CN108259457A - A kind of WEB authentication methods and device - Google Patents

A kind of WEB authentication methods and device Download PDF

Info

Publication number
CN108259457A
CN108259457A CN201710890031.2A CN201710890031A CN108259457A CN 108259457 A CN108259457 A CN 108259457A CN 201710890031 A CN201710890031 A CN 201710890031A CN 108259457 A CN108259457 A CN 108259457A
Authority
CN
China
Prior art keywords
terminal device
information
characteristic information
certification
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710890031.2A
Other languages
Chinese (zh)
Other versions
CN108259457B (en
Inventor
邱元香
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710890031.2A priority Critical patent/CN108259457B/en
Publication of CN108259457A publication Critical patent/CN108259457A/en
Application granted granted Critical
Publication of CN108259457B publication Critical patent/CN108259457B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a kind of WEB authentication methods, which is characterized in that the method is applied to access device, and this method may include:The first network that receiving terminal apparatus is sent accesses message;The first network accesses the characteristic information that message carries the terminal device;It checks in the offline terminal device information of local record and whether includes the characteristic information;If it is determined that the characteristic information is included in the offline terminal device information of local record, it then obtains the terminal device and passes through the authentication information corresponding with the characteristic information recorded during certification, the authentication information is sent to the certificate server, so that the certificate server is authenticated the authentication information.The method provided using the application, can improve authentication efficiency of the certification by terminal device that is rear offline and reaching the standard grade, while promote the online experience of WEB user.

Description

A kind of WEB authentication methods and device
Technical field
This application involves computer communication field more particularly to a kind of WEB authentication methods and devices.
Background technology
Web (WWW) certification can refer to receive username and password input by user by the web authentication page, to end End equipment is authenticated, to achieve the purpose that the access to terminal device controls.
In the network environment for employing web authentication, when unverified terminal device accesses Internet resources, access device can be strong Terminal device processed accesses Portal (portal) server, and Portal server can return to the web authentication page to terminal device, by with Family inputs username and password to be certified by the web authentication page.Access device can be by the user name to be certified and close Code is transmitted to certificate server, and the certification to the terminal device is completed by the certificate server.
However, once terminal device is offline, and though terminal device it is offline how long, recognized before user accesses again When demonstrate,proving the Internet resources authorized, still need to re-enter username and password.In this way, recognize for needing frequently to access in the short time For the terminal device for demonstrate,proving the Internet resources authorized, the efficiency that terminal device accesses Internet resources is greatly reduced, terminal is set The standby Internet resources that access again cause great inconvenience.
Invention content
In view of this, the application provides a kind of WEB authentication methods and device, to improve certification pass through it is rear offline and reach the standard grade Terminal device authentication efficiency, while promote the online experience of WEB user.
Specifically, the application is achieved by the following technical solution:
According to the application's in a first aspect, providing a kind of WEB authentication methods, the method is applied to access device, described Method includes:
The first network that receiving terminal apparatus is sent accesses message;The first network accesses the message carrying terminal and sets Standby characteristic information;
It checks in the offline terminal device information of local record and whether includes the characteristic information;
If it is determined that the terminal is then obtained comprising the characteristic information in the offline terminal device information of local record Equipment passes through the authentication information corresponding with the characteristic information recorded during certification, and the authentication information is sent to and described is recognized Server is demonstrate,proved, so that the certificate server is authenticated the authentication information.
Optionally, the acquisition terminal device passes through the certification corresponding with the characteristic information recorded during certification Before information, further include:
When determining the terminal device first passage certificate server certification, the characteristic information of the terminal device is recorded Correspondence between the corresponding authentication information of the terminal device;
The acquisition terminal device passes through the authentication information corresponding with the characteristic information recorded during certification, wraps It includes:
In the correspondence, authentication information corresponding with the characteristic information of the terminal device is searched.
Optionally, whether the characteristic information, packet are included in the offline terminal device information for checking local record It includes:
After not including the characteristic information in line terminal device information determine to locally record, local record is checked Whether the characteristic information is included in offline terminal device information.
Optionally, the method further includes:
If it is determined that the online terminal device information of local record and in offline terminal device information not comprising the spy Reference ceases, then
After the second network access message for receiving terminal transmission, portal Portal clothes are returned to the terminal device It is engaged in the uniform resource position mark URL of device, so that the terminal device is after Portal server is accessed, Portal server is to institute It states terminal device and returns to the certification page for supplying user's input authentication information;
After coming from the authentication information of terminal device receive that the Portal server returns, the certification is believed Breath is sent to certificate server, so that certificate server is authenticated the authentication information.
Optionally, the method further includes:
When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received The characteristic information of the terminal device carried in message is added in the online terminal device information and described offline The characteristic information of the terminal device is deleted in facility information.
According to the second aspect of the application, a kind of WEB authentication devices are provided, described device is applied to access device, described Device includes:
Receiving unit accesses message for the first network that receiving terminal apparatus is sent;The first network accesses message Carry the characteristic information of the terminal device;
Inspection unit, for checking in the offline terminal device information of local record whether include the characteristic information;
Transmitting element, for if it is determined that comprising the characteristic information in the offline terminal device information of local record, It then obtains the terminal device and passes through the authentication information corresponding with the characteristic information recorded during certification, the certification is believed Breath is sent to the certificate server, so that the certificate server is authenticated the authentication information.
Optionally, described device further includes recording unit, for determining the terminal device first passage authentication service During device certification, the correspondence between the characteristic information of the terminal device and the corresponding authentication information of the terminal device is recorded;
The transmitting element, specifically in the correspondence, searching the characteristic information pair with the terminal device The authentication information answered.
Optionally, the inspection unit, specifically for not included in the online terminal device information for determining local record After the characteristic information, whether check in the offline terminal device information of local record comprising the characteristic information.
Optionally, described device further includes redirection unit, for if it is determined that local record is believed in line terminal equipment Not comprising the characteristic information in breath and offline terminal device information, then in the second network access for receiving terminal transmission After message, the uniform resource position mark URL of portal Portal server is returned to the terminal device, so that the terminal device After Portal server is accessed, Portal server returns to the authentication page for user's input authentication information to the terminal device Face;After coming from the authentication information of terminal device receive that the Portal server returns, the authentication information is sent out Certificate server is given, so that certificate server is authenticated the authentication information.
Optionally, described device further includes information process unit, for receiving the certificate server for described When the certification of authentication information receives message, the characteristic information of the terminal device that the certification receives to carry in message is added The characteristic information of the terminal device is deleted into the online terminal device information and in the offline facility information.
This application provides a kind of WEB authentication methods, access device is in the network access report for receiving terminal device transmission Wen Hou, can check whether the offline terminal device information of local record includes the characteristic information of the terminal device, if comprising, It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware Certification improves the online experience of WEB certification users.
Description of the drawings
Fig. 1 is a kind of group-network construction figure of WEB Verification Systems shown in one exemplary embodiment of the application;
Fig. 2 is a kind of interaction figure of WEB certifications shown in one exemplary embodiment of the application;
Fig. 3 is a kind of flow chart of WEB authentication methods shown in one exemplary embodiment of the application;
Fig. 4 is the flow chart of another WEB authentication methods shown in one exemplary embodiment of the application;
Fig. 5 is a kind of hardware configuration of WEB authentication devices place access device shown in one exemplary embodiment of the application Figure;
Fig. 6 is a kind of block diagram of WEB authentication devices shown in one exemplary embodiment of the application.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, example is illustrated in the accompanying drawings.Following description is related to During attached drawing, unless otherwise indicated, the same numbers in different attached drawings represent the same or similar element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only merely for the purpose of description specific embodiment in term used in this application, and is not intended to be limiting the application. It is also intended in the application and " one kind " of singulative used in the attached claims, " described " and "the" including majority Form, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to and wraps Containing one or more associated list items purposes, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, not departing from In the case of the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
The application is directed to a kind of WEB authentication methods, and access device is in the network access for receiving terminal device transmission After message, can check local record under offline facility information whether include the characteristic information of the terminal device, if comprising, It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware Certification improves the online experience of WEB certification users.
Before the localization method that the application provides is introduced, group-network construction and WEB certifications first to WEB certifications General flow be introduced.
Referring to Fig. 1, Fig. 1 is a kind of group-network construction figure of WEB Verification Systems shown in one exemplary embodiment of the application.It should Networking can include at least:Terminal device, access device, Portal server and certificate server.
Wherein, above-mentioned terminal device can carry Authentication Client system, which can be operation HTTP (HyperText Transfer Protocol, hypertext transfer protocol)/HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Hyper text transfer security protocol) agreement browser or Portal visitor Family end etc..
Above-mentioned access device can include providing BRAS (Broadband Remote Access Server, broad band remote Access server) access service equipment, including at least following three aspect function:
Before certification, all HTTP/HTTPS requests of user are all redirected to Portal server.
It in verification process, is interacted with Portal certificate servers, certificate server, completes authentication/mandate/charging Function.
Pass through Internet resources that are rear, allowing user's access authorized in certification.
Above-mentioned Portal server, typically at least comprising Portal Web services function module and Portal authentication function moulds Block.Portal Web service function modules are responsible for providing the web authentication page, and the authentication information of client (is used to client Name in an account book, password etc.) submit to Portal authentication service function modules.Portal authentication services function module is objective for receiving certification Family end certification request, the authentication information with access device interactive authentication client.Portal Web service function modules usually may be used With being deployed on same server for Portal authentication service function modules, it can also be deployed in different servers respectively On.
Above-mentioned certificate server, it may include AAA (Authentication, Authorization and Accounting, Verification, mandate and account) server, RADIUS (Remote Authentication Dial In User Service, remotely Certification dial-in user service) server etc..The certificate server can be interacted with access device, complete certification to user, Mandate and charging.Above-mentioned certificate server may also include radius server etc., here only to certificate server.
Below by taking access device is BRAS equipment as an example, the WEB certifications of general flow and the application offer to WEB certifications Method is described in detail, and the WEB authentication methods of other access devices are identical with BRAS equipment, and which is not described herein again.
Referring to Fig. 2, Fig. 2 is a kind of interaction figure of WEB certifications shown in one exemplary embodiment of the application, and general WEB recognizes Card may include following flow.
Step 201:Terminal device sends HTTP/HTTPS requests;
Step 202:BRAS equipment judges whether to need to redirect according to the destination address that HTTP/HTTPS requests carry Operation.If so, step 204 is performed to step 213;If not, step 203 and step 206 are performed to step 213.
When realizing, BRAS equipment can determine whether the destination address and Portal server that are carried in HTTP/HTTPS requests Address it is whether identical, if address is identical, it is determined that do not need to perform and redirect operation, perform step 203 and step 206 to step 213.Operation is redirected if not, performing, such as performs step 204- steps 213.
Step 203:HTTP/HTTPS requests are sent to Portal server by BRAS equipment, to access Portal clothes Business device.
Step 204:BRAS equipment can push the URL addresses of Portal server to the terminal device;
Step 205:Terminal device sends to Portal server and accesses message.
Portal server URL (Uniform Resource Locator, unified resource positioning are received in terminal device Symbol) behind address, it can be sent to the Portal server and access message, to access Portal server.
Step 206:Portal server can will return to terminal device for the certification page of user's input authentication information.
Step 207:Terminal device can send authentication information to Portal server.
Realize when, when terminal device receive Portal server return for authentication information certification input by user After the page, the certification page can be shown.User can on the certification page input authentication information, such as the user name of user and close Code.Then authentication information input by user can be sent to Portal server by terminal device.
Step 208:The authentication information is sent to BRAS equipment by Portal server.
Step 209:BRAS equipment can send access authentication request to certificate server, be carried in access authentication request Above-mentioned authentication information.
Step 210:Certificate server is authenticated the authentication information.
Step 211:Certificate server return authentication result.
If certification passes through, certificate server can return to certification and receive message, which receives to carry authorization message in message. If certification does not pass through, certification refusal message is sent.
Step 212:BRAS equipment according to the certification and Authorization result got from certificate server, more new record it is online User information.In certification by rear, user right is issued.
Step 213:If Certificate Authority success, BRAS equipment can send charging to certificate server and start message, start To user's charging.
Referring to Fig. 3, Fig. 3 is a kind of flow chart of WEB authentication methods shown in one exemplary embodiment of the application.This method It can be applied to BRAS equipment, it may include step 301 to step 303.
Step 301:The first network that receiving terminal apparatus is sent accesses message;The first network accesses message and carries institute State the characteristic information of terminal device;
Wherein, it is described below to descend tag wire facility information, the information by certification but offline equipment can be included, Offline terminal device information includes characteristic information of offline terminal device etc. for this.Offline terminal device information can be with for this Tissue etc. is carried out in the form of a table.
Online terminal device information described below can include the relevant information by certification and online equipment, Such as the online terminal device information may include the characteristic information of online terminal device, authority information etc..
Above-mentioned authentication information may include user account, password etc..
The characteristic information of above-mentioned terminal device, it may include the MAC Address of terminal device, the IP address of terminal device, terminal Mark of VLAN belonging to equipment etc..
It can be IP packet that above-mentioned first network, which accesses message, can be wrapped furthermore, it is understood that the first network accesses message The non-HTTP message that terminal device accesses the HTTP message of webpage or terminal device is sent is included, such as carries out file download, The IP packet of data transmission.
In the embodiment of the present application, after BRAS equipment receives above-mentioned IP packet, if checking local record The characteristic information of the terminal carried in offline terminal device information comprising the IP packet, then not to terminal device pushing certification page Face, it is not required that user inputs username and password, but in the case of user's unaware, complete the certification to user.
For example, it is assumed that user by certification, access certain website it is offline after, when user accesses the website again, user Ke Fa The HTTP message for accessing the website is sent, at this point, terminal device will not receive certification page to supply user's input authentication information again, and It is that user is authenticated user in the case of unaware.For a user, what is experienced is directly to have accessed The website.
In another example, it is assumed that after user is by certification, some file is downloaded, when downloading half, user offline.When default Between after section, user reaches the standard grade again, and the IP packet (non-HTTP message) for downloading this document can be transmitted in the terminal device of user.At this point, eventually End equipment will not receive certification page and carry out input authentication information again, but user recognizes user in the case of unaware Card.For a user, what is experienced is the download that user then carries out this document.
Above-mentioned basic conception is being introduced, the WEB authentication methods provided below the application are introduced in detail.
In the embodiment of the present application, when the certification that BRAS equipment receives the terminal device that certificate server returns receives message Afterwards, BRAS equipment can record the corresponding of characteristic information authentication information corresponding with the terminal device of the terminal user terminal and close System.The correspondence can carry out tissue in the form of a table, can also carry out tissue otherwise, not have here to it Limit to body.
After BRAS equipment receives the break link request of terminal device transmission, BRAS equipment can be asked from the break link The middle characteristic information for obtaining the terminal device is sought, as offline terminal device information.
In the embodiment of the present application, after the first network that BRAS equipment receives terminal device transmission accesses message, BRAS equipment can obtain the first network and access the characteristic information of terminal device carried in message.
Step 302:It checks in the offline terminal device information of local record and whether includes the characteristic information;
Step 303:If it is, obtain the terminal device pass through recorded during certification it is corresponding with the characteristic information Authentication information, the authentication information is sent to the certificate server, so that the certificate server believes the certification Breath is authenticated.
In the embodiment of the present application, after the characteristic information for obtaining the terminal device, BRAS equipment can check local record Offline terminal device information in whether include the characteristic information of the terminal device.
In an optional implementation manner, since the message that BRAS equipment receives is mostly to be sent in line terminal equipment Network access message, in order to avoid whether BRAS equipment is frequently detected in offline user information comprising coming from online equipment Network access message in the characteristic information that carries, reduce the load of BRAS equipment.BRAS equipment can be the detection performed by it Priority is set.
For example, BRAS equipment receive first network access message after, can priority check local record online terminal Whether the characteristic information of the terminal device is recorded in facility information.If record has this feature letter in online terminal device information Breath, then show the terminal device be by certification and online terminal device, BRAS equipment can be based on access rights to this first Network access message carries out access control.If without record this feature information, BRAS equipment in online terminal device information The characteristic information that the terminal device whether is included in above-mentioned offline terminal device information can further be detected.
In the embodiment of the present application, when BRAS equipment determines the spy for including the terminal device in offline terminal device information After reference breath, BRAS equipment can determine that the terminal device is by certification is offline and reaches the standard grade equipment.BRAS equipment can perform such as Flow shown in Fig. 4.
Step 401:BRAS equipment obtains authentication information corresponding with the characteristic information of the terminal device;
When the characteristic information that the terminal device is included in offline terminal device information, terminal device can be set in above-mentioned terminal In standby characteristic information and the correspondence of the corresponding authentication information of this feature information, the characteristic information pair of the terminal device is searched The authentication information answered.
In an optional implementation manner, when the characteristic information that the terminal device is included in offline terminal device information When, which can be accessed message up sending to the CPU of the BRAS equipment by terminal device.The CPU of BRAS equipment can be above-mentioned In the characteristic information of terminal device and the correspondence of the corresponding authentication information of this feature information, the feature of the terminal device is searched The corresponding authentication information of information.
Step 402:BRAS equipment sends access authentication request to certificate server.
After the corresponding authentication information of the terminal device is found, terminal device can send to certificate server and carry this The access authentication request of authentication information.
Step 403:Certificate server is authenticated the authentication information.
Step 404:Certificate server return authentication result.
When certification by when, certificate server can receive message to BRAS equipment return authentication, when certification not by when, then Refuse message to BRAS equipment return authentication.
Step 405:Online terminal device information and offline terminal device information are updated, issues permission.
After BRAS equipment receives the certification of certificate server return by message, terminal device can be by the terminal device Characteristic information deleted from above-mentioned offline facility information, while by the characteristic information of the terminal device be added to above-mentioned online end In end equipment information.
Step 406:If Certificate Authority success, BRAS equipment sends charging to certificate server and starts message, starts pair User's charging.
In the embodiment of the present application, when BRAS equipment determines not include the terminal device in offline terminal device information Characteristic information, and after the above-mentioned characteristic information for also not including the terminal device in line terminal device information, BRAS equipment can wait Treat that the terminal device sends the second network access message.Wherein, the second network access message can include using HTTP, HTTPS, The page request message of the agreements such as XML.After BRAS equipment receives the second network access message of terminal device transmission, at this time The terminal device can be authenticated according to step 201 shown in Fig. 2 to step 213.
The application is directed to a kind of WEB authentication methods, and access device is in the network access for receiving terminal device transmission After message, can check local record under offline facility information whether include the characteristic information of the terminal device, if comprising, It is by certification and terminal device that is offline and reaching the standard grade, at this point, access device is no longer by the terminal then to determine the terminal device The access of equipment is redirected to Portal server, is returned from Portal server to terminal device for user's input authentication information Certification page, but access device the terminal device is passed through it is having been recorded during certification with terminal device characteristic information pair The authentication information answered is sent to certificate server and is authenticated.
It reaches the standard grade due to reducing offline by the terminal device of certification, it is especially frequently offline in a short time and reach the standard grade In this case user's input authentication information frequency, thus improve terminal device frequently access Internet resources when certification effect Rate.Simultaneously as user will not receive certification page, input authentication information again so that user carries out in the case of unaware Certification improves the online experience of WEB certification users.
Corresponding with the embodiment of aforementioned WEB authentication methods, present invention also provides the embodiments of WEB authentication devices.
The embodiment of the application WEB authentication devices can be applied on access device.Device embodiment can pass through software It realizes, can also be realized by way of hardware or software and hardware combining.For implemented in software, as on a logical meaning Device, be to be read computer program instructions corresponding in nonvolatile memory by the processor of access device where it Into memory, operation is formed.For hardware view, as shown in figure 5, the access device where the application WEB authentication devices A kind of hardware structure diagram, it is real other than processor shown in fig. 5, memory, network outgoing interface and nonvolatile memory Actual functional capability of the access device in example where device generally according to the access device is applied, other hardware can also be included, to this It repeats no more.
Please refer to Fig. 6, Fig. 6 is a kind of block diagram of WEB authentication devices shown in one exemplary embodiment of the application, the dress It puts applied to access device, described device includes:
Receiving unit 601 accesses message for the first network that receiving terminal apparatus is sent;The first network accesses report Text carries the characteristic information of the terminal device;
Inspection unit 602, for checking in the offline terminal device information of local record whether believe comprising the feature Breath;
Transmitting element 603, for if it is determined that believing in the offline terminal device information of local record comprising the feature Breath, then obtain the terminal device and pass through the authentication information corresponding with the characteristic information recorded during certification, recognize described Card information is sent to the certificate server, so that the certificate server is authenticated the authentication information.
Optionally, described device further includes recording unit 604, for determining the terminal device first passage certification clothes During business device certification, the corresponding pass between the characteristic information of the terminal device and the corresponding authentication information of the terminal device is recorded System;
The transmitting element 603, specifically in the correspondence, searching the characteristic information with the terminal device Corresponding authentication information.
Optionally, the inspection unit 602, specifically for not wrapped in the online terminal device information for determining local record After the characteristic information, whether check in the offline terminal device information of local record comprising the characteristic information.
Optionally, described device further include redirect unit 605, for if it is determined that local record in line terminal equipment It is not visited in information and offline terminal device information comprising the characteristic information in the second network for receiving terminal transmission then The uniform resource position mark URL for returning to portal Portal server after message to the terminal device is asked, so that the terminal is set For after Portal server is accessed, Portal server returns to the certification for user's input authentication information to the terminal device The page;After coming from the authentication information of terminal device receive that the Portal server returns, by the authentication information Certificate server is sent to, so that certificate server is authenticated the authentication information.
Optionally, described device further includes information process unit 606, for receiving the certificate server for institute When stating the certification of authentication information and receiving message, the characteristic information of the terminal device that the certification receives to carry in message is added Add to the feature letter that the terminal device is deleted in the online terminal device information and in the offline facility information Breath.
The function of each unit and the realization process of effect specifically refer to and step are corresponded in the above method in above device Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separating component The unit of explanation may or may not be physically separate, and the component shown as unit can be or can also It is not physical unit, you can be located at a place or can also be distributed in multiple network element.It can be according to reality It needs that some or all of module therein is selected to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The foregoing is merely the preferred embodiment of the application, not limiting the application, all essences in the application God and any modification, equivalent substitution, improvement and etc. within principle, done, should be included within the scope of the application protection.

Claims (10)

1. a kind of WEB authentication methods, which is characterized in that the method is applied to access device, the method includes:
The first network that receiving terminal apparatus is sent accesses message;The first network accesses message and carries the terminal device Characteristic information;
It checks in the offline terminal device information of local record and whether includes the characteristic information;
If it is determined that the terminal device is then obtained comprising the characteristic information in the offline terminal device information of local record Pass through the authentication information corresponding with the characteristic information recorded during certification, the authentication information is sent to the certification takes Business device, so that the certificate server is authenticated the authentication information.
2. according to the method described in claim 1, it is characterized in that, described obtain when the terminal device passes through certification has recorded Authentication information corresponding with the characteristic information before, further include:
When determining the terminal device first passage certificate server certification, record the characteristic information of the terminal device and be somebody's turn to do Correspondence between the corresponding authentication information of terminal device;
The acquisition terminal device passes through the authentication information corresponding with the characteristic information recorded during certification, including:
In the correspondence, authentication information corresponding with the characteristic information of the terminal device is searched.
3. the according to the method described in claim 1, it is characterized in that, offline terminal device information for checking local record In whether comprising the characteristic information, including:
Determine local record in line terminal device information not comprising after the characteristic information, check local record under Whether the characteristic information is included in line terminal equipment information.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
If it is determined that local record online terminal device information and in offline terminal device information comprising the feature letter Breath, then
After the second network access message for receiving terminal transmission, portal Portal server is returned to the terminal device Uniform resource position mark URL so that the terminal device is after Portal server is accessed, Portal server is to the end End equipment returns to the certification page for user's input authentication information;
After coming from the authentication information of terminal device receive that the Portal server returns, the authentication information is sent out Certificate server is given, so that certificate server is authenticated the authentication information.
5. according to the method described in claim 3, it is characterized in that, the method further includes:
When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received into message The characteristic information of the terminal device of middle carrying is added in the online terminal device information and at the offline end The characteristic information of the terminal device is deleted in end equipment information.
6. a kind of WEB authentication devices, which is characterized in that described device is applied to access device, and described device includes:
Receiving unit accesses message for the first network that receiving terminal apparatus is sent;The first network accesses message and carries The characteristic information of the terminal device;
Inspection unit, for checking in the offline terminal device information of local record whether include the characteristic information;
Transmitting element, for if it is determined that comprising the characteristic information in the offline terminal device information of local record, then obtaining The authentication information corresponding with the characteristic information that the terminal device has recorded when passing through certification is taken, the authentication information is sent out The certificate server is given, so that the certificate server is authenticated the authentication information.
7. device according to claim 6, which is characterized in that described device further includes recording unit, for determining When stating terminal device first passage certificate server certification, the characteristic information for recording the terminal device is corresponding with the terminal device Authentication information between correspondence;
The transmitting element, specifically in the correspondence, searching corresponding with the characteristic information of the terminal device Authentication information.
8. device according to claim 6, which is characterized in that the inspection unit, specifically for determining local record In line terminal device information not comprising after the characteristic information, checking in the offline terminal device information of local record is It is no to include the characteristic information.
9. device according to claim 8, which is characterized in that described device further includes redirection unit, if for really Surely the online terminal device information that locally records and in offline terminal device information not comprising the characteristic information, then receiving After the second network access message sent to the terminal, the unified resource of portal Portal server is returned to the terminal device Finger URL URL, so that the terminal device, after Portal server is accessed, Portal server is returned to the terminal device For the certification page of user's input authentication information;Come from recognizing for terminal device receive that the Portal server returns After demonstrate,proving information, the authentication information is sent to certificate server, so that certificate server is authenticated the authentication information.
10. device according to claim 8, which is characterized in that described device further includes information process unit, for connecing When receiving the certificate server and receiving message for the certification of the authentication information, the certification is received what is carried in message The characteristic information of the terminal device is added in the online terminal device information and line terminal equipment has been descended to believe described The characteristic information of the terminal device is deleted in breath.
CN201710890031.2A 2017-09-27 2017-09-27 WEB authentication method and device Active CN108259457B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710890031.2A CN108259457B (en) 2017-09-27 2017-09-27 WEB authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710890031.2A CN108259457B (en) 2017-09-27 2017-09-27 WEB authentication method and device

Publications (2)

Publication Number Publication Date
CN108259457A true CN108259457A (en) 2018-07-06
CN108259457B CN108259457B (en) 2021-06-29

Family

ID=62722034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710890031.2A Active CN108259457B (en) 2017-09-27 2017-09-27 WEB authentication method and device

Country Status (1)

Country Link
CN (1) CN108259457B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831360A (en) * 2019-02-27 2019-05-31 深圳市吉祥腾达科技有限公司 Automated testing method and test macro for multi-user concurrent web authentication
CN111031053A (en) * 2019-12-17 2020-04-17 迈普通信技术股份有限公司 Identity authentication method and device, electronic equipment and readable storage medium
CN111092904A (en) * 2019-12-27 2020-05-01 杭州迪普科技股份有限公司 Network connection method and device
CN111181961A (en) * 2019-12-30 2020-05-19 杭州迪普科技股份有限公司 User offline detection method and device
CN111600832A (en) * 2019-07-25 2020-08-28 新华三技术有限公司 Message processing method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN104580178A (en) * 2014-12-26 2015-04-29 杭州华三通信技术有限公司 Method and equipment for Portal authentication
CN105592037A (en) * 2015-07-10 2016-05-18 杭州华三通信技术有限公司 MAC address authentication method and device
CN106534129A (en) * 2016-11-18 2017-03-22 杭州华三通信技术有限公司 Access control method and apparatus
CN106572077A (en) * 2016-10-09 2017-04-19 京信通信技术(广州)有限公司 Portal authentication method and device
CN106911681A (en) * 2017-02-16 2017-06-30 杭州迪普科技股份有限公司 Network access authentication method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN104580178A (en) * 2014-12-26 2015-04-29 杭州华三通信技术有限公司 Method and equipment for Portal authentication
CN105592037A (en) * 2015-07-10 2016-05-18 杭州华三通信技术有限公司 MAC address authentication method and device
CN106572077A (en) * 2016-10-09 2017-04-19 京信通信技术(广州)有限公司 Portal authentication method and device
CN106534129A (en) * 2016-11-18 2017-03-22 杭州华三通信技术有限公司 Access control method and apparatus
CN106911681A (en) * 2017-02-16 2017-06-30 杭州迪普科技股份有限公司 Network access authentication method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831360A (en) * 2019-02-27 2019-05-31 深圳市吉祥腾达科技有限公司 Automated testing method and test macro for multi-user concurrent web authentication
CN111600832A (en) * 2019-07-25 2020-08-28 新华三技术有限公司 Message processing method and device
CN111031053A (en) * 2019-12-17 2020-04-17 迈普通信技术股份有限公司 Identity authentication method and device, electronic equipment and readable storage medium
CN111092904A (en) * 2019-12-27 2020-05-01 杭州迪普科技股份有限公司 Network connection method and device
CN111092904B (en) * 2019-12-27 2022-04-26 杭州迪普科技股份有限公司 Network connection method and device
CN111181961A (en) * 2019-12-30 2020-05-19 杭州迪普科技股份有限公司 User offline detection method and device

Also Published As

Publication number Publication date
CN108259457B (en) 2021-06-29

Similar Documents

Publication Publication Date Title
CN106131079B (en) Authentication method, system and proxy server
CN105007280B (en) A kind of application login method and device
US9641513B2 (en) Methods and systems for controlling mobile terminal access to a third-party server
CN108259457A (en) A kind of WEB authentication methods and device
CN104113551B (en) A kind of platform authorization method, platform service end and applications client and system
CN104954330B (en) A kind of methods, devices and systems to be conducted interviews to data resource
CN105991589A (en) Method, apparatus, and system for redirection
CN106921636A (en) Identity identifying method and device
CN101420416A (en) Identity management platform, service server, login system and federation method
CN105991518B (en) Network access verifying method and device
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
CN109040069A (en) A kind of dissemination method, delivery system and the access method of cloud application program
CN103634111B (en) Single-point logging method and system and single sign-on client-side
CN108810896A (en) The connection authentication method and device of wireless access point
CN102710621B (en) A kind of user authentication method and system
CN113994330A (en) System and method for single sign-on of application program
CN115022047B (en) Account login method and device based on multi-cloud gateway, computer equipment and medium
CN103647652B (en) A kind of method for realizing data transfer, device and server
CN105991640A (en) Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request
EP2813051B1 (en) Dynamic sharing of a webservice
KR20120058188A (en) Online activation method and system of user subscription for wireless internet service
CA2844888A1 (en) System and method of extending a host website
CN109495362B (en) Access authentication method and device
CN107786502A (en) A kind of authentication proxy's method, apparatus and equipment
CN106982228A (en) One kind realizes identity authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant