CN102307099A - Authentication method and system as well as authentication server - Google Patents

Authentication method and system as well as authentication server Download PDF

Info

Publication number
CN102307099A
CN102307099A CN201110262690A CN201110262690A CN102307099A CN 102307099 A CN102307099 A CN 102307099A CN 201110262690 A CN201110262690 A CN 201110262690A CN 201110262690 A CN201110262690 A CN 201110262690A CN 102307099 A CN102307099 A CN 102307099A
Authority
CN
China
Prior art keywords
authentication
windows
certificate server
client
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201110262690A
Other languages
Chinese (zh)
Inventor
李进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201110262690A priority Critical patent/CN102307099A/en
Publication of CN102307099A publication Critical patent/CN102307099A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention provides an authentication method and system as well as an authentication server. The method comprises the following steps: when a Windows AD authentication server is detected in downtime, a 802.1X authentication server can respectively compare the received user name and password of a client with a prestored authenticated user name and password; when a comparison result is that the user name of the client is same with a first authenticated user name and the password of the client is same with the first authenticated password corresponding to the first authenticated user name, the client can be determined to pass the authentication of the Windows AD domain; and when the comparison result is that the user name of the client is different from any authenticated user name or the password of the client is different from the first authenticated password, the client is determined to fail the authentication of the Windows AD domain. The technical scheme provided by the invention can solve the problem that a user can not work because the user can not be authenticated after the Windows AD server is in downtime.

Description

Authentication method, system and certificate server
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of authentication method, system and certificate server.
Background technology
802.1X agreement is (the Institute of Electrical andElectronic Engineers of IEEE; Abbreviate as: IEEE) local area network (LAN) (the Local AreaNetwork of 802 committees formulation; Abbreviate as: LAN) in the standard.802.1X agreement is based on the access to netwoks control protocol of port; Be meant in the visit of the access level control client of network based on the access to netwoks of port control network; (for example: the port of Ethernet switch or broadband access equipment) acquiescence blocking-up user only handles a kind of certain protocol message to the all-access authority of network to the port of access device in the client access network.That is to say that for a LAN who disposes the 802.1X agreement, when client (like PC etc.) when being linked among the LAN, needs through the 802.1X authentication, the client through authentication can't not be linked among the LAN.
802.1X Verification System is made up of three parts or entity: client, authenticating device and certificate server.Wherein, client, just authentication requester; The form of stipulating according to the 802.1X agreement through operation 802.1X client software is packaged into corresponding message; Send to authenticating device, handle the response message that authenticating device is responded simultaneously, carry out the identifying procedure of client.Authenticating device is claimed the authenticator again, is mainly used in to receive the authentication request that client is initiated, and authentication request is handled accordingly, is packaged into Internet protocol (Internet Protocol then; Abbreviate as: IP) upper-layer protocol on the layer is forwarded to and carries out authentication in the certificate server; If certificate server thinks that client certificate is successful; The Internet resources that then allow client-access to need the client certificate failure then do not allow the client-access Internet resources if certificate server is thought.Certificate server mainly is that client is carried out authentication, if the client certificate success, the message of then sending authentication success to authenticating device, if the client certificate failure, the message of then sending authentification failure to authenticating device.Wherein, adopt Extensible Authentication Protocol (Expanded Authentication Protocol between client and the authenticating device; Abbreviate as: EAP) exchange authentication information, because being 802.3 frames that are encapsulated in Ethernet, sends the EAP message, actual mutual message is based on EPA (the EAP OverLAN of local area network (LAN) between institute's client and the authenticating device; Abbreviate as: EAPOL) message; Also be mutual EAP message between authenticating device and the certificate server, but usually the EAP message be encapsulated in remote customer dialing authentication system protocol (RemoteAuthentication Dial In User Service; Abbreviate as: Radius) carry out mutual in this type upper-layer protocol.
Microsoft's Window operating system Active Directory (Windows Active Directories; Abbreviate as: Windows AD) be mainly used in the safety management of client and the standardized management of client.Safety management is meant that mainly administrative client can installed software and the program that can move; Standardized management mainly is meant the desktop contents and the exhaust position of administrative client.Store computed user's relevant information in the Windows Active Directory, and allowed keeper and user can search and use these information like a cork.The Windows Active Directory has used a kind of structurized data storage method, and as the basis directory information is carried out logical laminated tissue with this, can realize the computed mandate to the user.
802.1X agreement is based on the access to netwoks control of port, can don't bother about the visit of reason user to network at port level, but the directly computed mandate of leading subscriber.And Windows AD territory can use a computer to the user and authorize, but can't management port.So prior art combines both the user is carried out authentication.Existing flow process based on 802.1X authentication and the interlock of Windows AD domain authentication comprises:
Step 1, client are sent authentication to authenticating device and are begun (EAPOL-Start) message, triggering authentication process after receiving the authentication request (authenticated is filled in username and password, and clicks the login button of client) that the user sends.
Step 2, authenticating device send ID authentication request (EAPOL-Request/Identity) message to client, require to obtain user name.
Step 3, client send to authenticating device with user name through authentication response (EAPOL-Respons/Identity) message.
The authentication response message that step 4, authenticating device send client is encapsulated in the Radius agreement, generates Radius authentication response (Radius/EAPOL-Respons/Identity) message, and sends to the 802.1X certificate server.
Step 5,802.1X certificate server send Radius password request (Radius/EAPOL-Request/Challenge) message to authenticating device, send cryptographic challenge to client.
Step 6, authenticating device receive the Radius password request message that the 802.1X certificate server sends, and EAP password challenge request (EAPOL-Request/Challenge) message that encapsulates in the Radius password request message is transmitted to client.
Step 7, client send to authenticating device with password through EAP password response (EAPOL-Reponse/MD5).
Step 8, authenticating device together are encapsulated in the EAP password response message of client transmission and the user name of client in the Radius agreement, form Radius password response (Radius/EAPOL-Response/MD5) message, are transmitted to the 802.1X certificate server.
Step 9,802.1X certificate server extract username and password from Radius password response message, be packaged into ldap authentication request (LDAP-Authen-Request) message and send to the WindowsAD certificate server.
Step 10, Windows AD certificate server verify username and password, will verify that the result is encapsulated in ldap authentication response (LDAP-Authen-Response) message to return to the 802.1X certificate server.
Step 11,802.1X certificate server are received the ldap authentication response message that Windows AD certificate server returns; And combine self authentication result to client, send Radius authentication success (Radius/EAPOL-Success) message or Radius authentification failure (Radius/EAPOL-Failure) message to authenticating device.
Step 12, authenticating device are extracted EAP success (EAPOL-Success) message or EAP failure (EAPOL-Failure) message from the Radius authentication success message received or Radius authentification failure message, be transmitted to client then.
In realizing process of the present invention; The inventor finds to have following problem in the prior art at least: after the Windows AD certificate server of preserving user profile and handling authentication is delayed machine; All users of the whole network can't login Windows AD territory; More can't surf the Net and handle official business, the fault of Windows AD certificate server solves by the time, just can carry out normal office work.
Summary of the invention
The present invention provides a kind of authentication method, system and certificate server, in order to accomplish the authentication to the user under the condition of the machine of delaying at Windows AD certificate server, solves the Windows AD certificate server problem that the user can't surf the Net and handle official business behind the machine of delaying.
The present invention provides a kind of authentication method, comprising:
When detecting Microsoft's Window operating system Active Directory Windows AD certificate server and delay machine; 802.1X certificate server is the password of the user name and the said client of the client that receives, respectively with comparing through the authentication username of said Windows AD certificate server authentication with the corresponding authentication password of said authentication username of storage in advance;
When comparative result is that authentication username is identical for first in user name and the said authentication username of said client; And the password of said client with said first authentication username corresponding first when authentication password is identical, said 802.1X certificate server is confirmed the authentication of said client through Windows AD territory;
When said comparative result is that the user name of said client is not identical with any authentication username; Perhaps the password of said client and said first has been when authentication password is inequality, and said 802.1X certificate server is confirmed the authentication through Windows AD territory of said client.
The present invention provides a kind of certificate server, comprising:
Comparison module; Be used for when detecting Microsoft's Window operating system Active Directory Windows AD certificate server and delay machine; With the password of the user name and the said client of the client that receives, respectively with comparing of storage in advance through the authentication username of said Windows AD certificate server authentication with the corresponding authentication password of said authentication username;
First determination module; The user name that is used for comparative result at said comparison module and is said client and said authentication username first authentication username is identical; And the password of said client with said first authentication username corresponding first when authentication password is identical, confirm of the authentication of said client through Windows AD territory;
Second determination module; The user name that is used for comparative result at said comparison module and is said client is not identical with any authentication username; Perhaps the password of said client and said first has been when authentication password is inequality, confirms the authentication through Windows AD territory of said client.
The present invention provides a kind of Verification System, comprising: client, authenticating device, 802.1X certificate server and Microsoft's Window operating system Active Directory Windows AD certificate server; Said 802.1X certificate server is arbitrary certificate server provided by the invention.
Authentication method of the present invention, system and certificate server; Certificate server is when detecting the WindowsAD certificate server and delay machine; Password with the user name and the client of the client that receives; Compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; Accomplish the authentication of client according to comparative result by certificate server in Windows AD territory; Under Windows AD certificate server is delayed the condition of machine, accomplished authentication, can't carry out can't the surf the Net problem of office of authentication so that user to the user thereby solved when Windows AD certificate server is delayed machine to client.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply; Obviously, the accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the authentication method that Fig. 1 provides for one embodiment of the invention;
The flow chart of the authentication method that Fig. 2 provides for another embodiment of the present invention;
The flow chart of 802.1X authentication that Fig. 3 provides for one embodiment of the invention and the interlock authentication of Windows AD territory;
The structural representation of the certificate server that Fig. 4 provides for one embodiment of the invention;
The structural representation of the certificate server that Fig. 5 provides for another embodiment of the present invention;
The structural representation of the Verification System that Fig. 6 provides for one embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The flow chart of the authentication method that Fig. 1 provides for one embodiment of the invention.As shown in Figure 1, the method for present embodiment comprises:
Step 101, when detecting Windows AD certificate server and delay machine; 802.1X certificate server is with the password of the user name and the client of the client that receives; Compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; And judge comparative result whether be the user name of client with authentication username in first authentication username is identical, and the password of client with first authentication username corresponding first authentication password is also identical; If judged result is for being execution in step 102; If judged result is for denying execution in step 103.
The authentication method of present embodiment is applicable to the situation of 802.1X authentication and the interlock of Windows AD domain authentication.
In the present embodiment, store the relevant information of passing through the client of Windows AD certificate server authentication on the 802.1X certificate server.In various embodiments of the present invention, relevant information mainly is meant the username and password of client.
In the practical implementation process, the 802.1X certificate server can detect the WindowsAD certificate server machine of whether delaying through certain method.For example: the 802.1X certificate server can be judged the Windows AD certificate server machine of whether delaying through heartbeat detection mechanism.When detecting Windows AD certificate server and delay machine; 802.1X certificate server is at first according to the user name of the current client that receives; Local the inquiring about in the authentication username through the authentication of Windows AD certificate server of being stored of 802.1X certificate server, judge in the local authentication username of being stored whether have the authentication username identical with the user name of client.
When judged result for being; Explaining in the local authentication username of being stored of 802.1X certificate server exists the authentication username identical with the user name of client (in various embodiments of the present invention; Will the authentication username identical be called first authentication username with the user name of client) time; 802.1X certificate server continue with the password of client with first authentication username corresponding first authentication password compare, whether authentication password identical with first to judge the password of client.When judged result for being; Be that the password of client is when authentication password is identical with first; The authentication that this client is delayed and carried out the authentication in Windows AD territory through Windows AD certificate server before the machine and passed through Windows AD territory at Windows AD certificate server is described, is belonged to legitimate client.
And when the user name of client when authentication username is not identical with local any one of being stored of 802.1X certificate server; Perhaps when the user name of client and first password of the identical but client of authentication username when authentication password is not identical with first; Explain that this client is delayed at Windows AD certificate server and do not carry out the authentication in Windows AD territory before the machine through Windows AD certificate server; Explain perhaps that this client is delayed before the machine at Windows AD certificate server and carry out authentication but the authentication through Windows AD territory in Windows AD territory through Windows AD certificate server; Then in order to guarantee network security, the 802.1X certificate server will be not through the client of Windows AD domain authentication or not the client through Windows AD domain authentication all be regarded as illegitimate client.
Wherein, first authentication password be and the first corresponding password of authentication username.In the present embodiment, use first authentication username and first the client of authentication password passed through the authentication of Windows AD certificate server.
Above-mentioned 802.1X certificate server compares the user name of client earlier, and then the method that the password of client compares is belonged to a kind of preferred implementation, but is not limited to this.For example: the 802.1X certificate server also can be earlier compares the password of client, and then the user name of client is compared.
Step 102,802.1X certificate server confirm that client passes through the authentication in Windows AD territory.
Step 103,802.1X certificate server are confirmed the authentication through Windows AD territory of client.
In the present embodiment, the 802.1X certificate server carries out the authentication in Windows AD territory client under the situation of the machine of delaying at Windows AD certificate server, also can be responsible for client is carried out the 802.1X authentication.When client was passed through the authentication in Windows AD territory simultaneously and passed through the 802.1X authentication, the 802.1X certificate server sent authentication success message to client; When client when the authentication through the WindowsAD territory and/or 802.1X authentication, the 802.1X certificate server sends authentification failure message to client.
The authentication method of present embodiment; 802.1X certificate server is when detecting Windows AD certificate server and delay machine; Password with the user name and the client of the client that receives; Compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; And accomplish the authentication of client in Windows AD territory according to comparative result; And then under Windows AD certificate server is delayed the condition of machine, accomplished Windows AD domain authentication and 802.1X authentication to client, solved when Windows AD certificate server is delayed machine and can't carry out can't the surf the Net problem of office of authentication so that user the user.
The flow chart of the authentication method that Fig. 2 provides for another embodiment of the present invention.As shown in Figure 2, the method for present embodiment comprises:
Step 200,802.1X certificate server detect the Windows AD certificate server machine of whether delaying; When the test results is yes, execution in step 201; When testing result for not the time, execution in step 204.
The execution mode that present embodiment provides a kind of 802.1X certificate server detection Windows AD certificate server whether to delay machine comprises:
Step 2a, 802.1X certificate server according to preset detection user name and with detect the corresponding detection password of user name, to Windows AD certificate server transmission authentication request.
Before the machine testing of delaying, the keeper can be in advance for the configuration of 802.1X certificate server detect the username and password of use, promptly detect user name and with detect the corresponding detection password of user name.In the practical implementation process; 802.1X certificate server uses the number of the account (promptly detect user name and detect password) in pre-configured visit Windows AD territory; Send the ldap authentication request message to Windows AD server, to send authentication request to Windows AD certificate server.
Step 2b, 802.1X certificate server judge in preset response time of reception whether receive the authentication response that Windows AD certificate server returns; When judged result when being, execution in step 2c; When judged result for not the time, execution in step 2d.
In the present embodiment, the 802.1X certificate server can be added up according to the time that the ldap authentication request message returns the ldap authentication response message Windows AD certificate server in the practical application, according to statistics the response time of reception is set then.For example: the mean value that can get statistics is as the response time of reception, but is not limited to this.If receive the authentication response that Windows AD certificate server returns in the time of reception, the Windows AD certificate server machine of not delaying is described in response; Otherwise, the Windows AD certificate server machine of delaying is described.
Step 2c, 802.1X certificate server are confirmed the Windows AD certificate server machine of delaying.
Step 2d, 802.1X certificate server are confirmed the Windows AD certificate server machine of not delaying.
Whether the delay execution mode of machine of the detection Windows AD certificate server that present embodiment provides has simply, is easy to realize, and advantage such as testing result is accurate.
Further, the 802.1X certificate server can be according to preset sense cycle, regularly according to preset detection user name and with detect the corresponding detection password of user name, to Windows AD certificate server transmission authentication request.In this embodiment, after finishing the current machine testing of once delaying, promptly after execution of step 2c or the step 2d, continue execution in step 2e.
Step 2e, 802.1X certificate server wait for that preset sense cycle finishes, and transmit execution in step 2a, thereby periodically to the Windows AD certificate server machine testing of delaying.This periodically to the delay execution mode of machine testing of Windows AD certificate server, not only can avoid transition frequently to delay the wasting of resources that machine testing causes guarantees the performance of 802.1X certificate server.Wherein, present embodiment does not limit the concrete numerical value of sense cycle, for example can be set to 1 minute, 5 minutes, 10 minutes etc., more preferably is provided with according to the delay empirical value of machine of Windows AD certificate server.
Further, the machine testing function of delaying of 802.1X certificate server can be disposed by the keeper, to realize the delay management of machine testing of 802.1X certificate server.Based on this, the 802.1X certificate server is before delaying machine testing in execution, and the machine testing function of need at first confirming to delay is opened.Comparatively preferably, present embodiment is set the 802.1X certificate server and is opened the automatic machine testing function of delaying of opening in back, and promptly as long as the 802.1X certificate server is not closed by the keeper, its machine testing function of delaying will be in the state that is unlocked.
In this explanation; Above-mentioned can be in the verification process of present embodiment, to carry out to the delay flow process of machine testing of Windows AD certificate server, also can be independent of the verification process of present embodiment and is responsible for to the verification process of present embodiment the machine testing result that delays being provided.
Step 201,802.1X certificate server are with the password of the user name and the client of the client that receives; Compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; And judge comparative result whether be the user name of client with authentication username in first authentication username is identical, and the password of client with first authentication username corresponding first authentication password is also identical; If judged result is for being execution in step 202; If judged result is for denying execution in step 203.
Step 202,802.1X certificate server confirm that client passes through the authentication in Windows AD territory, and finish the Windows AD domain authentication flow process to client.
Step 203,802.1X certificate server are confirmed the authentication through Windows AD territory of client, and finish the Windows AD domain authentication flow process to client.
Wherein, above-mentioned steps 201-step 203 can repeat no more at this referring to the description of step 101-step 103.
Wherein, Be independent of the verification process of present embodiment when the machine testing of delaying to Windows AD certificate server; And when adopting periodic mode that Windows AD certificate server is delayed machine testing, whenever detecting the verification process that the machine testing result that will delay when Windows AD certificate server is delayed machine offers present embodiment.
Step 204,802.1X certificate server are with the password of the user name and the client of the client that receives; Send to Windows AD certificate server, so that Windows AD certificate server carries out the authentication in Windows AD territory to client and returns the authentication result in Windows AD territory.
Wherein, Be independent of the verification process of present embodiment when the machine testing of delaying to Windows AD certificate server; And when adopting periodic mode that Windows AD certificate server is delayed machine testing, whenever detecting the verification process that the machine testing result that will not delay when Windows AD certificate server is not delayed machine offers present embodiment.
In the practical implementation process, when Windows AD certificate server was not delayed machine, the 802.1X certificate server was encapsulated in the username and password of client and sends to Windows AD certificate server in the LDPA authentication request packet.Windows AD certificate server carries out Windows AD domain authentication to client, and to 802.1X certificate server return authentication result.Wherein, Windows AD certificate server obtains the password of the user name and the client of client from the LDPA authentication request packet; With the password of the user name of client and client respectively with the number of the account in pre-configured permission visit Windows AD territory in username and password compare; When the username and password of client belongs to the username and password in the pre-configured number of the account with visit Windows AD territory authority, confirm that this client is through Windows AD domain authentication; Otherwise, confirm that this client is not through Windows AD domain authentication.
The authentication result in the Windows AD territory that step 205,802.1X certificate server reception Windows AD certificate server return, and judge whether the authentication result in Windows AD territory is the authentication that client is passed through Windows AD territory; If judged result is for being execution in step 206; If judged result is for denying execution in step 207.
Concrete, Windows AD certificate server returns the authentication result in Windows AD territory to the 802.1X certificate server through LDPA authentication response message.
Step 206,802.1X certificate server with the password of the user name of client and client be stored as respectively authentication username and with the corresponding authentication password of authentication username, and finish Windows AD domain authentication flow process to client.
When client is passed through the authentication in Windows AD territory; 802.1X certificate server stores the user name of client and the password of client; Promptly be stored as authentication username and with the corresponding authentication password of authentication username; So that the client of subsequent request authentication is carried out Windows AD domain authentication, and finish Windows AD domain authentication flow process to client.In this step, the 802.1X certificate server can also carry out the 802.1X authentication to client.
Step 207,802.1X certificate server directly finish the Windows AD domain authentication flow process to client.
When client was not passed through the authentication in Windows AD territory, the 802.1X certificate server directly finished the Windows AD domain authentication flow process to client, but can also carry out the 802.1X authentication to client.
The authentication method of present embodiment; 802.1X certificate server when detecting Windows AD certificate server and delaying machine, according to the authentication username through the authentication of Windows AD certificate server of this locality storage and with authentication username is corresponding the completion of authentication password to the authentication of client in the WindowsAD territory; And when detecting the WindowsAD certificate server and not delaying machine; Accomplish the authentication of client by the WindowsAD certificate server in Windows AD territory; And the 802.1X certificate server is when client is passed through the authentication in Windows AD territory; The username and password of storage client; The authentication of having accomplished client under the condition for the machine of delaying at Windows AD certificate server lays the foundation, and no matter whether the machine of delaying can both be accomplished the authentication to client to Windows AD certificate server, can't carry out can't the surf the Net problem of office of authentication so that user to the user thereby solved when Windows AD certificate server is delayed machine.
The flow chart of 802.1X authentication that Fig. 3 provides for one embodiment of the invention and the interlock authentication of WindowsAD territory.As shown in Figure 3, the method for present embodiment comprises:
Step 301, client are sent authentication to authenticating device and are begun message, the triggering authentication process after receiving the authentication request (authenticated is filled in username and password, and clicks the login button of client) that the user sends.
Step 302, authenticating device send the ID authentication request message to client, require to obtain user name.
Step 303, client send to authenticating device with user name through the authentication response message.
The authentication response message that step 304, authenticating device send client is encapsulated in the Radius agreement, generates Radius authentication response message, sends to the 802.1X certificate server.
Step 305,802.1X certificate server send Radius password request message to authenticating device, send cryptographic challenge to client.
Step 306, authenticating device receive the Radius password request message that the 802.1X certificate server sends, and the EAP password challenge request message that encapsulates in the Radius password request message is transmitted to client.
Step 307, client send to authenticating device with password through EAP password response message.
In the present embodiment; Should carry out the 802.1X authentication to client and again client carried out Windows AD domain authentication; So client generates needed cryptographic summary of 802.1X authentication and the needed clear-text passwords through encrypting of Windows AD domain authentication with password simultaneously in this step, sends to authenticating device through the response of EAP password.Wherein, client can adopt the MD5 algorithm to form cryptographic summary, and this process belongs to prior art, repeats no more at this.
Step 308, authenticating device together are encapsulated in the EAP password response message of client transmission and the user name of client in the Radius agreement, form Radius password response message, are transmitted to the 802.1X certificate server.
Correspondingly, in Radius password response message, comprise simultaneously client user name, client through clear-text passwords and cryptographic summary after encrypting.Wherein, cryptographic summary and user name are used to supply the 802.1X certificate server that client is carried out 802.1X authentication use, and clear-text passwords and user name supply the WindowsAD certificate server that client is carried out the use of Windows AD domain authentication.
Step 309,802.1X certificate server extract username and password from Radius password response message, and judge the Windows AD certificate server machine of whether delaying.When Windows AD certificate server is delayed machine, execution in step 310; When Windows AD certificate server is not delayed machine, execution in step 311.
Correspondingly, in step, the 802.1X certificate server is clear-text passwords and the cryptographic summary after the process encryption of the user name of extraction client, client from Radius password response message simultaneously at this.
In the present embodiment, the 802.1X certificate server sends to the user name of extracting and clear-text passwords before the Windows AD certificate server, judges the Windows AD certificate server machine of whether delaying.Wherein, 802.1X certificate server judge Windows AD certificate server whether the machine of delaying can in this step, implement to carry out and obtain the testing result of the machine of whether delaying, also can realize and the machine testing result that delays is provided to this step by other processes of the interlock verification process that is independent of present embodiment.Judge no matter whether the delay operation of machine of Windows AD certificate server is executed in real time in this step, is still carried out by other self-contained process, all can adopt the flow process shown in step 2a-step 2d among Fig. 2 or the step 2a-step 2e to realize, repeat no more at this.
Step 310,802.1X certificate server are with the username and password that extracts; With the authentication username of the authentication through Windows AD certificate server of this locality storage and authentication password compare; Confirm the authentication result of client in Windows AD territory, and execution in step 314.
In this step, the 802.1X certificate server mainly is with user name that extracts and clear-text passwords, with the authentication username of being stored and authentication password compare.When comparative result be the user name that extracts with clear-text passwords respectively with one of this locality storage authentication username and with this authentication username corresponding authentication password is identical the time, confirm that client passes through Windows AD domain authentication; Otherwise, confirm that client is not through Windows AD domain authentication.
Step 311,802.1X certificate server are packaged into the ldap authentication request message with the username and password that extracts and send to Windows AD certificate server, and execution in step 312.
Password in this step mainly is meant the clear-text passwords that is extracted.
Step 312,802.1X certificate server are received the ldap authentication response message that Windows AD certificate server returns, and obtain the authentication result of client in Windows AD territory, and execution in step 313.
Concrete; Windows AD certificate server obtains the username and password of client from the ldap authentication request message, and whether the username and password of judging client belongs to the username and password in the number of the account in pre-configured permission visit Windows AD territory; If judged result, is confirmed client for being and is passed through Windows AD domain authentication; Otherwise, confirm that client is not through Windows AD domain authentication.
Step 313,802.1X certificate server client in the authentication result in Windows AD territory for through authentication the time, the username and password of client is stored as authentication username and authentication password, and execution in step 314.
Wherein, Each authentication username authentication password is corresponding with one; Changing sentence changes; When certain client tier uses authentication username and carries out Windows AD domain authentication with this authentication password that authentication username is corresponding by the WindowsAD certificate server, passed through Windows AD domain authentication.
In this step, the username and password of the client that the 802.1X certificate server will be through authentication stores, and for when Windows AD certificate server is delayed machine, by the 802.1X certificate server client is carried out Windows AD domain authentication and provides the foundation.
Step 314,802.1X certificate server combine in the authentication result in Windows AD territory client with self 802.1X authentication result to client; Send Radius authentication success message or Radius authentification failure message to authenticating device, and execution in step 315.
In the present embodiment, the 802.1X certificate server can carry out the 802.1X authentication to client according to the cryptographic summary that extracts, and this verification process belongs to prior art, repeats no more at this.802.1X certificate server is simultaneously according to authentication result and the 802.1X authentication result of client in Windows AD territory, to client return authentication result.
Concrete, when client through Windows AD domain authentication, and when having passed through the 802.1X authentication, the 802.1X certificate server sends Radius authentication success message to authenticating device.When client is passed through Windows AD domain authentication; But during not through the 802.1X authentication; Or passed through the 802.1X authentication when client, but during through Windows AD domain authentication, or when client both through the 802.1X authentication; During again not through Windows AD domain authentication, send Radius authentification failure message to authenticating device.
Step 315, authenticating device are extracted EAP success message or EAP failure message from the Radius authentication success message received or Radius authentification failure message, be transmitted to client then.
When authenticating device is received Radius authentication success message, from Radius authentication success message, extract EAP success message, and be transmitted to client, finish the interlock identifying procedure.
When authenticating device is received Radius authentification failure message, from Radius authentification failure message, extract the EAP failure message, and be transmitted to client, finish the interlock identifying procedure.
Further; Under Windows AD certificate server is delayed the situation of machine; When the 802.1X certificate server confirms that client had not only been passed through Windows AD domain authentication but also passed through the 802.1X authentication, can the delay information of machine of Windows AD certificate server be sent to client through Radius authentication success message.In addition; Under Windows AD certificate server is not delayed the situation of machine; When the 802.1X certificate server confirms that client had not only been passed through Windows AD domain authentication but also passed through the 802.1X authentication, can also the do not delay information of machine of Windows AD certificate server be sent to client through Radius authentication success message.
Based on above-mentioned, client can be obtained whether the delay information of machine of Windows AD certificate server from EAP success message (or claiming authentication success message).For example: when knowing that Windows AD certificate server is not delayed machine, client can notify Windows operating system to carry out the login of Windows AD territory.When knowing that Windows AD certificate server is delayed machine, client can be notified the user Windows AD certificate server machine of having delayed, and the prompting user can use the corresponding computer of local account.
Interlock identifying procedure when wherein, above-mentioned steps 301-step 309 and step 310, step 314 and step 315 formation Windows AD certificate server are delayed machine.Interlock identifying procedure when above-mentioned steps 301-step 309 and step 311-step 315 formation Windows AD certificate server are not delayed machine.
The interlock authentication method of present embodiment; 802.1X certificate server is through machine testing that Windows AD certificate server is delayed; When Windows AD certificate server is delayed machine; By the 802.1X certificate server according to the authentication username of this locality storage and authentication password completion to the WindowsAD territory of client and the authentication of 802.1X; And when Windows AD certificate server is not delayed machine; Accomplish the 802.1X authentication of client and the authentication in Windows AD territory by 802.1X certificate server and Windows AD certificate server respectively, when delaying machine, can't carry out the problem that authentication so that user can't surf the Net and handle official business client thereby solved Windows AD certificate server.Further; Present embodiment need not extra lower deployment cost, can when Windows AD certificate server is delayed machine, 802.1X authentication and WindowsAD domain authentication be linked; Realize corresponding the mandate and the access management; Guarantee when Windows AD certificate server is delayed machine, need not manual intervention, the user still can normally surf the Net and handle official business.
The structural representation of the certificate server that Fig. 4 provides for one embodiment of the invention.As shown in Figure 4, the certificate server of present embodiment comprises: comparison module 41, first determination module 42 and second determination module 43.
Wherein, Comparison module 41; Be used for when detecting Windows AD certificate server and delay machine; With the password of the user name and the client of the client that receives, compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; First determination module 42; Be connected with comparison module 41; Be used for comparative result at comparison module 41 and be the user name of client and authentication username first authentication username is identical; And the password of client with first authentication username corresponding first when authentication password is identical, confirm that client passes through the authentication in Windows AD territory.Second determination module 43; Be connected with comparison module 41; The user name that is used for comparative result at comparison module 41 and is client is not identical with any authentication username, and the perhaps password of client and first when authentication password is inequality is confirmed the authentication through Windows AD territory of client.
The certificate server of present embodiment can be the 802.1X certificate server in 802.1X authentication and the Windows AD domain authentication linkage process, and its each functional module can be used for carrying out the flow process of authentication method shown in Figure 1, repeats no more at this.
The certificate server of present embodiment; When detecting Windows AD certificate server and delay machine; Password with the user name and the client of the client that receives; Compare with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively; And accomplish the authentication of client in Windows AD territory according to comparative result; And then under Windows AD certificate server is delayed the condition of machine, accomplished WindowsAD domain authentication and 802.1X authentication to client, solved when Windows AD certificate server is delayed machine and can't carry out can't the surf the Net problem of office of authentication so that user the user.
The structural representation of the certificate server that Fig. 5 provides for another embodiment of the present invention.Present embodiment is based on realization embodiment illustrated in fig. 4, and is as shown in Figure 5, and the certificate server of present embodiment also comprises: first sending module 44 and memory module 45.
Wherein, First sending module 44; Be connected with Windows AD certificate server, be used for when detecting Windows AD certificate server and do not delay machine, with the password of the user name and the client of the client that receives; Send to Windows AD certificate server, so that Windows AD certificate server carries out the authentication in Windows AD territory to client and returns the authentication result in Windows AD territory.Memory module 45; Be connected with Windows AD certificate server; Be used to receive the authentication result in the Windows AD territory that Windows AD certificate server returns; And the authentication result in Windows AD territory is client when passing through the authentication in Windows AD territory, with the password of the user name of client and client be stored as respectively authentication username and with the corresponding authentication password of authentication username, for comparison module 41 is layed foundation.
Above-mentioned each functional module can be used for carrying out the flow process of middle step 204-step 206 embodiment illustrated in fig. 2, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.
Further, the certificate server of present embodiment also comprises: detection module 46.This detection module 46; Be connected with Windows AD certificate server, comparison module 41 and first sending module 44 respectively; Be used at the password of comparison module 41 execution the user name and the client of the client that receives; Before the operation that compares with the authentication username through the authentication of Windows AD certificate server of storage in advance with authentication username is corresponding authentication password respectively or at the password of first sending module, 44 execution with the user name and the client of the client that receives; Send to before the operation of Windows AD certificate server; Detect the Windows AD certificate server machine of whether delaying, and detected machine result and the machine result of not delaying of delaying offered the comparison module 41 and first sending module 44 respectively.
As shown in Figure 5, the detection module 46 of present embodiment can comprise: transmitting element 461, first is confirmed unit 462 and second definite unit 463.
Concrete, transmitting element 461 is connected with Windows AD certificate server, be used for according to preset detection user name and with detect the corresponding detection password of user name, to Windows AD certificate server transmission authentication request.Comparatively preferably, transmitting element 461 is concrete according to preset sense cycle, regularly according to detect user name and with detect the corresponding detection password of user name, to Windows AD certificate server transmission authentication request.First confirms unit 462; Be connected with comparison module 41 with Windows AD certificate server respectively; Be used for when in preset response time of reception, not receiving the authentication response that Windows AD certificate server returns; Confirm the Windows AD certificate server machine of delaying, and the result that will confirm offers comparison module 41.Second confirms unit 463; Be connected with first sending module 44 with Windows AD certificate server respectively; Be used for when in preset response time of reception, receiving the authentication response that Windows AD certificate server returns; Confirm the Windows AD certificate server machine of not delaying, and the result that will determine offers first sending module 44.
The detection module 46 of present embodiment and each functional unit thereof can be used for carrying out the detailed process of middle step 200 embodiment illustrated in fig. 2, and its concrete operation principle is not being given unnecessary details, and sees the description of method embodiment for details.
Further, the certificate server of present embodiment can also comprise: second sending module 47.This second sending module 47 is used in the authentication of client through Windows AD territory, and client is sent authentication success message to client during through the 802.1X authentication; Carry whether the delay information of machine of Windows AD certificate server in the said authentication success message.Concrete; Under the situation of the machine of delaying at Windows AD certificate server; When confirming that client had not only been passed through Windows AD domain authentication but also passed through the 802.1X authentication, second sending module 47 sends to client through Radius authentication success message with the delay information of machine of Windows AD certificate server; Under the situation of the machine of not delaying at Windows AD certificate server; When confirming that client had not only been passed through Windows AD domain authentication but also passed through the 802.1X authentication, second sending module 47 sends to client through Radius authentication success message with the do not delay information of machine of Windows AD certificate server.
The certificate server of present embodiment; Through machine testing that Windows AD certificate server is delayed; When Windows AD certificate server is delayed machine; By the certificate server of present embodiment according to the authentication username of this locality storage and authentication password completion to the Windows AD territory of client and the authentication of 802.1X; And when Windows AD certificate server is not delayed machine; Accomplish the 802.1X authentication of client and the authentication in Windows AD territory by the certificate server of present embodiment and Windows AD certificate server respectively, when delaying machine, can't carry out the problem that authentication so that user can't surf the Net and handle official business client thereby solved Windows AD certificate server.Further, use the certificate server of present embodiment, need not extra lower deployment cost; Can be when Windows AD certificate server be delayed machine; 802.1X authentication and Windows AD domain authentication are linked, realize corresponding the mandate and the access management, guarantee when the WindowsAD certificate server is delayed machine; Need not manual intervention, the user still can normally surf the Net and handle official business.
The structural representation of the Verification System that Fig. 6 provides for one embodiment of the invention.The Verification System of present embodiment comprises: client 79, authenticating device 80,802.1X certificate server 81 and Windows AD certificate server 82.Client 79 is connected with authenticating device 80; Authenticating device 80 is connected with 802.1X certificate server 81; 802.1X certificate server 81 is connected with Windows AD certificate server 82.
Wherein, 802.1X certificate server 81 can be Fig. 4 of the present invention or certificate server shown in Figure 5, and its concrete operation principle and implementation structure repeat no more, and see the description of the foregoing description for details.
The Verification System of present embodiment; Identifying procedure when being mainly used in realization to 802.1X authentication and the interlock of Windows AD domain authentication; Wherein, 802.1X certificate server 81 main being responsible for are carried out the 802.1X authentication to client, and when Windows AD certificate server is delayed machine, are responsible for client is carried out the authentication in Windows AD territory.Windows AD certificate server 82 is mainly used under the situation of the machine of not delaying, and is responsible for client is carried out the authentication in Windows AD territory, and returns the authentication result in Windows AD territory to 802.1X certificate server 81.
The Verification System of present embodiment can be used for the identifying procedure of the arbitrary embodiment of execution graph 1-Fig. 3, and its concrete operation principle repeats no more, and sees the description of method embodiment for details.The Verification System of present embodiment can be accomplished Windows AD domain authentication and the 802.1X authentication of client equally under Windows AD certificate server is delayed the condition of machine, solved when Windows AD certificate server is delayed machine to carry out the problem that authentication so that user can't surf the Net and handle official business to the user.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (13)

1. an authentication method is characterized in that, comprising:
When detecting Microsoft's Window operating system Active Directory Windows AD certificate server and delay machine; 802.1X certificate server is the password of the user name and the said client of the client that receives, respectively with comparing through the authentication username of said Windows AD certificate server authentication with the corresponding authentication password of said authentication username of storage in advance;
When comparative result is that authentication username is identical for first in user name and the said authentication username of said client; And the password of said client with said first authentication username corresponding first when authentication password is identical, said 802.1X certificate server is confirmed the authentication of said client through Windows AD territory;
When said comparative result is that the user name of said client is not identical with any authentication username; Perhaps the password of said client and said first has been when authentication password is inequality, and said 802.1X certificate server is confirmed the authentication through Windows AD territory of said client.
2. authentication method according to claim 1 is characterized in that, also comprises:
When detecting said Windows AD certificate server and not delaying machine; The user name of the said client that said 802.1X certificate server will receive and the password of said client; Send to said Windows AD certificate server, so that said Windows AD certificate server carries out the authentication in Windows AD territory to said client and returns the authentication result in Windows AD territory;
When authentication that the authentication result in said Windows AD territory is said client through Windows AD territory, said 802.1X certificate server is stored as authentication username and the authentication password corresponding with said authentication username respectively with the user name of said client and the password of said client.
3. authentication method according to claim 1 and 2; It is characterized in that; Said 802.1X certificate server comprises the password of the user name and the said client of the client that receives with comparing through the authentication username of said Windows AD certificate server authentication with the corresponding authentication password of said authentication username of storage in advance respectively before:
Said 802.1X certificate server detects the said Windows AD certificate server machine of whether delaying.
4. authentication method according to claim 3 is characterized in that, said 802.1X certificate server detects said Windows AD certificate server, and whether the machine of delaying comprises:
Said 802.1X certificate server sends authentication request according to preset detection user name and the detection password corresponding with said detection user name to said Windows AD certificate server;
When in preset response time of reception, not receiving the authentication response that said Windows AD certificate server returns, confirm the said Windows AD certificate server machine of delaying;
When in said preset response time of reception, receiving the said authentication response that said Windows AD certificate server returns, confirm the said Windows AD certificate server machine of not delaying.
5. authentication method according to claim 4 is characterized in that, said 802.1X certificate server sends authentication request to said Windows AD certificate server and comprises according to preset detection user name and the detection password corresponding with said detection user name:
Said 802.1X certificate server regularly according to said detection user name and the detection password corresponding with said detection user name, sends said authentication request to said Windows AD certificate server according to preset sense cycle.
6. authentication method according to claim 1 and 2 is characterized in that, also comprises:
When of the authentication of said client through Windows AD territory; And when said client is passed through the 802.1X authentication; Said 802.1X certificate server sends authentication success message to said client, carries whether the delay information of machine of said Windows AD certificate server in the said authentication success message.
7. a certificate server is characterized in that, comprising:
Comparison module; Be used for when detecting Microsoft's Window operating system Active Directory Windows AD certificate server and delay machine; With the password of the user name and the said client of the client that receives, respectively with comparing of storage in advance through the authentication username of said Windows AD certificate server authentication with the corresponding authentication password of said authentication username;
First determination module; The user name that is used for comparative result at said comparison module and is said client and said authentication username first authentication username is identical; And the password of said client with said first authentication username corresponding first when authentication password is identical, confirm of the authentication of said client through Windows AD territory;
Second determination module; The user name that is used for comparative result at said comparison module and is said client is not identical with any authentication username; Perhaps the password of said client and said first has been when authentication password is inequality, confirms the authentication through Windows AD territory of said client.
8. certificate server according to claim 7 is characterized in that, also comprises:
First sending module; Be used for when detecting said Windows AD certificate server and do not delay machine; Password with the user name and the said client of the said client that receives; Send to said WindowsAD certificate server, so that said Windows AD certificate server carries out the authentication in Windows AD territory to said client and returns the authentication result in Windows AD territory;
Memory module; When being used for authentication result and being the authentication of said client through Windows AD territory, the user name of said client and the password of said client are stored as authentication username and the authentication password corresponding with said authentication username respectively in said Windows AD territory.
9. according to claim 7 or 8 described certificate servers, it is characterized in that, also comprise:
Detection module is used to detect the said Windows AD certificate server machine of whether delaying.
10. certificate server according to claim 9 is characterized in that, said detection module comprises:
Transmitting element is used for sending authentication request according to preset detection user name and the detection password corresponding with said detection user name to said Windows AD certificate server;
First confirms the unit, is used for when in preset response time of reception, not receiving the authentication response that said Windows AD certificate server returns, and confirms the said Windows AD certificate server machine of delaying;
Second confirms to be used for when in said preset response time of reception, receiving the said authentication response that said Windows AD certificate server returns the unit, confirms the said Windows AD certificate server machine of not delaying.
11. certificate server according to claim 10; It is characterized in that; Said transmitting element specifically is used for according to preset sense cycle; Regularly, send said authentication request to said Windows AD certificate server according to said detection user name and the detection password corresponding with said detection user name.
12. according to claim 7 or 8 described certificate servers, it is characterized in that, also comprise:
Second sending module; Be used in of the authentication of said client through Windows AD territory; And said client is sent authentication success message to said client when the 802.1X authentication, carries whether the delay information of machine of said Windows AD certificate server in the said authentication success message.
13. a Verification System is characterized in that, comprising: client, authenticating device, 802.1X certificate server and Microsoft's Window operating system Active Directory Windows AD certificate server;
Said 802.1X certificate server is each described certificate server of claim 7-12.
CN201110262690A 2011-09-06 2011-09-06 Authentication method and system as well as authentication server Pending CN102307099A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110262690A CN102307099A (en) 2011-09-06 2011-09-06 Authentication method and system as well as authentication server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110262690A CN102307099A (en) 2011-09-06 2011-09-06 Authentication method and system as well as authentication server

Publications (1)

Publication Number Publication Date
CN102307099A true CN102307099A (en) 2012-01-04

Family

ID=45380914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110262690A Pending CN102307099A (en) 2011-09-06 2011-09-06 Authentication method and system as well as authentication server

Country Status (1)

Country Link
CN (1) CN102307099A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103825778A (en) * 2014-02-19 2014-05-28 互联网域名系统北京市工程研究中心有限公司 DNS downtime detection switching method and system based on cloud detection
CN104270368A (en) * 2014-10-08 2015-01-07 福建星网锐捷网络有限公司 Authentication method, authentication server and authentication system
CN104468550A (en) * 2014-11-28 2015-03-25 华为技术有限公司 User login method for Windows desktop, device and system
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN106506239A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 The method and system being authenticated in organization unit domain
CN106570734A (en) * 2015-10-12 2017-04-19 广州交易猫信息技术有限公司 Method and apparatus for processing game transaction request
CN106856471A (en) * 2015-12-09 2017-06-16 北京艾科网信科技有限公司 AD domains login authentication method under 802.1X
CN106888091A (en) * 2015-12-23 2017-06-23 北京奇虎科技有限公司 Trustable network cut-in method and system based on EAP
CN109005154A (en) * 2018-07-01 2018-12-14 甘肃万维信息技术有限责任公司 One kind being based on 3DES algorithm telecommunications broadband AAA network access authentication decryption method
CN109598111A (en) * 2018-10-25 2019-04-09 厦门科路德科技有限公司 A kind of bullet cabinet control method and device of combination face and Application on Voiceprint Recognition
CN113364725A (en) * 2020-03-05 2021-09-07 深信服科技股份有限公司 Illegal detection event detection method, device, equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212294A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for implementing network access authentication
CN101465862A (en) * 2009-01-09 2009-06-24 北京星网锐捷网络技术有限公司 Method and device for processing switch of authentication business, network appliance and communication system
CN101605238A (en) * 2009-07-01 2009-12-16 中兴通讯股份有限公司 A kind of IPTV business fault treatment method, Apparatus and system
CN101986598A (en) * 2010-10-27 2011-03-16 北京星网锐捷网络技术有限公司 Authentication method, server and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212294A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for implementing network access authentication
CN101465862A (en) * 2009-01-09 2009-06-24 北京星网锐捷网络技术有限公司 Method and device for processing switch of authentication business, network appliance and communication system
CN101605238A (en) * 2009-07-01 2009-12-16 中兴通讯股份有限公司 A kind of IPTV business fault treatment method, Apparatus and system
CN101986598A (en) * 2010-10-27 2011-03-16 北京星网锐捷网络技术有限公司 Authentication method, server and system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103825778A (en) * 2014-02-19 2014-05-28 互联网域名系统北京市工程研究中心有限公司 DNS downtime detection switching method and system based on cloud detection
CN103825778B (en) * 2014-02-19 2018-02-27 互联网域名系统北京市工程研究中心有限公司 DNS based on cloud detection delays machine testing switching method and system
CN104270368B (en) * 2014-10-08 2017-11-03 福建星网锐捷网络有限公司 Authentication method, certificate server and Verification System
CN104270368A (en) * 2014-10-08 2015-01-07 福建星网锐捷网络有限公司 Authentication method, authentication server and authentication system
CN104468550A (en) * 2014-11-28 2015-03-25 华为技术有限公司 User login method for Windows desktop, device and system
CN106570734B (en) * 2015-10-12 2020-08-07 阿里巴巴(中国)有限公司 Game transaction request processing method and device
CN106570734A (en) * 2015-10-12 2017-04-19 广州交易猫信息技术有限公司 Method and apparatus for processing game transaction request
CN106856471B (en) * 2015-12-09 2019-12-17 北京艾科网信科技有限公司 AD domain login authentication method under 802.1X
CN106856471A (en) * 2015-12-09 2017-06-16 北京艾科网信科技有限公司 AD domains login authentication method under 802.1X
CN106888091A (en) * 2015-12-23 2017-06-23 北京奇虎科技有限公司 Trustable network cut-in method and system based on EAP
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN106506239A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 The method and system being authenticated in organization unit domain
CN106506239B (en) * 2016-12-09 2020-02-11 上海斐讯数据通信技术有限公司 Method and system for authentication in organization unit domain
CN109005154A (en) * 2018-07-01 2018-12-14 甘肃万维信息技术有限责任公司 One kind being based on 3DES algorithm telecommunications broadband AAA network access authentication decryption method
CN109598111A (en) * 2018-10-25 2019-04-09 厦门科路德科技有限公司 A kind of bullet cabinet control method and device of combination face and Application on Voiceprint Recognition
CN113364725A (en) * 2020-03-05 2021-09-07 深信服科技股份有限公司 Illegal detection event detection method, device, equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN102307099A (en) Authentication method and system as well as authentication server
US20180295137A1 (en) Techniques for dynamic authentication in connection within applications and sessions
CN108370381B (en) System and method for detecting advanced attackers using client-side honey marks
US8635671B2 (en) Systems and methods for a security delegate module to select appropriate security services for web applications
US11122047B2 (en) Invitation links with enhanced protection
KR101414312B1 (en) Policy driven, credntial delegat10n for single sign on and secure access to network resources
CA2578186C (en) System and method for access control
US8266683B2 (en) Automated security privilege setting for remote system users
US7934258B2 (en) System and method for remote authentication security management
US20080148046A1 (en) Real-Time Checking of Online Digital Certificates
CN101986598B (en) Authentication method, server and system
CN101714918A (en) Safety system for logging in VPN and safety method for logging in VPN
CN106878139B (en) Certification escape method and device based on 802.1X agreement
CN102271134B (en) Method and system for configuring network configuration information, client and authentication server
US9548982B1 (en) Secure controlled access to authentication servers
CN101964800A (en) Method for authenticating digital certificate user in SSL VPN
CN105721159A (en) Operation system identity authentication method and operation system identity authentication system
US9954853B2 (en) Network security
US20150328119A1 (en) Method of treating hair
Ande et al. SSO mechanism in distributed environment
CN101867588A (en) Access control system based on 802.1x
CN106302425B (en) Communication method between nodes of virtualization system and virtualization system thereof
CN101827112A (en) Method and system for recognizing client software through network authentication server
CN101764788B (en) Safe access method based on extended 802.1x authentication system
JP2010097510A (en) Remote access management system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120104