CN102710667A - Method for realizing Portal authentication server attack prevention and broadband access server - Google Patents
Method for realizing Portal authentication server attack prevention and broadband access server Download PDFInfo
- Publication number
- CN102710667A CN102710667A CN2012102171034A CN201210217103A CN102710667A CN 102710667 A CN102710667 A CN 102710667A CN 2012102171034 A CN2012102171034 A CN 2012102171034A CN 201210217103 A CN201210217103 A CN 201210217103A CN 102710667 A CN102710667 A CN 102710667A
- Authority
- CN
- China
- Prior art keywords
- authentication
- client
- inquiry
- bas
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method for realizing Portal authentication server attack prevention. The method comprises the following steps of: acquiring, by a broadband access server BAS, an HTTP request message which does not pass Portal authentication from a client; establishing TCP (Transmission Control Protocol) connection; transmitting an inquiry authentication request message to the client; after receiving, by the BAS, an inquiry authentication response message returned by a browser of the client, analyzing the inquiry authentication response message and performing identity authentication on the inquiry authentication response message; and when the authentication is successful, transmitting to the browser of the client a redirect message comprising Portal server URL (Uniform Resource Locator). The invention also discloses the broadband access server BAS. According to the method and the broadband access server, before redirect message transmission, inquiry authentication is introduced to the obtained Http request by the BAS, the traffic flow produced by a non-browser application program of a client can be shielded, and the Portal server is prevented from being attacked; and meanwhile, after the inquiry authentication is introduced, the client actually needs to pass secondary authentication, and the safety of an accessed user is more strictly guaranteed.
Description
Technical field
The application relates to server attack protection technical field, relates in particular to method and the BAS Broadband Access Server of realizing Portal certificate server attack protection.
Background technology
At present, carry out the scheme of Portal access authentication based on Web, because do not relate to client, the convenient deployment is used widely in campus network, operator's broadband access.The typical networking of carrying out the Portal access authentication based on Web is as shown in Figure 1; Its basic principle is: during not through the Portal authentication, the Http request of user capture outer net all can be pushed away certification page to the user through Portal server by the BAS device redirection; After the user imports correct account, encrypted message; Continue follow-up authentication and accounting flow process, after authentication was passed through, the user can normal access outer net resource.
As shown in Figure 1, for example, the user goes to the Http request of www.sina.com.cn; After arriving BAS Broadband Access Server BAS end, the counterfeit user of BAS wants the destination gone to, to user response Http redirection message; Include the local pre-configured Portal Server address of BAS equipment in the redirection message, inform the user capture Portal server, user side receives redirection message; Send request to Portal server, Portal server pushes away certification page to the user.
Find when in existing network, using; Because the diversity of user terminal (PC main frame, mobile device etc.), and application software is rich; A lot of softwares on the user terminal or based on the application program (being referred to as the non-browser application program) of the Internet; Can constantly initiatively send Http and survey or upgrade message, that the transmission frequency has even reach more than 10 milliseconds once.As far as BAS equipment; Can't distinguish its Http that receives request is the online request of user browser, still is from the service traffics of non-browser application program, so long as the Http request message; Re-orientation processes is carried out in the capital; Promptly respond redirection message, inform transmit leg visit Portal server, will cause a large amount of Http messages also to mail to the Portal certificate server like this from the non-browser application program to the transmit leg of Http request message; Have a strong impact on the performance of Portal Server, caused a kind of actual attack.
As shown in Figure 2, a large amount of Http requests is mail to the Portal certificate server after being redirected by BAS, and Portal Server can respond one by one; The Http that sends for the non-browser application program asks; Portal Server also can respond one by one; But because the non-browser application program does not possess that the page of browser is resolved and the ability of subscriber identity information is provided with interactive mode; Receive that these back message usings are finally abandoned by the non-browser application program of client from responding behind the back message using of Portal Server, wasted the resource of Portal certificate server.
Because BAS equipment can't effectively be distinguished, the real service traffics that produce from the online request and the non-browser application program of client browser finally cause Portal server under attack.
Summary of the invention
In view of this, the application proposes a kind of method of the Portal of realization certificate server attack protection, can effectively avoid Portal server under attack.
The application also proposes a kind of BAS Broadband Access Server, can effectively avoid Portal server under attack.
For achieving the above object, the technical scheme of the application embodiment is achieved in that
A kind of method that realizes Portal certificate server attack protection may further comprise the steps:
BAS Broadband Access Server BAS obtains the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects, and sends to client and addresses inquires to authentication request packet;
After BAS receives the inquiry authentication response message that the browser of said client returns; Resolve said inquiry authentication response message and it is carried out authentication; When authentication success, include the redirection message of Portal server URL address to the browser transmission of said client.
A kind of BAS Broadband Access Server BAS comprises: Http request message acquisition module, inquiry authentication module, redirection module, wherein:
Http request message acquisition module is used to obtain the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects, and said Http request message is sent to the inquiry authentication module;
Address inquires to authentication module; Be used to receive said Http request message from Http request message acquisition module; Send to address inquires to authentication request packet to client, receive the inquiry authentication response message that the browser of said client returns after, resolve said inquiry authentication response message and it carried out authentication; When authentication success, the information of authentication success is sent to redirection module;
Redirection module is used to receive the information of addressing inquires to the authentication success that authentication module sends, and sends the redirection message that contains Portal server URL address to the browser of said client.
The application's beneficial effect does; BAS is before redirection message sends; Address inquires to authentication through the Http request message of going to outer net is introduced Http, reach effective differentiation of the service traffics that the online request of client browser and non-browser application program are produced, the non-browser application program does not possess the parsing recognition capability of http inquiry authentication header www-authenticate; Can't respond the inquiry authentication request; Therefore also can't get access to real Portal server address, thereby can effectively shield service traffics, avoid Portal server under attack from client non-browser application program.
Simultaneously; Passed through the client of above-mentioned inquiry authentication, could in redirection message, get access to the URL address of Portal server, and initiated the certification page request to Portal Server; Portal server just can push away certification page to client; So, the actual need of said client more strictly guaranteed the access security of users through re-authentication.
Description of drawings
Fig. 1 is the Portal web authentication networking sketch map of prior art;
Fig. 2 is the Portal web authentication message schematic flow sheet of prior art;
Fig. 3 is the method flow diagram of the application embodiment;
Fig. 4 is the schematic flow sheet of the realization Portal server attack protection of the application embodiment;
Fig. 5 is the BAS Broadband Access Server structure chart of the application embodiment.
Embodiment
For the purpose, technical scheme and the advantage that make the application is clearer, below, the application is elaborated through specific embodiment and referring to accompanying drawing.
The Http authentication mechanism that the application adopts each browser all to support is to Http request the carrying out authentication protection of user capture outer net; Have only authentication to pass through, just respond the redirection message that comprises Portal server URL address to client; Otherwise client can't get access to the true address of Portal server.
Simultaneously, get access to the client of Portal server URL address, during the visit Portal server, Portal server can push away certification page to client, and so, the actual need of said client more strictly guaranteed the access security of users through re-authentication.This scheme has good versatility, and BAS carries out a Http to client earlier and addresses inquires to authentication before sending redirection message, to the client that authentication can't be passed through, shielded Portal server URL address, thereby has avoided redundant visit to attack; To the client of authentication success, inform the Portal server true address through redirection message, subsequent authentication flow process and original scheme are in full accord, and good compatibility is arranged.
The method flow of the application embodiment is as shown in Figure 3, and a kind of method that realizes Portal certificate server attack protection may further comprise the steps:
Step 301: BAS Broadband Access Server BAS obtains the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects.
What client was sent the Http request message possibly be browser; It also possibly be the application program of non-browser; Therefore; The Http request message that BAS receives had both comprised the Http request message that client browser sends, and also comprised the Http request message (being actually the service traffics that the non-browser application program produces) of the non-browser application program transmission of client.
If the Http request from client has been the Portal server authentication, then said Http request can be mated the dynamic access control tabulation ACL that safeguards on the BAS equipment through five-tuple, directly visits outer net.Be BAS when obtaining the Http request message through the Portal authentication from client, set this client and directly visit outer net.
If when not passing through the Portal server authentication from the Http request of client; Transmitted to CPU behind the BAS intercepting and capturing Http request message is set up TCP and is connected, and carries out follow-up Http then and addresses inquires to authentication and Http re-orientation processes; I.e. execution in step 302, step 303 successively; Rather than, cause the Portal server address to reveal in advance as directly returning the redirection message that includes Portal server URL address to client in the prior art, thereby being formed actual visit, attacks Portal server.
Therefore, client browser or non-browser application program are sent the Http access request to outer net; After BAS intercepts and captures the Http request message; Find that this Http asks promptly to address inquires to authentication to client, referring to step 302 and step 303 through the Portal server authentication.
Step 302:BAS sends to client and addresses inquires to authentication request packet.
No matter be the browser or the non-browser application program of client, as long as BAS has received the Http request message that comes from them, BAS sends to it and addresses inquires to authentication request packet.
Said inquiry authentication request packet meets the regulation of Http conditional code 401.
Http conditional code 401 (Unauthorized) regulation, Http addresses inquires to authentication request packet must comprise message header WWW-Authenticate, and client just knows that the outside URL address of visit needs authentication after receiving this inquiry authentication request packet.
Said WWW-Authenticate message header form is WWW-Authenticate:challenge, and wherein challenge is a challenge information, and the concrete definition of challenge information form is referring to RFC2617; Support Basic Authentication and digest authentication; Also can further expand simultaneously, main authentication mode has Basic Authentication, digest authentication and certificate verification at present, specifically adopts which kind of authentication mode; Do not do concrete qualification at this, as long as client and BAS end are appointed just passable in advance.
After step 303:BAS receives the inquiry authentication response message that the browser of said client returns; Resolve said inquiry authentication response message and it is carried out authentication; When authentication success, include the redirection message of Portal server URL address to the browser transmission of said client.
After client browser is received the challenge request message, can correctly resolve and address inquires to the message identifying head, and eject and address inquires to window, supply the user to input number of the account and password; Afterwards, return inquiry authentication response message to BAS.
That is to say to have only the browser of client just can return inquiry authentication response message.
Different with the inquiry authentication request packet is to address inquires to the authentication response message and can carry an Authorization.
Said Authorization form is Authorization:credentials, and wherein credentials is an authentication information, carries the number of the account/encrypted message of client upload usually.Said authentication information form is corresponding to the challenge information form in the said inquiry authentication request packet.
For returning the client of addressing inquires to the authentication response message; After BAS receives the inquiry authentication response message that client browser returns; Resolve said inquiry authentication response message and obtain number of the account and password, and it is carried out authentication, both can select local authentication; Also can select the far-end aaa server to carry out authentication, authentication mode for example: challenge handshake authentication protocol CHAP or password authentication protocol PAP etc.
When authentication success, send the redirection message that meets Http conditional code 302 to said client, include Portal server URL address in the said redirection message.After client browser is received the redirection message that comprises Portal server URL address, initiate the certification page request to Portal server; Flow and prior art are in full accord, and the user carries out the authentication second time of access network, cooperate AAA to issue strategies such as charging, access control and Limit Rate simultaneously, and authentication can be by tactful accessing network resources through the back user.
When authentification failure, carry out:
Steps A, BAS Broadband Access Server BAS send the inquiry authentication request packet that meets Http conditional code 401 to said client; Behind user's modification account/encrypted message, continue to return and address inquires to the authentication response message, BAS receives the inquiry authentication response message that this client is returned; Resolve said inquiry authentication response message and it is carried out authentication; When authentication success, send the redirection message that includes Portal server URL address to said client, otherwise; Repeated execution of steps A passes through until authentication.
The inquiry authentication request packet of the non-browser application program of client in can't analyzing step 302 has only the browser of client just can resolve said inquiry authentication request packet.Therefore, for not returning the client non-browser application program of addressing inquires to the authentication response message, BAS does not further handle.
That is to say; After the non-browser application program of client is received the inquiry authentication request packet from BAS; Owing to can't resolve the WWW-Authenticate message header of addressing inquires in the authentication request packet, make that addressing inquires to authentication request packet loses the non-browser application program of client and the mutual end of BAS; Do not have no way of taking place because of getting access to the URL address of Portal server, attacking yet.
Among the application; As shown in Figure 4; Comparison diagram 2 can know, BAS gets access to the user when going to the Http request of outer net, before redirection message sends; Through client identity is once addressed inquires to authentication, can effectively distinguish above-mentioned Http request is from the request of client browser or the service traffics of non-browser application program.
If Http request from client browser; Client browser must can correctly be resolved the inquiry authentication request packet through addressing inquires to authentication, returns and addresses inquires to the authentication response message to BAS; BAS resolves said inquiry authentication response message and obtains number of the account and password; And it is carried out authentication, after authentication was passed through, BAS just sent the redirection message that includes Portal server URL address to client browser.
If service traffics from the non-browser application program; Then the non-browser application program can't be through addressing inquires to authentication; Promptly can not correctly resolve the inquiry authentication request packet; Can't return and address inquires to the authentication response message to BAS, BAS will can not send the redirection message that include Portal server URL address to the non-browser application program, realize that finally Portal Server is immune against attacks.
The BAS Broadband Access Server structure of the application embodiment is as shown in Figure 5, and a kind of BAS Broadband Access Server BAS comprises: Http request message acquisition module, inquiry authentication module, redirection module, wherein:
Http request message acquisition module is used to obtain the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects, and said Http request message is sent to the inquiry authentication module; When getting access to the Http request message through the Portal authentication from client, set said client and directly visit outer net.
Address inquires to authentication module; Be used to receive said Http request message from Http request message acquisition module; Send the inquiry authentication request packet to client; After receiving the inquiry authentication response message that the browser of said client returns, resolve said inquiry authentication response message and it is carried out authentication
When authentication success, the information of authentication success is sent to redirection module;
When authentication is unsuccessful, carry out:
Step B, send to said client and to address inquires to authentication request packet; Receive the inquiry authentication response message that this client is returned; Resolve said inquiry authentication response message and it is carried out authentication, if authentication success, the information of authentication success is sent to redirection module; Otherwise, repeated execution of steps B.
Said inquiry authentication request packet meets the regulation of Http conditional code 401.
Said inquiry authentication request packet comprises the WWW-Authenticate message header, and said WWW-Authenticate message header form is WWW-Authenticate:challenge, and wherein challenge is the challenge information of RFC2617 definition.
Said inquiry authentication response message comprises Authorization; Said Authorization form is Authorization:credentials; Wherein credentials is an authentication information, and said authentication information form is corresponding to the challenge information form in the said inquiry authentication request packet.
Redirection module is used to receive the information of addressing inquires to the authentication success that authentication module sends, and sends the redirection message that includes Portal server URL address to the browser of said client.
The above is merely the application's preferred embodiment, and is in order to restriction the application, not all within the application's spirit and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the application protects.
Claims (10)
1. a method that realizes Portal certificate server attack protection is characterized in that, may further comprise the steps:
BAS Broadband Access Server BAS obtains the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects, and sends to client and addresses inquires to authentication request packet;
After BAS receives the inquiry authentication response message that the browser of said client returns; Resolve said inquiry authentication response message and it is carried out authentication; When authentication success, include the redirection message of Portal server URL address to the browser transmission of said client.
2. method according to claim 1 is characterized in that said inquiry authentication request packet meets the regulation of Http conditional code 401.
3. method according to claim 2; It is characterized in that; Said inquiry authentication request packet comprises the WWW-Authenticate message header; Said WWW-Authenticate message header form is WWW-Authenticate:challenge, and wherein challenge is the challenge information of RFC2617 definition.
4. method according to claim 3; It is characterized in that; Said inquiry authentication response message comprises Authorization; Said Authorization form is Authorization:credentials, and wherein credentials is an authentication information, and said authentication information form is corresponding to the challenge information form in the said inquiry authentication request packet.
5. method according to claim 1 is characterized in that, said BAS resolves said inquiry authentication response message and it is carried out further comprising after the authentication, when authentication is unsuccessful, carries out:
Steps A, BAS Broadband Access Server BAS send the inquiry authentication request packet that meets Http conditional code 401 to said client; Receive the inquiry authentication response message that this client is returned; Resolve said inquiry authentication response message and it is carried out authentication, when authentication success, send the redirection message that includes Portal server URL address to said client; Otherwise, repeated execution of steps A.
6. a BAS Broadband Access Server BAS is characterized in that, comprising: Http request message acquisition module, inquiry authentication module, redirection module, wherein:
Http request message acquisition module is used to obtain the Http request message that does not pass through the Portal authentication from client, sets up TCP and connects, and said Http request message is sent to the inquiry authentication module;
Address inquires to authentication module; Be used to receive said Http request message from Http request message acquisition module; Send to address inquires to authentication request packet to client, receive the inquiry authentication response message that the browser of said client returns after, resolve said inquiry authentication response message and it carried out authentication; When authentication success, the information of authentication success is sent to redirection module;
Redirection module is used to receive the information of addressing inquires to the authentication success that authentication module sends, and sends the redirection message that contains Portal server URL address to the browser of said client.
7. BAS Broadband Access Server BAS according to claim 6 is characterized in that said inquiry authentication request packet meets the regulation of Http conditional code 401.
8. BAS Broadband Access Server BAS according to claim 7; It is characterized in that; Said inquiry authentication request packet comprises the WWW-Authenticate message header; Said WWW-Authenticate message header form is WWW-Authenticate:challenge, and wherein challenge is the challenge information of RFC2617 definition.
9. BAS Broadband Access Server BAS according to claim 8; It is characterized in that; Said inquiry authentication response message comprises Authorization; Said Authorization form is Authorization:credentials, and wherein credentials is an authentication information, and said authentication information form is corresponding to the challenge information form in the said inquiry authentication request packet.
10. BAS Broadband Access Server BAS according to claim 6 is characterized in that, said inquiry authentication module is further used for when resolving said inquiry authentication response message and it is carried out authentication, if authentication is unsuccessful, carrying out:
Step B, send to said client and to address inquires to authentication request packet; Receive the inquiry authentication response message that said client is returned; Resolve said inquiry authentication response message and it is carried out authentication, if authentication success, the information of authentication success is sent to redirection module; Otherwise, repeated execution of steps B.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210217103.4A CN102710667B (en) | 2012-06-25 | 2012-06-25 | Method for realizing Portal authentication server attack prevention and broadband access server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210217103.4A CN102710667B (en) | 2012-06-25 | 2012-06-25 | Method for realizing Portal authentication server attack prevention and broadband access server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102710667A true CN102710667A (en) | 2012-10-03 |
| CN102710667B CN102710667B (en) | 2015-04-01 |
Family
ID=46903220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210217103.4A Active CN102710667B (en) | 2012-06-25 | 2012-06-25 | Method for realizing Portal authentication server attack prevention and broadband access server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102710667B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104735050A (en) * | 2014-12-19 | 2015-06-24 | 武汉烽火网络有限责任公司 | Authentication method integrating mac authentication and web authentication |
| CN104811439A (en) * | 2015-03-30 | 2015-07-29 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| CN105187538A (en) * | 2015-09-14 | 2015-12-23 | 北京星网锐捷网络技术有限公司 | Web authentication noise processing method and processing device |
| CN105357209A (en) * | 2015-11-20 | 2016-02-24 | 福建星网锐捷网络有限公司 | WEB authentication method and WEB authentication device |
| CN105991640A (en) * | 2015-07-16 | 2016-10-05 | 杭州迪普科技有限公司 | Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request |
| CN105991589A (en) * | 2015-02-13 | 2016-10-05 | 华为技术有限公司 | Method, apparatus, and system for redirection |
| CN106101063A (en) * | 2016-05-25 | 2016-11-09 | 杭州迪普科技有限公司 | Certification reorientation method and certification redirection device |
| CN107040401A (en) * | 2015-12-01 | 2017-08-11 | 中华电信股份有限公司 | Wired local network user management system and method with safety and function expansion |
| CN107276769A (en) * | 2017-07-26 | 2017-10-20 | 迈普通信技术股份有限公司 | Puppet pushes away request filter method, portal server and terminal |
| CN109587747A (en) * | 2018-10-26 | 2019-04-05 | 努比亚技术有限公司 | SIM card method for handover control, terminal and computer storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834866A (en) * | 2010-05-05 | 2010-09-15 | 北京来安科技有限公司 | CC (Communication Center) attack protective method and system thereof |
| CN102469069A (en) * | 2010-11-02 | 2012-05-23 | 杭州华三通信技术有限公司 | Method and device for preventing portal authentication attack |
-
2012
- 2012-06-25 CN CN201210217103.4A patent/CN102710667B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834866A (en) * | 2010-05-05 | 2010-09-15 | 北京来安科技有限公司 | CC (Communication Center) attack protective method and system thereof |
| CN102469069A (en) * | 2010-11-02 | 2012-05-23 | 杭州华三通信技术有限公司 | Method and device for preventing portal authentication attack |
Non-Patent Citations (3)
| Title |
|---|
| DUDUWOLF: "HTTP认证及其在Web平台中的实现", 《HTTP://WWW.360DOC.COMCONTENT0507140073_1516.SHTML》 * |
| FRANKS,ET AL: ""HTTP Authentication:Basic and Digest Access Authentication"", 《RFC2617》 * |
| 侯建岑: ""基于HTTP-FLOOD"攻击的网络入侵检测防御技术研究与实现", 《万方数据库》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104735050B (en) * | 2014-12-19 | 2018-03-20 | 武汉烽火网络有限责任公司 | A kind of fusion mac certifications and the authentication method of web authentication |
| CN104735050A (en) * | 2014-12-19 | 2015-06-24 | 武汉烽火网络有限责任公司 | Authentication method integrating mac authentication and web authentication |
| CN105991589A (en) * | 2015-02-13 | 2016-10-05 | 华为技术有限公司 | Method, apparatus, and system for redirection |
| US10721320B2 (en) | 2015-02-13 | 2020-07-21 | Huawei Technologies Co., Ltd. | Redirection method, apparatus, and system |
| CN104811439A (en) * | 2015-03-30 | 2015-07-29 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| CN104811439B (en) * | 2015-03-30 | 2018-08-24 | 新华三技术有限公司 | A kind of method and apparatus of Portal certifications |
| CN105991640A (en) * | 2015-07-16 | 2016-10-05 | 杭州迪普科技有限公司 | Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request |
| CN105991640B (en) * | 2015-07-16 | 2019-06-04 | 杭州迪普科技股份有限公司 | Handle the method and device of HTTP request |
| CN105187538A (en) * | 2015-09-14 | 2015-12-23 | 北京星网锐捷网络技术有限公司 | Web authentication noise processing method and processing device |
| CN105357209A (en) * | 2015-11-20 | 2016-02-24 | 福建星网锐捷网络有限公司 | WEB authentication method and WEB authentication device |
| CN107040401A (en) * | 2015-12-01 | 2017-08-11 | 中华电信股份有限公司 | Wired local network user management system and method with safety and function expansion |
| CN106101063A (en) * | 2016-05-25 | 2016-11-09 | 杭州迪普科技有限公司 | Certification reorientation method and certification redirection device |
| CN107276769A (en) * | 2017-07-26 | 2017-10-20 | 迈普通信技术股份有限公司 | Puppet pushes away request filter method, portal server and terminal |
| CN107276769B (en) * | 2017-07-26 | 2019-09-13 | 迈普通信技术股份有限公司 | Puppet pushes away request filter method, portal server and terminal |
| CN109587747A (en) * | 2018-10-26 | 2019-04-05 | 努比亚技术有限公司 | SIM card method for handover control, terminal and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102710667B (en) | 2015-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102710667B (en) | Method for realizing Portal authentication server attack prevention and broadband access server | |
| CN110300117B (en) | IOT device and user binding authentication method, device and medium | |
| US9825928B2 (en) | Techniques for optimizing authentication challenges for detection of malicious attacks | |
| CN103825881B (en) | The reorientation method and device of WLAN user are realized based on wireless access controller AC | |
| EP3286893B1 (en) | Secure transmission of a session identifier during service authentication | |
| KR101095447B1 (en) | Apparatus and method for preventing distributed denial of service attack | |
| CN101702717B (en) | Method, system and equipment for authenticating Portal | |
| US8079076B2 (en) | Detecting stolen authentication cookie attacks | |
| US8589675B2 (en) | WLAN authentication method by a subscriber identifier sent by a WLAN terminal | |
| CN105554098A (en) | Device configuration method, server and system | |
| JP2006524925A (en) | Technology for secure wireless LAN access | |
| JP5112806B2 (en) | Wireless LAN communication method and communication system | |
| CN103354550A (en) | Authorization control method and device based on terminal information | |
| CN106559405B (en) | Portal authentication method and equipment | |
| CN110505188B (en) | Terminal authentication method, related equipment and authentication system | |
| CN104144163A (en) | Identity verification method, device and system | |
| CN102143177A (en) | Portal authentication method, Portal authentication device,Portal authentication equipment and Portal authentication system | |
| JP2014002716A (en) | Information processing apparatus, network system, data sharing method, and computer program allowing data sharing | |
| CN106330948A (en) | Message control method and message control device | |
| CN107786502B (en) | Authentication proxy method, device and equipment | |
| CN105656854B (en) | A kind of method, equipment and system for verifying Wireless LAN user sources | |
| CN106789884A (en) | A kind of portal authentication method and system | |
| Pansa et al. | Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol | |
| CN101742507B (en) | System and method for accessing Web application site for WAPI terminal | |
| CN106789864B (en) | Message anti-attack method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |