CN105072129B - authentication method and system - Google Patents
authentication method and system Download PDFInfo
- Publication number
- CN105072129B CN105072129B CN201510536318.6A CN201510536318A CN105072129B CN 105072129 B CN105072129 B CN 105072129B CN 201510536318 A CN201510536318 A CN 201510536318A CN 105072129 B CN105072129 B CN 105072129B
- Authority
- CN
- China
- Prior art keywords
- user
- association
- authentication
- authentication information
- unicast message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to the communications fields, disclose authentication method and system.The system includes:DUT equipment is arranged to intercept unicast message;Routing management module, it is arranged to the unicast message intercepted with the authentication information transmission of user-association according to storage, wherein, according in the case where the authentication information with user-association determines that user is not authenticated, the routing management module is configured as the user being redirected to authenticating device, in the case where determining the set meal that user orders according to the authentication information with user-association, intercepted unicast message is transparent to counting equipment corresponding with the user.The present invention is by changing existing certification mode, flow is imported to the set meal unit equipment of operator, it allows users to need selection operator and set meal combination according to oneself, while providing diversified service for University Users, or operator imports more flows, realizes the value-added service of operator.
Description
Technical field
The present invention relates to the communications fields, and in particular, to a kind of authentication method and system and routing management module and side
Method.
Background technology
With the development of China's higher education, the informatizations of institution of higher learning also with China's higher education development and
High speed development gets up.In order to college student provide at any time, everywhere, with need, immanent completely new academic environment, university campus
Application type in network gradually increases, and to interactive experience, higher requirements are also raised.With the development of network technology, in net
The data volume transmitted on network is also increasing, how to ensure that the safety of network and service quality become urgent problem,
And fine-grained management is then the inevitable choice of campus network.
It is well known that network security is the precondition of fine-grained management, how network security and lean operation are realized
It is core technology place of the present invention.Fig. 1 shows web authentication networking diagram, and in the network, core equipment can pass through unlatching
Web authentication puts together the management of the whole network user, so as to facilitate network to dispose, reduces the cost that follow-up monitoring is safeguarded,
The equipment for wherein opening certification is known as NAS (Network Access Security) equipment by us.After user is by certification
Network can normally be accessed.
Fig. 2 shows the basic procedure of user authentication, wherein NAS intercepts any HTTP request message of unauthenticated user,
And serve as purpose network address and connect with user's foundation puppet, certificate server is redirected the user to, verification process is completed.
However, since network structure shown in FIG. 1 cannot meet according to the different set meals combination of different operators offer
The different demands of growing different levels client, it is therefore necessary to provide a kind of new technical solution to make client have more
More selections.
Invention content
The object of the present invention is to provide a kind of authentication method and system and routing management module and methods, to be embodied as visitor
Family provides different set meal combinations.
The present invention provides a kind of Verification System, which includes:DUT equipment is arranged to intercept unicast message;Routing
Management module is arranged to the unicast message intercepted with the authentication information transmission of user-association according to storage, wherein according to
In the case where the authentication information with user-association determines that user is not authenticated, the routing management module is configured as should
User is redirected to authenticating device, will in the case where determining the set meal that user orders according to the authentication information with user-association
Intercepted unicast message is transparent to counting equipment corresponding with the user.
Preferably, the unicast message is HTTP unicast messages.
Preferably, the set meal that the user orders is obtained from the authentication response of user;The certification with user-association
Information storage is in the certification list item of user, and the certification list item of the user is by replicating route table items and the extension of the user
Authentication field obtains;The wherein authentication information with user-association is stored in the authentication field.
Preferably, the routing management module also identifies the corresponding certification with user-association of unicast message by identifier
Information.
Preferably, the routing management module is also configured to after the user is certified, and is obtained according to the identifier
The set meal ordered to the user is with the unicast message of user described in transparent transmission.
The present invention provides a kind of authentication method, this method includes:Intercept unicast message;According to storage and user-association
Authentication information send intercepted unicast message, wherein determine that user does not pass through according in the authentication information with user-association
In the case of certification, which is redirected to authenticating device, is determining that user orders according to the authentication information with user-association
Set meal in the case of, intercepted unicast message is transparent to counting equipment corresponding with the user.
Preferably, the unicast message is HTTP unicast messages.
Preferably, the set meal that the user orders is obtained from the authentication response of user, the certification with user-association
Information storage is in the certification list item of user, and the certification list item of the user is by replicating route table items and the extension of the user
Authentication field obtains;The wherein authentication information with user-association is stored in the authentication field.
Preferably, this method further includes:The corresponding authentication information with user-association of unicast message is identified by identifier.
Preferably, this method further includes:After the user is certified, the user is obtained according to the identifier and is ordered
Set meal with the unicast message of user described in transparent transmission.
The set meal that the present invention is ordered by obtaining user from the authentication response of authenticating device, and the set ordered according to user
Flow is imported the set meal unit equipment of existing operator by meal, enables a user to need selection operator according to oneself
And set meal combination, while providing diversified service for University Users, or operator imports more flows,
Realize the value-added service of operator.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Description of the drawings
Attached drawing is to be used to provide further understanding of the present invention, an and part for constitution instruction, with following tool
Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is web authentication networking diagram;
Fig. 2 is user authentication flow in the prior art;
Fig. 3 is carrier network deployment schematic diagram provided by the invention;
Fig. 4 is identifying procedure figure provided by the invention;
Fig. 5 is user authentication list item Establishing process figure provided by the invention;
Fig. 6 is routing management module schematic diagram provided by the invention.
Specific implementation mode
The specific implementation mode of the present invention is described in detail below in conjunction with attached drawing.It should be understood that this place is retouched
The specific implementation mode stated is merely to illustrate and explain the present invention, and is not intended to restrict the invention.
In the present invention, different set meal combinations is provided in order to be embodied as University Users, the flow of the user after certification is led
Enter the counting equipment to corresponding operator, to achieve the object of the present invention.Fig. 3 shows the network deployment of operator, not
Certified user needs to pass through certification when accessing network.In the present invention, different set meal combinations is provided in order to realize, used
Family needs set meal corresponding with operator's signing purchase first, user that can obtain certification needs after contracting with operator
Information, such as username and password.User can send out when accessing network for example, by the authentication information of username and password
Web authentication request is played, web authentication request is HTTP unicast messages, equipment under test (Device under test, DUT) equipment
It is transmitted to routing management module after HTTP unicast messages can be intercepted and captured, routing management module checks that the confirmation of user authentication list item does not have
Certification list item corresponding with the user since the user is unauthenticated needs that the user is redirected to certification by DUT equipment
Equipment can be that the user establishes certification list item according to authentication response after certification passes through, should containing characterization wherein in certification list item
The parameter of set meal ordered by user, the parameter come from authentication response.Alternatively, it is also possible to be found in routing management module
When not having corresponding certification list item, certification list item is established for the user, by the user authentication list item with the set ordered by user
The corresponding authentication field of parameter of meal indicates that the default value indicates that the user not yet passes certification, such as default value 0 with default value
It indicates user and indicates to have selected the set meal of China Mobile not over certification, 1,2 indicate the set meal of selection China Unicom, and 3 indicate
Select the set meal of China Telecom.As described above, certification list item adds after being replicated by route table items corresponding to the user
It is extended to obtain certification list item, such as addition certification word in the same routing table, and by route table items corresponding to the user
Section, the authentication field can characterize user whether by certification, if by certification, which can also characterize use
The selected set meal in family.It is all that different tables can be distinguished by IP address since each user has different IP address
.Alternatively, it is possible to which route table items corresponding to the user are formed another verification table.In addition, in certification list item and routing
In the case that table uses identical table, unicast message mark can also be extended for the ease of subsequent job, in certification list item, and can
Think that unicast message establishes specific mark, such as 4001, when continuing unicast message upon receipt, can first inquire the mark,
And the corresponding user of all unicast messages is found by the mark, and the set meal of user's order is found by the IP address of user
Corresponding parameter (value of authentication authorization and accounting field can determine user has selected the set meal of which operator by the value), Ke Yijia
The progress searched for soon.It, can be by DUT equipment by unicast report after obtaining the parameter corresponding to the set meal ordered by the user
Text is transparent to the corresponding counting equipment of the user, to realize that the flow to operator imports, while meeting user demand,
It can also realize that operator provides value-added service to the user.In the present invention, routing management module can exist with DUT integration of equipments
Together.
Fig. 4 shows a kind of identifying procedure figure provided by the invention.In the flow, DUT equipment receives user's transmission
Unicast message after (step 401), unicast message is uploaded into routing management module (step 403), routing management module can
Whether to inquire the user in certification list item by certification, can namely whether there is in the user couple by inquiry
Whether the certification list item answered determines the user by certification (step 405).If not inquiring certification corresponding with the user
List item, then can be the user establish a certification list item (such as can replicate the corresponding route table items of the user and to its into
Row extension, such as increase authentication field, unicast message mark can also be increased), and unicast message is sent to authenticating device (step
It is rapid that 407) authenticating device can be web authentication equipment, wherein for the user establish certification list item in ordered by the user
The corresponding authentication field of parameter of set meal use as default (value of authentication authorization and accounting field be default value 0).Then can with
It is entrained with the set meal pair ordered by the user in the authentication response returned according to authenticating device in the case that family certification passes through
Corresponding authentication field in the parameter modification certification list item answered, to which later message can be directly according to the parameter transparent transmission (step
It is rapid 409).If routing management module by inquiry find the user by certification, can read with ordered by the user
Corresponding parameter (the step 411) of set meal of purchase, the value in authentication authorization and accounting field other than default value 0.It is determining ordered by user
Set meal after, the unicast message can be transparent to the corresponding counting equipment (step 413) of the user by DUT equipment, should
Counting equipment can be the business line card that operator's set meal is connected, and the packaged service video card of multiple and different operators can be set
It is placed in the same counting equipment, can also be located in different counting equipments.It hereafter, can by the unicast message of charging
To be transmitted to internet.
Further, it is also possible in certification list item, the type of identity user, such as it is IPv4 types to identify the user.Because
The agreement that internet uses at present is divided into IPv4 and IPv6, and the protocol class that user uses can be determined according to the type of user
Type, so as to the message of the correct route user.
Fig. 5 is the flow that certification list item is established for user.The case where the user is not present in confirming user authentication list item
Under (step 501), can be by replicating the route table items of the user and increasing identifier VRF fields and authentication field
Classid (steps 503), as described above, the value of authentication field classid is default value at this time, the value of VRF can be default
Value, such as 4001.Routing management module is established after certification list item, can directly be redirected the user to authenticating device, also may be used
By the value for inquiring authentication field classid, authenticating device (step is redirected the user to after confirming as default value
505).For authenticating device after being authenticated to user, the set meal that user order can be carried in authentication response is corresponding
The value of classid can be arranged according to the set meal that user orders in parameter, routing management module.So far, it is that user establishes certification
The process of list item is completed, can be correct by the data of user by inquiring classid fields during subsequent data transmission
Ground is routed to corresponding service card.
The authentication method and system of the present invention are illustrated from the angle of system above.It can be seen that routing management module
It is in very important status in whole flow process, is described in detail below from the angle of routing management module.
As shown in fig. 6, routing management module provided by the invention includes storage unit, certification retransmission unit and transparent transmission list
Member.For the modern network equipment, storage unit is essential equipment, for the present invention, the storage unit
It can be used for storing the authentication information with user-association, such as can be the default value (example for characterizing the user not Jing Guo certification
As 0), can also be that user passes through certification and parameter corresponding with the set meal that the user orders (such as 1,2 or 3);Certification turns
The user can be redirected to authenticating device by bill member in the case where user does not pass through certification, and transparent transmission unit can be with
User by certification in the case of, according to user order set meal corresponding parameter unicast message is transparent to accordingly
Counting equipment.In the present invention, authenticating device can be web authentication equipment.
It correspondingly,, should if determined according to authentication information in this method the present invention also provides a kind of route management method
User not yet passes certification, then the user is redirected to authenticating device, passed through if can determine according to authentication information
Certification, and can determine the set meal that user orders, then unicast message can be transparent to charging corresponding with the user and set
It is standby.Authentication information can be stored in the form of certification list item.
The preferred embodiment of the present invention is described in detail above in association with attached drawing, still, the present invention is not limited to above-mentioned realities
The detail in mode is applied, within the scope of the technical concept of the present invention, a variety of letters can be carried out to technical scheme of the present invention
Monotropic type, these simple variants all belong to the scope of protection of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case of shield, it can be combined by any suitable means.In order to avoid unnecessary repetition, the present invention to it is various can
The combination of energy no longer separately illustrates.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally
The thought of invention, it should also be regarded as the disclosure of the present invention.
Claims (10)
1. a kind of Verification System, which is characterized in that the system includes:
DUT equipment is arranged to intercept unicast message;
Routing management module is arranged to the unicast message intercepted with the authentication information transmission of user-association according to storage,
Wherein, according in the case where the authentication information with user-association determines that user is not authenticated, the routing management module quilt
It is configured to the user being redirected to authenticating device, the set meal of user's order is being determined according to the authentication information with user-association
In the case of, intercepted unicast message is transparent to counting equipment corresponding with the user;
Wherein, it is that the user establishes certification list item according to authentication response after certification passes through on the authenticating device, wherein
Come from authentication response containing the parameter for characterizing the set meal ordered by the user, the parameter in certification list item.
2. system according to claim 1, which is characterized in that the unicast message is HTTP unicast messages.
3. system according to claim 1, which is characterized in that the set meal that the user orders is from the authentication response of user
It obtains;Described to be stored in the certification list item of user with user-association authentication information, the certification list item of the user passes through again
It makes the route table items of the user and extended authentication field obtains;Wherein the authentication information with user-association is stored in described
In authentication field.
4. according to the system described in any one of claim 1-3, which is characterized in that the routing management module also passes through mark
Know the corresponding authentication information with user-association of symbol mark unicast message.
5. system according to claim 4, which is characterized in that the routing management module is also configured in the user
After being certified, the set meal of user's order is obtained with the unicast message of user described in transparent transmission according to the identifier.
6. a kind of authentication method, which is characterized in that this method includes:
Intercept unicast message;
Send intercepted unicast message according to storage and the authentication information of user-association, wherein according to user-association
Authentication information determine that user is not authenticated in the case of, which is redirected to authenticating device,
It is in the case where determining the set meal that user orders according to the authentication information with user-association, intercepted unicast message is saturating
Pass to counting equipment corresponding with the user;Wherein, it is institute according to authentication response after certification passes through on the authenticating device
It states user and establishes certification list item, wherein come from containing the parameter for characterizing the set meal ordered by the user, the parameter in certification list item
In authentication response.
7. according to the method described in claim 6, it is characterized in that, the unicast message is HTTP unicast messages.
8. according to the method described in claim 6, it is characterized in that, the set meal of user order is from the authentication response of user
It obtains, described to be stored in the certification list item of user with user-association authentication information, the certification list item of the user passes through again
It makes the route table items of the user and extended authentication field obtains;Wherein the authentication information with user-association is stored in described
In authentication field.
9. the method according to any one of claim 6 to 8, which is characterized in that this method further includes:
The corresponding authentication information with user-association of unicast message is identified by identifier.
10. according to the method described in claim 9, it is characterized in that, this method further includes:
After the user is certified, the set meal of user's order is obtained with the list of user described in transparent transmission according to the identifier
Report text.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510536318.6A CN105072129B (en) | 2015-08-27 | 2015-08-27 | authentication method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510536318.6A CN105072129B (en) | 2015-08-27 | 2015-08-27 | authentication method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105072129A CN105072129A (en) | 2015-11-18 |
CN105072129B true CN105072129B (en) | 2018-08-03 |
Family
ID=54501408
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510536318.6A Active CN105072129B (en) | 2015-08-27 | 2015-08-27 | authentication method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105072129B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112104621B (en) * | 2020-08-31 | 2022-04-01 | 新华三信息安全技术有限公司 | Traffic management method and equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101600185A (en) * | 2009-07-14 | 2009-12-09 | 中国联合网络通信集团有限公司 | Booking method, system and the Business Management Platform of across a network territory value-added service set meal |
CN102378171A (en) * | 2010-08-16 | 2012-03-14 | 中国移动通信集团公司 | Automatic authentication method and system thereof, Portal server, and RADIUS server |
CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7551925B2 (en) * | 2005-11-21 | 2009-06-23 | Accenture Global Services Gmbh | Unified directory system including a data model for managing access to telecommunications services |
-
2015
- 2015-08-27 CN CN201510536318.6A patent/CN105072129B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101600185A (en) * | 2009-07-14 | 2009-12-09 | 中国联合网络通信集团有限公司 | Booking method, system and the Business Management Platform of across a network territory value-added service set meal |
CN102378171A (en) * | 2010-08-16 | 2012-03-14 | 中国移动通信集团公司 | Automatic authentication method and system thereof, Portal server, and RADIUS server |
CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
Non-Patent Citations (2)
Title |
---|
以CNGI-IPv6升级为契机构建下一代校园网;林强等;《中国教育网络》;20110605;全文 * |
校园网认证系统运维之经验;张洁卉;《中国教育网络》;20140905;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN105072129A (en) | 2015-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1643691B1 (en) | Remote access vpn mediation method and mediation device | |
CN104104654A (en) | Method and device for setting Wifi access authority and Wifi authentication | |
CN104158824B (en) | Genuine cyber identification authentication method and system | |
CN105162777B (en) | A kind of wireless network login method and device | |
CN106034104A (en) | Verification method, verification device and verification system for network application accessing | |
CN107493280A (en) | Method, intelligent gateway and the certificate server of user authentication | |
CN106851632A (en) | A kind of smart machine accesses the method and device of WLAN | |
US10862890B2 (en) | Method and system related to authentication of users for accessing data networks | |
CN106878135A (en) | A kind of connection method and device | |
CN107347054A (en) | A kind of auth method and device | |
CN104469762A (en) | User grading control system of 3G/WIFI wireless router | |
CN108900484A (en) | A kind of generation method and device of access authority information | |
CN102739684A (en) | Portal authentication method based on virtual IP address, and server thereof | |
CN105592180B (en) | A kind of method and apparatus of Portal certification | |
CN104580553A (en) | Identification method and device for network address translation device | |
CN106357601A (en) | Method for data access, device and system thereof | |
CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
CN107135506B (en) | A kind of portal authentication method, apparatus and system | |
CN109769249A (en) | A kind of authentication method, system and its apparatus | |
CN109302397A (en) | A kind of network safety managing method, platform and computer readable storage medium | |
CN106453349A (en) | An account number login method and apparatus | |
CN108200039A (en) | Unaware authentication and authorization system and method based on dynamic creation temporary account password | |
CN109726545A (en) | A kind of information display method, equipment, computer readable storage medium and device | |
CN104469770B (en) | Towards WLAN authentication methods, platform and the system of third-party application | |
CN106954212A (en) | A kind of portal authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |