CN106453119A - Authentication control method and device - Google Patents

Authentication control method and device Download PDF

Info

Publication number
CN106453119A
CN106453119A CN201611020826.XA CN201611020826A CN106453119A CN 106453119 A CN106453119 A CN 106453119A CN 201611020826 A CN201611020826 A CN 201611020826A CN 106453119 A CN106453119 A CN 106453119A
Authority
CN
China
Prior art keywords
portal
address
notification message
target
terminal user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611020826.XA
Other languages
Chinese (zh)
Inventor
肖梅
周英
晁岳磊
汪亮
章靠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201611020826.XA priority Critical patent/CN106453119A/en
Publication of CN106453119A publication Critical patent/CN106453119A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an authentication control method and device. The method comprises the following step: sending a first notification message to broadband remote access server (BRAS) equipment when an authentication failure message specific to a target user terminal is received, wherein the first notification message carries a target Internet protocol (IP) address and first preset duration of the target user terminal, so that the BRAS equipment refuses to forward a Portal authentication request message of which a source IP address is the target IP address within the first preset duration. Through application of the authentication control method and device, the load of a Portal server can be lowered, and the concurrency performance of a Portal authentication system is optimized.

Description

A kind of authentication control method and device
Technical field
The application is related to network communication technology field, more particularly to a kind of authentication control method and device.
Background technology
Portal (door) certification is also commonly referred to as Web (webpage) certification, i.e., receive the use of user input by Web page Name in an account book and password, carry out authentication to user, access, to user, the purpose being controlled to reach.Recognize Portal is employed In the network environment (referred to herein as Portal networking) of card, when user is needed using customizing messages in the Internet, it is necessary to Portal certification is carried out, only certification is by rear equipment or the resource that can just use in these the Internets.
Content of the invention
The application provides a kind of authentication control method and device, to solve the user of authentification failure in existing Portal networking The certification Portal server load that cause excessive problem is initiated repeatedly.
According to the embodiment of the present application in a first aspect, a kind of authentication control method is provided, door Portal networking is applied to In Portal server, methods described includes:
When the authentification failure message for target terminal user is received, to Broadband Remote Access Server BRAS equipment The first notification message is sent, in first notification message, carries the targeted internet protocol IP ground of the target terminal user Location and the first preset duration, so that it is described that the BRAS equipment is refused in first preset duration to forward source IP address The Portal authentication request packet of target ip address.
According to the second aspect of the embodiment of the present application, a kind of authentication control method is provided, be applied to door Portal networking In Broadband Remote Access Server BRAS equipment, methods described includes:
The first notification message of Portal server transmission is received, in first notification message, carries targeted customer's end The targeted internet Protocol IP address at end and the first preset duration;
When receiving source IP address for institute in first preset duration after first notification message is received State target ip address Portal authentication request packet when, refusal the Portal authentication request packet is forwarded.
According to the third aspect of the embodiment of the present application, a kind of authentication control device is provided, be applied to door Portal networking In Portal server, described device includes:Receiving unit and transmitting element;Wherein:
The transmitting element, for receiving the authentification failure message for target terminal user when the receiving unit When, the first notification message being sent to Broadband Remote Access Server BRAS equipment, carries described in first notification message The targeted internet Protocol IP address of target terminal user and the first preset duration, so that the BRAS equipment is described first In preset duration, refusal forwards the Portal authentication request packet that source IP address is the target ip address.
According to the fourth aspect of the embodiment of the present application, a kind of authentication control device is provided, be applied to door Portal networking In Broadband Remote Access Server BRAS equipment, described device includes:Receiving unit and transmitting element;Wherein:
The receiving unit, for receiving the first notification message of Portal server transmission, first notification message In carry targeted internet Protocol IP address and first preset duration of target terminal user;
The transmitting element, for when the receiving unit after first notification message is received described first When receiving the Portal authentication request packet that source IP address is the target ip address in preset duration, refuse to the Portal Authentication request packet is forwarded.
Application the embodiment of the present application, when the authentification failure message for target terminal user is received, to BRAS equipment Send the first notification message, carry in first notification message target ip address of target terminal user and first default when Long, so that BRAS equipment is refused in the first preset duration to forward source IP address for the Portal certification request report of target ip address Text, it is to avoid target terminal user initiates the Portal server load that certification causes after authentification failure, still repeatedly again Excessive, the situation in turn resulting in network impairment occurs, and reduces the load of Portal server, optimizes portal certification system Concurrency performance.
Description of the drawings
Fig. 1 is a kind of schematic flow sheet of authentication control method that the embodiment of the present application is provided;
Fig. 2 is the schematic flow sheet of another kind of authentication control method that the embodiment of the present application is provided;
Fig. 3 is a kind of schematic flow sheet of authentication control method that the embodiment of the present application is provided;
Fig. 4 is a kind of structural representation of authentication control device that the embodiment of the present application is provided;
Fig. 5 is the structural representation of another kind of authentication control device that the embodiment of the present application is provided;
Fig. 6 is a kind of structural representation of authentication control device that the embodiment of the present application is provided;
Fig. 7 is the structural representation of another kind of authentication control device that the embodiment of the present application is provided.
Specific embodiment
In current portal networking, after user's portal authentification failure, user can initiate certification repeatedly again. This can bring expense to portal server, and bring concurrency conflict, in the case that number of users is relatively more, when user repeatedly When initiating certification, Portal server response speed may not catch up with, and then may result in network impairment.
In order that those skilled in the art more fully understand the technical scheme in the embodiment of the present application, and make the application reality Apply the above-mentioned purpose of example, feature and advantage can become apparent from understandable, below in conjunction with the accompanying drawings to technical side in the embodiment of the present application Case is described in further detail.
Fig. 1 is referred to, is that the embodiment of the present application provides a kind of schematic flow sheet of authentication control method, wherein, this is recognized Card control method can apply to the Portal server in Portal networking, as shown in figure 1, the authentication control method can be wrapped Include following steps:
Step 101, when the authentification failure message for target terminal user is received, to BRAS equipment send first lead to Know message, target ip address and first preset duration of target terminal user in first notification message, is carried, so that BRAS equipment is refused in the first preset duration to forward source IP address for the Portal authentication request packet of target ip address.
In the embodiment of the present application, it is contemplated that in existing Portal networking, after user authentication failure, still can weigh repeatedly New initiate certification, in the case that number of users is relatively more, it is excessive to may result in Portal server burden, and then causes net Network deteriorates, thus, in order to optimize the concurrency performance of portal certification system, when Portal server determines user authentication failure When, the certification that the user of the authentification failure initiates again can be controlled by access device.
Correspondingly, in the embodiment of the present application, when target terminal user in certificate server (as AAA (Authentication, Authorization, Accounting, checking, authorization and accounting) server) place's authentification failure when, Certificate server is notified that BRAS equipment target terminal user authentification failure, and then, BRAS equipment can be to Portal server Send the authentification failure message for target terminal user.
When Portal server receives the authentification failure message for target terminal user, Portal server can be to Equipment dispatch order message is (herein for BRAS (Broadband Remote Access Server, Broadband Remote Access Server) In be referred to as the first notification message), first notification message is used for notifying BRAS equipment to preset in receive that the message rises first Forbid in duration forwarding source IP address for the Portal authentication request packet of target ip address;Wherein, in first notification message IP (Internet Protocol, Internet protocol) address and the first preset duration for carrying target terminal user is (permissible Set according to actual scene, such as 10 minutes, 20 minutes etc.).
Correspondingly, when BRAS equipment receives first notification message, carrying in first notification message can be obtained Target ip address and the first preset duration, and refuse in first preset duration to forward source IP address for the target ip address Portal authentication request packet.
In the one of embodiment of the application, the first notification message is sent to BRAS equipment, can include:
The AFF_ACK_AUTH message after extension, above-mentioned target ip address and the first preset duration are sent to BRAS equipment Carry newly-increased TLV (Type, Length, Value, type, the length, value) field in AFF_ACK_AUTH message after expansion In.
In this embodiment, can (Portal server be sent to equipment to existing AFF_ACK_AUTH message Certification back message) it is extended, two TLV fields are increased newly in original AFF_ACK_AUTH message, one of them increases newly TLV field is used for carrying above-mentioned target ip address, and another newly-increased TLV field is used for carrying above-mentioned first preset duration.
For example, when the authentication fails, the form of former AFF_ACK_AUTH message:
Type:0x07
AttrNum (property value) field:No
Form after extension:
AttrNum:0x03, fills 2 attributes, in last attr position, increases 2 TLV fields newly:
First TLV field fills the first preset duration.
Second TLV fills target ip address.
Wherein, the concrete handling process after BRAS equipment receives the first notification message may refer to method shown in Fig. 3 Associated description in flow process, the embodiment of the present application will not be described here.
Further, as a kind of optional embodiment, in the embodiment of the present application, when Portal server is received For target terminal user authentification failure message when, can also carry out following operation:
Second notification message is sent to target terminal user, carry in the second notification message above-mentioned first default when Long.
In this embodiment, in order to avoid user, during certification is forbidden, the repeated multiple times initiation certification of user cannot Response causes Consumer's Experience excessively poor, when Portal server receives the authentification failure message for target terminal user, Portal server can also be used to target in addition to it can send the first notification message according to above-mentioned flow process to BRAS equipment Family terminal sends a notification message (referred to herein as second notification message), to notify target terminal user to forbid targeted customer end End carries out the duration of Portal certification.
After target terminal user receives second notification message, the first preset duration for wherein carrying can be showed use Family, so as to user can receive target terminal user receive second notification message when from the first preset duration in no longer send out Play Portal certification, it is to avoid initiating repeatedly certification during this period cannot respond, and improve Consumer's Experience.
Further, the reason for target terminal user authentification failure can also being carried in above-mentioned second notification message, with Just the reason for user clearly can know authentification failure, to improve Consumer's Experience further.
In the one of embodiment of the application, above-mentioned to target terminal user transmission second notification message, can include:
The CODE_PP_LOGIN_RESPONSE message after extension is sent to target terminal user, wherein, above-mentioned certification is lost The reason for losing and the first preset duration carry the attribute of CODE_PP_LOGIN_RESPONSE message after expansion In (attribute) field.
In this embodiment, Portal server can be to existing CODE_PP_LOGIN_RESPONSE message (the certification back message that Portal server is sent to user terminal) is extended, in the attribute field of the message Carry authentification failure reason and above-mentioned first preset duration for target terminal user.
Correspondingly, when target terminal user receives the CODE_PP_LOGIN_RESPONSE message after the extension, permissible Obtain the authentification failure reason for carrying in the attribute field of the CODE_PP_LOGIN_RESPONSE message and first pre- If duration, target terminal user can know authentification failure reason, and not initiate Portal certification in the first preset duration.
It can be seen that, in the method flow shown in Fig. 1, received for target terminal user by Portal server Send to BRAS equipment during authentification failure message and carry the of the target ip address of target terminal user and the first preset duration One notification message, during so that BRAS equipment receiving first notification message, refuses forwarding source IP ground in the first preset duration Location is the Portal authentication request packet of target ip address, it is to avoid target terminal user is still weighed after authentification failure repeatedly The Portal server load that new initiation certification causes is excessive, and the situation in turn resulting in network impairment occurs, and optimizes Portal The concurrency performance of Verification System.
Fig. 2 is referred to, is the schematic flow sheet that the embodiment of the present application provides another kind of authentication control method, wherein, should Authentication control method can apply to the Portal server in Portal networking, as shown in Fig. 2 the authentication control method is permissible Comprise the following steps:
Step 201, when the authentification failure message for target terminal user is received, judge currently whether to meet default Trigger condition.If so, step 202 is gone to;Otherwise, processed according to existing Portal identifying procedure.
In the embodiment of the present application, it is contemplated that when Portal server is more busy or Portal networking in ask certification When user terminal quantity is more, if the user terminal of authentification failure is initiated again repeatedly certification and may result in Portal server Load is excessive, and brings concurrency conflict;And work as the user that certification is asked in Portal server more idle or Portal networking When terminal quantity is less, then asking of may bringing of certification can be initiated again repeatedly without the user terminal of consideration authentification failure Topic, therefore, it is possible to the condition for presetting the certification control program provided by triggering the embodiment of the present application (is referred to herein as preset Trigger condition), and when preset trigger condition is met, processed according to the certification control program shown in Fig. 1, otherwise, according to Existing Portal identifying procedure is processed.
In the embodiment of the present application, above-mentioned preset trigger condition can be included but is not limited to:Current time belongs to Preset Time Scope or generation predeterminable event.Wherein, the predeterminable event can including but not limited to be initiated the user terminal quantity of certification and be exceeded Authentication request packet quantity in predetermined threshold value, Approval Queue exceedes predetermined threshold value etc..
For example, so that preset trigger condition belongs to preset time range for current time as an example, can count each in advance Time period initiates the quantity of the user terminal of certification, and it is (permissible to exceed predetermined threshold value according to the user terminal quantity for initiating certification According to actual scene set) time period arrange preset time range, for example, it is assumed that every afternoon 3:00~4:00 initiates certification User terminal quantity exceed predetermined threshold value, then can be by 3:00~4:00 is set to preset time range.
Correspondingly, when Portal server receives the authentification failure message for target terminal user, it can be determined that Whether current time is in preset time range, if being in, enters according to the relevant treatment mode in the method flow shown in Fig. 1 Row is processed;Otherwise, processed according to existing Portal authentication processing flow process.
Again for example, so that the quantity of message identifying during preset trigger condition is as Approval Queue exceedes threshold value as an example, when When Portal server receives the authentification failure message for target terminal user, it can be determined that recognizing in current authentication queue Whether card message amount exceedes predetermined threshold value, if exceeding, carries out according to the relevant treatment mode in the method flow shown in Fig. 1 Process;Otherwise, processed according to existing Portal authentication processing flow process.
Step 202, to BRAS equipment send the first notification message, carry target terminal user in first notification message Target ip address and the first preset duration so that it is mesh that BRAS equipment refusal in the first preset duration forwards source IP address The Portal authentication request packet of mark IP address.
In the embodiment of the present application, the correlation that may refer in method flow shown in above-mentioned Fig. 1 that implements of step 202 is retouched State, the embodiment of the present application will not be described here.
Wherein, in this embodiment, Portal server receives the authentification failure message for target terminal user, and When determination currently meets preset trigger condition, second notification message, its concrete processing stream can also be sent to target terminal user Journey may refer to the associated description in the method flow described by Fig. 1, and the embodiment of the present application will not be described here.
Step 203, processed according to existing Portal identifying procedure.
In the embodiment of the present application, when Portal server determination is currently unsatisfactory for preset trigger condition, directly can press Being processed according to existing Portal authentication processing flow process, such as AFF_ACK_AUTH message (extension) is sent to BRAS equipment respectively And to target terminal user send CODE_PP_LOGIN_RESPONSE message (extension), its implement here do not do superfluous State.
It can be seen that, in the method flow shown in Fig. 2, by Shen in the more busy or Portal networking of Portal server When the user terminal quantity that please authenticate is more, the certification that is initiated after user end certification failure again is controlled, it is to avoid The Portal server load that after user end certification failure, still initiation certification causes again repeatedly is excessive, and takes in Portal In the more idle or Portal networking of business device during the user terminal negligible amounts of application authentication, user end certification mistake is still allowed for Certification is initiated after losing again, in the case that Portal server load is allowed, it is allowed to which user terminal is repeatedly authenticated, one Determine in degree, to improve probability of the user terminal by certification.
Fig. 3 is referred to, is a kind of schematic flow sheet of authentication control method that the embodiment of the present application is provided, wherein, this is recognized The BRAS equipment that card control method can apply in Portal networking, as shown in figure 3, the authentication control method can include with Lower step:
Step 301, the first notification message of reception Portal server transmission, carry target in first notification message The target ip address of user terminal and the first preset duration.
In the embodiment of the present application, Portal server can to the flow process that implements of BRAS equipment the first notification message of transmission So that referring to the associated description in method flow shown in Fig. 1 or Fig. 2, the embodiment of the present application will not be described here.
Step 302, when receiving source IP address in the first preset duration after the first notification message is received for mesh During the Portal authentication request packet of mark IP address, refusal is forwarded to the Portal authentication request packet.
In the embodiment of the present application, when BRAS equipment receives the first notification message of Portal server transmission, BRAS Equipment can record the target ip address for carrying in first notification message.When BRAS equipment is receiving first notification message In the first preset duration afterwards, receive source IP address for self record target ip address authentication request packet when, BRAS equipment will not be forwarded to the Portal authentication request packet.
In one embodiment of the application, when reception in the first preset duration after the first notification message is received During to the Portal authentication request packet that source IP address is the target ip address, refusal enters to the Portal authentication request packet Row is forwarded, and can be included:
When the first notification message is received, Portal Fail (failure) list item for target ip address is set up, should The online hours of Portal Fail list item are above-mentioned first preset duration;
Source IP address is received in the online hours of the Portal Fail list item before expiring for target ip address During Portal authentication request packet, refusal is forwarded to the Portal authentication request packet.
In this embodiment, when BRAS equipment receives the first notification message, BRAS equipment can set up one Portal Fail list item, the occurrence of the Portal Fail list item is above-mentioned target ip address, and action item can be right for refusal The Portal authentication request packet that source IP address is mated with occurrence is forwarded.Wherein, the Portal Fail list item is online Above-mentioned first preset duration of Shi Changwei, i.e., (set up the Portal Fail list item from BRAS equipment in above-mentioned first preset duration Rise), the Portal Fail list item is effective, and after first preset duration, the Portal Fail list item is invalid.
Correspondingly, when BRAS equipment receives Portal authentication request packet, BRAS equipment can be according to the Portal The source IP address of authentication request packet inquires about local Portal Fail list item, if inquiring the Portal Fail table of coupling , and the Portal Fail list item is online (i.e. effective), then refuse to forward the Portal authentication request packet;Otherwise, Do not inquire the Portal Fail list item of coupling, or the Portal Fail list item of coupling is inquired, but the Portal Fail List item is not online (i.e. invalid), then the Portal authentication request packet is forwarded.
Wherein, in order to save system resource, and the matching efficiency of Portal Fail list item is improved, when Portal Fail exists When line duration expires, BRAS equipment can delete the Portal Fail list item.
For example, by taking the AFF_ACK_AUTH message after the first notification message is above-mentioned extension as an example, work as BRAS equipment After receiving AFF_ACK_AUTH message, when Type is 0x07, and when AttrNum is 0x02, parsing increases TLV field newly, according to The target ip address for wherein carrying sets up Portal Fail list item, and arranges the Portal Fail table according to the first preset duration The online hours of item, during this period of time, BRAS equipment refusal forwards the Portal certification request report of target terminal user transmission Text, excessive so as to avoid Portal server load.
After the online hours of Portal Fail list item expire, BRAS equipment can delete the Portal list item, and then, When BRAS equipment receives the Portal authentication request packet of target terminal user transmission again, BRAS equipment can forward this Portal authentication request packet.
What deserves to be explained is, in this embodiment, when BRAS equipment is right according to the first notification message refusal for receiving During the Portal authentication request packet of target terminal user is forwarded, BRAS equipment can arrange permission targeted customer Terminal access specific resources and the bandwidth of permission.
For example, BRAS equipment generates Portal Fail list item according to the AFF_ACK_AUTH message after the extension for receiving Afterwards, predefined management strategy can also be issued for the Portal Fail list item, provides the money that target terminal user allows to access Source (as public free resource, such as printer) and the bandwidth for allowing.
By above description as can be seen that in the technical scheme that the embodiment of the present application is provided, when receiving for target During the authentification failure message of user terminal, the first notification message is sent to BRAS equipment, carry mesh in first notification message The target ip address of mark user terminal and the first preset duration, so that BRAS equipment refuses forwarding source in the first preset duration IP address is the Portal authentication request packet of target ip address, it is to avoid target terminal user after authentification failure, still instead The Portal server load that the multiple certification of initiation again causes is excessive, and the situation in turn resulting in network impairment occurs, and reduces The load of Portal server, optimizes the concurrency performance of portal certification system.
Fig. 4 is referred to, is a kind of structural representation of authentication control device that the embodiment of the present application is provided, wherein, this is recognized Card control device can apply to the Portal server in said method embodiment, as shown in figure 4, the authentication control device can To include:Receiving unit 410 and transmitting element 420;Wherein:
The transmitting element 420, for receiving the authentification failure for target terminal user when the receiving unit 410 During message, the first notification message is sent to Broadband Remote Access Server BRAS equipment, carry in first notification message The targeted internet Protocol IP address of the target terminal user and the first preset duration, so that the BRAS equipment is described In first preset duration, refusal forwards the Portal authentication request packet that source IP address is the target ip address.
Please also refer to Fig. 5, it is the structural representation of another kind of authentication control device that the embodiment of the present application is provided, such as schemes Shown in 5, on the basis of authentication control device shown in Fig. 4, the authentication control device shown in Fig. 5 also includes:Judging unit 430; Wherein:
Judging unit 430, for receiving the authentification failure message for target terminal user when the receiving unit 410 When, judge currently whether meet preset trigger condition;
Correspondingly, the transmitting element 420, can be specifically for when the judging unit 430 be judged as YES, to BRAS Equipment sends the first notification message;
Wherein, the preset trigger condition includes:
Current time belongs to preset time range or predeterminable event occurs.
In an alternative embodiment, the transmitting element 420, can be also used for being directed to when the receiving unit 410 is received During the authentification failure message of target terminal user, second notification message is sent to the target terminal user, described second notifies The reason for carrying authentification failure in message and first preset duration.
Fig. 6 is referred to, is a kind of structural representation of authentication control device that the embodiment of the present application is provided, wherein, this is recognized Card control device can apply to the BRAS equipment in said method embodiment, as shown in fig. 6, the authentication control device can be wrapped Include:Receiving unit 610 and transmitting element 620;Wherein:
The receiving unit 610, for receiving the first notification message of Portal server transmission, described first notifies to disappear Targeted internet Protocol IP address and first preset duration of target terminal user is carried in breath;
The transmitting element 620, for the institute when the receiving unit 610 after first notification message is received Stating when Portal authentication request packet that source IP address is the target ip address is received in the first preset duration, refuses to this Portal authentication request packet is forwarded.
Please also refer to Fig. 7, it is the structural representation of another kind of authentication control device that the embodiment of the present application is provided, such as schemes Shown in 7, on the basis of authentication control device shown in Fig. 6, the authentication control device shown in Fig. 7 also includes:Set up unit 630; Wherein:
Described set up unit 630, for when the receiving unit 610 receives first notification message, setting up pin Portal failure Fail list item to the target ip address, the online hours of the Portal Fail list item are pre- for described first If duration;
The transmitting element 620, specifically for when the receiving unit 610 the Portal Fail list item online when When length receives, before expiring, the Portal authentication request packet that source IP address is the target ip address, refusal is recognized to the Portal Card request message is forwarded.
In said apparatus, the process of realizing of the function of unit and effect specifically refers to corresponding step in said method Process is realized, be will not be described here.
For device embodiment, as which corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematically, wherein described as separating component The unit of explanation can be or may not be physically separate, as the part that unit shows can be or can also It is not physical location, you can be located at a place, or can also be distributed on multiple NEs.Can be according to reality Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
As seen from the above-described embodiment, when the authentification failure message for target terminal user is received, to BRAS equipment Send the first notification message, carry in first notification message target ip address of target terminal user and first default when Long, so that BRAS equipment is refused in the first preset duration to forward source IP address for the Portal certification request report of target ip address Text, it is to avoid target terminal user initiates the Portal server load that certification causes after authentification failure, still repeatedly again Excessive, the situation in turn resulting in network impairment occurs, and reduces the load of Portal server, optimizes portal certification system Concurrency performance.
Those skilled in the art will readily occur to its of the application after considering description and putting into practice invention disclosed herein Its embodiment.The application is intended to any modification, purposes or the adaptations of the application, these modifications, purposes or Person's adaptations follow the general principle of the application and including the undocumented common knowledge in the art of the application Or conventional techniques.Description and embodiments be considered only as exemplary, the true scope of the application and spirit by following Claim is pointed out.
It should be appreciated that the application is not limited to the precision architecture for being described above and being shown in the drawings, and And various modifications and changes can carried out without departing from the scope.Scope of the present application is only limited by appended claim.

Claims (10)

1. a kind of authentication control method, the Portal server being applied in door Portal networking, it is characterised in that the side Method includes:
When the authentification failure message for target terminal user is received, send to Broadband Remote Access Server BRAS equipment First notification message, carry in first notification message targeted internet Protocol IP address of the target terminal user with And first preset duration, so that it is the target that BRAS equipment refusal in first preset duration forwards source IP address The Portal authentication request packet of IP address.
2. method according to claim 1, it is characterised in that when receiving the authentification failure message for target terminal user When, before first notification message of transmission to BRAS equipment, also include:
Judge currently whether meet preset trigger condition;
If meeting, it is determined that the step of executing first notification message of transmission to BRAS equipment;
Wherein, the preset trigger condition includes:
Current time belongs to preset time range or predeterminable event occurs.
3. method according to claim 1, it is characterised in that disappear when the authentification failure for target terminal user is received During breath, methods described also includes:
Second notification message is sent to the target terminal user, carry in the second notification message described first default when Long.
4. a kind of authentication control method, the Broadband Remote Access Server BRAS equipment being applied in door Portal networking, its It is characterised by, methods described includes:
The first notification message of Portal server transmission is received, in first notification message, carries target terminal user Targeted internet Protocol IP address and the first preset duration;
It is the mesh when source IP address is received in first preset duration after first notification message is received During the Portal authentication request packet of mark IP address, refusal is forwarded to the Portal authentication request packet.
5. method according to claim 1, it is characterised in that described when after first notification message is received When receiving the Portal authentication request packet that source IP address is the target ip address in first preset duration, it is right to refuse The Portal authentication request packet is forwarded, including:
When first notification message is received, the Portal failure Fail list item for the target ip address is set up, should The online hours of Portal Fail list item are first preset duration;
It is the target ip address source IP address to be received before expiring in the online hours of the Portal Fail list item During Portal authentication request packet, refusal is forwarded to the Portal authentication request packet.
6. a kind of authentication control device, the Portal server being applied in door Portal networking, it is characterised in that the dress Put including:Receiving unit and transmitting element;Wherein:
The transmitting element, during for receiving the authentification failure message for target terminal user when the receiving unit, to Broadband Remote Access Server BRAS equipment sends the first notification message, carries target use in first notification message The targeted internet Protocol IP address of family terminal and the first preset duration, so that the BRAS equipment is when described first is default In long, refusal forwards the Portal authentication request packet that source IP address is the target ip address.
7. device according to claim 6, it is characterised in that described device also includes:
Judging unit, during for receiving the authentification failure message for target terminal user when the receiving unit, judges to work as Front whether meet preset trigger condition;
The transmitting element, specifically for when the judging unit is judged as YES, sending the first notification message to BRAS equipment;
Wherein, the preset trigger condition includes:
Current time belongs to preset time range or predeterminable event occurs.
8. device according to claim 6, it is characterised in that
The transmitting element, is additionally operable to when the receiving unit receives the authentification failure message for target terminal user, Second notification message is sent to the target terminal user, in the second notification message, carry first preset duration.
9. a kind of authentication control device, the Broadband Remote Access Server BRAS equipment being applied in door Portal networking, its It is characterised by, described device includes:Receiving unit and transmitting element;Wherein:
The receiving unit, for receiving the first notification message of Portal server transmission, takes in first notification message Targeted internet Protocol IP address and the first preset duration with target terminal user;
The transmitting element, for when the receiving unit after first notification message is received described first preset When receiving the Portal authentication request packet that source IP address is the target ip address in duration, refuse to the Portal certification Request message is forwarded.
10. device according to claim 9, it is characterised in that described device also includes:Set up unit;Wherein:
Described set up unit, for when the receiving unit receives first notification message, set up and be directed to the target The Portal failure Fail list item of IP address, the online hours of the Portal Fail list item are first preset duration;
The transmitting element, specifically for connecing before the online hours of the Portal Fail list item expire when the receiving unit When receiving the Portal authentication request packet that source IP address is the target ip address, refuse to the Portal authentication request packet Forwarded.
CN201611020826.XA 2016-11-18 2016-11-18 Authentication control method and device Pending CN106453119A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611020826.XA CN106453119A (en) 2016-11-18 2016-11-18 Authentication control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611020826.XA CN106453119A (en) 2016-11-18 2016-11-18 Authentication control method and device

Publications (1)

Publication Number Publication Date
CN106453119A true CN106453119A (en) 2017-02-22

Family

ID=58221030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611020826.XA Pending CN106453119A (en) 2016-11-18 2016-11-18 Authentication control method and device

Country Status (1)

Country Link
CN (1) CN106453119A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547321A (en) * 2017-06-28 2018-01-05 新华三技术有限公司 Message processing method, device, associated electronic device and readable storage medium storing program for executing
CN107733931A (en) * 2017-11-30 2018-02-23 新华三技术有限公司 Portal authentication method, device and portal server
CN109040046A (en) * 2018-07-25 2018-12-18 新华三技术有限公司 network access method and device

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100550739C (en) * 2007-02-14 2009-10-14 华为技术有限公司 A kind of method, system and routing device of initiating authentication request for user terminal
CN102196434A (en) * 2010-03-10 2011-09-21 中国移动通信集团公司 Authentication method and system for wireless local area network terminal
CN102333081A (en) * 2011-08-03 2012-01-25 北京星网锐捷网络技术有限公司 Authentication method, equipment and system
WO2012130041A1 (en) * 2011-03-29 2012-10-04 中兴通讯股份有限公司 Method and system for network resource sharing
CN102821152A (en) * 2012-08-08 2012-12-12 许继集团有限公司 Information interaction method for family intelligent interaction terminal
CN103209159A (en) * 2012-01-13 2013-07-17 中国电信股份有限公司 Portal authentication method and system
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
CN104104516A (en) * 2014-07-30 2014-10-15 杭州华三通信技术有限公司 Portal authentication method and device
US20150287106A1 (en) * 2014-04-08 2015-10-08 Centurylink Intellectual Property Llc Captive Portal Service Offerings
CN105635148A (en) * 2015-12-30 2016-06-01 杭州华三通信技术有限公司 Portal authentication method and apparatus
CN105791036A (en) * 2014-12-15 2016-07-20 中国移动通信集团吉林有限公司 AP access detection method and device
CN105848149A (en) * 2016-05-13 2016-08-10 上海斐讯数据通信技术有限公司 Wireless local area network safety authentication method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100550739C (en) * 2007-02-14 2009-10-14 华为技术有限公司 A kind of method, system and routing device of initiating authentication request for user terminal
CN102196434A (en) * 2010-03-10 2011-09-21 中国移动通信集团公司 Authentication method and system for wireless local area network terminal
WO2012130041A1 (en) * 2011-03-29 2012-10-04 中兴通讯股份有限公司 Method and system for network resource sharing
CN102333081A (en) * 2011-08-03 2012-01-25 北京星网锐捷网络技术有限公司 Authentication method, equipment and system
CN103209159A (en) * 2012-01-13 2013-07-17 中国电信股份有限公司 Portal authentication method and system
CN102821152A (en) * 2012-08-08 2012-12-12 许继集团有限公司 Information interaction method for family intelligent interaction terminal
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
US20150287106A1 (en) * 2014-04-08 2015-10-08 Centurylink Intellectual Property Llc Captive Portal Service Offerings
CN104104516A (en) * 2014-07-30 2014-10-15 杭州华三通信技术有限公司 Portal authentication method and device
CN105791036A (en) * 2014-12-15 2016-07-20 中国移动通信集团吉林有限公司 AP access detection method and device
CN105635148A (en) * 2015-12-30 2016-06-01 杭州华三通信技术有限公司 Portal authentication method and apparatus
CN105848149A (en) * 2016-05-13 2016-08-10 上海斐讯数据通信技术有限公司 Wireless local area network safety authentication method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547321A (en) * 2017-06-28 2018-01-05 新华三技术有限公司 Message processing method, device, associated electronic device and readable storage medium storing program for executing
CN107547321B (en) * 2017-06-28 2021-05-14 新华三技术有限公司 Message processing method and device, related electronic equipment and readable storage medium
CN107733931A (en) * 2017-11-30 2018-02-23 新华三技术有限公司 Portal authentication method, device and portal server
CN107733931B (en) * 2017-11-30 2021-03-09 新华三技术有限公司 Portal authentication method and device and portal server
CN109040046A (en) * 2018-07-25 2018-12-18 新华三技术有限公司 network access method and device
CN109040046B (en) * 2018-07-25 2021-01-26 新华三技术有限公司 Network access method and device

Similar Documents

Publication Publication Date Title
CN108476165B (en) Information interaction method, client and device
US8769262B2 (en) VPN connection system and VPN connection method
CN103874069B (en) A kind of wireless terminal MAC authentication devices and method
CN103401884A (en) Authentication method and system for public wireless environment Internet access based on micro message
JP2015511409A5 (en)
CN108183950A (en) A kind of network equipment establishes the method and device of connection
EP2605460A1 (en) Method, apparatus, and system for transferring file to user of instant message system
CN102801644B (en) Method and device for blocking mail behavior and gateway
US10951616B2 (en) Proximity-based device authentication
CN106453119A (en) Authentication control method and device
CN105165035B (en) Have both the multimedia message transmission of text message transmission
CN114071791A (en) User plane function information reporting method, access network equipment and core network equipment
CN114389890B (en) User request proxy method, server and storage medium
KR100842868B1 (en) Spam short message blocking system using call back short message and spam short message blocking method using the same
US20080268883A1 (en) Spam short message blocking system using a call back short message and a method thereof
CN107659903A (en) The method and system opened automatically for realizing VoLTE business
CN105812380A (en) Verification method and device
US10581979B2 (en) Information transmission method and apparatus
EP3313039A1 (en) Home gateway, communication management method and communication system thereof
CN109743329B (en) Account processing method and device
CN106385516A (en) Business transfer setting method, device and terminal
WO2017092403A1 (en) Control method and device for group network access
CN104917730B (en) A kind of method for authenticating and system, authentication server
CN112153580A (en) Method, equipment and system for setting MCPTT group
KR102148189B1 (en) Apparatus and method for protecting malicious site

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222