CN108809969A - A kind of authentication method, system and its apparatus - Google Patents

A kind of authentication method, system and its apparatus Download PDF

Info

Publication number
CN108809969A
CN108809969A CN201810542887.5A CN201810542887A CN108809969A CN 108809969 A CN108809969 A CN 108809969A CN 201810542887 A CN201810542887 A CN 201810542887A CN 108809969 A CN108809969 A CN 108809969A
Authority
CN
China
Prior art keywords
terminal
information
long connection
sent
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810542887.5A
Other languages
Chinese (zh)
Other versions
CN108809969B (en
Inventor
郝兆旭
刘靖靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201810542887.5A priority Critical patent/CN108809969B/en
Publication of CN108809969A publication Critical patent/CN108809969A/en
Application granted granted Critical
Publication of CN108809969B publication Critical patent/CN108809969B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of authentication method of the application offer, system and its apparatus, this method include:After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;Receive the notification message that applications client is sent, the notification message carries the user information that the applications client is obtained from application server, the notification message is applications client after obtaining the URL information of the network management server in the Quick Response Code of the first terminal, is sent according to the URL information;The user information is sent to the first terminal by the long connection;Receive the certification request for the carrying user information that the first terminal is sent;The first terminal is authenticated according to the certification request.By the technical solution of the application, terminal being authenticated by network management server so that network management server can participate in identifying procedure, once authentification failure, the reason of network management server can know authentification failure.

Description

A kind of authentication method, system and its apparatus
Technical field
This application involves field of communication technology more particularly to a kind of authentication method, system and its apparatus.
Background technology
Using even Wi-Fi (Wireless-Fidelity, Wireless Fidelity) function (such as possessed and passed through under line for Wi-Fi trade companies Seek place businessman) provide Wi-Fi solutions, based on application even Wi-Fi functions, manage field under the line of Wi-Fi trade companies Institute, user is without inputting the information such as cumbersome Wi-Fi passwords, by the modes such as scanning the two-dimensional code, user can fast network access, from And user experience is improved, and promote the competitiveness of Wi-Fi trade companies.
Currently, in application even Wi-Fi functions, although not needing user inputs the information such as Wi-Fi passwords, still It needs to be authenticated user, and the identifying procedure of user is completed by application server, Wi-Fi trade companies can not participate in user Identifying procedure in, once the authentification failure of user, the reason of Wi-Fi trade companies will be unable to know authentification failure, can not be user Solution is provided.Moreover, user information can not also be known in Wi-Fi trade companies, personalized service can not be provided user, it cannot Operation for Wi-Fi trade companies provides help.
Invention content
The application provides a kind of authentication method, is applied to network management server, including:
After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;
The notification message that applications client is sent is received, the notification message carries the applications client from application service The user information that device obtains, the notification message is that applications client obtains the network from the Quick Response Code of the first terminal After the URL information of management server, sent according to the URL information;
The user information is sent to the first terminal by the long connection;
Receive the certification request for the carrying user information that the first terminal is sent;
The first terminal is authenticated according to the certification request.
The application provides a kind of Verification System, including wireless device and the above-mentioned network management server of power, wherein:The nothing Line equipment sends to first terminal and carries for accessing network management after the radio connection request for receiving first terminal transmission The redirection message of the URL information of server, so that long connection request is redirected to the network management by the first terminal Server, and Quick Response Code is generated according to the URL information.
The application provides a kind of authentication device, is applied to network management server, and described device includes:
Module is established, for after the long connection request for receiving first terminal transmission, establishing and growing with the first terminal Connection;
Receiving module, the notification message for receiving applications client transmission, the notification message carry the application visitor The user information that family end is obtained from application server, the notification message are Quick Response Code of the applications client from the first terminal In obtain the URL information of the network management server after, according to the URL information send;
Sending module, for the user information to be sent to the first terminal by the long connection;
The receiving module is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module, for being authenticated to the first terminal according to the certification request.
Based on the above-mentioned technical proposal, in the embodiment of the present application, network management server can be established long connect with first terminal It connects, after the notification message for receiving applications client transmission, user information can be obtained from notification message, and by described User information is sent to first terminal by long connection;Then, network management server receives the carrying user that first terminal is sent The certification request of information, and first terminal is authenticated according to certification request.Based on aforesaid way, can be taken by network management Business device is authenticated terminal, and the identifying procedure of terminal can be completed by network management server so that network management server It can participate in identifying procedure, once authentification failure, the reason of network management server can know authentification failure, Ke Yiwei User provides solution.Moreover, network management server can know user information, then personalized clothes are provided to user Business, provides help so that terminal accesses network by Wi-Fi for the operation and popularization of Wi-Fi trade companies.
Description of the drawings
It, below will be to the application in order to clearly illustrate the embodiment of the present application or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below Attached drawing is only some embodiments described in the application, for those of ordinary skill in the art, can also be according to this Shen Please these attached drawings of embodiment obtain other attached drawings.
Fig. 1 is the application scenarios schematic diagram in a kind of embodiment of the application;
Fig. 2 is the flow chart of the authentication method in a kind of embodiment of the application;
Fig. 3 is the flow chart of the authentication method in the application another embodiment;
Fig. 4 is the structure chart of the authentication device in a kind of embodiment of the application;
Fig. 5 is the hardware structure diagram of network management server in a kind of embodiment of the application.
Specific implementation mode
In the term that the embodiment of the present application uses merely for the sake of the purpose of description specific embodiment, and this unrestricted Shen Please.The "an" of singulative used in the application and claims, " described " and "the" are also intended to including most shapes Formula, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to including one A or multiple associated list items purposes any or all may combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the embodiment of the present application Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, In the case where not departing from the application range, the first information can also be referred to as the second information, and similarly, the second information can also It is referred to as the first information.Depending on context, in addition, used word " if " can be construed to " ... when " or " when ... " or " in response to determination ".
It is proposed a kind of authentication method in the embodiment of the present application, this method can be applied to include first terminal, second terminal, The system of wireless device, network management server and application server, it is shown in Figure 1, it is the applied field of the embodiment of the present application Scape schematic diagram.The system can be realized using even Wi-Fi functions, be the Wi-Fi solutions provided for Wi-Fi trade companies, in Wi- Management place under the line of Fi trade companies, user is by the modes such as scanning the two-dimensional code, you can fast network access, to improve user experience, Promote the competitiveness of Wi-Fi trade companies.
Wherein, first terminal can be laptop, PC (Personal Computer, personal computer) etc., be to use What family used needs to access the terminal of network, and certainly, first terminal can also be other types of terminal, not to this terminal type It is limited.In the embodiment of the present application, first terminal can be the terminal for needing certification, i.e. first terminal is after by certification, energy The wireless device of Wi-Fi trade companies is enough used to access network.
Wherein, second terminal can be mobile terminal, smart mobile phone, iPAD, laptop, PC etc., be to be equipped with to answer With the terminal of client, and have the function of scanning the two-dimensional code, certainly, second terminal can also be other types of terminal, This terminal type is not limited.Moreover, applications client can be the client (such as APP) interacted with application server, User information can be obtained from application server.
Wherein, wireless device can be AP (Access Point, access point), AC (Access Controller, access Controller), wireless router etc., be the equipment with Wifi functions that Wi-Fi trade companies provide, be typically deployed at Wi-Fi trade companies Line under management place, i.e. first terminal can access network by wireless device.
Wherein, network management server is the server for having authentication function, is the server that Wi-Fi trade companies provide, leads to Management place under the line of Wi-Fi trade companies can be often deployed in.In conventional manner, Wifi trade companies can not participate in the certification of user In flow, and in the present embodiment, Wi-Fi trade companies can be with on-premise network management server, and is participated in by network management server Into the identifying procedure of user, that is to say, that first terminal can be authenticated by network management server, once certification is lost It loses, the reason of network management server can know authentification failure, solution can be provided to the user.Moreover, network management Server can know user information, then provide personalized service to user, and side is provided for the operation and popularization of Wi-Fi trade companies It helps.
Based on above application scene, as shown in Fig. 2, for the flow chart of authentication method, this method may include:
Step 201, first terminal sends radio connection request to wireless device.
Specifically, when user accesses network by first terminal, first terminal can send to wireless device and be wirelessly connected Request, the radio connection request are used to establish between first terminal and wireless device and be wirelessly connected.
For example, first terminal may search for SSID (Service Set Identifier, the services set mark of wireless device Know), and radio connection request is sent to the corresponding wireless devices of the SSID, it is thus connected to this wireless device.For not setting The wireless device of password is set, first terminal can directly transmit radio connection request, be thus connected to wireless device;For setting The wireless device of password can be inputted password by user, and first terminal sends the radio connection request for carrying password, to even It is connected to wireless device, it is without limitation.
Step 202, wireless device sends to first terminal after receiving the radio connection request and redirects message, should Redirect URL (Uniform Resoure Locator, the uniform resource locator) letters that message includes network management server The label information of breath, the verification information of network management server, first terminal.
Wherein, wireless device can be that first terminal distributes label information (such as after receiving radio connection request Ticket), and there is label information uniqueness, as different first terminals to distribute different label informations.For example, wirelessly setting Standby to generate a character string at random, which can be as the label information of first terminal.Certainly, above-mentioned only label One example of information, is not limited this label information.
Wherein, wireless device can be pre-configured with the URL information and verification information of network management server, be based on this, nothing Line equipment after receiving radio connection request, can be inquired from being locally configured network management server URL information and Verification information.The URL information can be the URL information for accessing network management server, which can be network The unique mark of management server, and the verification information is registered to application server by network management server, is tested this The type of card information is not limited.
Step 203, first terminal is after receiving the redirection message, according to the URL information, the verification information and the mark It signs information and generates Quick Response Code, and the Quick Response Code is shown to user.That is, the content of the Quick Response Code may include but unlimited In:The URL information, the verification information and the label information.
Wherein, script information (such as JavaScript information) can be carried by redirecting message, the script information for realizing Quick Response Code systematic function.First terminal can parse script information after receiving redirection message from redirecting in message, And run the script information (such as by the browser execution script information).Since the script information generates for realizing Quick Response Code Function, therefore, after running the script information, so that it may which, to generate Quick Response Code, the content of the Quick Response Code may include:URL information, Verification information and label information.
Step 204, first terminal is after receiving the redirection message, to the corresponding network management services of the URL information Device sends long connection request, which can carry the label information.
Wherein, first terminal can execute step 203 and step 204 after receiving the redirection message, to this execution Sequence is not limited, and can be first carried out step 203, can also be first carried out step 204.
Wherein, which is redirected to network management server for triggering first terminal and is authenticated, therefore, After first terminal receives redirection message, long connection request can be sent to network management server.For example, to network management Server is sent based on Ajax (Asynchronous JavaScript And eXtensible Markup Language, wound The web development technologies of creating interactive web application) long connection request.
Step 205, after network management server receives the long connection request, long connection is established with first terminal, from this The label information is obtained in long connection request, and establishes the correspondence of length connection and the label information.
Wherein, after network management server establishes long connection with first terminal, the length can also be kept to connect, for example, Can be that ageing timer is arranged in long connection, the time-out time of the ageing timer can be configured rule of thumb, not limited this System, for example, can configure it is larger, such as 60 seconds.Before ageing timer time-out, if being connected to first terminal by long User information (subsequent process can introduce the transmission process of user information) is sent, then disconnects long connection.Alternatively, in ageing timer After time-out, then disconnect long connection, long connection request retransmitted by first terminal, network management server again with first terminal Establish long connection.
Step 206, second terminal scans above-mentioned Quick Response Code, and opens the applications client of second terminal, and application client End parses the URL information, the verification information and the label information from the Quick Response Code.
Wherein, first terminal is generating Quick Response Code, and after showing the Quick Response Code to user, user can pass through second terminal Scanning the Quick Response Code, (such as user opens the barcode scanning function of second terminal to scan the Quick Response Code, can not be opened at this time using visitor Family end, as long as the barcode scanning function of second terminal, it is of course also possible to open applications client to scan the two-dimensional code).It is sweeping When retouching the Quick Response Code, the applications client of second terminal can also be actively opened;It is automatically opened using visitor for example, Quick Response Code has The function at family end, therefore, second terminal can also actively open the applications client of second terminal when scanning the Quick Response Code, And the applications client can parse the URL information, the verification information and the label information from the Quick Response Code.
Step 207, applications client sends subscriber information request message, the subscriber information request message to application server User's login banner of the verification information, applications client can be carried, that is to say, that user can be logged in by this user Mark logs on to applications client, the function of then using applications client to provide.
Step 208, application server is tested after receiving the subscriber information request message according to the verification information Card.If being verified, user information corresponding with user's login banner of applications client can be inquired, and the user is believed Breath returns to applications client.If verification does not pass through, can forbid user information returning to applications client.For convenience It describes, is illustrated for being verified in the present embodiment.
Wherein, application server can parse the verification letter of network management server from subscriber information request message Breath, and inquire and locally whether register with the verification information.If it is, illustrating network management server in application server It registered, hence, it can be determined that being verified;If it is not, then illustrating network management server not in application server registers It crosses, hence, it can be determined that verification does not pass through.
Wherein, application server can record user's login banner of applications client and the correspondence of user information. Based on this, application server can parse user's login banner of applications client from subscriber information request message, and lead to It crosses and inquires the correspondence, obtain user information corresponding with user's login banner.For example, the user information may include But it is not limited to:OpenId and tid etc., the openId can be the unique marks of user, which can be that cell-phone number is encrypted Information is not limited this user information.
Step 209, applications client is after receiving user information, to the corresponding network management server of the URL information It sends a notification message, which can carry the label information and the user information.
Step 210, network management server stores user letter after receiving the notification message in validated user table Breath, alternatively, storing the user information and the label information in validated user table.
Wherein, validated user table is for recording all user informations by certification, and therefore, network management server receives To after notification message, label information and user information can be parsed from notification message, and the use is stored in validated user table Family information, or the user information and the label information are stored in validated user table.
In one example, network management server can also obtain customized information after receiving the notification message, And the customized information is pushed to applications client, this customized information is not limited, for example, it may be portion of Wi-Fi trade companies Administration provides the information of help for the operation and popularization of Wi-Fi trade companies in network management server.For example, customized information can Think the advertising information etc. of Wi-Fi trade companies, it is without limitation.
Step 211, network management server inquires the corresponding long connection of the label information, and is connected the use by the length Family information is sent to first terminal, and disconnects the long connection of network management server and first terminal.
Wherein, in step 205, network management server has built up the correspondence of long connection and label information, because This, in step 211, network management server can inquire the corresponding long connection of the label information, and be connected by the length The user information is sent to first terminal, and since user information is sent to first terminal, and hence it is also possible to disconnect Network management server and the long of first terminal connect.
Step 212, first terminal sends certification request, this is recognized after receiving user information to network management server Card request carries the address information (such as IP address) of the user information and first terminal.
Step 213, whether network management server is inquired in validated user table and is stored with after receiving the certification request The user information;If it is, determining that first terminal passes through certification;If it is not, then determining that first terminal is not authenticated.In order to Facilitate description, is illustrated for by certification in the present embodiment.
Wherein, if being stored with the user information in validated user table, illustrate that first terminal has executed step 201- steps Rapid 212 identifying procedure, therefore, network management server can determine that first terminal passes through certification.If not having in validated user table Have and store the user information, then illustrates that first terminal is not carried out the identifying procedure of step 201- steps 212, therefore, network management Server can determine that first terminal is not authenticated.
Step 214, if first terminal is by certification, the address information of first terminal is sent to by network management server Wireless device.For example, network management server sends certification success message to wireless device, certification success message carries the ground Location information, to indicate that the address information is the address information by certification.
Step 215, wireless device records the address after receiving the address information of first terminal in authentication information table Information, to indicate that the address information is the address information by certification.
Wherein, authentication information table is for recording all address informations by certification, and therefore, wireless device receives certification After success message, the address information of first terminal can be parsed from certification success message, and by address information storage to recognizing It demonstrate,proves in information table, to indicate that the address information is the address information by certification.
Step 216, wireless device inquires the address of the user's message when receiving the user's message of first terminal transmission Whether information (such as source IP address) is located at authentication information table;If it is, user's message can be allowed to pass through, i.e. permission first is whole End accesses network;Pass through if it is not, then user's message can be refused.
Wherein, wireless device can be parsed when receiving the user's message of first terminal transmission from user's message The address information (source IP address of such as user's message) of first terminal.If the address information is located in authentication information table, illustrate For first terminal by certification, therefore allowing first terminal to access network can allow user's message to pass through;If the address Information then illustrates that first terminal is not authenticated not in authentication information table, and forbidding first terminal to access network therefore can Passed through with refusing user's message.
In the above-described embodiments, applications client and application server can be depending on actual conditions, for example, application visitor Family end can be wechat client, and application server can be wechat server, and above-mentioned verification information can be public platform information, Above-mentioned user's login banner can be WeChat ID, and above-mentioned customized information can be public platform information, certainly, public platform information and WeChat ID etc. is an example, without limitation.In another example applications client can be microblogging client, application service Device can be micro blog server, and above-mentioned verification information can be microblogging number, to the type of this applications client and application server It is not limited.
Based on the above-mentioned technical proposal, in the embodiment of the present application, network management server can be established long connect with first terminal It connects, after the notification message for receiving applications client transmission, user information can be obtained from notification message, and by described User information is sent to first terminal by long connection;Then, network management server receives the carrying user that first terminal is sent The certification request of information is authenticated first terminal according to certification request.It, can be by network management services based on aforesaid way Device is authenticated terminal, and terminal authentication flow can be completed by network management server so that network management server can It participates in identifying procedure, once authentification failure, the reason of network management server can know authentification failure, can be user Solution is provided.Moreover, network management server can know user information, then provide personalized service to user, is The operation and popularization of Wi-Fi trade companies provide help so that terminal accesses network by Wi-Fi.Aforesaid way can reduce to the greatest extent The interaction times of applications client and application server avoid the interaction of network management server and application server, can make First terminal accesses network by way of application even Wi-Fi.
Based on similarly applying conceiving with the above method, another authentication method, the party are also proposed in the embodiment of the present application Method can be applied to network management server, shown in Figure 3, and this method may include:
Step 301, after the long connection request for receiving first terminal transmission, long connection is established with first terminal.
Step 302, the notification message that applications client is sent is received, which carries applications client and taken from application The user information that business device obtains, which is that applications client obtains network management services from the Quick Response Code of first terminal After the URL information of device, sent according to the URL information.
Step 303, it is connected by the length and the user information is sent to first terminal.
Step 304, the certification request for carrying the user information that first terminal is sent is received.
Step 305, first terminal is authenticated according to the certification request.
In one example, which can also include the label information of first terminal;The notification message may be used also Label information with the first terminal obtained from the Quick Response Code including applications client.
Based on this, for network management server after establishing long connection with first terminal, network management server can be with Establish the correspondence for the label information that length connection includes with the long connection request.
Further, it is connected by the length and the user information is sent to first terminal, may include:Network management services Device inquires the correspondence by the label information that the notification message includes, and obtains long connection corresponding with the label information, And it is connected by the length and user information is sent to the first terminal.
In one example, network management server can also be that the length connects after establishing long connection with first terminal Ageing timer is set;Before ageing timer time-out, if sending user information to first terminal by long connection, break Open long connection;Alternatively, after ageing timer time-out, then long connection is disconnected.
In one example, it after receiving the notification message that applications client is sent, can also be recorded in validated user table User information;Further, certification request can also carry the address information of first terminal, eventually according to the certification request pair first End is authenticated, and can include but is not limited to:If there are the user informations carried in the certification request in validated user table, really First terminal is determined by certification, and the address information of first terminal is sent to wireless device, so that wireless device is according to address Information allows first terminal to access network.
In one example, after receiving the notification message that applications client is sent, network management server can also obtain Customized information is taken, and the customized information is pushed to applications client.
Wherein, the authentication method of Fig. 3 and the authentication method of Fig. 2 are similar, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, a kind of Verification System, including nothing are also proposed in the embodiment of the present application Line equipment and network management server, wherein:Wireless device, can be with after the radio connection request for receiving first terminal transmission The redirection message for carrying the URL information for accessing network management server is sent to first terminal, so that first terminal will Long connection request is redirected to network management server, and generates Quick Response Code according to the URL information;Network management server receives To after long connection request, long connection can be established with first terminal;In addition, network management server can receive applications client The notification message of transmission, which carries the user information that applications client is obtained from application server, and the notice disappears Breath is applications client after obtaining URL information in the Quick Response Code, is sent according to the URL information;Then, network management services Device is connected by the length user information being sent to first terminal, and receives the carrying of the first terminal transmission user information Certification request, and first terminal is authenticated according to the certification request.
Wherein, above-mentioned Verification System is similar with the authentication method of Fig. 2 or Fig. 3, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, the embodiment of the present application also proposes a kind of authentication device, is applied to net Network management server, it is shown in Figure 4, it is the structure chart of described device, described device includes:
Module 401 is established, for after the long connection request for receiving first terminal transmission, being established with the first terminal Long connection;
Receiving module 402, the notification message for receiving applications client transmission, the notification message carry the application The user information that client is obtained from application server, the notification message are two dimension of the applications client from the first terminal After obtaining the URL information of the network management server in code, sent according to the URL information;
Sending module 403, for the user information to be sent to the first terminal by the long connection;
Receiving module 402 is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module 404, for being authenticated to the first terminal according to the certification request.
The long connection request further includes the label information of the first terminal;The notification message further includes the application The label information for the first terminal that client is obtained from the Quick Response Code;It is described to establish module 401, it is additionally operable to establish institute State the correspondence for the label information that long connection includes with the long connection request;The sending module 403 is connected by the length Connecing when that the user information is sent to the first terminal is specifically used for:The label information for including by the notification message is looked into The correspondence is ask, the corresponding long connection of the label information is obtained, is connected the user information by the length It is sent to the first terminal.
In one example, described device can also include (not shown in FIG.):Processing module, for described the One terminal is established after long connection, for the long connection setting ageing timer;Before the ageing timer time-out, if It is connected to the first terminal by the length and sends user information, then disconnect the long connection;Alternatively, in aging timing After device time-out, then the long connection is disconnected.
The authentication module 404 is additionally operable to record the user information in validated user table;
The certification request also carries the address information of the first terminal;
The authentication module 404 is specifically used for when being authenticated to the first terminal according to the certification request:If institute State in validated user table that there are the user informations carried in the certification request, it is determined that the first terminal by certification, and The address information of the first terminal is sent to wireless device, so that the wireless device allows institute according to described address information It states first terminal and accesses network.
The sending module 403 is additionally operable to obtain customized information, and pushes the personalization to the applications client Information.
Network management server provided by the embodiments of the present application, for hardware view, hardware structure schematic diagram specifically may be used With shown in Figure 5, may include:Machine readable storage medium and processor, wherein:
Machine readable storage medium:Store instruction code.
Processor:Communicated with machine readable storage medium, read and execute stored in machine readable storage medium it is described Instruction code realizes authentication operation disclosed in the application above-mentioned example.
Here, machine readable storage medium can be any electronics, magnetism, optics or other physical storage devices, can be with Including or storage information, such as executable instruction, data, etc..For example, machine readable storage medium can be:RAM(Radom Access Memory, random access memory), volatile memory, nonvolatile memory, flash memory, memory driver is (as hard Disk drive), solid state disk, any kind of storage dish (such as CD, dvd) either similar storage medium or they Combination.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of arbitrary several equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit is realized can in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes computer usable program code that the embodiment of the present application, which can be used in one or more, The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of program product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It is generally understood that being realized by computer program instructions each in flowchart and/or the block diagram The combination of flow and/or box in flow and/or box and flowchart and/or the block diagram.These computer journeys can be provided Sequence instruct to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with Generate a machine so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for Realize the dress for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes It sets.
Computer or the processing of other programmable datas can be guided to set moreover, these computer program instructions can also be stored in In standby computer-readable memory operate in a specific manner so that instruction stored in the computer readable memory generates Manufacture including command device, the command device are realized in one flow of flow chart or multiple flows and/or block diagram one The function of being specified in a box or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer Or the instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram The step of function of being specified in one box or multiple boxes.
Above is only an example of the present application, it is not intended to limit this application.For those skilled in the art For, the application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent Replace, improve etc., it should be included within the scope of claims hereof.

Claims (11)

1. a kind of authentication method, which is characterized in that it is applied to network management server, including:
After the long connection request for receiving first terminal transmission, long connection is established with the first terminal;
The notification message that applications client is sent is received, the notification message carries the applications client and obtained from application server The user information obtained, the notification message is that applications client obtains the network management from the Quick Response Code of the first terminal After the URL information of server, sent according to the URL information;
The user information is sent to the first terminal by the long connection;
Receive the certification request for the carrying user information that the first terminal is sent;
The first terminal is authenticated according to the certification request.
2. according to the method described in claim 1, it is characterized in that,
The long connection request further includes the label information of the first terminal;The notification message further includes the application client Hold the label information of the first terminal obtained from the Quick Response Code;
After the long connection with first terminal foundation, the method further includes:
Establish the correspondence for the label information that the long connection includes with the long connection request;
It is described that the user information is sent to by the first terminal by the long connection, including:
The correspondence is inquired by the label information that the notification message includes, it is corresponding described to obtain the label information Long connection, and the user information is sent to by the first terminal by the long connection.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
After establishing long connection with the first terminal, for the long connection setting ageing timer;In aging timing Before device time-out, user information is sent if being connected to the first terminal by the length, disconnects the long connection;Or Person then disconnects the long connection after the ageing timer time-out.
4. according to the method described in claim 1, it is characterized in that, it is described receive applications client send notification message it Afterwards, the method further includes:The user information is recorded in validated user table;
The certification request also carries the address information of the first terminal, according to the certification request to the first terminal into Row certification, including:If there are the user informations carried in the certification request in the validated user table, it is determined that described first Terminal is sent to wireless device by certification, and by the address information of the first terminal, so that the wireless device is according to institute Stating address information allows the first terminal to access network.
5. according to the method described in claim 1, it is characterized in that,
After the notification message for receiving applications client transmission, the method further includes:
Customized information is obtained, and the customized information is pushed to the applications client.
6. a kind of Verification System, which is characterized in that taken including wireless device and claim 1-5 any one of them network managements Business device, wherein:
The wireless device sends to first terminal and carries for visiting after the radio connection request for receiving first terminal transmission The redirection message of the URL information of network management server is asked, so that long connection request is redirected to institute by the first terminal Network management server is stated, and Quick Response Code is generated according to the URL information.
7. a kind of authentication device, which is characterized in that be applied to network management server, described device includes:
Module is established, for after the long connection request for receiving first terminal transmission, long connection to be established with the first terminal;
Receiving module, the notification message for receiving applications client transmission, the notification message carry the applications client The user information obtained from application server, the notification message are that applications client is obtained from the Quick Response Code of the first terminal To after the URL information of the network management server, sent according to the URL information;
Sending module, for the user information to be sent to the first terminal by the long connection;
The receiving module is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module, for being authenticated to the first terminal according to the certification request.
8. device according to claim 7, which is characterized in that
The long connection request further includes the label information of the first terminal;The notification message further includes the application client Hold the label information of the first terminal obtained from the Quick Response Code;
It is described to establish module, it is additionally operable to establish the corresponding pass of the long connection and the label information that the long connection request includes System;
The sending module is specifically used for when the user information being sent to the first terminal by the long connection:Pass through The label information that the notification message includes inquires the correspondence, obtains the corresponding long connection of the label information, The user information is sent to the first terminal by the long connection.
9. device according to claim 8, which is characterized in that further include:Processing module, for the first terminal It establishes after long connection, for the long connection setting ageing timer;Before the ageing timer time-out, if having passed through institute It states long connection and sends user information to the first terminal, then disconnect the long connection;Alternatively, in ageing timer time-out Afterwards, then the long connection is disconnected.
10. device according to claim 7, which is characterized in that
The authentication module is additionally operable to record the user information in validated user table;
The certification request also carries the address information of the first terminal;
The authentication module is specifically used for when being authenticated to the first terminal according to the certification request:If the legal use There are the user informations carried in the certification request in the table of family, it is determined that the first terminal is by certification, and by described The address information of one terminal is sent to wireless device, so that the wireless device is whole according to described address information permission described first End accesses network.
11. device according to claim 7, which is characterized in that the sending module is additionally operable to obtain customized information, And push the customized information to the applications client.
CN201810542887.5A 2018-05-30 2018-05-30 Authentication method, system and device Active CN108809969B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810542887.5A CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810542887.5A CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Publications (2)

Publication Number Publication Date
CN108809969A true CN108809969A (en) 2018-11-13
CN108809969B CN108809969B (en) 2020-11-06

Family

ID=64089494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810542887.5A Active CN108809969B (en) 2018-05-30 2018-05-30 Authentication method, system and device

Country Status (1)

Country Link
CN (1) CN108809969B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109769249A (en) * 2019-01-30 2019-05-17 新华三技术有限公司 A kind of authentication method, system and its apparatus
CN111277543A (en) * 2018-12-04 2020-06-12 华为技术有限公司 Information synchronization method, authentication method and device
CN113010893A (en) * 2019-12-19 2021-06-22 华为技术有限公司 Software management method, device and system
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001973A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
CN103067378A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Log-in control method and system based on two-dimension code
JP2013171496A (en) * 2012-02-22 2013-09-02 Hisao Kitamura Privilege application service management system
CN103634119A (en) * 2013-12-13 2014-03-12 北京星网锐捷网络技术有限公司 Authentication method, application client, application server and authentication server
CN105825374A (en) * 2016-03-11 2016-08-03 北京纳衡仪器仪表有限公司 Paid service operation management system apparatus and method for public place
WO2016147591A1 (en) * 2015-03-17 2016-09-22 Ricoh Company, Ltd. Transmission system, transmission terminal, method and program
CN106651277A (en) * 2017-01-04 2017-05-10 南阳师范学院 Regional logistics information-based network transmission system and data analysis method
CN107277812A (en) * 2017-07-11 2017-10-20 上海斐讯数据通信技术有限公司 A kind of wireless network authentication method and system based on Quick Response Code
CN107454064A (en) * 2017-07-11 2017-12-08 上海斐讯数据通信技术有限公司 A kind of visitor's authentication method and system based on public number
CN107529164A (en) * 2017-09-07 2017-12-29 上海斐讯数据通信技术有限公司 A kind of portal certifications, wireless network access method and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013171496A (en) * 2012-02-22 2013-09-02 Hisao Kitamura Privilege application service management system
CN103001973A (en) * 2012-12-26 2013-03-27 百度在线网络技术(北京)有限公司 Method, system and device used for controlling login and based on two-dimensional code
CN103067378A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Log-in control method and system based on two-dimension code
CN103634119A (en) * 2013-12-13 2014-03-12 北京星网锐捷网络技术有限公司 Authentication method, application client, application server and authentication server
WO2016147591A1 (en) * 2015-03-17 2016-09-22 Ricoh Company, Ltd. Transmission system, transmission terminal, method and program
CN105825374A (en) * 2016-03-11 2016-08-03 北京纳衡仪器仪表有限公司 Paid service operation management system apparatus and method for public place
CN106651277A (en) * 2017-01-04 2017-05-10 南阳师范学院 Regional logistics information-based network transmission system and data analysis method
CN107277812A (en) * 2017-07-11 2017-10-20 上海斐讯数据通信技术有限公司 A kind of wireless network authentication method and system based on Quick Response Code
CN107454064A (en) * 2017-07-11 2017-12-08 上海斐讯数据通信技术有限公司 A kind of visitor's authentication method and system based on public number
CN107529164A (en) * 2017-09-07 2017-12-29 上海斐讯数据通信技术有限公司 A kind of portal certifications, wireless network access method and system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111277543A (en) * 2018-12-04 2020-06-12 华为技术有限公司 Information synchronization method, authentication method and device
CN111277543B (en) * 2018-12-04 2022-08-26 华为技术有限公司 Information synchronization method, authentication method and device
CN109769249A (en) * 2019-01-30 2019-05-17 新华三技术有限公司 A kind of authentication method, system and its apparatus
CN109769249B (en) * 2019-01-30 2022-03-01 新华三技术有限公司 Authentication method, system and device
CN113010893A (en) * 2019-12-19 2021-06-22 华为技术有限公司 Software management method, device and system
CN113010893B (en) * 2019-12-19 2024-05-17 华为云计算技术有限公司 Software management method, device and system
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device

Also Published As

Publication number Publication date
CN108809969B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
US10057251B2 (en) Provisioning account credentials via a trusted channel
CN108733991B (en) Webpage application access method and device and storage medium
US10362026B2 (en) Providing multi-factor authentication credentials via device notifications
CN102017572B (en) The method logged on for providing single service, equipment and computer program
US20170032111A1 (en) Approaches for providing multi-factor authentication credentials
CN110268729A (en) To Internet of Things (IOT) equipment supply equipment and/or Line sharing ability
CN103858457A (en) Multi-hop single sign-on (sso) for identity provider (idp) roaming/proxy
CN108809969A (en) A kind of authentication method, system and its apparatus
CN108141747A (en) For remotely providing the method and apparatus of profile in a communications system
US20070019616A1 (en) Group formation using mobile computing devices
US20130086670A1 (en) Providing third party authentication in an on-demand service environment
US20130318581A1 (en) Multi-factor authentication using a unique identification header (uidh)
CN104618315B (en) A kind of method, apparatus and system of verification information push and Information Authentication
CN107623690A (en) Login method, equipment and storage medium
US10841297B2 (en) Providing multi-factor authentication credentials via device notifications
CN113542201B (en) Access control method and equipment for Internet service
CN104995900A (en) Specifying link layer information in a URL
CN105681258B (en) Session method and conversational device based on third-party server
CN106789924A (en) The method and system that a kind of digital certificate protection web site of use mobile terminal is logged in
US10027642B2 (en) Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network
CN104158818A (en) Single sign-on method and system
JP4897503B2 (en) Account linking system, account linking method, linkage server device
CN106658498A (en) Portal approved quick roaming method and WiFi device
CN109769249A (en) A kind of authentication method, system and its apparatus
CN105657710A (en) Wireless network authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant