CN104104516A - Portal authentication method and device - Google Patents
Portal authentication method and device Download PDFInfo
- Publication number
- CN104104516A CN104104516A CN201410369824.6A CN201410369824A CN104104516A CN 104104516 A CN104104516 A CN 104104516A CN 201410369824 A CN201410369824 A CN 201410369824A CN 104104516 A CN104104516 A CN 104104516A
- Authority
- CN
- China
- Prior art keywords
- address
- terminal
- authentication
- identification information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a Portal authentication method and device. The method comprises the following steps: receiving a network access request from a terminal through an access device; returning a redirected message through the access device; carrying a Portal server address and terminal identification information corresponding to the terminal through the redirected message, in order to send the terminal identification information to a Portal server through the terminal according to the Portal server address. With the adoption of the method and device, the problem of conflicting of an IP address in Portal authentication is solved.
Description
Technical field
The present invention relates to portal authentication technology, particularly a kind of Portal authentication method and equipment.
Background technology
Portal authentication, conventionally also referred to as web authentication, is generally called portal website by Portal authentication website, when user need to access the Internet, need to authenticate in portal website, only has authentication just can use Internet resources by rear.Development along with network technology, operator starts to adopt the networking mode of " LTE-Fi+AC ", to increase network utilization and deployment and the coverage rate of WLAN, in the networking of this mode, LTE-Fi as access device adopts distributed deployment, by wireless controller (Access Controller, AC), managed a plurality of LTE-Fi of these distributed deployments.Under each LTE-Fi, can access a plurality of terminals that need to use Internet resources, when these terminals will be used Internet resources, also need to carry out Portal authentication, but Portal authentication concentrates on AC and manages.For example, LTE-Fi, when receiving the Portal authentication request of terminal transmission, can be redirected to Portal server, by Portal server, the authentication request of terminal is forwarded to AC, the authentication of AC whereabouts certificate server; If authentication is passed through, AC can issue data retransmission rule to LTE-Fi, the data retransmission for terminal on LTE-Fi.
The problem that aforesaid way may exist is, the terminal needed IP address of surfing the Net is to be distributed by its associated LTE-Fi, if each LTE-Fi distributes own responsible IP address field separately, likely occur that two terminals under Different L TE-Fi have identical IP address; And the AC side authenticating in centralized management, AC distinguishes different terminals according to IP address, such as AC can record terminal authenticated the passing through that IP address is * * *, and search terminal corresponding to this IP address and be associated in which LTE-Fi, and send data retransmission rule to this LTE-Fi, if but AC side finds that two identical terminals in IP address will cause AC to distinguish, and therefore, can not occur the situation of IP address conflict at AC.For fear of IP address conflict, in correlation technique, have to be thought of as and between each different LTE-Fi, do the planning of IP address, can not be overlapping for the IP address field distributing between each LTE-Fi, but like this when LTE-Fi quantity much has thousands of sometimes, carry out the planning of IP address by being a very large workload, can not adapt to the large scale deployment of LTE-Fi.
Summary of the invention
In view of this, the invention provides a kind of Portal authentication method and equipment, the problem of the IP address conflict while authenticating to solve Portal.
Particularly, the present invention is achieved through the following technical solutions:
First aspect, provides a kind of Portal authentication method, comprising:
The network access request that access device receiving terminal sends;
Described access device returns to redirection message to described terminal, described redirection message carries Portal server address and terminal identification information corresponding to described terminal, so that described terminal is sent to Portal server according to described Portal server address by described terminal identification information.
Optionally, described terminal identification information, comprising: the MAC Address of described terminal.
Optionally, described terminal identification information also comprises following at least one: the IP address of described terminal; Or, the VLAN of the MAC Address of described access device and the access of described terminal; Or, timestamp information, described timestamp information is for representing the transmitting time of described redirection message.
Optionally, before the network access request that described access device sends at receiving terminal, also comprise: described access device receives the address assignment request that described terminal sends; Described access device is according to described address assignment request, be identified for distributing to the IP to be allocated address of described terminal, and whether the IP address of associated terminal that checks described access device is identical with described IP to be allocated address, if there is the IP address associated terminal identical with described IP to be allocated address, described IP to be allocated address changed to another IP address.
Optionally, also comprise: described access device is associated with new terminal foundation, and described new terminal is to move to described access device from another access device; When identical in the IP address of determining the IP address of described new terminal and the associated terminal of described access device, to described new terminal, send the address reprovision request that is used to indicate again request address; Described access device receives the address assignment request that described new terminal sends, and to described new terminal, distributes another IP address different from described IP address according to described address assignment request.
Second aspect, provides a kind of Portal authentication method, comprising:
The redirection message that Portal server receiving terminal sends, described redirection message carries IP address and the terminal identification information of described terminal;
Described Portal server obtains the authentication information of described terminal, and send authentication request to wireless controller AC, described authentication request is carried IP address and the described terminal identification information of described authentication information, described terminal, so that described AC identifies described terminal according to described IP address and described terminal identification information.
The third aspect, provides a kind of Portal authentication method, comprising:
Wireless controller receives the authentication request that Portal server sends, and carries an IP address, authentication information and the terminal identification information corresponding to described terminal of the described terminal of request authentication in described authentication request;
Described wireless controller is sent to certificate server by described authentication information corresponding to described MAC Address and an IP address and authenticates, and when authentication is passed through, access device to described terminal association sends data retransmission rule, and described data retransmission rule forwards the data of described terminal for described access device.
Optionally, described terminal identification information, comprising: the MAC Address of described terminal.
Optionally, in described terminal identification information, also comprise: the 2nd IP address corresponding to described terminal of encryption; After described wireless controller receives the authentication request of Portal server transmission, also comprise:
Described wireless controller is deciphered described terminal identification information, obtains described the 2nd IP address; Described wireless controller is by an IP address comparison of carrying in described the 2nd IP address and described authentication request, if a described IP address is different from the 2nd IP address, to described Portal server return authentication failure.
Optionally, in described terminal identification information, also comprise: timestamp information, described timestamp information is for representing the transmitting time of described redirection message; After described wireless controller receives the authentication request of Portal server transmission, also comprise: described wireless controller is deciphered described terminal identification information, obtain described timestamp information; Described wireless controller is by described timestamp information and current time comparison, if the interval between described timestamp information and described current time surpasses scheduled duration, to the failure of Portal server return authentication.
Optionally, in described terminal identification information, also comprise: the VLAN of the MAC Address of described access device and the access of described terminal; Described wireless controller sends data retransmission rule to the access device of described terminal association, comprising: described wireless controller, according to the VLAN of the MAC Address of described access device and the access of described terminal, sends data retransmission rule to described access device.
Fourth aspect, provides a kind of access device, comprising:
Receiving element, the network access request sending for receiving terminal;
Processing unit, for being carried at redirection message by Portal server address and terminal identification information corresponding to described terminal;
Transmitting element, for returning to described redirection message to described terminal, so that described terminal is sent to Portal server according to described Portal server address by described terminal identification information.
Optionally, described terminal identification information also comprises following at least one: the MAC Address of described terminal; Or, the IP address of described terminal; Or, the VLAN of the MAC Address of described access device and the access of described terminal; Or, timestamp information, described timestamp information is for representing the transmitting time of described redirection message.
Optionally, described receiving element, the address assignment request also sending for receiving described terminal;
Described processing unit, also for according to described address assignment request, be identified for distributing to the IP to be allocated address of described terminal, and whether the IP address of associated terminal that checks described access device is identical with described IP to be allocated address, if there is the IP address associated terminal identical with described IP to be allocated address, described IP to be allocated address changed to another IP address.
Optionally, described processing unit, also, for associated with new terminal foundation, described new terminal is to move to described access device from another access device; And the IP address of determining the IP address of described new terminal and the associated terminal of described access device is identical; Described transmitting element, also for sending the address reprovision request that is used to indicate again request address to described new terminal; Described receiving element, the address assignment request also sending for receiving described new terminal, and indicate described processing unit to described new terminal, to distribute another IP address different from described IP address according to described address assignment request.
The 5th aspect, provides a kind of Portal server, comprising:
Information receiving unit, the redirection message sending for receiving terminal, described redirection message carries IP address and the terminal identification information of described terminal;
Authentication request unit, for obtaining the authentication information of described terminal, and send authentication request to wireless controller AC, described authentication request is carried IP address and the described terminal identification information of described authentication information, described terminal, so that described AC identifies described terminal according to described IP address and terminal identification information.
The 6th aspect, provides a kind of wireless controller, comprising:
Request reception unit, for receiving the authentication request of Portal server transmission, carries an IP address, authentication information and the terminal identification information corresponding to described terminal of the described terminal of request authentication in described authentication request; Authentication processing unit, authenticates for described authentication information corresponding to described MAC Address and an IP address is sent to certificate server; Result transmitting element, for when authentication is passed through, to the access device transmission data retransmission rule of described terminal association, described data retransmission rule forwards the data of described terminal for described access device.
Optionally, described authentication processing unit, also for deciphering described terminal identification information, obtains the 2nd IP address that terminal identification information comprises; By an IP address comparison of carrying in described the 2nd IP address and described authentication request; A described IP address is different from the 2nd IP address, indicates described result transmitting element to described Portal server return authentication failure.
Optionally, described authentication processing unit, also, for deciphering described terminal identification information, obtains the timestamp information that terminal identification information comprises, described timestamp information is for representing the transmitting time of described redirection message; By described timestamp information and current time comparison, if the interval between described timestamp information and described current time surpasses scheduled duration, indicate described result transmitting element to described Portal server return authentication failure.
Optionally, in the described terminal identification information that described request receiving element receives, also comprise: the VLAN of the MAC Address of described access device and the access of described terminal; Described result transmitting element, when sending data retransmission rule, specifically, for according to the VLAN of the MAC Address of described access device and the access of described terminal, sends data retransmission rule to described access device.
Portal authentication method of the present invention and equipment, AP is when sending redirection message to terminal, the terminal identification information of terminal also can be sent to terminal together, terminal can also send to Portal server by this terminal identification information when being redirected to Portal server like this, make Portal server also can equally the terminal identification information of this terminal be sent to AC when AC sends authentication request, AC just can be in conjunction with this identical terminal in terminal identification information identification IP address.
Accompanying drawing explanation
Fig. 1 is the application scenarios figure of the Portal authentication method that provides of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of a kind of Portal authentication method of providing of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the another kind of Portal authentication method that provides of the embodiment of the present invention;
Fig. 4 is the schematic flow sheet of another Portal authentication method of providing of the embodiment of the present invention;
Fig. 5 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention;
Fig. 6 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention;
Fig. 7 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention;
Fig. 8 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention;
Fig. 9 is the structural representation of the access device AP that provides of the embodiment of the present invention;
Figure 10 is the structural representation of the Portal server that provides of the embodiment of the present invention;
Figure 11 is the structural representation of the wireless controller that provides of the embodiment of the present invention.
Embodiment
Portal authentication is a kind of conventional gate verification mode in access to netwoks, by Portal authentication application, in the networking of " LTE-Fi+AC ", (LTE-FI is the product that 4G and WIFI merge in current operator, by 4G-LTE technology and WiFi technology are organically combined, the passback WiFi business using 4G network as transparent channel), referring to Fig. 1, Fig. 1 is the application scenarios figure of the Portal authentication method that provides of the embodiment of the present invention.LTE-Fi is by the combination of 4G network and WiFi technology, the passback WiFi business using 4G network as transparent channel, the function of LTE-Fi is integrated FitAP and 4G (Fit AP and Fat AP comparatively speaking, Fat AP by the physical layer of WLAN, encryption, user authenticate, the function such as network management rolls into one; And FitAP is an AP who only has radio frequency and communication function, function singleness, can not work alone).In large-scale carrier network, because customer volume is larger, LTE-Fi adopts distributed deployment, referring to Fig. 1, the embodiment of the present invention is by LTE-Fi referred to as AP, and Fig. 1 shows three AP, respectively AP1, AP2 and AP3, each AP is respectively to being associated with subscriber equipment (User Equipment, UE) the distributing IP address of oneself, but the UE of these three AP all concentrates user management in AC side.
The scene of Fig. 1 of take is example, and when carrying out Portal authentication, the network access request that UE sends to AP, can be redirected to Portal server by AP, and UE needs input authentication information (for example, username and password) to Portal server; By Portal server, to AC, send authentication request again, carry sign and the authentication information of UE.And, each UE under three AP shown in Fig. 1 (for example, UE1, UE2 and UE3), when carrying out Portal authentication, authentication request all can be concentrated and to be issued AC by Portal, then by AC, authentication information is sent to certificate server (for example, aaa server) and authenticates.
The Portal authentication method of the present embodiment, by the Portal identifying procedure for above-mentioned, AC during the UE under each AP, can be distinguished different UE in centralized management, even and the identical situation in IP address appearred in the UE under different AP, also can distinguish at AC.Refer to following each embodiment:
Embodiment mono-
Fig. 2 is the schematic flow sheet of a kind of Portal authentication method of providing of the embodiment of the present invention, and the method for the present embodiment is carried out by access device AP (being LTE-Fi), take AP2 as example; Can comprise:
201, AP receives the network access request that UE sends;
For example, this network access request is the HTTP access request of initiating to certain URL, and the UE2 such as associated under AP2, access the website of certain .com domain name, and UE2 will send the access request that will access this domain name to AP2 so.It should be noted that, now, when UE initiates access request to AP, it is upper that UE has been associated in AP, comprises that AP has set up wireless connections and distributed IP address for UE with UE.
202, AP returns to redirection message to terminal, and this redirection message carries Portal server address and terminal identification information corresponding to terminal;
In the present embodiment, when AP receives the access request that UE sends, but while finding that UE not yet carries out Portal authentication (only have Portal authentication by just can accesses network resource), AP can be redirected to Portal server by UE and authenticate.
Concrete, take AP2 as example, AP2 can send redirection message to UE2, and this redirection message carries Portal server address, so that UE2 connects Portal server according to this Portal server address; And in redirection message, go back the terminal identification information that carried terminal is corresponding.AP2 is sent to UE2 by terminal identification information, and UE2, when accessing to Portal server according to Portal server address, can send to Portal server together by this terminal identification information.
Optionally, in above-mentioned terminal identification information, can comprise: the MAC Address of UE2, Portal server is sent to MAC Address after AC, AC realizes the differentiation to the identical terminal in IP address according to this MAC Address.In concrete enforcement, also can adopt other information outside MAC Address to carry out identification terminal, as long as can play the function that the terminal of identical ip addresses is distinguished.
The Portal authentication method of the present embodiment, AP is when sending redirection message to terminal, the MAC Address of terminal also can be sent to terminal together, terminal can also send to Portal server by this MAC Address when being redirected to Portal server like this, make Portal server also can equally the MAC Address of this terminal be sent to AC when AC sends authentication request, AC just can be in conjunction with this MAC Address identification terminal.
Embodiment bis-
Fig. 3 is the schematic flow sheet of the another kind of Portal authentication method that provides of the embodiment of the present invention, and the method for the present embodiment is to be carried out by Portal server; As shown in Figure 3, can comprise:
301, the redirection message that Portal server receiving terminal sends, IP address and the terminal identification information of this message carried terminal;
For example, this terminal identification information comprises: the MAC Address of terminal;
In the present embodiment, the terminal identification information that terminal sends to Portal server, is to be sent to terminal by the associated AP of terminal; It should be noted that, the present embodiment sends to the message that carries Portal server address of terminal to be called redirection message AP, the access request (carried terminal identification information) that terminal is sent to Portal server according to this Portal server address, also referred to as redirection message, can certainly adopt other titles in concrete enforcement.
302, Portal server obtains the authentication information of described terminal, and sends authentication request to wireless controller AC, and this authentication request is carried IP address and the above-mentioned terminal identification information of authentication information, terminal;
In the present embodiment, Portal server is after receiving the redirection message of UE transmission, login interface can be pushed to UE, the user of UE side returns to Portal server after this interface input username and password, and this username and password can be called authentication information.
Portal server will send authentication request to AC, carry the IP address of above-mentioned authentication information, terminal and the MAC Address of the UE in above-mentioned terminal identification information; Like this, AC side just can be according to IP address and MAC Address identification terminal, such as AC can be recorded as the authentication information of the terminal that " IP+MAC " is corresponding.
The Portal authentication method of the present embodiment, Portal server can send the IP address of UE when AC sends authentication request together with terminal identification information; At AC, just can identify different UE according to " IP+MAC " like this, even if the IP address of two UE is identical, but both MAC Address are different, so AC still can identify this two UE, thereby have solved IP address conflict problem.
Embodiment tri-
Fig. 4 is the schematic flow sheet of another Portal authentication method of providing of the embodiment of the present invention, and the method for the present embodiment is to be carried out by wireless controller AC; As shown in Figure 4, can comprise:
401, AC receives the authentication request that Portal server sends;
Wherein, Portal server is after receiving the authentication information of UE (comprising username and password), this authentication information can be carried in authentication request and be sent to AC, in authentication request, also carry terminal identification information (MAC Address of UE) corresponding to IP address, UE of UE.In the present embodiment, for subsequent embodiment in the IP address that occurs distinguish, the present embodiment is called an IP address by the IP address of the UE carrying in the authentication request here.
402, AC is sent to certificate server by the authentication information of terminal corresponding to MAC Address and an IP address and authenticates, and authentication by time, to the AP of terminal association, send data retransmission rule.
In the present embodiment, AC distinguishes different terminals according to " IP+MAC ", and AC can for example, be sent to certificate server, for example aaa server by the authentication information of terminal (comprising username and password).After aaa server authentication is passed through, AC can be sent to data retransmission rule the associated AP of terminal.This data retransmission rule is for AP, to forward the data of terminal.
The Portal authentication method of the present embodiment, AC can get IP address and the MAC Address of terminal, and distinguish different terminals according to " IP+MAC ", even like this in the user of AC centralized management, there is the IP address of two UE identical, but because both MAC Address is different, so AC also can distinguish this two UE, thereby solved the problem of IP address conflict.
By the method for the embodiment of the present invention, the effective problem of settling IP address conflict, even if there is the identical UE in IP address, AC also can be distinguished in conjunction with MAC, so just make to not be used in the distribution of the AP side unified planning IP address field of distributed deployment, do not need to divide independent IP address field to each AP, reduced workload, be conducive to the large scale deployment of LTE-Fi equipment.
Embodiment tetra-
Fig. 5 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention, and the method for the present embodiment has been described the entire flow that is coordinated the Portal authentication of carrying out by equipment such as AP, Portal and AC; As shown in Figure 5, the method for the present embodiment can comprise:
501, UE sends network access request to AP;
Wherein, when UE and AP set up wireless connections, and AP is that UE has distributed behind IP address, and UE sends network access request to AP.
502, AP returns to the first redirection message to UE;
Wherein, when AP determines that UE not yet carries out Portal authentication (if by authentication, AP side has record), AP will send redirection message to UE, and the present embodiment is called the first redirection message.
Concrete, in this first redirection message, carrying Portal server address and terminal identification information corresponding to UE, in this terminal identification information, can comprise: the MAC Address of UE.In the present embodiment, in order to guarantee safety, terminal identification information adopts encryption; For example, (Data Encryption Standard is called for short: DES) or the cryptographic algorithm such as Advanced Encryption Standard (Advanced Encryption Standard, AES) can to adopt DEA.Cryptographic algorithm and relevant parameter that AP adopts can configure at AP in advance.The terminal identification information of encrypting can be to arrange in certain the privately owned field in the first redirection message.
503, UE sends the second redirection message to Portal server;
In this step, UE will send the second redirection message to Portal server according to Portal server address, wherein carry the IP address of UE and the terminal identification information of encrypting.That is to say, UE, after receiving the terminal identification information of encryption from AP, can, when redirected, be sent to Portal server by the terminal identification information of this encryption.
It should be noted that, in 502, AP, when sending the first redirection message to UE, outside Portal server address and terminal identification information, can also carry other parameter, and such as IP address of AP etc., this is routine techniques, and the present embodiment no longer describes in detail; And same, UE is when sending the second redirection message to Portal server, outside the IP address and terminal identification information of UE, also can carry other parameters, the service set that for example UE adds (Service Set Identifier, SSID) etc.
504, Portal server sends login interface to UE;
Wherein, Portal server can extract the IP address of the UE in the second redirection message receiving, the terminal identification information of encryption etc., and preserves.
505, UE sends authentication information to Portal server;
For example, the user of UE side can pass through login interface, inputs the information such as user name, password, is sent to Portal server, and request authenticates authentication information.
506, Portal server sends authentication request to AC, in this authentication request, carries: IP address and the terminal identification information of UE;
In the present embodiment, Portal server is the terminal identification information of the encryption receiving in 504, is sent to AC with together with the IP address of UE; Certainly, in authentication request, also carry the authentication information for request authentication, such as user's username and password.
507, AC is sent to aaa server request authentication by MAC and authentication information corresponding to IP;
In the present embodiment, AC, as the equipment of each UE under the different AP of centralized management, distinguishes different UE with the combination of " IP+MAC "; For example, AC can record the UE1 that " IP1+MAC1 " is corresponding, and its authentication information is * * * *, the UE2 that record " IP2+MAC2 " is corresponding, and its authentication information is * * * *.AC is by authentication information corresponding to UE, and for example username and password, is sent to AAA request authentication.
508, AC receives the notice of the authentication success that aaa server returns;
509, AC is to the success of Portal server notification authentication;
In addition, Portal server, after receiving the notice of authentication success, can be notified UE authentication success, and these can carry out according to routine techniques, and the present embodiment no longer describes in detail.
510, AC sends data retransmission rule to MAC and the associated AP of UE corresponding to IP;
In the present embodiment, AC, after determining the UE authentication success that " IP+MAC " is corresponding, will issue the data retransmission rule that this UE is corresponding, and this rule will be issued on the associated AP of UE; For example, referring to the UE1 in Fig. 1, AC can be sent to AP1 by data retransmission rule, and AP1 will forward the data of UE according to this rule.
The Portal authentication method of the present embodiment, Portal server can all be sent to AC by corresponding IP address and the MAC Address of UE, AC can be according to IP+MAC " identify different UE, thus even if make AC find two UE that IP address is identical, also can distinguish in conjunction with MAC.
Embodiment five
The difference of the present embodiment and embodiment tetra-is, in terminal identification information, also comprise the some other information outside the MAC Address of UE, these information are for improving the fail safe of Portal authentication, refer to following Fig. 6 flow process, Fig. 6 only shows some main flow processs that distinguish with embodiment tetra-, and for identical flow process, such as authentication information is sent to aaa server etc., the present embodiment also can be carried out, but these will no longer be repeated in this description in the present embodiment, in Fig. 6, also no longer show.
Fig. 6 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention, and as shown in Figure 6, the method for the present embodiment can comprise:
601, UE sends network access request to AP;
602, AP returns to the first redirection message to UE;
In the present embodiment, the terminal identification information of carrying Portal server address in the first redirection message and encrypting, this terminal identification information not only comprises the MAC Address of UE, also comprise following at least one: IP address and the timestamp information of UE, this timestamp information is for representing the transmitting time of the first redirection message.The meaning of at least one described here is, outside the MAC Address of UE, can only include the IP address of UE or only include timestamp information or timestamp information and IP address are both included in terminal identification information in terminal identification information.
603, UE sends the second redirection message to Portal server, and the terminal identification information of encryption is also carried at and in message, is sent to Portal server;
604, Portal server sends login interface to UE;
605, UE sends authentication information to Portal server;
606, Portal server sends authentication request to AC, in this authentication request, carries: the IP address of UE and the terminal identification information of encryption;
In this step, the IP address of the UE that Portal server sends to AC has two, and one of them IP address UE in 603 is sent to Portal server, and this is also that in routine techniques, Portal server need to be sent to AC by the IP address of UE; Another IP address is to be carried in the terminal identification information of encryption, the terminal identification information of this encryption is after AP side is encrypted, by UE, be transmitted to Portal server, Portal server can not deciphered this information yet, but the terminal identification information of this encryption is sent to AC, terminal identification information has comprised the IP address of UE.
In order clearly to distinguish this two IP addresses when the subsequent descriptions, the IP address that the terminal identification information of encryption can be comprised is called the 2nd IP address, and another is called to an IP address.
607, AC deciphering terminal identification information, obtains IP address and timestamp information;
In the present embodiment, AC deciphering terminal identification information can obtain comprising the 2nd IP address, can also obtain timestamp information.As illustrated above, terminal identification information comprises at least one in the 2nd IP address and timestamp information, is all to carry as example with both here.
In addition, AC and AP can be pre-configured identical cryptographic algorithm and relevant parameters, and terminal identification information is after AP side is encrypted like this, and AC can adopt identical algorithm to be decrypted.
608, AC carries out initial authentication judgement according to the terminal identification information of deciphering;
For example, AC can carry out the comparison of IP address, by an IP address of carrying in authentication request and the 2nd IP address comparison that deciphering obtains, if an IP address is different from the 2nd IP address, shows authentification failure, carries out 609; Otherwise, after AC initial authentication is passed through, can be then by AC to aaa server request authentication, can be in conjunction with referring to embodiment tetra-.
IP address relatively judges whether that authentication, by being such, is exemplified below: suppose that UE1 is carrying out Portal identifying procedure, request access Internet resources; Certain user UE4 wants counterfeit UE1, it has intercepted and captured the terminal identification information of the encryption that UE1 carries when Portal sends the first redirection message, because according to the flow process of the present embodiment, UE1 is the terminal identification information of this encryption need to be sent to Portal when redirected, and therefore counterfeit user can be sent to Portal server by the terminal identification information of encryption after intercepting and capturing.But, what in terminal identification information, carry is the IP address of UE1, and the IP address that another IP address of also carrying in the authentication request that UE4 sends to Portal server is UE4 self, these two addresses are different, and AC can judge that the terminal identification information of encryption may be intercepted and captured by counterfeit user accordingly.
Again for example, AC can also compare according to timestamp information, and by timestamp information and current time comparison, this current time can be the time that AC deciphering obtains this timestamp, or can be also the time that AC receives this authentication request, this processes the time of authentication request also to can be described as AC; For example, if the interval between timestamp information and current time surpasses scheduled duration (this scheduled duration is 5 minutes), to the failure of Portal server return authentication.
By timestamp relatively judge whether authentication by being such, be exemplified below: suppose that UE1 is carrying out Portal identifying procedure, AP, after receiving the network access request of UE1, has returned to timestamp information to UE1; Under normal circumstances, if UE1 continue to carry out follow-up login Portal, to AC request authentication etc., should be unable to be too of a specified duration when AC receives the authentication request that Portal server sends.But some special circumstances, such as Portal server pushes after login interface to UE1, the user of UE1 does not input username and password and authenticates, but stops input then do other thing, and this identifying procedure has just interrupted here at login interface so.
The user of UE1 likely preserves this login interface such as being placed on collection, while netting Deng second the sky, directly opening the login interface of collection yesterday inputs, but now the IP address of possibility UE1 is different from yesterday (when user surfs the Net, will redistribute IP address), that is to say that so the IP address in the terminal identification information of the encryption that Portal server received and stores in yesterday is the UE1 of yesterday, this does not just meet actual conditions, need UE1 again to AP, to send primary network access request, by AP, again to UE, issue the terminal identification information of the encryption that once carries this IP address, therefore, this AC will feed back authentification failure, trigger Portal server notice UE and restart access.
609, AC is to the failure of Portal server return authentication.
The Portal authentication method of the present embodiment, by add IP address and the timestamp information of UE in terminal identification information, make AC just to judge user's authentication information existing problems according to these information before AAA request authentication, directly to the failure of Portal return authentication; Accelerate like this speed of identifying procedure, and improved the fail safe of authentication.
Embodiment six
The present embodiment, on the process base of embodiment tetra-, has increased in terminal identification information: the vlan information of the MAC Address of AP and UE access; Certainly, in terminal identification information, also can comprise the timestamp described in embodiment five etc.The vlan information of the MAC Address of AP and UE access, is mainly for when authentication is passed through, and improves the downloading speed of data retransmission rule.
For example, AC is after receiving the notice that authentication that aaa server returns passes through, and AC will issue data retransmission rule to AP; Now, the MAC Address of the AP that AC can obtain according to deciphering terminal identification information and the vlan information of UE access, fast and accurately data retransmission rule is issued to AP, and the vlan information correspondence of UE access certain port on AP, to this port, issued the data retransmission rule for UE.
Embodiment seven
The present embodiment for be mainly UE in the situation of different AP internetwork roamings, for example, suppose that UE1 roams to AP2 from AP1, now AP2 can carry out the method for the present embodiment, solves the problem of IP address conflict.Fig. 7 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention, as shown in Figure 7, can comprise:
701, AP receives the address assignment request that UE sends;
For example, be positioned at UE2 associated under AP2, to AP2, send address assignment request.
702, AP, according to address assignment request, is identified for distributing to the IP to be allocated address of UE;
For example, AP2 determines that IP to be allocated address is IP1, prepares IP1 to distribute to UE2.
703, AP checks that whether the IP address of associated terminal is identical with IP to be allocated address;
Whether for example, aforesaid UE1 roams to AP2 from AP1, and AP2 is the IP address of associated terminal UE1 more, identical with address ip 1 to be allocated.If identical, carry out 704.
704, AP changes to another IP address by IP to be allocated address;
For example, AP2, by IP address ip 1 to be allocated, changes to IP2, and IP1 and IP2 are that AP2 selects to distribute from own responsible IP section certainly.
705, AP is sent to UE by IP address.
For example, AP2 is sent to UE2 by IP2, as the IP address that is dispensed to UE2.If it is different that the judged result in 703 is two IP addresses, AP2 can directly be sent to UE by initial address ip to be allocated 1.
In the flow process shown in Fig. 7, AP, being while being associated with the UE distributing IP address of oneself, can first check in the terminal of association oneself whether have the terminal identical with IP to be allocated, if had, changes IP and distributes.
Fig. 8 is the signalling diagram of another Portal authentication method of providing of the embodiment of the present invention, as shown in Figure 8, can comprise:
801, AP sets up associated with new terminal;
For example, UE1 roams to AP2 from AP1, and so for AP2, UE1 is new terminal.
802, AP determines that the IP address of the IP address of new terminal and the associated terminal of AP is identical;
For example, the associated terminal of AP2 is UE2, and the IP address of UE2 is identical with the IP address of UE1, and the IP address of the UE1 is here that UE1 roaming distributes at AP1 before.When AP2 finds that both IP address is identical, can continue to carry out 803;
803, AP sends series of fortified passes connection indication to new terminal;
For example, AP2 sends series of fortified passes connection indication to UE1, and notice UE1 re-starts association.
804, new terminal is indicated according to series of fortified passes connection, and between AP, carries out series of fortified passes connection flow process, and asks AP distributing IP address;
The series of fortified passes connection indication that UE1 can send according to AP, and between AP, carry out series of fortified passes connection flow process; For example UE1 starts association to AP transmission association request frame, carries the information such as SSID and negotiated speed, and series of fortified passes connection flow process can be carried out according to old process, no longer describes in detail.Set up after association, UE1 will ask distributing IP address to AP.
805, AP distributes another IP address to new terminal;
Now AP2 can distribute an IP address different from UE2 to UE1.
By the Portal authentication method of the present embodiment, AP side can, when the UE of association roaming, be avoided the generation of the IP address conflict situation under same AP.
Following embodiment eight to embodiment ten, provides the structure of equipment, only device structure is simply described in these embodiments, and its concrete operation principle can be in conjunction with referring to embodiment of the method.
Embodiment eight
Fig. 9 is the structural representation of the access device AP that provides of the embodiment of the present invention, and as shown in Figure 9, this AP can comprise: receiving element 91, processing unit 92 and transmitting element 93; Wherein,
Receiving element 91, the network access request sending for receiving terminal;
Processing unit 92, for being carried at redirection message by Portal server address and terminal identification information corresponding to described terminal; For example, this terminal identification information comprises: the MAC Address of terminal;
Transmitting element 93, for returning to described redirection message to described terminal, so that described terminal is sent to Portal server according to described Portal server address by described terminal identification information.
Further, described terminal identification information also comprises following at least one: the IP address of described terminal; Or, the VLAN of the MAC Address of described access device and the access of described terminal; Or, timestamp information, described timestamp information is for representing the transmitting time of described redirection message.
Further, described receiving element 91, the address assignment request also sending for receiving described terminal; Described processing unit 92, also for according to described address assignment request, be identified for distributing to the IP to be allocated address of described terminal, and whether the IP address of associated terminal that checks described access device is identical with described IP to be allocated address, if there is the IP address associated terminal identical with described IP to be allocated address, described IP to be allocated address changed to another IP address.
Further, described processing unit 92, also, for associated with new terminal foundation, described new terminal is to move to described access device from another access device; And the IP address of determining the IP address of described new terminal and the associated terminal of described access device is identical; Described transmitting element 93, also for sending the address reprovision request that is used to indicate again request address to described new terminal.Receiving element 91, the address assignment request also sending for receiving described new terminal, and indicate described processing unit 92 to described new terminal, to distribute another IP address different from described IP address according to described address assignment request.
Embodiment nine
Figure 10 is the structural representation of the Portal server that provides of the embodiment of the present invention, and as shown in figure 10, this Portal server can comprise: information receiving unit 1001 and authentication request unit 1002; Wherein,
Information receiving unit 1001, the redirection message sending for receiving terminal, described redirection message carries IP address and the terminal identification information of described terminal; For example, this terminal identification information comprises: the MAC Address of terminal;
Authentication request unit 1002, for obtaining the authentication information of described terminal, and send authentication request to wireless controller AC, described authentication request is carried IP address and the described terminal identification information of described authentication information, described terminal, so that described AC identifies described terminal according to described IP address and MAC Address.
Embodiment ten
Figure 11 is the structural representation of the wireless controller that provides of the embodiment of the present invention, and as shown in figure 11, this wireless controller can comprise: request reception unit 1101, authentication processing unit 1102 and result transmitting element 1103; Wherein,
Request reception unit 1101, for receiving the authentication request of Portal server transmission, carries an IP address, authentication information and the terminal identification information corresponding to described terminal of the described terminal of request authentication in described authentication request; For example, this terminal identification information comprises: the MAC Address of terminal;
Authentication processing unit 1102, authenticates for described authentication information corresponding to described MAC Address and an IP address is sent to certificate server;
Result transmitting element 1103, for when authentication is passed through, to the access device transmission data retransmission rule of described terminal association, described data retransmission rule forwards the data of described terminal for described access device.
Further, authentication processing unit 1102, also for deciphering described terminal identification information, obtains the 2nd IP address that terminal identification information comprises; By an IP address comparison of carrying in described the 2nd IP address and described authentication request; A described IP address is different from the 2nd IP address, indicates described result transmitting element to described Portal server return authentication failure.
Further, authentication processing unit 1102, also, for deciphering described terminal identification information, obtains the timestamp information that terminal identification information comprises, described timestamp information is for representing the transmitting time of described redirection message; By described timestamp information and current time comparison, if the interval between described timestamp information and described current time surpasses scheduled duration, indicate described result transmitting element to described Portal server return authentication failure.
Further, in the described terminal identification information that request reception unit 1101 receives, also comprise: the VLAN of the MAC Address of described access device and the access of described terminal; Result transmitting element 1103, when sending data retransmission rule, specifically, for according to the VLAN of the MAC Address of described access device and the access of described terminal, sends data retransmission rule to described access device.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (20)
1. a Portal authentication method, is characterized in that, comprising:
The network access request that access device receiving terminal sends;
Described access device returns to redirection message to described terminal, described redirection message carries Portal server address and terminal identification information corresponding to described terminal, so that described terminal is sent to Portal server according to described Portal server address by described terminal identification information.
2. method according to claim 1, is characterized in that, described terminal identification information, comprising: the MAC Address of described terminal.
3. method according to claim 1 and 2, is characterized in that, described terminal identification information also comprises following at least one:
The IP address of described terminal;
Or, the VLAN of the MAC Address of described access device and the access of described terminal;
Or, timestamp information, described timestamp information is for representing the transmitting time of described redirection message.
4. method according to claim 1, is characterized in that, before the network access request that described access device sends at receiving terminal, also comprises:
Described access device receives the address assignment request that described terminal sends;
Described access device is according to described address assignment request, be identified for distributing to the IP to be allocated address of described terminal, and whether the IP address of associated terminal that checks described access device is identical with described IP to be allocated address, if there is the IP address associated terminal identical with described IP to be allocated address, described IP to be allocated address changed to another IP address.
5. method according to claim 1, is characterized in that, also comprises:
Described access device is associated with new terminal foundation, and described new terminal is to move to described access device from another access device;
When identical in the IP address of determining the IP address of described new terminal and the associated terminal of described access device, to described new terminal, send the address reprovision request that is used to indicate again request address;
Described access device receives the address assignment request that described new terminal sends, and to described new terminal, distributes another IP address different from described IP address according to described address assignment request.
6. a Portal authentication method, is characterized in that, comprising:
The redirection message that Portal server receiving terminal sends, described redirection message carries IP address and the terminal identification information of described terminal;
Described Portal server obtains the authentication information of described terminal, and send authentication request to wireless controller AC, described authentication request is carried IP address and the described terminal identification information of described authentication information, described terminal, so that described AC identifies described terminal according to described IP address and described terminal identification information.
7. a Portal authentication method, is characterized in that, comprising:
Wireless controller receives the authentication request that Portal server sends, and carries an IP address, authentication information and the terminal identification information corresponding to described terminal of the described terminal of request authentication in described authentication request;
Described wireless controller is sent to certificate server by described authentication information corresponding to described MAC Address and an IP address and authenticates, and when authentication is passed through, access device to described terminal association sends data retransmission rule, and described data retransmission rule forwards the data of described terminal for described access device.
8. method according to claim 7, is characterized in that, described terminal identification information, comprising: the MAC Address of described terminal.
9. according to the method described in claim 7 or 8, it is characterized in that, in described terminal identification information, also comprise: the 2nd IP address corresponding to described terminal of encryption;
After described wireless controller receives the authentication request of Portal server transmission, also comprise:
Described wireless controller is deciphered described terminal identification information, obtains described the 2nd IP address;
Described wireless controller is by an IP address comparison of carrying in described the 2nd IP address and described authentication request, if a described IP address is different from the 2nd IP address, to described Portal server return authentication failure.
10. method according to claim 7, is characterized in that, in described terminal identification information, also comprises: timestamp information, and described timestamp information is for representing the transmitting time of described redirection message;
After described wireless controller receives the authentication request of Portal server transmission, also comprise:
Described wireless controller is deciphered described terminal identification information, obtains described timestamp information;
Described wireless controller is by described timestamp information and current time comparison, if the interval between described timestamp information and described current time surpasses scheduled duration, to described Portal server return authentication failure.
11. methods according to claim 7, is characterized in that, in described terminal identification information, also comprise: the VLAN of the MAC Address of described access device and the access of described terminal;
Described wireless controller sends data retransmission rule to the access device of described terminal association, comprising: described wireless controller, according to the VLAN of the MAC Address of described access device and the access of described terminal, sends data retransmission rule to described access device.
12. 1 kinds of access devices, is characterized in that, comprising:
Receiving element, the network access request sending for receiving terminal;
Processing unit, for being carried at redirection message by Portal server address and terminal identification information corresponding to described terminal;
Transmitting element, for returning to described redirection message to described terminal, so that described terminal is sent to Portal server according to described Portal server address by described terminal identification information.
13. access devices according to claim 12, is characterized in that, described terminal identification information also comprises following at least one: the MAC Address of described terminal; Or, the IP address of described terminal; Or, the VLAN of the MAC Address of described access device and the access of described terminal; Or, timestamp information, described timestamp information is for representing the transmitting time of described redirection message.
14. access devices according to claim 12, is characterized in that,
Described receiving element, the address assignment request also sending for receiving described terminal;
Described processing unit, also for according to described address assignment request, be identified for distributing to the IP to be allocated address of described terminal, and whether the IP address of associated terminal that checks described access device is identical with described IP to be allocated address, if there is the IP address associated terminal identical with described IP to be allocated address, described IP to be allocated address changed to another IP address.
15. access devices according to claim 12, is characterized in that,
Described processing unit, also, for associated with new terminal foundation, described new terminal is to move to described access device from another access device; And the IP address of determining the IP address of described new terminal and the associated terminal of described access device is identical;
Described transmitting element, also for sending the address reprovision request that is used to indicate again request address to described new terminal;
Described receiving element, the address assignment request also sending for receiving described new terminal, and indicate described processing unit to described new terminal, to distribute another IP address different from described IP address according to described address assignment request.
16. 1 kinds of Portal server, is characterized in that, comprising:
Information receiving unit, the redirection message sending for receiving terminal, described redirection message carries IP address and the terminal identification information of described terminal;
Authentication request unit, for obtaining the authentication information of described terminal, and send authentication request to wireless controller AC, described authentication request is carried IP address and the described terminal identification information of described authentication information, described terminal, so that described AC identifies described terminal according to described IP address and terminal identification information.
17. 1 kinds of wireless controllers, is characterized in that, comprising:
Request reception unit, for receiving the authentication request of Portal server transmission, carries an IP address, authentication information and the terminal identification information corresponding to described terminal of the described terminal of request authentication in described authentication request;
Authentication processing unit, authenticates for described authentication information corresponding to described MAC Address and an IP address is sent to certificate server;
Result transmitting element, for when authentication is passed through, to the access device transmission data retransmission rule of described terminal association, described data retransmission rule forwards the data of described terminal for described access device.
18. wireless controllers according to claim 17, is characterized in that,
Described authentication processing unit, also for deciphering described terminal identification information, obtains the 2nd IP address that terminal identification information comprises; By an IP address comparison of carrying in described the 2nd IP address and described authentication request; A described IP address is different from the 2nd IP address, indicates described result transmitting element to described Portal server return authentication failure.
19. wireless controllers according to claim 17, is characterized in that,
Described authentication processing unit, also, for deciphering described terminal identification information, obtains the timestamp information that terminal identification information comprises, described timestamp information is for representing the transmitting time of described redirection message; By described timestamp information and current time comparison, if the interval between described timestamp information and described current time surpasses scheduled duration, indicate described result transmitting element to described Portal server return authentication failure.
20. wireless controllers according to claim 17, is characterized in that,
In the described terminal identification information that described request receiving element receives, also comprise: the VLAN of the MAC Address of described access device and the access of described terminal;
Described result transmitting element, when sending data retransmission rule, specifically, for according to the VLAN of the MAC Address of described access device and the access of described terminal, sends data retransmission rule to described access device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410369824.6A CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410369824.6A CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104104516A true CN104104516A (en) | 2014-10-15 |
| CN104104516B CN104104516B (en) | 2018-12-25 |
Family
ID=51672343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410369824.6A Active CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104104516B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104469757A (en) * | 2014-12-25 | 2015-03-25 | 上海迈外迪网络科技有限公司 | Safe logging-in method |
| CN104469758A (en) * | 2014-12-25 | 2015-03-25 | 上海迈外迪网络科技有限公司 | Multi-equipment safety login method |
| CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
| CN104936181A (en) * | 2015-06-25 | 2015-09-23 | 杭州华三通信技术有限公司 | Access authentication method and device for connecting specified AP (Access Point) |
| CN104955036A (en) * | 2015-07-07 | 2015-09-30 | 北京长亭科技有限公司 | Secure networking method and device in public Wi-Fi (wireless fidelity) environment |
| CN105704109A (en) * | 2014-11-28 | 2016-06-22 | 华为软件技术有限公司 | Network access authentication method and equipment |
| CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
| CN106453119A (en) * | 2016-11-18 | 2017-02-22 | 杭州华三通信技术有限公司 | Authentication control method and device |
| CN106506675A (en) * | 2016-11-25 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of page reorientation method and device |
| CN106559405A (en) * | 2015-09-30 | 2017-04-05 | 华为技术有限公司 | A kind of portal authentication method and equipment |
| CN106656911A (en) * | 2015-10-29 | 2017-05-10 | 华为技术有限公司 | Portal authentication method, access device and management server |
| CN106921970A (en) * | 2015-12-28 | 2017-07-04 | 华为技术有限公司 | A kind of access authentication method, device and system |
| CN106936804A (en) * | 2015-12-31 | 2017-07-07 | 华为技术有限公司 | A kind of access control method and authenticating device |
| CN107580325A (en) * | 2017-08-02 | 2018-01-12 | 上海斐讯数据通信技术有限公司 | WDS connection methods, WAP and terminal device |
| CN109413649A (en) * | 2018-11-06 | 2019-03-01 | 新华三技术有限公司 | A kind of access authentication method and device |
| CN109510839A (en) * | 2018-12-24 | 2019-03-22 | 深圳市潮流网络技术有限公司 | A kind of distribution Portal cut-in method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
| CN102238543A (en) * | 2010-04-27 | 2011-11-09 | 杭州华三通信技术有限公司 | Wireless Portal authentication method and access controller |
| CN102685725A (en) * | 2012-05-11 | 2012-09-19 | 中国联合网络通信集团有限公司 | Information receiving method, information sending method, devices, and system |
| CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
-
2014
- 2014-07-30 CN CN201410369824.6A patent/CN104104516B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
| CN102238543A (en) * | 2010-04-27 | 2011-11-09 | 杭州华三通信技术有限公司 | Wireless Portal authentication method and access controller |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
| CN102685725A (en) * | 2012-05-11 | 2012-09-19 | 中国联合网络通信集团有限公司 | Information receiving method, information sending method, devices, and system |
| CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704109A (en) * | 2014-11-28 | 2016-06-22 | 华为软件技术有限公司 | Network access authentication method and equipment |
| CN105704109B (en) * | 2014-11-28 | 2019-05-24 | 华为软件技术有限公司 | A kind of network access verifying method and equipment |
| CN105791451B (en) * | 2014-12-22 | 2020-02-21 | 华为技术有限公司 | Message response method and device |
| CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
| CN104469757B (en) * | 2014-12-25 | 2018-01-16 | 上海迈外迪网络科技有限公司 | Safe login method |
| CN104469758A (en) * | 2014-12-25 | 2015-03-25 | 上海迈外迪网络科技有限公司 | Multi-equipment safety login method |
| CN104469757A (en) * | 2014-12-25 | 2015-03-25 | 上海迈外迪网络科技有限公司 | Safe logging-in method |
| CN104469758B (en) * | 2014-12-25 | 2018-07-27 | 上海迈外迪网络科技有限公司 | More equipment safety login methods |
| CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
| CN104936181A (en) * | 2015-06-25 | 2015-09-23 | 杭州华三通信技术有限公司 | Access authentication method and device for connecting specified AP (Access Point) |
| CN104955036B (en) * | 2015-07-07 | 2019-04-05 | 北京长亭科技有限公司 | Safe networking method and apparatus under public Wi-Fi environment |
| CN104955036A (en) * | 2015-07-07 | 2015-09-30 | 北京长亭科技有限公司 | Secure networking method and device in public Wi-Fi (wireless fidelity) environment |
| CN106559405A (en) * | 2015-09-30 | 2017-04-05 | 华为技术有限公司 | A kind of portal authentication method and equipment |
| CN106559405B (en) * | 2015-09-30 | 2020-11-03 | 华为技术有限公司 | Portal authentication method and equipment |
| CN106656911B (en) * | 2015-10-29 | 2019-10-01 | 华为技术有限公司 | A kind of portal authentication method, access device and management server |
| CN106656911A (en) * | 2015-10-29 | 2017-05-10 | 华为技术有限公司 | Portal authentication method, access device and management server |
| CN106921970A (en) * | 2015-12-28 | 2017-07-04 | 华为技术有限公司 | A kind of access authentication method, device and system |
| CN106936804B (en) * | 2015-12-31 | 2020-04-28 | 华为技术有限公司 | Access control method and authentication equipment |
| CN106936804A (en) * | 2015-12-31 | 2017-07-07 | 华为技术有限公司 | A kind of access control method and authenticating device |
| CN106453119A (en) * | 2016-11-18 | 2017-02-22 | 杭州华三通信技术有限公司 | Authentication control method and device |
| CN106506675A (en) * | 2016-11-25 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of page reorientation method and device |
| CN107580325A (en) * | 2017-08-02 | 2018-01-12 | 上海斐讯数据通信技术有限公司 | WDS connection methods, WAP and terminal device |
| CN107580325B (en) * | 2017-08-02 | 2021-08-06 | 台州智奥通信设备有限公司 | WDS (Wireless data System) connection method, wireless access point and terminal equipment |
| CN109413649A (en) * | 2018-11-06 | 2019-03-01 | 新华三技术有限公司 | A kind of access authentication method and device |
| CN109510839A (en) * | 2018-12-24 | 2019-03-22 | 深圳市潮流网络技术有限公司 | A kind of distribution Portal cut-in method |
| CN109510839B (en) * | 2018-12-24 | 2023-10-27 | 深圳市潮流网络技术有限公司 | Distributed Portal access method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104104516B (en) | 2018-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104104516A (en) | Portal authentication method and device | |
| CN105706390B (en) | Method and apparatus for performing device-to-device communication in a wireless communication network | |
| US9824193B2 (en) | Method for using mobile devices with validated user network identity as physical identity proof | |
| CN107005442B (en) | Method and apparatus for remote access | |
| US9246872B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| CN106656547B (en) | Method and device for updating network configuration of household electrical appliance | |
| CN111654862B (en) | Registration method and device of terminal equipment | |
| CN106851632A (en) | A kind of smart machine accesses the method and device of WLAN | |
| CN107534664B (en) | Multi-factor authorization for IEEE802.1X enabled networks | |
| CN101711031B (en) | Portal authenticating method during local forwarding and access controller (AC) | |
| WO2017054617A1 (en) | Wifi network authentication method, device and system | |
| CN105027529A (en) | Method and device for secure network access | |
| CN110933084A (en) | Cross-domain shared login state method, device, terminal and storage medium | |
| CN101990211A (en) | Method, device and system for network access | |
| CN113556227A (en) | Network connection management method and device, computer readable medium and electronic equipment | |
| US9118588B2 (en) | Virtual console-port management | |
| US20160044487A1 (en) | Network access method and apparatus, and network system | |
| CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
| CN107257558B (en) | Message forwarding method and device | |
| EP3319277B1 (en) | Provision of access to a network | |
| CN110636464B (en) | Communication system for communication between Internet of things equipment and communication system with enterprise intranet | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN103607403A (en) | Method, device and system for using safety domain in NAT network environment | |
| CN111565165A (en) | Cloud mobile phone authentication, maintenance and state change system and method | |
| Nguyen et al. | An SDN-based connectivity control system for Wi-Fi devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |