CN108462710A - Authentication authority method, device, certificate server and machine readable storage medium - Google Patents
Authentication authority method, device, certificate server and machine readable storage medium Download PDFInfo
- Publication number
- CN108462710A CN108462710A CN201810230729.6A CN201810230729A CN108462710A CN 108462710 A CN108462710 A CN 108462710A CN 201810230729 A CN201810230729 A CN 201810230729A CN 108462710 A CN108462710 A CN 108462710A
- Authority
- CN
- China
- Prior art keywords
- information
- message
- host
- server
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Abstract
A kind of authentication authority method of the application offer, device, certificate server and machine readable storage medium, this method include:Receive the first authentication request packet of the carrying identity information that access device is sent, and the second authentication request packet for carrying the identity information is sent to third party authentication server, so that third party authentication server is authenticated host according to the identity information;If receiving the first certification success message, and the first certification success message carries user information, it is determined that authorization message corresponding with the user information;The the second certification success message for carrying authorization message is sent to access device, so that access device determines host machine authentication success, and authorisation process is carried out to host using authorization message.By the technical solution of the application, realize that the docking of third party authentication server and Professional Certification server, third party authentication server are authenticated processing, Professional Certification server carries out authorisation process, the operations such as to be authenticated, authorize to host.
Description
Technical field
This application involves fields of communication technology, more particularly, to a kind of authentication authority method, device, certificate server and machine
Device readable storage medium storing program for executing.
Background technology
Verification System may include host, access device and certificate server etc., before host accesses network, need pair
Host such as is authenticated, authorizes at the operations.For this purpose, host needs to send the certification for carrying user information (such as username and password)
Request message, access device are sent to certificate server, certification clothes after receiving authentication request packet, by authentication request packet
Device be engaged in after receiving authentication request packet, the information such as username and password are parsed from the authentication request packet, and utilize
Username and password is authenticated host.
If certification success, certificate server sends certification success message to access device, and certification success message can be with
Carry the authorization message for host;Access device determines host machine authentication success, and utilize after receiving certification success message
Authorization message carries out authorisation process to host.If authentification failure, certificate server sends authentification failure message to access device;
Access device determines that host machine authentication fails after receiving authentification failure message.Obviously, through the above steps, so that it may with host
The operations such as it is authenticated, authorizes.
But with the continuous development of organization (such as government, universities and colleges, enterprise), host number increases therewith, network
Scale expands therewith, and network structure is increasingly complicated, in order to carry out effective management and control to the network behavior of host, can dispose third party
Certificate server and Professional Certification server.Third party authentication server (certificate server used inside organization) tool
Have core data, these core datas, organization for secrecy etc. reasons the considerations of, will not generally be put into Professional Certification service
In device, but the function of third party authentication server is all fairly simple, and Professional Certification server does not have core data, but work(
It can be more powerful.Under this application scenarios, the docking of third party authentication server and Professional Certification server how is realized, from
And the operations such as it is authenticated, authorizes to host, currently, there is no effective implementations.
Invention content
The application provides a kind of authentication authority method, is applied to Professional Certification server, including:
The first authentication request packet that access device is sent is received, first authentication request packet carries identity information,
And the second authentication request packet for carrying the identity information is sent to third party authentication server, so that the third party recognizes
Card server is authenticated host according to the identity information;
If receiving the first certification success message for the second authentication request packet, the first certification success message is taken
Band user information, it is determined that authorization message corresponding with the user information;
The the second certification success message for carrying the authorization message is sent to access device, so that access device determines host
Certification success, and authorisation process is carried out to host using the authorization message.
The application provides a kind of Certificate Authority device, is applied to Professional Certification server, including:
Receiving module, the first authentication request packet for receiving access device transmission, first authentication request packet
Carry identity information;
Sending module, the second authentication request packet for that will carry the identity information are sent to Third Party Authentication service
Device, so that the third party authentication server is authenticated host according to the identity information;
Determining module, for when receive for the second authentication request packet the first certification success message, described first
When certification success message carries user information, authorization message corresponding with the user information is determined;
The sending module, the second certification for being additionally operable to send the carrying authorization message to the access device are successfully reported
Text so that the access device determines host machine authentication success according to second certification success message, and is believed using the mandate
Breath carries out authorisation process to host.
The application provides a kind of certificate server, including:Processor and machine readable storage medium, machine readable storage are situated between
Matter is stored with the machine-executable instruction that can be executed by the processor;Wherein, the processor executes the machine and can hold
Row instruction, to realize above-mentioned method and step.
The application provides a kind of machine readable storage medium, and the machine readable storage medium is stored with the executable finger of machine
It enables, for the machine-executable instruction when being called and being executed by processor, the machine-executable instruction promotes the processor
Realize above-mentioned method and step.
Based on the above-mentioned technical proposal, in the embodiment of the present application, Professional Certification server after receiving authentication request packet,
Authentication request packet can be sent to third party authentication server, so that third party authentication server is according to authentication request packet
Host is authenticated;After Professional Certification server receives certification success message, it may be determined that authorization message, and set to access
Preparation send the certification success message for carrying authorization message, so that access device determines host machine authentication success, and utilizes authorization message
Authorisation process is carried out to host.In this manner it is achieved that the docking of third party authentication server and Professional Certification server, by third
Square certificate server is authenticated processing, and carries out authorisation process by Professional Certification server, to be authenticated, award to host
The operations such as power.Specifically, since third party authentication server has core data, third party authentication server can profit
Host is authenticated with these core datas;Since the function of Professional Certification server is more powerful, Professional Certification clothes
The mandate of host may be implemented in business device, realizes more fine-grained access control.
Description of the drawings
It, below will be to the application in order to clearly illustrate the embodiment of the present application or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below
Attached drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to this Shen
Please these attached drawings of embodiment obtain other attached drawings.
Figure 1A and Figure 1B is the application scenarios schematic diagram in a kind of embodiment of the application;
Fig. 2 is the flow chart of the authentication authority method in a kind of embodiment of the application;
Fig. 3 is the flow chart of the authentication authority method in the application another embodiment;
Fig. 4 is the structure chart of the Certificate Authority device in a kind of embodiment of the application;
Fig. 5 is the hardware structure diagram of the certificate server in a kind of embodiment of the application.
Specific implementation mode
In the term that the embodiment of the present application uses merely for the sake of the purpose of description specific embodiment, and this unrestricted Shen
Please.The "an" of singulative used in the application and claims, " described " and "the" are also intended to including most shapes
Formula, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to including one
A or multiple associated list items purposes any or all may combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the embodiment of the present application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example,
In the case where not departing from the application range, the first information can also be referred to as the second information, and similarly, the second information can also
It is referred to as the first information.Depending on context, in addition, used word " if " can be construed to " ... when " or
" when ... " or " in response to determination ".
It is proposed that a kind of authentication authority method, this method can be applied to include host, access device in the embodiment of the present application
With the system of certificate server, in order to carry out effective management and control to the network behavior of host, the certificate server in the present embodiment can
Think third party authentication server and Professional Certification server (its quantity can be one or more).Referring to Figure 1A and Figure 1B
It is shown, it is the application scenarios schematic diagram of the embodiment of the present application.
In one example, third party authentication server and Professional Certification server can be deployed in the same authentication service
Device, i.e. third party authentication server and Professional Certification server are two separate functional blocks of the certificate server;Third party
Certificate server and Professional Certification server can also be deployed in different certificate servers, i.e. third party authentication server and specially
Industry certificate server is two independent certificate servers.For the convenience of description, with third party authentication server and Professional Certification
Server disposition is for different certificate servers.
Wherein, host can be PC (Personal Computer, personal computer), mobile terminal, laptop,
Tablet computer etc. is not limited this Host Type.Access device can be NAS (Network Access Server, network
Access server), such as can be to support that (Remote Authentication Dial In User Service, connect RADIUS
Access customer remote identity reflects bright business) interchanger, the router etc. of agreement.
Wherein, Professional Certification server and third party authentication server can realize AAA (Authentication
Authorization Accounting, certification authorize charging) certificate server of function.Professional Certification server is known as
Professional AAA Server, third party authentication server are known as Third AAA Server.
Wherein, third party authentication server is the certificate server for having core data, i.e. core data can be stored in
Third party authentication server, safety is very high, and the core data of storage is not susceptible to divulge a secret.But Third Party Authentication service
The function of device is fairly simple, cannot achieve the functions such as mandate.For example, third party authentication server includes but not limited to IAS
(Internet Authentication Service, network authentication service) server.In one example, the core data
It can include but is not limited to:Username and password, ID card No., user address, cell-phone number, bank card information, credit card letter
Breath and other privacy informations etc., it is without limitation.In the present embodiment, by taking core data is username and password as an example
It illustrates.
Professional Certification server is the more powerful certificate server of function, can realize the functions such as mandate.But not
Have and core data be stored in Professional Certification server, is i.e. username and password etc. is not stored in Professional Certification server so that
Professional Certification server can not be authenticated operation.For example, Professional Certification server includes but not limited to iMC (Intelligent
Management Center, intelligent management center) server.
In one example, on the basis of disposing third party authentication server, Professional Certification server is still disposed,
Reason may include:1, the function of third party authentication server is fairly simple, therefore, the profession more powerful by disposing function
Certificate server so that Verification System can support more functions, such as authorize function, to improve user experience.2,
Tripartite's certificate server is usually one, therefore, can dispose multiple Professional Certification servers, that is, uses distributed way to dispose
Professional Certification server.For example, third party authentication server can be deployed in general headquarters, and in branch 1,2 and of branch
Branch 3 disposes Professional Certification server respectively, in this way, third party authentication server can be isolated with each branch,
It avoids the host of these branches from directly accessing third party authentication server, further increases the peace of third party authentication server
Quan Xing.Moreover, the Professional Certification server of branch 1 can provide Certificate Authority function, branch for the host of branch 1
The Professional Certification server of mechanism 2 can provide Certificate Authority function for the host of branch 2, and so on, to realize
The Certificate Authority function of All hosts.
It is shown in Figure 2 under above application scene, for the flow of the authentication authority method proposed in the embodiment of the present application
Schematic diagram, this method can be applied to Professional Certification server, and this method may include:
Step 201, the first authentication request packet that access device is sent is received, which can carry
Identity information, the identity information may include user information (such as user name A) and password.
In addition, first authentication request packet can also carry information to be verified, which may include but not
It is limited to following one or arbitrary combination:Host MAC (Media Access Control, medium access control) address, host
IP address, the IP address of access device, device type, operating system, manufacturer's information, port information, VLAN (Virtual
Local Area Network, virtual LAN) information etc..
Step 202, the second authentication request packet for carrying the identity information is sent to third party authentication server, so that
The third party authentication server is authenticated host according to the identity information.
Wherein, Professional Certification server can configure the message format of third party authentication server support, receive the
After one authentication request packet, the first authentication request packet can be converted to the second authentication request packet of the message format, and
Second authentication request packet is sent to third party authentication server, which carries the identity information.
Based on this, third party authentication server can correctly handle second certification and ask after receiving second authentication request packet
Message is sought, the identity information is parsed from second authentication request packet, and be authenticated to host according to the identity information,
This verification process is not limited.
If certification success, third party authentication server send to Professional Certification server and are directed to the second certification request report
The first certification success message of text;If authentification failure, third party authentication server sends to be directed to Professional Certification server and be somebody's turn to do
The authentification failure message of second authentication request packet, repeats no more this process.
Step 203, if receiving the first certification success message for second authentication request packet, and first certification
Success message carries user information, it is determined that authorization message corresponding with the user information.
Wherein, Professional Certification server can be pre-configured with the correspondence of user information and authorization message, for example, professional
Certificate server safeguards authorization message table, which is used to record the correspondence of user information and authorization message.Base
In this, determines authorization message corresponding with the user information, may include:Authorization message table is inquired by the user information, from
And obtain authorization message corresponding with the user information.
In the above-described embodiments, authorization message may include information and authorization control strategy to be verified, the information to be verified
It introduces in above process, details are not described herein.The authorization control strategy can include but is not limited to following one or
Arbitrary combination:Limit Rate information, ACL (Access Control List, accesses control list) information, URL (Uniform
Resource Locator, uniform resource locator) information, CAR (Committed Access Rate, committed access rate)
Information, rate limit information, authentication mode information etc..Certainly, an example of above-mentioned only authorization control strategy, does not do this
Limitation.
Step 204, the second certification success message for carrying the authorization message is sent to access device, so that the access is set
It is standby to determine host machine authentication success, and authorisation process is carried out to host using the authorization message.
Wherein, Professional Certification server can configure access device support message format, receive the first certification at
After work(message, the first certification success message can be converted to the second certification success message of the message format, and second is recognized
It demonstrate,proves successfully message and is sent to access device, second certification success message carries the authorization message.Based on this, access device receives
To after the second certification success message, second certification success message can be correctly handled, i.e., according to second certification success message
It determines host machine authentication success, and the authorization message is parsed from second certification success message, and utilize the authorization message pair
Host carries out authorisation process.
In one example, before Professional Certification server sends second certification success message to access device, may be used also
To carry out authorization check, that is to say, that Professional Certification server can compare information to be verified (i.e. the first certification request of host
The information to be verified that message carries) include with authorization message information to be verified it is whether identical.If the two is identical, illustrate to award
Power, which checks, to be passed through, host machine authentication success, and second certification success message can be sent to access device.If the two is different,
Illustrate authorization check not by (i.e. illegally being distorted the currently used address of host), host machine authentication failure is sent out to access device
Send authentification failure message.
For example, the MAC Address of host can be compared and whether MAC Address that authorization message includes is identical;Alternatively, comparing master
Whether the IP address of machine and the IP address that authorization message includes are identical;Alternatively, comparing the operating system and authorization message packet of host
Whether the operating system included is identical;And so on, it is without limitation.
It in one example, then can also be in the following way in order to obtain the information to be verified of host:
Mode one, since the first authentication request packet that Professional Certification server receives carries the information to be verified of host,
Therefore, the second authentication request packet that Professional Certification server is sent can carry the information to be verified, Third Party Authentication service
When device returns to the first certification success message for the second authentication request packet, the information to be verified, Professional Certification clothes can be carried
Business device can parse information to be verified from the first certification success message.
Mode two, the first authentication request packet carrying user information received due to Professional Certification server and host are waited for
Check information, Professional Certification server can record the correspondence of the user information and the information to be verified in the mapping table.
After Professional Certification server receives the first certification success message, the user information carried by the first certification success message is inquired
Mapping table obtains information to be verified corresponding with the user information.
In one example, Professional Certification server receives the first certification success for second authentication request packet
After message, line information table can also be created, the line information table is for recording user information, information to be verified and online letter
Breath, which includes online hours, online time started, flow information.
Wherein, Professional Certification server can obtain the user information from the first certification success message, in addition, profession is recognized
Aforesaid way one may be used in card server or mode two obtains the information to be verified, is repeated no more to this.In addition, in host
After reaching the standard grade, Professional Certification server can also count the online situation of host, that is, count online hours, online time started, stream
The contents such as information are measured, this process is repeated no more.
In one example, Professional Certification server sends the second certification success for carrying the authorization message to access device
After message, if receiving the first accounting request message of access device transmission, which carries user's letter
Breath and information to be verified, it is determined that authorization message corresponding with the user information.Further, if the first accounting request message
The information to be verified carried is identical as the information to be verified that the authorization message includes, then sends second to third party authentication server
Accounting request message, so that third party authentication server carries out charging according to the second accounting request message to host;If this
The information to be verified that one accounting request message carries is different from the information to be verified that the authorization message includes, then notifies third party to recognize
It is offline to host progress to demonstrate,prove server, and it is offline to notify that access device carries out host, to trigger the offline flow of host.
Wherein, after Professional Certification server receives the first accounting request message, authorization check can also be carried out, that is,
It says, compares the information to be verified that the first accounting request message carries and whether the information to be verified that authorization message includes be identical.Such as
Both fruits are identical, then illustrate that authorization check passes through, and allow host to continue online.If the two is different, illustrate authorization check not
By (i.e. illegally being distorted the currently used address of host), does not allow host to continue online, can be taken by Third Party Authentication
Business device and access device carry out host offline.
Wherein, after Professional Certification server receives the first accounting request message, the first accounting request message can be turned
It is changed to the second accounting request message of third party authentication server support, and the second accounting request message is sent to third party and is recognized
Demonstrate,prove server.Third party authentication server can correctly handle the second accounting request after receiving the second accounting request message
Message carries out charging according to the second accounting request message to host.
In one example, Professional Certification server sends the second certification success for carrying the authorization message to access device
After message, if receiving the first accounting completion packet of access device transmission, offline processing is carried out to host, such as deletes master
The line information table of machine.Then, the first accounting completion packet is converted to the second charging knot of third party authentication server support
Beam message, and the second accounting completion packet is sent to third party authentication server, so that third party authentication server is according to second
Accounting completion packet carries out offline processing to host.
Based on the above-mentioned technical proposal, in the embodiment of the present application, Professional Certification server after receiving authentication request packet,
Authentication request packet can be sent to third party authentication server, so that third party authentication server is according to authentication request packet
Host is authenticated;After Professional Certification server receives certification success message, it may be determined that authorization message, and set to access
Preparation send the certification success message for carrying authorization message, so that access device determines host machine authentication success, and utilizes authorization message
Authorisation process is carried out to host.In this manner it is achieved that the docking of third party authentication server and Professional Certification server, by third
Square certificate server is authenticated processing, and carries out authorisation process by Professional Certification server, to be authenticated, award to host
The operations such as power.Specifically, since third party authentication server has core data, third party authentication server can profit
Host is authenticated with these core datas;Since the function of Professional Certification server is more powerful, Professional Certification clothes
The mandate of host may be implemented in business device, realizes more fine-grained access control.
Below in conjunction with specific embodiment, above-mentioned technical proposal is described in detail.It is shown in Figure 3, it is that the application is real
The flow diagram of the authentication authority method proposed in example is applied, this method may include:
Step 301, host sends authentication request packet 1, which carries identity information and letter to be verified
Breath, which may include user information (such as user name A) and password (such as 123456).
In one example, which may include that the MAC Address (subsequently by taking MAC Address 1 as an example) of host is main
Machine and IP address (subsequently by taking IP address 1 as an example).In addition, the information to be verified can also include but not limited to:Host is set
The contents such as standby type, operating system, manufacturer's information.For the convenience of description, subsequent process is using information to be verified as 1 He of MAC Address
It is illustrated for IP address 1.
Step 302, which is converted to RADIUS by access device after receiving authentication request packet 1
The authentication request packet 2 of format, is not limited this transfer process, and authentication request packet 2 is sent to Professional Certification service
Device.Wherein, which can carry user name A, password 123456, MAC Address 1, IP address 1 and access and set
Standby IP address (such as IP address 2).
Step 303, after Professional Certification server receives authentication request packet 2, authentication request packet 2 is converted into third
The authentication request packet 3 that square certificate server is supported, is not limited this transfer process, and authentication request packet 3 is sent to
Third party authentication server.Wherein, authentication request packet 3 at least carries user name A, password 123456.The authentication request packet 3
The contents such as MAC Address 1, IP address 1, IP address 2 can also be carried, it is of course also possible to not carry MAC Address 1, IP address 1, IP
The contents such as address 2 are subsequently illustrated for carrying MAC Address 1, IP address 1, IP address 2.In addition, the certification request report
Text 3 can be without limitation with contents such as Portable device type, operating system, manufacturer's information.
Wherein, Professional Certification server can configure the message format of third party authentication server support, and therefore, profession is recognized
Authentication request packet 2 can be converted to the authentication request packet 3 of the message format by card server.
Wherein, Professional Certification server can configure the IP address of third party authentication server, port, be recognized using third party
Authentication request packet 3 is sent to third party authentication server by the IP address and port for demonstrate,proving server.
Wherein, Professional Certification server can configure shared key, and using the shared key to authentication request packet 3 into
Row encryption, and third party authentication server can configure identical shared key, and recognized what is received using the shared key
Card request message 3 is decrypted, to improve the safety of transmission.
In one example, before step 301, access device can also be negotiated with Professional Certification server
The contents such as Challenge, Encryption Algorithm, and the authentication request packet 2 that access device is sent to Professional Certification server, are bases
What Challenge and Encryption Algorithm were encrypted.Professional Certification server, can basis after receiving authentication request packet 2
Authentication request packet 2 is decrypted in Challenge and Encryption Algorithm, to improve the safety of transmission.Wherein,
Challenge can be the random 16 system character string of 16 bytes.
Step 304, third party authentication server is carried after receiving authentication request packet 3 using authentication request packet 3
Identity information (such as user name A and password 123456) host is authenticated.
If for example, being authenticated to host there are the correspondence of user name A and password 123456 in local data base
The result is that certification passes through, if the correspondence of user name A and password 123456 are not present in local data base, to host into
Row certification the result is that authentification failure, is not limited this verification process.
Step 305, if certification passes through, third party authentication server sends certification success message to Professional Certification server
1.If authentification failure, third party authentication server sends authentification failure message to Professional Certification server, is taken by Professional Certification
Authentification failure message is sent to access device by business device, to notify host machine authentication to fail.For the convenience of description, subsequently with to profession
Certificate server illustrates for sending certification success message 1.
Wherein, since authentication request packet 3 can carry user name A, password 123456, MAC Address 1, IP address 1, IP
The contents such as address 2, then successfully message 1 can carry the contents such as user name A, MAC Address 1, IP address 1, IP address 2 for certification, and
Password 123456 is not carried, it is without limitation.
Wherein, third party authentication server can also create line information table, which can record host
Online information, to facilitate the online information of network administrator's browsing, audit host.Moreover, the content that online information includes is less,
Such as include user name, online hours, the MAC Address of host and IP address.
Step 306, Professional Certification server is carried after receiving certification success message 1 by certification success message 1
User name A inquires authorization message table, obtains authorization message corresponding with user name A.
Wherein, which may include information and authorization control strategy to be verified;The information to be verified can wrap
It one of includes but is not limited to the following contents or arbitrary combination:Host MAC address, host IP address, access device IP address, equipment
Type, operating system, manufacturer's information, port information, vlan information;The authorization control strategy can include but is not limited to following
One of content or arbitrary combination:Limit Rate information, ACL information, URL information, CAR information, rate limit information, authenticating party
Formula information etc..
Wherein, Professional Certification server has abundant authorization message, can carry out mandate control to host from different grain size
System, may be implemented Precise control.Moreover, network administrator can be simple fast according to individual demand, free custom authorization information
Flexible management and control of the prompt realization to host, it is more reasonable to the control of host.
Step 307, Professional Certification server carries out authorization check to the MAC Address and IP address of host.
Specifically, can compare certification, successfully the MAC Address 1 of the carrying of message 1 and IP address 1 include with authorization message
Whether MAC Address and IP address are identical.If the two is identical, illustrate that authorization check passes through, host machine authentication success executes step
308;If the two is different, illustrate that authorization check does not pass through, host machine authentication failure sends authentification failure report to access device
Text, subsequently by taking authorization check passes through as an example.
Step 308, Professional Certification server creates line information table, and the line information table is for recording user information, waiting for
Check information and online information.Compared with the line information table that third party authentication server creates, Professional Certification server creates
Line information table, content is more so that network administrator can obtain more online information.For example, information to be verified
It can include but is not limited to following one or arbitrary combination:Host MAC address, host IP address, device type (such as PC,
Android, iPhone etc.), operating system (such as Windows 7, MIUI 9.0, IOS 10), manufacturer's information (such as Lenovo,
Xiaomi, Apple etc.), port information, the IP address of access device belonging to host, the port of access device, access device factory
Quotient etc..In addition, online information can include but is not limited to following one or arbitrary combination:Online hours, the online time started,
Flow information etc..
Step 309, certification success message 1 is converted to certification success message 2 by Professional Certification server, and certification is successful
Message 2 is sent to access device, and certification success message 2 carries above-mentioned authorization message.
Wherein, Professional Certification server can successfully report the certification that certification success message 1 is converted to access device support
Text 2, is not limited this transfer process, if certification success message 2 is RADIUS formats.
Step 310, access device determines host machine authentication success after receiving certification success message 2.
Step 311, access device carries out authorisation process according to the authorization message that certification success message 2 carries to host, right
This authorisation process process is not limited.
For example, can be limited the access rate of host using rate limit information, ACL information can be utilized to master
Machine accesses the limitation of control strategy, can utilize host MAC address, host IP address, turn-on time, device type, connect
Enter the contents such as the IP address of equipment to access policy control etc. to host.
Step 312, certification success message 2 is converted to the certification success message 3 of host support by access device, and by certification
Success message 3 is sent to host, so far, host machine authentication success, and and Internet resources can be accessed.
In one example, access device can send accounting request message 1, the accounting request to Professional Certification server
Message 1 can carry the contents such as user name A, MAC Address 1, IP address 1, IP address 2.
Professional Certification server determines authorization message corresponding with user name A after receiving accounting request message 1.If
The MAC Address 1 and IP address 1 that accounting request message 1 carries are identical as the MAC Address and IP address that authorization message includes, then say
Bright authorization check passes through, and allows host to continue online, accounting request message 1 is converted to the meter of third party authentication server support
Take request message 2, and accounting request message 2 is sent to third party authentication server;Otherwise, illustrate that authorization check does not pass through, lead to
Know that third party authentication server carries out offline (online information for removing the local host) to host, and notifies access device
Offline (i.e. access device disconnects the network connection of the host) is carried out to host, to trigger the offline flow of host.
In addition, Professional Certification server can also update the content in line information table according to accounting request message 1, such as specially
Industry certificate server can update the contents such as online hours, flow information in line information table.
Third party authentication server after receiving accounting request message 2, can according to accounting request message 2 to host into
Row charging, such as the online hours of statistics host, flow information content, and charging is carried out to host according to these contents, specifically
Charging mode is not limited.In addition, third party authentication server can also update the content in line information table, such as update online
The contents such as online hours, flow information in information table.
In one example, access device can send accounting completion packet 1, Professional Certification clothes to Professional Certification server
Device be engaged in after receiving accounting completion packet 1, offline processing is carried out to host, such as deletes the line information table of host.Then, specially
Accounting completion packet 1 is converted to the accounting completion packet 2 of third party authentication server support by industry certificate server, and to third
Square certificate server sends accounting completion packet 2.Third party authentication server carries out host according to accounting completion packet 2 offline
The line information table of host is such as deleted in processing, terminates the charging etc. to host, without limitation.Further, third party recognizes
Charging back message can also be sent to Professional Certification server by demonstrate,proving server, and Professional Certification server sends to access device and counts
Take back message, access device disconnects the network connection of host, removes the online information of host.
Based on similarly conceiving with the above method, the embodiment of the present application also proposes a kind of Certificate Authority device, is applied to special
Industry certificate server, it is shown in Figure 4, it is the structure chart of described device, described device includes:
Receiving module 401, the first authentication request packet for receiving access device transmission, the first certification request report
Text carries identity information;
Sending module 402, the second authentication request packet for that will carry the identity information are sent to Third Party Authentication
Server, so that the third party authentication server is authenticated host according to the identity information;
Determining module 403, for when receive for the second authentication request packet the first certification success message, described first
When certification success message carries user information, authorization message corresponding with the user information is determined;
The sending module 402, be additionally operable to send to the access device the second certification for carrying the authorization message at
Work(message so that the access device determines host machine authentication success according to second certification success message, and is awarded described in utilization
It weighs information and authorisation process is carried out to host.
Wherein, the sending module 402 is additionally operable to parse information to be verified from the first certification success message, alternatively, from
Inquiry information to be verified corresponding with the user information that first certification success message carries, the mapping table are used in mapping table
In the correspondence for recording user information and information to be verified that first authentication request packet carries;If the information to be verified
It is identical as the information to be verified that the authorization message includes, then send the second certification success message to access device;Otherwise to connecing
Enter equipment and sends authentification failure message.
Wherein, it is specifically used for when the determining module 403 determines authorization message corresponding with the user information:Pass through institute
User information inquiry authorization message table is stated, the corresponding authorization message of the user information is obtained;Wherein, the authorization message table is used
In the correspondence of record user information and authorization message.
Wherein, the Professional Certification server can also include (not depending on going out in figure):Module is established, it is online for creating
Information table, the line information table is for recording user information, information to be verified and online information;The online information is included in
Line duration, online time started, flow information.Wherein, the information to be verified can be solved from the first certification success message
The information to be verified of analysis;Alternatively, the user information carried with first certification success message inquired from mapping table is corresponding
Information to be verified.
The certificate server provided in the embodiment of the present application, for hardware view, hardware structure schematic diagram specifically may be used
With shown in Figure 5.Including:Processor and machine readable storage medium, wherein:
Machine readable storage medium is stored with the machine-executable instruction that can be executed by the processor;The processor
The machine-executable instruction is executed, to realize that the Certificate Authority of the application above-mentioned example application operates.Moreover, the machine can
It executes instruction when being called and being executed by processor, the machine-executable instruction promotes the processor to realize that the application is above-mentioned
The Certificate Authority of example application operates.
Here, machine readable storage medium can be any electronics, magnetism, optics or other physical storage devices, can be with
Including or storage information, such as executable instruction, data, etc..For example, machine readable storage medium can be:RAM(Radom
Access Memory, random access memory), volatile memory, nonvolatile memory, flash memory, memory driver is (as hard
Disk drive), solid state disk, any kind of storage dish (such as CD, dvd) either similar storage medium or they
Combination.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of arbitrary several equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit is realized can in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes computer usable program code that the embodiment of the present application, which can be used in one or more,
The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of program product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It is generally understood that being realized by computer program instructions each in flowchart and/or the block diagram
The combination of flow and/or box in flow and/or box and flowchart and/or the block diagram.These computer journeys can be provided
Sequence instruct to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with
Generate a machine so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for
Realize the dress for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes
It sets.
Computer or the processing of other programmable datas can be guided to set moreover, these computer program instructions can also be stored in
In standby computer-readable memory operate in a specific manner so that instruction stored in the computer readable memory generates
Manufacture including command device, the command device are realized in one flow of flow chart or multiple flows and/or block diagram one
The function of being specified in a box or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer
Or the instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram
The step of function of being specified in one box or multiple boxes.
Above is only an example of the present application, it is not intended to limit this application.For those skilled in the art
For, the application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (10)
1. a kind of authentication authority method, which is characterized in that it is applied to Professional Certification server, including:
The first authentication request packet that access device is sent is received, first authentication request packet carries identity information, and will
The second authentication request packet for carrying the identity information is sent to third party authentication server, so that the Third Party Authentication takes
Business device is authenticated host according to the identity information;
If receiving the first certification success message for the second authentication request packet, the first certification success message, which carries, to be used
Family information, it is determined that authorization message corresponding with the user information;
The the second certification success message for carrying the authorization message is sent to access device, so that access device determines host machine authentication
Success, and authorisation process is carried out to host using the authorization message.
2. according to the method described in claim 1, it is characterized in that, described sent to access device carries the authorization message
Before second certification success message, the method further includes:
Information to be verified is parsed from the first certification success message;Alternatively, inquiry and first certification success from mapping table
The corresponding information to be verified of user information that message carries;Wherein, the mapping table is for recording the first certification request report
The correspondence for the user information and information to be verified that text carries;
If the information to be verified is identical as the information to be verified that the authorization message includes, executes to access device and send second
The process of certification success message;Otherwise, authentification failure message is sent to access device.
3. according to the method described in claim 1, it is characterized in that,
Determination authorization message corresponding with the user information, including:
Authorization message table is inquired by the user information, obtains the corresponding authorization message of the user information;
Wherein, the authorization message table is used to record the correspondence of user information and authorization message.
4. according to the method described in claim 1, it is characterized in that,
It is described receive for the second authentication request packet the first certification success message after, further include:
Information to be verified is parsed from the first certification success message;Alternatively, inquiry and first certification success from mapping table
The corresponding information to be verified of user information that message carries;Wherein, the mapping table is for recording the first certification request report
The correspondence for the user information and information to be verified that text carries;
Line information table is created, the line information table is for recording the user information, the information to be verified and online letter
Breath;The online information includes online hours, online time started, flow information.
5. according to the method described in claim 1, it is characterized in that, described sent to access device carries the authorization message
After second certification success message, the method further includes:
Receive the first accounting request message that the access device is sent, the first accounting request message carry user information and
Information to be verified, and determine authorization message corresponding with the user information;
If the information to be verified is identical as the information to be verified that the authorization message includes, the is sent to third party authentication server
Two accounting request messages, so that the third party authentication server counts host according to the second accounting request message
Take;Otherwise, it is offline to notify that the third party authentication server carries out host.
6. according to the method described in claim 1, it is characterized in that, described sent to access device carries the authorization message
After second certification success message, the method further includes:
The first accounting completion packet that the access device is sent is received, offline processing is carried out to host;
The second accounting completion packet is sent to the third party authentication server, so that the third party authentication server is according to institute
It states the second accounting completion packet and offline processing is carried out to host.
7. according to the method described in claim 2,4 or 5, which is characterized in that
The authorization message includes information and authorization control strategy to be verified;
The information to be verified includes following one or arbitrary combination:Host MAC address, host IP address, access device IP
Location, device type, operating system, manufacturer's information, port information, vlan information;
The authorization control strategy includes following one or arbitrary combination:Limit Rate information, ACL information, URL information, CAR
Information, rate limit information, authentication mode information.
8. a kind of Certificate Authority device, which is characterized in that it is applied to Professional Certification server, including:
Receiving module, the first authentication request packet for receiving access device transmission, first authentication request packet carry
Identity information;
Sending module, the second authentication request packet for that will carry the identity information are sent to third party authentication server,
So that the third party authentication server is authenticated host according to the identity information;
Determining module, for working as the first certification success message received for the second authentication request packet, first certification
When success message carries user information, authorization message corresponding with the user information is determined;
The sending module is additionally operable to send the second certification success message for carrying the authorization message to the access device,
So that the access device determines host machine authentication success according to second certification success message, and utilize the authorization message pair
Host carries out authorisation process.
9. a kind of certificate server, which is characterized in that including:Processor and machine readable storage medium, machine readable storage are situated between
Matter is stored with the machine-executable instruction that can be executed by the processor;Wherein, the processor executes the machine and can hold
Row instruction, to realize any method and steps of claim 1-7.
10. a kind of machine readable storage medium, which is characterized in that the machine readable storage medium is stored with the executable finger of machine
It enables, for the machine-executable instruction when being called and being executed by processor, the machine-executable instruction promotes the processor
Realize any method and steps of claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810230729.6A CN108462710B (en) | 2018-03-20 | 2018-03-20 | Authentication and authorization method, device, authentication server and machine-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810230729.6A CN108462710B (en) | 2018-03-20 | 2018-03-20 | Authentication and authorization method, device, authentication server and machine-readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108462710A true CN108462710A (en) | 2018-08-28 |
CN108462710B CN108462710B (en) | 2021-09-21 |
Family
ID=63237321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810230729.6A Active CN108462710B (en) | 2018-03-20 | 2018-03-20 | Authentication and authorization method, device, authentication server and machine-readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108462710B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109615380A (en) * | 2018-10-26 | 2019-04-12 | 深圳壹账通智能科技有限公司 | Method, apparatus, computer equipment and the storage medium of user identity authentication |
CN110012084A (en) * | 2019-03-26 | 2019-07-12 | 新华三技术有限公司 | Device identification method, device, system and storage medium |
CN111222121A (en) * | 2019-12-27 | 2020-06-02 | 广州芯德通信科技股份有限公司 | Authorization management method for embedded equipment |
CN111478894A (en) * | 2020-04-03 | 2020-07-31 | 深信服科技股份有限公司 | External user authorization method, device, equipment and readable storage medium |
CN111541775A (en) * | 2020-05-09 | 2020-08-14 | 飞天诚信科技股份有限公司 | Security conversion method and system for authentication message |
CN111859324A (en) * | 2020-07-16 | 2020-10-30 | 北京百度网讯科技有限公司 | Authorization method, device, equipment and storage medium |
CN112688923A (en) * | 2020-12-14 | 2021-04-20 | 杭州迪普科技股份有限公司 | User login processing method and system |
CN112929188A (en) * | 2019-12-05 | 2021-06-08 | 中国电信股份有限公司 | Device connection method, system, apparatus and computer readable storage medium |
CN113452803A (en) * | 2020-03-25 | 2021-09-28 | 中国互联网络信息中心 | Verification method, verification device, server and storage medium |
CN114650304A (en) * | 2020-12-17 | 2022-06-21 | 联通(江苏)产业互联网有限公司 | Authentication and authorization method and device |
CN114826668A (en) * | 2022-03-23 | 2022-07-29 | 浪潮思科网络科技有限公司 | Method, equipment and storage medium for collecting online terminal information |
CN114826668B (en) * | 2022-03-23 | 2024-05-14 | 浪潮思科网络科技有限公司 | Method, equipment and storage medium for collecting online terminal information |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101036174A (en) * | 2004-08-04 | 2007-09-12 | 高通弗拉里奥恩技术公司 | Enhanced techniques for using core based nodes for state transfer |
CN101247239A (en) * | 2008-03-10 | 2008-08-20 | 中兴通讯股份有限公司 | Authenticated authorization accounting system and implementing method thereof |
CN202059439U (en) * | 2011-06-02 | 2011-11-30 | 杭州德昌隆信息技术有限公司 | Cross-service-platform comprehensive authentication system |
CN103825901A (en) * | 2014-03-04 | 2014-05-28 | 杭州华三通信技术有限公司 | Network access control method and equipment |
CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
US20180026983A1 (en) * | 2016-07-20 | 2018-01-25 | Aetna Inc. | System and methods to establish user profile using multiple channels |
-
2018
- 2018-03-20 CN CN201810230729.6A patent/CN108462710B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101036174A (en) * | 2004-08-04 | 2007-09-12 | 高通弗拉里奥恩技术公司 | Enhanced techniques for using core based nodes for state transfer |
CN101247239A (en) * | 2008-03-10 | 2008-08-20 | 中兴通讯股份有限公司 | Authenticated authorization accounting system and implementing method thereof |
CN202059439U (en) * | 2011-06-02 | 2011-11-30 | 杭州德昌隆信息技术有限公司 | Cross-service-platform comprehensive authentication system |
CN103825901A (en) * | 2014-03-04 | 2014-05-28 | 杭州华三通信技术有限公司 | Network access control method and equipment |
CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
US20180026983A1 (en) * | 2016-07-20 | 2018-01-25 | Aetna Inc. | System and methods to establish user profile using multiple channels |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109615380A (en) * | 2018-10-26 | 2019-04-12 | 深圳壹账通智能科技有限公司 | Method, apparatus, computer equipment and the storage medium of user identity authentication |
CN110012084A (en) * | 2019-03-26 | 2019-07-12 | 新华三技术有限公司 | Device identification method, device, system and storage medium |
CN112929188A (en) * | 2019-12-05 | 2021-06-08 | 中国电信股份有限公司 | Device connection method, system, apparatus and computer readable storage medium |
CN112929188B (en) * | 2019-12-05 | 2022-06-14 | 中国电信股份有限公司 | Device connection method, system, apparatus and computer readable storage medium |
CN111222121A (en) * | 2019-12-27 | 2020-06-02 | 广州芯德通信科技股份有限公司 | Authorization management method for embedded equipment |
CN113452803B (en) * | 2020-03-25 | 2022-11-22 | 中国互联网络信息中心 | Verification method, verification device, server and storage medium |
CN113452803A (en) * | 2020-03-25 | 2021-09-28 | 中国互联网络信息中心 | Verification method, verification device, server and storage medium |
CN111478894B (en) * | 2020-04-03 | 2022-11-22 | 深信服科技股份有限公司 | External user authorization method, device, equipment and readable storage medium |
CN111478894A (en) * | 2020-04-03 | 2020-07-31 | 深信服科技股份有限公司 | External user authorization method, device, equipment and readable storage medium |
CN111541775A (en) * | 2020-05-09 | 2020-08-14 | 飞天诚信科技股份有限公司 | Security conversion method and system for authentication message |
CN111859324A (en) * | 2020-07-16 | 2020-10-30 | 北京百度网讯科技有限公司 | Authorization method, device, equipment and storage medium |
CN111859324B (en) * | 2020-07-16 | 2024-03-15 | 北京百度网讯科技有限公司 | Authorization method, device, equipment and storage medium |
CN112688923A (en) * | 2020-12-14 | 2021-04-20 | 杭州迪普科技股份有限公司 | User login processing method and system |
CN114650304A (en) * | 2020-12-17 | 2022-06-21 | 联通(江苏)产业互联网有限公司 | Authentication and authorization method and device |
CN114650304B (en) * | 2020-12-17 | 2024-03-15 | 联通(江苏)产业互联网有限公司 | Authentication and authorization method and device |
CN114826668A (en) * | 2022-03-23 | 2022-07-29 | 浪潮思科网络科技有限公司 | Method, equipment and storage medium for collecting online terminal information |
CN114826668B (en) * | 2022-03-23 | 2024-05-14 | 浪潮思科网络科技有限公司 | Method, equipment and storage medium for collecting online terminal information |
Also Published As
Publication number | Publication date |
---|---|
CN108462710B (en) | 2021-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108462710A (en) | Authentication authority method, device, certificate server and machine readable storage medium | |
JP7352008B2 (en) | First element contactless card authentication system and method | |
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
JP6510504B2 (en) | Apparatus, program, and method for initially establishing and periodically verifying software application trust | |
US11764966B2 (en) | Systems and methods for single-step out-of-band authentication | |
JP6332766B2 (en) | Trusted Service Manager Trusted Security Zone Container for data protection and confidentiality | |
JP2024012467A (en) | System and method for second factor authentication of customer support calls | |
CN109600223A (en) | Verification method, Activiation method, device, equipment and storage medium | |
WO2019129037A1 (en) | Equipment authentication method, over-the-air card writing method, and equipment authentication device | |
WO2020176870A1 (en) | System and method for endorsing a new authenticator | |
US9344896B2 (en) | Method and system for delivering a command to a mobile device | |
EP3132342A1 (en) | Service authorization using auxiliary device | |
CA2884775C (en) | Method for phone authentication in e-business transactions and computer-readable recording medium having program for phone authentication in e-business transactions recorded thereon | |
CN104301110A (en) | Authentication method, authentication device and system applied to intelligent terminal | |
EP2767029B1 (en) | Secure communication | |
US11564094B1 (en) | Secondary device authentication proxied from authenticated primary device | |
CN107317807A (en) | A kind of apparatus bound method, apparatus and system | |
KR20210135984A (en) | Systems and methods for pre-authentication of customer support calls | |
CN104935435A (en) | Login methods, terminal and application server | |
CN110163658A (en) | Virtual resource data processing method, device, computer equipment and storage medium | |
CN107277017A (en) | Purview certification method, apparatus and system based on encryption key and device-fingerprint | |
CN107453872A (en) | A kind of unified safety authentication method and system based on Mesos container cloud platforms | |
US11316663B2 (en) | One-time password with unpredictable moving factor | |
CN104335619B (en) | The remote de-locking of telecommunication apparatus function | |
US9119072B2 (en) | Method and apparatus to authenticate a personal device to access an enterprise network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |