CN108809969A - A kind of authentication method, system and its apparatus - Google Patents
A kind of authentication method, system and its apparatus Download PDFInfo
- Publication number
- CN108809969A CN108809969A CN201810542887.5A CN201810542887A CN108809969A CN 108809969 A CN108809969 A CN 108809969A CN 201810542887 A CN201810542887 A CN 201810542887A CN 108809969 A CN108809969 A CN 108809969A
- Authority
- CN
- China
- Prior art keywords
- terminal
- information
- long connection
- sent
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
- H04L67/145—Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/30—Connection release
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of authentication method of the application offer, system and its apparatus, this method include:After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;Receive the notification message that applications client is sent, the notification message carries the user information that the applications client is obtained from application server, the notification message is applications client after obtaining the URL information of the network management server in the Quick Response Code of the first terminal, is sent according to the URL information;The user information is sent to the first terminal by the long connection;Receive the certification request for the carrying user information that the first terminal is sent;The first terminal is authenticated according to the certification request.By the technical solution of the application, terminal being authenticated by network management server so that network management server can participate in identifying procedure, once authentification failure, the reason of network management server can know authentification failure.
Description
Technical field
This application involves field of communication technology more particularly to a kind of authentication method, system and its apparatus.
Background technology
Using even Wi-Fi (Wireless-Fidelity, Wireless Fidelity) function (such as possessed and passed through under line for Wi-Fi trade companies
Seek place businessman) provide Wi-Fi solutions, based on application even Wi-Fi functions, manage field under the line of Wi-Fi trade companies
Institute, user is without inputting the information such as cumbersome Wi-Fi passwords, by the modes such as scanning the two-dimensional code, user can fast network access, from
And user experience is improved, and promote the competitiveness of Wi-Fi trade companies.
Currently, in application even Wi-Fi functions, although not needing user inputs the information such as Wi-Fi passwords, still
It needs to be authenticated user, and the identifying procedure of user is completed by application server, Wi-Fi trade companies can not participate in user
Identifying procedure in, once the authentification failure of user, the reason of Wi-Fi trade companies will be unable to know authentification failure, can not be user
Solution is provided.Moreover, user information can not also be known in Wi-Fi trade companies, personalized service can not be provided user, it cannot
Operation for Wi-Fi trade companies provides help.
Invention content
The application provides a kind of authentication method, is applied to network management server, including:
After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;
The notification message that applications client is sent is received, the notification message carries the applications client from application service
The user information that device obtains, the notification message is that applications client obtains the network from the Quick Response Code of the first terminal
After the URL information of management server, sent according to the URL information;
The user information is sent to the first terminal by the long connection;
Receive the certification request for the carrying user information that the first terminal is sent;
The first terminal is authenticated according to the certification request.
The application provides a kind of Verification System, including wireless device and the above-mentioned network management server of power, wherein:The nothing
Line equipment sends to first terminal and carries for accessing network management after the radio connection request for receiving first terminal transmission
The redirection message of the URL information of server, so that long connection request is redirected to the network management by the first terminal
Server, and Quick Response Code is generated according to the URL information.
The application provides a kind of authentication device, is applied to network management server, and described device includes:
Module is established, for after the long connection request for receiving first terminal transmission, establishing and growing with the first terminal
Connection;
Receiving module, the notification message for receiving applications client transmission, the notification message carry the application visitor
The user information that family end is obtained from application server, the notification message are Quick Response Code of the applications client from the first terminal
In obtain the URL information of the network management server after, according to the URL information send;
Sending module, for the user information to be sent to the first terminal by the long connection;
The receiving module is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module, for being authenticated to the first terminal according to the certification request.
Based on the above-mentioned technical proposal, in the embodiment of the present application, network management server can be established long connect with first terminal
It connects, after the notification message for receiving applications client transmission, user information can be obtained from notification message, and by described
User information is sent to first terminal by long connection;Then, network management server receives the carrying user that first terminal is sent
The certification request of information, and first terminal is authenticated according to certification request.Based on aforesaid way, can be taken by network management
Business device is authenticated terminal, and the identifying procedure of terminal can be completed by network management server so that network management server
It can participate in identifying procedure, once authentification failure, the reason of network management server can know authentification failure, Ke Yiwei
User provides solution.Moreover, network management server can know user information, then personalized clothes are provided to user
Business, provides help so that terminal accesses network by Wi-Fi for the operation and popularization of Wi-Fi trade companies.
Description of the drawings
It, below will be to the application in order to clearly illustrate the embodiment of the present application or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below
Attached drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to this Shen
Please these attached drawings of embodiment obtain other attached drawings.
Fig. 1 is the application scenarios schematic diagram in a kind of embodiment of the application;
Fig. 2 is the flow chart of the authentication method in a kind of embodiment of the application;
Fig. 3 is the flow chart of the authentication method in the application another embodiment;
Fig. 4 is the structure chart of the authentication device in a kind of embodiment of the application;
Fig. 5 is the hardware structure diagram of network management server in a kind of embodiment of the application.
Specific implementation mode
In the term that the embodiment of the present application uses merely for the sake of the purpose of description specific embodiment, and this unrestricted Shen
Please.The "an" of singulative used in the application and claims, " described " and "the" are also intended to including most shapes
Formula, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to including one
A or multiple associated list items purposes any or all may combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the embodiment of the present application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example,
In the case where not departing from the application range, the first information can also be referred to as the second information, and similarly, the second information can also
It is referred to as the first information.Depending on context, in addition, used word " if " can be construed to " ... when " or
" when ... " or " in response to determination ".
It is proposed a kind of authentication method in the embodiment of the present application, this method can be applied to include first terminal, second terminal,
The system of wireless device, network management server and application server, it is shown in Figure 1, it is the applied field of the embodiment of the present application
Scape schematic diagram.The system can be realized using even Wi-Fi functions, be the Wi-Fi solutions provided for Wi-Fi trade companies, in Wi-
Management place under the line of Fi trade companies, user is by the modes such as scanning the two-dimensional code, you can fast network access, to improve user experience,
Promote the competitiveness of Wi-Fi trade companies.
Wherein, first terminal can be laptop, PC (Personal Computer, personal computer) etc., be to use
What family used needs to access the terminal of network, and certainly, first terminal can also be other types of terminal, not to this terminal type
It is limited.In the embodiment of the present application, first terminal can be the terminal for needing certification, i.e. first terminal is after by certification, energy
The wireless device of Wi-Fi trade companies is enough used to access network.
Wherein, second terminal can be mobile terminal, smart mobile phone, iPAD, laptop, PC etc., be to be equipped with to answer
With the terminal of client, and have the function of scanning the two-dimensional code, certainly, second terminal can also be other types of terminal,
This terminal type is not limited.Moreover, applications client can be the client (such as APP) interacted with application server,
User information can be obtained from application server.
Wherein, wireless device can be AP (Access Point, access point), AC (Access Controller, access
Controller), wireless router etc., be the equipment with Wifi functions that Wi-Fi trade companies provide, be typically deployed at Wi-Fi trade companies
Line under management place, i.e. first terminal can access network by wireless device.
Wherein, network management server is the server for having authentication function, is the server that Wi-Fi trade companies provide, leads to
Management place under the line of Wi-Fi trade companies can be often deployed in.In conventional manner, Wifi trade companies can not participate in the certification of user
In flow, and in the present embodiment, Wi-Fi trade companies can be with on-premise network management server, and is participated in by network management server
Into the identifying procedure of user, that is to say, that first terminal can be authenticated by network management server, once certification is lost
It loses, the reason of network management server can know authentification failure, solution can be provided to the user.Moreover, network management
Server can know user information, then provide personalized service to user, and side is provided for the operation and popularization of Wi-Fi trade companies
It helps.
Based on above application scene, as shown in Fig. 2, for the flow chart of authentication method, this method may include:
Step 201, first terminal sends radio connection request to wireless device.
Specifically, when user accesses network by first terminal, first terminal can send to wireless device and be wirelessly connected
Request, the radio connection request are used to establish between first terminal and wireless device and be wirelessly connected.
For example, first terminal may search for SSID (Service Set Identifier, the services set mark of wireless device
Know), and radio connection request is sent to the corresponding wireless devices of the SSID, it is thus connected to this wireless device.For not setting
The wireless device of password is set, first terminal can directly transmit radio connection request, be thus connected to wireless device;For setting
The wireless device of password can be inputted password by user, and first terminal sends the radio connection request for carrying password, to even
It is connected to wireless device, it is without limitation.
Step 202, wireless device sends to first terminal after receiving the radio connection request and redirects message, should
Redirect URL (Uniform Resoure Locator, the uniform resource locator) letters that message includes network management server
The label information of breath, the verification information of network management server, first terminal.
Wherein, wireless device can be that first terminal distributes label information (such as after receiving radio connection request
Ticket), and there is label information uniqueness, as different first terminals to distribute different label informations.For example, wirelessly setting
Standby to generate a character string at random, which can be as the label information of first terminal.Certainly, above-mentioned only label
One example of information, is not limited this label information.
Wherein, wireless device can be pre-configured with the URL information and verification information of network management server, be based on this, nothing
Line equipment after receiving radio connection request, can be inquired from being locally configured network management server URL information and
Verification information.The URL information can be the URL information for accessing network management server, which can be network
The unique mark of management server, and the verification information is registered to application server by network management server, is tested this
The type of card information is not limited.
Step 203, first terminal is after receiving the redirection message, according to the URL information, the verification information and the mark
It signs information and generates Quick Response Code, and the Quick Response Code is shown to user.That is, the content of the Quick Response Code may include but unlimited
In:The URL information, the verification information and the label information.
Wherein, script information (such as JavaScript information) can be carried by redirecting message, the script information for realizing
Quick Response Code systematic function.First terminal can parse script information after receiving redirection message from redirecting in message,
And run the script information (such as by the browser execution script information).Since the script information generates for realizing Quick Response Code
Function, therefore, after running the script information, so that it may which, to generate Quick Response Code, the content of the Quick Response Code may include:URL information,
Verification information and label information.
Step 204, first terminal is after receiving the redirection message, to the corresponding network management services of the URL information
Device sends long connection request, which can carry the label information.
Wherein, first terminal can execute step 203 and step 204 after receiving the redirection message, to this execution
Sequence is not limited, and can be first carried out step 203, can also be first carried out step 204.
Wherein, which is redirected to network management server for triggering first terminal and is authenticated, therefore,
After first terminal receives redirection message, long connection request can be sent to network management server.For example, to network management
Server is sent based on Ajax (Asynchronous JavaScript And eXtensible Markup Language, wound
The web development technologies of creating interactive web application) long connection request.
Step 205, after network management server receives the long connection request, long connection is established with first terminal, from this
The label information is obtained in long connection request, and establishes the correspondence of length connection and the label information.
Wherein, after network management server establishes long connection with first terminal, the length can also be kept to connect, for example,
Can be that ageing timer is arranged in long connection, the time-out time of the ageing timer can be configured rule of thumb, not limited this
System, for example, can configure it is larger, such as 60 seconds.Before ageing timer time-out, if being connected to first terminal by long
User information (subsequent process can introduce the transmission process of user information) is sent, then disconnects long connection.Alternatively, in ageing timer
After time-out, then disconnect long connection, long connection request retransmitted by first terminal, network management server again with first terminal
Establish long connection.
Step 206, second terminal scans above-mentioned Quick Response Code, and opens the applications client of second terminal, and application client
End parses the URL information, the verification information and the label information from the Quick Response Code.
Wherein, first terminal is generating Quick Response Code, and after showing the Quick Response Code to user, user can pass through second terminal
Scanning the Quick Response Code, (such as user opens the barcode scanning function of second terminal to scan the Quick Response Code, can not be opened at this time using visitor
Family end, as long as the barcode scanning function of second terminal, it is of course also possible to open applications client to scan the two-dimensional code).It is sweeping
When retouching the Quick Response Code, the applications client of second terminal can also be actively opened;It is automatically opened using visitor for example, Quick Response Code has
The function at family end, therefore, second terminal can also actively open the applications client of second terminal when scanning the Quick Response Code,
And the applications client can parse the URL information, the verification information and the label information from the Quick Response Code.
Step 207, applications client sends subscriber information request message, the subscriber information request message to application server
User's login banner of the verification information, applications client can be carried, that is to say, that user can be logged in by this user
Mark logs on to applications client, the function of then using applications client to provide.
Step 208, application server is tested after receiving the subscriber information request message according to the verification information
Card.If being verified, user information corresponding with user's login banner of applications client can be inquired, and the user is believed
Breath returns to applications client.If verification does not pass through, can forbid user information returning to applications client.For convenience
It describes, is illustrated for being verified in the present embodiment.
Wherein, application server can parse the verification letter of network management server from subscriber information request message
Breath, and inquire and locally whether register with the verification information.If it is, illustrating network management server in application server
It registered, hence, it can be determined that being verified;If it is not, then illustrating network management server not in application server registers
It crosses, hence, it can be determined that verification does not pass through.
Wherein, application server can record user's login banner of applications client and the correspondence of user information.
Based on this, application server can parse user's login banner of applications client from subscriber information request message, and lead to
It crosses and inquires the correspondence, obtain user information corresponding with user's login banner.For example, the user information may include
But it is not limited to:OpenId and tid etc., the openId can be the unique marks of user, which can be that cell-phone number is encrypted
Information is not limited this user information.
Step 209, applications client is after receiving user information, to the corresponding network management server of the URL information
It sends a notification message, which can carry the label information and the user information.
Step 210, network management server stores user letter after receiving the notification message in validated user table
Breath, alternatively, storing the user information and the label information in validated user table.
Wherein, validated user table is for recording all user informations by certification, and therefore, network management server receives
To after notification message, label information and user information can be parsed from notification message, and the use is stored in validated user table
Family information, or the user information and the label information are stored in validated user table.
In one example, network management server can also obtain customized information after receiving the notification message,
And the customized information is pushed to applications client, this customized information is not limited, for example, it may be portion of Wi-Fi trade companies
Administration provides the information of help for the operation and popularization of Wi-Fi trade companies in network management server.For example, customized information can
Think the advertising information etc. of Wi-Fi trade companies, it is without limitation.
Step 211, network management server inquires the corresponding long connection of the label information, and is connected the use by the length
Family information is sent to first terminal, and disconnects the long connection of network management server and first terminal.
Wherein, in step 205, network management server has built up the correspondence of long connection and label information, because
This, in step 211, network management server can inquire the corresponding long connection of the label information, and be connected by the length
The user information is sent to first terminal, and since user information is sent to first terminal, and hence it is also possible to disconnect
Network management server and the long of first terminal connect.
Step 212, first terminal sends certification request, this is recognized after receiving user information to network management server
Card request carries the address information (such as IP address) of the user information and first terminal.
Step 213, whether network management server is inquired in validated user table and is stored with after receiving the certification request
The user information;If it is, determining that first terminal passes through certification;If it is not, then determining that first terminal is not authenticated.In order to
Facilitate description, is illustrated for by certification in the present embodiment.
Wherein, if being stored with the user information in validated user table, illustrate that first terminal has executed step 201- steps
Rapid 212 identifying procedure, therefore, network management server can determine that first terminal passes through certification.If not having in validated user table
Have and store the user information, then illustrates that first terminal is not carried out the identifying procedure of step 201- steps 212, therefore, network management
Server can determine that first terminal is not authenticated.
Step 214, if first terminal is by certification, the address information of first terminal is sent to by network management server
Wireless device.For example, network management server sends certification success message to wireless device, certification success message carries the ground
Location information, to indicate that the address information is the address information by certification.
Step 215, wireless device records the address after receiving the address information of first terminal in authentication information table
Information, to indicate that the address information is the address information by certification.
Wherein, authentication information table is for recording all address informations by certification, and therefore, wireless device receives certification
After success message, the address information of first terminal can be parsed from certification success message, and by address information storage to recognizing
It demonstrate,proves in information table, to indicate that the address information is the address information by certification.
Step 216, wireless device inquires the address of the user's message when receiving the user's message of first terminal transmission
Whether information (such as source IP address) is located at authentication information table;If it is, user's message can be allowed to pass through, i.e. permission first is whole
End accesses network;Pass through if it is not, then user's message can be refused.
Wherein, wireless device can be parsed when receiving the user's message of first terminal transmission from user's message
The address information (source IP address of such as user's message) of first terminal.If the address information is located in authentication information table, illustrate
For first terminal by certification, therefore allowing first terminal to access network can allow user's message to pass through;If the address
Information then illustrates that first terminal is not authenticated not in authentication information table, and forbidding first terminal to access network therefore can
Passed through with refusing user's message.
In the above-described embodiments, applications client and application server can be depending on actual conditions, for example, application visitor
Family end can be wechat client, and application server can be wechat server, and above-mentioned verification information can be public platform information,
Above-mentioned user's login banner can be WeChat ID, and above-mentioned customized information can be public platform information, certainly, public platform information and
WeChat ID etc. is an example, without limitation.In another example applications client can be microblogging client, application service
Device can be micro blog server, and above-mentioned verification information can be microblogging number, to the type of this applications client and application server
It is not limited.
Based on the above-mentioned technical proposal, in the embodiment of the present application, network management server can be established long connect with first terminal
It connects, after the notification message for receiving applications client transmission, user information can be obtained from notification message, and by described
User information is sent to first terminal by long connection;Then, network management server receives the carrying user that first terminal is sent
The certification request of information is authenticated first terminal according to certification request.It, can be by network management services based on aforesaid way
Device is authenticated terminal, and terminal authentication flow can be completed by network management server so that network management server can
It participates in identifying procedure, once authentification failure, the reason of network management server can know authentification failure, can be user
Solution is provided.Moreover, network management server can know user information, then provide personalized service to user, is
The operation and popularization of Wi-Fi trade companies provide help so that terminal accesses network by Wi-Fi.Aforesaid way can reduce to the greatest extent
The interaction times of applications client and application server avoid the interaction of network management server and application server, can make
First terminal accesses network by way of application even Wi-Fi.
Based on similarly applying conceiving with the above method, another authentication method, the party are also proposed in the embodiment of the present application
Method can be applied to network management server, shown in Figure 3, and this method may include:
Step 301, after the long connection request for receiving first terminal transmission, long connection is established with first terminal.
Step 302, the notification message that applications client is sent is received, which carries applications client and taken from application
The user information that business device obtains, which is that applications client obtains network management services from the Quick Response Code of first terminal
After the URL information of device, sent according to the URL information.
Step 303, it is connected by the length and the user information is sent to first terminal.
Step 304, the certification request for carrying the user information that first terminal is sent is received.
Step 305, first terminal is authenticated according to the certification request.
In one example, which can also include the label information of first terminal;The notification message may be used also
Label information with the first terminal obtained from the Quick Response Code including applications client.
Based on this, for network management server after establishing long connection with first terminal, network management server can be with
Establish the correspondence for the label information that length connection includes with the long connection request.
Further, it is connected by the length and the user information is sent to first terminal, may include:Network management services
Device inquires the correspondence by the label information that the notification message includes, and obtains long connection corresponding with the label information,
And it is connected by the length and user information is sent to the first terminal.
In one example, network management server can also be that the length connects after establishing long connection with first terminal
Ageing timer is set;Before ageing timer time-out, if sending user information to first terminal by long connection, break
Open long connection;Alternatively, after ageing timer time-out, then long connection is disconnected.
In one example, it after receiving the notification message that applications client is sent, can also be recorded in validated user table
User information;Further, certification request can also carry the address information of first terminal, eventually according to the certification request pair first
End is authenticated, and can include but is not limited to:If there are the user informations carried in the certification request in validated user table, really
First terminal is determined by certification, and the address information of first terminal is sent to wireless device, so that wireless device is according to address
Information allows first terminal to access network.
In one example, after receiving the notification message that applications client is sent, network management server can also obtain
Customized information is taken, and the customized information is pushed to applications client.
Wherein, the authentication method of Fig. 3 and the authentication method of Fig. 2 are similar, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, a kind of Verification System, including nothing are also proposed in the embodiment of the present application
Line equipment and network management server, wherein:Wireless device, can be with after the radio connection request for receiving first terminal transmission
The redirection message for carrying the URL information for accessing network management server is sent to first terminal, so that first terminal will
Long connection request is redirected to network management server, and generates Quick Response Code according to the URL information;Network management server receives
To after long connection request, long connection can be established with first terminal;In addition, network management server can receive applications client
The notification message of transmission, which carries the user information that applications client is obtained from application server, and the notice disappears
Breath is applications client after obtaining URL information in the Quick Response Code, is sent according to the URL information;Then, network management services
Device is connected by the length user information being sent to first terminal, and receives the carrying of the first terminal transmission user information
Certification request, and first terminal is authenticated according to the certification request.
Wherein, above-mentioned Verification System is similar with the authentication method of Fig. 2 or Fig. 3, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, the embodiment of the present application also proposes a kind of authentication device, is applied to net
Network management server, it is shown in Figure 4, it is the structure chart of described device, described device includes:
Module 401 is established, for after the long connection request for receiving first terminal transmission, being established with the first terminal
Long connection;
Receiving module 402, the notification message for receiving applications client transmission, the notification message carry the application
The user information that client is obtained from application server, the notification message are two dimension of the applications client from the first terminal
After obtaining the URL information of the network management server in code, sent according to the URL information;
Sending module 403, for the user information to be sent to the first terminal by the long connection;
Receiving module 402 is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module 404, for being authenticated to the first terminal according to the certification request.
The long connection request further includes the label information of the first terminal;The notification message further includes the application
The label information for the first terminal that client is obtained from the Quick Response Code;It is described to establish module 401, it is additionally operable to establish institute
State the correspondence for the label information that long connection includes with the long connection request;The sending module 403 is connected by the length
Connecing when that the user information is sent to the first terminal is specifically used for:The label information for including by the notification message is looked into
The correspondence is ask, the corresponding long connection of the label information is obtained, is connected the user information by the length
It is sent to the first terminal.
In one example, described device can also include (not shown in FIG.):Processing module, for described the
One terminal is established after long connection, for the long connection setting ageing timer;Before the ageing timer time-out, if
It is connected to the first terminal by the length and sends user information, then disconnect the long connection;Alternatively, in aging timing
After device time-out, then the long connection is disconnected.
The authentication module 404 is additionally operable to record the user information in validated user table;
The certification request also carries the address information of the first terminal;
The authentication module 404 is specifically used for when being authenticated to the first terminal according to the certification request:If institute
State in validated user table that there are the user informations carried in the certification request, it is determined that the first terminal by certification, and
The address information of the first terminal is sent to wireless device, so that the wireless device allows institute according to described address information
It states first terminal and accesses network.
The sending module 403 is additionally operable to obtain customized information, and pushes the personalization to the applications client
Information.
Network management server provided by the embodiments of the present application, for hardware view, hardware structure schematic diagram specifically may be used
With shown in Figure 5, may include:Machine readable storage medium and processor, wherein:
Machine readable storage medium:Store instruction code.
Processor:Communicated with machine readable storage medium, read and execute stored in machine readable storage medium it is described
Instruction code realizes authentication operation disclosed in the application above-mentioned example.
Here, machine readable storage medium can be any electronics, magnetism, optics or other physical storage devices, can be with
Including or storage information, such as executable instruction, data, etc..For example, machine readable storage medium can be:RAM(Radom
Access Memory, random access memory), volatile memory, nonvolatile memory, flash memory, memory driver is (as hard
Disk drive), solid state disk, any kind of storage dish (such as CD, dvd) either similar storage medium or they
Combination.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of arbitrary several equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit is realized can in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes computer usable program code that the embodiment of the present application, which can be used in one or more,
The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of program product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It is generally understood that being realized by computer program instructions each in flowchart and/or the block diagram
The combination of flow and/or box in flow and/or box and flowchart and/or the block diagram.These computer journeys can be provided
Sequence instruct to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with
Generate a machine so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for
Realize the dress for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes
It sets.
Computer or the processing of other programmable datas can be guided to set moreover, these computer program instructions can also be stored in
In standby computer-readable memory operate in a specific manner so that instruction stored in the computer readable memory generates
Manufacture including command device, the command device are realized in one flow of flow chart or multiple flows and/or block diagram one
The function of being specified in a box or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer
Or the instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram
The step of function of being specified in one box or multiple boxes.
Above is only an example of the present application, it is not intended to limit this application.For those skilled in the art
For, the application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (11)
1. a kind of authentication method, which is characterized in that it is applied to network management server, including:
After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;
The notification message that applications client is sent is received, the notification message carries the applications client and obtained from application server
The user information obtained, the notification message is that applications client obtains the network management from the Quick Response Code of the first terminal
After the URL information of server, sent according to the URL information;
The user information is sent to the first terminal by the long connection;
Receive the certification request for the carrying user information that the first terminal is sent;
The first terminal is authenticated according to the certification request.
2. according to the method described in claim 1, it is characterized in that,
The long connection request further includes the label information of the first terminal;The notification message further includes the application client
Hold the label information of the first terminal obtained from the Quick Response Code;
After the long connection with first terminal foundation, the method further includes:
Establish the correspondence for the label information that the long connection includes with the long connection request;
It is described that the user information is sent to by the first terminal by the long connection, including:
The correspondence is inquired by the label information that the notification message includes, it is corresponding described to obtain the label information
Long connection, and the user information is sent to by the first terminal by the long connection.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
After establishing long connection with the first terminal, for the long connection setting ageing timer;In aging timing
Before device time-out, user information is sent if being connected to the first terminal by the length, disconnects the long connection;Or
Person then disconnects the long connection after the ageing timer time-out.
4. according to the method described in claim 1, it is characterized in that, it is described receive applications client send notification message it
Afterwards, the method further includes:The user information is recorded in validated user table;
The certification request also carries the address information of the first terminal, according to the certification request to the first terminal into
Row certification, including:If there are the user informations carried in the certification request in the validated user table, it is determined that described first
Terminal is sent to wireless device by certification, and by the address information of the first terminal, so that the wireless device is according to institute
Stating address information allows the first terminal to access network.
5. according to the method described in claim 1, it is characterized in that,
After the notification message for receiving applications client transmission, the method further includes:
Customized information is obtained, and the customized information is pushed to the applications client.
6. a kind of Verification System, which is characterized in that taken including wireless device and claim 1-5 any one of them network managements
Business device, wherein:
The wireless device sends to first terminal and carries for visiting after the radio connection request for receiving first terminal transmission
The redirection message of the URL information of network management server is asked, so that long connection request is redirected to institute by the first terminal
Network management server is stated, and Quick Response Code is generated according to the URL information.
7. a kind of authentication device, which is characterized in that be applied to network management server, described device includes:
Module is established, for after the long connection request for receiving first terminal transmission, long connection to be established with the first terminal;
Receiving module, the notification message for receiving applications client transmission, the notification message carry the applications client
The user information obtained from application server, the notification message are that applications client is obtained from the Quick Response Code of the first terminal
To after the URL information of the network management server, sent according to the URL information;
Sending module, for the user information to be sent to the first terminal by the long connection;
The receiving module is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module, for being authenticated to the first terminal according to the certification request.
8. device according to claim 7, which is characterized in that
The long connection request further includes the label information of the first terminal;The notification message further includes the application client
Hold the label information of the first terminal obtained from the Quick Response Code;
It is described to establish module, it is additionally operable to establish the corresponding pass of the long connection and the label information that the long connection request includes
System;
The sending module is specifically used for when the user information being sent to the first terminal by the long connection:Pass through
The label information that the notification message includes inquires the correspondence, obtains the corresponding long connection of the label information,
The user information is sent to the first terminal by the long connection.
9. device according to claim 8, which is characterized in that further include:Processing module, for the first terminal
It establishes after long connection, for the long connection setting ageing timer;Before the ageing timer time-out, if having passed through institute
It states long connection and sends user information to the first terminal, then disconnect the long connection;Alternatively, in ageing timer time-out
Afterwards, then the long connection is disconnected.
10. device according to claim 7, which is characterized in that
The authentication module is additionally operable to record the user information in validated user table;
The certification request also carries the address information of the first terminal;
The authentication module is specifically used for when being authenticated to the first terminal according to the certification request:If the legal use
There are the user informations carried in the certification request in the table of family, it is determined that the first terminal is by certification, and by described
The address information of one terminal is sent to wireless device, so that the wireless device is whole according to described address information permission described first
End accesses network.
11. device according to claim 7, which is characterized in that the sending module is additionally operable to obtain customized information,
And push the customized information to the applications client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810542887.5A CN108809969B (en) | 2018-05-30 | 2018-05-30 | Authentication method, system and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810542887.5A CN108809969B (en) | 2018-05-30 | 2018-05-30 | Authentication method, system and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108809969A true CN108809969A (en) | 2018-11-13 |
CN108809969B CN108809969B (en) | 2020-11-06 |
Family
ID=64089494
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810542887.5A Active CN108809969B (en) | 2018-05-30 | 2018-05-30 | Authentication method, system and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108809969B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109769249A (en) * | 2019-01-30 | 2019-05-17 | 新华三技术有限公司 | A kind of authentication method, system and its apparatus |
CN111277543A (en) * | 2018-12-04 | 2020-06-12 | 华为技术有限公司 | Information synchronization method, authentication method and device |
CN113010893A (en) * | 2019-12-19 | 2021-06-22 | 华为技术有限公司 | Software management method, device and system |
CN113285929A (en) * | 2021-05-10 | 2021-08-20 | 新华三技术有限公司 | Terminal validity detection method and device |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103001973A (en) * | 2012-12-26 | 2013-03-27 | 百度在线网络技术(北京)有限公司 | Method, system and device used for controlling login and based on two-dimensional code |
CN103067378A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Log-in control method and system based on two-dimension code |
JP2013171496A (en) * | 2012-02-22 | 2013-09-02 | Hisao Kitamura | Privilege application service management system |
CN103634119A (en) * | 2013-12-13 | 2014-03-12 | 北京星网锐捷网络技术有限公司 | Authentication method, application client, application server and authentication server |
CN105825374A (en) * | 2016-03-11 | 2016-08-03 | 北京纳衡仪器仪表有限公司 | Paid service operation management system apparatus and method for public place |
WO2016147591A1 (en) * | 2015-03-17 | 2016-09-22 | Ricoh Company, Ltd. | Transmission system, transmission terminal, method and program |
CN106651277A (en) * | 2017-01-04 | 2017-05-10 | 南阳师范学院 | Regional logistics information-based network transmission system and data analysis method |
CN107277812A (en) * | 2017-07-11 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of wireless network authentication method and system based on Quick Response Code |
CN107454064A (en) * | 2017-07-11 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of visitor's authentication method and system based on public number |
CN107529164A (en) * | 2017-09-07 | 2017-12-29 | 上海斐讯数据通信技术有限公司 | A kind of portal certifications, wireless network access method and system |
-
2018
- 2018-05-30 CN CN201810542887.5A patent/CN108809969B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013171496A (en) * | 2012-02-22 | 2013-09-02 | Hisao Kitamura | Privilege application service management system |
CN103001973A (en) * | 2012-12-26 | 2013-03-27 | 百度在线网络技术(北京)有限公司 | Method, system and device used for controlling login and based on two-dimensional code |
CN103067378A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Log-in control method and system based on two-dimension code |
CN103634119A (en) * | 2013-12-13 | 2014-03-12 | 北京星网锐捷网络技术有限公司 | Authentication method, application client, application server and authentication server |
WO2016147591A1 (en) * | 2015-03-17 | 2016-09-22 | Ricoh Company, Ltd. | Transmission system, transmission terminal, method and program |
CN105825374A (en) * | 2016-03-11 | 2016-08-03 | 北京纳衡仪器仪表有限公司 | Paid service operation management system apparatus and method for public place |
CN106651277A (en) * | 2017-01-04 | 2017-05-10 | 南阳师范学院 | Regional logistics information-based network transmission system and data analysis method |
CN107277812A (en) * | 2017-07-11 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of wireless network authentication method and system based on Quick Response Code |
CN107454064A (en) * | 2017-07-11 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of visitor's authentication method and system based on public number |
CN107529164A (en) * | 2017-09-07 | 2017-12-29 | 上海斐讯数据通信技术有限公司 | A kind of portal certifications, wireless network access method and system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111277543A (en) * | 2018-12-04 | 2020-06-12 | 华为技术有限公司 | Information synchronization method, authentication method and device |
CN111277543B (en) * | 2018-12-04 | 2022-08-26 | 华为技术有限公司 | Information synchronization method, authentication method and device |
CN109769249A (en) * | 2019-01-30 | 2019-05-17 | 新华三技术有限公司 | A kind of authentication method, system and its apparatus |
CN109769249B (en) * | 2019-01-30 | 2022-03-01 | 新华三技术有限公司 | Authentication method, system and device |
CN113010893A (en) * | 2019-12-19 | 2021-06-22 | 华为技术有限公司 | Software management method, device and system |
CN113010893B (en) * | 2019-12-19 | 2024-05-17 | 华为云计算技术有限公司 | Software management method, device and system |
CN113285929A (en) * | 2021-05-10 | 2021-08-20 | 新华三技术有限公司 | Terminal validity detection method and device |
Also Published As
Publication number | Publication date |
---|---|
CN108809969B (en) | 2020-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10057251B2 (en) | Provisioning account credentials via a trusted channel | |
CN108733991B (en) | Webpage application access method and device and storage medium | |
US10362026B2 (en) | Providing multi-factor authentication credentials via device notifications | |
CN102017572B (en) | The method logged on for providing single service, equipment and computer program | |
US20170032111A1 (en) | Approaches for providing multi-factor authentication credentials | |
CN110268729A (en) | To Internet of Things (IOT) equipment supply equipment and/or Line sharing ability | |
CN103858457A (en) | Multi-hop single sign-on (sso) for identity provider (idp) roaming/proxy | |
CN108809969A (en) | A kind of authentication method, system and its apparatus | |
CN108141747A (en) | For remotely providing the method and apparatus of profile in a communications system | |
US20070019616A1 (en) | Group formation using mobile computing devices | |
US20130086670A1 (en) | Providing third party authentication in an on-demand service environment | |
US20130318581A1 (en) | Multi-factor authentication using a unique identification header (uidh) | |
CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
CN107623690A (en) | Login method, equipment and storage medium | |
US10841297B2 (en) | Providing multi-factor authentication credentials via device notifications | |
CN113542201B (en) | Access control method and equipment for Internet service | |
CN104995900A (en) | Specifying link layer information in a URL | |
CN105681258B (en) | Session method and conversational device based on third-party server | |
CN106789924A (en) | The method and system that a kind of digital certificate protection web site of use mobile terminal is logged in | |
US10027642B2 (en) | Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network | |
CN104158818A (en) | Single sign-on method and system | |
JP4897503B2 (en) | Account linking system, account linking method, linkage server device | |
CN106658498A (en) | Portal approved quick roaming method and WiFi device | |
CN109769249A (en) | A kind of authentication method, system and its apparatus | |
CN105657710A (en) | Wireless network authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |