CN104837134A - Web authentication user registration method, device and system - Google Patents
Web authentication user registration method, device and system Download PDFInfo
- Publication number
- CN104837134A CN104837134A CN201410045084.0A CN201410045084A CN104837134A CN 104837134 A CN104837134 A CN 104837134A CN 201410045084 A CN201410045084 A CN 201410045084A CN 104837134 A CN104837134 A CN 104837134A
- Authority
- CN
- China
- Prior art keywords
- account
- mac address
- address
- online
- address state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a Web authentication user registration method, device and system, comprising the steps of: determining the IP address state of an IP address, and the MAC address state of an MAC address after a Portal server receives a login request message with the information of a login ID of this time, the IP address of a terminal and an MAC address sent by the terminal; and sending a challenge request message to an access gateway when the Portal server confirms that the IP address state of an IP address, and the MAC address state of the MAC address are not online. In the scheme of the invention, for terminal login of this time, the IP address state and the MAC address state of the terminal are checked; if not on line, i.e., when the uniqueness restriction condition that the IP address and the MAC address can only be on line once is satisfied, a challenge interactive process can be performed, allowing a user to successfully perform Web authentication.
Description
Technical field
The present invention relates to wireless communication technology field, particularly relate to a kind of web authentication user login method, equipment and system.
Background technology
The certification being widely used in linking Internet based on door (Portal) agreement, HTML (Hypertext Markup Language) (Hypertext Transfer Protocol, HTTP) redirected web authentication controls.The typical signalling flow journey of web authentication as shown in Figure 1, comprises the following steps:
Step 101: terminal sends HTTP connection request message to IAD;
Step 102: IAD judges that (generally based on IP address or the MAC Address of terminal) terminal is in un-authenticated state, pushes HTTP redirection message to unverified terminal;
Generally, URL(uniform resource locator) (the UnionResource Location of structure is comprised in HTTP redirection message, URL), URL is below example: http a: // 221.176.1.140:8080/wlan/index.php wlanuserip=183.241.167.185 & wlanacname=1201.0010.100.00 & ssid=CMCC & NASID=8047202010000460
The information such as the IP address (wlanuserip=183.241.167.185) needed for subsequent authentication flow process are initiated in the IP address (221.176.1.140) wherein containing Portal server.
Step 103: terminal sends HTTP connection request message to Portal server;
Terminal utilizes above-mentioned URL to send HTTP request to Portal server, owing to comprising the IP address of terminal in the URL that IAD constructs when HTTP redirection, therefore, step 103 can realize by this unique identification information also namely the IP address of terminal pass to Portal server.
Step 104:Portal server pushes unified certification Portal login page to terminal;
Step 105: terminal receive user input account and password and to Portal server send logging request;
Step 106:Portal server is to Radius server lookup customer charging information;
Step 107:Radius server returns Query Result to Portal server;
Step 108:Portal server determination Query Result be successfully time, send challenge Challenge message to IAD;
The IP address (wlanuserip) that Portal extracts from URL is contained in described Challenge message.
Step 109: the Challenge of distribution is sent to Portal server by IAD;
The Challenge that step 110:Portal server by utilizing receives is encrypted user name password, and the information such as account number cipher are sent to IAD;
Step 111: the verify data received is forwarded to remote customer dialing authentication system (Remote Authentication Dial In User Service, Radius) server and verifies by IAD;
Step 112: IAD receives the authentication result of Radius server feedback;
In this step 112, IAD receive in flow process is reached the standard grade in certification Radius server reply certification by after message by this IP address configuration for passing through authentication state.
Step 113: the authentication result of Radius server feedback is forwarded to Portal server by IAD;
Step 114:Portal server pushes to terminal and logins successfully the page.
Step 115:Portal server sends authentication success to IAD.
Under normal circumstances, terminal successfully can carry out above-mentioned flow process, successfully passes through web authentication, but the abnormal login behavior of above-mentioned web authentication flow process to terminal cannot judge, and finally causes login failure.
Below by this abnormal login behavior of flow process of being initiated by terminal repeatedly to reach the standard grade cause reaching the standard grade case of flow process failure, login failure is described:
As shown in Figure 2, when Portal server in upper line process sends to the userip(IP address in challenge request (req_challenge) message of IAD) be the IP address having authenticated, be in line states at AC place, the Challenge that IAD will refuse Portal server applies for alternately, causes user to reach the standard grade unsuccessfully.
Actual message interaction process: user's first time flow process (21) of reaching the standard grade normally performs, but user initiates to reach the standard grade (22) for the second time (after reaching the standard grade as clicked subsequently, user clicks " return key " rollback at mobile phone operation interface and has also again initiated identifying procedure to Portal login page), second time flow process IAD have rejected challenge interaction request and causes user to reach the standard grade unsuccessfully.
When user initiates repeatedly to reach the standard grade, as return Portal login page based on browser after logging in and again initiate login process, Portal login page that user opens preservation initiate login process etc., in this case when Portal server sends request challenge challenge message, IAD distributes the message of challenge mistake by returning, type of error comprises that terminal is in verification process, terminal is in and goes up line states etc., cause that user's reach the standard grade that flow process cannot normally circulate, login failure, cause user to use the perception of network not good.
Summary of the invention
The embodiment of the present invention provides a kind of web authentication user login method, equipment and system, cannot judge, and finally cause the problem of login failure to solve the abnormal login behavior of WEB verification process to user in prior art.
A kind of web authentication user login method, described method comprises:
Portal server receive that terminal sends carry the log on request message of this login account, the IP address of this terminal and the mac address information of this terminal after, determine the IP address state of described IP address and the MAC Address state of described MAC Address, described IP address state and MAC Address state include: in online, online and verification process;
Portal server, when the MAC Address state of the IP address state and described MAC Address of determining described IP address is not online, sends challenge Challenge request message to IAD.
A kind of Portal server, described Portal server comprises:
Receiving element, for the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal that receiving terminal sends;
Determining unit, for the MAC Address state of the IP address state and described MAC Address of determining described IP address, described IP address state and MAC Address state include: in online, online and verification process;
Transmitting element, during for being not online in the MAC Address state of the IP address state and described MAC Address of determining described IP address, sends Challenge request message to IAD.
A kind of web authentication logging in system by user, described system comprises: terminal, Portal server and IAD;
Described terminal, for sending the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal to Portal server;
Described Portal server, after receiving described log on request message, determine the IP address state of described IP address and the MAC Address state of described MAC Address, described IP address state and MAC Address state include: in online, online and verification process; And when the MAC Address state of the IP address state and described MAC Address of determining described IP address is not online, send Challenge request message to IAD;
IAD, for receiving the Challenge request message that Portal server sends.
In the scheme of the embodiment of the present invention, because when to terminal, this logs in, the IP address state of this terminal and MAC Address state are verified, when being defined as all not online, when also namely meeting the uniqueness restrictive condition that IP address and MAC Address only can be once online, just carry out Challenge interaction flow, make user successfully can carry out web authentication.
Accompanying drawing explanation
Fig. 1 is web authentication signaling process schematic diagram in background technology;
Fig. 2 is the packet sectional drawing captured in background technology;
Fig. 3 is one of web authentication user login method flow chart in the embodiment of the present invention;
Fig. 4 is web authentication user login method flow chart two in the embodiment of the present invention;
Fig. 5 is the signaling process figure that in the embodiment of the present invention, web authentication user logs in;
Fig. 6 is the structural representation of Portal server in the embodiment of the present invention;
Fig. 7 is the system configuration schematic diagram that in the embodiment of the present invention, web authentication user logs in.
Embodiment
For the scheme of the embodiment of the present invention is clearly described, first the general principle of embodiment of the present invention scheme is described below.
Owing to there being two kinds of identification information identifying users in the signalling interactive process of web authentication, be IP address (unique index of identifying user in IAD), MAC Address (terminal of identifying user) respectively.Therefore, to unique identification user, then these two kinds of identification informations need meet uniqueness restrictive condition, namely IP, MAC have and can only be once online, two terminal use can not be distributed in an IP address, and a terminal can not reach the standard grade twice, are all can only be once online.
In the scheme of the embodiment of the present invention, after flow process is reached the standard grade in user terminal initiation, before Portal server initiation Challenge is mutual, all infomation detection is done to above-mentioned two kinds of identification informations, and time online to MAC online the comparison information of account and this login account detect, only have two kinds of identification informations all to meet uniqueness qualifications, solve the conflict of online account after could perform Challenge alternately and Subsequent signaling flows journey.
Usually, abnormal conditions comprise following two kinds:
The first: IP address is online: maximum may be the IP address (userip) that portal server is got by Portal URL is not correct IP address, in this case WWW.10086.CN (being not limited to this website) is redirected the user to, make user terminal perform a HTTP redirection flow process, access login page by correct Portal URL;
The second: MAC Address is online: represent that this user terminal is in line states, if account is identical, performs the flow process that rolls off the production line-reach the standard grade and make user log in successfully, if account is different, this terminal of prompting user is needed to complete identifying procedure by account * * * in such cases, currently be in certification by state, what perform corresponding account according to the selection of user logs in flow process.
The solution of the present invention is described in detail below in conjunction with specific embodiment.
As shown in Figure 3, be a kind of web authentication user login method schematic diagram in the embodiment of the present invention, described method specifically comprises the following steps:
The log on request message of what step 301:Portal server receiving terminal sent carry this login account, the IP address of this terminal and the mac address information of this terminal, and perform step 302;
Step 302:Portal server determines the IP address state of described IP address and the MAC Address state of described MAC Address, and described IP address state and MAC Address state include: in online, online and verification process;
At Portal server when determining that the IP address state of described IP address is in verification process or the MAC Address state of described MAC Address is in verification process, perform step 303;
When Portal server is not online in the MAC Address state of the IP address state and described MAC Address of determining described IP address, perform step 304;
Portal server, when determining that IP address state is online, performs step 305;
Portal server, when determining that MAC Address state is online, performs step 306;
Step 303: terminate.
It should be noted that, when determining that the IP address state of described IP address is in verification process or the MAC Address state of described MAC Address is in verification process, explanation to go wrong because of the browser of described terminal or network occurs that the congested user of causing cannot log in, and now do not carry out any operation.
Step 304: send Challenge request message to IAD.
Step 305: the page pushing " please account information be re-enter " to described terminal, and when account information is re-entered in the determination receiving terminal, push Portal login page to terminal.
This step 305 performs for IP address this situation online, occur the online reason in IP address very large may be because the Portal URL that user employs preservation opens the Portal page, and then the IP address of the terminal making Portal server obtain from described URL is the IP address of mistake, now, take to redirect the terminal to the Portal page, and then correct IP address can be obtained.
Step 306:Portal server judges that whether the account corresponding with this MAC Address be identical with this login account described; When identical, perform step 307; When not identical, perform step 308.
Step 307: send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message, and performs step 309;
Step 309:Portal server receive that IAD returns from the stopping charging response message of Radius server after, send Challenge request message to IAD.
Portal server judges that the account corresponding with this MAC Address is identical with this login account described, illustrate that this terminal has used account to log in, this uses same account to carry out repeating to log in, therefore, perform above-mentioned steps 307 and step 309, to reach, account is online rolled off the production line, the object of this account of again reaching the standard grade.
Portal server judges that whether the account corresponding with this MAC Address be identical with this login account described, illustrate that this terminal has employed an account (namely online account) and logged in, this uses another account (i.e. this login account) to log in, because same terminal can not log in two accounts simultaneously, therefore, perform following step 308 and step 401 and step 402, with reach make this online account restart the object of this login process of reaching the standard grade of account online after rolling off the production line again; Or perform following step 308 and step 501-step 504, with reach make this online account roll off the production line, start the object of the login process of reaching the standard grade of this login account described;
Step 308: push the page comprising " online, account is described corresponding with this MAC Address account, account online please be selected to log in or the login of this login account " information to described terminal;
Portal server, when receiving this login account log-on message that terminal sends, performs following steps 401 and step 402:
Step 401: send instruction to Radius server, instruction IAD sends to Radius server and stops accounting request message, to stop the charging to described account online;
Step 402: receive that IAD returns from the stopping charging response message of Radius server after, send Challenge request message to IAD;
Portal server, when receiving the account log-on message online that terminal sends, performs following steps 501-step 504:
Step 501: push Portal login page to terminal, asks user to input the password of account online;
Step 502: the logging request of account online that what receiving terminal sent carry and the online password of account;
Step 503: send instruction of rolling off the production line to IAD, instruction IAD sends to Radius server and stops accounting request message, to stop the charging to described account online;
Step 504: receive that IAD returns from the stopping charging response message of Radius server after, send Challenge request message to IAD.
Preferably, determine that the IP address state of described IP address and the MAC Address state of described MAC Address specifically comprise:
In Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determines the IP address state of described IP address and the MAC Address state of described MAC Address;
Account is not safeguarded in Portal server this locality, during corresponding relation between IP address state and MAC Address state, Portal server sends the account of carrying in described log on request message to remote customer dialing authentication system Radius server, the inquiring user billing information request message of IP address and MAC Address, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address, account is maintained in described Radius server, corresponding relation between IP address state and MAC Address state.
Preferably, described Portal server determines that whether the account corresponding with this MAC Address be identical with this login account described, specifically comprises:
In Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described;
When account, corresponding relation between IP address state and MAC Address state are not safeguarded in Portal server this locality, Portal server sends the inquiring user billing information request message carrying this account described, IP address and MAC Address to Radius server, and receive that Radius server returns carry account corresponding to online, the described MAC Address of the described MAC Address inquiry response message whether identical with this login account described, maintain account, corresponding relation between IP address state and MAC Address state in described Radius server.
Owing to storing account in existing Radius server, correspondence relationship information between IP address state and MAC Address state, therefore, the embodiment of the present invention is not when Portal server this locality stores described correspondence relationship information, in the embodiment of the present invention, Radius server is when returning inquiry response message, dexterously by MAC Address state, IP address state, and this login account and MAC Address whether (if there is) identical is online carried in this inquiry response message, both Portal server was given these information transmission, do not affect again the mutual of existing inquiring user charge information message, also extra request message need not be used to obtain these information.
Web authentication user login method shown in Fig. 4 is identical with the flow process essence in above-mentioned Fig. 3, is the flow chart comparatively simplified, the scheme of the embodiment of the present invention concisely clearly can be described, comprises the following steps:
Step 601:Portal server judges whether IP address state is in verification process or MAC Address state is in verification process; If so, then terminate; Otherwise, perform step 602;
Step 602:Portal server judges whether IP address state is online, if judged result is no, then performs step 603; If the determination result is YES, then step 605 is performed;
Step 603:Portal server judges whether MAC Address state is online, if judged result is no, then performs step 604; If the determination result is YES, then step 607 is performed;
Step 604:Portal startup of server is reached the standard grade flow process;
Step 605:Portal server push " please re-enter account information ", redirects the terminal to www.10086.CN, and performs step 606;
Step 606: terminal is redirected to Portal login page;
Step 607:Portal server judges that new account (being also this login account) is with whether account is identical online; If the determination result is YES, then step 608 is performed; If judged result is no, then perform step 610;
Step 608:Portal server performs account online and to roll off the production line operation, and performs step 609;
The new account of step 609:Portal startup of server is reached the standard grade operation;
Step 610:Portal server push " online, account * * * *, please select to log in/use account online by new account and log in ", and perform step 611;
Step 611: terminal is selected; If select new account to log in, then perform step 612; With account login online, then step 614 is performed if select;
Step 612:Portal server performs account online and to roll off the production line operation; And perform step 613;
Step 613:Portal server performs the flow process of reaching the standard grade starting new account;
Step 614:Portal server pushes the password that please input account online to terminal; And receive terminal carry the logging request of account number cipher online after perform step 615;
Roll off the production line operation and account online of the account online that performs step 615:Portal server is reached the standard grade flow process.
It is the Web Signalling exchange flow chart of the embodiment of the present invention shown in Fig. 5; Portal server obtains MAC Address state, IP address state and this login account and MAC Address (if there is) whether identical information online from Radius server; Specifically comprise the following steps:
Step 701 is identical to step 105 with the step 101 in background technology to step 705, repeats no more here;
Step 706:Portal server sends inquiring user charge information to Radius server;
Step 707:Radius server returns Query Result to Portal server, comprises the MAC Address state of this terminal, the IP address state of this terminal and this login account and described MAC Address (if there is) whether identical information online in this Query Result;
Step 708: after this Portal server carries out different Signalling exchanges according to Query Result; Specifically comprise following 4 kinds of Signalling exchanges:
1) when IP address is online:
Portal server pushes " please re-enter account information " to terminal;
Terminal sends " determination " to Portal server;
Portal server redirects the terminal to www.10086.cn;
Terminal is redirected to Portal login page, and circulate flow process of reaching the standard grade again;
2) MAC Address is online, when account is identical:
Portal server sends to IAD and to roll off the production line instruction, to be changed into by IP address state roll off the production line to IAD;
IAD sends to Radius server and stops charging message;
The request Challenge stage is entered after rolling off the production line;
3) MAC Address is online, when account is not identical:
Portal server pushes " online, account * * * *, please select this login account to log in/account login online " to terminal;
Terminal sends selection result to Portal server;
3.1) when selection result is account login online:
Portal server pushes to terminal the password that the page please input account number online;
Terminal receives the password of user's input, sends request login to Portal server;
Portal server sends to IAD instruction of rolling off the production line, and IP address state is changed into and rolled off the production line by IAD;
IAD sends to Radius server and stops charging message;
The request Challenge stage is entered after rolling off the production line;
3.2) when selection result logs in for this login account:
Portal server sends to IAD instruction of rolling off the production line, and IP address state is changed into and rolled off the production line by IAD;
IAD sends to Radius server and stops charging message;
The request Challenge stage is entered after rolling off the production line;
4) MAC Address and IP address are all not online
Enter the request Challenge stage;
Step 709-step 715 is identical with the step 109-step 115 in background technology, repeats no more here.
The embodiment of the present invention also proposes a kind of Portal server, and its structural representation as shown in Figure 6, comprising: receiving element 61, determining unit 62 and transmitting element 63, wherein:
Receiving element 61, for the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal that receiving terminal sends;
Determining unit 62, for the MAC Address state of the IP address state and described MAC Address of determining described IP address, described IP address state and MAC Address state include: in online, online and verification process;
Transmitting element 63, during for being not online in the MAC Address state of the IP address state and described MAC Address of determining described IP address, sends challenge Challenge request message to IAD.
Preferably, described determining unit 62, specifically for when account, corresponding relation between IP address state and MAC Address state in local maintenance, utilizing the described corresponding relation of local maintenance, determining the IP address state of described IP address and the MAC Address state of described MAC Address, account is not safeguarded in this locality, during corresponding relation between IP address state and MAC Address state, the account of carrying in described log on request message is sent to remote customer dialing authentication system Radius server, the inquiring user billing information request message of IP address and MAC Address, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address, account is maintained in described Radius server, corresponding relation between IP address state and MAC Address state.
Preferably, described transmitting element 63, time also for determining that in determining unit IP address state is online, pushes the page of " please re-enter account information " to described terminal;
Receiving element 61, account information is re-entered in the determination also for receiving terminal;
Described Portal server also comprises:
Being redirected unit 64, during for re-entering account information in the determination receiving terminal, redirecting the terminal to Portal login page.
Preferably, described determining unit 62, also for when determining that MAC Address state is online, determines that whether the account corresponding with this MAC Address be identical with this login account described;
Described transmitting element 63, time also for determining that in determining unit the account corresponding with this MAC Address is identical with this login account described, sends instruction to IAD, and instruction IAD sends to Radius server and stops accounting request message; And receiving element receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD;
Described receiving element 61, also for receiving the stopping charging response message from Radius server that IAD returns.
Preferably, described transmitting element 63, also for when determining that the account corresponding with this MAC Address is not identical with this login account described, the page comprising " online; account is described corresponding with this MAC Address account online, account online please to be select to log in or this login account described login " information is pushed to described terminal;
Described receiving element 61, the account log-on message online also sent for receiving terminal and this account log-on message, and the logging request of carrying account online and the password of account online of receiving terminal transmission;
Described transmitting element 63, also for receive information that this login account that terminal sends logs in or receive that terminal sends carry the logging request of account online and the password of account online time, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; When receiving the information of the login of account online that terminal sends, Portal login page is pushed to terminal, please the password of user's input account online, and receiving element receive that terminal sends carry the logging request of account online and the password of account online time, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message.
Preferably, described determining unit 62, specifically in local maintenance when account, corresponding relation between IP address state and MAC Address state, utilize the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described; When not safeguarding account, corresponding relation between IP address state and MAC Address state in this locality, the inquiring user billing information request message carrying this account described, IP address and MAC Address is sent to remote customer dialing authentication system Radius server, and receive that Radius server returns carry account corresponding to online, the described MAC Address of the described MAC Address inquiry response message whether identical with this login account described, maintain account, corresponding relation between IP address state and MAC Address state in described Radius server.
The embodiment of the present invention also proposes a kind of web authentication logging in system by user, and its structural representation as shown in Figure 7, comprising: its spy is, described system comprises: terminal 71, Portal server 72 and IAD 73;
Described terminal 71, for sending the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal to Portal server;
Described Portal server 72, after receiving described log on request message, determine the IP address state of described IP address and the MAC Address state of described MAC Address, described IP address state and MAC Address state include: in online, online and verification process; And when the MAC Address state of the IP address state and described MAC Address of determining described IP address is not online, send challenge Challenge request message to IAD;
IAD 73, for receiving the Challenge request message that Portal server sends.
Preferably, in Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, described Portal server 72, specifically for utilizing the described corresponding relation of local maintenance, determine the IP address state of described IP address and the MAC Address state of described MAC Address;
When account, corresponding relation between IP address state and MAC Address state are not safeguarded in Portal server this locality, described system also comprises: Radius server 74;
Described Portal server 72, also for sending the inquiring user billing information request message carrying account in described log on request message, IP address and MAC Address to Radius server, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address;
Described Radius server 74, for receiving described inquiring user billing information request message, to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Portal server returns, in described Radius server, maintain account, corresponding relation between IP address state and MAC Address state.
Preferably, described Portal server 72, also for when determining that IP address state is online, pushes the page of " please re-enter account information " to described terminal, and when account information is re-entered in the determination receiving terminal, redirect the terminal to Portal login page.
Preferably, described Portal server 72, also for when the MAC Address state of described MAC Address is online, determines that whether the account corresponding with this MAC Address be identical with this login account described; When determining that the account corresponding with this MAC Address is identical with this login account described, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
Preferably, described Portal server 72, also for when determining that the account corresponding with this MAC Address is not identical with this login account described, the page comprising " online; account is described corresponding with this MAC Address account online, account online please to be select to log in or this login account described login " information is pushed to described terminal; And when receiving the information that this login account that terminal sends logs in, perform following operation: send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message, to stop the charging to account online; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD; When receiving the account log-on message online of terminal transmission, the following operation of execution: push Portal login page to terminal, asks user to input the password of account online; The logging request of account online that what receiving terminal sent carry and the online password of account; Send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
Preferably, described Portal server 72, specifically in local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described; When not safeguarding account, corresponding relation between IP address state and MAC Address state in this locality, the inquiring user billing information request message carrying this account described, IP address and MAC Address is sent to remote customer dialing authentication system Radius server, and receive that Radius server returns carry account corresponding to online, the described MAC Address of the described MAC Address inquiry response message whether identical with this login account described, maintain account, corresponding relation between IP address state and MAC Address state in described Radius server.
Those skilled in the art should understand, the embodiment of the application can be provided as method, system or computer program.Therefore, the application can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the application can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The application describes with reference to according to the flow chart of the method for the embodiment of the present application, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although described the preferred embodiment of the application, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the application's scope.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (18)
1. a web authentication user login method, is characterized in that, described method comprises:
Door Portal server receive that terminal sends carry the log on request message of this login account, the IP address of this terminal and the mac address information of this terminal after, determine the IP address state of described IP address and the MAC Address state of described MAC Address, described IP address state and MAC Address state include: in online, online and verification process;
Portal server, when the MAC Address state of the IP address state and described MAC Address of determining described IP address is not online, sends challenge Challenge request message to IAD.
2. the method for claim 1, is characterized in that, describedly determines the IP address state of described IP address and the MAC Address state of described MAC Address, specifically comprises:
In Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determines the IP address state of described IP address and the MAC Address state of described MAC Address;
Account is not safeguarded in Portal server this locality, during corresponding relation between IP address state and MAC Address state, Portal server sends the account of carrying in described log on request message to remote customer dialing authentication system Radius server, the inquiring user billing information request message of IP address and MAC Address, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address, account is maintained in described Radius server, corresponding relation between IP address state and MAC Address state.
3. the method for claim 1, is characterized in that, Portal server, when determining that IP address state is online, pushes the page of " please re-enter account information " to described terminal;
When account information is re-entered in the determination receiving terminal, redirect the terminal to Portal login page.
4. the method for claim 1, is characterized in that, when the MAC Address state of described MAC Address is online, Portal server determines that whether the account corresponding with this MAC Address be identical with this login account described;
When determining that the account corresponding with this MAC Address is identical with this login account described, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message;
Portal server receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
5. method as claimed in claim 4, it is characterized in that, when determining that the account corresponding with this MAC Address is not identical with this login account described, the page comprising " online; account is described corresponding with this MAC Address account online, account online please to be select to log in or this login account described login " information is pushed to described terminal;
Portal server, when receiving the information of this login account login that terminal sends, performs following operation:
Send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message, to stop the charging to account online;
Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD;
Portal server, when receiving the account log-on message online that terminal sends, performs following operation:
Push Portal login page to terminal, ask user to input the password of account online;
The logging request of account online that what receiving terminal sent carry and the online password of account;
Send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message;
Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
6. method as claimed in claim 4, it is characterized in that, described Portal server determines that whether the account corresponding with this MAC Address be identical with this login account described, specifically comprises:
In Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described;
Account is not safeguarded in Portal server this locality, during corresponding relation between IP address state and MAC Address state, Portal server sends to remote customer dialing authentication system Radius server and carries this account described, the inquiring user billing information request message of IP address and MAC Address, and receive that Radius server returns to carry described MAC Address online, the inquiry response message whether account corresponding to described MAC Address be identical with this login account described, account is maintained in described Radius server, corresponding relation between IP address state and MAC Address state.
7. a door Portal server, is characterized in that, described Portal server comprises:
Receiving element, for the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal that receiving terminal sends;
Determining unit, for the MAC Address state of the IP address state and described MAC Address of determining described IP address, described IP address state and MAC Address state include: in online, online and verification process;
Transmitting element, during for being not online in the MAC Address state of the IP address state and described MAC Address of determining described IP address, sends challenge Challenge request message to IAD.
8. Portal server as claimed in claim 7, it is characterized in that, described determining unit, specifically in local maintenance when account, corresponding relation between IP address state and MAC Address state, utilize the described corresponding relation of local maintenance, determine the IP address state of described IP address and the MAC Address state of described MAC Address;
Account is not safeguarded in this locality, during corresponding relation between IP address state and MAC Address state, the account of carrying in described log on request message is sent to remote customer dialing authentication system Radius server, the inquiring user billing information request message of IP address and MAC Address, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address, account is maintained in described Radius server, corresponding relation between IP address state and MAC Address state.
9. Portal server as claimed in claim 7, is characterized in that, described transmitting element, time also for determining that in determining unit IP address state is online, pushes the page of " please re-enter account information " to described terminal;
Receiving element, account information is re-entered in the determination also for receiving terminal;
Described Portal server also comprises:
Being redirected unit, during for re-entering account information in the determination receiving terminal, redirecting the terminal to Portal login page.
10. Portal server as claimed in claim 7, is characterized in that, described determining unit, also for when determining that MAC Address state is online, determining that whether the account corresponding with this MAC Address be identical with this login account described;
Described transmitting element, time also for determining that in determining unit the account corresponding with this MAC Address is identical with this login account described, sends instruction to IAD, and instruction IAD sends to Radius server and stops accounting request message; And receiving element receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD;
Described receiving element, also for receiving the stopping charging response message from Radius server that IAD returns.
11. Portal server as claimed in claim 10, it is characterized in that, described transmitting element, also for when determining that the account corresponding with this MAC Address is not identical with this login account described, the page comprising " online; account is described corresponding with this MAC Address account online, account online please to be select to log in or this login account described login " information is pushed to described terminal;
Described receiving element, the account log-on message online also sent for receiving terminal and this account log-on message, and the logging request of carrying account online and the password of account online of receiving terminal transmission;
Described transmitting element, also for receive information that this login account that terminal sends logs in or receive that terminal sends carry the logging request of account online and the password of account online time, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; When receiving the information of the login of account online that terminal sends, Portal login page is pushed to terminal, please the password of user's input account online, and receiving element receive that terminal sends carry the logging request of account online and the password of account online time, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message.
12. Portal server as claimed in claim 10, it is characterized in that, described determining unit, specifically in local maintenance when account, corresponding relation between IP address state and MAC Address state, utilize the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described;
When not safeguarding account, corresponding relation between IP address state and MAC Address state in this locality, the inquiring user billing information request message carrying this account described, IP address and MAC Address is sent to remote customer dialing authentication system Radius server, and receive that Radius server returns carry account corresponding to online, the described MAC Address of the described MAC Address inquiry response message whether identical with this login account described, maintain account, corresponding relation between IP address state and MAC Address state in described Radius server.
13. 1 kinds of web authentication logging in system by user, is characterized in that, described system comprises: terminal, door Portal server and IAD;
Described terminal, for sending the log on request message carrying this login account, the IP address of this terminal and the mac address information of this terminal to Portal server;
Described Portal server, after receiving described log on request message, determine the IP address state of described IP address and the MAC Address state of described MAC Address, described IP address state and MAC Address state include: in online, online and verification process; And when the MAC Address state of the IP address state and described MAC Address of determining described IP address is not online, send challenge Challenge request message to IAD;
IAD, for receiving the Challenge request message that Portal server sends.
14. systems as claimed in claim 13, it is characterized in that, in Portal server local maintenance when account, corresponding relation between IP address state and MAC Address state, described Portal server, specifically for utilizing the described corresponding relation of local maintenance, determine the IP address state of described IP address and the MAC Address state of described MAC Address;
When account, corresponding relation between IP address state and MAC Address state are not safeguarded in Portal server this locality, described system also comprises: remote customer dialing authentication system Radius server;
Described Portal server, also for sending the inquiring user billing information request message carrying account in described log on request message, IP address and MAC Address to Radius server, and according to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Radius server returns, determine the IP address state of described IP address and the MAC Address state of described MAC Address;
Described Radius server, for receiving described inquiring user billing information request message, to the inquiry response message carrying the IP address state of described IP address and the MAC Address state information of described MAC Address that Portal server returns, in described Radius server, maintain account, corresponding relation between IP address state and MAC Address state.
15. systems as claimed in claim 13, it is characterized in that, described Portal server, also for when determining that IP address state is online, the page of " account information please be re-enter " is pushed to described terminal, and when account information is re-entered in the determination receiving terminal, redirect the terminal to Portal login page.
16. systems as claimed in claim 13, is characterized in that, described Portal server, also for when the MAC Address state of described MAC Address is online, determine that whether the account corresponding with this MAC Address be identical with this login account described; When determining that the account corresponding with this MAC Address is identical with this login account described, send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
17. systems as claimed in claim 16, it is characterized in that, described Portal server, also for when determining that the account corresponding with this MAC Address is not identical with this login account described, the page comprising " online; account is described corresponding with this MAC Address account online, account online please to be select to log in or this login account described login " information is pushed to described terminal; And when receiving the information that this login account that terminal sends logs in, perform following operation: send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message, to stop the charging to account online; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD; When receiving the account log-on message online of terminal transmission, the following operation of execution: push Portal login page to terminal, asks user to input the password of account online; The logging request of account online that what receiving terminal sent carry and the online password of account; Send instruction to IAD, instruction IAD sends to Radius server and stops accounting request message; Receive that IAD returns from the stopping charging response message of Radius server after, send challenge Challenge request message to IAD.
18. systems as claimed in claim 16, it is characterized in that, described Portal server, specifically in local maintenance when account, corresponding relation between IP address state and MAC Address state, Portal server utilizes the described corresponding relation of local maintenance, determine the account that this MAC Address is corresponding, and by account corresponding for this MAC Address compared with this login account described; When not safeguarding account, corresponding relation between IP address state and MAC Address state in this locality, the inquiring user billing information request message carrying this account described, IP address and MAC Address is sent to remote customer dialing authentication system Radius server, and receive that Radius server returns carry account corresponding to online, the described MAC Address of the described MAC Address inquiry response message whether identical with this login account described, maintain account, corresponding relation between IP address state and MAC Address state in described Radius server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104837134A true CN104837134A (en) | 2015-08-12 |
| CN104837134B CN104837134B (en) | 2018-06-26 |
Family
ID=53814712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410045084.0A Active CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104837134B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262639A (en) * | 2015-09-16 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Method and system for detecting online state of network element |
| CN110650448A (en) * | 2019-09-03 | 2020-01-03 | 怀化学院 | Call management system and method for mobile communication terminal |
| CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
| CN113992458A (en) * | 2021-10-21 | 2022-01-28 | 中国电信股份有限公司 | Information verification method, device, medium and electronic equipment in dial-up networking process |
| CN114416195A (en) * | 2021-12-24 | 2022-04-29 | 青岛海尔科技有限公司 | H5 page loading method and device, intelligent terminal and server |
| CN114422217A (en) * | 2021-12-31 | 2022-04-29 | 中国电信股份有限公司 | Dialing authentication method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
| CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method for preventing faked users and access point in radio access network |
| WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
| CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
-
2014
- 2014-02-07 CN CN201410045084.0A patent/CN104837134B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
| CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method for preventing faked users and access point in radio access network |
| WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
| CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262639A (en) * | 2015-09-16 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Method and system for detecting online state of network element |
| CN105262639B (en) * | 2015-09-16 | 2019-07-26 | 上海斐讯数据通信技术有限公司 | Detect the method and system of network element presence |
| CN110650448A (en) * | 2019-09-03 | 2020-01-03 | 怀化学院 | Call management system and method for mobile communication terminal |
| CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
| CN113992458A (en) * | 2021-10-21 | 2022-01-28 | 中国电信股份有限公司 | Information verification method, device, medium and electronic equipment in dial-up networking process |
| CN114416195A (en) * | 2021-12-24 | 2022-04-29 | 青岛海尔科技有限公司 | H5 page loading method and device, intelligent terminal and server |
| CN114416195B (en) * | 2021-12-24 | 2023-08-18 | 青岛海尔科技有限公司 | H5 page loading method and device, intelligent terminal and server |
| CN114422217A (en) * | 2021-12-31 | 2022-04-29 | 中国电信股份有限公司 | Dialing authentication method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104837134B (en) | 2018-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110300117B (en) | IOT device and user binding authentication method, device and medium | |
| CN103746812B (en) | A kind of access authentication method and system | |
| CN104811462B (en) | A kind of access gateway reorientation method and access gateway | |
| EP3179758A1 (en) | Building intercom method, nfc unlocking device and building intercom system | |
| CN104837134A (en) | Web authentication user registration method, device and system | |
| CN108667699B (en) | Method and device for interconnecting terminal equipment and gateway equipment | |
| CN105554098A (en) | Device configuration method, server and system | |
| WO2016049197A1 (en) | Payment verification method, apparatus and system | |
| CN104821940A (en) | Method and equipment for sending portal redirected address | |
| CN105162802B (en) | Portal authentication method and certificate server | |
| CN110505188B (en) | Terminal authentication method, related equipment and authentication system | |
| CN101702717A (en) | Method, system and equipment for authenticating Portal | |
| WO2017177691A1 (en) | Portal authentication method and system | |
| CN106686592B (en) | Network access method and system with authentication | |
| CN111194035B (en) | Network connection method, device and storage medium | |
| EP3043509A1 (en) | Portal authentication method, broadband network gateway (bng), portal server and system | |
| CN103024740A (en) | Method and system for accessing internet by mobile terminal | |
| CN110830516B (en) | Network access method, device, network control equipment and storage medium | |
| CN104836812A (en) | Portal authentication method, device and system | |
| CN107508822A (en) | Access control method and device | |
| CN104936177A (en) | Access authentication method and access authentication system | |
| CN106878270A (en) | Enhanced access control equipment based on portal agreements | |
| CN109618004A (en) | A kind of message forwarding method and device | |
| CN101257518B (en) | Method and system for preventing lawless ordering without through charging gateway in WAP platform | |
| CN106912049A (en) | The method for improving user authentication experience |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |