CN103428203B - Access control method and equipment - Google Patents
Access control method and equipment Download PDFInfo
- Publication number
- CN103428203B CN103428203B CN201310314455.6A CN201310314455A CN103428203B CN 103428203 B CN103428203 B CN 103428203B CN 201310314455 A CN201310314455 A CN 201310314455A CN 103428203 B CN103428203 B CN 103428203B
- Authority
- CN
- China
- Prior art keywords
- terminal
- certified
- access authority
- authority
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of access control method and equipment.A kind of method includes: Portal server generates coded image according to the information that AC the second terminal provided is corresponding and returns to the second terminal, and information corresponding for the second terminal is sent to Radius certification authority server by Portal server by certification first terminal scanning encoding image;Radius certification authority server is after determining that first terminal is certification terminal, be configuration on the second terminal distribution username and password the SSID that identifies according to the access authority of first terminal, described SSID identification information access authority and be the second terminal distribution acquiescence access authority at least one generate access authority, and it is supplied to AC, second terminal is authenticated by AC according to described username and password, and at the access authority of locally located second terminal after certification is passed through.Technical solution of the present invention advantageously reduces terminal and opens an account the cycle.
Description
Technical field
The present invention relates to communication technology, particularly relate to a kind of access control method and equipment.
Background technology
Entrance (Portal) certification is also generally referred to as web authentication.Compared with 802.1x authentication mode, web authentication has stronger ease for use.User need not install Authentication Client, it is only necessary to uses browser in terminal, inputs username and password, can complete certification, it is achieved accesses and control.The typical networking structure of web authentication mainly includes five basic roles: website (Station, referred to as STA), accessing points (AccessPoint, referred to as AP), access controller (AccessController, referred to as AC), Portal server and Radius server.Usual Portal server can be arranged in AC and realize.
Wherein, STA supports to run the browser of HTML (Hypertext Markup Language) (HypertextTransferProtocol, referred to as HTTP), sends HTTP request during online.AC realizes user's forced portal/compulsory portal, Service control, receives the certification request that Portal server is initiated, completes user authentication function.Portal server is portal website, primary responsibility pushing certification page, receive WLAN (WirelessLocalAreaNetworks, referred to as WLAN) authentication information of user, user authentication request and user offline notice is initiated to AC, and provide user from service option, what be linked to the offer of Radius server completes corresponding function from service page.Radius server mainly user is accessed be authenticated, charging and mandate.
Before disposing web authentication, it is necessary to being pre-configured with the network legal power of user name, password and correspondence on Radius server, then just can carry out web authentication, this process is referred to as user and opens an account.Having the following two kinds to open an account mode at present: one is that manager manually opens an account, the problem of this mode is that Admin Administration's workload is big, and the cycle of opening an account is long;Another kind is that user self-help is opened an account, and time namely user is logged in by web authentication, the certification page of Portal server provides a user from the page opened an account, and user fills in, by this page, the network legal power that user name, password and application need;Then being unified online treatment by manager, this mode alleviates the management workload of manager, but owing to still needing to manager's Attended Operation so the problem of the cycle length that yet suffers from opening an account.
Summary of the invention
The present invention provides a kind of access control method and equipment, opens an account the problem of cycle length in order to solve user.
First aspect provides a kind of access control method, including:
After access controller AC intercepts the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to information corresponding to described second terminal and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
Described AC receives user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority;Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server;
The username and password of described second terminal is sent to described Radius certification authority server by described AC, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal is arranged at this locality, sends described certification to described Portal server and described second terminal and pass through result.
Second aspect provides a kind of access control method, including:
Portal server receives the access request that the second terminal to be certified sends, and receiving information corresponding to described second terminal that access controller AC sends, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
Described Portal server generates the first coded image of described second terminal according to the information that described second terminal is corresponding, and described first coded image is sent to described second terminal;
Described Portal server receives the information that described second terminal that certification first terminal sends is corresponding, and information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal;
The identification information of information corresponding for described second terminal and described first terminal is sent to Radius certification authority server by described Portal server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal;
Described Portal server receives the access authority of described second terminal, the username and password that described Radius certification authority server sends, and be transmitted to described AC so that described AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
The third aspect provides a kind of access control method, including:
Radius certification authority server receives the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, information corresponding to described second terminal that described first coded image is described Portal server to be sent according to access controller AC generates and sends to described second terminal being redirected to described Portal server, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
According to the identification information of described first terminal and the identification information of locally stored certification terminal, described Radius certification authority server determines whether described first terminal is certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal;
The access authority of described second terminal, username and password are sent to described AC by described Portal server by described Radius certification authority server so that the described username and password according to described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
Fourth aspect provides a kind of access control method, including:
Access controller AC receives the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;
Described AC obtains, according to described coding indication information, the information that described terminal to be certified is corresponding, and information corresponding for described terminal to be certified is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified;
Described AC receives the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends;
The username and password of described terminal to be certified is sent to described Radius certification authority server by described AC, so that described terminal to be certified is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described terminal to be certified is arranged at this locality, sends described certification to described Portal server and described terminal to be certified and pass through result.
5th aspect provides a kind of access control method, including:
Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that access controller AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;
Described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;
The access authority of described terminal to be certified, username and password are sent to described AC by described Portal server by described Radius certification authority server so that the described username and password according to described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
6th aspect provides a kind of access controller AC, including:
Redirection module, after intercepting the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to information corresponding to described second terminal and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
Receiver module, for receiving user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority;Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server;
Identification processing module, for the username and password of described second terminal is sent to described Radius certification authority server, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal is arranged at this locality, sends described certification to described Portal server and described second terminal and pass through result.
7th aspect provides a kind of Portal server, including:
Receiver module, for receiving the access request that the second terminal to be certified sends, and receiving information corresponding to described second terminal that access controller AC sends, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
Sending module, generates the first coded image of described second terminal, and described first coded image is sent to described second terminal for the information corresponding according to described second terminal;
Described receiver module, being additionally operable to receive the information that certification first terminal has sent described second terminal is corresponding, information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal;
Described sending module, it is additionally operable to the identification information by information corresponding for described second terminal and described first terminal and is sent to Radius certification authority server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal;
Described receiver module, is additionally operable to receive the access authority of described second terminal, the username and password that described Radius certification authority server sends;
Described sending module, the access authority of described second terminal, the username and password that are additionally operable to receive described receiver module are transmitted to described AC so that described AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
Eighth aspect provides a kind of Radius certification authority server, including:
Receiver module, for receiving the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, information corresponding to described second terminal that described first coded image is described Portal server to be sent according to access controller AC generates and sends to described second terminal being redirected to described Portal server, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID on described AC;
Distribution generation module, identification information for the identification information according to described first terminal and locally stored certification terminal determines whether described first terminal is certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal;
Sending module, for the access authority of described second terminal, username and password are sent to described AC by described Portal server so that the described username and password according to described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
9th aspect provides a kind of access controller AC, including:
Receiver module, for receiving the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;
Acquisition module, for obtaining, according to described coding indication information, the information that described terminal to be certified is corresponding;
Sending module, the information corresponding for the terminal described to be certified obtained by described acquisition module is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified;
Described receiver module, is additionally operable to receive the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends;
Described sending module, the username and password of terminal described to be certified being additionally operable to receive described receiver module is sent to described Radius certification authority server, so that described terminal to be certified to be authenticated;
Described receiver module, is additionally operable to receive the authentication result that described Radius certification authority server returns;
Arranging module, the access authority of described terminal to be certified is arranged at this locality after passing through result by the certification for receiving the return of described Radius certification authority server at described receiver module;
Described sending module, is additionally operable to send described certification to described Portal server and described terminal to be certified and passes through result.
Tenth aspect provides a kind of Radius certification authority server, including:
Receiver module, for receiving information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that access controller AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;
Distribution generation module, for after described receiver module receives the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;
Sending module, for the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server so that the described username and password according to described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
Access control method provided by the invention and equipment, the coded image generated by the information that terminal to be certified is corresponding by certification terminal scanning, and information corresponding for the terminal to be certified obtained is supplied to Radius server by Portal server, make Radius server after determining that above-mentioned information is sent by certification terminal, for terminal distribution username and password to be certified, and the access authority according to certification terminal, the access authority of the upper configuration of the SSID of the AC that certification terminal and terminal to be certified access and for terminal distribution to be certified give tacit consent in access authority at least one dynamically distribute access authority, afterwards by access authority, username and password is supplied to AC, by AC use username and password complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.As can be seen here, technical solution of the present invention simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
Accompanying drawing explanation
The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention;
The flow chart of the another kind of access control method that Fig. 2 provides for the embodiment of the present invention;
The flow process of another access control method embodiment that Fig. 3 provides for the embodiment of the present invention;
The flow chart of another access control method that Fig. 4 provides for the embodiment of the present invention;
The flow chart of another access control method that Fig. 5 provides for the embodiment of the present invention;
The flow chart of another access control method that Fig. 6 provides for the embodiment of the present invention;
The flow chart of another access control method that Fig. 7 provides for the embodiment of the present invention;
The structural representation of a kind of AC that Fig. 8 provides for the embodiment of the present invention;
The structural representation of a kind of Portal server that Fig. 9 provides for the embodiment of the present invention;
The structural representation of a kind of Radius certification authority server that Figure 10 provides for the embodiment of the present invention;
The structural representation of another AC that Figure 11 provides for the embodiment of the present invention;
The structural representation of the another kind of Radius certification authority server that Figure 12 provides for the embodiment of the present invention.
Detailed description of the invention
The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention.As it is shown in figure 1, described method includes:
101, after AC intercepts the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to the information that described second terminal is corresponding and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and the service set (ServiceSetIdentifier for identifying on described AC, referred to as SSID) SSID identification information.
In the present embodiment, certification terminal replace terminal to be certified to be encoded the scanning of image, assist terminal to be certified be authenticated and open an account.For ease of describing, certification terminal is called first terminal, terminal to be certified is called the second terminal.
Illustrating at this, the coded system that coded image is used by the embodiment of the present invention does not limit, for instance can be bar code, Quick Response Code or can also is that other coded systems being likely in the future develop, for instance three-dimension code.Wherein, Quick Response Code coding information quantity is relatively big, and is the coded system of comparatively maturation at present, and therefore, the coded image in the embodiment of the present invention is preferably image in 2 D code.
Illustrate at this, do not limit the authentication mode of first terminal in embodiments of the present invention, for instance first terminal can adopt web authentication flow process of the prior art to complete certification, it would however also be possible to employ the method that the embodiment of the present invention provides is previously-completed certification.
In the present embodiment, the network environment carrying out the second terminal being authenticated and opens an account mainly includes AC, Portal server and Radius certification authority server, but is not limited to this.Wherein, Portal server can independently realize, it is also possible to is integrated in AC and realizes.Radius certification authority server refers to that being integrated with network authorization controls the Radius server of function.
In actual applications, AC can open access authority control, in order to the terminal accessed to carry out online control, also can arrange Web turn function simultaneously, be authenticated being redirected on Portal server by the terminal needing certification.It addition, the Radius certification authority server of the present embodiment can prestore the access authority of some user names, password and correspondence, it is used for as the second terminal distribution to be certified.One is comparatively preferred embodiment: create visitor's flowing water account pond on Radius certification authority server, for storing visitor's flowing water account, visitor's flowing water account is numbered in a certain order, and each visitor's flowing water account includes the information such as the user name preset, default password and default access authority.
When the second terminal needs to surf the Net, the browser in the second terminal can be opened, access arbitrary URL (UniformResourceLocator, referred to as URL), be equivalent to send access request.AC can intercept the access request of the second terminal, after discovery the second terminal is unverified terminal, the second terminal is redirected to Portal server.Second terminal accesses Portal server by the URL of Portal server.In the present embodiment, AC, except the second terminal is redirected to Portal server, also information corresponding to the second terminal can provide to Portal server.
In the present embodiment, the information that the second terminal is corresponding includes but not limited to: the identification information of the second terminal and for identifying the SSID identification information of the SSID on AC.Illustrating, the identification information of the second terminal can be medium access control (MediaAccessControl, referred to as the MAC) address of the second terminal, or can be the combination of the IP address of the second terminal and MAC Address, etc..Described SSID identification information can be the information of any SSID that can identify on the described AC that the second terminal accesses, such as this SSID identification information can include the SSID on the IP address of AC and AC, wherein, the IP address of AC is for one AC of unique mark, and then can uniquely to identify in conjunction with the SSID on this AC be SSID on certain AC;Again such as, described SSID identification information can also include the SSID on the IP address of AC, the title (Name) of AC and AC.
Illustrating at this, information corresponding to described second terminal is except the identification information including the second terminal and described SSID identification information, it is also possible to include the information such as the access authority given tacit consent on the authentication mode of acquiescence AC on and AC.
After Portal server receives the information that the second terminal is corresponding, the information that the second terminal is corresponding can be encoded coding, generate the coded image carrying information corresponding to the second terminal.Afterwards, this coded image can be returned to the second terminal by Portal server, and this coded image may be displayed on the browser of the second terminal.
102, AC receives user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority.
Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server.
In the second terminal after code displaying image, certified first terminal replaces the second terminal that this coded image is scanned, and resolves the information that wherein the second terminal is corresponding of acquisition, i.e. the identification information of the second terminal and described SSID identification information.Then, information corresponding for described second terminal is sent to Portal server by first terminal.After Portal server receives information corresponding to the second terminal that first terminal sends, by sent along for the identification information of information corresponding for the second terminal and first terminal to Radius certification authority server.
Illustrating at this, at first terminal by after certification, on AC, Portal server and Radius certification authority server, storage has first terminal for information about.Illustrating, on Radius certification authority server, the information of the first terminal of storage includes: the user name of first terminal certification, the IP address of first terminal, the MAC Address of first terminal, the IP address of first terminal place AC, the access authority that first terminal obtains, etc..On Radius certification authority server, the information of the first terminal of storage can represent by an information group: A_authentication&authorization (A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.The information of the first terminal of the upper storage of AC also includes: the user name of first terminal certification, the IP address of first terminal, the MAC Address of first terminal, the IP address of first terminal place AC, the access authority that first terminal obtains, etc..The information of the first terminal of the upper storage of AC can represent by an information group: A (A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but is not limited to this.On Portal server, the information of first terminal of storage includes: the MAC Address of the user name of first terminal certification, the IP address of first terminal and first terminal, etc..The user name of first terminal certification, the IP address of first terminal and the MAC Address etc. of first terminal can uniquely identify first terminal, are accordingly regarded as the identification information of first terminal.
After Radius certification authority server receives the identification information of information corresponding to the second terminal that Portal server sends and first terminal, can determine whether first terminal is certification terminal according to the identification information of the identification information of first terminal and locally stored certification terminal, additionally, can be the second terminal is authenticated and needs as its distributing user name according in information corresponding to the second terminal, the identification information of the second terminal confirms, password and access authority, and the SSID of AC that the second terminal and first terminal access is may determine that according to the SSID identification information in information corresponding to the second terminal.Concrete, the identification information of first terminal can be mated by Radius certification authority server in the identification information of locally stored certification terminal, if in coupling, illustrate that first terminal is certification terminal, such Radius certification authority server is assured that the second terminal assisted by first terminal belongs to validated user, it is possible to for its distributing user name, password and access authority.
Then, Radius certification authority server is after determining that first terminal is certification terminal, it is the second terminal distribution username and password, and on the SSID identified according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described second terminal distribution dynamically generates access authority for described second terminal.
Illustrate, Radius certification authority server has been pre-created visitor flowing water account pond, Radius certification authority server can from visitor's flowing water account pond, take out visitor's flowing water account of free time in turn, the user name preset in the visitor's flowing water account taken out and the password preset are distributed to the second terminal as the username and password of the second terminal, and the access authority preset in the visitor's flowing water account taken out is distributed to the second terminal as the acquiescence access authority of the second terminal.Then, on the SSID that Radius certification authority server identifies according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described second terminal generates access authority for described second terminal.
For ease of describing, the access authority of first terminal can be designated as A_auth, on the SSID identify described SSID identification information, the access authority of configuration is designated as SSID_auth, the acquiescence access authority of the second terminal is designated as R_auth, the access authority of the second terminal is designated as B_auth.
Optionally, Radius certification authority server can adopt but be not limited to following several ways is the second terminal distribution access authority:
The access authority configured on the SSID that Radius certification authority server takes the access authority of described first terminal, described SSID identification information identifies and the union access authority as described second terminal giving tacit consent to access authority of described second terminal.I.e. B_auth=A_auth ∪ SSID_auth ∪ R_auth.Or
Radius certification authority server is using the access authority of the described first terminal access authority as described second terminal.I.e. B_auth=A_auth.Or
On the SSID that described SSID identification information is identified by Radius certification authority server, the access authority of configuration is as the access authority of described second terminal.I.e. B_auth=R_auth.Or
Radius certification authority server takes the common factor of the access authority of described first terminal and the access authority of the upper configuration of the SSID that described SSID identification information identifies, then takes the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal.I.e. B_auth=A_auth ∩ SSID_auth ∪ R_auth.Or
Radius certification authority server takes the acquiescence access authority access authority as described second terminal of the second terminal.I.e. B_auth=R_auth.
As can be seen here, in actual applications, by A_auth, SSID_auth and the R_auth of making rational planning for, can be that the second terminal authorizes different network legal powers.
When the Radius certification authority server user name that has been the second terminal distribution, password and after generating access authority, it is possible to the access authority of the second terminal, username and password are sent to AC by Portal server.
103, the username and password of described second terminal is sent to described Radius certification authority server by AC, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal is arranged at this locality, sends described certification to described Portal server and described second terminal and pass through result.
After AC receives the access authority of the second terminal, username and password, second terminal is authenticated by the username and password based on the second terminal, and after certification is passed through, the access authority of the second terminal is arranged at this locality, thus the access authority according to the second set terminal controls the access to network of second terminal.
Concrete, the username and password of the second terminal can be sent to Radius certification authority server by AC, and so that the second terminal to be authenticated, this process referring to the same section in existing web authentication flow process, can not repeat them here.
AC receives the certification of Radius certification authority server return by after result, except the access authority in locally located second terminal, also can send certification to the second terminal and Portal server etc. and pass through result.Optionally, certification can also be sent to first terminal by result by AC.
From above-mentioned, the access control method that the present embodiment provides, the coded image generated by the information that terminal to be certified is corresponding by certification terminal scanning, and information corresponding for the terminal to be certified obtained is supplied to Radius server by Portal server, make Radius server after determining that above-mentioned information is sent by certification terminal, for terminal distribution username and password to be certified, and the access authority according to certification terminal, on the SSID of AC configuration access authority and for terminal distribution to be certified acquiescence access authority at least one dynamically distribute access authority, afterwards by access authority, username and password is supplied to AC, by AC use username and password complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow chart of the another kind of access control method that Fig. 2 provides for the embodiment of the present invention.As in figure 2 it is shown, described method includes:
201, Portal server receives the access request that the second terminal to be certified sends, and receiving AC information corresponding to described second terminal sent, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the SSID on described AC.
202, Portal server generates the first coded image of described second terminal according to the information that described second terminal is corresponding, and described first coded image is sent to described second terminal.
203, Portal server receives the information that described second terminal that certification first terminal sends is corresponding, and information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal.
204, the identification information of information corresponding for described second terminal and described first terminal is sent to Radius certification authority server by Portal server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal.
205, Portal server receives the access authority of described second terminal, the username and password that described Radius certification authority server sends, and be transmitted to described AC so that described AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
Method and embodiment illustrated in fig. 1 that the present embodiment provides adapt, and are the descriptions carried out from the angle of Portal server, detailed process can the description of embodiment shown in Figure 1, do not repeat them here.
The access control method that the present embodiment provides, the process that terminal to be certified is authenticated simultaneously completes the distribution of the user name of terminal to be certified, password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow process of another access control method embodiment that Fig. 3 provides for the embodiment of the present invention.As it is shown on figure 3, described method includes:
301, Radius certification authority server receives the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, described first coded image is that described Portal server generates and sends to described second terminal being redirected to described Portal server according to the information that AC described second terminal sent is corresponding, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the SSID on described AC.
302, according to the identification information of described first terminal and the identification information of locally stored certification terminal, Radius certification authority server determines whether described first terminal is certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal.
303, the access authority of described second terminal, username and password are sent to described AC by described Portal server by Radius certification authority server so that the described username and password according to described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
In an optional embodiment, described Radius certification authority server is described second terminal distribution username and password, and at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described second terminal distribution generates access authority for described second terminal on the SSID identified according to the access authority of locally stored described first terminal, described SSID identification information, including:
Described Radius certification authority server, from default visitor's flowing water account pond, takes out visitor's flowing water account of free time in turn, and described access flowing water account includes the user name preset, default password and default access authority;
The user name preset in described access flowing water account and the password preset are distributed to described second terminal as the username and password of described second terminal by described Radius certification authority server, and as the acquiescence access authority of described second terminal, the access authority preset in described access flowing water account is assigned as described second terminal;
On the SSID that described Radius certification authority server identifies according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described second terminal generates access authority for described second terminal.
Further alternative, on the SSID that described Radius certification authority server identifies according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described second terminal generates access authority for described second terminal, including:
The access authority configured on the SSID that described Radius certification authority server takes the access authority of described first terminal, described SSID identification information identifies and the union access authority as described second terminal giving tacit consent to access authority of described second terminal;Or
Described Radius certification authority server is using the access authority of the described first terminal access authority as described second terminal;Or
On the SSID that described SSID identification information is identified by described Radius certification authority server, the access authority of configuration is as the access authority of described second terminal;Or
Described Radius certification authority server takes the common factor of the access authority of described first terminal and the access authority of the upper configuration of the SSID that described SSID identification information identifies, then takes the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal;Or
Radius certification authority server takes the acquiescence access authority access authority as described second terminal of the second terminal.I.e. B_auth=R_auth.
Based on above-mentioned, the access authority of described second terminal, username and password are sent to described AC by described Portal server by described Radius certification authority server, including:
Described Radius certification authority server is sent to described AC by described Portal server after the access authority preset in described access flowing water account is replaced with the access authority of described second terminal.
Method and embodiment illustrated in fig. 1 that the present embodiment provides adapt, and are the descriptions that carry out of the angle from Radius certification authority server, detailed process can the description of embodiment shown in Figure 1, do not repeat them here.
The access control method that the present embodiment provides, the process that terminal to be certified is authenticated simultaneously completes the distribution of the user name of terminal to be certified, password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow chart of another access control method that Fig. 4 provides for the embodiment of the present invention.Before introducing the identifying procedure of the second terminal to be certified, first illustrating for information about the first terminal of certification stored on AC, Portal server and Radius certification authority server:
On Radius certification authority server, the information of the first terminal of storage includes: the user name of first terminal certification, the IP address of first terminal, the MAC Address of first terminal, the IP address of first terminal place AC, the access authority that first terminal obtains, etc..On Radius certification authority server, the information of the first terminal of storage can represent by an information group: A_authentication&authorization (A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.
The information of the first terminal of the upper storage of AC also includes: the user name of first terminal certification, the IP address of first terminal, the MAC Address of first terminal, the IP address of first terminal place AC, the access authority that first terminal obtains, etc..The information of the first terminal of the upper storage of AC can represent by an information group: A (A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but is not limited to this.
On Portal server, the information of first terminal of storage includes: the MAC Address of the user name of first terminal certification, the IP address of first terminal and first terminal, etc..
The present embodiment is for image in 2 D code, and as shown in Figure 4, described method includes:
41, AC opens access authority control, arranges Web turn function;Meanwhile, Radius certification authority server creates visitor's flowing water account pond, is used for storing visitor's flowing water account, and each visitor's flowing water account includes the user name preset, default password and default access authority etc..Represent by a tlv triple: visitor's flowing water account _ x (default user name, default password, default access authority);Wherein x is natural number numbering, such as 1,2,3;
42, the second terminal opens browser, accesses arbitrary URL, is equivalent to send access request;
43, AC intercepts the access request of the second terminal, and the second terminal is redirected to Portal server;
44, the second terminal access Portal server;
45, AC is the IP address of the second terminal, the MAC Address of the second terminal, the IP address of AC, the title of AC, the SSID on AC, and the authentication mode of acquiescence, the access authority of acquiescence passes to Portal server;
46, the AC information transmitted is carried out Quick Response Code coding by Portal server, generates image in 2 D code, and returns to the second terminal;
The information such as 47, first terminal uses Quick Response Code scanning software to scan the image in 2 D code in the second terminal, and resolves the MAC Address obtaining the second terminal wherein carried, the IP address of AC, the title of AC, the SSID on AC, the authentication mode of acquiescence, the online power of acquiescence;
48, the information of acquisition is sent to Portal server by first terminal;
49, after Portal server receives the information that first terminal sends, by sent along for the identification information of the information received and first terminal to Radius certification authority server.Wherein, the identification information of first terminal includes the MAC Address of the user name of first terminal certification, the IP address of first terminal and first terminal.
50, Radius certification authority server is from visitor's flowing water account pond, sequentially take out visitor's flowing water account of free time, and before the visitor's flowing water account taken out, increase the user name prefix of first terminal, form new visitor's flowing water account, i.e. A_username_ visitor's flowing water account _ x (user name of the second terminal, the password of the second terminal, the access authority of the second terminal), then by A_username_ visitor's flowing water account _ x (user name of the second terminal, the password of the second terminal, the access authority of the second terminal) it is sent to Portal server.
Wherein, Radius certification authority server specifically can generate access authority according to the access authority of configuration on the SSID that the access authority of locally stored described first terminal, described SSID identification information identify and at least one in the acquiescence access authority of described second terminal for described second terminal.For ease of describing, the access authority of first terminal can be designated as A_auth, on the SSID identify described SSID identification information, the access authority of configuration is designated as SSID_auth, the acquiescence access authority of the second terminal is designated as R_auth, the access authority of the second terminal is designated as B_auth.
Concrete, Radius certification authority server is that the second terminal generates access authority and can adopt but be not limited to following methods:
The access authority configured on the SSID that Radius certification authority server takes the access authority of described first terminal, described SSID identification information identifies and the union access authority as described second terminal giving tacit consent to access authority of described second terminal.I.e. B_auth=A_auth ∪ SSID_auth ∪ R_auth.Or
Radius certification authority server is using the access authority of the described first terminal access authority as described second terminal.I.e. B_auth=A_auth.Or
On the SSID that described SSID identification information is identified by Radius certification authority server, the access authority of configuration is as the access authority of described second terminal.I.e. B_auth=R_auth.Or
Radius certification authority server takes the common factor of the access authority of described first terminal and the access authority of the upper configuration of the SSID that described SSID identification information identifies, then takes the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal.I.e. B_auth=A_auth ∩ SSID_auth ∪ R_auth.Or
Radius certification authority server using the acquiescence access authority of the second terminal as the access authority of described second terminal.I.e. B_auth=R_auth.
As can be seen here, in actual applications, by A_auth, SSID_auth and the R_auth of making rational planning for, can be that the second terminal authorizes different network legal powers.
51, Portal server passes through portal protocol, and A_username_ visitor's flowing water account _ x (user name of the second terminal, the password of the second terminal, the access authority of the second terminal) is issued AC;
52, AC uses the username and password of the second terminal to initiate Radius protocol authentication;
53, Radius server return authentication result is to AC;
54, AC is according to authentication result, arranges the access authority of the second terminal;
55, AC is according to authentication result, to first terminal return authentication result;
56, AC is according to authentication result, to Portal server return authentication result;
57, AC is according to authentication result, to the second terminal return authentication result.
From above-mentioned, the access control method that the present embodiment provides, the image in 2 D code generated by the information that terminal to be certified is corresponding by certification terminal scanning, and information corresponding for the terminal to be certified obtained is supplied to Radius server by Portal server, make Radius server after determining that above-mentioned information is sent by certification terminal, for terminal distribution username and password to be certified, and the access authority according to certification terminal, the access authority of the upper configuration of the SSID of the AC that certification terminal and terminal to be certified access and for terminal distribution to be certified give tacit consent in access authority at least one dynamically distribute access authority, afterwards by access authority, username and password is supplied to AC, by AC use username and password complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow chart of another access control method that Fig. 5 provides for the embodiment of the present invention.As it is shown in figure 5, described method includes:
501, AC receives the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.
In the present embodiment, terminal to be certified passes through oneself scanning encoding image, in order to is authenticated and opens an account for oneself.
In the present embodiment, the network environment carrying out terminal to be certified being authenticated and opens an account mainly includes AC, Portal server and Radius certification authority server, but is not limited to this.Wherein, Portal server can independently realize, it is also possible to is integrated in AC and realizes.Radius certification authority server refers to that being integrated with network authorization controls the Radius server of function.
In the present embodiment, Radius certification authority server can generate coded image previously according to the coding indication information that terminal to be certified is corresponding, and this coded image is placed on the place that terminal to be certified can scan.Described coding indication information is for indicating information corresponding to terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.
Illustrating at this, the coded system that coded image is used by the embodiment of the present invention does not limit, for instance can be bar code, Quick Response Code or can also is that other coded systems being likely in the future develop, for instance three-dimension code.Wherein, Quick Response Code coding information quantity is relatively big, and is the coded system of comparatively maturation at present, and therefore, the coded image in the embodiment of the present invention is preferably image in 2 D code.Accordingly, coding indication information can be bar code instruction information, Quick Response Code instruction information or other coding indication information.
Illustrating, the identification information of terminal to be certified can be the MAC Address of terminal to be certified, or can be the combination of the IP address of terminal to be certified and MAC Address, etc..Described SSID identification information can be the SSID on the IP address of AC and AC, or can be the SSID on the IP address of AC, the title of AC and AC, etc..With IP address that the identification information of terminal to be certified is terminal to be certified and MAC Address, the SSID that described SSID identification information can be on the IP address of AC, the title of AC and AC is example, then described coding indication information can be (B_IP=0, B_MAC=0, AC_IP=0, AC_NAME=NULL, AC_SSID=NULL).Wherein, B represents terminal to be certified.
In actual applications, AC can open access authority control, in order to the terminal accessed to carry out online control, also can arrange Web turn function simultaneously, be authenticated being redirected on Portal server by the terminal needing certification.It addition, the Radius certification authority server of the present embodiment can prestore the access authority of some user names, password and correspondence, it is used for as the second terminal distribution to be certified.One is comparatively preferred embodiment: create visitor's flowing water account pond on Radius certification authority server, for storing visitor's flowing water account, visitor's flowing water account is numbered in a certain order, and each visitor's flowing water account includes the information such as the user name preset, default password and default access authority.
Illustrating at this, information corresponding to described terminal to be certified is except the identification information including terminal to be certified and described SSID identification information, it is also possible to include the information such as the access authority given tacit consent on the authentication mode of acquiescence AC on and AC.
When terminal to be certified needs to surf the Net, coded scanning software scans coded image can be used, coded image is resolved, obtain the coding indication information wherein carried.Then, the coding indication information of acquisition can be sent to AC by terminal to be certified.After AC receives coding indication information, the instruction according to this coding indication information, obtain the information that terminal to be certified is corresponding, i.e. the identification information of terminal to be certified and described SSID identification information.
502, AC obtains, according to described coding indication information, the information that described terminal to be certified is corresponding, and information corresponding for described terminal to be certified is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified.
After AC gets the information that terminal to be certified is corresponding, by Portal server, information corresponding for terminal to be certified is sent to Radius certification authority server.After Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, for terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.
Illustrate, Radius certification authority server has been pre-created visitor flowing water account pond, Radius certification authority server can from visitor's flowing water account pond, take out visitor's flowing water account of free time in turn, the user name preset in the visitor's flowing water account taken out and the password preset are distributed to terminal to be certified as the username and password of terminal to be certified, and the access authority preset in the visitor's flowing water account taken out is distributed to terminal to be certified as the acquiescence access authority of terminal to be certified.Then, on the SSID that Radius certification authority server identifies according to described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described terminal to be certified generates access authority for described terminal to be certified.
For ease of describing, it is possible on the SSID identify described SSID identification information, the access authority of configuration is designated as SSID_auth, the acquiescence access authority of terminal to be certified is designated as R_auth, the access authority of terminal to be certified is designated as B_auth.
Optionally, Radius certification authority server can adopt but be not limited to following several ways is terminal distribution access authority to be certified:
Radius certification authority server takes the union access authority as described terminal to be certified of the access authority of configuration on the SSID that described SSID identification information identifies and the acquiescence access authority of described terminal to be certified.I.e. B_auth=SSID_auth ∪ R_auth.Or
On the SSID that described SSID identification information is identified by Radius certification authority server, the access authority of configuration is as the access authority of described terminal to be certified.I.e. B_auth=R_auth.Or
Radius certification authority server takes the access authority of configuration on the SSID that described SSID identification information identifies and the access authority as described terminal to be certified that occurs simultaneously of the acquiescence access authority of described terminal to be certified.I.e. B_auth=SSID_auth ∩ R_auth.Or
Radius certification authority server using the acquiescence access authority of terminal to be certified as the access authority of described terminal to be certified.I.e. B_auth=R_auth.
As can be seen here, in actual applications, by SSID_auth and the R_auth that makes rational planning for, different network legal powers can be authorized for terminal to be certified.
503, AC receives the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends.
When the Radius certification authority server user name that has been terminal distribution to be certified, password and after generating access authority, it is possible to the access authority of terminal to be certified, username and password are sent to AC by Portal server.Accordingly, AC can receive the access authority of terminal described to be certified, the username and password that Radius certification authority server is sent by Portal server.
504, the username and password of described terminal to be certified is sent to described Radius certification authority server by AC, so that described terminal to be certified is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described terminal to be certified is arranged at this locality, sends described certification to described Portal server and described terminal to be certified and pass through result.
After AC receives the access authority of terminal to be certified, username and password, terminal to be certified is authenticated by the username and password based on terminal to be certified, and after certification is passed through, the access authority of terminal to be certified is arranged at this locality, thus the access authority according to set terminal to be certified controls the terminal to be certified access to network.
Concrete, the username and password of terminal to be certified can be sent to Radius certification authority server by AC, and so that terminal to be certified to be authenticated, this process referring to the same section in existing web authentication flow process, can not repeat them here.
AC receives the certification of Radius certification authority server return by after result, except the access authority in locally located terminal to be certified, also can send certification to terminal to be certified and Portal server etc. and pass through result.
From above-mentioned, the access control method that the present embodiment provides, by terminal to be certified oneself scanning encoding Image Acquisition coding indication information, and it is supplied to AC, and AC obtains, according to coding indication information, the information that terminal to be certified is corresponding, and it is supplied to Radius server by Portal server, make Radius server after determining and receiving above-mentioned information, for terminal distribution username and password to be certified, and according on the SSID of AC configuration access authority and for terminal distribution to be certified acquiescence access authority at least one dynamically distribute access authority, afterwards by access authority, username and password is supplied to AC, by AC use username and password complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow chart of another access control method that Fig. 6 provides for the embodiment of the present invention.As shown in Figure 6, described method includes:
601, Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.
602, Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.
603, the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server by Radius certification authority server so that the described username and password according to described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
In an optional embodiment, Radius certification authority server is described terminal distribution username and password to be certified, and at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified on the SSID identified according to described SSID identification information, including:
Described Radius certification authority server, from default visitor's flowing water account pond, takes out visitor's flowing water account of free time in turn, and described access flowing water account includes the user name preset, default password and default access authority;
The user name preset in described access flowing water account and the password preset are distributed to described terminal to be certified as the username and password of described terminal to be certified by described Radius certification authority server, and as the acquiescence access authority of described terminal to be certified, the access authority preset in described access flowing water account is assigned as described terminal to be certified;
On the SSID that described Radius certification authority server identifies according to described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.
Further alternative, on the SSID that described Radius certification authority server identifies according to described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified, including:
Described Radius certification authority server takes the union access authority as described terminal to be certified of the access authority of configuration on the SSID that described SSID identification information identifies and the acquiescence access authority of described terminal to be certified;Or
On the SSID that described SSID identification information is identified by described Radius certification authority server, the access authority of configuration is as the access authority of described terminal to be certified;Or
Described Radius certification authority server takes the access authority of configuration on the SSID that described SSID identification information identifies and the access authority as described terminal to be certified that occurs simultaneously of the acquiescence access authority of described terminal to be certified;Or
Described Radius certification authority server takes the acquiescence access authority access authority as described terminal to be certified of terminal to be certified.
Based on above-mentioned, the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server by described Radius certification authority server, including:
Described Radius certification authority server is sent to described AC by described Portal server after the access authority preset in described access flowing water account is replaced with the access authority of described terminal to be certified.
Method and embodiment illustrated in fig. 5 that the present embodiment provides adapt, and the present embodiment is the description that the angle from Radius certification authority server carries out, and idiographic flow can the description of embodiment shown in Figure 5.
The method that the present embodiment provides, the process that terminal to be certified is authenticated simultaneously completes the distribution of the user name of terminal to be certified, password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The flow chart of another access control method that Fig. 7 provides for the embodiment of the present invention.The present embodiment indicates information to illustrate for image in 2 D code and Quick Response Code.Before introducing the identifying procedure of terminal to be certified, first information is indicated to illustrate the image in 2 D code in the present embodiment and Quick Response Code: Radius certification authority server presets Quick Response Code instruction information, such as Quick Response Code instruction information=(B_IP=0, B_MAC=0, AC_IP=0, AC_NAME=NULL, AC_SSID=NULL, authentication mode=1 of acquiescence, acquiescence access authority=1), and to Quick Response Code indicate information carry out Quick Response Code coding generate image in 2 D code be placed on the place that terminal to be certified can scan.Wherein, B in Quick Response Code instruction information represents terminal to be certified, that is terminal to be certified to be authenticated and to open an account for instruction by Quick Response Code instruction information, it is necessary to use the IP address of terminal to be certified, the MAC Address of terminal to be certified, the IP address of terminal place AC to be certified, the title of this AC, the SSID of this AC and the information such as the authentication mode of acquiescence and access authority.Illustrating at this, in the present embodiment, Quick Response Code instruction information indicates the information relatively horn of plenty included, but it is all necessary for being not meant to all information.
As it is shown in fig. 7, described method includes:
71, AC opens access authority control, arranges Web turn function;Meanwhile, Radius certification authority server creates visitor's flowing water account pond, is used for storing visitor's flowing water account, and each visitor's flowing water account includes the user name preset, default password and default access authority etc..Represent by a tlv triple: visitor's flowing water account _ x (default user name, default password, default access authority);Wherein x is natural number numbering, such as 1,2,3;
72, terminal to be certified uses Quick Response Code scanning software scanning image in 2 D code, extracts Quick Response Code therein instruction information.
73, the Quick Response Code of extraction is indicated information to be sent to AC by terminal to be certified;
74, after AC receives Quick Response Code instruction information, obtain the information that terminal to be certified is corresponding, be then sent to Portal server.Here the information that terminal to be certified is corresponding includes: the IP address of terminal to be certified, the MAC Address of terminal to be certified, the IP address of terminal place AC to be certified, the title of this AC, the SSID of this AC and the information such as the authentication mode of acquiescence and access authority.
75, information corresponding for terminal to be certified is sent to Radius certification authority server by Portal server.
76, Radius certification authority server is from visitor's flowing water account pond, sequentially take out visitor's flowing water account of free time, and before the visitor's flowing water account taken out, increase the user name prefix of AC, form new visitor's flowing water account, i.e. AC_username_ visitor's flowing water account _ x (user name of terminal to be certified, the password of terminal to be certified, the access authority of terminal to be certified), it is then sent to Portal server.
Wherein, Radius certification authority server specifically can generate access authority according to the access authority of configuration on the SSID that described SSID identification information identifies and at least one in the acquiescence access authority of described terminal to be certified for described terminal to be certified.For ease of describing, it is possible on the SSID identify described SSID identification information, the access authority of configuration is designated as SSID_auth, the acquiescence access authority of terminal to be certified is designated as R_auth, the access authority of terminal to be certified is designated as B_auth.
Concrete, Radius certification authority server is that terminal to be certified generates access authority and can adopt but be not limited to following methods:
Radius certification authority server takes the union access authority as described terminal to be certified of the access authority of configuration on the SSID that described SSID identification information identifies and the acquiescence access authority of described terminal to be certified.I.e. B_auth=SSID_auth ∪ R_auth.Or
On the SSID that described SSID identification information is identified by Radius certification authority server, the access authority of configuration is as the access authority of described terminal to be certified.I.e. B_auth=R_auth.Or
Radius certification authority server takes the access authority of configuration on the SSID that described SSID identification information identifies and the access authority as described terminal to be certified that occurs simultaneously of the acquiescence access authority of described terminal to be certified.I.e. B_auth=SSID_auth ∩ R_auth.Or
Radius certification authority server takes the acquiescence access authority access authority as described terminal to be certified of terminal to be certified.I.e. B_auth=R_auth.
As can be seen here, in actual applications, by SSID_auth and the R_auth that makes rational planning for, different network legal powers can be authorized for terminal to be certified.
77, Portal server passes through portal protocol, and AC_username_ visitor's flowing water account _ x (user name of terminal to be certified, the password of terminal to be certified, the access authority of terminal to be certified) is issued AC;
78, AC uses the username and password of terminal to be certified to initiate Radius protocol authentication;
79, Radius server return authentication result is to AC;
80, AC is according to authentication result, arranges the access authority of terminal to be certified;
81, AC is according to authentication result, to terminal return authentication result to be certified.
From above-mentioned, the access control method that the present embodiment provides, scanned image in 2 D code by terminal to be certified oneself and obtain Quick Response Code instruction information, and it is supplied to AC, and AC indicates information corresponding to acquisition of information terminal to be certified according to Quick Response Code, and it is supplied to Radius server by Portal server, make Radius server after determining and receiving above-mentioned information, for terminal distribution username and password to be certified, and according on the SSID of AC configuration access authority and for terminal distribution to be certified acquiescence access authority at least one dynamically distribute access authority, afterwards by access authority, username and password is supplied to AC, by AC use username and password complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The method opened an account by terminal to be certified in verification process based on coding illustrating that the present embodiment provides by actual test and comparison is had the advantage that, comparative result is as shown in table 1.
Table 1
The structural representation of a kind of AC that Fig. 8 provides for the embodiment of the present invention.As shown in Figure 8, described AC includes: redirection module 801, receiver module 802 and identification processing module 803.
Redirection module 801, after intercepting the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to information corresponding to described second terminal and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the SSID on described AC;
Receiver module 802, for receiving user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority;Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server;
Identification processing module 803, the username and password of described second terminal for being received by receiver module 802 is sent to described Radius certification authority server, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal received by receiver module 802 is arranged at this locality, sends described certification to described Portal server and described second terminal and passes through result.
Optionally, described SSID identification information can include the SSID on the IP address of described AC and described AC, but is not limited to this.
Further alternative, information corresponding to described second terminal also includes: the authentication mode of acquiescence and the upper access authority given tacit consent to of described AC on described AC.
Each functional module of the AC that the present embodiment provides can be used for performing the flow process of the embodiment of access control method shown in Fig. 1, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The AC that the present embodiment provides, after intercepting the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to the information that described second terminal is corresponding and returns to described second terminal, and then make certification first terminal scan described coded image and by Portal server, information corresponding for the second terminal obtained is sent to Radius certification authority server, it is the second terminal distribution user name for Radius certification authority server, password also generates access authority and lays the first stone, the AC of the present embodiment is receiving the user name of the second terminal that Radius certification authority server returns, after password and access authority, complete the certification to the second terminal and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the AC of the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The structural representation of a kind of Portal server that Fig. 9 provides for the embodiment of the present invention.As it is shown in figure 9, described Portal server includes: receiver module 901 and sending module 902.
Receiver module 901, for receiving the access request that the second terminal to be certified sends, and receiving AC information corresponding to described second terminal sent, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the SSID on described AC.
Sending module 902, generates the first coded image of described second terminal, and described first coded image is sent to described second terminal for the information that described second terminal according to receiver module 901 reception is corresponding.
Receiver module 901, being additionally operable to receive the information that certification first terminal has sent described second terminal is corresponding, information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal.
Sending module 902, the identification information being additionally operable to information corresponding to described second terminal that received by receiver module 901 and described first terminal is sent to Radius certification authority server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal.
Receiver module 901, is additionally operable to receive the access authority of described second terminal, the username and password that described Radius certification authority server sends.
Sending module 902, the access authority of described second terminal, the username and password that are additionally operable to receive receiver module 901 are transmitted to described AC so that described AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
Each functional module of the Portal server that the present embodiment provides can be used for performing the flow process of the embodiment of access control method shown in Fig. 2, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The Portal server that the present embodiment provides, the AC provided with above-described embodiment matches, by the identification information of information corresponding for the second terminal and described first terminal is sent to Radius certification authority server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal, and then by the user name of the second terminal, password and access authority are transmitted to AC, make AC based on the user name of the second terminal, password the second terminal is authenticated and certification by after the access authority of the second terminal is arranged at this locality, owing to simultaneously completing the user name of terminal to be certified in the process that terminal to be certified is authenticated, the distribution of password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The structural representation of a kind of Radius certification authority server that Figure 10 provides for the embodiment of the present invention.As shown in Figure 10, described Radius certification authority server includes: receiver module 1001, distribution generation module 1002 and sending module 1003.
Receiver module 1001, for receiving the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, described first coded image is that described Portal server generates and sends to described second terminal being redirected to described Portal server according to the information that AC described second terminal sent is corresponding, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the SSID on described AC.
Distribution generation module 1002, determine whether described first terminal is certification terminal for the identification information of described first terminal received according to receiver module 1001 and the identification information of locally stored certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal.
Sending module 1003, for the access authority of described second terminal, username and password are sent to described AC by described Portal server so that the described username and password according to described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
In an optional embodiment, distribution generation module 1002 includes: acquiring unit, allocation units and generation unit.
Acquiring unit, for, from default visitor's flowing water account pond, taking out visitor's flowing water account of free time in turn, described access flowing water account includes the user name preset, default password and default access authority;
Allocation units, for the user name preset in described access flowing water account and the password preset are distributed to described second terminal as the username and password of described second terminal, and the access authority preset in described access flowing water account is assigned as described second terminal as the acquiescence access authority of described second terminal;
Generating unit, at least one in the access authority configured on the SSID that the access authority according to locally stored described first terminal, described SSID identification information identify and the acquiescence access authority of described second terminal generates access authority for described second terminal.
Further alternative, generate unit specifically for taking the access authority of described first terminal, the union access authority as described second terminal giving tacit consent to access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described second terminal;Or
Generate unit specifically for using the access authority of the described first terminal access authority as described second terminal;Or
Generate unit specifically for the SSID that identified by the described SSID identification information upper access authority the configured access authority as described second terminal;Or
The common factor of the access authority of the upper configuration of the SSID that described generation unit identifies specifically for taking the access authority of described first terminal and described SSID identification information, then take the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal;Or
Described generation unit specifically for using the acquiescence access authority of the second terminal as the access authority of described second terminal.
Based on above-mentioned, sending module 1003 is specifically for, after the access authority preset in described access flowing water account is replaced with the access authority of described second terminal, being sent to described AC by described Portal server.
Each functional module of the Radius certification authority server that the present embodiment provides can be used for performing the flow process of the embodiment of access control method shown in Fig. 3, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The Radius certification authority server that the present embodiment provides, the AC and the Portal server that there is provided with above-described embodiment match, it is unverified terminal distribution user name based on certification terminal, password and access authority, and by the user name of unverified terminal, password and access authority are supplied to AC, unverified terminal is authenticated by AC based on username and password, and certification by after corresponding access authority is arranged at this locality, owing to simultaneously completing the user name of terminal to be certified in the process that terminal to be certified is authenticated, the distribution of password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The structural representation of another AC that Figure 11 provides for the embodiment of the present invention.As shown in figure 11, described AC includes: receiver module 1101, acquisition module 1102, sending module 1103 and arrange module 1104.
Receiver module 1101, for receiving the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC;
Acquisition module 1102, obtains, for the described coding indication information received according to receiver module 1101, the information that described terminal to be certified is corresponding.
Sending module 1103, the information corresponding for the terminal described to be certified obtained by acquisition module 1102 is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified.
Receiver module 1101, is additionally operable to receive the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends.
Sending module 1103, the username and password of terminal described to be certified being additionally operable to receive receiver module 1101 is sent to described Radius certification authority server, so that described terminal to be certified to be authenticated.
Receiver module 1101, is additionally operable to receive the authentication result that described Radius certification authority server returns.
Arranging module 1104, the access authority of described terminal to be certified is arranged at this locality after passing through result by the certification for receiving the return of described Radius certification authority server at receiver module 1101.
Sending module 1103, is additionally operable to send described certification to described Portal server and described terminal to be certified and passes through result.
Optionally, described SSID identification information can include the SSID on the IP address of described AC and described AC, but is not limited to this.
Further alternative, information corresponding to described second terminal also includes: the authentication mode of acquiescence and the upper access authority given tacit consent to of described AC on described AC.
Each functional module of the AC that the present embodiment provides can be used for performing the flow process of the embodiment of access control method shown in Fig. 5, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The AC that the present embodiment provides, the information that terminal to be certified is corresponding is obtained according to the coding indication information that terminal to be certified sends, and it is sent to Radius certification authority server by Portal server, it is terminal distribution user name to be certified, password for Radius certification authority server and generates access authority and lay the first stone, the AC of the present embodiment after receiving the user name of terminal to be certified that Radius certification authority server returns, password and access authority, complete the certification to terminal to be certified and certification by after the access authority of terminal to be certified is arranged at this locality.Owing to the AC of the present embodiment simultaneously completes the distribution of the user name of terminal to be certified, password and access authority in the process that terminal to be certified is authenticated, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
The structural representation of the another kind of Radius certification authority server that Figure 12 provides for the embodiment of the present invention.As shown in figure 12, described Radius certification authority server includes: receiver module 1201, distribution generation module 1202 and sending module 1203.
Receiver module 1201, for receiving information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.
Distribution generation module 1202, for after receiver module 1201 receives the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.
Sending module 1203, for the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server so that the described username and password according to described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
In an optional embodiment, distribution generation module includes: acquiring unit, allocation units and generation unit.
Acquiring unit, for, from default visitor's flowing water account pond, taking out visitor's flowing water account of free time in turn, described access flowing water account includes the user name preset, default password and default access authority;
Allocation units, for the user name preset in described access flowing water account and the password preset are distributed to described terminal to be certified as the username and password of described terminal to be certified, and the access authority preset in described access flowing water account is assigned as described terminal to be certified as the acquiescence access authority of described terminal to be certified;
Generating unit, at least one in the access authority configured on the SSID identified according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.
Further alternative, generate the union access authority as described terminal to be certified giving tacit consent to access authority of unit access authority and described terminal to be certified specifically for taking configuration on the SSID that described SSID identification information identifies;Or
Generate unit specifically for the SSID that identified by the described SSID identification information upper access authority the configured access authority as described terminal to be certified;Or
Generate the access authority as described terminal to be certified that occurs simultaneously giving tacit consent to access authority of unit access authority and described terminal to be certified specifically for taking configuration on the SSID that described SSID identification information identifies;Or
Generate unit specifically for using the acquiescence access authority of terminal to be certified as the access authority of described terminal to be certified.
Based on above-mentioned, sending module is specifically for, after the access authority preset in described access flowing water account is replaced with the access authority of described terminal to be certified, being sent to described AC by described Portal server.
Each functional module of the Radius certification authority server that the present embodiment provides can be used for performing the flow process of the embodiment of access control method shown in Fig. 6, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The Radius certification authority server that the present embodiment provides, the AC provided with above-described embodiment matches, after receiving the information that the AC terminal to be certified provided is corresponding, for described terminal distribution username and password to be certified, and at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified on the SSID identified according to described SSID identification information, and by the user name of terminal to be certified, password and access authority are supplied to AC, unverified terminal is authenticated by AC based on username and password, and certification by after corresponding access authority is arranged at this locality, owing to simultaneously completing the user name of terminal to be certified in the process that terminal to be certified is authenticated, the distribution of password and access authority, verification process simultaneously completes opening an account to terminal, and whole process participates in without manager, be conducive to improving terminal to open an account speed, reduce and open an account the cycle.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can be completed by the hardware that programmed instruction is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program upon execution, performs to include the step of above-mentioned each embodiment of the method;And aforesaid storage medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CDs.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to foregoing embodiments, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein some or all of technical characteristic is carried out equivalent replacement;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (18)
1. an access control method, it is characterised in that including:
After access controller AC intercepts the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to information corresponding to described second terminal and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
Described access controller AC receives user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority;Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server;
The username and password of described second terminal is sent to described Radius certification authority server by described access controller AC, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal is arranged at this locality, sends described certification to described Portal server and described second terminal and pass through result.
2. an access control method, it is characterised in that including:
Portal server receives the access request that the second terminal to be certified sends, and receiving information corresponding to described second terminal that access controller AC sends, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
Described Portal server generates the first coded image of described second terminal according to the information that described second terminal is corresponding, and described first coded image is sent to described second terminal;
Described Portal server receives the information that described second terminal that certification first terminal sends is corresponding, and information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal;
The identification information of information corresponding for described second terminal and described first terminal is sent to Radius certification authority server by described Portal server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal;
Described Portal server receives the access authority of described second terminal, the username and password that described Radius certification authority server sends, and be transmitted to described access controller AC so that described access controller AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
3. an access control method, it is characterised in that including:
Radius certification authority server receives the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, information corresponding to described second terminal that described first coded image is described Portal server to be sent according to access controller AC generates and sends to described second terminal being redirected to described Portal server, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
According to the identification information of described first terminal and the identification information of locally stored certification terminal, described Radius certification authority server determines whether described first terminal is certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal;
The access authority of described second terminal, username and password are sent to described access controller AC by described Portal server by described Radius certification authority server so that described access controller AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
4. method according to claim 3, it is characterized in that, described Radius certification authority server is described second terminal distribution username and password, and at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described second terminal distribution generates access authority for described second terminal on the SSID identified according to the access authority of locally stored described first terminal, described SSID identification information, including:
Described Radius certification authority server, from default visitor's flowing water account pond, takes out visitor's flowing water account of free time in turn, and described access flowing water account includes the user name preset, default password and default access authority;
The user name preset in described access flowing water account and the password preset are distributed to described second terminal as the username and password of described second terminal by described Radius certification authority server, and as the acquiescence access authority of described second terminal, the access authority preset in described access flowing water account is assigned as described second terminal;
On the SSID that described Radius certification authority server identifies according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described second terminal generates access authority for described second terminal.
5. method according to claim 4, it is characterized in that, on the SSID that described Radius certification authority server identifies according to the access authority of locally stored described first terminal, described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described second terminal generates access authority for described second terminal, including:
The access authority configured on the SSID that described Radius certification authority server takes the access authority of described first terminal, described SSID identification information identifies and the union access authority as described second terminal giving tacit consent to access authority of described second terminal;Or
Described Radius certification authority server is using the access authority of the described first terminal access authority as described second terminal;Or
On the SSID that described SSID identification information is identified by described Radius certification authority server, the access authority of configuration is as the access authority of described second terminal;Or
Described Radius certification authority server takes the common factor of the access authority of described first terminal and the access authority of the upper configuration of the SSID that described SSID identification information identifies, then takes the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal;Or
Described Radius certification authority server using the acquiescence access authority of described second terminal as the access authority of described second terminal.
6. an access control method, it is characterised in that including:
Access controller AC receives the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID in described access controller AC;
Described access controller AC obtains, according to described coding indication information, the information that described terminal to be certified is corresponding, and information corresponding for described terminal to be certified is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified;
Described access controller AC receives the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends;
The username and password of described terminal to be certified is sent to described Radius certification authority server by described access controller AC, so that described terminal to be certified is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described terminal to be certified is arranged at this locality, sends described certification to described Portal server and described terminal to be certified and pass through result.
7. an access control method, it is characterised in that including:
Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that access controller AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID in described access controller AC;
Described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;
The access authority of described terminal to be certified, username and password are sent to described access controller AC by described Portal server by described Radius certification authority server so that described access controller AC according to the username and password of described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
8. method according to claim 7, it is characterized in that, described Radius certification authority server is described terminal distribution username and password to be certified, and at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified on the SSID identified according to described SSID identification information, including:
Described Radius certification authority server, from default visitor's flowing water account pond, takes out visitor's flowing water account of free time in turn, and described access flowing water account includes the user name preset, default password and default access authority;
The user name preset in described access flowing water account and the password preset are distributed to described terminal to be certified as the username and password of described terminal to be certified by described Radius certification authority server, and as the acquiescence access authority of described terminal to be certified, the access authority preset in described access flowing water account is assigned as described terminal to be certified;
On the SSID that described Radius certification authority server identifies according to described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.
9. method according to claim 8, it is characterized in that, on the SSID that described Radius certification authority server identifies according to described SSID identification information, at least one in the access authority of configuration and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified, including:
Described Radius certification authority server takes the union access authority as described terminal to be certified of the access authority of configuration on the SSID that described SSID identification information identifies and the acquiescence access authority of described terminal to be certified;Or
On the SSID that described SSID identification information is identified by described Radius certification authority server, the access authority of configuration is as the access authority of described terminal to be certified;Or
Described Radius certification authority server takes the access authority of configuration on the SSID that described SSID identification information identifies and the access authority as described terminal to be certified that occurs simultaneously of the acquiescence access authority of described terminal to be certified;Or
Described Radius certification authority server using the acquiescence access authority of described terminal to be certified as the access authority of described terminal to be certified.
10. an access controller AC, it is characterised in that including:
Redirection module, after intercepting the access request of the second terminal to be certified, described second terminal is redirected to Portal server, and information corresponding to described second terminal provide to described Portal server, so that described Portal server generates the first coded image corresponding to described second terminal according to information corresponding to described second terminal and returns to described second terminal, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
Receiver module, for receiving user name corresponding to described second terminal that Radius certification authority server sent by described Portal server, password and access authority;Wherein, described access authority is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates for described second terminal, described username and password is described Radius certification authority server at the identification information receiving information corresponding to described second terminal that described Portal server sends and certification first terminal, and determine that described first terminal is for after certification terminal according to the identification information of described first terminal and the identification information of locally stored certification terminal, for described second terminal distribution;Information corresponding to described second terminal and the identification information of described first terminal are described Portal server after receiving the information that described second terminal that described first terminal obtained is corresponding by described first coded image scanning in described second terminal, are sent to described Radius certification authority server;
Identification processing module, for the username and password of described second terminal is sent to described Radius certification authority server, so that described second terminal is authenticated, and after result is passed through in the certification receiving the return of described Radius certification authority server, the access authority of described second terminal is arranged at this locality, sends described certification to described Portal server and described second terminal and pass through result.
11. a Portal server, it is characterised in that including:
Receiver module, for receiving the access request that the second terminal to be certified sends, and receiving information corresponding to described second terminal that access controller AC sends, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
Sending module, generates the first coded image of described second terminal, and described first coded image is sent to described second terminal for the information corresponding according to described second terminal;
Described receiver module, being additionally operable to receive the information that certification first terminal has sent described second terminal is corresponding, information corresponding to described second terminal that described first terminal sends is that described first terminal is obtained by described first coded image scanning in described second terminal;
Described sending module, it is additionally operable to the identification information by information corresponding for described second terminal and described first terminal and is sent to Radius certification authority server, so that at the identification information of the locally stored certification terminal of the identification information according to described first terminal and described Radius certification authority server, described Radius certification authority server determines that described first terminal is for after certification terminal, for described second terminal distribution username and password the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution dynamically generates access authority for described second terminal;
Described receiver module, is additionally operable to receive the access authority of described second terminal, the username and password that described Radius certification authority server sends;
Described sending module, the access authority of described second terminal, the username and password that are additionally operable to receive described receiver module are transmitted to described access controller AC so that described access controller AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
12. a Radius certification authority server, it is characterised in that including:
Receiver module, for receiving the identification information of information corresponding to the second terminal to be certified that Portal server sends and certification first terminal, information corresponding to described second terminal is that described first terminal obtains and be sent to described Portal server by scanning the first coded image in described second terminal, information corresponding to described second terminal that described first coded image is described Portal server to be sent according to access controller AC generates and sends to described second terminal being redirected to described Portal server, information corresponding to described second terminal includes the identification information of described second terminal and for identifying the SSID identification information of the service set SSID in described access controller AC;
Distribution generation module, identification information for the identification information according to described first terminal and locally stored certification terminal determines whether described first terminal is certification terminal, and determining that described first terminal is for after certification terminal, for described second terminal distribution username and password, and the access authority according to locally stored described first terminal, the access authority configured on the SSID that described SSID identification information identifies and described Radius certification authority server are that at least one in the acquiescence access authority of described second terminal distribution generates access authority for described second terminal;
Sending module, for the access authority of described second terminal, username and password are sent to described access controller AC by described Portal server so that described access controller AC according to the username and password of described second terminal complete the certification to described second terminal and certification by after the access authority of described second terminal is arranged on this locality.
13. Radius certification authority server according to claim 12, it is characterised in that described distribution generation module includes:
Acquiring unit, for, from default visitor's flowing water account pond, taking out visitor's flowing water account of free time in turn, described access flowing water account includes the user name preset, default password and default access authority;
Allocation units, for the user name preset in described access flowing water account and the password preset are distributed to described second terminal as the username and password of described second terminal, and the access authority preset in described access flowing water account is assigned as described second terminal as the acquiescence access authority of described second terminal;
Generating unit, at least one in the access authority configured on the SSID that the access authority according to locally stored described first terminal, described SSID identification information identify and the acquiescence access authority of described second terminal generates access authority for described second terminal.
14. Radius certification authority server according to claim 13, it is characterized in that, the union of the access authority of described generation unit configuration specifically for taking the access authority of described first terminal, on SSID that described SSID identification information identifies and the acquiescence access authority of described second terminal is as the access authority of described second terminal;Or
Described generation unit is specifically for using the access authority of the described first terminal access authority as described second terminal;Or
Described generation unit specifically for the access authority of configuration on SSID that described SSID identification information is identified as the access authority of described second terminal;Or
The common factor of the access authority of the upper configuration of the SSID that described generation unit identifies specifically for taking the access authority of described first terminal and described SSID identification information, then take the union access authority as described second terminal giving tacit consent to access authority of described common factor and described second terminal;Or
Described generation unit specifically for using the acquiescence access authority of described second terminal as the access authority of described second terminal.
15. an access controller AC, it is characterised in that including:
Receiver module, for receiving the coding indication information that terminal to be certified sends, the second coded image that described coding indication information is terminal to be certified described in described terminal scanning to be certified obtains, described second coded image is that Radius certification authority server generates according to described coding indication information, described coding indication information is for indicating information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID in described access controller AC;
Acquisition module, for obtaining, according to described coding indication information, the information that described terminal to be certified is corresponding;
Sending module, the information corresponding for the terminal described to be certified obtained by described acquisition module is sent to described Radius certification authority server by Portal server, so that described Radius certification authority server is after receiving the information that described terminal to be certified is corresponding, dynamically access authority is generated for described terminal to be certified for the access authority of configuration on described terminal distribution username and password to be certified the SSID that identifies according to described SSID identification information and at least one in acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified;
Described receiver module, is additionally operable to receive the access authority of terminal described to be certified, the username and password that described Radius certification authority server sends;
Described sending module, the username and password of terminal described to be certified being additionally operable to receive described receiver module is sent to described Radius certification authority server, so that described terminal to be certified to be authenticated;
Described receiver module, is additionally operable to receive the authentication result that described Radius certification authority server returns;
Arranging module, the access authority of described terminal to be certified is arranged at this locality after passing through result by the certification for receiving the return of described Radius certification authority server at described receiver module;
Described sending module, is additionally operable to send described certification to described Portal server and described terminal to be certified and passes through result.
16. a Radius certification authority server, it is characterised in that including:
Receiver module, for receiving information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified is that access controller AC is receiving described terminal to be certified by after scanning the coding indication information that the second coded image obtains, obtain and be sent to described Portal server according to described coding indication information, described second coded image is that described Radius certification authority server generates according to the information that described terminal to be certified is corresponding, information corresponding to described terminal to be certified includes the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID in described access controller AC;
Distribution generation module, for after described receiver module receives the information that described terminal to be certified is corresponding, for described terminal distribution username and password to be certified, and on the SSID identified according to described SSID identification information, at least one in the access authority of configuration and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;
Sending module, for the access authority of described terminal to be certified, username and password are sent to described access controller AC by described Portal server so that described access controller AC according to the username and password of described terminal to be certified complete the certification to described terminal to be certified and certification by after the access authority of described terminal to be certified is arranged on this locality.
17. Radius certification authority server according to claim 16, it is characterised in that described distribution generation module includes:
Acquiring unit, for, from default visitor's flowing water account pond, taking out visitor's flowing water account of free time in turn, described access flowing water account includes the user name preset, default password and default access authority;
Allocation units, for the user name preset in described access flowing water account and the password preset are distributed to described terminal to be certified as the username and password of described terminal to be certified, and the access authority preset in described access flowing water account is assigned as described terminal to be certified as the acquiescence access authority of described terminal to be certified;
Generating unit, at least one in the access authority configured on the SSID identified according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.
18. Radius certification authority server according to claim 17, it is characterized in that, the union access authority as described terminal to be certified giving tacit consent to access authority of described generation unit access authority and described terminal to be certified specifically for taking configuration on the SSID that described SSID identification information identifies;Or
Described generation unit specifically for the access authority of configuration on SSID that described SSID identification information is identified as the access authority of described terminal to be certified;Or
The access authority as described terminal to be certified that occurs simultaneously giving tacit consent to access authority of described generation unit access authority and described terminal to be certified specifically for taking configuration on the SSID that described SSID identification information identifies;Or
Described generation unit specifically for using the acquiescence access authority of described terminal to be certified as the access authority of described terminal to be certified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310314455.6A CN103428203B (en) | 2013-07-24 | 2013-07-24 | Access control method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310314455.6A CN103428203B (en) | 2013-07-24 | 2013-07-24 | Access control method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428203A CN103428203A (en) | 2013-12-04 |
| CN103428203B true CN103428203B (en) | 2016-06-29 |
Family
ID=49652380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310314455.6A Active CN103428203B (en) | 2013-07-24 | 2013-07-24 | Access control method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103428203B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945380A (en) * | 2014-04-10 | 2014-07-23 | 深圳市信锐网科技术有限公司 | Method and system for network login authentication based on graphic code |
| CN104008325B (en) * | 2014-05-09 | 2017-01-04 | 武汉世纪金桥安全技术有限公司 | Mobile phone wireless Wi-Fi on-Internet true name identity authentication platform based on Quick Response Code and method |
| CN105101198A (en) * | 2014-05-14 | 2015-11-25 | 惠州Tcl家电集团有限公司 | Method and system for access to wireless network |
| CN104540127A (en) * | 2014-12-08 | 2015-04-22 | 哈尔滨工程大学 | Anti-free-network-use router access network right control method based on dynamic two-dimensional code |
| CN104618385A (en) * | 2015-02-13 | 2015-05-13 | 厦门乐享新传媒有限公司 | Method and system for connecting Internet |
| CN104822165B (en) * | 2015-03-27 | 2018-05-08 | 广东欧珀移动通信有限公司 | Control the method, apparatus and system of mobile terminal WIFI networking speeds |
| CN104869571B (en) * | 2015-05-19 | 2019-05-07 | 新华三技术有限公司 | A kind of method and apparatus of Portal rapid authentication |
| CN106789843B (en) * | 2015-11-23 | 2021-03-05 | 中国电信股份有限公司 | Method, PORTAL server and system for sharing internet access |
| CN106921636B (en) * | 2015-12-28 | 2020-05-08 | 华为技术有限公司 | Identity authentication method and device |
| CN107231338B (en) * | 2016-03-25 | 2022-07-08 | 北京搜狗科技发展有限公司 | Network connection method, device and device for network connection |
| CN106209912A (en) * | 2016-08-30 | 2016-12-07 | 迈普通信技术股份有限公司 | Access authorization methods, device and system |
| CN107277812A (en) * | 2017-07-11 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of wireless network authentication method and system based on Quick Response Code |
| CN107707560B (en) * | 2017-10-31 | 2019-11-08 | 迈普通信技术股份有限公司 | Authentication method, system, network access equipment and Portal server |
| CN108398567A (en) * | 2017-12-31 | 2018-08-14 | 深圳市金乐智能健康科技有限公司 | A kind of multifunctional household electromedical equipment control method and system |
| CN108282472B (en) * | 2018-01-16 | 2020-11-17 | 上海众人网络安全技术有限公司 | WIFI authentication method, device, server and storage medium |
| CN108495292B (en) * | 2018-03-14 | 2021-08-03 | 成都科木信息技术有限公司 | Intelligent household short-distance equipment communication method |
| CN108810896B (en) * | 2018-07-17 | 2020-11-06 | 上海连尚网络科技有限公司 | Connection authentication method and device of wireless access point |
| CN109861954B (en) * | 2018-07-24 | 2021-12-10 | 西安新路网络科技有限公司 | Authentication method, mobile terminal, PC (personal computer) terminal and auxiliary authentication server |
| CN110336870B (en) * | 2019-06-27 | 2024-03-05 | 深圳前海微众银行股份有限公司 | Method, device and system for establishing remote office operation and maintenance channel and storage medium |
| CN111600832B (en) * | 2019-07-25 | 2022-09-30 | 新华三技术有限公司 | Message processing method and device |
| CN113094719B (en) * | 2020-01-08 | 2023-08-08 | 钉钉控股(开曼)有限公司 | Access control method, device and equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003075516A1 (en) * | 2002-03-04 | 2003-09-12 | Telenor Asa | A system and method for controlling the access to an external network |
| EP1571802A1 (en) * | 2004-03-04 | 2005-09-07 | TeliaSonera Finland Oyj | Collecting accounting information in telecommunications system |
| CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
| CN102594835A (en) * | 2012-03-12 | 2012-07-18 | 北京建飞科联科技有限公司 | Real name authentication method and authentication platform of wireless networks in a wide range of public places |
| CN102893575A (en) * | 2010-05-13 | 2013-01-23 | 微软公司 | One time passwords with ipsec and ike version 1 authentication |
-
2013
- 2013-07-24 CN CN201310314455.6A patent/CN103428203B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003075516A1 (en) * | 2002-03-04 | 2003-09-12 | Telenor Asa | A system and method for controlling the access to an external network |
| EP1571802A1 (en) * | 2004-03-04 | 2005-09-07 | TeliaSonera Finland Oyj | Collecting accounting information in telecommunications system |
| CN102893575A (en) * | 2010-05-13 | 2013-01-23 | 微软公司 | One time passwords with ipsec and ike version 1 authentication |
| CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
| CN102594835A (en) * | 2012-03-12 | 2012-07-18 | 北京建飞科联科技有限公司 | Real name authentication method and authentication platform of wireless networks in a wide range of public places |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428203A (en) | 2013-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103428203B (en) | Access control method and equipment | |
| US8024777B2 (en) | Domain based authentication scheme | |
| CN102449976B (en) | System and method for accessing private digital content | |
| CN102597981B (en) | Modular device authentication framework | |
| CN107733861A (en) | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method | |
| CN104065616A (en) | Single sign-on method and system | |
| US8938789B2 (en) | Information processing system, method for controlling information processing system, and storage medium | |
| CN104144167B (en) | User login authentication method of open intelligent gateway platform | |
| CN104301418A (en) | Cross-domain single point login system and method based on SAML | |
| CN103856332A (en) | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication | |
| CN103209159A (en) | Portal authentication method and system | |
| CN101521577A (en) | Method, system and home gateway for authentication voucher uniform management based on home gateway | |
| CN101951379A (en) | Green browser and URL long-distance filtration mechanism used thereby | |
| CN103685204A (en) | Resource authentication method based on internet of things resource sharing platform | |
| CN103139137A (en) | Method and device for providing network service | |
| CN106982430A (en) | A kind of portal authentication method and system based on user's use habit | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| CN106302303A (en) | A kind of for across application user profile transmission log in agreement operation method | |
| CN109726545A (en) | A kind of information display method, equipment, computer readable storage medium and device | |
| CN102299945A (en) | Gateway configuration page registration method, system thereof and portal certificate server | |
| CN101325493B (en) | Method and system for authenticating a user | |
| CN103188208A (en) | Authority control method and authority control system of webpage access, and call center | |
| CN101051900B (en) | Method for correcting accession information by network | |
| JP2010033562A (en) | Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method | |
| CN110493175A (en) | A kind of information processing method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee after: RUIJIE NETWORKS CO., LTD. Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee before: Fujian Xingwangruijie Network Co., Ltd. |