CN107547501A - Identity identifying method and device - Google Patents

Identity identifying method and device Download PDF

Info

Publication number
CN107547501A
CN107547501A CN201710382146.0A CN201710382146A CN107547501A CN 107547501 A CN107547501 A CN 107547501A CN 201710382146 A CN201710382146 A CN 201710382146A CN 107547501 A CN107547501 A CN 107547501A
Authority
CN
China
Prior art keywords
client
address
bras
mapping
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710382146.0A
Other languages
Chinese (zh)
Other versions
CN107547501B (en
Inventor
肖湘光
程臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710382146.0A priority Critical patent/CN107547501B/en
Publication of CN107547501A publication Critical patent/CN107547501A/en
Application granted granted Critical
Publication of CN107547501B publication Critical patent/CN107547501B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This disclosure relates to a kind of identity identifying method and device.This method is applied in BRAS, including:It is three layers of connection between BRAS and client, and in the case that client meets authentication condition, obtain client sends the client ip address carried in message;Obtain the mapping pair of client ip address and MAC Address from Dynamic Host Configuration Protocol server;Based on IP address and mapping pair, the MAC Address of client is obtained.Embodiment of the disclosure can obtain client and send the client ip address carried in message, and the mapping based on IP address and MAC Address is to the MAC Address of acquisition client, so as to carry out MAC authentications automatically, avoid user from being manually entered authentication information, realize unaware certification during user's online.

Description

Identity identifying method and device
Technical field
This disclosure relates to communication technical field, more particularly to a kind of identity identifying method and device.
Background technology
With the continuous development in internet (Internet) market, people are to the demand of communication from traditional phone, biography Very, the Low-rate traffic such as telegram gradually prolongs the broadband business scope such as the Internet accesses to high speed, videophone, video request program Stretch, user can not to the demand more and more higher of speed of surfing the Internet, the low speed network access of conventional dial modem (Modem) Meet user's request.At the same time, it is linked into that the user of Metropolitan Area Network (MAN) is more and more, the business demand of user also increasingly expands, wide The development trend to multiple service supporting net direction is faced with Metropolitan Area Network (MAN).
In this case, employ in the related art BRAS (Broadband Remote Access Server, it is wide Leased line service device), to be verified to the legitimacy that user accesses, accessing user is effectively managed, to user The business used is managed and controlled.BRAS has flexible access authentication mode, effective address management function, powerful Subscriber management function, and can provide and enrich flexible business and control function, combined with other communication products, you can carry For the broadband metropolitan area network solution of one " can manage, can run, profitable ".Wherein, Portal realizes BRAS functions One of technology, Portal certifications can receive the authentication information (such as username and password) of user's input by Web page, right User carries out authentication, so as to implement access control in Access Layer and need critical data porch to be protected.
The content of the invention
In view of this, the present disclosure proposes a kind of identity identifying method.
According to the one side of the disclosure, there is provided a kind of identity identifying method, methods described are applied to broadband inserting service In device BRAS, including:
It is three layers of connection between BRAS and client, and in the case that the client meets authentication condition, obtains Take the client sends the client ip address carried in message;
Obtain the mapping pair of the client ip address and MAC Address from Dynamic Host Configuration Protocol server;
Based on the IP address and the mapping pair, the MAC Address of the client is obtained.
According to another aspect of the present disclosure, there is provided a kind of identity identifying method, methods described are applied to Dynamic Host Configuration Protocol server In, including:
In response to the client ip address distribution request from BAS Broadband Access Server BRAS, IP is distributed for the client Address;
In the case of for client into distribution of work IP address, by the mapping pair of the client ip address and MAC Address BRAS is sent to, so that MAC Address of the BRAS based on the mapping to the acquisition client.
According to another aspect of the present disclosure, there is provided a kind of identification authentication system, described device take applied to broadband access It is engaged in device BRAS, including:
IP address acquisition module, for being three layers of connection between BRAS and client, and the client meets identity In the case of authentication condition, obtain the client sends the client ip address carried in message;
Mapping is to acquisition module, for obtaining reflecting for the client ip address and MAC Address from Dynamic Host Configuration Protocol server Penetrate pair;
MAC Address acquisition module, for based on the IP address and the mapping pair, obtaining the MAC of the client Address.
According to another aspect of the present disclosure, there is provided a kind of identification authentication system, described device are applied to Dynamic Host Configuration Protocol server In, including:
Address assignment module, in response to the client ip address distribution request from BAS Broadband Access Server BRAS, IP address is distributed for the client;
Mapping to sending module, for for client into distribution of work IP address in the case of, by the client ip The mapping of location and MAC Address is to being sent to BRAS, so that the BRAS is based on the MAC mapped to obtaining the client Location.
Can be three layers of connection between BRAS and client according to the identity identifying method and device of the embodiment of the present disclosure And client obtains client and sends the client ip address carried in message when meeting authentication condition, and based on visitor The mapping of family end IP address and MAC Address, so as to carry out MAC ID authentication requests automatically, is kept away the MAC Address of acquisition client Exempt from user and be manually entered authentication information, realize unaware certification during user's online.
According to below with reference to the accompanying drawings becoming to detailed description of illustrative embodiments, the further feature and aspect of the disclosure It is clear.
Brief description of the drawings
Comprising in the description and the accompanying drawing of a part for constitution instruction and specification together illustrate the disclosure Exemplary embodiment, feature and aspect, and for explaining the principle of the disclosure.
Fig. 1 is a kind of flow chart of identity identifying method according to an exemplary embodiment.
Fig. 2 is a kind of schematic diagram of the application scenarios of identity identifying method according to an exemplary embodiment.
Fig. 3 is a kind of flow chart of identity identifying method according to an exemplary embodiment.
Fig. 4 is a kind of flow chart of the step 12 of identity identifying method according to an exemplary embodiment.
Fig. 5 is a kind of flow chart of identity identifying method according to an exemplary embodiment.
Fig. 6 is a kind of flow chart of identity identifying method according to an exemplary embodiment.
Fig. 7 is a kind of block diagram of identification authentication system according to an exemplary embodiment.
Fig. 8 is a kind of block diagram of identification authentication system according to an exemplary embodiment.
Fig. 9 is a kind of block diagram of identification authentication system according to an exemplary embodiment.
Embodiment
Describe various exemplary embodiments, feature and the aspect of the disclosure in detail below with reference to accompanying drawing.It is identical in accompanying drawing Reference represent the same or analogous element of function.Although the various aspects of embodiment are shown in the drawings, remove Non-specifically point out, it is not necessary to accompanying drawing drawn to scale.
Special word " exemplary " is meant " being used as example, embodiment or illustrative " herein.Here as " exemplary " Illustrated any embodiment should not necessarily be construed as preferred or advantageous over other embodiments.
In addition, in order to better illustrate the disclosure, numerous details is given in embodiment below. It will be appreciated by those skilled in the art that without some details, the disclosure can equally be implemented.In some instances, for Method, means, element and circuit well known to those skilled in the art are not described in detail, in order to highlight the purport of the disclosure.
Fig. 1 is a kind of flow chart of identity identifying method according to an exemplary embodiment.The identity of the embodiment Authentication method can be applied in BAS Broadband Access Server BRAS.As shown in figure 1, this method includes:
Step S11, it is three layers of connection between BRAS and client, and the client meets the feelings of authentication condition Under condition, obtain the client sends the client ip address carried in message;
Step S12, obtain the mapping pair of the client ip address and MAC Address from Dynamic Host Configuration Protocol server;
Step S13, based on the IP address and the mapping pair, obtain the MAC Address of the client.
In accordance with an embodiment of the present disclosure, it can meet that identity is recognized between BRAS and client for three layers of connection and client During card condition, obtain client and send the client ip address carried in message, and be based on client ip address and MAC Address Mapping to obtain client MAC Address, so as to automatically carry out MAC ID authentication requests, avoid user from being manually entered certification Information, realize unaware certification during user's online.When can reduce unaware plan implementation in accordance with an embodiment of the present disclosure Networking requirement between Authentication Client and BRAS, compatible two layers of networking connection are connected with three layers of networking so that plan implementation is more Easily, so as to improving the experience of user.
Fig. 2 is a kind of schematic diagram of the application scenarios of identity identifying method according to an exemplary embodiment.Such as Fig. 2 Shown, BAS Broadband Access Server BRAS 22 can be with DHCP (Dynamic Host Configuration Protocol, dynamic Host configuration) the foundation communication connection of server 25.Wherein, Dynamic Host Configuration Protocol server 25 is used to dynamically distribute IP for the network equipment The network configuration parameters such as address.Dynamic Host Configuration Protocol server 25 uses client/server communication pattern, is proposed by user end to server The application of request distribution network configuration parameters, server is returned as the configuration informations such as the IP address of client distribution, to realize IP The dynamic configuration of the information such as address.Wherein, Dynamic Host Configuration Protocol server 25 can also be built-in DHCP service program on BRAS 22 or from The nearest DHCP relay of client (DHCP relay), the disclosure is not restricted to this.
Fig. 3 is a kind of flow chart of identity identifying method according to an exemplary embodiment.The identity of the embodiment Authentication method can be applied in BAS Broadband Access Server BRAS.As shown in figure 3, this method also includes:
Step S14, in response to the network communication requests of client, to Dynamic Host Configuration Protocol server application IP address;
Step S15, in the case of successful to Dynamic Host Configuration Protocol server application IP address, locally preserved from described in BRAS The mapping pair of the client ip address and MAC Address of Dynamic Host Configuration Protocol server,
Wherein, step 12 may include:The mapping pair is locally read from BRAS.
For example, when user accesses network by client 21, client 21 can initiate network communication requests.Ring It should can apply for the IP address of client 21 to Dynamic Host Configuration Protocol server 25 in the network communication requests of client 21, BRAS 22.Example Such as, according to the access information (such as interface) of client 21, BRAS22 can be found and 21 corresponding domain of client (domain);According to domain corresponding to client 21, BRAS22 can find corresponding Dynamic Host Configuration Protocol server 25, so as to from IP address of the application of Dynamic Host Configuration Protocol server 25 to client 21.
It is client 21 into after distribution of work IP address in Dynamic Host Configuration Protocol server 25 in wherein a kind of implementation, DHCP clothes Business device 25 can record the mapping pair of the IP address of client 21 and the MAC Address of client 21, also, Dynamic Host Configuration Protocol server 25 can With by the mapping to being sent to BRAS 22.BRAS 22 can according to the configuration of itself, check Dynamic Host Configuration Protocol server 25 whether be with The Dynamic Host Configuration Protocol server in domain corresponding to client 21.If Dynamic Host Configuration Protocol server 25 is the DHCP service with 21 corresponding domain of client Device, then BRAS 22 can be in the locally mapping pair of preservation from Dynamic Host Configuration Protocol server 25;If Dynamic Host Configuration Protocol server 25 is not and visitor The Dynamic Host Configuration Protocol server in domain corresponding to family end 21, then it can abandon message of the mapping to place.So, client can only be preserved The mapping pair that the Dynamic Host Configuration Protocol server in the domain corresponding to 21 is sent, reduce storage pressure.
In wherein a kind of implementation, reach certain threshold value within a certain period of time in the network access traffic of client 21 When, it is believed that client 21 meets authentication condition, can carry out authentication to client 21.BRAS 22 can be obtained Take the MAC Address of client 21, so as to the MAC Address based on client 21 to AAA (Authentication, Authorization, Accounting, certification, mandate, charging) the initiation MAC ID authentication requests of certificate server 24.Wherein, Aaa authentication server 24 provides three kinds of certification, mandate, charging network security management functions.Certification:Confirm to access the remote of network The identity of journey user, judge whether visitor is the legal network user;Authorize:Different authorities, limit are assigned to different user The service that user processed can use.For example, keeper authorizes office users the file in server could to be conducted interviews and be beaten Print operation, and other temporary visitors do not possess this authority;Charging:Record user uses all operations in network service procedure, Including the use of service type, initial time, data traffic etc., for collecting and recording use feelings of the user to Internet resources Condition, and the accounting requirements for time, flow can be realized, monitoring effect is also played to network.
In wherein a kind of implementation, if being three layers of connection between BRAS 22 and client 21, client 21 The MAC Address that SMAC addresses in message are upper level router is sent, the MAC for leading to not directly to find client 21 Location;And the sip address sent in message of client 21 is the IP address of client 21.Therefore, BRAS 22 can obtain visitor Family end 21 sends the IP address (sip address) of the client 21 carried in message.So, BRAS 22 can reflect from local reading Penetrate pair, and the IP address based on client 21 is to mapping to searching, it is possible to find the MAC Address of client 21.
In wherein a kind of implementation, the MAC authentications from BRAS 22 are received in aaa authentication server 24 During request, it can be determined that whether the MAC Address of client 21 is the MAC Address bound with user authentication information.If client The MAC Address at end 21 is the MAC Address bound with user authentication information, then can inform BRAS 22MAC ID authentication requests It can be let pass the network communication requests of client 21 by, BRAS 22, user can normally be surfed the Net by client 21.
By way of the embodiment of the present disclosure, the client ip address from Dynamic Host Configuration Protocol server can be locally preserved in BRAS With the mapping pair of MAC Address, based on IP address and mapping to the MAC Address of acquisition client, recognize to carry out MAC identity Card, avoids user's input authentication information, unaware certification during user's online is realized, so as to lift Consumer's Experience.
Conversely, when carrying out authentication according to correlation technique, client ip address and MAC Address are not stored in BRAS Mapping pair, therefore between BRAS and client for three layers connection when, BRAS can not get the MAC Address of client, lead The failure of MAC ID authentication requests is caused, user needs input authentication information, can not realize unaware certification, cause Consumer's Experience to become Difference.
Fig. 4 is a kind of flow chart of the step 12 of identity identifying method according to an exemplary embodiment.The implementation The identity identifying method of example can be applied in BAS Broadband Access Server BRAS.As shown in figure 4, step 12 may include:
Step S121, the inquiry request of the mapping pair of the client ip address and MAC Address is sent to Dynamic Host Configuration Protocol server;
Step S122, receive the mapping pair from the Dynamic Host Configuration Protocol server.
For example, when user accesses network by client 21, client 21 can initiate network communication requests.Ring It should can apply for the IP address of client 21 to Dynamic Host Configuration Protocol server 25 in the network communication requests of client 21, BRAS 22.Example Such as, according to the access information (such as interface) of client 21, BRAS22 can be found and 21 corresponding domain of client (domain);According to domain corresponding to client 21, BRAS22 can find corresponding Dynamic Host Configuration Protocol server 25, so as to from IP address of the application of Dynamic Host Configuration Protocol server 25 to client 21.
It is client 21 into after distribution of work IP address in Dynamic Host Configuration Protocol server 25 in wherein a kind of implementation, DHCP clothes Business device 25 can record the mapping pair of the IP address of client 21 and the MAC Address of client 21, but not by the mapping to sending To BRAS 22.
In wherein a kind of implementation, reach certain threshold value within a certain period of time in the network access traffic of client 21 When, it is believed that client 21 meets authentication condition, can carry out authentication to client 21.BRAS 22 can be obtained The MAC Address of client 21 is taken, so that the MAC Address based on client 21 initiates MAC authentications to aaa authentication server 24 Request.
In wherein a kind of implementation, if being three layers of connection between BRAS 22 and client 21, client 21 The MAC Address that SMAC addresses in message are upper level router is sent, the MAC for leading to not directly to find client 21 Location;And the sip address sent in message of client 21 is the IP address of client 21.Therefore, BRAS 22 can obtain visitor Family end 21 sends the IP address (sip address) of the client 21 carried in message, also, sends client to Dynamic Host Configuration Protocol server 24 The inquiry request of the mapping pair of IP address and MAC Address.
In wherein a kind of implementation, Dynamic Host Configuration Protocol server 25, can be to BRAS in response to BRAS 22 inquiry request 22 send the mapping pair of client ip address and MAC Address.BRAS 22 can be based on client 21 when receiving mapping pair IP address, to the mapping from Dynamic Host Configuration Protocol server 25 to carrying out lookup matching, it is possible to matching the MAC of client 21 Location.
In wherein a kind of implementation, the MAC authentications from BRAS 22 are received in aaa authentication server 24 During request, it can be determined that whether the MAC Address of client 21 is the MAC Address bound with user authentication information.If client The MAC Address at end 21 is the MAC Address bound with user authentication information, then can inform BRAS 22MAC ID authentication requests It can be let pass the network communication requests of client 21 by, BRAS 22, user can normally be surfed the Net by client 21.
By way of the embodiment of the present disclosure, mapping pair can be sent to Dynamic Host Configuration Protocol server when meeting authentication condition Inquiry request with obtain mapping pair, and based on IP address and mapping to obtain client MAC Address, to carry out MAC identity Certification, user's input authentication information is avoided, unaware certification during user's online is realized, so as to lift Consumer's Experience.
Conversely, when carrying out authentication according to correlation technique, mapping is sent to looking into without normal direction Dynamic Host Configuration Protocol server in BRAS When asking request to obtain mapping pair, therefore being connected between BRAS and client for three layers, BRAS can not get client MAC Address, causes MAC ID authentication requests to fail, and user needs input authentication information, can not realize unaware certification, cause Consumer's Experience is deteriorated.
In wherein a kind of implementation, the MAC authentications from BRAS 22 are received in aaa authentication server 24 During request, it can be determined that whether the MAC Address of client 21 is the MAC Address bound with user authentication information.If client The MAC Address at end 21 is not the MAC Address bound with user authentication information, then aaa authentication server 24 may determine that no MAC Binding, surfed the Net first for client 21, can inform that BRAS 22MAC ID authentication requests fail (not passing through), BRAS 22 is not The network communication requests of clearance client 21.
In this case, if user can be redirected to Portal by any network address of browser access, BRAS 22 Webpage (Web) server 23, and the MAC Address of client 21 is sent to Portal web page servers 23.Portal webpages take Business device 23 can eject certification page in the webpage of browser, for user input user authentication information (such as user name and Password etc.).Wherein, redirect to refer to redirect the network request (accessing any network address) of client 21 and go to other nets Network position (certification page of Portal web page servers 23).User inputs user authentication information and confirmed on certification page Afterwards, Portal web page servers 23 can send the user authentication information of client 21 and MAC Address from BRAS 22 To aaa authentication server 24, MAC ID authentication requests are initiated to aaa authentication server 24.
In wherein a kind of implementation, aaa authentication server 24 can be verified to user authentication information, if with Family authentication information is verified, then the MAC Address of client 21 is defined as into the MAC Address with user authentication information binding, And inform that BRAS 22MAC ID authentication requests can let pass the network communication requests of client 21 by, BRAS22, Yong Huke Normally to be surfed the Net by client 21.If user authentication information is verified not by (such as code error), BRAS is informed 22MAC ID authentication requests fail, and BRAS 22 does not let pass the network communication requests of client 21.
It will be appreciated by those skilled in the art that the various known methods in correlation technique can be used to realize above-mentioned MAC Handling process after ID authentication request failure, the disclosure are without limitation.
Fig. 5 is a kind of flow chart of identity identifying method according to an exemplary embodiment.The identity of the embodiment Authentication method can be applied in BAS Broadband Access Server BRAS.As shown in figure 5, methods described also includes:
Step S16, when receiving the notice message of the Dynamic Host Configuration Protocol server release IP address, locally deleted from BRAS Except the mapping pair.
For example, client ip address from Dynamic Host Configuration Protocol server 22 and MAC Address is locally stored in BRAS 22 Mapping is in the case of, if Dynamic Host Configuration Protocol server 25 releases the IP address for distributing to client 21, client 21 is visited again When asking, new IP address can be distributed by Dynamic Host Configuration Protocol server 25.In this case, the IP address of client 21 and MAC Address Corresponding relation (map to) changes, can not be further according to the mapping being stored in BRAS 22 to searching the MAC of client 21 Location.Now, Dynamic Host Configuration Protocol server 25 can send notice message when discharging IP address to BRAS 22, notify the IP address It is released.So, BRAS 22 can delete mapping pair from local.
In this way, invalid mapping pair can be deleted, reduces storage pressure.
Fig. 6 is a kind of flow chart of identity identifying method according to an exemplary embodiment.The identity of the embodiment Authentication method can be applied in Dynamic Host Configuration Protocol server.As shown in fig. 6, this method includes:
Step S61, it is the client in response to the client ip address distribution request from BAS Broadband Access Server BRAS End distribution IP address;
Step S62, in the case of for client into distribution of work IP address, by the client ip address and MAC Address Mapping to being sent to BRAS so that the BRAS based on the mapping to obtaining the MAC Address of the client.
For example, as shown in Fig. 2 when user accesses network by client 21, client 21 can initiate network Communication request.In response to the network communication requests of client 21, BRAS 22 can apply for client 21 to Dynamic Host Configuration Protocol server 25 IP address.Dynamic Host Configuration Protocol server 25 can be that client 21 is distributed in response to the client ip address distribution request from BRAS 22 IP address.
In wherein a kind of implementation, in the case of for client 21 into distribution of work IP address, Dynamic Host Configuration Protocol server 25 Can be by the mapping of the IP address of client 21 and MAC Address to being sent to BRAS.So, BRAS 22 and client 21 it Between for three layers of connection, and when client 21 meets authentication condition, BRAS 22 can be based on the mapping to obtaining client MAC Address, and then initiate MAC ID authentication requests to aaa authentication server 24.
In wherein a kind of implementation, step S62 may include:In response to BRAS for client ip address and MAC The inquiry request of the mapping pair of location, the mapping pair is sent to the BRAS, so that the BRAS is based on the mapping to obtaining The MAC Address of the client.For example, it is being client 21 into after distribution of work IP address in Dynamic Host Configuration Protocol server 25, DHCP Server 25 can record the mapping pair of the IP address of client 21 and the MAC Address of client 21.Meet body in client 21 During part authentication condition, BRAS 22 can send the inquiry of the mapping pair of client ip address and MAC Address to Dynamic Host Configuration Protocol server 24 Request.Dynamic Host Configuration Protocol server 25 can send the mapping pair, so that the BRAS bases in response to the inquiry request to the BRAS MAC Address in the mapping to the acquisition client.
In wherein a kind of implementation, method may also include:When discharging the IP address, notice report is sent to BRAS Text.For example, the mapping of client ip address and MAC Address from Dynamic Host Configuration Protocol server 22 is locally stored in BRAS 22 To in the case of, if Dynamic Host Configuration Protocol server 25 releases the IP address for distributing to client 21, it can be sent to BRAS 22 logical Know message, notify the IP address to be released.So, BRAS 22 can delete mapping pair from local.
In accordance with an embodiment of the present disclosure, can be that client distributes IP address, and by client ip address and MAC Address Mapping is to being sent to BRAS, so that MAC Address of the institute BRAS based on mapping to acquisition client, so as to carry out MAC authentications, Avoid user from being manually entered authentication information, realize unaware certification during user's online.
Corresponding with foregoing identity identifying method embodiment, the disclosure additionally provides the embodiment of identification authentication system.Fig. 7 It is a kind of block diagram of identification authentication system according to an exemplary embodiment.The identification authentication system of the embodiment can be applied In BAS Broadband Access Server BRAS.As shown in fig. 7, the identification authentication system includes:
IP address acquisition module 71, for being three layers of connection between BRAS and client, and the client meets body In the case of part authentication condition, obtain the client sends the client ip address carried in message;
Mapping is to acquisition module 72, for obtaining the client ip address and MAC Address from Dynamic Host Configuration Protocol server Mapping pair;
MAC Address acquisition module 73, for based on the IP address and the mapping pair, obtaining the client MAC Address.
In wherein a kind of implementation, described device also includes:
Application IP addresses module, for the network communication requests in response to client, to Dynamic Host Configuration Protocol server application IP address;
Mapping is to preserving module, in the case of successful to Dynamic Host Configuration Protocol server application IP address, locally being protected in BRAS The mapping pair of the client ip address and MAC Address from the Dynamic Host Configuration Protocol server is deposited,
Wherein, the mapping is specifically used for acquisition module 72:The mapping pair is locally read from BRAS.
In wherein a kind of implementation, the mapping is specifically used for acquisition module 72:
The inquiry request of the mapping pair of the client ip address and MAC Address is sent to Dynamic Host Configuration Protocol server;
Receive the mapping pair from the Dynamic Host Configuration Protocol server.
In wherein a kind of implementation, described device also includes:
Mapping is to removing module, for when receiving the Dynamic Host Configuration Protocol server and discharging the notice message of the IP address, The mapping pair is locally deleted from BRAS.
In accordance with an embodiment of the present disclosure, it can meet that identity is recognized between BRAS and client for three layers of connection and client During card condition, obtain client and send the client ip address carried in message, and be based on client ip address and MAC Address Mapping to obtain client MAC Address, so as to automatically carry out MAC ID authentication requests, avoid user from being manually entered certification Information, realize unaware certification during user's online.
Corresponding with foregoing identity identifying method embodiment, the disclosure additionally provides the embodiment of identification authentication system.Fig. 8 It is a kind of block diagram of identification authentication system according to an exemplary embodiment.The identification authentication system of the embodiment can be applied In Dynamic Host Configuration Protocol server.As shown in figure 8, the identification authentication system includes:
Address assignment module 81, for being asked in response to the client ip address distribution from BAS Broadband Access Server BRAS Ask, IP address is distributed for the client;
Mapping to sending module 82, for for client into distribution of work IP address in the case of, by the client ip The mapping of address and MAC Address is to being sent to BRAS, so that MACs of the BRAS based on the mapping to the acquisition client Address.
In wherein a kind of implementation, the mapping is specifically used for sending module 82:
Inquiry request in response to BRAS for the mapping pair of client ip address and MAC Address, sends to the BRAS The mapping pair, so that MAC Address of the BRAS based on the mapping to the acquisition client.
In wherein a kind of implementation, described device also includes:
Message sending module, for when discharging the IP address, notice message to be sent to BRAS.
In accordance with an embodiment of the present disclosure, can be that client distributes IP address, and by client ip address and MAC Address Mapping is to being sent to BRAS, so that MAC Address of the BRAS based on mapping to acquisition client, so as to carry out MAC authentications, keeps away Exempt from user and be manually entered authentication information, realize unaware certification during user's online.
The identification authentication system of the embodiment of the present disclosure can be applied in BAS Broadband Access Server BRAS or Dynamic Host Configuration Protocol server.Should Device embodiment can be realized by software, can also be realized by way of hardware or software and hardware combining.It is implemented in software Exemplified by, as the device on a logical meaning, being will be corresponding in nonvolatile memory by the processor of equipment where it Computer program instructions read in internal memory what operation was formed.For hardware view, as shown in figure 9, the body for the disclosure A kind of hardware architecture diagram of equipment where part authentication device, except the processing component shown in Fig. 9, power supply module, network connect Outside mouth, input/output interface and memory, the equipment in embodiment where device can also generally include other hardware, such as negative Forwarding chip of duty processing message etc.;The equipment is also possible to be distributed equipment from hardware configuration, may include Multiple interface cards, to carry out the extension of Message processing in hardware view.
Fig. 9 is a kind of block diagram of equipment 1900 for identification authentication system according to an exemplary embodiment.Example Such as, device 1900 may be provided in a BAS Broadband Access Server BRAS or a Dynamic Host Configuration Protocol server.Reference picture 9, device 1900 wrap Processing component 1922 is included, it further comprises one or more processors, and as the memory money representated by memory 1932 Source, can be by the instruction of the execution of processing component 1922, such as application program for storing.The application journey stored in memory 1932 Sequence can include it is one or more each correspond to the module of one group of instruction.In addition, processing component 1922 is configured For execute instruction, to perform the above method.
Device 1900 can also include a power supply module 1926 and be configured as the power management of performs device 1900, one Wired or wireless network interface 1950 is configured as device 1900 being connected to network, and input and output (I/O) interface 1958.Device 1900 can be operated based on the operating system for being stored in memory 1932, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.
In the exemplary embodiment, a kind of non-volatile computer readable storage medium storing program for executing including instructing, example are additionally provided Such as include the memory 1932 of instruction, above-mentioned instruction can be performed to complete the above method by the processing component 1922 of device 1900.
The disclosure can be system, method and/or computer program product.Computer program product can include computer Readable storage medium storing program for executing, containing for making processor realize the computer-readable program instructions of various aspects of the disclosure.
Computer-readable recording medium can keep and store to perform the tangible of the instruction that uses of equipment by instruction Equipment.Computer-readable recording medium for example can be-- but be not limited to-- storage device electric, magnetic storage apparatus, optical storage Equipment, electromagnetism storage device, semiconductor memory apparatus or above-mentioned any appropriate combination.Computer-readable recording medium More specifically example (non exhaustive list) includes:Portable computer diskette, hard disk, random access memory (RAM), read-only deposit It is reservoir (ROM), erasable programmable read only memory (EPROM or flash memory), static RAM (SRAM), portable Compact disk read-only storage (CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanical coding equipment, for example thereon It is stored with punch card or groove internal projection structure and the above-mentioned any appropriate combination of instruction.Calculating used herein above Machine readable storage medium storing program for executing is not construed as instantaneous signal in itself, the electromagnetic wave of such as radio wave or other Free propagations, leads to Cross the electromagnetic wave (for example, the light pulse for passing through fiber optic cables) of waveguide or the propagation of other transmission mediums or transmitted by electric wire Electric signal.
Computer-readable program instructions as described herein can be downloaded to from computer-readable recording medium it is each calculate/ Processing equipment, or outer computer or outer is downloaded to by network, such as internet, LAN, wide area network and/or wireless network Portion's storage device.Network can include copper transmission cable, optical fiber is transmitted, is wirelessly transferred, router, fire wall, interchanger, gateway Computer and/or Edge Server.Adapter or network interface in each calculating/processing equipment receive from network to be counted Calculation machine readable program instructions, and the computer-readable program instructions are forwarded, for the meter being stored in each calculating/processing equipment In calculation machine readable storage medium storing program for executing.
For perform the disclosure operation computer program instructions can be assembly instruction, instruction set architecture (ISA) instruction, Machine instruction, machine-dependent instructions, microcode, firmware instructions, condition setup data or with one or more programming languages The source code or object code that any combination is write, programming language of the programming language including object-oriented-such as Smalltalk, C++ etc., and conventional procedural programming languages-such as " C " language or similar programming language.Computer Readable program instructions fully can on the user computer perform, partly perform on the user computer, be only as one Vertical software kit performs, part performs or completely in remote computer on the remote computer on the user computer for part Or performed on server.In the situation of remote computer is related to, remote computer can pass through network-bag of any kind LAN (LAN) or wide area network (WAN)-be connected to subscriber computer are included, or, it may be connected to outer computer (such as profit Pass through Internet connection with ISP).In certain embodiments, by using computer-readable program instructions Status information carry out personalized customization electronic circuit, such as PLD, field programmable gate array (FPGA) or can Programmed logic array (PLA) (PLA), the electronic circuit can perform computer-readable program instructions, so as to realize each side of the disclosure Face.
Referring herein to the method, apparatus (system) according to the embodiment of the present disclosure and the flow chart of computer program product and/ Or block diagram describes various aspects of the disclosure.It should be appreciated that each square frame and flow chart of flow chart and/or block diagram and/ Or in block diagram each square frame combination, can be realized by computer-readable program instructions.
These computer-readable program instructions can be supplied to all-purpose computer, special-purpose computer or other programmable datas The processor of processing unit, so as to produce a kind of machine so that these instructions are passing through computer or other programmable datas During the computing device of processing unit, work(specified in one or more of implementation process figure and/or block diagram square frame is generated The device of energy/action.These computer-readable program instructions can also be stored in a computer-readable storage medium, these refer to Order causes computer, programmable data processing unit and/or other equipment to work in a specific way, so as to be stored with instruction Computer-readable medium then includes a manufacture, and it is included in one or more of implementation process figure and/or block diagram square frame The instruction of the various aspects of defined function/action.
Computer-readable program instructions can also be loaded into computer, other programmable data processing units or other In equipment so that series of operation steps is performed on computer, other programmable data processing units or miscellaneous equipment, with production Raw computer implemented process, so that performed on computer, other programmable data processing units or miscellaneous equipment Instruct function/action specified in one or more of implementation process figure and/or block diagram square frame.
Flow chart and block diagram in accompanying drawing show the system, method and computer journey of multiple embodiments according to the disclosure Architectural framework in the cards, function and the operation of sequence product.At this point, each square frame in flow chart or block diagram can generation One module of table, program segment or a part for instruction, the module, program segment or a part for instruction include one or more use In the executable instruction of logic function as defined in realization.At some as the function of in the realization replaced, being marked in square frame Can be with different from the order marked in accompanying drawing generation.For example, two continuous square frames can essentially be held substantially in parallel OK, they can also be performed in the opposite order sometimes, and this is depending on involved function.It is also noted that block diagram and/or The combination of each square frame and block diagram in flow chart and/or the square frame in flow chart, function or dynamic as defined in performing can be used The special hardware based system made is realized, or can be realized with the combination of specialized hardware and computer instruction.
It is described above the presently disclosed embodiments, described above is exemplary, and non-exclusive, and It is not limited to disclosed each embodiment.In the case of without departing from the scope and spirit of illustrated each embodiment, for this skill Many modifications and changes will be apparent from for the those of ordinary skill in art field.The selection of term used herein, purport The principle of each embodiment, practical application or technological improvement to the technology in market are best being explained, or is leading this technology Other those of ordinary skill in domain are understood that each embodiment disclosed herein.

Claims (14)

  1. A kind of 1. identity identifying method, it is characterised in that methods described is applied in BAS Broadband Access Server BRAS, including:
    It is three layers of connection between BRAS and client, and in the case that the client meets authentication condition, obtains institute That states client sends the client ip address carried in message;
    Obtain the mapping pair of the client ip address and MAC Address from Dynamic Host Configuration Protocol server;
    Based on the IP address and the mapping pair, the MAC Address of the client is obtained.
  2. 2. according to the method for claim 1, it is characterised in that methods described also includes:
    In response to the network communication requests of client, to Dynamic Host Configuration Protocol server application IP address;
    In the case of successful to Dynamic Host Configuration Protocol server application IP address, the institute from the Dynamic Host Configuration Protocol server is locally preserved in BRAS The mapping pair of client ip address and MAC Address is stated,
    Wherein, the mapping pair of the client ip address and MAC Address from Dynamic Host Configuration Protocol server is obtained, including:
    The mapping pair is locally read from BRAS.
  3. 3. according to the method for claim 1, it is characterised in that obtain the client ip address from Dynamic Host Configuration Protocol server With the mapping pair of MAC Address, including:
    The inquiry request of the mapping pair of the client ip address and MAC Address is sent to Dynamic Host Configuration Protocol server;
    Receive the mapping pair from the Dynamic Host Configuration Protocol server.
  4. 4. according to the method for claim 2, it is characterised in that methods described also includes:
    When receiving the notice message of the Dynamic Host Configuration Protocol server release IP address, the mapping is locally deleted from BRAS It is right.
  5. A kind of 5. identity identifying method, it is characterised in that methods described is applied in Dynamic Host Configuration Protocol server, including:
    In response to the client ip address distribution request from BAS Broadband Access Server BRAS, for the client with distributing IP Location;
    In the case of for client into distribution of work IP address, by the mapping of the client ip address and MAC Address to sending To BRAS, so that MAC Address of the BRAS based on the mapping to the acquisition client.
  6. 6. according to the method for claim 5, it is characterised in that by the mapping pair of the client ip address and MAC Address BRAS is sent to, so that MAC Address of the BRAS based on the mapping to the acquisition client, including:
    Inquiry request in response to BRAS for the mapping pair of client ip address and MAC Address, to described in BRAS transmissions Mapping pair, so that MAC Address of the BRAS based on the mapping to the acquisition client.
  7. 7. according to the method for claim 5, it is characterised in that methods described also includes:
    When discharging the IP address, notice message is sent to BRAS.
  8. A kind of 8. identification authentication system, it is characterised in that described device is applied in BAS Broadband Access Server BRAS, including:
    IP address acquisition module, for being three layers of connection between BRAS and client, and the client meets authentication In the case of condition, obtain the client sends the client ip address carried in message;
    Mapping is to acquisition module, for obtaining the mapping pair of the client ip address and MAC Address from Dynamic Host Configuration Protocol server;
    MAC Address acquisition module, for based on the IP address and the mapping pair, obtaining the MAC Address of the client.
  9. 9. device according to claim 8, it is characterised in that described device also includes:
    Application IP addresses module, for the network communication requests in response to client, to Dynamic Host Configuration Protocol server application IP address;
    Mapping is to preserving module, in the case of successful to Dynamic Host Configuration Protocol server application IP address, locally preserving in BRAS From the mapping pair of the client ip address and MAC Address of the Dynamic Host Configuration Protocol server,
    Wherein, the mapping is specifically used for acquisition module:
    The mapping pair is locally read from BRAS.
  10. 10. device according to claim 8, it is characterised in that the mapping is specifically used for acquisition module:
    The inquiry request of the mapping pair of the client ip address and MAC Address is sent to Dynamic Host Configuration Protocol server;
    Receive the mapping pair from the Dynamic Host Configuration Protocol server.
  11. 11. device according to claim 9, it is characterised in that described device also includes:
    Mapping is to removing module, for when receiving the Dynamic Host Configuration Protocol server and discharging the notice message of the IP address, from BRAS locally deletes the mapping pair.
  12. A kind of 12. identification authentication system, it is characterised in that described device is applied in Dynamic Host Configuration Protocol server, including:
    Address assignment module, in response to the client ip address distribution request from BAS Broadband Access Server BRAS, for institute State client distribution IP address;
    Mapping to sending module, for for client into distribution of work IP address in the case of, by the client ip address with The mapping of MAC Address is to being sent to BRAS, so that MAC Address of the BRAS based on the mapping to the acquisition client.
  13. 13. device according to claim 12, it is characterised in that the mapping is specifically used for sending module:
    Inquiry request in response to BRAS for the mapping pair of client ip address and MAC Address, to described in BRAS transmissions Mapping pair, so that MAC Address of the BRAS based on the mapping to the acquisition client.
  14. 14. device according to claim 12, it is characterised in that described device also includes:
    Message sending module, for when discharging the IP address, notice message to be sent to BRAS.
CN201710382146.0A 2017-05-26 2017-05-26 Identity authentication method and device Active CN107547501B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710382146.0A CN107547501B (en) 2017-05-26 2017-05-26 Identity authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710382146.0A CN107547501B (en) 2017-05-26 2017-05-26 Identity authentication method and device

Publications (2)

Publication Number Publication Date
CN107547501A true CN107547501A (en) 2018-01-05
CN107547501B CN107547501B (en) 2020-05-12

Family

ID=60966914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710382146.0A Active CN107547501B (en) 2017-05-26 2017-05-26 Identity authentication method and device

Country Status (1)

Country Link
CN (1) CN107547501B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108171589A (en) * 2018-01-29 2018-06-15 北京小度信息科技有限公司 Verification method and device
CN109962917A (en) * 2019-03-26 2019-07-02 中国民生银行股份有限公司 Authentication information processing method and equipment, system, storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN103795584A (en) * 2012-10-30 2014-05-14 华为技术有限公司 Client side identity detection method and gateway
CN103856469A (en) * 2012-12-06 2014-06-11 中国电信股份有限公司 Method and system supporting DHCP authentication and provenance, and DHCP server
CN105592037A (en) * 2015-07-10 2016-05-18 杭州华三通信技术有限公司 MAC address authentication method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN103795584A (en) * 2012-10-30 2014-05-14 华为技术有限公司 Client side identity detection method and gateway
CN103856469A (en) * 2012-12-06 2014-06-11 中国电信股份有限公司 Method and system supporting DHCP authentication and provenance, and DHCP server
CN105592037A (en) * 2015-07-10 2016-05-18 杭州华三通信技术有限公司 MAC address authentication method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108171589A (en) * 2018-01-29 2018-06-15 北京小度信息科技有限公司 Verification method and device
CN109962917A (en) * 2019-03-26 2019-07-02 中国民生银行股份有限公司 Authentication information processing method and equipment, system, storage medium

Also Published As

Publication number Publication date
CN107547501B (en) 2020-05-12

Similar Documents

Publication Publication Date Title
US11457070B2 (en) Virtual hosting device and service to provide software-defined networks in a cloud environment
JP7079798B2 (en) Systems and methods for dynamic and flexible authentication in cloud services
US9473458B2 (en) Connection configuration
US9270654B2 (en) Automated configuration for network appliances
CN104917749B (en) account registration method and device
CN104144167B (en) User login authentication method of open intelligent gateway platform
CN103874069B (en) A kind of wireless terminal MAC authentication devices and method
CN108881308A (en) A kind of user terminal and its authentication method, system, medium
CN110661670A (en) Network equipment configuration management method and device
CN105681030B (en) key management system, method and device
CN108351771A (en) Maintain the control for the restricted data during being deployed to cloud computing environment
CN104660405B (en) A kind of business device authentication method and equipment
US11245577B2 (en) Template-based onboarding of internet-connectible devices
CN105592180B (en) A kind of method and apparatus of Portal certification
CN108347353A (en) Network collocating method, apparatus and system
CN107547501A (en) Identity identifying method and device
CN107396362A (en) A kind of method and apparatus for being used to carry out user equipment wireless connection pre-authorization
CN104469770B (en) Towards WLAN authentication methods, platform and the system of third-party application
CN107079010A (en) Method and system for operating user equipment (ue) device in the private network
CN109801418A (en) User autonomous controllable fining authorization management method and device
CN109788528A (en) Access point and its internet business activating method and system
CN104335619B (en) The remote de-locking of telecommunication apparatus function
US9232078B1 (en) Method and system for data usage accounting across multiple communication networks
JP2016066298A (en) Relay device, communication system, information processing method and program
CN104270368B (en) Authentication method, certificate server and Verification System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant