CN102271134A - Method and system for configuring network configuration information, client and authentication server - Google Patents
Method and system for configuring network configuration information, client and authentication server Download PDFInfo
- Publication number
- CN102271134A CN102271134A CN2011102302549A CN201110230254A CN102271134A CN 102271134 A CN102271134 A CN 102271134A CN 2011102302549 A CN2011102302549 A CN 2011102302549A CN 201110230254 A CN201110230254 A CN 201110230254A CN 102271134 A CN102271134 A CN 102271134A
- Authority
- CN
- China
- Prior art keywords
- network configuration
- configuration information
- client
- standard
- certificate server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a system for configuring network configuration information, a client and an authentication server. The method comprises: the client sends current network configuration information to the authentication server in an authentication process; the authentication server carries out standardability check on the current network configuration information and judges whether the current network configuration information accords with a network configuration standard or not; when the client is legal, but the current network configuration information does not accord with the network configuration standard, the authentication server issues the network configuration information in accordance with the network configuration standard to the client before sending an authentication failure message to the client; and the client configures the network configuration information according to the network configuration information in accordance with the network configuration standard. By utilizing the technical scheme, the problem in the prior art that a configuration error easily occurs when a user manually modifies the network configuration information is solved; the automatic configuration of the network configuration information is realized; and the configuration efficiency is improved.
Description
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of collocation method, system, client and certificate server of network configuration information.
Background technology
802.1X agreement is based on client/server (Client/Server; Abbreviate as: C/S) access control of pattern and authentication protocol.802.1x consultation obtains local area network (LAN) (Local Area Network in client (for example user or equipment); Abbreviate as: LAN) or WLAN (wireless local area network) (Wireless Local Area Network; Abbreviate as: before the miscellaneous service that WLAN) provides, the client that is connected to switch ports themselves is authenticated, to limit unwarranted client by switch ports themselves visit LAN or WLAN.Before authentication was passed through, the 802.1X agreement only allowed Extensible Authentication Protocol (the Extensible Authentication Protocol over LAN based on local area network (LAN); Abbreviate as: EAPOL) data are by the switch ports themselves of client connection, so that certificate server carries out authentication to client; After authentication was passed through, the port that the normal data of client just can waltz through switch visited LAN or WLAN.
Three kinds of roles are arranged: client, network access server (Network Access Server in the 802.1X authentication system; Abbreviate as: NAS) and certificate server.Client is meant the entity (entity) of the end that LAN or WLAN connect; NAS is the entity that is used for Authentication Client that LAN or WLAN connect; Certificate server is meant the entity that authentication service is provided for NAS.Use remote user dialing authentication protocol (Remote Authentication Dial In User Service between certificate server and the NAS; Abbreviate as: Radius) certified transmission, mandate and configuration information, charge information etc.Use EAPOL to carry out the transmission of relevant information between client and the NAS.
In the 802.1X Verification System, when client by when online authentication, the network configuration information in the time of can adopting the use network of local configuration usually carries out the access of network.Wherein, network configuration information mainly comprises: use dynamic Internet protocol (Internet Protocol; Abbreviate as: IP) address, or static ip address; Under the situation of using static ip address, also comprise IP address, subnet mask, gateway ip address, first-selected domain name system (the Domain Name System of use; Abbreviate as: DNS) configuration informations such as configuration, the inferior DNS of choosing configuration.But the needed network configuration information of different network environments is often different, therefore, when the online environment of client changes, need correspondingly change the network configuration information of client.For example: when in the online of dormitory use cable network, require to adopt the static ip address online, and binding IP address is necessary for the IP address of distributing to the client use; When client when dormitory moves to the library, because the library uses the wireless network online, require to use the dynamic IP addressing online, this uses client the mode of static ip address online to be revised as the configuration of using the dynamic IP addressing online with regard to needing the user manually.
But in actual application, most users are not very familiar to network configuration and to the modification of network configuration information, configuration error often appears, this frequently in a plurality of interregional switchings online and face the user of multiple network configuration information, will produce very big puzzlement for needs.For addressing the above problem, prior art mainly is to send clear and definite miscue to the user in verification process, so that after the user sees miscue, the corresponding network configuration information of awareness network configuration information mistake and manual modification, and then carry out authentication operation.This technical scheme still needs user's manual modification network configuration information, still has the configuration difficulty for computer is understood less user, occur the problem of configuration error easily, and efficient is lower.
Summary of the invention
The invention provides a kind of collocation method, system, client and certificate server of network configuration information, be prone to the problem of configuration error when solving user's manual modification network configuration information in the prior art, realize the automatic configuration of network configuration information, improved allocative efficiency.
The invention provides a kind of collocation method of network configuration information, comprising:
Client sends to certificate server with the current network configuration information in verification process;
Described certificate server carries out the standardization verification to described current network configuration information, judges whether described current network configuration information meets the network configuration standard;
Legal when described client, and described current network configuration information is not when meeting the network configuration standard, and described certificate server was issuing the network configuration information that meets the network configuration standard to described client before sending authentification failure message to described client;
Described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard.
The invention provides a kind of client, comprising:
First sending module is used at verification process the current network configuration information being sent to certificate server;
First receiver module, be used for when the legal and described current network configuration information of described client does not meet the network configuration standard, receive described certificate server and sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to described client;
Configuration module is used for carrying out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard.
The invention provides a kind of certificate server, comprising:
Second receiver module is used for receiving the current network configuration information that client sends at verification process;
The normalized checking module is used for described current network configuration information is carried out the standardization verification, judges whether described current network configuration information meets the network configuration standard;
Second sending module, it is legal to be used in described client, and described current network configuration information is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard to described client to described client.
The invention provides a kind of configuration-system of network configuration information, comprising: client and certificate server;
Described client comprises:
First sending module is used at verification process the current network configuration information being sent to described certificate server;
First receiver module, be used for when the legal and described current network configuration information of described client does not meet the network configuration standard, receive described certificate server and sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to described client;
Configuration module is used for carrying out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard;
Described certificate server comprises:
Second receiver module is used for receiving the current network configuration information that described client sends at verification process;
The normalized checking module is used for described current network configuration information is carried out the standardization verification, judges whether described current network configuration information meets the network configuration standard;
Second sending module, it is legal to be used in described client, and described current network configuration information is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard to described client to described client.
The collocation method of network configuration information of the present invention, system, client and certificate server, client sends to certificate server with the current network configuration information in verification process, certificate server carries out the standardization inspection to the current network configuration information, when finding that the current network configuration information does not meet the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard to client to client, client is configured network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that is prone to configuration error, improved the efficient that network configuration information is configured.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the collocation method of the network configuration information that Fig. 1 provides for one embodiment of the invention;
The flow chart of the collocation method of the network configuration information that Fig. 2 A provides for one embodiment of the invention;
The standard Extensible Authentication Protocol that Fig. 2 B provides for one embodiment of the invention (Extensible Authentication Protocol; Abbreviate as: the EAP) structural representation of checking request message;
The flow chart of the 802.1X authentication method that Fig. 3 provides for one embodiment of the invention;
The structural representation of the client that Fig. 4 provides for one embodiment of the invention;
The structural representation of the client that Fig. 5 provides for another embodiment of the present invention;
The structural representation of the certificate server that Fig. 6 provides for one embodiment of the invention;
The structural representation of the certificate server that Fig. 7 provides for another embodiment of the present invention;
The structural representation of the configuration-system of the network configuration information that Fig. 8 provides for one embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The flow chart of the collocation method of the network configuration information that Fig. 1 provides for one embodiment of the invention.As shown in Figure 1, the method for present embodiment comprises:
In various embodiments of the present invention, described verification process is meant the 802.1X verification process.In the 802.1X Verification System, the information interaction between client and the certificate server is transmitted by network access server.Concrete, network access server receives the various EAP messages that client sends, and the EAP message is encapsulated in the Radius message is transmitted to certificate server; Correspondingly, network access server receives the various Radius messages that certificate server sends, and extracts the EAP message and be transmitted to client from the Radius message.
In the present embodiment, client sends to certificate server with the current network configuration information by network access server in the 802.1X verification process.For example: client is when receiving the eap authentication request message that carries challenging value (Challenge) (EAP Request/MD5-Challenge) of network access server forwarding, the password and the challenging value of client are encrypted according to the EAP-MD5 algorithm, generate the ciphertext after encrypting, the ciphertext after encrypting is encapsulated in the eap authentication response message (EAP Response/MD5-Challenge) together with the current network configuration information sends to network access server; Network access server is encapsulated in the eap authentication response message in the Radius access request message (Radius Access Request) and sends to certificate server.Above-mentioned client only is a kind of preferred implementation with the scheme that the current network configuration information sends to certificate server; but be not limited to this, so long as the method that the current network configuration information is sent to certificate server in verification process is all within the protection range of present embodiment.
Wherein, network configuration information comprises: use dynamic IP addressing, or static ip address; Using under the situation of static ip address, also comprising the configuration informations such as IP address, subnet mask, gateway ip address, first-selected DNS configuration, the inferior DNS of choosing configuration of use.
Wherein, stored the network configuration information that meet network configuration standard corresponding with each client on the certificate server in advance, these network configuration informations can be pre-configured by the network manager.Certificate server after receiving the current network configuration information of client, with the current network configuration information with its on the comparing of storage in advance with the corresponding network configuration information that meets the network configuration standard of client; If comparative result is that two kinds of network configuration informations are identical, determine that the current network configuration information of client meets the network configuration standard; If comparative result is that two kinds of network configuration informations are inequality, determine that the current network configuration information of client does not meet the network configuration standard.
Before the current network configuration information to client carries out the standardization verification, certificate server can carry out authentication to client earlier, judge whether client legal, only judge client legal after, the current network configuration information to client carries out the standardization verification again.
Legal when client, and the current network configuration information of client is not when meeting the network configuration standard, and the network configuration information that certificate server will meet the network configuration standard sends to client by network access server.For example: certificate server can be encapsulated in the network configuration information that meets the network configuration standard in the eap authentication request message, the eap authentication request message is encapsulated in the Radius access checking message (Radius Access Challenge) again and sends to network access server; Network access server inserts the checking message from Radius and extracts the eap authentication request message, and the eap authentication request message is transmitted to client.Client is obtained the network configuration information that meets the network configuration standard from the eap authentication request message.
Client is carried out the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard after getting access to the network configuration information that meets the network configuration standard.After the configuration of finishing network configuration information, the network configuration information of this moment meets the network configuration standard, when client authenticates based on network configuration information at this moment, and will authentication success.
Legal when client, and the current network configuration information of client is when meeting the network configuration standard, and certificate server sends authentication success message by network access server to client, passes through to inform client certificate.
The collocation method of the network configuration information of present embodiment, client sends to certificate server with the current network configuration information in verification process, certificate server carries out the standardization inspection to the current network configuration information, legal in client, and when finding that the current network configuration information does not meet the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard to client to client, client is configured network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solved the problem that is prone to configuration error, realized automatic configuration, improved the efficient that network configuration information is configured network configuration information.In addition, present embodiment offers client by the network configuration information that directly will meet the network configuration standard, finishes configuration operation automatically by client, has solved the difficult problem how certificate server can't dispose by miscue information completely detailed explanation.
The flow chart of the collocation method of the network configuration information that Fig. 2 A provides for one embodiment of the invention.Present embodiment is based on realization embodiment illustrated in fig. 1, and shown in Fig. 2 A, the method for present embodiment comprises:
Step 201, client receive the eap authentication request message that comprises challenging value that network access server is transmitted.
Also comprised before this step 201: client begins message (EAP Start) to network access server transmission EAP and carries out the 802.1X authentication with request.Network access server sends EAP identity request message (EAP Request/Identity) to client, requires client that user name is sent up.Client sends EAP identity response message (EAP Response/Identity) to network access server, comprises the user name of client in the EAP identity response message.Network access server is encapsulated in Radius with the EAP identity response message of client and inserts in the request message and send to certificate server.Certificate server receives after Radius inserts request message, can dynamically generate a challenging value, challenging value is encapsulated in the eap authentication request message, and the eap authentication request message is encapsulated in Radius inserts in the checking message and send to network access server; Simultaneously, certificate server also can store the challenging value that is generated.Network access server inserts the checking message from Radius and extracts the eap authentication request message, then the eap authentication request message is transmitted to client.
In various embodiments of the present invention, adopt the Radius agreement between network access server and the certificate server, network access server is as the Radius client of certificate server, be responsible for the information of client is passed to the certificate server of appointment, then according to operating for information about that certificate server returns.Certificate server is responsible for receiving the connection request of client, returns the relevant information that be necessary so that network access server for client provide service by the back to network access server at client certificate.Wherein relevant information comprises: the operable bandwidth of client, can the use traffic duration etc. information.
Under the Radius agreement, communicating by letter between network access server and the certificate server is to be used for differentiating that by sharing making of key this shared key can not transmit by network, has higher fail safe.In addition, when sending between network access server and certificate server, any information from client all can encrypt, to avoid the disabled user by smelling information such as the password that elicites client and password.For simplify describing, in various embodiments of the present invention, this ciphering process not write out, but and not meaning that and do not carry out encrypting.
In addition, under the Radius agreement, can adopt multiple authentication mechanism between network access server and the certificate server.Comparatively common has: password authentication protocol (Password Authentication Protocol; Abbreviate as: PAP), challenge-handshake agreement (Challenge Handshake Authentication Protocol; Abbreviate as: CHAP), Extensible Authentication Protocol (Extensible Authentication Protocol; Abbreviate as: EAP) etc.Because autgmentability and the fail safe of EAP are widely used in the 802.1X authentication.Authentication protocol based on EAP comprises Extensible Authentication Protocol-informative abstract 5 challenge (Extensible Authentication Protocol-Message Digest 5 Challenge; Abbreviate as: EAP-MD5), Extensible Authentication Protocol-Transport Layer Security (Extensible Authentication Protocol-Transport Layer Security; Abbreviate as: EAP-TLS), Extensible Authentication Protocol-Tunneled TLS (Extensible Authentication Protocol-Tunneled Transport Layer Security; Abbreviate as: EAP-TTLS) etc.In various embodiments of the present invention, all adopt the EAP-MD5 agreement.
Under the EAP agreement, a standard eap authentication request message comprises: a plurality of fields such as identify label (Identifier) field, length (Length) field, value size (Value-Size) field, challenging value (Challenge) field and name (Name) field.The form of standard eap authentication request message is shown in Fig. 2 B.Wherein, the content of in the agreement Name field being carried without limits, so present embodiment mainly carries the current network configuration information by the Name field of corresponding EAP message or meets the network configuration information of network configuration standard.
Step 202, client access to your password and challenging value is encrypted according to the cryptographic algorithm requirement of EAP-MD5, the ciphertext after encrypting is encapsulated in the eap authentication response message together with the current network configuration information sends to network access server.
Concrete, client accesses to your password and challenging value is encrypted according to the cryptographic algorithm requirement of EAP-MD5, ciphertext after will encrypting according to the EAP-MD5 agreement then leaves in the Challenge field (shown in Fig. 2 B) of eap authentication response message, and the current network configuration information is encapsulated in the Name field (shown in Fig. 2 B) of eap authentication response message.
Concrete, certificate server obtains the ciphertext after the encryption from the eap authentication response message, promptly obtain the content that encapsulates in the Challenge field, then according to the password of the client of storing on the certificate server and challenging value (this challenging value is the challenging value that certificate server in the step 201 sends to client), use the Standard Encryption algorithm of EAP-MD5, calculate a ciphertext after the encryption, and the ciphertext after two encryptions is compared; If both are identical, show that then client is legal; If both are inequality, show that client is illegal.
Concrete, the network configuration information that meets the network configuration standard that certificate server is corresponding with pre-configured and client with the current network configuration information of client compares; If comparative result is identical, determine that the current network configuration information of client meets the network configuration standard; If comparative result is inequality, determine that the current network configuration information of client does not meet the network configuration standard.
The network configuration information that step 206, certificate server will meet the network configuration standard is encapsulated in the eap authentication request message, and the eap authentication request message is encapsulated in Radius inserts in the checking message and send to network access server.
Concrete, the network configuration information that certificate server will meet the network configuration standard is encapsulated in the Name field of eap authentication request message.
Concrete, client is obtained the network configuration information that meets the network configuration standard from the Name field of eap authentication request message, and carries out the configuration of network configuration information according to the network configuration information that meets the network configuration standard.
Further, client can also show the user with the network configuration information that meets the network configuration standard.The network configuration information that wherein will meet the network configuration standard shows the user, be the performance of maintenance customer's right to know on the one hand, the network configuration cases of oneself can be described, so that can carry out the network consulting smoothly when making the user carry out the network consulting on the other hand.
Further, after client is finished configuration to network configuration information, can send authentication request message to certificate server, to authenticate again.Wherein, client sends authentication request message to certificate server, can be referring to the operation before the step 201 described in the step 201 with the process that authenticates again.At this moment, client will be by authentication.
Step 210, network access server extract the EAP failure message from Radius admission reject message, and are transmitted to client, finish this verification process.
Step 211, certificate server generate EAP success message (EAP Success), EAP success message is encapsulated in Radius accepts to send to network access server in the message (Radius Access Accept).
Simultaneously, certificate server sends to network access server with the relevant information that is necessary (the operable bandwidth of client for example, can use traffic duration etc.), makes network access server provide service on net for client.
Step 212, network access server accept to extract the message EAP success message from Radius, and are transmitted to client, finish this verification process.
The collocation method of the network configuration information of present embodiment, by increasing new identifying procedure, client in verification process by the EAP message is expanded, the current network configuration information is sent to certificate server, make certificate server carry out the standardization verification to the current network configuration information, and when the current network configuration information does not meet the network configuration standard, be handed down to client by newly-increased identifying procedure and by the network configuration information that expansion EAP message will meet the network standard, make client finish the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration makes mistakes, improved allocative efficiency.In addition, the network configuration information that will meet the network standard in verification process is handed down to client, and use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The flow chart of the 802.1X authentication method that Fig. 3 provides for one embodiment of the invention.As shown in Figure 3, the method for present embodiment comprises:
After step 7, client are received the eap authentication request message, use sign indicating number and challenging value to require to encrypt the ciphertext that generates after encrypting according to the EPA-MD5 cryptographic algorithm, ciphertext after encrypting is encapsulated in the challenging value field of eap authentication response message, the current network configuration information is encapsulated in the name field of eap authentication response message, then the eap authentication response message is sent to network access server.
Step 10, network access server insert the checking message from Radius and extract the eap authentication request message, are transmitted to client.
After step 11, client receive the eap authentication request message, from its name field, get access to the network configuration information that meets the network configuration standard, network to client disposes automatically, and the network configuration information that will meet the network configuration standard shows the user.
Step 12, client are after the configuration of finishing network configuration information, and client is initiated once new verification process once more, promptly send an EAP to network access server once more and begin message, and beginning 802.1x authentication inserts.
Step 13, certificate server generate Radius admission reject message and send to network access server.Radius admission reject message comprises the EAP failure message.
Step 14, network access server are transmitted to client with the EAP failure message, and prompting user name, password mistake are finished normal identifying procedure.
Step 15, certificate server generate Radius and accept message, and the related service attribute that carries relevant information, client sends to network access server.Radius accepts message and comprises EAP success message.
Step 16, network access server are transmitted to client with EAP success message, and the prompting client certificate passes through, and finishes normal identifying procedure.
The 802.1X authentication method of present embodiment, by increasing new identifying procedure, client in verification process by the EAP message is expanded, the current network configuration information is sent to certificate server, make certificate server carry out the standardization verification to the current network configuration information, and when the current network configuration information does not meet the network configuration standard, be handed down to client by newly-increased identifying procedure and by the network configuration information that expansion EAP message will meet the network standard, make client finish the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration makes mistakes, improved allocative efficiency.In addition, the network configuration information that will meet the network standard in verification process is handed down to client, and use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The structural representation of the client that Fig. 4 provides for one embodiment of the invention.As shown in Figure 4, the client of present embodiment comprises: first sending module 41, first receiver module 42 and configuration module 43.
Wherein, first sending module 41 is connected with certificate server 40, is used at verification process the current network configuration information being sent to certificate server 40.First receiver module 42, be connected with certificate server 40, be used for when the legal and current network configuration information of client does not meet the network configuration standard, receive certificate server 40 and sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to client.Configuration module 43 is connected with first receiver module 42, is used for carrying out the configuration of network configuration information according to the network configuration information that meets the network configuration standard.
The above-mentioned functions module of present embodiment client can be used for carrying out the flow process of the collocation method of network configuration information shown in Figure 1, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
The client of present embodiment, in verification process, the current network configuration information is sent to certificate server, make certificate server carry out the standardization verification to the current network configuration information, and when not meeting the network configuration standard, the current network configuration information issues the network configuration information that meets the network standard, client is finished the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration easily makes mistakes, improved allocative efficiency.In addition, the client of present embodiment allows certificate server to issue the network configuration information that meets the network standard in verification process, use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The structural representation of the client that Fig. 5 provides for another embodiment of the present invention.Present embodiment is based on realization embodiment illustrated in fig. 4, and as shown in Figure 5, the client of present embodiment also comprises: authentication request module 44.
Authentication request module 44, be connected with certificate server 40 with configuration module 43, be used for after configuration module 43 carries out the configuration of network configuration information according to the network configuration information that meets the network configuration standard, sending authentication request message to certificate server 40, to authenticate again.
Above-mentioned authentication request module 44 can be used for the flow process of step 12 in the execution graph 3, and its concrete operation principle repeats no more.
First sending module 41 of present embodiment comprises: receiving element 411 and encapsulation transmitting element 412.
Wherein, receiving element 411 is connected with network access server 45, is used to receive the eap authentication request message that comprises challenging value that network access server 45 is transmitted, so that client authenticates.Encapsulation transmitting element 412, be connected with network access server 45, be used for to be encapsulated in the eap authentication response message according to the ciphertext of password and challenging value generation together with the current network configuration information and send to network access server 45, send to certificate server 40 so that network access server 45 is encapsulated in the eap authentication response message in the Radius access request message.Wherein, first sending module 41 specifically is connected with certificate server 40 by network access server 45 with first receiver module 42.
In addition, first receiver module 42 of present embodiment specifically is used to receive network insertion and serves the eap authentication request message that 45 devices are transmitted, being packaged with the network configuration information that meets the network configuration standard in the described eap authentication request message, is to be inserted the checking message by the Radius that network access server 45 sends from certificate server 40 to extract.That is to say, the Radius access checking message that certificate server 40 will be packaged with the eap authentication request message sends to network access server 45, network access server 45 inserts the checking message from Radius and extracts the eap authentication request message, and the eap authentication request message is transmitted to first receiver module 42 of client.
Above-mentioned each functional module of present embodiment or unit can be used for the corresponding flow process in execution graph 1 or Fig. 2 A or the method shown in Figure 3, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
The client of present embodiment, in verification process by the EAP message is expanded, the current network configuration information is sent to certificate server, make certificate server carry out the standardization verification to the current network configuration information, and when the current network configuration information does not meet the network configuration standard, be handed down to client by newly-increased identifying procedure and by the network configuration information that expansion EAP message will meet the network standard, the client of present embodiment is finished the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration easily makes mistakes, improved allocative efficiency.In addition, the client of present embodiment allows certificate server to issue the network configuration information that meets the network standard in verification process, use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The structural representation of the certificate server that Fig. 6 provides for one embodiment of the invention.As shown in Figure 6, the certificate server of present embodiment comprises: second receiver module 61, normalized checking module 62 and second sending module 63.
Wherein, second receiver module 61 is connected with client 60, is used for receiving the current network configuration information that client 60 sends at verification process.Normalized checking module 62 is connected with second receiver module 61, is used for the current network configuration information is carried out the standardization verification, judges whether the current network configuration information meets the network configuration standard.Second sending module 63, be connected with normalized checking module 62, it is legal to be used in client 60, and the current network configuration information is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that client 60 is carried out the configuration of network configuration information according to the network configuration information that meets the network configuration standard to client 60 to client 60.
The certificate server of present embodiment, the client that provides with the above embodiment of the present invention cooperatively interacts, current network configuration information to client in verification process carries out the standardization inspection, and when the current network configuration information does not meet the network configuration standard, the network configuration information that will meet the network configuration standard is handed down to client, make client finish the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration easily makes mistakes, improved allocative efficiency.In addition, the certificate server of present embodiment issues the network configuration information that meets the network standard in verification process, and use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The structural representation of the certificate server that Fig. 7 provides for another embodiment of the present invention.Present embodiment is based on realization embodiment illustrated in fig. 6, as shown in Figure 7, second receiver module 61 of present embodiment specifically is used to receive the Radius access request message that is packaged with the eap authentication response message that network access server 70 sends, and is packaged with current network configuration information and the client ciphertext according to password and challenging value generation in the described eap authentication response message simultaneously.Wherein, second receiver module 61 is connected with client 60 by network access server 70.
Based on above-mentioned, certificate server also comprises: validity checking module 71 and trigger module 72.
Wherein, validity checking module 71 is used for the ciphertext according to the eap authentication response message, and client 60 is carried out authentication, judges whether client 60 is legal.Trigger module 72, be connected with validity checking module 71, be used for judged result in validity checking module 71 and be client 60 when legal, trigger 62 execution of normalized checking module the current network configuration information is carried out the standardization verification, judge whether the current network configuration information meets the operation of network configuration standard.
Further, the network configuration information that second sending module 63 of present embodiment specifically is used for meeting the network configuration standard is encapsulated in the eap authentication request message, and the eap authentication request message is encapsulated in Radius inserts in the checking message and send to network access server 70, extract the eap authentication request message and be transmitted to client 60 so that network access server 70 inserts the checking message from Radius.
The standardization of present embodiment checks that module 62 specifically is used for current network configuration information and pre-configured and the client 60 corresponding network configuration informations that meet the network configuration standard are compared, when comparative result is identical, determine that the current network configuration information meets the network configuration standard, when comparative result is inequality, determine that the current network configuration information does not meet the network configuration standard.
Further again, the certificate server of present embodiment also comprises: the 3rd sending module 73, be connected with normalized checking module 62 with validity checking module 71, and it is legal to be used in client 60, and when the current network configuration information meets the network configuration standard, send authentication success message to client 60.Concrete, the 3rd sending module 73 sends authentication success message by network access server 70 to client 60.
Above-mentioned each functional module of present embodiment can be used for the corresponding flow process in execution graph 1 or Fig. 2 A or the method shown in Figure 3, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
The certificate server of present embodiment, the client that provides with the above embodiment of the present invention cooperatively interacts, current network configuration information to client in verification process carries out the standardization inspection, and when the current network configuration information does not meet the network configuration standard, be handed down to client by newly-increased identifying procedure and by the network configuration information that expansion EAP message will meet the network configuration standard, make client finish the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration easily makes mistakes, improved allocative efficiency.In addition, the certificate server of present embodiment issues the network configuration information that meets the network standard in verification process, and use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
The structural representation of the configuration-system of the network configuration information that Fig. 8 provides for one embodiment of the invention.As shown in Figure 8, the system of present embodiment comprises: client 81 and certificate server 82.
Wherein, client 81 comprises: first sending module, first receiver module and configuration module.Wherein, client 81 can be Fig. 4 or client shown in Figure 5, and its concrete operation principle and structure repeat no more.Certificate server 82 comprises: second receiver module, normalized checking module and second sending module.Wherein, certificate server 82 can be Fig. 6 or certificate server shown in Figure 7, and its concrete operation principle and structure repeat no more.
In specific implementation process, first sending module of client 81 sends to certificate server 82 with the current network configuration information in verification process.Second receiver module of certificate server 82 receives the current network configuration information that client 81 sends in verification process.The normalized checking module of certificate server 82 is carried out the standardization verification to the current network configuration information, judges whether the current network configuration information meets the network configuration standard.Second sending module of certificate server 82 is legal in client 81, and the current network configuration information of client 81 is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that client 81 is carried out the configuration of network configuration information according to the network configuration information that meets the network configuration standard to client 81 to client 81.First receiver module of client 81 receives certificate server 82 and is sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to client.The configuration module of client 81 carries out the configuration of network configuration information according to the network configuration information that meets the network configuration standard.
In this explanation, the configuration-system of the network configuration information of present embodiment is applicable to the 802.1X Verification System, so also comprise network access server 83 in the configuration-system of present embodiment.Network access server 83 is connected between client 81 and the certificate server 82, is responsible for transmitting the interactive information between client 81 and the certificate server 82.
The configuration-system of the network configuration information of present embodiment, can be used for carrying out the flow process that said method embodiment provides, by increasing new identifying procedure, client sends to certificate server with the current network configuration information in verification process, make certificate server carry out the standardization verification to the current network configuration information, and when the current network configuration information does not meet the network configuration standard, the network configuration information that will meet the network standard is handed down to client, make client finish the configuration of network configuration information automatically according to the network configuration information that meets the network configuration standard, make the user without the manual modification network configuration information, solve the problem that configuration makes mistakes, improved allocative efficiency.In addition, certificate server will meet the network standard in verification process network configuration information is handed down to client, and use that both can the standard network has reduced the workload of network design and enforcement again greatly, saves network operation personnel's time and cost.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (18)
1. the collocation method of a network configuration information is characterized in that, comprising:
Client sends to certificate server with the current network configuration information in verification process;
Described certificate server carries out the standardization verification to described current network configuration information, judges whether described current network configuration information meets the network configuration standard;
Legal when described client, and described current network configuration information is not when meeting the network configuration standard, and described certificate server was issuing the network configuration information that meets the network configuration standard to described client before sending authentification failure message to described client;
Described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard.
2. the collocation method of network configuration information according to claim 1 is characterized in that, described client sends to certificate server with the current network configuration information and comprises in verification process:
Described client receives the Extensible Authentication Protocol eap authentication request message that comprises challenging value that network access server is transmitted, so that described client authenticates;
Described client will be encapsulated in together with described current network configuration information according to the ciphertext of password and the generation of described challenging value and send to described network access server in the eap authentication response message;
Described network access server is encapsulated in described eap authentication response message in the remote user dialing authentication protocol Radius access request message and sends to described certificate server.
3. the collocation method of network configuration information according to claim 1 and 2 is characterized in that, described certificate server issued the network configuration information that meets the network configuration standard to described client and comprises before sending authentification failure message to described client:
Described certificate server is encapsulated in the described network configuration information that meets the network configuration standard in the Extensible Authentication Protocol eap authentication request message, and described eap authentication request message is encapsulated in remote user dialing authentication protocol Radius inserts in the checking message and send to network access server;
Described network access server inserts the checking message from described Radius and extracts described eap authentication request message and be transmitted to described client.
4. the collocation method of network configuration information according to claim 2, it is characterized in that, described certificate server carries out the standardization verification to described current network configuration information, judges described current network configuration information comprises before whether meeting the network configuration standard:
Described certificate server carries out authentication according to the ciphertext in the described eap authentication response message to described client, judges whether described client is legal;
When described client was legal, described certificate server was carried out described current network configuration information is carried out the standardization verification, judges whether described current network configuration information meets the operation of network configuration standard.
5. according to the collocation method of claim 1 or 2 or 4 described network configuration informations, it is characterized in that, described certificate server carries out the standardization verification to described current network configuration information, judges whether described current network configuration information meets the network configuration standard and comprise:
The network configuration information that meets the network configuration standard that described certificate server is corresponding with pre-configured and described client with described current network configuration information compares;
If comparative result is identical, described certificate server determines that described current network configuration information meets the network configuration standard;
If comparative result is inequality, described certificate server determines that described current network configuration information does not meet the network configuration standard.
6. according to the collocation method of claim 1 or 2 or 4 described network configuration informations, it is characterized in that, also comprise:
Legal when described client, and described current network configuration information is when meeting the network configuration standard, and described certificate server sends authentication success message to described client.
7. according to the collocation method of claim 1 or 2 or 4 described network configuration informations, it is characterized in that described client comprises according to the configuration that the described network configuration information that meets the network configuration standard carries out network configuration information afterwards:
Described client sends authentication request message to described certificate server, to authenticate again.
8. a client is characterized in that, comprising:
First sending module is used at verification process the current network configuration information being sent to certificate server;
First receiver module, be used for when the legal and described current network configuration information of described client does not meet the network configuration standard, receive described certificate server and sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to described client;
Configuration module is used for carrying out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard.
9. client according to claim 8 is characterized in that, described first sending module comprises:
Receiving element is used to receive the Extensible Authentication Protocol eap authentication request message that comprises challenging value that network access server is transmitted, so that described client authenticates;
The encapsulation transmitting element, be used for to be encapsulated in the eap authentication response message according to the ciphertext of password and the generation of described challenging value together with described current network configuration information and send to described network access server, send to described certificate server so that described network access server is encapsulated in described eap authentication response message in the remote user dialing authentication protocol Radius access request message.
10. according to Claim 8 or 9 described clients, it is characterized in that, described first receiver module specifically is used to receive the Extensible Authentication Protocol eap authentication request message that network access server is transmitted, being packaged with the described network configuration information that meets the network configuration standard in the described eap authentication request message, is to be inserted the checking message by the remote user dialing authentication protocol Radius that described network access server sends from described certificate server to extract.
11. according to Claim 8 or 9 described clients, it is characterized in that, also comprise:
The authentication request module is used for after described configuration module carries out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard, sends authentication request message to described certificate server, to authenticate again.
12. a certificate server is characterized in that, comprising:
Second receiver module is used for receiving the current network configuration information that client sends at verification process;
The normalized checking module is used for described current network configuration information is carried out the standardization verification, judges whether described current network configuration information meets the network configuration standard;
Second sending module, it is legal to be used in described client, and described current network configuration information is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard to described client to described client.
13. certificate server according to claim 12, it is characterized in that, described second receiver module specifically is used to receive the remote user dialing authentication protocol Radius access request message that is packaged with Extensible Authentication Protocol eap authentication response message that network access server sends, and is packaged with described current network configuration information and the described client ciphertext according to password and challenging value generation in the described eap authentication response message simultaneously.
14. certificate server according to claim 13 is characterized in that, also comprises:
The validity checking module is used for the ciphertext according to described eap authentication response message, and described client is carried out authentication, judges whether described client is legal;
Trigger module, be used for judged result in described validity checking module and be described client when legal, trigger described normalized checking module execution described current network configuration information is carried out the standardization verification, judge whether described current network configuration information meets the operation of network configuration standard.
15. according to claim 12 or 13 or 14 described certificate servers, it is characterized in that, described second sending module specifically is used for the described network configuration information that meets the network configuration standard is encapsulated in Extensible Authentication Protocol eap authentication request message, and described eap authentication request message is encapsulated in remote user dialing authentication protocol Radius inserts in the checking message and send to network access server, extract described eap authentication request message and be transmitted to described client so that described network access server inserts the checking message from described Radius.
16. according to claim 12 or 13 or 14 described certificate servers, it is characterized in that, also comprise:
The 3rd sending module, it is legal to be used in described client, and described current network configuration information sends authentication success message to described client when meeting the network configuration standard.
17. according to claim 12 or 13 or 14 described certificate servers, it is characterized in that, described normalized checking module specifically is used for the network configuration information that meets the network configuration standard that described current network configuration information is corresponding with pre-configured and described client and compares, when comparative result is identical, determine that described current network configuration information meets the network configuration standard, when comparative result is inequality, determine that described current network configuration information does not meet the network configuration standard.
18. the configuration-system of a network configuration information is characterized in that, comprising: client and certificate server;
Described client comprises:
First sending module is used at verification process the current network configuration information being sent to described certificate server;
First receiver module, be used for when the legal and described current network configuration information of described client does not meet the network configuration standard, receive described certificate server and sending the network configuration information that meets the network configuration standard that issues before the authentification failure message to described client;
Configuration module is used for carrying out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard;
Described certificate server comprises:
Second receiver module is used for receiving the current network configuration information that described client sends at verification process;
The normalized checking module is used for described current network configuration information is carried out the standardization verification, judges whether described current network configuration information meets the network configuration standard;
Second sending module, it is legal to be used in described client, and described current network configuration information is not when meeting the network configuration standard, before sending authentification failure message, issue the network configuration information that meets the network configuration standard, so that described client is carried out the configuration of network configuration information according to the described network configuration information that meets the network configuration standard to described client to described client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110230254.9A CN102271134B (en) | 2011-08-11 | 2011-08-11 | Method and system for configuring network configuration information, client and authentication server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110230254.9A CN102271134B (en) | 2011-08-11 | 2011-08-11 | Method and system for configuring network configuration information, client and authentication server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102271134A true CN102271134A (en) | 2011-12-07 |
| CN102271134B CN102271134B (en) | 2014-07-30 |
Family
ID=45053297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110230254.9A Active CN102271134B (en) | 2011-08-11 | 2011-08-11 | Method and system for configuring network configuration information, client and authentication server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102271134B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014183726A1 (en) * | 2013-12-10 | 2014-11-20 | 中兴通讯股份有限公司 | Network management implementation method, network element devices and system |
| CN104901940A (en) * | 2015-01-13 | 2015-09-09 | 易兴旺 | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication |
| CN105634773A (en) * | 2014-10-31 | 2016-06-01 | 中兴通讯股份有限公司 | Method for transmitting configuration information, mobile terminal and equipment management server |
| CN106375123A (en) * | 2016-08-31 | 2017-02-01 | 迈普通信技术股份有限公司 | Configuration method and device for 802.1X authentication |
| CN106612189A (en) * | 2015-10-22 | 2017-05-03 | 鸿富锦精密电子(天津)有限公司 | Computer and network attribute setting method |
| CN108347353A (en) * | 2018-02-07 | 2018-07-31 | 刘昱 | Network collocating method, apparatus and system |
| CN111064747A (en) * | 2019-12-30 | 2020-04-24 | 奇安信科技集团股份有限公司 | Information processing method and system, server, electronic device, medium, and product |
| CN112383919A (en) * | 2020-11-13 | 2021-02-19 | 歌尔科技有限公司 | Information processing method and device, intelligent doorbell and storage medium |
| CN112910978A (en) * | 2021-01-26 | 2021-06-04 | 杭州迪普科技股份有限公司 | Method and system for synchronizing network configuration data |
| CN113347046A (en) * | 2021-07-08 | 2021-09-03 | 中国建设银行股份有限公司 | Network access method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217575A (en) * | 2008-01-18 | 2008-07-09 | 杭州华三通信技术有限公司 | An IP address allocation and device in user end certification process |
| US7516211B1 (en) * | 2003-08-05 | 2009-04-07 | Cisco Technology, Inc. | Methods and apparatus to configure a communication port |
| CN101640685A (en) * | 2009-08-12 | 2010-02-03 | 福建星网锐捷网络有限公司 | Method and system for delivering private attribute information |
| CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
-
2011
- 2011-08-11 CN CN201110230254.9A patent/CN102271134B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7516211B1 (en) * | 2003-08-05 | 2009-04-07 | Cisco Technology, Inc. | Methods and apparatus to configure a communication port |
| CN101217575A (en) * | 2008-01-18 | 2008-07-09 | 杭州华三通信技术有限公司 | An IP address allocation and device in user end certification process |
| CN101640685A (en) * | 2009-08-12 | 2010-02-03 | 福建星网锐捷网络有限公司 | Method and system for delivering private attribute information |
| CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014183726A1 (en) * | 2013-12-10 | 2014-11-20 | 中兴通讯股份有限公司 | Network management implementation method, network element devices and system |
| CN105634773A (en) * | 2014-10-31 | 2016-06-01 | 中兴通讯股份有限公司 | Method for transmitting configuration information, mobile terminal and equipment management server |
| CN104901940A (en) * | 2015-01-13 | 2015-09-09 | 易兴旺 | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication |
| CN106612189B (en) * | 2015-10-22 | 2019-11-22 | 鸿富锦精密电子(天津)有限公司 | Computer techno-stress property setting method |
| CN106612189A (en) * | 2015-10-22 | 2017-05-03 | 鸿富锦精密电子(天津)有限公司 | Computer and network attribute setting method |
| CN106375123A (en) * | 2016-08-31 | 2017-02-01 | 迈普通信技术股份有限公司 | Configuration method and device for 802.1X authentication |
| CN106375123B (en) * | 2016-08-31 | 2019-11-22 | 迈普通信技术股份有限公司 | A kind of configuration method and device of 802.1X certification |
| CN108347353A (en) * | 2018-02-07 | 2018-07-31 | 刘昱 | Network collocating method, apparatus and system |
| CN111064747A (en) * | 2019-12-30 | 2020-04-24 | 奇安信科技集团股份有限公司 | Information processing method and system, server, electronic device, medium, and product |
| CN111064747B (en) * | 2019-12-30 | 2022-07-08 | 奇安信科技集团股份有限公司 | Information processing method and system, server, electronic device, medium, and product |
| CN112383919A (en) * | 2020-11-13 | 2021-02-19 | 歌尔科技有限公司 | Information processing method and device, intelligent doorbell and storage medium |
| CN112910978A (en) * | 2021-01-26 | 2021-06-04 | 杭州迪普科技股份有限公司 | Method and system for synchronizing network configuration data |
| CN112910978B (en) * | 2021-01-26 | 2022-07-01 | 杭州迪普科技股份有限公司 | Method and system for synchronizing network configuration data |
| CN113347046A (en) * | 2021-07-08 | 2021-09-03 | 中国建设银行股份有限公司 | Network access method and device |
| CN113347046B (en) * | 2021-07-08 | 2023-08-25 | 中国建设银行股份有限公司 | Network access method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102271134B (en) | 2014-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102271134B (en) | Method and system for configuring network configuration information, client and authentication server | |
| US9032215B2 (en) | Management of access control in wireless networks | |
| US7665132B2 (en) | Remote access VPN mediation method and mediation device | |
| CN100591011C (en) | Identification method and system | |
| CN101605137B (en) | Safe distribution file system | |
| CN109286932A (en) | Networking authentication method, apparatus and system | |
| CN101150406B (en) | Network device authentication method and system and relay forward device based on 802.1x protocol | |
| CN1842993B (en) | Providing credentials | |
| US8402511B2 (en) | LDAPI communication across OS instances | |
| CN101986598B (en) | Authentication method, server and system | |
| CN1319337C (en) | Authentication method based on Ethernet authentication system | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN102984045B (en) | The cut-in method and Virtual Private Network client of Virtual Private Network | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN113595847B (en) | Remote access method, system, device and medium | |
| CN106257888A (en) | Privately owned high in the clouds routing server connection mechanism for privately owned communication construction | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| CN111935213A (en) | Distributed trusted authentication virtual networking system and method | |
| CN110519259B (en) | Method and device for configuring communication encryption between cloud platform objects and readable storage medium | |
| CN102271120A (en) | Trusted network access authentication method capable of enhancing security | |
| CN113965425B (en) | Access method, device and equipment of Internet of things equipment and computer readable storage medium | |
| US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment | |
| CN100591068C (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN201252570Y (en) | Security gateway client end device | |
| CN105323138A (en) | Private cloud routing server, and smart device client architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201223 Address after: 200030 full floor, 4 / F, 190 Guyi Road, Xuhui District, Shanghai Patentee after: Shanghai Ruishan Network Co., Ltd Address before: 12 / F, block a, East Tower, Zhongyi pengao Hotel, 29 Fuxing Road, Haidian District, Beijing 100036 Patentee before: Beijing Star-Net Ruijie Networks Co.,Ltd. |
|
| TR01 | Transfer of patent right |