CN106209912A - Access authorization methods, device and system - Google Patents
Access authorization methods, device and system Download PDFInfo
- Publication number
- CN106209912A CN106209912A CN201610782425.1A CN201610782425A CN106209912A CN 106209912 A CN106209912 A CN 106209912A CN 201610782425 A CN201610782425 A CN 201610782425A CN 106209912 A CN106209912 A CN 106209912A
- Authority
- CN
- China
- Prior art keywords
- authorization
- access
- terminal
- access terminal
- portal server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/14—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
- G06K7/1404—Methods for optical code recognition
- G06K7/1408—Methods for optical code recognition the method being specifically adapted for the type of code
- G06K7/1417—2D bar codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Business, Economics & Management (AREA)
- Electromagnetism (AREA)
- General Health & Medical Sciences (AREA)
- Toxicology (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of access authorization methods, device and system, relate to secure accessing field of authentication, be used for solving access terminal and do not support that scanning Quick Response Code function or authorization terminal do not have under display function scene, it is impossible to the problem carrying out Quick Response Code certification.Access authorization methods includes: Portal server receives the access request from access terminal;Portal server generates Quick Response Code according to access request;Quick Response Code is sent to access terminal by Portal server;The Quick Response Code of display in authorization terminal scanning access terminal;Authorization terminal generates authorization requests according to Quick Response Code and sends authorization requests to Portal server;Portal server judges whether to authorize access terminal according to authorization requests;If it is determined that authorize, then access terminal is authenticated by Portal server to checking, authorization and accounting aaa authentication server request;If certification is passed through, then the notice access terminal mandate of aaa authentication server and certification success, the embodiment of the present invention is applied to visitor's network access authentication.
Description
Technical field
The present invention relates to secure accessing field of authentication, particularly relate to a kind of access authorization methods, device and system.
Background technology
Along with developing rapidly of computer and Internet technology, the unit such as government, bank, enterprise is all deployed with wireless or has
Gauze network, for employee or visitor, considers for factors such as safeties, and above-mentioned wireless network is not complete open network,
Can surf the Net after being required for being authenticated authorizing, current access authentication authorization mainly has two kinds, and one is enterprise-level
The encryption certification of 802.1x, another kind is Portal (Chinese: the door) certification of semi open model, and the former must disposably input
Effective user name and password are authenticated, and need not interact with user;The latter is mutual with user by the Portal page, can
To realize cell-phone number acquisition short message mode certification, wechat certification, Quick Response Code certification etc..
Employing enterprise-level 802.1x certification usual for interior employee, employee connects WiFi (English full name: wireless
Fidelity, Chinese full name: Wireless Fidelity) or wireline interface after, input be pre-assigned to individual user name and password carry out
Certificate Authority and online.Employing semi open model Portal certification usual for visitor, after visitor connects WiFi or wireline interface, enters
Access any third party website by mobile phone browser before row Certificate Authority and all can be redirected to the Portal page by system, logical
The modes such as input handset number acquisition short message mode certification, wechat certification, Quick Response Code certification of crossing obtain mandate and access network.
Wherein, in Quick Response Code verification process, prior art requires that visitor is led to by access terminal scanning network authorization person
Cross the Quick Response Code that authorization terminal provides, access terminal is not supported scan Quick Response Code function (such as not installing photographic head) or award
Power terminal does not have the scene of display function (such as without display screen), then cannot be carried out Quick Response Code certification.
Summary of the invention
Embodiments of the invention provide a kind of access authorization methods, device and system, are used for solving access terminal and do not support
Scanning Quick Response Code function or authorization terminal do not have under display function scene, it is impossible to the problem carrying out Quick Response Code certification.
For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that
First aspect, it is provided that a kind of access authorization methods, the method includes:
Door Portal server receives the access request from access terminal, and wherein, described access request comprises access
Terminal identity information;
Described Portal server generates Quick Response Code according to described access request;
Described Quick Response Code is sent to described access terminal by described Portal server, in order to described access terminal is to described
Quick Response Code shows;
Authorization terminal scans the described Quick Response Code of display in described access terminal;
Described authorization terminal generates authorization requests according to described Quick Response Code and awards to described in the transmission of described Portal server
Power request;
Described Portal server judges whether to authorize described access terminal according to described authorization requests;
If it is determined that authorize, the most described Portal server to checking, authorization and accounting aaa authentication server request is to institute
State access terminal to be authenticated;
If certification is passed through, the most described aaa authentication server notifies described access terminal mandate and certification success.
Second aspect, it is provided that a kind of access terminal, this access terminal includes:
Communication unit, for sending access request to door Portal server, described access request is for described
Portal server generates Quick Response Code according to described access request, and wherein, described access request comprises access terminal identity information;
Display unit, for showing the described Quick Response Code that described communication unit obtains.
The third aspect, it is provided that a kind of authorization terminal, this authorization terminal includes:
Scanning element, for scanning the Quick Response Code of display in access terminal, wherein, described Quick Response Code is door Portal clothes
Business device generates according to the access request from described access terminal, comprises access terminal identity information in described access request;
Processing unit, generates authorization requests for the Quick Response Code obtained according to the scanning of described scanning element;
Communication unit, for sending, to described Portal server, the described authorization requests that described processing unit generates.
Fourth aspect, it is provided that a kind of Portal server, this Portal server includes:
Communication unit, for receiving the access request from access terminal, wherein, described access request comprises access terminal
Identity information;
Processing unit, generates Quick Response Code for the described access request obtained according to described communication unit;
Described communication unit, is additionally operable to described Quick Response Code is sent to described access terminal, in order to described access terminal pair
Described Quick Response Code shows;
Described processing unit, is additionally operable to judge whether to enter described access terminal according to the authorization requests from authorization terminal
Row authorizes, and wherein, described authorization requests is that described authorization terminal is according to scanning the described Quick Response Code of display in described access terminal
Generated;
Described communication unit, is additionally operable to if it is determined that authorize, then to checking, authorization and accounting aaa authentication server request
Described access terminal is authenticated.
5th aspect, it is provided that a kind of aaa authentication server, this aaa authentication server includes:
Processing unit, is authenticated access terminal for the request sent according to door Portal server;
Communication unit, if passed through for described processing unit certification, then notifies that described access terminal mandate becomes with certification
Merit.
6th aspect, it is provided that a kind of access authoring system, including the access terminal as described in second aspect, such as third party
Authorization terminal described in face, the Portal server as described in fourth aspect and the aaa authentication server as described in terms of the 5th.
Access authorization methods, device and the system that embodiments of the invention provide, by Portal server according to access
Access terminal identity information in the access request of terminal generates Quick Response Code, shows this Quick Response Code for access terminal,
Generate authorization requests according to Quick Response Code after being scanned this Quick Response Code by authorization terminal, Portal server authorization requests mandate is led to
Being authenticated by aaa authentication server, certification accesses network by rear permission access terminal the most again.Due in the program, nothing
Need authorization terminal two-dimensional code display and carry out Quick Response Code scanning without access terminal, it is achieved that being accessed eventually by authorization terminal scanning
The upper Quick Response Code of end, to authorize access terminal and certification, therefore solves access terminal and does not support to scan Quick Response Code merit
Energy or authorization terminal do not have under display function scene, it is impossible to the problem carrying out Quick Response Code certification.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to
Other accompanying drawing is obtained according to these accompanying drawings.
The structural representation accessing authoring system that Fig. 1 provides for embodiments of the invention;
The schematic flow sheet of a kind of access authorization methods that Fig. 2 provides for embodiments of the invention;
Fig. 3 generates authorization requests for the authorization terminal that embodiments of the invention provide and sends mandate to Portal server
The schematic flow sheet of request;
Access terminal is entered by the Portal server that Fig. 4 provides for embodiments of the invention to aaa authentication server request
The schematic flow sheet of row certification;
The notice access terminal mandate of aaa authentication server and certification that Fig. 5 provides for embodiments of the invention are successfully flowed
Journey schematic diagram;
The schematic flow sheet of the another kind of access authorization methods that Fig. 6 provides for embodiments of the invention;
The structural representation of the access terminal that Fig. 7 provides for embodiments of the invention;
The structural representation of the authorization terminal that Fig. 8 provides for embodiments of the invention;
The structural representation of the Portal server that Fig. 9 provides for embodiments of the invention;
The structural representation of the aaa authentication server that Figure 10 provides for embodiments of the invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under not making creative work premise
Embodiment, broadly falls into the scope of protection of the invention.
Embodiments providing a kind of authoring system that accesses, shown in reference Fig. 1, this system includes: access terminal
11, authorization terminal 12, network access equipment 13, Portal server 14 and AAA (English full name: authentication
Authorization accounting, Chinese full name: checking, authorization and accounting) certificate server 15.
Wherein, the equipment of the access network that access terminal 11 uses for visitor, possess two-dimensional code display function, the most permissible
It is PC (English full name: personal computer, Chinese full name: personal computer), notebook, mobile phone etc.;Authorization terminal 12
The terminal authorizing access terminal 11 used for network authorization person, need to possess scanning Quick Response Code function, such as, can be
Mobile phone, scanner etc.;Network access equipment 13 is responsible for receiving the Portal certification of Portal server 14 initiation asks, and to
Aaa authentication server 15 initiates RADIUS (English full name: remote authentication dial in user
Service, Chinese full name: remote customer dialing authentication service) certification request, and control access terminal 11 access authority, such as
It can be router;Portal server 14 realize with the mutual of user and initiate Portal certification to network access equipment 13 please
Ask;Aaa authentication server 15 receives the RADIUS authentication request of network access equipment 13 initiation and is authenticated authorisation process.
Access terminal identity information described in the embodiment of the present invention for uniquely identifying access terminal, such as can include but
Be not limited to access terminal MAC (English full name: media access control, Chinese full name: media interviews control) address,
IMSI (English full name: international mobile subscriber identification number, Chinese full name:
International mobile subscriber identity) etc..Authorization terminal identity information described in the embodiment of the present invention and access terminal identity information class
Seemingly, for uniquely identifying authorization terminal, the MAC Address of authorization terminal, IMSI etc. are equally included but not limited to.
Portal server authenticating address described in the embodiment of the present invention refers to the ground being authenticated of Portal server
Location, initiates certification request according to this address for other equipment when Portal server asks certification, and this address can be URL
(English full name: uniform resource locator, Chinese full name: URL) address.
Access authorization methods, device and the system that the embodiment of the present invention provides, initiates access request by access terminal, by
Portal server generates Quick Response Code according to the access terminal identity information in access request, access terminal enter this Quick Response Code
Row display, authorization terminal generate authorization requests according to the access terminal identity information in Quick Response Code after scanning this Quick Response Code, by
Portal server to authorization requests mandate by after be authenticated by aaa authentication server again, certification by rear allow access
Terminal access network, it is achieved that by the upper Quick Response Code of authorization terminal scanning access terminal access terminal is authorized and recognizes
Card, solves access terminal and does not support that scanning Quick Response Code function or authorization terminal do not have under display function scene, it is impossible to carry out
The problem of Quick Response Code certification.
Embodiment 1,
Embodiments provide a kind of access authorization methods, be applied to the access authoring system shown in Fig. 1, reference
Shown in Fig. 2, the method includes:
S101, Portal server receive the access request from access terminal.
Wherein, access request comprises access terminal identity information.
Optionally, Portal server can receive the access from access terminal by the forwarding of network access equipment
Request.
Further alternative, network access equipment, can be first according to connecing in access request before forwarding access request
Enter terminal identity information the most authorized to judge this access terminal, if the most authorized, Portal service need not be transmitted to
Device, directly allows this access terminal to access network;If unauthorized, then access request is transmitted to Portal server.
S102, Portal server generate Quick Response Code according to access request.
Wherein, Quick Response Code comprises access terminal identity information.
Concrete, Portal server can generate Quick Response Code according to the access terminal identity information in access request.
Optionally, it is also possible to be encrypted to improve safety to the access terminal identity information in Quick Response Code.
Optionally, Quick Response Code can also comprise Portal server authenticating address.
Quick Response Code is sent to access terminal by S103, Portal server, in order to Quick Response Code is shown by access terminal.
The above-mentioned Quick Response Code of display in S104, authorization terminal scanning access terminal.
S105, authorization terminal generate authorization requests according to Quick Response Code and send this authorization requests to Portal server.
Now, authorization requests comprises access terminal identity information.
Wherein, authorization terminal is by system authorization the terminal unit that imparts network authorization authority.
Optionally, Portal can be serviced by authorization terminal according to the Portal server authenticating address comprised in Quick Response Code
Device is addressed, thus sends above-mentioned authorization requests to Portal server.
Further alternative, authorization terminal can also generate authorization requests also according to Quick Response Code and authorization terminal identity information
Send this authorization requests to Portal server, now, authorization requests comprises access terminal identity information and authorization terminal body
Part information.
Concrete, with reference to shown in Fig. 3, step S105 includes step S1051-S1054:
S1051, authorization terminal generate the first authorization requests according to the access terminal identity information in Quick Response Code.
First authorization requests is sent to Portal server by S1052, authorization terminal.
After S1053, Portal server receive the first authorization requests, obtain the access terminal body in the first authorization requests
Part information, and the page being used for obtaining authorization terminal identity information is sent to authorization terminal.
It addition, the access terminal identity information that Portal server obtains, may be used for Portal server to aaa authentication
Access terminal is authenticated by server request.
S1054, authorization terminal send the second authorization requests, wherein, second to Portal server after resolving the above-mentioned page
Authorization requests comprises authorization terminal identity information.
S106, Portal server judge whether to authorize access terminal according to authorization requests.
Concrete, can judge that this authorization terminal is the most legal according to the authorization terminal identity information in authorization requests, as
The most legal, then the access terminal indicated by access terminal identity information that can not comprise authorization requests authorizes and recognizes
Card.Otherwise, then error message or authorization failure message are sent to authorization terminal or access terminal.
S107 is if it is determined that authorize, then access terminal is recognized by Portal server to aaa authentication server request
Card.
Concrete, with reference to shown in Fig. 4, step S107 can include step S1071 and S1072.
S1071, Portal server create temporary visitor object, use temporary visitor object to initiate to network access equipment
Portal certification is asked, and wherein, temporary visitor object uses access terminal identity information, Portal certification request to comprise access eventually
End identity information.
S1072, network access equipment initiate RADIUS authentication according to Portal certification request to aaa authentication server please
Ask, wherein, RADIUS authentication request comprises access terminal identity information.
If S108 certification is passed through, then the notice access terminal mandate of aaa authentication server and certification success.
Concrete, with reference to shown in Fig. 5, step S108 can include step S1081-S1083:
S1081, aaa authentication server are successful to allow to connect to access authorization terminal and certification to network access equipment notice
Enter terminal by network access equipment access network.
S1082, network access equipment are successful to access authorization terminal and certification to Portal server notice.
S1083, Portal server are to access terminal notified on authorization and certification success.
The access authorization methods that the embodiment of the present invention provides, by Portal server according to the access request of access terminal
In access terminal identity information generate Quick Response Code, for access terminal, this Quick Response Code is shown, authorization terminal scans
After this Quick Response Code according to Quick Response Code generate authorization requests, by Portal server to authorization requests mandate by after recognized by AAA again
Card server is authenticated, and certification accesses network by rear permission access terminal.Due in the program, it is not necessary to authorization terminal shows
Quick Response Code and carry out Quick Response Code scanning without access terminal, it is achieved that by the upper Quick Response Code of authorization terminal scanning access terminal
Access terminal is authorized and certification, solve access terminal and do not support that scanning Quick Response Code function or authorization terminal do not have
Under display function scene, it is impossible to the problem carrying out Quick Response Code certification.
Embodiment 2,
Embodiments provide another kind of access authorization methods, be applied to the access authoring system shown in Fig. 1, with
Access terminal identity information is to illustrate the access authorization methods described in Fig. 2 as a example by access terminal MAC Address, with reference to figure
Shown in 6, the method includes:
S201, visitor access terminal by WLAN (English full name: wireless local area networks, in
Literary composition full name: WLAN) or cable network access network access device, prepare online.
S202, the browser of access terminal open any third party website to send access request to network access equipment.
S203, network access equipment receive access request.
S204, network access equipment have judged this access terminal the most according to the access terminal MAC Address in access request
Authorized, if the most authorized, carry out step S205, otherwise carry out step S206.
Exemplary, the access terminal authorized can be stored by network access equipment, in order to next time is accessed
Can quickly access when terminal accesses network again.
If S205 is the most authorized, network access equipment accesses network to this access terminal and lets pass.
If S206 unauthorized, the access request of access terminal is redirected to Portal service by network access equipment
Device.
S207, Portal server obtain the access terminal MAC Address in access request, by Portal server certification ground
Access terminal MAC Address behind location and encryption is combined generating Quick Response Code.
Quick Response Code is sent to access terminal by network access equipment by S208, Portal server.
Optionally, it is also possible in the page sent, " network authorization personnel scan following two to the similar following character string of prompting
Dimension code mandate rear addressable network ".
S209, access terminal show above-mentioned Quick Response Code.
S210, the authorization terminal of network authorization personnel scan the above-mentioned Quick Response Code of display in access terminal.
S211, authorization terminal generate the first authorization requests according to the access terminal MAC Address in above-mentioned Quick Response Code.
First authorization requests is sent the Portal server authenticating address to this Quick Response Code by S212, authorization terminal, makes
Obtain authorization requests and arrive Portal server.
After S213, Portal server receive the first authorization requests that authorization terminal sends, take out the access wherein comprised
Terminal MAC address, is sent to authorization terminal by the page obtaining authorization terminal identity information.
S214, authorization terminal send the second authorization requests to Portal server after resolving the above-mentioned page, and the second mandate please
Ask and include authorization terminal MAC Address.
After S215, Portal server receive the second authorization requests, obtain the MAC Address of the authorization terminal wherein comprised,
Carry out authentication, it is ensured that the legitimacy of this authorization terminal.If not conforming to rule to carry out step S216, otherwise carry out step
S217。
If S216 authorization terminal is illegal, then Portal server notified on authorization terminal and access terminal refusal authorize.
If S217 authorization terminal is legal, then Portal server will create a temporary visitor object, connecing of its simulation
The MAC Address entering terminal is the access terminal MAC Address that step S213 obtains.
S218, Portal server use this temporary visitor object to initiate Portal certification request to network access equipment,
Portal certification request comprises access terminal MAC Address.
S219, network access equipment initiate RADIUS authentication request according to Portal certification request to aaa authentication server,
RADIUS authentication request comprises access terminal MAC Address.
S220, aaa authentication server ask to be authenticated access terminal according to authentication logic and RADIUS authentication.
After S221, certification are passed through, aaa authentication server sends authorization by direction to network access equipment and certification is successful
RADIUS message, notifies accessing authorization terminal to allow access terminal by network access equipment access network.
S222, network access equipment receive authorization by direction and the certification successful RADIUS report that aaa authentication server sends
Wen Hou, to Portal server notice to accessing authorization terminal and certification success.
S223, Portal server are to access terminal notified on authorization and certification success.
It should be noted that access terminal periodically can check licensing status to Portal server, in order to Portal
Server is success or failure to access terminal notified on authorization state.
S224, access terminal just can access network.
The access authorization methods that the embodiment of the present invention provides, initiates access request by access terminal, Portal services
Device generates Quick Response Code according to the access terminal identity information in access request, access terminal show this Quick Response Code, by
Authorization terminal generates the first authorization requests according to the access terminal identity information in Quick Response Code and is sent to after scanning this Quick Response Code
Portal server, is obtained access terminal identity information therein by Portal server, and authorization terminal is according to authorization terminal MAC
Address generates the second authorization requests and is sent to Portal server, Portal server authorization terminal is carried out authority and examine
Core, examination & verification, by rear, is used temporary visitor object to initiate Portal certification request to network access equipment by Portal server,
RADIUS authentication request, aaa authentication service is initiated according to Portal certification request to aaa authentication server by network access equipment
Device certification accesses network by rear permission access terminal so that present invention may apply to have two-dimensional code display in access terminal
Function, authorization terminal have scanning Quick Response Code function scene under carry out Quick Response Code certification, solve access terminal and do not support to sweep
Retouch Quick Response Code function or authorization terminal does not have under display function scene, it is impossible to the problem carrying out Quick Response Code certification.
Embodiment 3,
The embodiment provides a kind of access terminal, be applied to connecing in the access authoring system shown in Fig. 1
Enter terminal 11, and for performing the function of access terminal in above-mentioned access authorization methods, with reference to shown in Fig. 7, this access is eventually
End 11 includes communication unit 111 and display unit 112, wherein:
Communication unit 111, for Portal server send access request and receive by Portal server according to
The Quick Response Code that access request generates, wherein, access request comprises access terminal identity information.
Display unit 112, the above-mentioned Quick Response Code obtained by communication unit 111 for display.
Owing to the access terminal in the embodiment of the present invention can apply to above-mentioned access authorization methods, therefore, it can obtain
The technique effect obtained also refers to said method embodiment, and the embodiment of the present invention does not repeats them here.
Embodiment 4,
The embodiment provides a kind of authorization terminal, be applied to awarding in the access authoring system shown in Fig. 1
Power terminal 12, and the function of authorization terminal in above-mentioned access authorization methods, shown in reference Fig. 8, this authorization terminal 12
Including scanning element 121, processing unit 122 and communication unit 123, wherein:
Scanning element 121, for scanning the Quick Response Code of display in access terminal, wherein, Quick Response Code is Portal server
Generate according to the access request from access terminal, access request comprises access terminal identity information.
Processing unit 122, for generating authorization requests according to the Quick Response Code of scanning element 121 scanning.
Communication unit 123, for sending, to Portal server, the authorization requests that processing unit 122 generates.
Owing to the authorization terminal in the embodiment of the present invention can apply to above-mentioned access authorization methods, therefore, it can obtain
The technique effect obtained also refers to said method embodiment, and the embodiment of the present invention does not repeats them here.
It should be noted that processing unit can be the processor individually set up, it is also possible to be integrated in a certain of controller
Individual processor realizes, in addition it is also possible to be stored in the memorizer of controller with the form of program code, by certain of controller
One processor calls and performs the function of above processing unit.Processor described here can be a central processing unit
(English full name: central processing unit, English abbreviation: CPU), or specific integrated circuit (English full name:
Application specific integrated circuit, English abbreviation: ASIC), or be configured to implement this
One or more integrated circuits of bright embodiment.
Embodiment 5,
The embodiment provides a kind of Portal server, be applied in the access authoring system shown in Fig. 1
Portal server 14, and the function of Portal server in the above-mentioned access authorization methods, with reference to shown in Fig. 9,
This Portal server 14 includes communication unit 141 and processing unit 142, wherein:
Communication unit 141, for receiving the access request from access terminal, wherein, access request comprises access terminal
Identity information;
Processing unit 142, generates Quick Response Code for the access request obtained according to communication unit 141;
Communication unit 141, is additionally operable to Quick Response Code is sent to access terminal, in order to Quick Response Code is shown by access terminal
Show;
Processing unit 142, is additionally operable to judge whether to award access terminal according to the authorization requests from authorization terminal
Power, wherein, authorization requests is generated according to the Quick Response Code of display in scanning access terminal by authorization terminal;
Communication unit 141, is additionally operable to if it is determined that authorize, then to checking, authorization and accounting aaa authentication server request pair
Access terminal is authenticated.
Owing to the Portal server in the embodiment of the present invention can apply to above-mentioned access authorization methods, therefore, its institute
Obtainable technique effect also refers to said method embodiment, and the embodiment of the present invention does not repeats them here.
It should be noted that processing unit can be the processor individually set up, it is also possible to be integrated in a certain of controller
Individual processor realizes, in addition it is also possible to be stored in the memorizer of controller with the form of program code, by certain of controller
One processor calls and performs the function of above processing unit.Processor described here can be a central processing unit
(English full name: central processing unit, English abbreviation: CPU), or specific integrated circuit (English full name:
Application specific integrated circuit, English abbreviation: ASIC), or be configured to implement this
One or more integrated circuits of bright embodiment.
Embodiment 6,
The embodiment provides a kind of aaa authentication server, be applied in the access authoring system shown in Fig. 1
Aaa authentication server 15, and the function of aaa authentication server in the above-mentioned access authorization methods, with reference to institute in Figure 10
Showing, this aaa authentication server 15 includes processing unit 151 and communication unit 152, wherein:
Processing unit 151, is authenticated access terminal for the request sent according to door Portal server.
Communication unit 152, if passed through for processing unit 151 certification, then notice access terminal mandate and certification success.
Owing to the aaa authentication server in the embodiment of the present invention can apply to above-mentioned access authorization methods, therefore, its institute
Obtainable technique effect also refers to said method embodiment, and the embodiment of the present invention does not repeats them here.
It should be noted that processing unit can be the processor individually set up, it is also possible to be integrated in a certain of controller
Individual processor realizes, in addition it is also possible to be stored in the memorizer of controller with the form of program code, by certain of controller
One processor calls and performs the function of above processing unit.Processor described here can be a central processing unit
(English full name: central processing unit, English abbreviation: CPU), or specific integrated circuit (English full name:
Application specific integrated circuit, English abbreviation: ASIC), or be configured to implement this
One or more integrated circuits of bright embodiment.
Should be understood that in various embodiments of the present invention, the size of the sequence number of above-mentioned each process is not meant to perform suitable
The priority of sequence, the execution sequence of each process should determine with its function and internal logic, and should be to the enforcement of the embodiment of the present invention
Process constitutes any restriction.
Those of ordinary skill in the art are it is to be appreciated that combine the list of each example that the embodiments described herein describes
Unit and algorithm steps, it is possible to being implemented in combination in of electronic hardware or computer software and electronic hardware.These functions are actually
Perform with hardware or software mode, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel
Each specifically should being used for can be used different methods to realize described function, but this realization is it is not considered that exceed
The scope of the present invention.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, the system of foregoing description,
The specific works process of device and unit, is referred to the corresponding process in preceding method embodiment, does not repeats them here.
In several embodiments provided herein, it should be understood that disclosed system, equipment and method, permissible
Realize by another way.Such as, apparatus embodiments described above is only schematically, such as, and described unit
Dividing, be only a kind of logic function and divide, actual can have other dividing mode, the most multiple unit or assembly when realizing
Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, equipment or unit
Close or communication connection, can be electrical, machinery or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme
's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.
If described function is using the form realization of SFU software functional unit and as independent production marketing or use, permissible
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is the most in other words
The part contributing prior art or the part of this technical scheme can embody with the form of software product, this meter
Calculation machine software product is stored in a storage medium, including some instructions with so that a computer equipment (can be individual
People's computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.
And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (English full name: read-only memory, English letter
ROM), random access memory (English full name: random access memory, English abbreviation: RAM), magnetic disc or light claim:
The various medium that can store program code such as dish.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art, in the technical scope that the invention discloses, can readily occur in change or replace, should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with described scope of the claims.
Claims (10)
1. an access authorization methods, it is characterised in that described method includes:
Door Portal server receives the access request from access terminal, and wherein, described access request comprises access terminal
Identity information;
Described Portal server generates Quick Response Code according to described access request;
Described Quick Response Code is sent to described access terminal by described Portal server, in order to described access terminal is to described two dimension
Code shows;
Authorization terminal scans the described Quick Response Code of display in described access terminal;
Described authorization terminal generates authorization requests according to described Quick Response Code and asks to the described mandate of transmission of described Portal server
Ask;
Described Portal server judges whether to authorize described access terminal according to described authorization requests;
If it is determined that authorize, the most described Portal server connects described to checking, authorization and accounting aaa authentication server request
Enter terminal to be authenticated;
If certification is passed through, the most described aaa authentication server notifies described access terminal mandate and certification success.
Method the most according to claim 1, it is characterised in that also comprise Portal server certification ground in described Quick Response Code
Location;
Described authorization terminal sends described authorization requests to described Portal server, including:
Described authorization terminal sends described mandate according to described Portal server authenticating address to described Portal server please
Ask.
Method the most according to claim 1, it is characterised in that described authorization terminal generates to authorize according to described Quick Response Code and asks
Ask and send described authorization requests to described Portal server, including:
Described authorization terminal generates the first authorization requests according to the access terminal identity information in described Quick Response Code;
Described first authorization requests is sent to described Portal server by described authorization terminal;
After described Portal server receives described first authorization requests, obtain the access terminal in described first authorization requests
Identity information, and the page being used for obtaining authorization terminal identity information is sent to described authorization terminal;
Described authorization terminal resolves and sends the second authorization requests to described Portal server after the described page, wherein, and described the
Two authorization requests comprise described authorization terminal identity information.
Method the most according to claim 1, it is characterised in that described Portal server is to checking, authorization and accounting AAA
Described access terminal is authenticated by certificate server request, including:
Described Portal server creates temporary visitor object, uses described temporary visitor object to initiate to network access equipment
Portal certification is asked, and wherein, described temporary visitor object uses described access terminal identity information, and described Portal certification please
Ask and comprise described access terminal identity information;
Described network access equipment initiates RADIUS authentication according to described Portal certification request to described aaa authentication server please
Ask, wherein, the request of described RADIUS authentication comprises described access terminal identity information.
Method the most according to claim 1, it is characterised in that described aaa authentication server notifies that described access terminal is awarded
Power and certification success, including:
Described aaa authentication server is described to allow to described access terminal mandate and certification success to network access equipment notice
Access terminal is by described network access equipment access network;
Described network access equipment is successful to described access terminal mandate and certification to described Portal server notice;
Described Portal server is to described access terminal notified on authorization and certification success.
6. an access terminal, it is characterised in that described access terminal includes:
Communication unit, for sending access request to door Portal server, described access request takes for described Portal
Business device generates Quick Response Code according to described access request, and wherein, described access request comprises access terminal identity information;
Display unit, for showing the described Quick Response Code that described communication unit obtains.
7. an authorization terminal, it is characterised in that described authorization terminal includes:
Scanning element, for scanning the Quick Response Code of display in access terminal, wherein, described Quick Response Code is door Portal server
Generate according to the access request from described access terminal, described access request comprises access terminal identity information;
Processing unit, generates authorization requests for the Quick Response Code obtained according to the scanning of described scanning element;
Communication unit, for sending, to described Portal server, the described authorization requests that described processing unit generates.
8. a door Portal server, it is characterised in that described Portal server includes:
Communication unit, for receiving the access request from access terminal, wherein, described access request comprises access terminal identity
Information;
Processing unit, generates Quick Response Code for the described access request obtained according to described communication unit;
Described communication unit, is additionally operable to described Quick Response Code is sent to described access terminal, in order to described access terminal is to described
Quick Response Code shows;
Described processing unit, is additionally operable to judge whether to award described access terminal according to the authorization requests from authorization terminal
Power, wherein, described authorization requests is given birth to according to scanning the described Quick Response Code of display in described access terminal by described authorization terminal
Become;
Described communication unit, is additionally operable to if it is determined that authorize, then to checking, authorization and accounting aaa authentication server request to institute
State access terminal to be authenticated.
9. a checking, authorization and accounting aaa authentication server, it is characterised in that described aaa authentication server includes:
Processing unit, is authenticated access terminal for the request sent according to door Portal server;
Communication unit, if passed through for described processing unit certification, then notifies described access terminal mandate and certification success.
10. one kind accesses authoring system, it is characterised in that include access terminal as claimed in claim 6, such as claim 7
Described authorization terminal, door Portal server as claimed in claim 8 and checking as claimed in claim 9, mandate
With book keeping operation aaa authentication server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610782425.1A CN106209912A (en) | 2016-08-30 | 2016-08-30 | Access authorization methods, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610782425.1A CN106209912A (en) | 2016-08-30 | 2016-08-30 | Access authorization methods, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106209912A true CN106209912A (en) | 2016-12-07 |
Family
ID=58086729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610782425.1A Pending CN106209912A (en) | 2016-08-30 | 2016-08-30 | Access authorization methods, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106209912A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107155185A (en) * | 2017-06-30 | 2017-09-12 | 迈普通信技术股份有限公司 | A kind of access WLAN authentication method, apparatus and system |
| CN107241461A (en) * | 2017-07-14 | 2017-10-10 | 迈普通信技术股份有限公司 | MAC Address acquisition methods, gateway device, network authentication apparatus and network system |
| CN107277812A (en) * | 2017-07-11 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of wireless network authentication method and system based on Quick Response Code |
| CN107454064A (en) * | 2017-07-11 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of visitor's authentication method and system based on public number |
| CN107454594A (en) * | 2017-08-15 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | The method and device of mobile terminal Internet access certification |
| CN107529164A (en) * | 2017-09-07 | 2017-12-29 | 上海斐讯数据通信技术有限公司 | A kind of portal certifications, wireless network access method and system |
| CN108322366A (en) * | 2017-01-17 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Access the methods, devices and systems of network |
| CN108696510A (en) * | 2018-04-17 | 2018-10-23 | 新大陆(福建)公共服务有限公司 | One kind being based on high in the clouds cooperating manufacture Quick Response Code method and system by all kinds of means |
| CN108810896A (en) * | 2018-07-17 | 2018-11-13 | 上海连尚网络科技有限公司 | The connection authentication method and device of wireless access point |
| CN109428893A (en) * | 2018-12-25 | 2019-03-05 | 武汉思普崚技术有限公司 | A kind of identity identifying method, apparatus and system |
| CN109640194A (en) * | 2018-11-15 | 2019-04-16 | 视联动力信息技术股份有限公司 | A kind of method and apparatus that terminal authorization is obtained by two dimensional code based on view networking |
| CN109861954A (en) * | 2018-07-24 | 2019-06-07 | 西安新路网络科技有限公司 | A kind of authentication method and equipment |
| CN109922473A (en) * | 2019-02-25 | 2019-06-21 | 迈普通信技术股份有限公司 | A kind of authorization and authentication method, certificate server and system |
| CN110198540A (en) * | 2019-05-09 | 2019-09-03 | 新华三技术有限公司 | Authentication method and device |
| CN110336870A (en) * | 2019-06-27 | 2019-10-15 | 深圳前海微众银行股份有限公司 | Method for building up, device, system and the storage medium in telecommuting O&M channel |
| CN110474958A (en) * | 2019-07-12 | 2019-11-19 | 锐捷网络股份有限公司 | Method, server, fixed terminal and the mobile terminal of barcode scanning certification |
| CN110727886A (en) * | 2019-09-06 | 2020-01-24 | 深圳前海金融资产交易所有限公司 | Multi-terminal linkage method and device and computer readable storage medium |
| CN110768985A (en) * | 2019-10-25 | 2020-02-07 | 广州大白互联网科技有限公司 | Code scanning authentication method initiated by access terminal, access terminal and authentication system |
| CN111402086A (en) * | 2018-12-13 | 2020-07-10 | 允匠智能科技(上海)有限公司 | Intelligent remote monitoring management system for community |
| CN113239397A (en) * | 2021-05-11 | 2021-08-10 | 鸬鹚科技(深圳)有限公司 | Information access method, device, computer equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101232509A (en) * | 2008-02-26 | 2008-07-30 | 杭州华三通信技术有限公司 | Equipment, system and method for supporting insulation mode network access control |
| US20080235770A1 (en) * | 2003-06-02 | 2008-09-25 | Huawei Technologies Co., Ltd. | System and Method of Network Authentication, Authorization and Accounting |
| CN102238544A (en) * | 2010-05-06 | 2011-11-09 | 中兴通讯股份有限公司 | Mobile network authentication method and system |
| CN103428203A (en) * | 2013-07-24 | 2013-12-04 | 福建星网锐捷网络有限公司 | Access control method and device |
-
2016
- 2016-08-30 CN CN201610782425.1A patent/CN106209912A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080235770A1 (en) * | 2003-06-02 | 2008-09-25 | Huawei Technologies Co., Ltd. | System and Method of Network Authentication, Authorization and Accounting |
| CN101232509A (en) * | 2008-02-26 | 2008-07-30 | 杭州华三通信技术有限公司 | Equipment, system and method for supporting insulation mode network access control |
| CN102238544A (en) * | 2010-05-06 | 2011-11-09 | 中兴通讯股份有限公司 | Mobile network authentication method and system |
| CN103428203A (en) * | 2013-07-24 | 2013-12-04 | 福建星网锐捷网络有限公司 | Access control method and device |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108322366A (en) * | 2017-01-17 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Access the methods, devices and systems of network |
| CN108322366B (en) * | 2017-01-17 | 2021-10-01 | 阿里巴巴集团控股有限公司 | Method, device and system for accessing network |
| CN107155185A (en) * | 2017-06-30 | 2017-09-12 | 迈普通信技术股份有限公司 | A kind of access WLAN authentication method, apparatus and system |
| CN107155185B (en) * | 2017-06-30 | 2019-12-03 | 迈普通信技术股份有限公司 | It is a kind of to access the authentication method of WLAN, apparatus and system |
| CN107277812A (en) * | 2017-07-11 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of wireless network authentication method and system based on Quick Response Code |
| CN107454064A (en) * | 2017-07-11 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of visitor's authentication method and system based on public number |
| CN107241461B (en) * | 2017-07-14 | 2019-09-13 | 迈普通信技术股份有限公司 | MAC Address acquisition methods, gateway, network authentication apparatus and network system |
| CN107241461A (en) * | 2017-07-14 | 2017-10-10 | 迈普通信技术股份有限公司 | MAC Address acquisition methods, gateway device, network authentication apparatus and network system |
| CN107454594A (en) * | 2017-08-15 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | The method and device of mobile terminal Internet access certification |
| CN107529164A (en) * | 2017-09-07 | 2017-12-29 | 上海斐讯数据通信技术有限公司 | A kind of portal certifications, wireless network access method and system |
| CN108696510A (en) * | 2018-04-17 | 2018-10-23 | 新大陆(福建)公共服务有限公司 | One kind being based on high in the clouds cooperating manufacture Quick Response Code method and system by all kinds of means |
| CN108696510B (en) * | 2018-04-17 | 2021-08-03 | 新大陆(福建)公共服务有限公司 | Cloud-based multi-channel collaborative two-dimensional code production method and system |
| WO2020015583A1 (en) * | 2018-07-17 | 2020-01-23 | 上海连尚网络科技有限公司 | Connection authentication method and device for wireless access point |
| CN108810896A (en) * | 2018-07-17 | 2018-11-13 | 上海连尚网络科技有限公司 | The connection authentication method and device of wireless access point |
| CN108810896B (en) * | 2018-07-17 | 2020-11-06 | 上海连尚网络科技有限公司 | Connection authentication method and device of wireless access point |
| CN109861954A (en) * | 2018-07-24 | 2019-06-07 | 西安新路网络科技有限公司 | A kind of authentication method and equipment |
| CN109861954B (en) * | 2018-07-24 | 2021-12-10 | 西安新路网络科技有限公司 | Authentication method, mobile terminal, PC (personal computer) terminal and auxiliary authentication server |
| CN109640194A (en) * | 2018-11-15 | 2019-04-16 | 视联动力信息技术股份有限公司 | A kind of method and apparatus that terminal authorization is obtained by two dimensional code based on view networking |
| CN111402086A (en) * | 2018-12-13 | 2020-07-10 | 允匠智能科技(上海)有限公司 | Intelligent remote monitoring management system for community |
| CN109428893A (en) * | 2018-12-25 | 2019-03-05 | 武汉思普崚技术有限公司 | A kind of identity identifying method, apparatus and system |
| CN109922473A (en) * | 2019-02-25 | 2019-06-21 | 迈普通信技术股份有限公司 | A kind of authorization and authentication method, certificate server and system |
| CN110198540A (en) * | 2019-05-09 | 2019-09-03 | 新华三技术有限公司 | Authentication method and device |
| CN110198540B (en) * | 2019-05-09 | 2022-05-24 | 新华三技术有限公司 | Portal authentication method and device |
| CN110336870A (en) * | 2019-06-27 | 2019-10-15 | 深圳前海微众银行股份有限公司 | Method for building up, device, system and the storage medium in telecommuting O&M channel |
| CN110336870B (en) * | 2019-06-27 | 2024-03-05 | 深圳前海微众银行股份有限公司 | Method, device and system for establishing remote office operation and maintenance channel and storage medium |
| CN110474958B (en) * | 2019-07-12 | 2022-05-20 | 锐捷网络股份有限公司 | Code scanning authentication method, server, fixed terminal and mobile terminal |
| CN110474958A (en) * | 2019-07-12 | 2019-11-19 | 锐捷网络股份有限公司 | Method, server, fixed terminal and the mobile terminal of barcode scanning certification |
| CN110727886A (en) * | 2019-09-06 | 2020-01-24 | 深圳前海金融资产交易所有限公司 | Multi-terminal linkage method and device and computer readable storage medium |
| CN110768985A (en) * | 2019-10-25 | 2020-02-07 | 广州大白互联网科技有限公司 | Code scanning authentication method initiated by access terminal, access terminal and authentication system |
| CN113239397A (en) * | 2021-05-11 | 2021-08-10 | 鸬鹚科技(深圳)有限公司 | Information access method, device, computer equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106209912A (en) | Access authorization methods, device and system | |
| CN109600306B (en) | Method, device and storage medium for creating session | |
| CN104364790B (en) | System and method for implementing dual factor anthentication | |
| CN102598577B (en) | Cloud certification is used to carry out device and the system of certification | |
| CN101099143B (en) | System and method for enabling authorization of a network device using attribute certificates | |
| KR102089833B1 (en) | Secure wireless charging | |
| CN110334489A (en) | A kind of unified single sign-on system and method | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| CN103380592B (en) | Method, server and system for personal authentication | |
| EP2751733B1 (en) | Method and system for authorizing an action at a site | |
| CN104994504A (en) | Secure and automatic connection to wireless network | |
| CN102045367A (en) | Registration method and authentication server of real-name authentication | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| EP3937040B1 (en) | Systems and methods for securing login access | |
| CN105141460A (en) | Multi-platform based unified account system | |
| CN106549909A (en) | A kind of authority checking method and apparatus | |
| CN105703910A (en) | Dynamic password verifying method based on Wechat service number | |
| CN110324344A (en) | The method and device of account information certification | |
| CN113645257B (en) | Identity authentication method and device, electronic equipment and storage medium | |
| Hammood et al. | User authentication model based on mobile phone IMEI number: a proposed method application for online banking system | |
| JP5991143B2 (en) | Information processing apparatus, system, and information registration method | |
| TWI357752B (en) | Network user id verification system and method | |
| JP2008199618A (en) | Method, system, and computer program for using personal communication device to obtain additional information | |
| EP3407241A1 (en) | User authentication and authorization system for a mobile application | |
| CN103559430B (en) | application account management method and device based on Android system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161207 |