CN102801685A - Web authentication method and system - Google Patents
Web authentication method and system Download PDFInfo
- Publication number
- CN102801685A CN102801685A CN2011101340238A CN201110134023A CN102801685A CN 102801685 A CN102801685 A CN 102801685A CN 2011101340238 A CN2011101340238 A CN 2011101340238A CN 201110134023 A CN201110134023 A CN 201110134023A CN 102801685 A CN102801685 A CN 102801685A
- Authority
- CN
- China
- Prior art keywords
- user
- access terminals
- ipv4
- access
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a Web authentication method, which comprises the following steps that: a network access user terminal acquires an Internet protocol version 4 (IPv4) address or an IPv4 address and an IPv6 address, a broadband network gateway (BNG) limits the right of the network access user terminal over access to an IPv4 network and an IPv6 network, and when the network access user terminal accesses a Web page, the BNG reorients a hypertext transfer protocol (HTTP) access request transmitted by the network access user terminal in an access process to a Web authentication server of the IPv4 network; or the network access user terminal acquires the IPv6 address, the BNG limits the right of the network access user terminal over the access to the IPv6 network, and when the network access user terminal accesses the Web page, the BNG reorients the HTTP access request transmitted by the network access user terminal in the access process to an IPv6 friendly page. According to the technical scheme, when the network access user terminal of a double-stack user uses the IPv6 address, Web authentication can be realized.
Description
Technical field
The present invention relates to the broadband access technology of WLAN (WLAN, Wireless Local Area Networks), relate in particular to a kind of web authentication method and system.
Background technology
Network (Web) authentication is widely used in the broadband access technology of current WLAN.The main process of the web authentication of IPv4 is following: at first user's access terminals (for example; Subscriber equipment (UE, UserEquipment), computer etc.) is when getting into the focus of WLAN, through access point (AN; Access Node) accessing to wide band network gateway control apparatus (BNG; Broadband Network Gatewny), obtain the IPv4 address from BNG, this moment, user's access terminals did not have the authority of accesses network.User's access terminals is through HTTP (HTTP; HyperText Transfer Protocol) during any webpage of visit, the Web page that BNG provides the page reorientation of user's access terminals visit through the HTTP redirection technology to operator user's access terminals carries out authentication.User's access terminals is imported username and password on the Web page that operator provides; (the RADIUS of remote customer dialing authentication system in operator; Remote Authentication Dial In User Service) after server authentication passes through; BNG opens the authority of accesses network for this user's access terminals, and user's access terminals can the normal access network.
In the implementation method of the web authentication of above-mentioned user's access terminals; A problem that faces is exhausting along with the IPv4 address; The application of IPv6 network will be more and more widely; Therefore user's access terminals might be assigned with and use the IPv6 address, and this moment, two-stack machine system was just as a kind of broadband access scheme of IPv4 network to the IPv6 network transition.In two-stack machine system, dual-stack network is meant the existing Web page based on IPv4 in the Internet network, and the Web page of IPv6 is provided again.Two stack users are meant that user's access terminals obtains IPv4 address and IPv6 address simultaneously; User's access terminals is provided with agreement (DHCP through DynamicHost; Dynamic Host Configuration Protocol) obtains the IPv4 address; Distribute (SLAAC through stateless address; Stateless Address Auto Configuration) or DHCPv6 (DHCP for IPv6) obtain the IPv6 address, like this at the IPv4 network in the transient process of IPv6 network, user's access terminals can be visited IPv4 network and IPv6 network simultaneously.
But; If user's access terminals is two stack users, user's access terminals may use IPv6 accessed network when carrying out web authentication so; And the Traditional Web authentication is based on the IPv4 address; When user's access terminals uses IPv6 accessed network, original web authentication mechanism based on the IPv4 address will be no longer suitable, and user's access terminals can't carry out web authentication.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of web authentication method and system, when user's access terminals of two stack users when using the IPv6 address, can realize web authentication.
For achieving the above object, technical scheme of the present invention is achieved in that
The present invention provides a kind of web authentication method, comprising:
User's access terminals obtains IPv4 address or IPv4 address and IPv6 address; The authority of BNG limited subscriber access terminals visit IPv4 network and IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the web authentication server of IPv4;
Or user's access terminals obtains the IPv6 address, the authority of BNG limited subscriber access terminals visit IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the friendly page of IPv6.
In the said method,
Said user's access terminals obtains the IPv4 address: user's access terminals obtains the IPv4 address through the mode of DHCP or static configuration from BNG;
Said user's access terminals obtains the IPv6 address: user's access terminals obtains the IPv6 address through the mode of DHCPv6 or phase neighbor discovery mode (ND) or static configuration from BNG.
In the said method, if user's access terminals obtains IPv4 address and IPv6 address, this method also comprises:
User's access terminals carries out authentication at the web authentication server of IPv4, and after authentication was passed through, the state of user's access terminals on BNG became authentication, user's access terminals normal access IPv4 network and IPv6 network.
In the said method, said BNG is redirected to the HTTP access request after the friendly page of IPv6 of operator, and this method also comprises:
The friendly webpage prompting of IPv6 user access terminals must obtain the IPv4 address earlier can the enjoy network service.
In the said method, if user's access terminals obtains the IPv4 address, this method also comprises:
User's access terminals carries out authentication at the web authentication server of IPv4, and after authentication was passed through, the state of last this user's access terminals of BNG became authentication, user's access terminals normal access IPv4 network;
User's access terminals obtains the IPv6 address, and normal access IPv6 network.
In the said method, this method also comprises:
User's access terminals after through authentication, release IP v6 address, and obtain the IPv6 address once more;
User's access terminals no longer carries out web authentication, and normal access IPv6 network.
In the said method, this method also comprises:
User's access terminals after through authentication, release IP v4 address;
This user's access terminals of BNG notice web authentication server rolls off the production line, and changes into the state of user's access terminals unverified.
In the said method, this method also comprises:
User's access terminals after through authentication, release IP v4 address, BNG keeps the verified status of user's access terminals;
After user's access terminals obtained the IPv4 address once more, BNG confirmed that the state of user's access terminals on BNG is authentication, and user's access terminals normal access IPv4 network no longer carries out web authentication.
In the said method, this method also comprises:
User's access terminals breaks off the netting twine of online after through authentication;
After all losing efficacy in the IPv4 address of BNG discovery user access terminals and IPv6 address, the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and the web authentication server user access terminals of notice operator rolls off the production line.
In the said method, said user's access terminals is the user's access terminals that obtains IPv4 address and IPv6 address respectively and insert same BNG.
The present invention also provides a kind of web authentication system, comprising: user's access terminals and BNG; Wherein,
User's access terminals is used to obtain IPv4 address or IPv4 address and IPv6 address;
BNG is used for the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and when user's access terminals visit Web page, the HTTP access request of user's access terminals transmission in the access process is redirected to the web authentication server of IPv4;
Or user's access terminals is used to obtain the IPv6 address;
BNG is used for the authority that the limited subscriber access terminals is visited the IPv6 network, and when user's access terminals visit Web page, the HTTP access request that user's access terminals in the access process is sent is redirected to the friendly page of IPv6.
In the said system,
If user's access terminals obtains IPv4 address and IPv6 address, said user's access terminals also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network and IPv6 network;
Or if user's access terminals obtains the IPv4 address, said user's access terminals also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network, and obtain the IPv6 address, normal access IPv6 network.
In the said system,
Said user's access terminals also is used for, after through authentication, and release IP v6 address, and obtain the IPv6 address once more, and no longer carry out web authentication, normal access IPv6 network;
Or said user's access terminals also is used for, after through authentication, and release IP v4 address;
Said BNG also is used for, and this user's access terminals of notice web authentication server rolls off the production line, and changes into the state of user's access terminals unverified;
Or said user's access terminals also is used for, after through authentication, and release IP v4 address;
Said BNG also is used for, and keeps the verified status of user's access terminals;
Said user's access terminals also is used for, obtain the IPv4 address once more after, normal access IPv4 network no longer carries out web authentication;
Or said user's access terminals also is used for, and after through authentication, breaks off the netting twine of online;
Said BNG also is used for, after all losing efficacy in the IPv4 address of discovery user access terminals and IPv6 address, and the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and the web authentication server user access terminals of notice operator rolls off the production line.
Web authentication method and system provided by the invention; User's access terminals obtains IPv4 address or IPv4 address and IPv6 address; The authority of BNG limited subscriber access terminals visit IPv4 network and IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the web authentication server of IPv4; Or user's access terminals obtains the IPv6 address, the authority of BNG limited subscriber access terminals visit IPv6 network; When user's access terminals visit Web page; The HTTP access request that BNG sends user's access terminals in the access process is redirected to the friendly page of IPv6; Promptly under the situation of the web authentication server that IPv4 is only arranged; The mode that user's access terminals comes related IPv6 accessed network legal power through the web authentication server that uses IPv4 realizes the web authentication in two stack scenes.
Description of drawings
Fig. 1 is the schematic flow sheet that the present invention realizes the web authentication method;
Fig. 2 is the flow process signal of the present invention embodiment one of realizing the web authentication method;
Fig. 3 is the schematic flow sheet that the present invention realizes the embodiment two of web authentication method;
Fig. 4 is the schematic flow sheet that the present invention realizes the embodiment three of web authentication method;
Fig. 5 is the schematic flow sheet that the present invention realizes the embodiment four of web authentication method;
Fig. 6 is the schematic flow sheet that the present invention realizes the embodiment five of web authentication method;
Fig. 7 is the schematic flow sheet that the present invention realizes the embodiment six of web authentication method;
Fig. 8 is the schematic flow sheet that the present invention realizes the embodiment seven of web authentication method;
Fig. 9 is the schematic flow sheet that the present invention realizes the embodiment eight of web authentication method;
Figure 10 is the structural representation that the present invention realizes the web authentication system.
Embodiment
Basic thought of the present invention is: user's access terminals obtains IPv4 address or IPv4 address and IPv6 address; The authority of BNG limited subscriber access terminals visit IPv4 network and IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the web authentication server of IPv4; Or user's access terminals obtains the IPv6 address, the authority of BNG limited subscriber access terminals visit IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the friendly page of IPv6.
Through accompanying drawing and specific embodiment the present invention is done further detailed description more below.
The present invention provides a kind of web authentication method, and Fig. 1 is the schematic flow sheet that the present invention realizes the web authentication method, and is as shown in Figure 1, and this method may further comprise the steps:
Step 101, user's access terminals are obtained IPv4 address and/or IPv6 address, the authority of BNG limited subscriber access terminals visit IPv4 network and IPv6 network;
Concrete, the operating system of user's access terminals is obtained IPv4 address and/or IPv6 address; Can obtain the IPv4 address from BNG through the mode of DHCP or static configuration, obtain the IPv6 address from BNG, also can pass through phase neighbor discovery mode (ND, Neighbor Discovery) or the mode of static configuration is obtained the IPv6 address from BNG through DHCPv6; At this moment; User's access terminals is " unverified " state on BNG; If what therefore user's access terminals obtained is IPv4 address and IPv6 address or IPv4 address; Then BNG limited subscriber access terminals is visited the authority of IPv4 network and IPv6 network, and promptly the refusing user's access terminals is visited any IPv6 address, only allows the web authentication server of user's access terminals visit IPv4; If if user's access terminals obtains is the IPv6 address, the authority of BNG limited subscriber access terminals visit IPv6 network.
Step 102, user's access terminals visit Web page;
Concrete, after user's access terminals obtains IPv4 address and/or IPv6 address, user's access terminals in can accesses network based on the Web page of IPv6 address or based on the Web page of IPv4 address.
Step 103, the HTTP access request that BNG sends user's access terminals in the access process are redirected to the web authentication server or the friendly page of IPv6 of IPv4;
The HTTP access request concrete, that BNG interception user access terminals sends in based on the Web page of IPv6 address or the process based on the Web page of IPv4 address in visit; If user's access terminals obtains is IPv4 address or IPv4 address and/IPv6 address, and then BNG is technological through HTTP redirection, the HTTP access request is redirected to the web authentication server of the IPv4 of operator; If what user's access terminals obtained only is the IPv6 address, then BNG is redirected to the HTTP access request the friendly page of IPv6 of operator through the HTTP redirection technology.
Here, if user's access terminals obtains IPv4 address and IPv6 address, and BNG is redirected to the HTTP access request web authentication server of the IPv4 of operator, and this method also comprises:
Step 104, user's access terminals carries out authentication at the web authentication server of IPv4, after authentication is passed through, user's access terminals normal access IPv4 network and IPv6 network;
Concrete; The web authentication server of user's access terminals IPv4 carries out authentication; If authentication is passed through; The state of user's access terminals on BNG will become " authentication " state, and BNG decontrols the visit IPv4 network of user's access terminals and the authority of IPv6 network, and user's access terminals can normal access IPv4 network and IPv6 network.
Or if user's access terminals only obtains the IPv6 address, and BNG is redirected to the friendly page of IPv6 of operator with the HTTP access request, and this method also comprises:
Step 105, the friendly webpage prompting of IPv6 user access terminals must obtain the IPv4 address earlier can the enjoy network service.
Or if user's access terminals obtains the IPv4 address, and BNG is redirected to the HTTP access request web authentication server of the IPv4 of operator, and this method also comprises:
Step 106, user's access terminals carries out authentication on the web authentication server of IPv4, if user's access terminals through authentication, the state of last this user's access terminals of BNG becomes authentication, user's access terminals can normal access IPv4 network; User's access terminals obtains the IPv6 address, and direct normal access IPv6 network.
Embodiment one
Fig. 2 is the schematic flow sheet that the present invention realizes the embodiment one of web authentication method; Be that user's access terminals obtains IPv4 address and IPv6 address, and in the scene of the Web page of visit IPv6, the practical implementation method of web authentication method; As shown in Figure 2, this method may further comprise the steps:
Step 201, user's access terminals is reached the standard grade, and obtains IPv4 address and IPv6 address, and the state of the last user's access terminals of BNG this moment is unverified, and the access rights of user's access terminals are restricted, only allow the web authentication server of the IPv4 of access operator.
Step 202, the visit of user's access terminals is based on the Web page of IPv6 address.
Step 203, BNG interception user access terminals is visited the HTTP access request based on the IPv6 in the Web page process of IPv6 address, and the HTTP access request of this IPv6 is redirected to the web authentication server of the IPv4 of operator through the HTTP redirection technology.
Step 204; User's access terminals is imported username and password on the web authentication server of IPv4; The web authentication server of IPv4 and BNG carry out alternately; User's access terminals is through authentication, and the state of last this user's access terminals of BNG becomes authentication, and user's access terminals can normal access IPv4 network and IPv6 network.
Embodiment two
Fig. 3 is the schematic flow sheet that the present invention realizes the embodiment two of web authentication method; Be that user's access terminals obtains IPv4 address and IPv6 address, and in the scene of the Web page of visit IPv4, the practical implementation method of web authentication method; As shown in Figure 3, this method may further comprise the steps:
Step 301, user's access terminals is reached the standard grade, and obtains IPv4 address and IPv6 address, and the state of the last user's access terminals of BNG this moment is unverified, and the access rights of user's access terminals are restricted, only allow the web authentication server of the IPv4 of access operator.
Step 302, the visit of user's access terminals is based on the Web page of IPv4 address.
Step 303, BNG interception user access terminals is visited the HTTP access request based on the IPv4 in the Web page process of IPv4 address, and the HTTP access request of this IPv4 is redirected to the web authentication server of the IPv4 of operator through the HTTP redirection technology.
Step 304; User's access terminals is imported username and password on the web authentication server of IPv4; The web authentication server of IPv4 and BNG carry out alternately; User's access terminals is through authentication, and the state of last this user's access terminals of BNG becomes authentication, and user's access terminals can normal access IPv4 network and IPv6 network.
Embodiment three
Fig. 4 is the schematic flow sheet that the present invention realizes the embodiment three of web authentication method, is that user's access terminals obtains the IPv4 address earlier, carries out web authentication again; Obtain at last in the scene of IPv6 address; The practical implementation method of web authentication method, as shown in Figure 4, this method may further comprise the steps:
Step 401, user's access terminals is reached the standard grade, and obtains the IPv4 address, and the state of the last user's access terminals of BNG this moment is unverified, and the access rights of user's access terminals are restricted, only allow the web authentication server of the IPv4 of access operator.
Step 402, the visit of user's access terminals is based on the Web page of IPv4 address.
Step 403, BNG interception user access terminals is visited the HTTP access request based on the IPv4 in the Web page process of IPv4 address, and the HTTP access request of this IPv4 is redirected to the web authentication server of the IPv4 of operator through the HTTP redirection technology.
Step 404; User's access terminals is imported username and password on the web authentication server of IPv4; The web authentication server of IPv4 and BNG carry out alternately; User's access terminals is through authentication, and the state of last this user's access terminals of BNG becomes authentication, and user's access terminals can normal access IPv4 network.
Step 405, user's access terminals obtains the IPv6 address, is authentication because BNG goes up the state of this user's access terminals, and after obtaining the IPv6 address, user's access terminals is normal access IPv6 network directly, need not to carry out once more web authentication.
Embodiment four
Fig. 5 is the schematic flow sheet that the present invention realizes the embodiment four of web authentication method; Be that user's access terminals obtains the IPv6 address, and in the scene of the Web page of visit IPv6, the practical implementation method of web authentication method; As shown in Figure 5, this method may further comprise the steps:
Step 501, user's access terminals obtains the IPv6 address;
Concrete, the operating system of user's access terminals is only obtained the IPv6 address, does not get access to the IPv4 address.
Step 502, the visit of user's access terminals is based on the Web page of IPv6 address.
Step 503, the HTTP access request that BNG sends user's access terminals are redirected to the friendly webpage of IPv6;
Concrete; BNG inquires this user's access terminals and does not obtain the IPv4 address; Therefore tackle the HTTP access request of the IPv6 that user's access terminals sends in the Web page process of visit based on the IPv6 address, and the HTTP access request is redirected to the friendly webpage of IPv6 of operator through HTTP redirection.
Step 504, the friendly webpage prompting of IPv6 user access terminals must obtain the IPv4 address earlier can the enjoy network service.
Based on above-mentioned web authentication method and embodiment, obtain IPv4 address and IPv6 address at user's access terminals, and user's access terminals through authentication after, the web authentication method can also comprise following four embodiment.
Embodiment five
Fig. 6 is the schematic flow sheet that the present invention realizes the embodiment five of web authentication method; Be user's access terminals after through authentication, release IP v6 address and obtain again again after, user's access terminals need not to carry out again the concrete implementation method of web authentication; As shown in Figure 6, this method may further comprise the steps:
Step 601, user's access terminals after through authentication, release IP v6 address, and obtain the IPv6 address once more.
Step 602, because the state of user's access terminals on BNG be authentication, user's access terminals can normal access IPv6 network, need not to carry out once more web authentication.
Embodiment six
Fig. 7 is the schematic flow sheet that the present invention realizes the embodiment six of web authentication method; Be user's access terminals after through authentication, behind the release IP v4 address, BNG changes the state of user's access terminals into unverified concrete implementation method; As shown in Figure 7, this method may further comprise the steps:
Step 701, user's access terminals after through authentication, release IP v4 address.
Step 702, it is two stack users that BNG finds to use instead the family access terminals, this user's access terminals of web authentication server of notice operator rolls off the production line, and changes into the state of user's access terminals unverified.
Step 703, the authority of user's access terminals visit IPv6 network is restricted, and user's access terminals need obtain the IPv4 address again, and need carry out web authentication once more.
Embodiment seven
Fig. 8 is the schematic flow sheet that the present invention realizes the embodiment seven of web authentication method; Be user's access terminals through authentication, behind the release IP v4 address, BNG does not change the concrete implementation method of the state of user's access terminals; As shown in Figure 8, this method may further comprise the steps:
Step 801, user's access terminals after through authentication, release IP v4 address.
Step 802, BNG finds that this user's access terminals is two stack users, and BNG does not change the state of user's access terminals, and user's access terminals state remains verified status.
Step 803, after user's access terminals obtained the IPv4 address once more, BNG confirmed that the state of user's access terminals on BNG is authentication, user's access terminals can normal access IPv4 network, need not to carry out once more web authentication.
Embodiment eight
Fig. 9 is the schematic flow sheet that the present invention realizes the embodiment eight of web authentication method; Be user's access terminals after through authentication; After all losing efficacy in IPv4 address and IPv6 address; BNG simultaneously limited subscriber access terminals visit IPv4 network and IPv6 network authority concrete implementation method, as shown in Figure 9, this method may further comprise the steps:
Step 901, user's access terminals are broken off the netting twine of online after through authentication.
Step 902; The IPv4 address of the real-time supervisory user access terminals of BNG and IPv6 address; After user's access terminals breaks off the netting twine of online, after all losing efficacy in the IPv4 address of BNG discovery user access terminals and IPv6 address, confirm that user's access terminals rolls off the production line; And the web authentication server user access terminals of notice operator rolls off the production line the authority of BNG while limited subscriber access terminals visit IPv4 network and IPv6 network.
Among the present invention, above-mentioned user's access terminals is two stack users, and this pair stack user refers to the user's access terminals that obtains IPv4 address and IPv6 address respectively and insert same BNG.
Be to realize that said method, the present invention also provide a kind of web authentication system, Figure 10 is the structural representation that the present invention realizes the web authentication system, and is shown in figure 10, and this system comprises: user's access terminals 101 and BNG102; Wherein,
User's access terminals 101 is used to obtain IPv4 address or IPv4 address and IPv6 address;
BNG102; The authority that is used for limited subscriber access terminals 101 visit IPv4 networks and IPv6 network; And when user's access terminals visit Web page, the HTTP access request of 101 transmissions of user's access terminals in the access process is redirected to the web authentication server of IPv4;
Or user's access terminals 101 is used to obtain the IPv6 address;
BNG102 is used for the authority that the limited subscriber access terminals is visited the IPv6 network, and when user's access terminals 101 visit Web pages, the HTTP access request that user's access terminals in the access process 101 is sent is redirected to the friendly page of IPv6.
If user's access terminals 101 obtains IPv4 address and IPv6 address, said user's access terminals 101 also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network and IPv6 network;
Or if user's access terminals 101 obtains the IPv4 address, said user's access terminals 101 also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network, and obtain the IPv6 address, normal access IPv6 network.
Said user's access terminals 101 also is used for, after through authentication, and release IP v6 address, and obtain the IPv6 address once more, and no longer carry out web authentication, normal access IPv6 network;
Or said user's access terminals 101 also is used for, after through authentication, and release IP v4 address;
Said BNG102 also is used for, and this user's access terminals of notice web authentication server rolls off the production line, and changes into the state of user's access terminals unverified;
Or said user's access terminals 101 also is used for, after through authentication, and release IP v4 address;
Said BNG102 also is used for, and keeps the verified status of user's access terminals;
Said user's access terminals 101 also is used for, obtain the IPv4 address once more after, normal access IPv4 network no longer carries out web authentication;
Or said user's access terminals 101 also is used for, and after through authentication, breaks off the netting twine of online;
Said BNG102 also is used for, after all losing efficacy in the IPv4 address of discovery user access terminals and IPv6 address, and the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and the web authentication server user access terminals of notice operator rolls off the production line.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. a web authentication method is characterized in that, this method comprises:
User's access terminals obtains IPv4 address or IPv4 address and IPv6 address; The authority of BNG limited subscriber access terminals visit IPv4 network and IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the web authentication server of IPv4;
Or user's access terminals obtains the IPv6 address, the authority of BNG limited subscriber access terminals visit IPv6 network; When user's access terminals visit Web page, the HTTP access request that BNG sends user's access terminals in the access process is redirected to the friendly page of IPv6.
2. method according to claim 1 is characterized in that,
Said user's access terminals obtains the IPv4 address: user's access terminals obtains the IPv4 address through the mode of DHCP or static configuration from BNG;
Said user's access terminals obtains the IPv6 address: user's access terminals obtains the IPv6 address through the mode of DHCPv6 or phase neighbor discovery mode (ND) or static configuration from BNG.
3. method according to claim 1 is characterized in that, if user's access terminals obtains IPv4 address and IPv6 address, this method also comprises:
User's access terminals carries out authentication at the web authentication server of IPv4, and after authentication was passed through, the state of user's access terminals on BNG became authentication, user's access terminals normal access IPv4 network and IPv6 network.
4. method according to claim 1 is characterized in that, said BNG is redirected to the HTTP access request after the friendly page of IPv6 of operator, and this method also comprises:
The friendly webpage prompting of IPv6 user access terminals must obtain the IPv4 address earlier can the enjoy network service.
5. method according to claim 1 is characterized in that, if user's access terminals obtains the IPv4 address, this method also comprises:
User's access terminals carries out authentication at the web authentication server of IPv4, and after authentication was passed through, the state of last this user's access terminals of BNG became authentication, user's access terminals normal access IPv4 network;
User's access terminals obtains the IPv6 address, and normal access IPv6 network.
6. according to arbitrary described method in the claim 3 to 5, it is characterized in that this method also comprises:
User's access terminals after through authentication, release IP v6 address, and obtain the IPv6 address once more;
User's access terminals no longer carries out web authentication, and normal access IPv6 network.
7. according to arbitrary described method in the claim 3 to 5, it is characterized in that this method also comprises:
User's access terminals after through authentication, release IP v4 address;
This user's access terminals of BNG notice web authentication server rolls off the production line, and changes into the state of user's access terminals unverified.
8. according to arbitrary described method in the claim 3 to 5, it is characterized in that this method also comprises:
User's access terminals after through authentication, release IP v4 address, BNG keeps the verified status of user's access terminals;
After user's access terminals obtained the IPv4 address once more, BNG confirmed that the state of user's access terminals on BNG is authentication, and user's access terminals normal access IPv4 network no longer carries out web authentication.
9. according to arbitrary described method in the claim 3 to 5, it is characterized in that this method also comprises:
User's access terminals breaks off the netting twine of online after through authentication;
After all losing efficacy in the IPv4 address of BNG discovery user access terminals and IPv6 address, the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and the web authentication server user access terminals of notice operator rolls off the production line.
10. according to arbitrary described method in the claim 1 to 9, it is characterized in that said user's access terminals is the user's access terminals that obtains IPv4 address and IPv6 address respectively and insert same BNG.
11. a web authentication system is characterized in that, this system comprises: user's access terminals and BNG; Wherein,
User's access terminals is used to obtain IPv4 address or IPv4 address and IPv6 address;
BNG is used for the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and when user's access terminals visit Web page, the HTTP access request of user's access terminals transmission in the access process is redirected to the web authentication server of IPv4;
Or user's access terminals is used to obtain the IPv6 address;
BNG is used for the authority that the limited subscriber access terminals is visited the IPv6 network, and when user's access terminals visit Web page, the HTTP access request that user's access terminals in the access process is sent is redirected to the friendly page of IPv6.
12. system according to claim 11 is characterized in that,
If user's access terminals obtains IPv4 address and IPv6 address, said user's access terminals also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network and IPv6 network;
Or if user's access terminals obtains the IPv4 address, said user's access terminals also is used for, and carries out authentication at the web authentication server of IPv4, after authentication is passed through, and normal access IPv4 network, and obtain the IPv6 address, normal access IPv6 network.
13. according to claim 11 or 12 described systems, it is characterized in that,
Said user's access terminals also is used for, after through authentication, and release IP v6 address, and obtain the IPv6 address once more, and no longer carry out web authentication, normal access IPv6 network;
Or said user's access terminals also is used for, after through authentication, and release IP v4 address;
Said BNG also is used for, and this user's access terminals of notice web authentication server rolls off the production line, and changes into the state of user's access terminals unverified;
Or said user's access terminals also is used for, after through authentication, and release IP v4 address;
Said BNG also is used for, and keeps the verified status of user's access terminals;
Said user's access terminals also is used for, obtain the IPv4 address once more after, normal access IPv4 network no longer carries out web authentication;
Or said user's access terminals also is used for, and after through authentication, breaks off the netting twine of online;
Said BNG also is used for, after all losing efficacy in the IPv4 address of discovery user access terminals and IPv6 address, and the authority of limited subscriber access terminals visit IPv4 network and IPv6 network, and the web authentication server user access terminals of notice operator rolls off the production line.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101340238A CN102801685A (en) | 2011-05-23 | 2011-05-23 | Web authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101340238A CN102801685A (en) | 2011-05-23 | 2011-05-23 | Web authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102801685A true CN102801685A (en) | 2012-11-28 |
Family
ID=47200651
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101340238A Pending CN102801685A (en) | 2011-05-23 | 2011-05-23 | Web authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102801685A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904863A (en) * | 2011-07-28 | 2013-01-30 | 中兴通讯股份有限公司 | Method and gateway for controlling accessing of host of IPoE (IP over Ethernet) dual-stack user |
| CN104468619A (en) * | 2014-12-26 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and gateway for achieving dual-stack web authentication |
| CN105591929A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for authentication in light weight dual-protocol stack networking |
| CN105704105A (en) * | 2014-11-27 | 2016-06-22 | 华为技术有限公司 | Authentication method and access equipment |
| CN108243261A (en) * | 2016-12-23 | 2018-07-03 | 华为技术有限公司 | A kind of connection control method and access device of double stack terminals |
| CN109032797A (en) * | 2018-07-18 | 2018-12-18 | 上海恺英网络科技有限公司 | For providing the method and apparatus of web page access |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505345A (en) * | 2002-12-02 | 2004-06-16 | 深圳市中兴通讯股份有限公司上海第二 | A method for accessing user forced access identification server |
| CN1598808A (en) * | 2003-09-17 | 2005-03-23 | 深圳市格林耐特通信技术有限责任公司 | Method for realizing forced gate in WEB identification |
| US20050222815A1 (en) * | 2004-03-31 | 2005-10-06 | Kevin Tolly | System and method for testing and certifying products |
| US20060046713A1 (en) * | 2004-09-02 | 2006-03-02 | Kddi Corporation | IPv6/IPv4 tunneling method |
| WO2006034662A1 (en) * | 2004-09-30 | 2006-04-06 | Siemens Aktiengesellschaft | System for nomadic data access from subscriber terminal devices, devices in said system and data access method |
| CN101009941A (en) * | 2007-01-15 | 2007-08-01 | 中山大学 | A method for realizing the communication between the mobile IPv4 node and IPv6 communication node |
| CN101610156A (en) * | 2009-08-04 | 2009-12-23 | 杭州华三通信技术有限公司 | A kind of method of dual protocol stack user authentication, equipment and system |
| CN101645907A (en) * | 2009-09-04 | 2010-02-10 | 中兴通讯股份有限公司 | Method and system for processing abnormal off-line of Web authenticated user |
| CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
| CN101719939A (en) * | 2009-12-09 | 2010-06-02 | 赛尔网络有限公司 | Method for accessing network and certification of IPv6/IPv4 dual stack mainframe |
| CN101917444A (en) * | 2010-08-25 | 2010-12-15 | 福建星网锐捷网络有限公司 | Method and device for creating IP source address binding list item, and switch |
| CN101951380A (en) * | 2010-09-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Access control method and device used therein in dual-stack lite network |
-
2011
- 2011-05-23 CN CN2011101340238A patent/CN102801685A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505345A (en) * | 2002-12-02 | 2004-06-16 | 深圳市中兴通讯股份有限公司上海第二 | A method for accessing user forced access identification server |
| CN1598808A (en) * | 2003-09-17 | 2005-03-23 | 深圳市格林耐特通信技术有限责任公司 | Method for realizing forced gate in WEB identification |
| US20050222815A1 (en) * | 2004-03-31 | 2005-10-06 | Kevin Tolly | System and method for testing and certifying products |
| US20060046713A1 (en) * | 2004-09-02 | 2006-03-02 | Kddi Corporation | IPv6/IPv4 tunneling method |
| WO2006034662A1 (en) * | 2004-09-30 | 2006-04-06 | Siemens Aktiengesellschaft | System for nomadic data access from subscriber terminal devices, devices in said system and data access method |
| CN101009941A (en) * | 2007-01-15 | 2007-08-01 | 中山大学 | A method for realizing the communication between the mobile IPv4 node and IPv6 communication node |
| CN101610156A (en) * | 2009-08-04 | 2009-12-23 | 杭州华三通信技术有限公司 | A kind of method of dual protocol stack user authentication, equipment and system |
| CN101610156B (en) * | 2009-08-04 | 2012-07-11 | 杭州华三通信技术有限公司 | Dual protocol stack user authentication method, device and system |
| CN101645907A (en) * | 2009-09-04 | 2010-02-10 | 中兴通讯股份有限公司 | Method and system for processing abnormal off-line of Web authenticated user |
| CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
| CN101719939A (en) * | 2009-12-09 | 2010-06-02 | 赛尔网络有限公司 | Method for accessing network and certification of IPv6/IPv4 dual stack mainframe |
| CN101917444A (en) * | 2010-08-25 | 2010-12-15 | 福建星网锐捷网络有限公司 | Method and device for creating IP source address binding list item, and switch |
| CN101951380A (en) * | 2010-09-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Access control method and device used therein in dual-stack lite network |
Non-Patent Citations (1)
| Title |
|---|
| 封红旗,胡冬艳: "IPv4/IPv6 双栈网络访问方案的设计与实现", 《微计算机信息》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904863A (en) * | 2011-07-28 | 2013-01-30 | 中兴通讯股份有限公司 | Method and gateway for controlling accessing of host of IPoE (IP over Ethernet) dual-stack user |
| CN105704105A (en) * | 2014-11-27 | 2016-06-22 | 华为技术有限公司 | Authentication method and access equipment |
| CN105704105B (en) * | 2014-11-27 | 2019-12-24 | 华为技术有限公司 | Authentication method and access device |
| CN104468619A (en) * | 2014-12-26 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and gateway for achieving dual-stack web authentication |
| CN104468619B (en) * | 2014-12-26 | 2018-06-15 | 新华三技术有限公司 | A kind of method and authentication gateway for realizing double stack web authentications |
| CN105591929A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for authentication in light weight dual-protocol stack networking |
| CN108243261A (en) * | 2016-12-23 | 2018-07-03 | 华为技术有限公司 | A kind of connection control method and access device of double stack terminals |
| CN109032797A (en) * | 2018-07-18 | 2018-12-18 | 上海恺英网络科技有限公司 | For providing the method and apparatus of web page access |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3032859B1 (en) | Access control method and system, and access point | |
| KR100908320B1 (en) | Method for protecting and searching host in internet protocol version 6 network | |
| US7606227B2 (en) | Method, apparatus and system for distributing multicast data | |
| US8953601B2 (en) | Internet protocol version six (IPv6) addressing and packet filtering in broadband networks | |
| KR101971167B1 (en) | Reducing core network traffic caused by migrant | |
| CN102801685A (en) | Web authentication method and system | |
| US11337084B2 (en) | Control apparatus for gateway in mobile communication system | |
| JP5948442B2 (en) | Method for providing user-side device access to services provided by application functions in a network structure and network structure | |
| CA2660711A1 (en) | System and method for routing and domain name system support of a mobile node | |
| CN104883339A (en) | User privacy protecting method, equipment and system thereof | |
| CN101951380B (en) | Access control method and device used therein in dual-stack lite network | |
| KR20110059919A (en) | Network access management method and apparatus for access restriction of abnormal station using web redirect | |
| WO2015131567A1 (en) | Ipv6 address management method, device and terminal | |
| WO2015145953A1 (en) | Communication terminal, communication method, and program-containing storage medium | |
| CN106559771A (en) | A kind of method and apparatus of wireless terminal fast roaming | |
| Liang et al. | A SDN-Based Hierarchical Authentication Mechanism for IPv6 Address | |
| JP5947763B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM | |
| JP5864453B2 (en) | Communication service providing system and method | |
| US10708188B2 (en) | Application service virtual circuit | |
| Korhonen et al. | IPv6 for Third Generation Partnership project (3GPP) cellular hosts | |
| CN106161534A (en) | Send, transmit and the method and device of acquisition capability | |
| CN104253761A (en) | Method and device for bandwidth linkage control | |
| Lemon et al. | MIF WG H. Deng Internet-Draft China Mobile Intended status: Informational S. Krishnan Expires: January 2, 2015 Ericsson | |
| WO2014175250A1 (en) | Communication terminal, control apparatus, communication system, communication method and program | |
| Green | IPv6 benefits to the warfighter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121128 |