CN104837134B - A kind of web authentication user login method, equipment and system - Google Patents

A kind of web authentication user login method, equipment and system Download PDF

Info

Publication number
CN104837134B
CN104837134B CN201410045084.0A CN201410045084A CN104837134B CN 104837134 B CN104837134 B CN 104837134B CN 201410045084 A CN201410045084 A CN 201410045084A CN 104837134 B CN104837134 B CN 104837134B
Authority
CN
China
Prior art keywords
account
mac address
address
state
online
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410045084.0A
Other languages
Chinese (zh)
Other versions
CN104837134A (en
Inventor
王志明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Beijing Co Ltd
Original Assignee
China Mobile Group Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Beijing Co Ltd filed Critical China Mobile Group Beijing Co Ltd
Priority to CN201410045084.0A priority Critical patent/CN104837134B/en
Publication of CN104837134A publication Critical patent/CN104837134A/en
Application granted granted Critical
Publication of CN104837134B publication Critical patent/CN104837134B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of web authentication user login method, equipment and system, including:Portal Portal server receive terminal transmission carry this login account, the IP address of the terminal and the log on request message of mac address information after, determine the IP address state of the IP address and the MAC Address state of the MAC Address, Portal server sends challenge Challenge request messages when the IP address state and the MAC Address state of the MAC Address for determining the IP address are not online, to access gateway.In the scheme of the embodiment of the present invention, the IP address state of the terminal and MAC Address state are verified during because to this login of terminal, when being determined as not online, namely meet IP address and when MAC Address is only capable of primary online uniqueness restrictive condition, just carry out Challenge interaction flows so that user can successfully carry out web authentication.

Description

A kind of web authentication user login method, equipment and system
Technical field
The present invention relates to wireless communication technology field more particularly to a kind of web authentication user login method, equipment and it is System.
Background technology
Based on portal (Portal) agreement, hypertext transfer protocol (Hypertext Transfer Protocol, HTTP) The web authentication of redirection is widely used in the certification control of linking Internet.The typical signalling flow journey of web authentication as shown in Figure 1, Include the following steps:
Step 101:Terminal sends HTTP connection request messages to access gateway;
Step 102:Access gateway judges that (IP address or MAC Address that are generally basede on terminal) terminal is in unverified shape State pushes HTTP redirection message to unverified terminal;
Under normal circumstances, uniform resource locator (the Union Resource of construction are included in HTTP redirection message Location, URL), URL below is an example:http://221.176.1.140:8080/wlan/index.php Wlanuserip=183.241.167.185&wlanacn ame=1201.0010.100.00&ssid=CMCC&NASID= 8047202010000460
Wherein contain the use needed for IP address (221.176.1.140) the initiation subsequent authentication flow of Portal server The information such as family IP address (wlanuserip=183.241.167.185).
Step 103:Terminal sends HTTP connection request messages to Portal server;
Terminal sends HTTP request using above-mentioned URL to Portal server, since access gateway is in HTTP redirection The IP address of terminal is included in the URL of construction, therefore, step 103 can realize the IP by this unique identification information namely terminal Address passes to Portal server.
Step 104:Portal server pushes unified certification Portal login pages to terminal;
Step 105:Terminal receives account input by user and password and sends logging request to Portal server;
Step 106:Portal server inquires customer charging information to Radius servers;
Step 107:Radius servers return to query result to Portal server;
Step 108:Portal server determines query result when being successfully, and challenge Challenge is sent to access gateway Message;
The IP address (wlanuserip) that Portal is extracted in URL is contained in the Challenge messages.
Step 109:The Challenge of distribution is sent to Portal server by access gateway;
Step 110:Portal server is encrypted user name password using the Challenge of reception, and by account The information such as password are sent to access gateway;
Step 111:The authentication data received is forwarded to remote customer dialing authentication system (Remote by access gateway Authentication Dial In User Service, Radius) server verified;
Step 112:Access gateway receives the authentication result of Radius server feedbacks;
In this step 112, the certification that access gateway receives the reply of Radius servers in flow is reached the standard grade in certification passes through This IP address is configured to pass through authentication state after message.
Step 113:The authentication result of Radius server feedbacks is forwarded to Portal server by access gateway;
Step 114:Portal server logins successfully the page to terminal push.
Step 115:Portal server sends certification success to access gateway.
Under normal circumstances, terminal can successfully carry out above-mentioned flow, successfully pass through web authentication, however, above-mentioned Web Identifying procedure can not judge, and eventually lead to login failure the abnormal login behavior of terminal.
Cause to reach the standard grade the case of flow failure below by by terminal initiate repeatedly to reach the standard grade flow this abnormal login behavior Login failure is illustrated:
As shown in Fig. 2, Portal server is sent to the challenge request (req_ of access gateway during reaching the standard grade Challenge) userip in message (IP address) is authenticated mistake, the IP address being online at AC, Access gateway will refuse the Challenge interaction applications of Portal server, and user is caused to reach the standard grade unsuccessfully.
Practical message interaction process:User reaches the standard grade for the first time, and flow (21) is normal to be performed, but then user initiates second Reaching the standard grade (22), (after reaching the standard grade such as click, user clicks " return key " in mobile phone operation interface and retracts to Portal login pages simultaneously Identifying procedure has been initiated again), second of flow access gateway, which has rejected challenge interaction requests, causes user to reach the standard grade mistake It loses.
Browser is based on after user initiates repeatedly to reach the standard grade, such as log in return to Portal login pages and initiate login again Flow, user open the Portal login pages preserved and initiate login process etc., work as Portal server in this case When sending request challenge challenge messages, access gateway will return to the message for distributing challenge mistakes, type of error packet It includes that terminal is in verification process, terminal is in and has reached the standard grade state etc., leads to the flow of reaching the standard grade of user can not normally to circulate, log in Failure causes user bad using the perception of network.
Invention content
The embodiment of the present invention provides a kind of web authentication user login method, equipment and system, to solve in the prior art WEB verification process can not judge the abnormal login behavior of user, and the problem of eventually lead to login failure.
A kind of web authentication user login method, the method includes:
Portal server receive terminal transmission carry this login account, the terminal IP address and the terminal Mac address information log on request message after, with determining the IP address state of the IP address and the MAC of the MAC Address Location state, the IP address state and MAC Address state include:In not online, online and verification process;
Portal server is equal in the IP address state and the MAC Address state of the MAC Address for determining the IP address When being not online, challenge Challenge request messages are sent to access gateway.
A kind of Portal server, the Portal server include:
Receiving unit, for receive terminal transmission carry this login account, the terminal IP address and the terminal The log on request message of mac address information;
Determination unit, for determining the MAC Address state of the IP address state of the IP address and the MAC Address, institute It states IP address state and MAC Address state includes:In not online, online and verification process;
Transmitting element, for equal in the IP address state and the MAC Address state of the MAC Address for determining the IP address When being not online, Challenge request messages are sent to access gateway.
A kind of web authentication logging in system by user, the system comprises:Terminal, Portal server and access gateway;
The terminal carries this login account, the IP address of the terminal and the end for being sent to Portal server The log on request message of the mac address information at end;
The Portal server after receiving the log on request message, determines the IP address shape of the IP address The MAC Address state of state and the MAC Address, the IP address state and MAC Address state include:It is not online, online and In verification process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not exist During line, Challenge request messages are sent to access gateway;
Access gateway, for receiving the Challenge request messages of Portal server transmission.
In the scheme of the embodiment of the present invention, due to the IP address state and MAC Address of terminal when this is logged in terminal State is verified, and when being determined as not online namely meets IP address and MAC Address is only capable of primary online uniqueness limit During condition processed, Challenge interaction flows are just carried out so that user can successfully carry out web authentication.
Description of the drawings
Fig. 1 is web authentication signaling process schematic diagram in background technology;
Fig. 2 is the data packet sectional drawing captured in background technology;
Fig. 3 is one of web authentication user login method flow chart in the embodiment of the present invention;
Fig. 4 is two of web authentication user login method flow chart in the embodiment of the present invention;
Fig. 5 is the signaling process figure that web authentication user logs in the embodiment of the present invention;
Fig. 6 is the structure diagram of Portal server in the embodiment of the present invention;
Fig. 7 is the system structure diagram that web authentication user logs in the embodiment of the present invention.
Specific embodiment
To clearly demonstrate the scheme of the embodiment of the present invention, first below to the basic principle of the embodiment of the present invention into Row explanation.
It is that IP address (use by mark respectively since there are two types of identification information identity users in the signalling interactive process of web authentication Unique index of the family in access gateway), MAC Address (terminal of identity user).Therefore, to one user of unique mark, Then this two kinds of identification informations need to meet uniqueness restrictive condition, that is, IP, MAC are to have and can only be once online, an IP Address cannot distribute to two terminals and use, and a terminal cannot reach the standard grade twice, and being all can only be once online.
In the scheme of the embodiment of the present invention, after flow is reached the standard grade in user terminal initiation, Portal server is initiated Before Challenge interactions, do infomation detection to above two identification information, and it is online to MAC when online account and this The comparison information of secondary login account is detected, and is only satisfied by uniqueness qualifications there are two types of identification information, is solved online account It could perform that Challenge is interactive and Subsequent signaling flows journey after number conflict.
In general, abnormal conditions are including following two:
The first:IP address is online:That maximum may be the user that portal servers are got by Portal URL IP address (userip) is not correct IP address, redirects the user to WWW.10086.CN in this case and (is not limited to This website), user terminal is made to perform a HTTP redirection flow, accessing login page by correct Portal URL is It can;
Second:MAC Address is online:Represent that this user terminal has been online, performed if account is identical it is offline- Flow of reaching the standard grade makes user log in success, if account is different, needs to prompt this terminal of user complete by account * * * in such cases Into identifying procedure, certification is currently at by state, flow is logged according to the corresponding account of selection execution of user.
With reference to specific embodiment detailed description of the present invention scheme.
As shown in figure 3, for a kind of web authentication user login method schematic diagram in the embodiment of the present invention, the method tool Body includes the following steps:
Step 301:Portal server receive terminal send carry this login account, the terminal IP address and should The log on request message of the mac address information of terminal, and perform step 302;
Step 302:Portal server determines the IP address state of the IP address and the MAC Address of the MAC Address State, the IP address state and MAC Address state include:In not online, online and verification process;
In Portal server in the IP address state for determining the IP address in verification process or the MAC Address When MAC Address state is in verification process, step 303 is performed;
In Portal server in the IP address state for determining the IP address and the MAC Address state of the MAC Address When being not online, step 304 is performed;
Portal server performs step 305 when it is online to determine IP address state;
Portal server performs step 306 when it is online to determine MAC Address state;
Step 303:Terminate.
It should be noted that in the IP address state for determining the IP address in verification process or the MAC Address When MAC Address state is in verification process, explanation is because the browser of the terminal goes wrong or network congestion occurs and leads Family of applying can not log in, at this time without any operation.
Step 304:Challenge request messages are sent to access gateway.
Step 305:The page of " account information please be re-enter " is pushed to the terminal and is receiving terminal really When re-entering account information surely, Portal login pages are pushed to terminal.
This step 305 is performed for the online this case of IP address, the reason of IP address is online very big possibility occurs It is because user has used the Portal URL preserved to open the Portal pages, and then make Portal server from the URL The IP address of the terminal of middle acquisition is the IP address of mistake, and the Portal pages are redirected the terminal to, and then can obtain at this point, taking Obtain correct IP address.
Step 306:Portal server judge corresponding with MAC Address account and this described login account whether phase Together;When identical, step 307 is performed;When differing, step 308 is performed.
Step 307:It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request Message, and perform step 309;
Step 309:Portal server is rung in the stopping charging from Radius servers for receiving access gateway return After answering message, Challenge request messages are sent to access gateway.
Portal server judges that account corresponding with the MAC Address is identical with this described login account, illustrates the end End is logged in using account, this is to carry out repeating to log in using same account, therefore, performs above-mentioned steps 307 With step 309, with reach make online account it is offline, the purpose for the account of reaching the standard grade again.
Portal server judges whether account corresponding with the MAC Address and this described login account are identical, explanation The terminal is used for an account (i.e. online account) and is logged in, this is that (i.e. this is stepped on using another account Record account) it is logged in, since same terminal cannot log in two accounts simultaneously, perform following step 308 and step 401 and step 402, this is made to have restarted the login process of reaching the standard grade of online account again after line account is offline to reach Purpose;Or following step 308 and step 501- steps 504 are performed, make this to reach online account is offline, start described The purpose of the login process of reaching the standard grade of secondary login account;
Step 308:To terminal push comprising " online, account is the account corresponding with the MAC Address, please The page of selection online account login or the login of this login account " information;
Portal server performs following steps 401 in this login account log-on message for receiving terminal transmission With step 402:
Step 401:It sends and indicates to Radius servers, instruction access gateway is sent to Radius servers stops charging Request message, to stop the charging to the online account;
Step 402:After the stopping charging response message from Radius servers for receiving access gateway return, to connecing Function Access Gateway sends Challenge request messages;
Portal server performs following steps 501- steps in the online account log-on message for receiving terminal transmission Rapid 504:
Step 501:Portal login pages are pushed to terminal, user is asked to input the password of online account;
Step 502:Receive terminal transmission carries online account and the logging request of the password of online account;
Step 503:Offline instruction is sent to access gateway, instruction access gateway is sent to Radius servers stops charging Request message, to stop the charging to the online account;
Step 504:After the stopping charging response message from Radius servers for receiving access gateway return, to connecing Function Access Gateway sends Challenge request messages.
Preferably, determine that the IP address state of the IP address and the MAC Address state of the MAC Address specifically include:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state, Portal server utilizes the correspondence of local maintenance, with determining the IP address state of the IP address and the MAC The MAC Address state of location;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server When, Portal server sends to remote customer dialing authentication system Radius servers and carries in the log on request message The inquiry customer charging information request message of account, IP address and MAC Address, and the carrying institute returned according to Radius servers The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address is stated, with determining the IP The IP address state of location and the MAC Address state of the MAC Address maintain account, IP address in the Radius servers Correspondence between state and MAC Address state.
Preferably, the Portal server determines that account corresponding with the MAC Address is with this described login account It is no identical, it specifically includes:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state, Portal server utilizes the correspondence of local maintenance, determines the corresponding account of the MAC Address, and by the MAC Address Corresponding account is compared with this described login account;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server When, Portal server sends the inquiry user meter for carrying described this account, IP address and MAC Address to Radius servers Charge information request message, and the carrying MAC Address for receiving the return of Radius servers is online, the MAC Address is corresponding Account and this described login account whether identical inquiry response message maintain account, IP in the Radius servers Correspondence between address state and MAC Address state.
Due to storing the correspondence between account, IP address state and MAC Address state in existing Radius servers Relation information, therefore, the embodiment of the present invention is in Portal server locally no storage correspondence relationship information, the present invention Radius servers are when returning to inquiry response message in embodiment, dexterously by MAC Address state, IP address state and This login account in the inquiry response message, was both believed these with the MAC Address whether identical carrying of online (if there is) Breath has passed to Portal server, and does not influence the interaction of existing inquiry customer charging information message, without using volume Outer request message obtains these information.
Web authentication user login method shown in Fig. 4 is identical with the flow essence in above-mentioned Fig. 3, is more simplified one A flow chart can illustrate to simplicity and clarity the scheme of the embodiment of the present invention, include the following steps:
Step 601:Portal server judges whether IP address state is in verification process or MAC Address state is recognizes During card;If so, terminate;Otherwise, step 602 is performed;
Step 602:Portal server judges whether IP address state is online, if judging result is no, performs step Rapid 603;If the determination result is YES, then step 605 is performed;
Step 603:Portal server judges whether MAC Address state is online, if judging result is no, performs step Rapid 604;If the determination result is YES, then step 607 is performed;
Step 604:Portal server starts flow of reaching the standard grade;
Step 605:Portal server pushes " please re-enter account information ", redirects the terminal to Www.10086.CN, and perform step 606;
Step 606:Terminal is redirected to Portal login pages;
Step 607:Portal server judges whether new account (namely this login account) and online account are identical; If the determination result is YES, then step 608 is performed;If judging result is no, step 610 is performed;
Step 608:Portal server performs the offline operation of online account, and perform step 609;
Step 609:Portal server starts new account and reaches the standard grade operation;
Step 610:" online, account * * * * please be selected online with new account login/use for Portal server push Account logs in ", and perform step 611;
Step 611:Terminal is selected;If new account is selected to log in, step 612 is performed;If selection online account Number log in, then perform step 614;
Step 612:Portal server performs the offline operation of online account;And perform step 613;
Step 613:Portal server performs the flow of reaching the standard grade for starting new account;
Step 614:Portal server please input the password of online account to terminal push;And receiving terminal It carries and performs step 615 after the logging request of line account number cipher;
Step 615:Portal server performs the offline operation of online account and online account is reached the standard grade flow.
It is the Web Signalling exchange flow charts of the embodiment of the present invention shown in Fig. 5;Portal server is obtained from Radius servers Take MAC Address state, IP address state and this login account and MAC Address online (if there is) whether identical information; Specifically include following steps:
Step 701 is identical to step 105 with the step 101 in background technology to step 705, and which is not described herein again;
Step 706:Portal server sends inquiry customer charging information to Radius servers;
Step 707:Radius servers return to query result to Portal server, and the terminal is included in the query result MAC Address state, the IP address state of the terminal and this login account and the MAC Address online (if there is) Whether identical information;
Step 708:Hereafter Portal server carries out different Signalling exchanges according to query result;Specifically include following 4 Kind Signalling exchange:
1) when IP address is online:
Portal server pushes " please re-enter account information " to terminal;
Terminal sends " determining " to Portal server;
Portal server redirects the terminal to www.10086.cn;
Terminal is redirected to Portal login pages, and circulate flow of reaching the standard grade again;
2) MAC Address is online, when account is identical:
Portal server sends offline instruction to access gateway, changes into IP address state to access gateway offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
3) MAC Address is online, when account differs:
Portal server pushes that " online, account * * * * please select this login account login/online to terminal Account logs in ";
Terminal sends selection result to Portal server;
3.1) when selection result is online account login:
Portal server please input the password of online account number to the terminal push page;
Terminal receives password input by user, and sending request to Portal server logs in;
Portal server sends offline instruction to access gateway, and access gateway changes into IP address state offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
3.2) when selection result is logged in for this login account:
Portal server sends offline instruction to access gateway, and access gateway changes into IP address state offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
4) MAC Address and IP address be not online
Challenge request messages are sent to access gateway;
Step 709- steps 715 are identical with the step 109- steps 115 in background technology, and which is not described herein again.
The embodiment of the present invention also proposes a kind of Portal server, structure diagram as shown in fig. 6, including:It receives single Member 61, determination unit 62 and transmitting element 63, wherein:
Receiving unit 61, for receive terminal transmission carry this login account, the terminal IP address and the terminal Mac address information log on request message;
Determination unit 62, for determining the MAC Address state of the IP address state of the IP address and the MAC Address, The IP address state and MAC Address state include:In not online, online and verification process;
Transmitting element 63, in the IP address state and the MAC Address state of the MAC Address for determining the IP address When being not online, challenge Challenge request messages are sent to access gateway.
Preferably, the determination unit 62, specifically in local maintenance account, IP address state and MAC Address shape During correspondence between state, using the correspondence of local maintenance, IP address state and the institute of the IP address are determined State the MAC Address state of MAC Address;The corresponding pass between account, IP address state and MAC Address state is not being safeguarded locally When being, the account carried in the log on request message, IP are sent to remote customer dialing authentication system Radius servers Location and the inquiry customer charging information request message of MAC Address, and the carrying IP address returned according to Radius servers IP address state and the MAC Address MAC Address status information inquiry response message, with determining the IP of the IP address The MAC Address state of location state and the MAC Address maintains account, IP address state and MAC in the Radius servers Correspondence between address state.
Preferably, the transmitting element 63 is additionally operable to when it is online that determination unit, which determines IP address state, to the end The page of end push " account information please be re-enter ";
Receiving unit 61 is additionally operable to reception the determining of terminal and re-enters account information;
The Portal server further includes:
Redirect unit 64, for receive terminal it is determining re-enter account information when, redirect the terminal to Portal login pages.
Preferably, the determination unit 62 is additionally operable to, when it is online to determine MAC Address state, determine and the MAC Address Whether corresponding account and this described login account are identical;
The transmitting element 63 is additionally operable to determine that account corresponding with the MAC Address is stepped on described this in determination unit It when record account is identical, sends and indicates to access gateway, instruction access gateway sends stopping accounting request report to Radius servers Text;And after the stopping charging response message from Radius servers in receiving unit receiving access gateway return, to connecing Function Access Gateway sends challenge Challenge request messages;
The receiving unit 61 is additionally operable to receive the response of the stopping charging from Radius servers that access gateway returns Message.
Preferably, the transmitting element 63 is additionally operable in determining account corresponding with the MAC Address and this described login When account differs, to the terminal push comprising " online, online account be described in account corresponding with the MAC Address, Please select that online account logs in or this described login account logs in " page of information;
The receiving unit 61 is additionally operable to receive online account log-on message and this account login letter that terminal is sent What breath and reception terminal were sent carries online account and the logging request of the password of online account;
The transmitting element 63 is additionally operable to receiving the information for this login account login that terminal is sent or connecing When carrying online account and the logging request of the password of online account of terminal transmission is received, is referred to access gateway transmission Show, instruction access gateway is sent to Radius servers stops accounting request message;In the online account for receiving terminal transmission During number information logged in, Portal login pages are pushed to terminal, user's input is asked the password of online account and to receive Unit receives when carrying online account and the logging request of the password of online account of terminal transmission, is sent out to access gateway Instruction is sent, instruction access gateway is sent to Radius servers stops accounting request message.
Preferably, the determination unit 62, specifically in local maintenance account, IP address state and MAC Address shape During correspondence between state, using the correspondence of local maintenance, the corresponding account of the MAC Address is determined, and should The corresponding account of MAC Address is compared with this described login account;Locally account, IP address state and MAC are not being safeguarded During correspondence between address state, sent to remote customer dialing authentication system Radius servers and carry this described account Number, the inquiry customer charging information request message of IP address and MAC Address, and receive described in the carrying of Radius servers return MAC Address is online, the corresponding account of the MAC Address and the whether identical inquiry response message of this described login account, institute State the correspondence maintained in Radius servers between account, IP address state and MAC Address state.
The embodiment of the present invention also proposes a kind of web authentication logging in system by user, structure diagram as shown in fig. 7, comprises: Its spy is, the system comprises:Terminal 71, Portal server 72 and access gateway 73;
The terminal 71, for Portal server send carry this login account, the terminal IP address and should The log on request message of the mac address information of terminal;
The Portal server 72 after receiving the log on request message, determines the IP address of the IP address The MAC Address state of state and the MAC Address, the IP address state and MAC Address state include:It is not online, online In verification process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not When online, challenge Challenge request messages are sent to access gateway;
Access gateway 73, for receiving the Challenge request messages of Portal server transmission.
Preferably, the correspondence between Portal server local maintenance account, IP address state and MAC Address state During relationship, the Portal server 72 specifically for the correspondence using local maintenance, determines the IP address The MAC Address state of IP address state and the MAC Address;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server When, the system also includes:Radius servers 74;
The Portal server 72 is additionally operable to send the account carried in the log on request message to Radius servers Number, the inquiry customer charging information request message of IP address and MAC Address, and according to the carrying that Radius servers return The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address, determines the IP address IP address state and the MAC Address MAC Address state;
The Radius servers 74 for receiving the inquiry customer charging information request message, are serviced to Portal The inquiry response report of the IP address state for the carrying IP address that device returns and the MAC Address status information of the MAC Address Text maintains the correspondence between account, IP address state and MAC Address state in the Radius servers.
Preferably, the Portal server 72 is additionally operable to, when it is online to determine IP address state, push away to the terminal Send " account information please be re-enter " the page and receive terminal it is determining re-enter account information when, by terminal It is redirected to Portal login pages.
Preferably, the Portal server 72 is additionally operable to when the MAC Address state of the MAC Address is online, really Whether fixed account corresponding with the MAC Address and this described login account are identical;In determining account corresponding with the MAC Address It when identical with this described login account, send and indicates to access gateway, instruction access gateway is stopped to the transmission of Radius servers Only accounting request message;After the stopping charging response message from Radius servers for receiving access gateway return, to connecing Function Access Gateway sends challenge Challenge request messages.
Preferably, the Portal server 72, be additionally operable to determining account corresponding with the MAC Address with it is described this When login account differs, to terminal push comprising " online, online account is described corresponding with the MAC Address Account, please select that online account logs in or this described login account logs in " page of information;And receiving terminal hair During the information that this login account sent logs in, following operate is performed:To access gateway send indicate, instruction access gateway to Radius servers, which are sent, stops accounting request message, to stop the charging to online account;It is returned receiving access gateway The stopping charging response message from Radius servers after, to access gateway send challenge Challenge request messages; When receiving the online account log-on message of terminal transmission, following operate is performed:Portal login pages are pushed to terminal, it please User inputs the password of online account;Receive carrying online account and the login of the password of online account that terminal is sent Request;It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;It is receiving After the stopping charging response message from Radius servers that access gateway returns, send and challenge to access gateway Challenge request messages.
Preferably, the Portal server 72, specifically in local maintenance account, IP address state and MAC During correspondence between the state of location, Portal server utilizes the correspondence of local maintenance, determines the MAC Address pair The account answered, and the corresponding account of the MAC Address is compared with this described login account;Locally do not safeguard account, During correspondence between IP address state and MAC Address state, sent out to remote customer dialing authentication system Radius servers The inquiry customer charging information request message for carrying described this account, IP address and MAC Address is sent, and receives Radius services Whether what device returned carries the online MAC Address, the corresponding account of MAC Address and this described login account identical Inquiry response message, maintain in the Radius servers between account, IP address state and MAC Address state corresponding closes System.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, those skilled in the art once know basic creation Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (18)

1. a kind of web authentication user login method, which is characterized in that the method includes:
Portal Portal server receive terminal transmission carry this login account, the terminal IP address and the terminal Mac address information log on request message after, with determining the IP address state of the IP address and the MAC of the MAC Address Location state, the IP address state and MAC Address state include:In not online, online and verification process;
Portal server is not in the IP address state and the MAC Address state of the MAC Address for determining the IP address When online, challenge Challenge request messages are sent to access gateway.
2. the method as described in claim 1, which is characterized in that the IP address state of the IP address and described of determining The MAC Address state of MAC Address, specifically includes:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state, Portal server utilizes the correspondence of local maintenance, with determining the IP address state of the IP address and the MAC The MAC Address state of location;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state, Portal server sends the account carried in the log on request message to remote customer dialing authentication system Radius servers Number, the inquiry customer charging information request message of IP address and MAC Address, and according to the carrying that Radius servers return The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address, determines the IP address IP address state and the MAC Address MAC Address state, maintain account, IP address shape in the Radius servers Correspondence between state and MAC Address state.
3. the method as described in claim 1, which is characterized in that Portal server determine IP address state for it is online when, To the page of terminal push " account information please be re-enter ";
Receive terminal it is determining re-enter account information when, redirect the terminal to Portal login pages.
4. the method as described in claim 1, which is characterized in that when the MAC Address state of the MAC Address is online, Portal server determines whether account corresponding with the MAC Address and this described login account are identical;
When determining account corresponding with the MAC Address is identical with this described login account, sends and indicate to access gateway, refer to Show that access gateway is sent to Radius servers and stop accounting request message;
Portal server is after the stopping charging response message from Radius servers for receiving access gateway return, to connecing Function Access Gateway sends challenge Challenge request messages.
5. method as claimed in claim 4, which is characterized in that determining account corresponding with the MAC Address with it is described this When login account differs, to terminal push comprising " online, online account is described corresponding with the MAC Address Account, please select that online account logs in or this described login account logs in " page of information;
Portal server performs following operate in the information that this login account for receiving terminal transmission logs in:
It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message, to stop Charging to online account;
After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission War Challenge request messages;
Portal server performs following operate in the online account log-on message for receiving terminal transmission:
Portal login pages are pushed to terminal, user is asked to input the password of online account;
Receive terminal transmission carries online account and the logging request of the password of online account;
It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;
After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission War Challenge request messages.
6. method as claimed in claim 4, which is characterized in that the Portal server determines corresponding with the MAC Address Whether account and this described login account are identical, specifically include:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state, Portal server utilizes the correspondence of local maintenance, determines the corresponding account of the MAC Address, and by the MAC Address Corresponding account is compared with this described login account;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state, Portal server sent to remote customer dialing authentication system Radius servers carry this described account, IP address and The inquiry customer charging information request message of MAC Address, and the carrying MAC Address for receiving the return of Radius servers exists Line, the corresponding account of the MAC Address and the whether identical inquiry response message of this described login account, the Radius clothes The correspondence between account, IP address state and MAC Address state is maintained in business device.
7. a kind of portal Portal server, which is characterized in that the Portal server includes:
Receiving unit, for receiving the MAC for carrying this login account, the IP address of the terminal and the terminal of terminal transmission The log on request message of location information;
Determination unit, for determining the MAC Address state of the IP address state of the IP address and the MAC Address, the IP Address state and MAC Address state include:In not online, online and verification process;
Transmitting element, for being not in the IP address state and the MAC Address state of the MAC Address for determining the IP address When online, challenge Challenge request messages are sent to access gateway.
8. Portal server as claimed in claim 7, which is characterized in that the determination unit, specifically in local dimension When having protected the correspondence between account, IP address state and MAC Address state, using the correspondence of local maintenance, Determine the IP address state of the IP address and the MAC Address state of the MAC Address;
When locally not safeguarding the correspondence between account, IP address state and MAC Address state, to remote customer dialing The inquiry that Verification System Radius servers send the account carried in the log on request message, IP address and MAC Address is used Family billing information request message, and the IP address state of the carrying IP address returned according to Radius servers and described The inquiry response message of the MAC Address status information of MAC Address, with determining the IP address state of the IP address and the MAC The MAC Address state of location maintains pair between account, IP address state and MAC Address state in the Radius servers It should be related to.
9. Portal server as claimed in claim 7, which is characterized in that the transmitting element is additionally operable in determination unit Determine IP address state for it is online when, to the terminal push " account information please be re-enter " the page;
Receiving unit is additionally operable to reception the determining of terminal and re-enters account information;
The Portal server further includes:
Redirect unit, for receive terminal it is determining re-enter account information when, redirect the terminal to Portal Login page.
10. Portal server as claimed in claim 7, which is characterized in that the determination unit is additionally operable to determining MAC When address state is online, determine whether account corresponding with the MAC Address and this described login account are identical;
The transmitting element is additionally operable to determine account corresponding with the MAC Address and this described login account in determination unit It when identical, send and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;And After the stopping charging response message from Radius servers for receiving access gateway return in receiving unit, sent out to access gateway Send challenge Challenge request messages;
The receiving unit is additionally operable to receive the stopping charging response message from Radius servers that access gateway returns.
11. Portal server as claimed in claim 10, which is characterized in that the transmitting element, be additionally operable to determine with When the corresponding account of the MAC Address is differed with this described login account, include and " online, exist to terminal push Line account is the account corresponding with the MAC Address, please select online account login or the login of this described login account " The page of information;
The receiving unit is additionally operable to receive online account log-on message and this account log-on message that terminal is sent, with And receive that terminal sends carries online account and the logging request of the password of online account;
The transmitting element is additionally operable to receiving the information for this login account login that terminal is sent or receiving end When what end was sent carries online account and the logging request of the password of online account, send and indicate to access gateway, instruction Access gateway is sent to Radius servers stops accounting request message;It is logged in the online account for receiving terminal transmission During information, Portal login pages are pushed to terminal, user is asked to input the password of online account and received in receiving unit It when carrying online account and the logging request of the password of online account, sends and indicates to access gateway to terminal transmission, It indicates that access gateway is sent to Radius servers and stops accounting request message.
12. Portal server as claimed in claim 10, which is characterized in that the determination unit, specifically in local When maintaining the correspondence between account, IP address state and MAC Address state, the corresponding pass of local maintenance is utilized System, determines the corresponding account of the MAC Address, and the corresponding account of the MAC Address is compared with this described login account;
When locally not safeguarding the correspondence between account, IP address state and MAC Address state, to remote customer dialing The inquiry customer charging information that Verification System Radius servers send carrying described this account, IP address and MAC Address please Message is sought, and the carrying MAC Address for receiving the return of Radius servers is online, the corresponding account of the MAC Address and institute The whether identical inquiry response message of this login account is stated, account, IP address state are maintained in the Radius servers Correspondence between MAC Address state.
13. a kind of web authentication logging in system by user, which is characterized in that the system comprises:Terminal, portal Portal server And access gateway;
The terminal carries this login account, the IP address of the terminal and the terminal for being sent to Portal server The log on request message of mac address information;
The Portal server, after receiving the log on request message, determine the IP address IP address state and The MAC Address state of the MAC Address, the IP address state and MAC Address state include:Not online, online and certification In the process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not online When, send challenge Challenge request messages to access gateway;
Access gateway, for receiving the Challenge request messages of Portal server transmission.
14. system as claimed in claim 13, which is characterized in that in Portal server local maintenance account, IP address During correspondence between state and MAC Address state, the Portal server, specifically for using described in local maintenance Correspondence determines the IP address state of the IP address and the MAC Address state of the MAC Address;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state, institute The system of stating further includes:Remote customer dialing authentication system Radius servers;
The Portal server is additionally operable to send the account carried in the log on request message, IP to Radius servers Address and the inquiry customer charging information request message of MAC Address, and the carrying IP returned according to Radius servers The inquiry response message of the IP address state of location and the MAC Address status information of the MAC Address determines the IP of the IP address The MAC Address state of address state and the MAC Address;
The Radius servers for receiving the inquiry customer charging information request message, are returned to Portal server The carrying IP address IP address state and the MAC Address MAC Address status information inquiry response message, it is described The correspondence between account, IP address state and MAC Address state is maintained in Radius servers.
15. system as claimed in claim 13, which is characterized in that the Portal server is additionally operable to determining IP address When state is online, pushes the page of " account information please be re-enter " to the terminal and receiving determining for terminal When re-entering account information, Portal login pages are redirected the terminal to.
16. system as claimed in claim 13, which is characterized in that the Portal server is additionally operable in the MAC Address MAC Address state for it is online when, determine account corresponding with the MAC Address and this described login account it is whether identical; When determining that account corresponding with the MAC Address is identical with this described login account, send and indicate to access gateway, instruction access Gateway is sent to Radius servers stops accounting request message;Receive access gateway return from Radius servers After stopping charging response message, challenge Challenge request messages are sent to access gateway.
17. system as claimed in claim 16, which is characterized in that the Portal server is additionally operable to determining and the MAC When the corresponding account in address and this described login account differ, " online, online account is included to terminal push For the account corresponding with the MAC Address, online account login or the login of this described login account please be select " information The page;And in the information that this login account for receiving terminal transmission logs in, perform following operate:It is sent out to access gateway Instruction is sent, instruction access gateway is sent to Radius servers stops accounting request message, to stop in terms of to online account Take;After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission War Challenge request messages;In the online account log-on message for receiving terminal transmission, following operate is performed:To end End push Portal login pages, ask user to input the password of online account;Receive the carrying online account that terminal is sent The logging request of the password of online account;It sends and indicates to access gateway, instruction access gateway is sent out to Radius servers It send and stops accounting request message;After the stopping charging response message from Radius servers for receiving access gateway return, Challenge Challenge request messages are sent to access gateway.
18. system as claimed in claim 16, which is characterized in that the Portal server, specifically in local maintenance During correspondence between account, IP address state and MAC Address state, Portal server is described using local maintenance Correspondence, determines the corresponding account of the MAC Address, and by the corresponding account of the MAC Address and this described login account phase Compare;When locally not safeguarding the correspondence between account, IP address state and MAC Address state, dialled to remote user Number Verification System Radius servers send the inquiry customer charging information for carrying described this account, IP address and MAC Address Request message, and the carrying MAC Address for receiving the return of Radius servers is online, the corresponding account of the MAC Address with This described login account whether identical inquiry response message maintains account, IP address shape in the Radius servers Correspondence between state and MAC Address state.
CN201410045084.0A 2014-02-07 2014-02-07 A kind of web authentication user login method, equipment and system Active CN104837134B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410045084.0A CN104837134B (en) 2014-02-07 2014-02-07 A kind of web authentication user login method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410045084.0A CN104837134B (en) 2014-02-07 2014-02-07 A kind of web authentication user login method, equipment and system

Publications (2)

Publication Number Publication Date
CN104837134A CN104837134A (en) 2015-08-12
CN104837134B true CN104837134B (en) 2018-06-26

Family

ID=53814712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410045084.0A Active CN104837134B (en) 2014-02-07 2014-02-07 A kind of web authentication user login method, equipment and system

Country Status (1)

Country Link
CN (1) CN104837134B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262639B (en) * 2015-09-16 2019-07-26 上海斐讯数据通信技术有限公司 Detect the method and system of network element presence
CN110650448A (en) * 2019-09-03 2020-01-03 怀化学院 Call management system and method for mobile communication terminal
CN111031053B (en) * 2019-12-17 2022-06-21 迈普通信技术股份有限公司 Identity authentication method and device, electronic equipment and readable storage medium
CN113992458A (en) * 2021-10-21 2022-01-28 中国电信股份有限公司 Information verification method, device, medium and electronic equipment in dial-up networking process
CN114416195B (en) * 2021-12-24 2023-08-18 青岛海尔科技有限公司 H5 page loading method and device, intelligent terminal and server
CN114422217A (en) * 2021-12-31 2022-04-29 中国电信股份有限公司 Dialing authentication method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771540A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 User authentication method, device and system
CN102480729A (en) * 2010-11-22 2012-05-30 中兴通讯股份有限公司 Method for preventing faked users and access point in radio access network
WO2013023470A1 (en) * 2011-08-18 2013-02-21 Hangzhou H3C Technologies Co., Ltd. Portal authentication method and access controller
CN103297967A (en) * 2012-02-28 2013-09-11 中国移动通信集团公司 Method, device and system for user authentication in access of wireless local area network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771540A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 User authentication method, device and system
CN102480729A (en) * 2010-11-22 2012-05-30 中兴通讯股份有限公司 Method for preventing faked users and access point in radio access network
WO2013023470A1 (en) * 2011-08-18 2013-02-21 Hangzhou H3C Technologies Co., Ltd. Portal authentication method and access controller
CN103297967A (en) * 2012-02-28 2013-09-11 中国移动通信集团公司 Method, device and system for user authentication in access of wireless local area network

Also Published As

Publication number Publication date
CN104837134A (en) 2015-08-12

Similar Documents

Publication Publication Date Title
CN104837134B (en) A kind of web authentication user login method, equipment and system
CN104144419B (en) Identity authentication method, device and system
CN103746812B (en) A kind of access authentication method and system
KR101195651B1 (en) System and method for authenticating remote server access
CN104811462B (en) A kind of access gateway reorientation method and access gateway
EP3319293A1 (en) Cross-terminal login-free method and device
CN104158824B (en) Genuine cyber identification authentication method and system
CN103916244B (en) Verification method and device
CN106302308B (en) Trust login method and device
US20180351943A1 (en) Server for providing a token
CN107086979B (en) User terminal verification login method and device
US20210168611A1 (en) Method for securely sharing a url
CN105554098A (en) Device configuration method, server and system
US9787678B2 (en) Multifactor authentication for mail server access
CN103905194B (en) Identity traceability authentication method and system
CN104917727A (en) Account authentication method, system and apparatus
CN104427499A (en) Wireless local area network (WLAN) access authentication method and system based on World Wide Web
CN106559405B (en) Portal authentication method and equipment
CN102811228A (en) Network business login method, equipment and system
CN109474916A (en) A kind of device authentication method, apparatus and machine readable media
CN105681258B (en) Session method and conversational device based on third-party server
CN105721412A (en) Method and device for authenticating identity between multiple systems
CN103905399A (en) Account registration management method and apparatus
CN106209727B (en) Session access method and device
CN107508822A (en) Access control method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant