CN104837134B - A kind of web authentication user login method, equipment and system - Google Patents
A kind of web authentication user login method, equipment and system Download PDFInfo
- Publication number
- CN104837134B CN104837134B CN201410045084.0A CN201410045084A CN104837134B CN 104837134 B CN104837134 B CN 104837134B CN 201410045084 A CN201410045084 A CN 201410045084A CN 104837134 B CN104837134 B CN 104837134B
- Authority
- CN
- China
- Prior art keywords
- account
- mac address
- address
- state
- online
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of web authentication user login method, equipment and system, including:Portal Portal server receive terminal transmission carry this login account, the IP address of the terminal and the log on request message of mac address information after, determine the IP address state of the IP address and the MAC Address state of the MAC Address, Portal server sends challenge Challenge request messages when the IP address state and the MAC Address state of the MAC Address for determining the IP address are not online, to access gateway.In the scheme of the embodiment of the present invention, the IP address state of the terminal and MAC Address state are verified during because to this login of terminal, when being determined as not online, namely meet IP address and when MAC Address is only capable of primary online uniqueness restrictive condition, just carry out Challenge interaction flows so that user can successfully carry out web authentication.
Description
Technical field
The present invention relates to wireless communication technology field more particularly to a kind of web authentication user login method, equipment and it is
System.
Background technology
Based on portal (Portal) agreement, hypertext transfer protocol (Hypertext Transfer Protocol, HTTP)
The web authentication of redirection is widely used in the certification control of linking Internet.The typical signalling flow journey of web authentication as shown in Figure 1,
Include the following steps:
Step 101:Terminal sends HTTP connection request messages to access gateway;
Step 102:Access gateway judges that (IP address or MAC Address that are generally basede on terminal) terminal is in unverified shape
State pushes HTTP redirection message to unverified terminal;
Under normal circumstances, uniform resource locator (the Union Resource of construction are included in HTTP redirection message
Location, URL), URL below is an example:http://221.176.1.140:8080/wlan/index.php
Wlanuserip=183.241.167.185&wlanacn ame=1201.0010.100.00&ssid=CMCC&NASID=
8047202010000460
Wherein contain the use needed for IP address (221.176.1.140) the initiation subsequent authentication flow of Portal server
The information such as family IP address (wlanuserip=183.241.167.185).
Step 103:Terminal sends HTTP connection request messages to Portal server;
Terminal sends HTTP request using above-mentioned URL to Portal server, since access gateway is in HTTP redirection
The IP address of terminal is included in the URL of construction, therefore, step 103 can realize the IP by this unique identification information namely terminal
Address passes to Portal server.
Step 104:Portal server pushes unified certification Portal login pages to terminal;
Step 105:Terminal receives account input by user and password and sends logging request to Portal server;
Step 106:Portal server inquires customer charging information to Radius servers;
Step 107:Radius servers return to query result to Portal server;
Step 108:Portal server determines query result when being successfully, and challenge Challenge is sent to access gateway
Message;
The IP address (wlanuserip) that Portal is extracted in URL is contained in the Challenge messages.
Step 109:The Challenge of distribution is sent to Portal server by access gateway;
Step 110:Portal server is encrypted user name password using the Challenge of reception, and by account
The information such as password are sent to access gateway;
Step 111:The authentication data received is forwarded to remote customer dialing authentication system (Remote by access gateway
Authentication Dial In User Service, Radius) server verified;
Step 112:Access gateway receives the authentication result of Radius server feedbacks;
In this step 112, the certification that access gateway receives the reply of Radius servers in flow is reached the standard grade in certification passes through
This IP address is configured to pass through authentication state after message.
Step 113:The authentication result of Radius server feedbacks is forwarded to Portal server by access gateway;
Step 114:Portal server logins successfully the page to terminal push.
Step 115:Portal server sends certification success to access gateway.
Under normal circumstances, terminal can successfully carry out above-mentioned flow, successfully pass through web authentication, however, above-mentioned Web
Identifying procedure can not judge, and eventually lead to login failure the abnormal login behavior of terminal.
Cause to reach the standard grade the case of flow failure below by by terminal initiate repeatedly to reach the standard grade flow this abnormal login behavior
Login failure is illustrated:
As shown in Fig. 2, Portal server is sent to the challenge request (req_ of access gateway during reaching the standard grade
Challenge) userip in message (IP address) is authenticated mistake, the IP address being online at AC,
Access gateway will refuse the Challenge interaction applications of Portal server, and user is caused to reach the standard grade unsuccessfully.
Practical message interaction process:User reaches the standard grade for the first time, and flow (21) is normal to be performed, but then user initiates second
Reaching the standard grade (22), (after reaching the standard grade such as click, user clicks " return key " in mobile phone operation interface and retracts to Portal login pages simultaneously
Identifying procedure has been initiated again), second of flow access gateway, which has rejected challenge interaction requests, causes user to reach the standard grade mistake
It loses.
Browser is based on after user initiates repeatedly to reach the standard grade, such as log in return to Portal login pages and initiate login again
Flow, user open the Portal login pages preserved and initiate login process etc., work as Portal server in this case
When sending request challenge challenge messages, access gateway will return to the message for distributing challenge mistakes, type of error packet
It includes that terminal is in verification process, terminal is in and has reached the standard grade state etc., leads to the flow of reaching the standard grade of user can not normally to circulate, log in
Failure causes user bad using the perception of network.
Invention content
The embodiment of the present invention provides a kind of web authentication user login method, equipment and system, to solve in the prior art
WEB verification process can not judge the abnormal login behavior of user, and the problem of eventually lead to login failure.
A kind of web authentication user login method, the method includes:
Portal server receive terminal transmission carry this login account, the terminal IP address and the terminal
Mac address information log on request message after, with determining the IP address state of the IP address and the MAC of the MAC Address
Location state, the IP address state and MAC Address state include:In not online, online and verification process;
Portal server is equal in the IP address state and the MAC Address state of the MAC Address for determining the IP address
When being not online, challenge Challenge request messages are sent to access gateway.
A kind of Portal server, the Portal server include:
Receiving unit, for receive terminal transmission carry this login account, the terminal IP address and the terminal
The log on request message of mac address information;
Determination unit, for determining the MAC Address state of the IP address state of the IP address and the MAC Address, institute
It states IP address state and MAC Address state includes:In not online, online and verification process;
Transmitting element, for equal in the IP address state and the MAC Address state of the MAC Address for determining the IP address
When being not online, Challenge request messages are sent to access gateway.
A kind of web authentication logging in system by user, the system comprises:Terminal, Portal server and access gateway;
The terminal carries this login account, the IP address of the terminal and the end for being sent to Portal server
The log on request message of the mac address information at end;
The Portal server after receiving the log on request message, determines the IP address shape of the IP address
The MAC Address state of state and the MAC Address, the IP address state and MAC Address state include:It is not online, online and
In verification process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not exist
During line, Challenge request messages are sent to access gateway;
Access gateway, for receiving the Challenge request messages of Portal server transmission.
In the scheme of the embodiment of the present invention, due to the IP address state and MAC Address of terminal when this is logged in terminal
State is verified, and when being determined as not online namely meets IP address and MAC Address is only capable of primary online uniqueness limit
During condition processed, Challenge interaction flows are just carried out so that user can successfully carry out web authentication.
Description of the drawings
Fig. 1 is web authentication signaling process schematic diagram in background technology;
Fig. 2 is the data packet sectional drawing captured in background technology;
Fig. 3 is one of web authentication user login method flow chart in the embodiment of the present invention;
Fig. 4 is two of web authentication user login method flow chart in the embodiment of the present invention;
Fig. 5 is the signaling process figure that web authentication user logs in the embodiment of the present invention;
Fig. 6 is the structure diagram of Portal server in the embodiment of the present invention;
Fig. 7 is the system structure diagram that web authentication user logs in the embodiment of the present invention.
Specific embodiment
To clearly demonstrate the scheme of the embodiment of the present invention, first below to the basic principle of the embodiment of the present invention into
Row explanation.
It is that IP address (use by mark respectively since there are two types of identification information identity users in the signalling interactive process of web authentication
Unique index of the family in access gateway), MAC Address (terminal of identity user).Therefore, to one user of unique mark,
Then this two kinds of identification informations need to meet uniqueness restrictive condition, that is, IP, MAC are to have and can only be once online, an IP
Address cannot distribute to two terminals and use, and a terminal cannot reach the standard grade twice, and being all can only be once online.
In the scheme of the embodiment of the present invention, after flow is reached the standard grade in user terminal initiation, Portal server is initiated
Before Challenge interactions, do infomation detection to above two identification information, and it is online to MAC when online account and this
The comparison information of secondary login account is detected, and is only satisfied by uniqueness qualifications there are two types of identification information, is solved online account
It could perform that Challenge is interactive and Subsequent signaling flows journey after number conflict.
In general, abnormal conditions are including following two:
The first:IP address is online:That maximum may be the user that portal servers are got by Portal URL
IP address (userip) is not correct IP address, redirects the user to WWW.10086.CN in this case and (is not limited to
This website), user terminal is made to perform a HTTP redirection flow, accessing login page by correct Portal URL is
It can;
Second:MAC Address is online:Represent that this user terminal has been online, performed if account is identical it is offline-
Flow of reaching the standard grade makes user log in success, if account is different, needs to prompt this terminal of user complete by account * * * in such cases
Into identifying procedure, certification is currently at by state, flow is logged according to the corresponding account of selection execution of user.
With reference to specific embodiment detailed description of the present invention scheme.
As shown in figure 3, for a kind of web authentication user login method schematic diagram in the embodiment of the present invention, the method tool
Body includes the following steps:
Step 301:Portal server receive terminal send carry this login account, the terminal IP address and should
The log on request message of the mac address information of terminal, and perform step 302;
Step 302:Portal server determines the IP address state of the IP address and the MAC Address of the MAC Address
State, the IP address state and MAC Address state include:In not online, online and verification process;
In Portal server in the IP address state for determining the IP address in verification process or the MAC Address
When MAC Address state is in verification process, step 303 is performed;
In Portal server in the IP address state for determining the IP address and the MAC Address state of the MAC Address
When being not online, step 304 is performed;
Portal server performs step 305 when it is online to determine IP address state;
Portal server performs step 306 when it is online to determine MAC Address state;
Step 303:Terminate.
It should be noted that in the IP address state for determining the IP address in verification process or the MAC Address
When MAC Address state is in verification process, explanation is because the browser of the terminal goes wrong or network congestion occurs and leads
Family of applying can not log in, at this time without any operation.
Step 304:Challenge request messages are sent to access gateway.
Step 305:The page of " account information please be re-enter " is pushed to the terminal and is receiving terminal really
When re-entering account information surely, Portal login pages are pushed to terminal.
This step 305 is performed for the online this case of IP address, the reason of IP address is online very big possibility occurs
It is because user has used the Portal URL preserved to open the Portal pages, and then make Portal server from the URL
The IP address of the terminal of middle acquisition is the IP address of mistake, and the Portal pages are redirected the terminal to, and then can obtain at this point, taking
Obtain correct IP address.
Step 306:Portal server judge corresponding with MAC Address account and this described login account whether phase
Together;When identical, step 307 is performed;When differing, step 308 is performed.
Step 307:It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request
Message, and perform step 309;
Step 309:Portal server is rung in the stopping charging from Radius servers for receiving access gateway return
After answering message, Challenge request messages are sent to access gateway.
Portal server judges that account corresponding with the MAC Address is identical with this described login account, illustrates the end
End is logged in using account, this is to carry out repeating to log in using same account, therefore, performs above-mentioned steps 307
With step 309, with reach make online account it is offline, the purpose for the account of reaching the standard grade again.
Portal server judges whether account corresponding with the MAC Address and this described login account are identical, explanation
The terminal is used for an account (i.e. online account) and is logged in, this is that (i.e. this is stepped on using another account
Record account) it is logged in, since same terminal cannot log in two accounts simultaneously, perform following step 308 and step
401 and step 402, this is made to have restarted the login process of reaching the standard grade of online account again after line account is offline to reach
Purpose;Or following step 308 and step 501- steps 504 are performed, make this to reach online account is offline, start described
The purpose of the login process of reaching the standard grade of secondary login account;
Step 308:To terminal push comprising " online, account is the account corresponding with the MAC Address, please
The page of selection online account login or the login of this login account " information;
Portal server performs following steps 401 in this login account log-on message for receiving terminal transmission
With step 402:
Step 401:It sends and indicates to Radius servers, instruction access gateway is sent to Radius servers stops charging
Request message, to stop the charging to the online account;
Step 402:After the stopping charging response message from Radius servers for receiving access gateway return, to connecing
Function Access Gateway sends Challenge request messages;
Portal server performs following steps 501- steps in the online account log-on message for receiving terminal transmission
Rapid 504:
Step 501:Portal login pages are pushed to terminal, user is asked to input the password of online account;
Step 502:Receive terminal transmission carries online account and the logging request of the password of online account;
Step 503:Offline instruction is sent to access gateway, instruction access gateway is sent to Radius servers stops charging
Request message, to stop the charging to the online account;
Step 504:After the stopping charging response message from Radius servers for receiving access gateway return, to connecing
Function Access Gateway sends Challenge request messages.
Preferably, determine that the IP address state of the IP address and the MAC Address state of the MAC Address specifically include:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state,
Portal server utilizes the correspondence of local maintenance, with determining the IP address state of the IP address and the MAC
The MAC Address state of location;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server
When, Portal server sends to remote customer dialing authentication system Radius servers and carries in the log on request message
The inquiry customer charging information request message of account, IP address and MAC Address, and the carrying institute returned according to Radius servers
The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address is stated, with determining the IP
The IP address state of location and the MAC Address state of the MAC Address maintain account, IP address in the Radius servers
Correspondence between state and MAC Address state.
Preferably, the Portal server determines that account corresponding with the MAC Address is with this described login account
It is no identical, it specifically includes:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state,
Portal server utilizes the correspondence of local maintenance, determines the corresponding account of the MAC Address, and by the MAC Address
Corresponding account is compared with this described login account;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server
When, Portal server sends the inquiry user meter for carrying described this account, IP address and MAC Address to Radius servers
Charge information request message, and the carrying MAC Address for receiving the return of Radius servers is online, the MAC Address is corresponding
Account and this described login account whether identical inquiry response message maintain account, IP in the Radius servers
Correspondence between address state and MAC Address state.
Due to storing the correspondence between account, IP address state and MAC Address state in existing Radius servers
Relation information, therefore, the embodiment of the present invention is in Portal server locally no storage correspondence relationship information, the present invention
Radius servers are when returning to inquiry response message in embodiment, dexterously by MAC Address state, IP address state and
This login account in the inquiry response message, was both believed these with the MAC Address whether identical carrying of online (if there is)
Breath has passed to Portal server, and does not influence the interaction of existing inquiry customer charging information message, without using volume
Outer request message obtains these information.
Web authentication user login method shown in Fig. 4 is identical with the flow essence in above-mentioned Fig. 3, is more simplified one
A flow chart can illustrate to simplicity and clarity the scheme of the embodiment of the present invention, include the following steps:
Step 601:Portal server judges whether IP address state is in verification process or MAC Address state is recognizes
During card;If so, terminate;Otherwise, step 602 is performed;
Step 602:Portal server judges whether IP address state is online, if judging result is no, performs step
Rapid 603;If the determination result is YES, then step 605 is performed;
Step 603:Portal server judges whether MAC Address state is online, if judging result is no, performs step
Rapid 604;If the determination result is YES, then step 607 is performed;
Step 604:Portal server starts flow of reaching the standard grade;
Step 605:Portal server pushes " please re-enter account information ", redirects the terminal to
Www.10086.CN, and perform step 606;
Step 606:Terminal is redirected to Portal login pages;
Step 607:Portal server judges whether new account (namely this login account) and online account are identical;
If the determination result is YES, then step 608 is performed;If judging result is no, step 610 is performed;
Step 608:Portal server performs the offline operation of online account, and perform step 609;
Step 609:Portal server starts new account and reaches the standard grade operation;
Step 610:" online, account * * * * please be selected online with new account login/use for Portal server push
Account logs in ", and perform step 611;
Step 611:Terminal is selected;If new account is selected to log in, step 612 is performed;If selection online account
Number log in, then perform step 614;
Step 612:Portal server performs the offline operation of online account;And perform step 613;
Step 613:Portal server performs the flow of reaching the standard grade for starting new account;
Step 614:Portal server please input the password of online account to terminal push;And receiving terminal
It carries and performs step 615 after the logging request of line account number cipher;
Step 615:Portal server performs the offline operation of online account and online account is reached the standard grade flow.
It is the Web Signalling exchange flow charts of the embodiment of the present invention shown in Fig. 5;Portal server is obtained from Radius servers
Take MAC Address state, IP address state and this login account and MAC Address online (if there is) whether identical information;
Specifically include following steps:
Step 701 is identical to step 105 with the step 101 in background technology to step 705, and which is not described herein again;
Step 706:Portal server sends inquiry customer charging information to Radius servers;
Step 707:Radius servers return to query result to Portal server, and the terminal is included in the query result
MAC Address state, the IP address state of the terminal and this login account and the MAC Address online (if there is)
Whether identical information;
Step 708:Hereafter Portal server carries out different Signalling exchanges according to query result;Specifically include following 4
Kind Signalling exchange:
1) when IP address is online:
Portal server pushes " please re-enter account information " to terminal;
Terminal sends " determining " to Portal server;
Portal server redirects the terminal to www.10086.cn;
Terminal is redirected to Portal login pages, and circulate flow of reaching the standard grade again;
2) MAC Address is online, when account is identical:
Portal server sends offline instruction to access gateway, changes into IP address state to access gateway offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
3) MAC Address is online, when account differs:
Portal server pushes that " online, account * * * * please select this login account login/online to terminal
Account logs in ";
Terminal sends selection result to Portal server;
3.1) when selection result is online account login:
Portal server please input the password of online account number to the terminal push page;
Terminal receives password input by user, and sending request to Portal server logs in;
Portal server sends offline instruction to access gateway, and access gateway changes into IP address state offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
3.2) when selection result is logged in for this login account:
Portal server sends offline instruction to access gateway, and access gateway changes into IP address state offline;
Access gateway is sent to Radius servers stops charging message;
It is offline finish after to access gateway send Challenge request messages;
4) MAC Address and IP address be not online
Challenge request messages are sent to access gateway;
Step 709- steps 715 are identical with the step 109- steps 115 in background technology, and which is not described herein again.
The embodiment of the present invention also proposes a kind of Portal server, structure diagram as shown in fig. 6, including:It receives single
Member 61, determination unit 62 and transmitting element 63, wherein:
Receiving unit 61, for receive terminal transmission carry this login account, the terminal IP address and the terminal
Mac address information log on request message;
Determination unit 62, for determining the MAC Address state of the IP address state of the IP address and the MAC Address,
The IP address state and MAC Address state include:In not online, online and verification process;
Transmitting element 63, in the IP address state and the MAC Address state of the MAC Address for determining the IP address
When being not online, challenge Challenge request messages are sent to access gateway.
Preferably, the determination unit 62, specifically in local maintenance account, IP address state and MAC Address shape
During correspondence between state, using the correspondence of local maintenance, IP address state and the institute of the IP address are determined
State the MAC Address state of MAC Address;The corresponding pass between account, IP address state and MAC Address state is not being safeguarded locally
When being, the account carried in the log on request message, IP are sent to remote customer dialing authentication system Radius servers
Location and the inquiry customer charging information request message of MAC Address, and the carrying IP address returned according to Radius servers
IP address state and the MAC Address MAC Address status information inquiry response message, with determining the IP of the IP address
The MAC Address state of location state and the MAC Address maintains account, IP address state and MAC in the Radius servers
Correspondence between address state.
Preferably, the transmitting element 63 is additionally operable to when it is online that determination unit, which determines IP address state, to the end
The page of end push " account information please be re-enter ";
Receiving unit 61 is additionally operable to reception the determining of terminal and re-enters account information;
The Portal server further includes:
Redirect unit 64, for receive terminal it is determining re-enter account information when, redirect the terminal to
Portal login pages.
Preferably, the determination unit 62 is additionally operable to, when it is online to determine MAC Address state, determine and the MAC Address
Whether corresponding account and this described login account are identical;
The transmitting element 63 is additionally operable to determine that account corresponding with the MAC Address is stepped on described this in determination unit
It when record account is identical, sends and indicates to access gateway, instruction access gateway sends stopping accounting request report to Radius servers
Text;And after the stopping charging response message from Radius servers in receiving unit receiving access gateway return, to connecing
Function Access Gateway sends challenge Challenge request messages;
The receiving unit 61 is additionally operable to receive the response of the stopping charging from Radius servers that access gateway returns
Message.
Preferably, the transmitting element 63 is additionally operable in determining account corresponding with the MAC Address and this described login
When account differs, to the terminal push comprising " online, online account be described in account corresponding with the MAC Address,
Please select that online account logs in or this described login account logs in " page of information;
The receiving unit 61 is additionally operable to receive online account log-on message and this account login letter that terminal is sent
What breath and reception terminal were sent carries online account and the logging request of the password of online account;
The transmitting element 63 is additionally operable to receiving the information for this login account login that terminal is sent or connecing
When carrying online account and the logging request of the password of online account of terminal transmission is received, is referred to access gateway transmission
Show, instruction access gateway is sent to Radius servers stops accounting request message;In the online account for receiving terminal transmission
During number information logged in, Portal login pages are pushed to terminal, user's input is asked the password of online account and to receive
Unit receives when carrying online account and the logging request of the password of online account of terminal transmission, is sent out to access gateway
Instruction is sent, instruction access gateway is sent to Radius servers stops accounting request message.
Preferably, the determination unit 62, specifically in local maintenance account, IP address state and MAC Address shape
During correspondence between state, using the correspondence of local maintenance, the corresponding account of the MAC Address is determined, and should
The corresponding account of MAC Address is compared with this described login account;Locally account, IP address state and MAC are not being safeguarded
During correspondence between address state, sent to remote customer dialing authentication system Radius servers and carry this described account
Number, the inquiry customer charging information request message of IP address and MAC Address, and receive described in the carrying of Radius servers return
MAC Address is online, the corresponding account of the MAC Address and the whether identical inquiry response message of this described login account, institute
State the correspondence maintained in Radius servers between account, IP address state and MAC Address state.
The embodiment of the present invention also proposes a kind of web authentication logging in system by user, structure diagram as shown in fig. 7, comprises:
Its spy is, the system comprises:Terminal 71, Portal server 72 and access gateway 73;
The terminal 71, for Portal server send carry this login account, the terminal IP address and should
The log on request message of the mac address information of terminal;
The Portal server 72 after receiving the log on request message, determines the IP address of the IP address
The MAC Address state of state and the MAC Address, the IP address state and MAC Address state include:It is not online, online
In verification process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not
When online, challenge Challenge request messages are sent to access gateway;
Access gateway 73, for receiving the Challenge request messages of Portal server transmission.
Preferably, the correspondence between Portal server local maintenance account, IP address state and MAC Address state
During relationship, the Portal server 72 specifically for the correspondence using local maintenance, determines the IP address
The MAC Address state of IP address state and the MAC Address;
The correspondence between account, IP address state and MAC Address state is not safeguarded locally in Portal server
When, the system also includes:Radius servers 74;
The Portal server 72 is additionally operable to send the account carried in the log on request message to Radius servers
Number, the inquiry customer charging information request message of IP address and MAC Address, and according to the carrying that Radius servers return
The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address, determines the IP address
IP address state and the MAC Address MAC Address state;
The Radius servers 74 for receiving the inquiry customer charging information request message, are serviced to Portal
The inquiry response report of the IP address state for the carrying IP address that device returns and the MAC Address status information of the MAC Address
Text maintains the correspondence between account, IP address state and MAC Address state in the Radius servers.
Preferably, the Portal server 72 is additionally operable to, when it is online to determine IP address state, push away to the terminal
Send " account information please be re-enter " the page and receive terminal it is determining re-enter account information when, by terminal
It is redirected to Portal login pages.
Preferably, the Portal server 72 is additionally operable to when the MAC Address state of the MAC Address is online, really
Whether fixed account corresponding with the MAC Address and this described login account are identical;In determining account corresponding with the MAC Address
It when identical with this described login account, send and indicates to access gateway, instruction access gateway is stopped to the transmission of Radius servers
Only accounting request message;After the stopping charging response message from Radius servers for receiving access gateway return, to connecing
Function Access Gateway sends challenge Challenge request messages.
Preferably, the Portal server 72, be additionally operable to determining account corresponding with the MAC Address with it is described this
When login account differs, to terminal push comprising " online, online account is described corresponding with the MAC Address
Account, please select that online account logs in or this described login account logs in " page of information;And receiving terminal hair
During the information that this login account sent logs in, following operate is performed:To access gateway send indicate, instruction access gateway to
Radius servers, which are sent, stops accounting request message, to stop the charging to online account;It is returned receiving access gateway
The stopping charging response message from Radius servers after, to access gateway send challenge Challenge request messages;
When receiving the online account log-on message of terminal transmission, following operate is performed:Portal login pages are pushed to terminal, it please
User inputs the password of online account;Receive carrying online account and the login of the password of online account that terminal is sent
Request;It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;It is receiving
After the stopping charging response message from Radius servers that access gateway returns, send and challenge to access gateway
Challenge request messages.
Preferably, the Portal server 72, specifically in local maintenance account, IP address state and MAC
During correspondence between the state of location, Portal server utilizes the correspondence of local maintenance, determines the MAC Address pair
The account answered, and the corresponding account of the MAC Address is compared with this described login account;Locally do not safeguard account,
During correspondence between IP address state and MAC Address state, sent out to remote customer dialing authentication system Radius servers
The inquiry customer charging information request message for carrying described this account, IP address and MAC Address is sent, and receives Radius services
Whether what device returned carries the online MAC Address, the corresponding account of MAC Address and this described login account identical
Inquiry response message, maintain in the Radius servers between account, IP address state and MAC Address state corresponding closes
System.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application
Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application
The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real
The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, those skilled in the art once know basic creation
Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent
It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (18)
1. a kind of web authentication user login method, which is characterized in that the method includes:
Portal Portal server receive terminal transmission carry this login account, the terminal IP address and the terminal
Mac address information log on request message after, with determining the IP address state of the IP address and the MAC of the MAC Address
Location state, the IP address state and MAC Address state include:In not online, online and verification process;
Portal server is not in the IP address state and the MAC Address state of the MAC Address for determining the IP address
When online, challenge Challenge request messages are sent to access gateway.
2. the method as described in claim 1, which is characterized in that the IP address state of the IP address and described of determining
The MAC Address state of MAC Address, specifically includes:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state,
Portal server utilizes the correspondence of local maintenance, with determining the IP address state of the IP address and the MAC
The MAC Address state of location;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state,
Portal server sends the account carried in the log on request message to remote customer dialing authentication system Radius servers
Number, the inquiry customer charging information request message of IP address and MAC Address, and according to the carrying that Radius servers return
The inquiry response message of the IP address state of IP address and the MAC Address status information of the MAC Address, determines the IP address
IP address state and the MAC Address MAC Address state, maintain account, IP address shape in the Radius servers
Correspondence between state and MAC Address state.
3. the method as described in claim 1, which is characterized in that Portal server determine IP address state for it is online when,
To the page of terminal push " account information please be re-enter ";
Receive terminal it is determining re-enter account information when, redirect the terminal to Portal login pages.
4. the method as described in claim 1, which is characterized in that when the MAC Address state of the MAC Address is online,
Portal server determines whether account corresponding with the MAC Address and this described login account are identical;
When determining account corresponding with the MAC Address is identical with this described login account, sends and indicate to access gateway, refer to
Show that access gateway is sent to Radius servers and stop accounting request message;
Portal server is after the stopping charging response message from Radius servers for receiving access gateway return, to connecing
Function Access Gateway sends challenge Challenge request messages.
5. method as claimed in claim 4, which is characterized in that determining account corresponding with the MAC Address with it is described this
When login account differs, to terminal push comprising " online, online account is described corresponding with the MAC Address
Account, please select that online account logs in or this described login account logs in " page of information;
Portal server performs following operate in the information that this login account for receiving terminal transmission logs in:
It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message, to stop
Charging to online account;
After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission
War Challenge request messages;
Portal server performs following operate in the online account log-on message for receiving terminal transmission:
Portal login pages are pushed to terminal, user is asked to input the password of online account;
Receive terminal transmission carries online account and the logging request of the password of online account;
It sends and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;
After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission
War Challenge request messages.
6. method as claimed in claim 4, which is characterized in that the Portal server determines corresponding with the MAC Address
Whether account and this described login account are identical, specifically include:
During correspondence between Portal server local maintenance account, IP address state and MAC Address state,
Portal server utilizes the correspondence of local maintenance, determines the corresponding account of the MAC Address, and by the MAC Address
Corresponding account is compared with this described login account;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state,
Portal server sent to remote customer dialing authentication system Radius servers carry this described account, IP address and
The inquiry customer charging information request message of MAC Address, and the carrying MAC Address for receiving the return of Radius servers exists
Line, the corresponding account of the MAC Address and the whether identical inquiry response message of this described login account, the Radius clothes
The correspondence between account, IP address state and MAC Address state is maintained in business device.
7. a kind of portal Portal server, which is characterized in that the Portal server includes:
Receiving unit, for receiving the MAC for carrying this login account, the IP address of the terminal and the terminal of terminal transmission
The log on request message of location information;
Determination unit, for determining the MAC Address state of the IP address state of the IP address and the MAC Address, the IP
Address state and MAC Address state include:In not online, online and verification process;
Transmitting element, for being not in the IP address state and the MAC Address state of the MAC Address for determining the IP address
When online, challenge Challenge request messages are sent to access gateway.
8. Portal server as claimed in claim 7, which is characterized in that the determination unit, specifically in local dimension
When having protected the correspondence between account, IP address state and MAC Address state, using the correspondence of local maintenance,
Determine the IP address state of the IP address and the MAC Address state of the MAC Address;
When locally not safeguarding the correspondence between account, IP address state and MAC Address state, to remote customer dialing
The inquiry that Verification System Radius servers send the account carried in the log on request message, IP address and MAC Address is used
Family billing information request message, and the IP address state of the carrying IP address returned according to Radius servers and described
The inquiry response message of the MAC Address status information of MAC Address, with determining the IP address state of the IP address and the MAC
The MAC Address state of location maintains pair between account, IP address state and MAC Address state in the Radius servers
It should be related to.
9. Portal server as claimed in claim 7, which is characterized in that the transmitting element is additionally operable in determination unit
Determine IP address state for it is online when, to the terminal push " account information please be re-enter " the page;
Receiving unit is additionally operable to reception the determining of terminal and re-enters account information;
The Portal server further includes:
Redirect unit, for receive terminal it is determining re-enter account information when, redirect the terminal to Portal
Login page.
10. Portal server as claimed in claim 7, which is characterized in that the determination unit is additionally operable to determining MAC
When address state is online, determine whether account corresponding with the MAC Address and this described login account are identical;
The transmitting element is additionally operable to determine account corresponding with the MAC Address and this described login account in determination unit
It when identical, send and indicates to access gateway, instruction access gateway is sent to Radius servers stops accounting request message;And
After the stopping charging response message from Radius servers for receiving access gateway return in receiving unit, sent out to access gateway
Send challenge Challenge request messages;
The receiving unit is additionally operable to receive the stopping charging response message from Radius servers that access gateway returns.
11. Portal server as claimed in claim 10, which is characterized in that the transmitting element, be additionally operable to determine with
When the corresponding account of the MAC Address is differed with this described login account, include and " online, exist to terminal push
Line account is the account corresponding with the MAC Address, please select online account login or the login of this described login account "
The page of information;
The receiving unit is additionally operable to receive online account log-on message and this account log-on message that terminal is sent, with
And receive that terminal sends carries online account and the logging request of the password of online account;
The transmitting element is additionally operable to receiving the information for this login account login that terminal is sent or receiving end
When what end was sent carries online account and the logging request of the password of online account, send and indicate to access gateway, instruction
Access gateway is sent to Radius servers stops accounting request message;It is logged in the online account for receiving terminal transmission
During information, Portal login pages are pushed to terminal, user is asked to input the password of online account and received in receiving unit
It when carrying online account and the logging request of the password of online account, sends and indicates to access gateway to terminal transmission,
It indicates that access gateway is sent to Radius servers and stops accounting request message.
12. Portal server as claimed in claim 10, which is characterized in that the determination unit, specifically in local
When maintaining the correspondence between account, IP address state and MAC Address state, the corresponding pass of local maintenance is utilized
System, determines the corresponding account of the MAC Address, and the corresponding account of the MAC Address is compared with this described login account;
When locally not safeguarding the correspondence between account, IP address state and MAC Address state, to remote customer dialing
The inquiry customer charging information that Verification System Radius servers send carrying described this account, IP address and MAC Address please
Message is sought, and the carrying MAC Address for receiving the return of Radius servers is online, the corresponding account of the MAC Address and institute
The whether identical inquiry response message of this login account is stated, account, IP address state are maintained in the Radius servers
Correspondence between MAC Address state.
13. a kind of web authentication logging in system by user, which is characterized in that the system comprises:Terminal, portal Portal server
And access gateway;
The terminal carries this login account, the IP address of the terminal and the terminal for being sent to Portal server
The log on request message of mac address information;
The Portal server, after receiving the log on request message, determine the IP address IP address state and
The MAC Address state of the MAC Address, the IP address state and MAC Address state include:Not online, online and certification
In the process;And in the IP address state and the MAC Address state of the MAC Address for determining the IP address it is not online
When, send challenge Challenge request messages to access gateway;
Access gateway, for receiving the Challenge request messages of Portal server transmission.
14. system as claimed in claim 13, which is characterized in that in Portal server local maintenance account, IP address
During correspondence between state and MAC Address state, the Portal server, specifically for using described in local maintenance
Correspondence determines the IP address state of the IP address and the MAC Address state of the MAC Address;
When Portal server does not locally safeguard the correspondence between account, IP address state and MAC Address state, institute
The system of stating further includes:Remote customer dialing authentication system Radius servers;
The Portal server is additionally operable to send the account carried in the log on request message, IP to Radius servers
Address and the inquiry customer charging information request message of MAC Address, and the carrying IP returned according to Radius servers
The inquiry response message of the IP address state of location and the MAC Address status information of the MAC Address determines the IP of the IP address
The MAC Address state of address state and the MAC Address;
The Radius servers for receiving the inquiry customer charging information request message, are returned to Portal server
The carrying IP address IP address state and the MAC Address MAC Address status information inquiry response message, it is described
The correspondence between account, IP address state and MAC Address state is maintained in Radius servers.
15. system as claimed in claim 13, which is characterized in that the Portal server is additionally operable to determining IP address
When state is online, pushes the page of " account information please be re-enter " to the terminal and receiving determining for terminal
When re-entering account information, Portal login pages are redirected the terminal to.
16. system as claimed in claim 13, which is characterized in that the Portal server is additionally operable in the MAC Address
MAC Address state for it is online when, determine account corresponding with the MAC Address and this described login account it is whether identical;
When determining that account corresponding with the MAC Address is identical with this described login account, send and indicate to access gateway, instruction access
Gateway is sent to Radius servers stops accounting request message;Receive access gateway return from Radius servers
After stopping charging response message, challenge Challenge request messages are sent to access gateway.
17. system as claimed in claim 16, which is characterized in that the Portal server is additionally operable to determining and the MAC
When the corresponding account in address and this described login account differ, " online, online account is included to terminal push
For the account corresponding with the MAC Address, online account login or the login of this described login account please be select " information
The page;And in the information that this login account for receiving terminal transmission logs in, perform following operate:It is sent out to access gateway
Instruction is sent, instruction access gateway is sent to Radius servers stops accounting request message, to stop in terms of to online account
Take;After the stopping charging response message from Radius servers for receiving access gateway return, chosen to access gateway transmission
War Challenge request messages;In the online account log-on message for receiving terminal transmission, following operate is performed:To end
End push Portal login pages, ask user to input the password of online account;Receive the carrying online account that terminal is sent
The logging request of the password of online account;It sends and indicates to access gateway, instruction access gateway is sent out to Radius servers
It send and stops accounting request message;After the stopping charging response message from Radius servers for receiving access gateway return,
Challenge Challenge request messages are sent to access gateway.
18. system as claimed in claim 16, which is characterized in that the Portal server, specifically in local maintenance
During correspondence between account, IP address state and MAC Address state, Portal server is described using local maintenance
Correspondence, determines the corresponding account of the MAC Address, and by the corresponding account of the MAC Address and this described login account phase
Compare;When locally not safeguarding the correspondence between account, IP address state and MAC Address state, dialled to remote user
Number Verification System Radius servers send the inquiry customer charging information for carrying described this account, IP address and MAC Address
Request message, and the carrying MAC Address for receiving the return of Radius servers is online, the corresponding account of the MAC Address with
This described login account whether identical inquiry response message maintains account, IP address shape in the Radius servers
Correspondence between state and MAC Address state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104837134A CN104837134A (en) | 2015-08-12 |
CN104837134B true CN104837134B (en) | 2018-06-26 |
Family
ID=53814712
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410045084.0A Active CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104837134B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262639B (en) * | 2015-09-16 | 2019-07-26 | 上海斐讯数据通信技术有限公司 | Detect the method and system of network element presence |
CN110650448A (en) * | 2019-09-03 | 2020-01-03 | 怀化学院 | Call management system and method for mobile communication terminal |
CN111031053B (en) * | 2019-12-17 | 2022-06-21 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
CN113992458A (en) * | 2021-10-21 | 2022-01-28 | 中国电信股份有限公司 | Information verification method, device, medium and electronic equipment in dial-up networking process |
CN114416195B (en) * | 2021-12-24 | 2023-08-18 | 青岛海尔科技有限公司 | H5 page loading method and device, intelligent terminal and server |
CN114422217A (en) * | 2021-12-31 | 2022-04-29 | 中国电信股份有限公司 | Dialing authentication method, device, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method for preventing faked users and access point in radio access network |
WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
-
2014
- 2014-02-07 CN CN201410045084.0A patent/CN104837134B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method for preventing faked users and access point in radio access network |
WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
Also Published As
Publication number | Publication date |
---|---|
CN104837134A (en) | 2015-08-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104837134B (en) | A kind of web authentication user login method, equipment and system | |
CN104144419B (en) | Identity authentication method, device and system | |
CN103746812B (en) | A kind of access authentication method and system | |
KR101195651B1 (en) | System and method for authenticating remote server access | |
CN104811462B (en) | A kind of access gateway reorientation method and access gateway | |
EP3319293A1 (en) | Cross-terminal login-free method and device | |
CN104158824B (en) | Genuine cyber identification authentication method and system | |
CN103916244B (en) | Verification method and device | |
CN106302308B (en) | Trust login method and device | |
US20180351943A1 (en) | Server for providing a token | |
CN107086979B (en) | User terminal verification login method and device | |
US20210168611A1 (en) | Method for securely sharing a url | |
CN105554098A (en) | Device configuration method, server and system | |
US9787678B2 (en) | Multifactor authentication for mail server access | |
CN103905194B (en) | Identity traceability authentication method and system | |
CN104917727A (en) | Account authentication method, system and apparatus | |
CN104427499A (en) | Wireless local area network (WLAN) access authentication method and system based on World Wide Web | |
CN106559405B (en) | Portal authentication method and equipment | |
CN102811228A (en) | Network business login method, equipment and system | |
CN109474916A (en) | A kind of device authentication method, apparatus and machine readable media | |
CN105681258B (en) | Session method and conversational device based on third-party server | |
CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
CN103905399A (en) | Account registration management method and apparatus | |
CN106209727B (en) | Session access method and device | |
CN107508822A (en) | Access control method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |