A CN 2009102384857A CN 200910238485 A CN200910238485 A CN 200910238485A CN 102075504 A CN102075504 A CN 102075504A
- Authority
- CN
- China
- Prior art keywords
- address
- subscriber equipment
- access device
- portal server
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and system for realizing two-layer Portal authentication and a Portal server. In the technical scheme, a management IP address of access equipment where user equipment is arranged can be obtained by the Portal server, the management IP address is interacted with the access equipment, and then two-layer Portal authentication on the user equipment is realized. In addition, known from the technical scheme for realizing the two-layer Portal authentication in the invention, the Portal server inquires the access equipment of the user equipment in a two-layer network after receiving a page request sent by the user equipment, therefore, even if the user equipment is moved from one access equipment to the other access equipment to access, the Portal server can also accurately find out the access equipment accessed by the user equipment, and the problem of authentication failure caused by moving the user equipment is avoided.
Description
Technical field
The present invention relates to the network authentication technology, refer to a kind of method, system and portal server of realizing two layers of door (Portal) authentication especially.
Background technology
In the world of computer and internet, authentication is a key element the most basic, also is the basis of whole information security system, the user have only passed through authentication could normal accesses network resource.The mode of authentication at present has a lot, and 802.1x authentication, Portal authentication or the like are typically arranged.
802.1x authentication techniques are a kind of two layers of authentication techniques.The advantage of this technology is to finish two layers of authentication, overall performance to equipment is less demanding, can effectively reduce the networking cost, simultaneously owing to used Extensible Authentication Protocol (EAP) commonly used in the RAS system, good autgmentability and adaptability can be provided, realize compatibility conventional P PP authentication architecture.But when implementing the 802.1x authentication, the keeper need install 802.1x authentication proxy software on each terminal equipment, realizes in a large enterprise or terminal distribute the network that comparatively disperses like this that 802.1x authenticates just to seem very difficult.
The Portal authentication is also referred to as web authentication usually, generally the Portal authentication website is called portal website.When the user needed information in the access internet, its access device just authenticated relocating user equipment to portal website, just can the internet usage resource after authentication is passed through.The specific implementation of Portal authentication can be referring to flow process shown in Figure 1.
In step 101, subscriber equipment sends the HTTP request to access device.
In step 102, access device returns the IP address of Portal server to subscriber equipment.
When webpage of user capture, the HTTP request that subscriber equipment sends to access device, because subscriber equipment is not by authentication, therefore access device need send to subscriber equipment with the IP address of Portal server here, and relocating user equipment is accepted authentication to Portal server.
In step 103, subscriber equipment is to the Portal server requested webpage.This operation is finished automatically by the Web browser on the subscriber equipment.
In step 104, Portal server sends solicited message REQ_INFO message to access device.
In step 105, access device is to Portal server return information response message.
Step 104 and 105 is mainly used to the specifying information that Portal server inserts to the access device inquiring user, and for example Virtual Local Area Network, port etc. are used for the right authentication of Portal server.
In step 106, the page request of Portal server response subscriber equipment sends to browser with the Portal certification page.
In step 107, the user is after Portal page input authentication information, and subscriber equipment sends authentication request to Portal equipment, wherein carries authentication information.
In step 108, after Portal server is received authentication request, send the REQ_CHALLENGE message to access device.
In step 109, access device returns the ACK_CHALLENGE message to Portal server.
In step 110, Portal server sends the REQ_AUTH message to access device.
The user directly inputs user's name on WEB, password authenticates, and have only Portal server to know user's name, password this moment, and follow-up certification work needs access device and Radius server communication to finish.Therefore Portal server need be informed access device user's name and password, yet, directly these information of transmission are stolen easily on the networking, therefore Portal server at first sends encrypted word of message application in step 108, access device is responded the encrypted word that generates in step 109, and Portal server sends user's name and the encrypted message that uses encrypted word to encrypt in step 110.
In step 111, access device sends the ACCESS_REQUEST message to remote customer dialing authentication system (Radius, Remote Authentication Dial In User Service).
In step 112, Radius returns the ACCESS_ACCEPT message to access device.
ACCESS_REQUEST message in the step 111 and 112 and ACCESS_ACCEPT message are the Radius message identifyings of standard.Access device sends to the Radius server with information such as user's name passwords by the ACCESS_REQUEST message in the step 111, and Radius sends to access device to the result that information will authenticate after will authenticating by the ACCESS_ACCEPT message in the step 112.
In step 113, access device sends the ACK_AUTH message to Portal server.
In step 114, Portal server returns the AFF_ACK_AUTH message to access device.
Here, in step 113, whether authentication success is given subscriber equipment so that Portal server pushes the different authentication result pages to access device by ACK_AUTH message notifying user.AFF_ACK_AUTH message in the step 114 represents that Portal server receives the notice of access device.
By top introduction as can be known, when subscriber equipment passed through access internet through browsers, its flow was redirected to Portal server by access device, and Portal server pushes the web authentication page to user browser, the user finishes authentication by the Web interface, and then the resource on the access internet.Portal authentication is three layers of authentication, realize simple, need be on terminal equipment installation agent software, dispose very convenient.
In view of 802.1x is realizing existing problem in two layers of authentication, and the simple advantage of Portal authentication realization, need two layers of Portal authentication technology of a kind of realization scheme that proposes in the prior art badly.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method, system and Portal server of realizing two layers of Portal authentication.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that realizes two layers of gate verification is applicable to that each equipment disposition in the double layer network has the situation of management ip address;
After portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying described subscriber equipment;
Access device receiver address query message determines that according to the MAC Address of wherein carrying subscriber equipment when self inserts, to portal server return address inquiry response message, wherein carries the management ip address of self;
Portal server is after receiving the address lookup response message, and the management ip address that acquisition is wherein carried sends the authentication webpage to described subscriber equipment; And after receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.
A kind of system that realizes two layers of gate verification is applicable to that each equipment disposition in the double layer network has the situation of management ip address, comprising: subscriber equipment, portal server and access device;
Described subscriber equipment sends web-page requests to portal server; After receiving the authentication webpage that portal server sends, send authentication request to portal server;
After described portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated;
Described access device receives the address lookup message that portal server sends, and according to the MAC Address of wherein carrying, determines that described subscriber equipment when self inserts, to portal server return address inquiry response message, wherein carries the management ip address of self; And mutual with portal server, to described subscriber equipment authentication.
A kind of portal server is applicable to that each equipment disposition in the double layer network has the situation of management ip address, comprising: processing unit and authentication ' unit;
Described processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment;
Described authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.
The present invention obtains the management ip address of subscriber equipment place access device by Portal server, and mutual by management ip address and access device, and then realizes that two layers of Portal of subscriber equipment authenticate.In addition, realize two layers of Portal authentication technology scheme as can be known by the present invention, Portal server is after receiving that subscriber equipment sends web-page requests, the access device of ability inquiring user equipment in the double layer network of place, therefore, even subscriber equipment moves to another access device from an access device and inserts, the access device that Portal server also can find subscriber equipment accurately and inserted, the problem that can't authenticate after having avoided subscriber equipment to move.
Description of drawings
The flow process that Fig. 1 authenticates the Internet user for Portal server;
Fig. 2 realizes the exemplary process diagram of two layers of Portal authentication method for the present invention;
Fig. 3 realizes the exemplary block diagram of two layers of Portal Verification System for the present invention;
Fig. 4 is the exemplary block diagram of Portal server of the present invention;
Fig. 5 is the flow chart of embodiment of the invention method.
Embodiment
In the detailed description of this part, only, illustrate and described preferred embodiment of the present invention by to implementing the example of the desired best mode of inventor of the present invention.It will be appreciated that and not deviate under the prerequisite of the present invention, it is made amendment with regard to each conspicuous aspect.Correspondingly, it is exemplary in itself that drawing and description should be regarded as, rather than restrictive.
When each equipment all disposes management ip address in double layer network, just can be undertaken alternately between each equipment by management ip address.Management ip address can be used for carrying out transmission of Information, but can not be used for transmitting.Therefore, in order to realize two layers of Portal authentication, as long as Portal server can obtain the management ip address of the access device that subscriber equipment and subscriber equipment connect, just can be undertaken alternately by management ip address and access device, finish two layers of Portal authentication to subscriber equipment.Management ip address for subscriber equipment, because subscriber equipment can send web-page requests to Portal server, therefore the management ip address of Portal server acquisition subscriber equipment is not difficult, and key is how Portal server obtains the management ip address of subscriber equipment place access device.
Referring to Fig. 2, Fig. 2 realizes the exemplary process diagram of two layers of Portal authentication method for the present invention.This method comprises: in step 201, after Portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; In step 202, access device receiver address query message determines that according to the MAC Address of wherein carrying subscriber equipment when self inserts, to Portal server return address inquiry response message, wherein carries the management ip address of self; In step 203, Portal server obtains the management ip address wherein carry after receiving the address lookup response message that returns, and sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.The access device here can be BAS Broadband Access Server (BAS, Broadband Access Server).
Referring to Fig. 3, Fig. 3 realizes the exemplary block diagram of two layers of Portal Verification System for the present invention.The system of two layers of Portal authentication of this realization comprises: subscriber equipment, Portal server and access device.Wherein, subscriber equipment sends web-page requests to Portal server; After receiving the authentication webpage that Portal server sends, send authentication request to Portal server.After Portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.Access device receives the address lookup message that Portal server sends, and according to the MAC Address of wherein carrying, determines that subscriber equipment when self inserts, to Portal server return address inquiry response message, wherein carries the management ip address of self; And at described subscriber equipment when self inserts, mutual with Portal server, to described subscriber equipment authentication.In addition, access device can also carry out finishing the authentication to subscriber equipment alternately with the Radius server as required.
Wherein, access device at definite described subscriber equipment when self inserts, according to the mac address table of the MAC Address inquiry of carrying in the address lookup message of receiving self, when on the down going port of mac address table, having this MAC Address, determine that described subscriber equipment inserts from self.
In addition, subscriber equipment sends web-page requests to access device usually, by access device this web-page requests is redirected to Portal server, and then Portal server has been received the web-page requests that subscriber equipment sends.The detailed process that is redirected is: subscriber equipment sends web-page requests to access device; After access device is received the web-page requests that subscriber equipment sends, the IP address of Portal server is sent to subscriber equipment; Subscriber equipment sends described web-page requests to Portal server after receiving the IP address of the Portal server that access device returns.
Referring to Fig. 4, Fig. 4 realizes the exemplary block diagram of two layers of Portal server for the present invention.These two layers of Portal server comprise: processing unit and authentication ' unit.Wherein, processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment; Authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.Wherein, processing unit can be by inquiry cluster topology, the access device in the traversal topology, and each access device in double layer network sends the address lookup message.Processing unit can also obtain the cluster topology, be specially: send the network topology request message to the adjacent device that is connected, the response message that returns by reception is collected the neighbor information and the link information of place each network equipment of network, obtains the cluster topology of the place network equipment.
Below by specific embodiment technical scheme of the present invention is described in detail.
Referring to Fig. 5, Fig. 5 is a method flow diagram of realizing two layers of Portal authentication in the embodiment of the invention.
Step 501~503 are identical with step 101~103 among Fig. 1, specifically can be not described in detail in this referring to the detailed introduction of step 101~103.
In step 504, Portal server sends address lookup message, the MAC Address of carrying subscriber equipment in the message to each access device.
Here, Portal server can be by inquiry cluster topology, and the access device in the traversal topology sends the address lookup message to each access device.The cluster topology obtains by cluster protocol, cluster protocol comprises People Near Me discovery (NDP), discovering network topology (NTDP) and member management protocol (Cluster) etc., appointed management equipment realizes that by cluster protocol the neighbours between the two-layer network device find the collection of whole net topology and the management of member device.
The execution general procedure of cluster protocol is: the equipment of operation NDP regularly sends the NDP message from the port of all activated NDP agreement, receive the NDP information that neighbor device sends simultaneously, NDP can only be used for finding the neighbor information of " directly linking to each other ", comprise device type, software/hardware version, connectivity port of adjacent device etc., equipment is not transmitted after receiving the NDP message.After management equipment is designated, send NTDP topology request message to all of its neighbor equipment, the equipment of receiving this request sends response message immediately, the link information of the NDP information of this equipment that this equipment of report is collected by the NDP agreement and it and all of its neighbor equipment, and the duplicate requests message sends to its all of its neighbor equipment.Adjacent device will be carried out same operation after receiving request: send response message, the duplicate requests message sends to its all of its neighbor equipment, by that analogy, after each network equipment NDP information that management equipment will be collected and the information of associated devices, form network topology by calculating.When the NDP on member's equipment found that neighbours change, by the message informing management equipment that handshake message changes neighbours, management equipment can start NTDP and specify collecting topology, thereby makes NTDP can in time reflect the variation of network topology.
Portal server can obtain the cluster topology by the management equipment of Access Management Access topology.When management equipment was embedded webmaster (WiNet) server, Portal server then can be visited the WiNet server and be obtained the cluster topology.Certainly, the function of collection network topology also can be integrated in the Portal server, and Portal server also can be embedded in the WiNet server.
In step 505, access device is received the address lookup message that Portal server sends, check the mac address table of self according to the MAC Address of carrying in the message, judge whether the MAC Address of hitting is arranged in the mac address table, if hit, then return the management ip address of self to Portal server, this management ip address can be carried in the address lookup response message and return to Portal server; If do not hit, then can not handle.Present embodiment is the situation of query hit.
Address lookup message in the step 504 and the address lookup response message in the step 505 can be realized by the type of expansion Portal message, defined two kinds of new type of messages, BAS_REQUEST message and BAS_ACK message.Wherein, BAS REQUEST is the address lookup message, is worth to be that 0X10, direction are Portal server → access device, and implication is Portal server inquiry main frame on-position, and processing requirements is necessary; BAS_ACK is the address lookup response message, is worth to be that 0x11, direction are access device → Portal server, and implication is that access device is responded, and processing requirements is necessary.Wherein, in the BAS_REQUEST message, increase by an attribute field MAC-Address, AttrType is 0x0d, and property value length is 6Byte (fixing), and the attribute implication is the MAC Address of authenticated user equipment.
Like this, each access device of Portal server sends the BAS_REQUEST message, and the purpose IP address of UDP message extends this as the IP address of access device.After access device receives this message, MAC Address attribute and compare in the analytic message with oneself MAC Address list item, if contain this MAC Address then use the BAS_ACK message to respond, the BAS-IP attribute in this BAS_ACK message extends this as the managing I P of oneself, the MAC Address that the MAC-Address attribute is filled in subscriber equipment.
When whether access device inquiry self MAC address table has the MAC Address of hitting, only need the inquiry down going port, do not need to inquire about up going port.Be the mac address table of access device according to the MAC Address inquiry of carrying in the query message of address self, when having this MAC Address on the down going port of mac address table, then define the MAC Address of hitting, subscriber equipment inserts from self.The reason of only inquiring about down going port is that subscriber equipment is in descending access, if up going port has the MAC Address of subscriber equipment, shows that this MAC Address learns from other access devices, and subscriber equipment does not insert from this access device.
In step 506, Portal server is received the management ip address that access device returns, and to access device REQ_INFO message, subsequent step 507~517 is identical with step 105~115, is not described in detail in this according to this management ip address.
And then Portal server has been finished the authentication to subscriber equipment according to the management ip address that access device returns, and has realized two layers of Portal authentication.
The technical scheme that the present invention proposes, mutual by the management ip address of Portal server acquisition subscriber equipment place access device by management ip address and access device, and then realize that two layers of Portal of subscriber equipment authenticate.In addition, by the technical scheme of the above-mentioned record of the present invention as can be known, Portal server is after receiving that subscriber equipment sends web-page requests, the access device of ability inquiring user equipment in the double layer network of place, therefore, even subscriber equipment moves to another access device from an access device and inserts, the access device that Portal server also can find subscriber equipment accurately and inserted, the problem that can't authenticate after having avoided subscriber equipment to move.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method that realizes two layers of gate verification is characterized in that, is applicable to that each equipment disposition in the double layer network has the situation of management ip address;
After portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying described subscriber equipment;
Access device receiver address query message determines that according to the MAC Address of wherein carrying subscriber equipment when self inserts, to portal server return address inquiry response message, wherein carries the management ip address of self;
Portal server is after receiving the address lookup response message, and the management ip address that acquisition is wherein carried sends the authentication webpage to described subscriber equipment; And after receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.
2. method according to claim 1 is characterized in that, describedly determines according to MAC Address that subscriber equipment inserts from self and is:
Access device when having this MAC Address on the down going port of mac address table, determines that described subscriber equipment inserts from self according to the mac address table of the MAC Address inquiry of carrying in the query message of address self.
3. method according to claim 1 and 2 is characterized in that, the web-page requests that described portal server receives the subscriber equipment transmission is:
After access device is received the web-page requests of subscriber equipment transmission, send the IP address of portal server to subscriber equipment;
Subscriber equipment is according to sending web-page requests from the IP address that access device is received to portal server;
Portal server receives the web-page requests that subscriber equipment sends.
4. method according to claim 1 is characterized in that, described portal server each access device in the double layer network of place sends the address lookup message and is:
Described portal server inquiry cluster topology, the access device in the traversal topology, each access device in double layer network sends the address lookup message.
5. a system that realizes two layers of gate verification is characterized in that, is applicable to that each equipment disposition in the double layer network has the situation of management ip address, comprising: subscriber equipment, portal server and access device;
Described subscriber equipment sends web-page requests to portal server; After receiving the authentication webpage that portal server sends, send authentication request to portal server;
After described portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated;
Described access device receives the address lookup message that portal server sends, and according to the MAC Address of wherein carrying, determines that described subscriber equipment when self inserts, to portal server return address inquiry response message, wherein carries the management ip address of self; And mutual with portal server, to described subscriber equipment authentication.
6. system according to claim 5 is characterized in that,
Described access device when self inserts, according to the mac address table of the MAC Address inquiry of carrying in the query message of address self, when having this MAC Address on the down going port of mac address table, determines that described subscriber equipment inserts from self at definite described subscriber equipment.
7. according to claim 5 or 6 described systems, it is characterized in that,
Described subscriber equipment sends web-page requests to access device; Behind the IP address of receiving the portal server that access device returns, send described web-page requests to portal server;
After described access device is received the web-page requests that subscriber equipment sends, the IP address of portal server is sent to subscriber equipment.
8. a portal server is characterized in that, is applicable to that each equipment disposition in the double layer network has the situation of management ip address, comprising: processing unit and authentication ' unit;
Described processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment;
Described authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.
9. portal server according to claim 8 is characterized in that,
Described processing unit inquiry cluster topology, the access device in the traversal topology, each access device in double layer network sends the address lookup message.
10. according to Claim 8 or 9 described portal servers, it is characterized in that, described processing unit further sends the network topology request message to the adjacent device that is connected, the response message that returns by reception is collected the neighbor information and the link information of place each network equipment of network, obtains the cluster topology of the place network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910238485 CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910238485 CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075504A true CN102075504A (en) | 2011-05-25 |
| CN102075504B CN102075504B (en) | 2013-06-26 |
Family
ID=44033850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910238485 Expired - Fee Related CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075504B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638472A (en) * | 2012-05-07 | 2012-08-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
| CN103023727A (en) * | 2012-12-28 | 2013-04-03 | 迈普通信技术股份有限公司 | Portal performance testing system and Portal performance testing method |
| CN103532717A (en) * | 2013-10-16 | 2014-01-22 | 杭州华三通信技术有限公司 | Portal authentication processing method, Portal authentication assisting method and Portal authentication assisting device |
| WO2014173335A1 (en) * | 2013-09-04 | 2014-10-30 | 中兴通讯股份有限公司 | Portal authentication method, broadband network gateway (bng), portal server and system |
| CN104836812A (en) * | 2015-05-26 | 2015-08-12 | 杭州华三通信技术有限公司 | Portal authentication method, device and system |
| CN107276819A (en) * | 2017-07-06 | 2017-10-20 | 杭州敦崇科技股份有限公司 | A kind of authentication method of the three-layer network based on snmp protocol |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510862A (en) * | 2002-12-26 | 2004-07-07 | 华为技术有限公司 | Identification and business management for network user |
| CN1581770A (en) * | 2003-08-13 | 2005-02-16 | 华为技术有限公司 | Three-layer user authentication method |
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101217560A (en) * | 2007-12-29 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
-
2009
- 2009-11-20 CN CN 200910238485 patent/CN102075504B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510862A (en) * | 2002-12-26 | 2004-07-07 | 华为技术有限公司 | Identification and business management for network user |
| CN1581770A (en) * | 2003-08-13 | 2005-02-16 | 华为技术有限公司 | Three-layer user authentication method |
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101217560A (en) * | 2007-12-29 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638472A (en) * | 2012-05-07 | 2012-08-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
| CN102638472B (en) * | 2012-05-07 | 2015-04-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
| CN103023727A (en) * | 2012-12-28 | 2013-04-03 | 迈普通信技术股份有限公司 | Portal performance testing system and Portal performance testing method |
| CN103023727B (en) * | 2012-12-28 | 2015-08-26 | 迈普通信技术股份有限公司 | Portal Performance Test System and method |
| WO2014173335A1 (en) * | 2013-09-04 | 2014-10-30 | 中兴通讯股份有限公司 | Portal authentication method, broadband network gateway (bng), portal server and system |
| CN103532717A (en) * | 2013-10-16 | 2014-01-22 | 杭州华三通信技术有限公司 | Portal authentication processing method, Portal authentication assisting method and Portal authentication assisting device |
| CN103532717B (en) * | 2013-10-16 | 2016-10-12 | 杭州华三通信技术有限公司 | A kind of Portal authentication method, certification assisted method and device |
| CN104836812A (en) * | 2015-05-26 | 2015-08-12 | 杭州华三通信技术有限公司 | Portal authentication method, device and system |
| CN107276819A (en) * | 2017-07-06 | 2017-10-20 | 杭州敦崇科技股份有限公司 | A kind of authentication method of the three-layer network based on snmp protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075504B (en) | 2013-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101369893B (en) | Method for local area network access authentication of casual user | |
| JP4291213B2 (en) | Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium | |
| CN108496380B (en) | Server and storage medium | |
| CN101964800B (en) | Method for authenticating digital certificate user in SSL VPN | |
| AU2017344388B2 (en) | Improvements in and relating to network communication | |
| CN102075504B (en) | Method and system for realizing two-layer Portal authentication and Portal server | |
| CN103354550A (en) | Authorization control method and device based on terminal information | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN105516163A (en) | Login method, terminal device and communication system | |
| CN103347020B (en) | A kind of system and method across application authorization access | |
| CN101582856A (en) | Session setup method of Portal server and BAS (broadband access server) device and system thereof | |
| CN106685785B (en) | Intranet access system based on IPsec VPN proxy | |
| CN103327008A (en) | HTTP reorienting method and HTTP reorienting device | |
| CN109274579A (en) | It is a kind of that user's uniform authentication method is applied based on wechat platform more | |
| US20070136786A1 (en) | Enabling identity information exchange between circles of trust | |
| CN101083594A (en) | Method and system for managing network appliance | |
| CN105049404A (en) | Dynamic IP addressing method and system for home gateway equipment | |
| AU2017344389B2 (en) | Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration | |
| CN101599834B (en) | Method for identification and deployment and management equipment thereof | |
| KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
| Prasanalakshmi et al. | Secure credential federation for hybrid cloud environment with SAML enabled multifactor authentication using biometrics | |
| CN107819564A (en) | A kind of design method of the single-node login system based on Public Key Infrastructure | |
| JP4149745B2 (en) | Authentication access control server device, authentication access control method, authentication access control program, and computer-readable recording medium recording the program | |
| Liu et al. | A Dual-Stack Authentication Mechanism Through SNMP. | |
| CN115086956A (en) | Network access method, network access device, medium, and electronic device for communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130626 Termination date: 20191120 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |