CN106330894B - SAVI proxy authentication system and method based on link-local address - Google Patents

SAVI proxy authentication system and method based on link-local address Download PDF

Info

Publication number
CN106330894B
CN106330894B CN201610701943.6A CN201610701943A CN106330894B CN 106330894 B CN106330894 B CN 106330894B CN 201610701943 A CN201610701943 A CN 201610701943A CN 106330894 B CN106330894 B CN 106330894B
Authority
CN
China
Prior art keywords
savi
client
address
link
list item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610701943.6A
Other languages
Chinese (zh)
Other versions
CN106330894A (en
Inventor
黄友俊
李星
吴建平
宗烈峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CERNET Corp
Original Assignee
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CERNET Corp filed Critical CERNET Corp
Priority to CN201610701943.6A priority Critical patent/CN106330894B/en
Publication of CN106330894A publication Critical patent/CN106330894A/en
Application granted granted Critical
Publication of CN106330894B publication Critical patent/CN106330894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/58Caching of addresses or names
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of SAVI proxy authentication system and method based on link-local address.The system includes: Web Portal subsystem, for the pop-up web page prompt input username and password when user networks;SAVI proxy authentication subsystem, for being authenticated instead of SAVI client.The purpose of above scheme is to avoid developing a variety of SAVI certification networked clients programs, and the Windows developed now, the type of Linux, MAC OS, iOS, Andriod client are too many, and operating cost is too high.

Description

SAVI proxy authentication system and method based on link-local address
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of SAVI agency based on link-local address to recognize Card system, for providing more convenient to use and deployment certification network access for the SAVI system in education network.
Background technique
In recent years, with China Internet industry high speed development, information network has become the important guarantee of social development. SAVI system is the true source address certification connecting internet system inside education network.Refectory user, such as student, to pass through SAVI system online, it is desirable to provide the user NID (i.e. user name, 10 bit digitals) and password of registration, the user NID generally can be with The binding of the identity informations such as student number.When user surfs the Internet, oneself user NID and password are inputted.After certification passes through, SAVI system is to use The address IPv6,64 information of the meeting containing NID behind the address IPv6 are distributed in family.When user accesses the website IPv6, user is all Correspondence with foreign country be all to be carried out by the address IPv6 of this distribution.Network administrator can be chased after by this address IPv6 Trace back to NID information, can also find in this way be which student number the net that goes of people.The verification process of SAVI need user name and Password, traditional approach are the online clients for developing each platform.The Windows that needs to develop, Linux, MAC OS, iOS, The version of Andriod client is numerous, and deployment, operating cost are too high.User needs voluntarily to install, and uses inconvenience;And And the platform having needs highest root authority, and the user having more is caused to cannot achieve root and surf the Internet.
Summary of the invention
To solve above-mentioned problems of the prior art, the present invention proposes a kind of SAVI generation based on link-local address Manage Verification System.The SAVI proxy authentication system based on link-local address is disposed by the same network segment surfed the Internet in user, it can With proxy user SAVI certification, so that user is not had to installation client can surf the Internet.
According to an aspect of the present invention, a kind of SAVI proxy authentication system based on link-local address is provided comprising:
SAVI interchanger is used to access to client network, and when client is initially accessed, distributes for client One link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;
SAVI network management system will for periodically checking the MIB tables of data, and when having in MIB tables of data new list item MAC Address and link-local address in new list item are stored in SAVI authentication database;
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, prompts user defeated Enter the NID and password of client, and the NID, password and link-local address of client are transmitted to SAVI proxy authentication subsystem System;
SAVI proxy authentication subsystem uses NID, password and the link-local address of client to the identity of client Information is authenticated to SAVI Verification System;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and in the client certificate By rear, the address IPV6 is returned to for it
According to a further aspect of the invention, a kind of SAVI proxy authentication method based on link-local address, the party are provided Method includes:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger for it with distributing a link-local Location, while the MAC Address of client and link-local address being all stored in the MIB tables of data of SAVI interchanger;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new table in MIB tables of data Xiang Shi, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt it is defeated Enter the NID and password of client;
Step 4, Web Portal system obtain client NID and password after, by the NID of the client, password and Link-local address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client The identity information at end is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server distributes the address IPv6 for it, while will be described The MAC Address of the address IPv6 and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record The address IPv6 returns to client.
Above scheme proposed by the present invention is real by combining link-local address, Web Portal, proxy authentication module When real, efficiently certification and function of surfing the Net, for into education network user provide SAVI authentication service.The system is using standard Http protocol, so that various terminals platform can be authenticated without installing Authentication Client, and have compatibility well, The respective characteristic of various terminals operating system is avoided, the cost of various client exploitations and deployment has greatly been saved.
Detailed description of the invention
Fig. 1 is the SAVI proxy authentication system architecture diagram based on link-local address in the present invention;
Fig. 2 is SAVI proxy authentication process flow diagram flow chart in the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with detail, and referring to attached Figure, the present invention is described in more detail.Embodiment according to the present invention journey can clearly show that acting on behalf of SAVI under the invention recognizes Demonstrate,prove function.
The SAVI proxy authentication system based on link-local address that the invention proposes a kind of.The system is based on IPv6 agreement In link-local address carry out initial authentication process, and using standard http protocol.As shown in Figure 1, the system includes:
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, prompts user defeated Enter the NID and password of online, and password is issued SAVI proxy authentication subsystem.
SAVI proxy authentication subsystem, the NID and password inputted using user, which authenticates subscriber identity information to SAVI, is System is authenticated, and the address of the NID of user and user are stored in SAVI authentication database after the authentication has been successful.
The system also includes:
SAVI interchanger is used to access to client network, and is terminal distribution when terminal initial accesses network One link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;Visitor After family end is that the SAVI interchanger disconnects, SAVI interchanger deletes list item of the client in MIB tables of data;
SAVI network management system will be new for periodically checking MIB tables of data, and when having in MIB tables of data new list item MAC Address and link-local address in list item are stored in SAVI authentication database;In addition, corresponding to certain in MIB tables of data After the list item of a client is deleted, list item corresponding with the client in SAVI authentication database is deleted, that is, deletes the visitor MAC Address, link-local address and the NID at family end;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and in the client certificate By rear, the address IPV6 is returned to for it.Each component part of the system is discussed in detail below by specific embodiment, joins See attached drawing 2:
1, SAVI interchanger configures
Firstly, should be configured to the access switch of SAVI.Configuration mainly has two o'clock: first point is to open neighbours' discovery (Neighbor Discovery, ND), allows access terminal that can obtain IPv6 gateway address, and the IPv6 gateway address of configuration is exactly The link-local address of Web Portal server, it is therefore an objective to the data message for the terminal for just accessing network be made to be dealt into Web Portal server, it is the anti-HTTP request for asking outer net that Web Portal server, which has been found that, just redirects that login The page, login page have the list of input NID and password, allow user to input and verify its identity information;Second point is not match The routing address prefix information in router advertisement (Router Advertisement, RA) message is set, but configures interchanger Parameter uses DHCPv6, allows access terminal that can not obtain the stateless address IPv6 in this way, and application can only be gone to have shape by DHCPv6 The address state IPv6.
2, consistency operation when user terminal physics accesses
When user terminal physics accesses SAVI network, i.e., catv terminal plugs cable and is switched on, and wireless terminal connects nothing When line AP (wireless access points) signal, SAVI exchange opportunity generates a link-local address for it, i.e. FE80::x:x: X:x/64.The network management system in SAVI system can periodically be gone in the MIB table for reading SAVI interchanger (such as the interval several seconds) simultaneously Data, when network management system reads the data of MAC and link-local address, it will find that there is new terminal to access, Because having found new MAC Address and link-local address.This new data can be added to recognizing for SAVI by network management system It demonstrate,proves in database, MAC Address, link-local address is saved in database a line.This is consistency operation, complete to user terminal It does not influence entirely.Note that having in user terminal at this time due to the configuration of interchanger and only address IPv6 being exactly this local Link address, default gateway are the link-local address of Web Portal server.
3, operation when user terminal access website
When opening browser access website in user terminal, this HTTP request has been sent to Web Portal service Device.After Web Portal server intercepts HTTP request, it is returned to the page of login authentication.Web Portal server for The data packet of other agreements, such as FTP etc. then all abandon.The page of login authentication is shown on user terminal, user just knows Road authenticates not yet, he must just input user name i.e. NID and password at this time.After user inputs NID and password, and touches the button and mention Certification is handed over, can prompt to authenticate successfully if correct, otherwise prompt authentification failure.
4, the operation of SAVI proxy authentication system
When user inputs NID and password and submits information, Web Portal server is sent to three user informations SAVI proxy authentication system.These three user informations be the link-local address of user, the NID of user, user password.SAVI After proxy authentication system obtains these information, the NID and password of user are sent to the NID management server of SAVI Verification System It goes to be authenticated.If authentification failure, NID management server returns to failure cause, and SAVI proxy authentication system returns to reason Web Portal server is given, Web Portal server returns it to User Page.If authenticated successfully, NID management clothes Business device is saved in link-local address, NID in the authentication database of SAVI.Note that since network management system has been in second step Through in SAVI interchanger MAC Address and link-local address be saved in same table in same database and suffer, at this time NID manage This row in table is found according to link-local address as long as managing server, NID is saved in corresponding field.If that Network management system goes to read MIB table not yet in two steps, does not just have this journey in database at this time, at this time NID management server Need to be inserted into a newline, including link-local address, NID, after network management system goes to read MIB table, network management system is according to this Ground link address finds this row in table, and MAC Address is saved in corresponding field.
5, the operation when user terminal acquisition address IPv6
In the first step, SAVI interchanger is arranged to the address of stateful DHCPv6 distributing user, so user Terminal one, which connects after physical network obtains link-local address, will go to request DHCP service distribution address.The DHCPv6 of SAVI takes After business device receives this DHCP request, the authentication database of inquiry SAVI is just removed, is inquired according to user terminal MAC Address.Such as Network management system of the fruit in second step goes to read MIB table not yet, does not just have related data in database, and the DHCPv6 of SAVI takes Business device does not just return to station address information;If found, but if user does not authenticate success, do not have in this data NID information, illustrate user also do not authenticate or authenticate it is unsuccessful, the DHCPv6 server of SAVI do not return to yet station address letter Breath.In both cases, the DHCP request of user terminal is not responded, and user terminal will send repeatedly DHCPv6 and ask It asks, and the DHCPv6 server of SAVI then can just can real basis after MAC, link-local address, NID information are all complete The address of SAVI generates scheme (using three user NID, MAC, time elements) address Lai Shengcheng global unicast IPv6, and returns To user terminal.User terminal is repeatedly during request address, and only link-local address can not access external website. When DHCPv6 server returns to the address IPv6 to user terminal, while dns server address and new default gateway address are returned to, User can access external website in this way.DHCPv6 server return the address IPv6 while, SAVI interchanger also can with The family address MAC and IPv6 is added in interchanger binding table (MIB table).Interchanger binding table accesses control, is added to and ties up Determine to allow for the data packet of the address IPv6 by switch port in table, not the IPv6 address date packet in binding table by It abandons.
6, operation when user terminal suspension
User terminal suspension is left, if user terminal sends DHCP Release request, the DHCPv6 server of SAVI After receiving request, the list item in aforementioned data library can be deleted according to its MAC Address.If user terminal directly shuts down or pulls out net The modes suspension such as line, then SAVI exchange opportunity disconnects according to physical link and deletes interchanger binding list item, the network management system of SAVI The deletion of list item is read, also will be deleted the list item in aforementioned data library.Other suspension operations are grasped with the original suspension of SAVI system Make equally, to be not repeated herein.
In another embodiment of the present invention, it is also proposed that a kind of SAVI proxy authentication method based on link-local address, it should Method includes:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger for it with distributing a link-local Location, while the MAC Address of client and link-local address being all stored in the MIB tables of data of SAVI interchanger;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new table in MIB tables of data Xiang Shi, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt it is defeated Enter the NID and password of client;
Step 4, Web Portal system obtain client NID and password after, by the NID of the client, password and Link-local address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client The identity information at end is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server distributes the address IPv6 for it, while will be described The MAC Address of the address IPv6 and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record The address IPv6 returns to client.
Particular embodiments described above journey has carried out further the purpose of the present invention, technical scheme and beneficial effects It is described in detail, it should be understood that Cheng Eryi above is only a specific embodiment of the present invention, is not limited to this hair Bright, all within the neoteric spirit of this loophole and principle, any modification, equivalent substitution, improvement and etc. done should be included in Within protection scope of the present invention.

Claims (8)

1. a kind of SAVI proxy authentication system based on link-local address characterized by comprising
SAVI interchanger is used to access to client network, and when client is initially accessed, distributes one for client Link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;
SAVI network management system will be new for periodically checking the MIB tables of data, and when having in MIB tables of data new list item MAC Address and link-local address in list item are stored in SAVI authentication database;
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, and user is prompted to input visitor The NID and password at family end, and the NID, password and link-local address of client are transmitted to SAVI proxy authentication subsystem;
SAVI proxy authentication subsystem uses NID, password and the link-local address of client to the identity information of client It is authenticated to SAVI Verification System;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and passes through in the client certificate Afterwards, the address IPV6 is returned to for it;
Wherein, the SAVI interchanger is configured as: the first, the IPv6 gateway address returned to the client of access is Web The link-local address of Portal subsystem;The second, the routing address prefix in RA message is not configured, and is configured described in its use SAVI Dynamic Host Configuration Protocol server.
2. the system as claimed in claim 1, which is characterized in that further include:
SAVI Verification System utilizes NID, password and the link-local of the client received from SAVI proxy authentication subsystem Address is authenticated, and after the authentication has been successful, and the link-local address of the client and NID are saved in SAVI authentication data In library.
3. system as claimed in claim 2, which is characterized in that SAVI Verification System is according to the link-local of the client The SAVI authentication database is searched in location, if there are the corresponding tables of the link-local address in the SAVI authentication database , then the NID is inserted into the list item, it is corresponding if there is no the link-local address in the SAVI authentication database List item, then establish one include the link-local address and NID list item.
4. system as claimed in claim 3, which is characterized in that the SAVI network management system exists, by the MAC in new list item Location and link-local address are stored in SAVI authentication database, check SAVI authentication data first with the link-local address Whether corresponding list item is had existed in library, if it is present directly the MAC Address is inserted into the list item;If do not deposited New list item is then being established, and save the MAC Address and link-local address in the new list item.
5. the system as claimed in claim 1, which is characterized in that
When client accesses SAVI interchanger, according to the DHCPv6 server address that SAVI interchanger provides, Xiang Suoshu DHCPv6 server sends DHCP request;
The SAVI Dynamic Host Configuration Protocol server inquires SAVI after receiving the DHCP request of client, according to the MAC Address of client Authentication database, if having the MAC Address of the client in the SAVI authentication database, and client has authenticated and passed through, Then the address IPv6 is returned to client.
6. system as claimed in claim 5, which is characterized in that the SAVI Dynamic Host Configuration Protocol server is to client return IPv6 Behind location, the IPV6 address information is stored in the MAC Address of the client corresponding list item in MIB table by SAVI interchanger In.
7. the system as claimed in claim 1, which is characterized in that the SAVI Dynamic Host Configuration Protocol server receives client transmission After suspension request, the list item in the SAVI authentication database is deleted according to the MAC Address of the client;If client Not sent suspension is requested directly after suspension, and the SAVI interchanger deletes corresponding list item in MIB table, and SAVI network management system After detecting that the list item in MIB table is deleted, corresponding list item in the SAVI authentication database is deleted.
8. a kind of SAVI proxy authentication method based on link-local address, this method comprises:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger is that it distributes a link-local address, together When the MAC Address of client and link-local address are all stored in the MIB tables of data of SAVI interchanger, SAVI exchange Machine is configured as: the first, being the link-local of Web Portal subsystem to the IPv6 gateway address of the client of access return Address;The second, the routing address prefix in RA message is not configured, and is configured it and used the SAVI Dynamic Host Configuration Protocol server;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new list item in MIB tables of data When, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt input visitor The NID and password at family end;
After step 4, Web Portal system obtain the NID and password of client, by the NID, password and local of the client Link address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client Identity information is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server is that it distributes the address IPv6, while by the IPv6 The MAC Address of address and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record IPv6 Location returns to client.
CN201610701943.6A 2016-08-22 2016-08-22 SAVI proxy authentication system and method based on link-local address Active CN106330894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610701943.6A CN106330894B (en) 2016-08-22 2016-08-22 SAVI proxy authentication system and method based on link-local address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610701943.6A CN106330894B (en) 2016-08-22 2016-08-22 SAVI proxy authentication system and method based on link-local address

Publications (2)

Publication Number Publication Date
CN106330894A CN106330894A (en) 2017-01-11
CN106330894B true CN106330894B (en) 2019-11-22

Family

ID=57742678

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610701943.6A Active CN106330894B (en) 2016-08-22 2016-08-22 SAVI proxy authentication system and method based on link-local address

Country Status (1)

Country Link
CN (1) CN106330894B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881308B (en) * 2018-08-09 2021-10-12 下一代互联网重大应用技术(北京)工程研究中心有限公司 User terminal and authentication method, system and medium thereof
CN110224980B (en) * 2019-05-05 2020-10-27 清华大学 Credible MPTCP transmission method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN102624729A (en) * 2012-03-12 2012-08-01 北京星网锐捷网络技术有限公司 Web authentication method, device and system
CN102710448A (en) * 2012-06-12 2012-10-03 清华大学 Adaptive regulating method of life cycle parameter of SAVI (Source Address Validation Improvements) switch filter table
CN104852919A (en) * 2015-05-14 2015-08-19 杭州华三通信技术有限公司 Method and apparatus for realizing portal authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN102624729A (en) * 2012-03-12 2012-08-01 北京星网锐捷网络技术有限公司 Web authentication method, device and system
CN102710448A (en) * 2012-06-12 2012-10-03 清华大学 Adaptive regulating method of life cycle parameter of SAVI (Source Address Validation Improvements) switch filter table
CN104852919A (en) * 2015-05-14 2015-08-19 杭州华三通信技术有限公司 Method and apparatus for realizing portal authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于交换机的安全接入系统研究与实现;陈虹钊;《中国优秀硕士学位论文》;20140521;正文第3.1、3.2节 *

Also Published As

Publication number Publication date
CN106330894A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
CN106851632B (en) A kind of method and device of smart machine access WLAN
CN108881308B (en) User terminal and authentication method, system and medium thereof
US9215234B2 (en) Security actions based on client identity databases
CN110300117A (en) Authentication method, equipment and the medium of IOT equipment and user's binding
CN101447879B (en) Charging method and access equipment therefor
CN104159225A (en) Wireless network based real-name registration system management method and system
CN103023856B (en) Method, system and the information processing method of single-sign-on, system
CN109862565A (en) A kind of WLAN unaware control method, system and readable storage medium storing program for executing
CN103428211A (en) Network authentication system on basis of switchboards and authentication method for network authentication system
CN105592180B (en) A kind of method and apparatus of Portal certification
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
CN101764808A (en) Authentication processing method and system for automatic login as well as server
CN105592062A (en) Method and device for remaining IP address unchanged
CN106603556B (en) Single-point logging method, apparatus and system
CN104468619B (en) A kind of method and authentication gateway for realizing double stack web authentications
CN103634111B (en) Single-point logging method and system and single sign-on client-side
US8769623B2 (en) Grouping multiple network addresses of a subscriber into a single communication session
CN114079971A (en) Service flow management and control method, system, DPI node and storage medium
CN106330894B (en) SAVI proxy authentication system and method based on link-local address
CN106789905A (en) A kind of network access equipment and method
JP2002152276A (en) Internet utilizing method and device utilizing wired or wireless lan system, and line concentration/connection device
CN106209750A (en) A kind of network allocation method, server, network access equipment and system
KR20120044381A (en) Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof
CN103634421A (en) Address distribution method and server
CN103118025A (en) Single sign-on method based on network access certification, single sign-on device and certificating server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant