CN108259457A - A kind of WEB authentication methods and device - Google Patents
A kind of WEB authentication methods and device Download PDFInfo
- Publication number
- CN108259457A CN108259457A CN201710890031.2A CN201710890031A CN108259457A CN 108259457 A CN108259457 A CN 108259457A CN 201710890031 A CN201710890031 A CN 201710890031A CN 108259457 A CN108259457 A CN 108259457A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- information
- characteristic information
- certification
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a kind of WEB authentication methods, which is characterized in that the method is applied to access device, and this method may include:The first network that receiving terminal apparatus is sent accesses message;The first network accesses the characteristic information that message carries the terminal device;It checks in the offline terminal device information of local record and whether includes the characteristic information;If it is determined that the characteristic information is included in the offline terminal device information of local record, it then obtains the terminal device and passes through the authentication information corresponding with the characteristic information recorded during certification, the authentication information is sent to the certificate server, so that the certificate server is authenticated the authentication information.The method provided using the application, can improve authentication efficiency of the certification by terminal device that is rear offline and reaching the standard grade, while promote the online experience of WEB user.
Description
Technical field
This application involves computer communication field more particularly to a kind of WEB authentication methods and devices.
Background technology
Web (WWW) certification can refer to receive username and password input by user by the web authentication page, to end
End equipment is authenticated, to achieve the purpose that the access to terminal device controls.
In the network environment for employing web authentication, when unverified terminal device accesses Internet resources, access device can be strong
Terminal device processed accesses Portal (portal) server, and Portal server can return to the web authentication page to terminal device, by with
Family inputs username and password to be certified by the web authentication page.Access device can be by the user name to be certified and close
Code is transmitted to certificate server, and the certification to the terminal device is completed by the certificate server.
However, once terminal device is offline, and though terminal device it is offline how long, recognized before user accesses again
When demonstrate,proving the Internet resources authorized, still need to re-enter username and password.In this way, recognize for needing frequently to access in the short time
For the terminal device for demonstrate,proving the Internet resources authorized, the efficiency that terminal device accesses Internet resources is greatly reduced, terminal is set
The standby Internet resources that access again cause great inconvenience.
Invention content
In view of this, the application provides a kind of WEB authentication methods and device, to improve certification pass through it is rear offline and reach the standard grade
Terminal device authentication efficiency, while promote the online experience of WEB user.
Specifically, the application is achieved by the following technical solution:
According to the application's in a first aspect, providing a kind of WEB authentication methods, the method is applied to access device, described
Method includes:
The first network that receiving terminal apparatus is sent accesses message;The first network accesses the message carrying terminal and sets
Standby characteristic information;
It checks in the offline terminal device information of local record and whether includes the characteristic information;
If it is determined that the terminal is then obtained comprising the characteristic information in the offline terminal device information of local record
Equipment passes through the authentication information corresponding with the characteristic information recorded during certification, and the authentication information is sent to and described is recognized
Server is demonstrate,proved, so that the certificate server is authenticated the authentication information.
Optionally, the acquisition terminal device passes through the certification corresponding with the characteristic information recorded during certification
Before information, further include:
When determining the terminal device first passage certificate server certification, the characteristic information of the terminal device is recorded
Correspondence between the corresponding authentication information of the terminal device;
The acquisition terminal device passes through the authentication information corresponding with the characteristic information recorded during certification, wraps
It includes:
In the correspondence, authentication information corresponding with the characteristic information of the terminal device is searched.
Optionally, whether the characteristic information, packet are included in the offline terminal device information for checking local record
It includes:
After not including the characteristic information in line terminal device information determine to locally record, local record is checked
Whether the characteristic information is included in offline terminal device information.
Optionally, the method further includes:
If it is determined that the online terminal device information of local record and in offline terminal device information not comprising the spy
Reference ceases, then
After the second network access message for receiving terminal transmission, portal Portal clothes are returned to the terminal device
It is engaged in the uniform resource position mark URL of device, so that the terminal device is after Portal server is accessed, Portal server is to institute
It states terminal device and returns to the certification page for supplying user's input authentication information;
After coming from the authentication information of terminal device receive that the Portal server returns, the certification is believed
Breath is sent to certificate server, so that certificate server is authenticated the authentication information.
Optionally, the method further includes:
When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received
The characteristic information of the terminal device carried in message is added in the online terminal device information and described offline
The characteristic information of the terminal device is deleted in facility information.
According to the second aspect of the application, a kind of WEB authentication devices are provided, described device is applied to access device, described
Device includes:
Receiving unit accesses message for the first network that receiving terminal apparatus is sent;The first network accesses message
Carry the characteristic information of the terminal device;
Inspection unit, for checking in the offline terminal device information of local record whether include the characteristic information;
Transmitting element, for if it is determined that comprising the characteristic information in the offline terminal device information of local record,
It then obtains the terminal device and passes through the authentication information corresponding with the characteristic information recorded during certification, the certification is believed
Breath is sent to the certificate server, so that the certificate server is authenticated the authentication information.
Optionally, described device further includes recording unit, for determining the terminal device first passage authentication service
During device certification, the correspondence between the characteristic information of the terminal device and the corresponding authentication information of the terminal device is recorded;
The transmitting element, specifically in the correspondence, searching the characteristic information pair with the terminal device
The authentication information answered.
Optionally, the inspection unit, specifically for not included in the online terminal device information for determining local record
After the characteristic information, whether check in the offline terminal device information of local record comprising the characteristic information.
Optionally, described device further includes redirection unit, for if it is determined that local record is believed in line terminal equipment
Not comprising the characteristic information in breath and offline terminal device information, then in the second network access for receiving terminal transmission
After message, the uniform resource position mark URL of portal Portal server is returned to the terminal device, so that the terminal device
After Portal server is accessed, Portal server returns to the authentication page for user's input authentication information to the terminal device
Face;After coming from the authentication information of terminal device receive that the Portal server returns, the authentication information is sent out
Certificate server is given, so that certificate server is authenticated the authentication information.
Optionally, described device further includes information process unit, for receiving the certificate server for described
When the certification of authentication information receives message, the characteristic information of the terminal device that the certification receives to carry in message is added
The characteristic information of the terminal device is deleted into the online terminal device information and in the offline facility information.
This application provides a kind of WEB authentication methods, access device is in the network access report for receiving terminal device transmission
Wen Hou, can check whether the offline terminal device information of local record includes the characteristic information of the terminal device, if comprising,
It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device
The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information
Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair
The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade
In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect
Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware
Certification improves the online experience of WEB certification users.
Description of the drawings
Fig. 1 is a kind of group-network construction figure of WEB Verification Systems shown in one exemplary embodiment of the application;
Fig. 2 is a kind of interaction figure of WEB certifications shown in one exemplary embodiment of the application;
Fig. 3 is a kind of flow chart of WEB authentication methods shown in one exemplary embodiment of the application;
Fig. 4 is the flow chart of another WEB authentication methods shown in one exemplary embodiment of the application;
Fig. 5 is a kind of hardware configuration of WEB authentication devices place access device shown in one exemplary embodiment of the application
Figure;
Fig. 6 is a kind of block diagram of WEB authentication devices shown in one exemplary embodiment of the application.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, example is illustrated in the accompanying drawings.Following description is related to
During attached drawing, unless otherwise indicated, the same numbers in different attached drawings represent the same or similar element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only merely for the purpose of description specific embodiment in term used in this application, and is not intended to be limiting the application.
It is also intended in the application and " one kind " of singulative used in the attached claims, " described " and "the" including majority
Form, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to and wraps
Containing one or more associated list items purposes, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, not departing from
In the case of the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
The application is directed to a kind of WEB authentication methods, and access device is in the network access for receiving terminal device transmission
After message, can check local record under offline facility information whether include the characteristic information of the terminal device, if comprising,
It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device
The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information
Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair
The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade
In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect
Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware
Certification improves the online experience of WEB certification users.
Before the localization method that the application provides is introduced, group-network construction and WEB certifications first to WEB certifications
General flow be introduced.
Referring to Fig. 1, Fig. 1 is a kind of group-network construction figure of WEB Verification Systems shown in one exemplary embodiment of the application.It should
Networking can include at least:Terminal device, access device, Portal server and certificate server.
Wherein, above-mentioned terminal device can carry Authentication Client system, which can be operation HTTP
(HyperText Transfer Protocol, hypertext transfer protocol)/HTTPS (Hyper Text Transfer
Protocol over Secure Socket Layer, Hyper text transfer security protocol) agreement browser or Portal visitor
Family end etc..
Above-mentioned access device can include providing BRAS (Broadband Remote Access Server, broad band remote
Access server) access service equipment, including at least following three aspect function:
Before certification, all HTTP/HTTPS requests of user are all redirected to Portal server.
It in verification process, is interacted with Portal certificate servers, certificate server, completes authentication/mandate/charging
Function.
Pass through Internet resources that are rear, allowing user's access authorized in certification.
Above-mentioned Portal server, typically at least comprising Portal Web services function module and Portal authentication function moulds
Block.Portal Web service function modules are responsible for providing the web authentication page, and the authentication information of client (is used to client
Name in an account book, password etc.) submit to Portal authentication service function modules.Portal authentication services function module is objective for receiving certification
Family end certification request, the authentication information with access device interactive authentication client.Portal Web service function modules usually may be used
With being deployed on same server for Portal authentication service function modules, it can also be deployed in different servers respectively
On.
Above-mentioned certificate server, it may include AAA (Authentication, Authorization and Accounting,
Verification, mandate and account) server, RADIUS (Remote Authentication Dial In User Service, remotely
Certification dial-in user service) server etc..The certificate server can be interacted with access device, complete certification to user,
Mandate and charging.Above-mentioned certificate server may also include radius server etc., here only to certificate server.
Below by taking access device is BRAS equipment as an example, the WEB certifications of general flow and the application offer to WEB certifications
Method is described in detail, and the WEB authentication methods of other access devices are identical with BRAS equipment, and which is not described herein again.
Referring to Fig. 2, Fig. 2 is a kind of interaction figure of WEB certifications shown in one exemplary embodiment of the application, and general WEB recognizes
Card may include following flow.
Step 201:Terminal device sends HTTP/HTTPS requests;
Step 202:BRAS equipment judges whether to need to redirect according to the destination address that HTTP/HTTPS requests carry
Operation.If so, step 204 is performed to step 213;If not, step 203 and step 206 are performed to step 213.
When realizing, BRAS equipment can determine whether the destination address and Portal server that are carried in HTTP/HTTPS requests
Address it is whether identical, if address is identical, it is determined that do not need to perform and redirect operation, perform step 203 and step
206 to step 213.Operation is redirected if not, performing, such as performs step 204- steps 213.
Step 203:HTTP/HTTPS requests are sent to Portal server by BRAS equipment, to access Portal clothes
Business device.
Step 204:BRAS equipment can push the URL addresses of Portal server to the terminal device;
Step 205:Terminal device sends to Portal server and accesses message.
Portal server URL (Uniform Resource Locator, unified resource positioning are received in terminal device
Symbol) behind address, it can be sent to the Portal server and access message, to access Portal server.
Step 206:Portal server can will return to terminal device for the certification page of user's input authentication information.
Step 207:Terminal device can send authentication information to Portal server.
Realize when, when terminal device receive Portal server return for authentication information certification input by user
After the page, the certification page can be shown.User can on the certification page input authentication information, such as the user name of user and close
Code.Then authentication information input by user can be sent to Portal server by terminal device.
Step 208:The authentication information is sent to BRAS equipment by Portal server.
Step 209:BRAS equipment can send access authentication request to certificate server, be carried in access authentication request
Above-mentioned authentication information.
Step 210:Certificate server is authenticated the authentication information.
Step 211:Certificate server return authentication result.
If certification passes through, certificate server can return to certification and receive message, which receives to carry authorization message in message.
If certification does not pass through, certification refusal message is sent.
Step 212:BRAS equipment according to the certification and Authorization result got from certificate server, more new record it is online
User information.In certification by rear, user right is issued.
Step 213:If Certificate Authority success, BRAS equipment can send charging to certificate server and start message, start
To user's charging.
Referring to Fig. 3, Fig. 3 is a kind of flow chart of WEB authentication methods shown in one exemplary embodiment of the application.This method
It can be applied to BRAS equipment, it may include step 301 to step 303.
Step 301:The first network that receiving terminal apparatus is sent accesses message;The first network accesses message and carries institute
State the characteristic information of terminal device;
Wherein, it is described below to descend tag wire facility information, the information by certification but offline equipment can be included,
Offline terminal device information includes characteristic information of offline terminal device etc. for this.Offline terminal device information can be with for this
Tissue etc. is carried out in the form of a table.
Online terminal device information described below can include the relevant information by certification and online equipment,
Such as the online terminal device information may include the characteristic information of online terminal device, authority information etc..
Above-mentioned authentication information may include user account, password etc..
The characteristic information of above-mentioned terminal device, it may include the MAC Address of terminal device, the IP address of terminal device, terminal
Mark of VLAN belonging to equipment etc..
It can be IP packet that above-mentioned first network, which accesses message, can be wrapped furthermore, it is understood that the first network accesses message
The non-HTTP message that terminal device accesses the HTTP message of webpage or terminal device is sent is included, such as carries out file download,
The IP packet of data transmission.
In the embodiment of the present application, after BRAS equipment receives above-mentioned IP packet, if checking local record
The characteristic information of the terminal carried in offline terminal device information comprising the IP packet, then not to terminal device pushing certification page
Face, it is not required that user inputs username and password, but in the case of user's unaware, complete the certification to user.
For example, it is assumed that user by certification, access certain website it is offline after, when user accesses the website again, user Ke Fa
The HTTP message for accessing the website is sent, at this point, terminal device will not receive certification page to supply user's input authentication information again, and
It is that user is authenticated user in the case of unaware.For a user, what is experienced is directly to have accessed
The website.
In another example, it is assumed that after user is by certification, some file is downloaded, when downloading half, user offline.When default
Between after section, user reaches the standard grade again, and the IP packet (non-HTTP message) for downloading this document can be transmitted in the terminal device of user.At this point, eventually
End equipment will not receive certification page and carry out input authentication information again, but user recognizes user in the case of unaware
Card.For a user, what is experienced is the download that user then carries out this document.
Above-mentioned basic conception is being introduced, the WEB authentication methods provided below the application are introduced in detail.
In the embodiment of the present application, when the certification that BRAS equipment receives the terminal device that certificate server returns receives message
Afterwards, BRAS equipment can record the corresponding of characteristic information authentication information corresponding with the terminal device of the terminal user terminal and close
System.The correspondence can carry out tissue in the form of a table, can also carry out tissue otherwise, not have here to it
Limit to body.
After BRAS equipment receives the break link request of terminal device transmission, BRAS equipment can be asked from the break link
The middle characteristic information for obtaining the terminal device is sought, as offline terminal device information.
In the embodiment of the present application, after the first network that BRAS equipment receives terminal device transmission accesses message,
BRAS equipment can obtain the first network and access the characteristic information of terminal device carried in message.
Step 302:It checks in the offline terminal device information of local record and whether includes the characteristic information;
Step 303:If it is, obtain the terminal device pass through recorded during certification it is corresponding with the characteristic information
Authentication information, the authentication information is sent to the certificate server, so that the certificate server believes the certification
Breath is authenticated.
In the embodiment of the present application, after the characteristic information for obtaining the terminal device, BRAS equipment can check local record
Offline terminal device information in whether include the characteristic information of the terminal device.
In an optional implementation manner, since the message that BRAS equipment receives is mostly to be sent in line terminal equipment
Network access message, in order to avoid whether BRAS equipment is frequently detected in offline user information comprising coming from online equipment
Network access message in the characteristic information that carries, reduce the load of BRAS equipment.BRAS equipment can be the detection performed by it
Priority is set.
For example, BRAS equipment receive first network access message after, can priority check local record online terminal
Whether the characteristic information of the terminal device is recorded in facility information.If record has this feature letter in online terminal device information
Breath, then show the terminal device be by certification and online terminal device, BRAS equipment can be based on access rights to this first
Network access message carries out access control.If without record this feature information, BRAS equipment in online terminal device information
The characteristic information that the terminal device whether is included in above-mentioned offline terminal device information can further be detected.
In the embodiment of the present application, when BRAS equipment determines the spy for including the terminal device in offline terminal device information
After reference breath, BRAS equipment can determine that the terminal device is by certification is offline and reaches the standard grade equipment.BRAS equipment can perform such as
Flow shown in Fig. 4.
Step 401:BRAS equipment obtains authentication information corresponding with the characteristic information of the terminal device;
When the characteristic information that the terminal device is included in offline terminal device information, terminal device can be set in above-mentioned terminal
In standby characteristic information and the correspondence of the corresponding authentication information of this feature information, the characteristic information pair of the terminal device is searched
The authentication information answered.
In an optional implementation manner, when the characteristic information that the terminal device is included in offline terminal device information
When, which can be accessed message up sending to the CPU of the BRAS equipment by terminal device.The CPU of BRAS equipment can be above-mentioned
In the characteristic information of terminal device and the correspondence of the corresponding authentication information of this feature information, the feature of the terminal device is searched
The corresponding authentication information of information.
Step 402:BRAS equipment sends access authentication request to certificate server.
After the corresponding authentication information of the terminal device is found, terminal device can send to certificate server and carry this
The access authentication request of authentication information.
Step 403:Certificate server is authenticated the authentication information.
Step 404:Certificate server return authentication result.
When certification by when, certificate server can receive message to BRAS equipment return authentication, when certification not by when, then
Refuse message to BRAS equipment return authentication.
Step 405:Online terminal device information and offline terminal device information are updated, issues permission.
After BRAS equipment receives the certification of certificate server return by message, terminal device can be by the terminal device
Characteristic information deleted from above-mentioned offline facility information, while by the characteristic information of the terminal device be added to above-mentioned online end
In end equipment information.
Step 406:If Certificate Authority success, BRAS equipment sends charging to certificate server and starts message, starts pair
User's charging.
In the embodiment of the present application, when BRAS equipment determines not include the terminal device in offline terminal device information
Characteristic information, and after the above-mentioned characteristic information for also not including the terminal device in line terminal device information, BRAS equipment can wait
Treat that the terminal device sends the second network access message.Wherein, the second network access message can include using HTTP, HTTPS,
The page request message of the agreements such as XML.After BRAS equipment receives the second network access message of terminal device transmission, at this time
The terminal device can be authenticated according to step 201 shown in Fig. 2 to step 213.
The application is directed to a kind of WEB authentication methods, and access device is in the network access for receiving terminal device transmission
After message, can check local record under offline facility information whether include the characteristic information of the terminal device, if comprising,
It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device
The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information
Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair
The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade
In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect
Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware
Certification improves the online experience of WEB certification users.
Corresponding with the embodiment of aforementioned WEB authentication methods, present invention also provides the embodiments of WEB authentication devices.
The embodiment of the application WEB authentication devices can be applied on access device.Device embodiment can pass through software
It realizes, can also be realized by way of hardware or software and hardware combining.For implemented in software, as on a logical meaning
Device, be to be read computer program instructions corresponding in nonvolatile memory by the processor of access device where it
Into memory, operation is formed.For hardware view, as shown in figure 5, the access device where the application WEB authentication devices
A kind of hardware structure diagram, it is real other than processor shown in fig. 5, memory, network outgoing interface and nonvolatile memory
Actual functional capability of the access device in example where device generally according to the access device is applied, other hardware can also be included, to this
It repeats no more.
Please refer to Fig. 6, Fig. 6 is a kind of block diagram of WEB authentication devices shown in one exemplary embodiment of the application, the dress
It puts applied to access device, described device includes:
Receiving unit 601 accesses message for the first network that receiving terminal apparatus is sent;The first network accesses report
Text carries the characteristic information of the terminal device;
Inspection unit 602, for checking in the offline terminal device information of local record whether believe comprising the feature
Breath;
Transmitting element 603, for if it is determined that believing in the offline terminal device information of local record comprising the feature
Breath, then obtain the terminal device and pass through the authentication information corresponding with the characteristic information recorded during certification, recognize described
Card information is sent to the certificate server, so that the certificate server is authenticated the authentication information.
Optionally, described device further includes recording unit 604, for determining the terminal device first passage certification clothes
During business device certification, the corresponding pass between the characteristic information of the terminal device and the corresponding authentication information of the terminal device is recorded
System;
The transmitting element 603, specifically in the correspondence, searching the characteristic information with the terminal device
Corresponding authentication information.
Optionally, the inspection unit 602, specifically for not wrapped in the online terminal device information for determining local record
After the characteristic information, whether check in the offline terminal device information of local record comprising the characteristic information.
Optionally, described device further include redirect unit 605, for if it is determined that local record in line terminal equipment
It is not visited in information and offline terminal device information comprising the characteristic information in the second network for receiving terminal transmission then
The uniform resource position mark URL for returning to portal Portal server after message to the terminal device is asked, so that the terminal is set
For after Portal server is accessed, Portal server returns to the certification for user's input authentication information to the terminal device
The page;After coming from the authentication information of terminal device receive that the Portal server returns, by the authentication information
Certificate server is sent to, so that certificate server is authenticated the authentication information.
Optionally, described device further includes information process unit 606, for receiving the certificate server for institute
When stating the certification of authentication information and receiving message, the characteristic information of the terminal device that the certification receives to carry in message is added
Add to the feature letter that the terminal device is deleted in the online terminal device information and in the offline facility information
Breath.
The function of each unit and the realization process of effect specifically refer to and step are corresponded in the above method in above device
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separating component
The unit of explanation may or may not be physically separate, and the component shown as unit can be or can also
It is not physical unit, you can be located at a place or can also be distributed in multiple network element.It can be according to reality
It needs that some or all of module therein is selected to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The foregoing is merely the preferred embodiment of the application, not limiting the application, all essences in the application
God and any modification, equivalent substitution, improvement and etc. within principle, done, should be included within the scope of the application protection.
Claims (10)
1. a kind of WEB authentication methods, which is characterized in that the method is applied to access device, the method includes:
The first network that receiving terminal apparatus is sent accesses message;The first network accesses message and carries the terminal device
Characteristic information;
It checks in the offline terminal device information of local record and whether includes the characteristic information;
If it is determined that the terminal device is then obtained comprising the characteristic information in the offline terminal device information of local record
Pass through the authentication information corresponding with the characteristic information recorded during certification, the authentication information is sent to the certification takes
Business device, so that the certificate server is authenticated the authentication information.
2. according to the method described in claim 1, it is characterized in that, described obtain when the terminal device passes through certification has recorded
Authentication information corresponding with the characteristic information before, further include:
When determining the terminal device first passage certificate server certification, record the characteristic information of the terminal device and be somebody's turn to do
Correspondence between the corresponding authentication information of terminal device;
The acquisition terminal device passes through the authentication information corresponding with the characteristic information recorded during certification, including:
In the correspondence, authentication information corresponding with the characteristic information of the terminal device is searched.
3. the according to the method described in claim 1, it is characterized in that, offline terminal device information for checking local record
In whether comprising the characteristic information, including:
Determine local record in line terminal device information not comprising after the characteristic information, check local record under
Whether the characteristic information is included in line terminal equipment information.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
If it is determined that local record online terminal device information and in offline terminal device information comprising the feature letter
Breath, then
After the second network access message for receiving terminal transmission, portal Portal server is returned to the terminal device
Uniform resource position mark URL so that the terminal device is after Portal server is accessed, Portal server is to the end
End equipment returns to the certification page for user's input authentication information;
After coming from the authentication information of terminal device receive that the Portal server returns, the authentication information is sent out
Certificate server is given, so that certificate server is authenticated the authentication information.
5. according to the method described in claim 3, it is characterized in that, the method further includes:
When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received into message
The characteristic information of the terminal device of middle carrying is added in the online terminal device information and at the offline end
The characteristic information of the terminal device is deleted in end equipment information.
6. a kind of WEB authentication devices, which is characterized in that described device is applied to access device, and described device includes:
Receiving unit accesses message for the first network that receiving terminal apparatus is sent;The first network accesses message and carries
The characteristic information of the terminal device;
Inspection unit, for checking in the offline terminal device information of local record whether include the characteristic information;
Transmitting element, for if it is determined that comprising the characteristic information in the offline terminal device information of local record, then obtaining
The authentication information corresponding with the characteristic information that the terminal device has recorded when passing through certification is taken, the authentication information is sent out
The certificate server is given, so that the certificate server is authenticated the authentication information.
7. device according to claim 6, which is characterized in that described device further includes recording unit, for determining
When stating terminal device first passage certificate server certification, the characteristic information for recording the terminal device is corresponding with the terminal device
Authentication information between correspondence;
The transmitting element, specifically in the correspondence, searching corresponding with the characteristic information of the terminal device
Authentication information.
8. device according to claim 6, which is characterized in that the inspection unit, specifically for determining local record
In line terminal device information not comprising after the characteristic information, checking in the offline terminal device information of local record is
It is no to include the characteristic information.
9. device according to claim 8, which is characterized in that described device further includes redirection unit, if for really
Surely the online terminal device information that locally records and in offline terminal device information not comprising the characteristic information, then receiving
After the second network access message sent to the terminal, the unified resource of portal Portal server is returned to the terminal device
Finger URL URL, so that the terminal device, after Portal server is accessed, Portal server is returned to the terminal device
For the certification page of user's input authentication information;Come from recognizing for terminal device receive that the Portal server returns
After demonstrate,proving information, the authentication information is sent to certificate server, so that certificate server is authenticated the authentication information.
10. device according to claim 8, which is characterized in that described device further includes information process unit, for connecing
When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received what is carried in message
The characteristic information of the terminal device is added in the online terminal device information and line terminal equipment has been descended to believe described
The characteristic information of the terminal device is deleted in breath.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710890031.2A CN108259457B (en) | 2017-09-27 | 2017-09-27 | WEB authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710890031.2A CN108259457B (en) | 2017-09-27 | 2017-09-27 | WEB authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108259457A true CN108259457A (en) | 2018-07-06 |
CN108259457B CN108259457B (en) | 2021-06-29 |
Family
ID=62722034
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710890031.2A Active CN108259457B (en) | 2017-09-27 | 2017-09-27 | WEB authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108259457B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109831360A (en) * | 2019-02-27 | 2019-05-31 | 深圳市吉祥腾达科技有限公司 | Automated testing method and test macro for multi-user concurrent web authentication |
CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
CN111092904A (en) * | 2019-12-27 | 2020-05-01 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN111181961A (en) * | 2019-12-30 | 2020-05-19 | 杭州迪普科技股份有限公司 | User offline detection method and device |
CN111600832A (en) * | 2019-07-25 | 2020-08-28 | 新华三技术有限公司 | Message processing method and device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102204307A (en) * | 2011-06-15 | 2011-09-28 | 华为技术有限公司 | Wlan authentication method based on MAC address and device thereof |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
CN104580178A (en) * | 2014-12-26 | 2015-04-29 | 杭州华三通信技术有限公司 | Method and equipment for Portal authentication |
CN105592037A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | MAC address authentication method and device |
CN106534129A (en) * | 2016-11-18 | 2017-03-22 | 杭州华三通信技术有限公司 | Access control method and apparatus |
CN106572077A (en) * | 2016-10-09 | 2017-04-19 | 京信通信技术(广州)有限公司 | Portal authentication method and device |
CN106911681A (en) * | 2017-02-16 | 2017-06-30 | 杭州迪普科技股份有限公司 | Network access authentication method and device |
-
2017
- 2017-09-27 CN CN201710890031.2A patent/CN108259457B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102204307A (en) * | 2011-06-15 | 2011-09-28 | 华为技术有限公司 | Wlan authentication method based on MAC address and device thereof |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
CN104580178A (en) * | 2014-12-26 | 2015-04-29 | 杭州华三通信技术有限公司 | Method and equipment for Portal authentication |
CN105592037A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | MAC address authentication method and device |
CN106572077A (en) * | 2016-10-09 | 2017-04-19 | 京信通信技术(广州)有限公司 | Portal authentication method and device |
CN106534129A (en) * | 2016-11-18 | 2017-03-22 | 杭州华三通信技术有限公司 | Access control method and apparatus |
CN106911681A (en) * | 2017-02-16 | 2017-06-30 | 杭州迪普科技股份有限公司 | Network access authentication method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109831360A (en) * | 2019-02-27 | 2019-05-31 | 深圳市吉祥腾达科技有限公司 | Automated testing method and test macro for multi-user concurrent web authentication |
CN111600832A (en) * | 2019-07-25 | 2020-08-28 | 新华三技术有限公司 | Message processing method and device |
CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
CN111092904A (en) * | 2019-12-27 | 2020-05-01 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN111092904B (en) * | 2019-12-27 | 2022-04-26 | 杭州迪普科技股份有限公司 | Network connection method and device |
CN111181961A (en) * | 2019-12-30 | 2020-05-19 | 杭州迪普科技股份有限公司 | User offline detection method and device |
Also Published As
Publication number | Publication date |
---|---|
CN108259457B (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106131079B (en) | Authentication method, system and proxy server | |
CN105007280B (en) | A kind of application login method and device | |
US9641513B2 (en) | Methods and systems for controlling mobile terminal access to a third-party server | |
CN108259457A (en) | A kind of WEB authentication methods and device | |
CN104113551B (en) | A kind of platform authorization method, platform service end and applications client and system | |
CN104954330B (en) | A kind of methods, devices and systems to be conducted interviews to data resource | |
CN105991589A (en) | Method, apparatus, and system for redirection | |
CN106921636A (en) | Identity identifying method and device | |
CN101420416A (en) | Identity management platform, service server, login system and federation method | |
CN105991518B (en) | Network access verifying method and device | |
CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
CN108810896A (en) | The connection authentication method and device of wireless access point | |
CN102710621B (en) | A kind of user authentication method and system | |
CN113994330A (en) | System and method for single sign-on of application program | |
CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
CN103647652B (en) | A kind of method for realizing data transfer, device and server | |
CN105991640A (en) | Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request | |
EP2813051B1 (en) | Dynamic sharing of a webservice | |
KR20120058188A (en) | Online activation method and system of user subscription for wireless internet service | |
CA2844888A1 (en) | System and method of extending a host website | |
CN109495362B (en) | Access authentication method and device | |
CN107786502A (en) | A kind of authentication proxy's method, apparatus and equipment | |
CN106982228A (en) | One kind realizes identity authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |