CN109462568A - Portal authentication method, system and Portal proxy server - Google Patents
Portal authentication method, system and Portal proxy server Download PDFInfo
- Publication number
- CN109462568A CN109462568A CN201710793100.8A CN201710793100A CN109462568A CN 109462568 A CN109462568 A CN 109462568A CN 201710793100 A CN201710793100 A CN 201710793100A CN 109462568 A CN109462568 A CN 109462568A
- Authority
- CN
- China
- Prior art keywords
- portal
- client
- user
- authentication
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a kind of portal authentication method, system and Portal proxy servers, are related to field of communication technology.It is authenticated this method comprises: the first user authentication information is sent to virtual operator's authentication platform by Portal proxy server;If user is legitimate user, telecom operators' account number of virtual operator's authentication platform transmission is received;Second user authentication information is constructed using telecom operators' account number based on portal protocol;Second user authentication information is sent to Portal server, to be authenticated in telecom operators AAA;The authentication result that the telecom operators AAA of Portal server feedback is sent is received, and authentication result is fed back into client and/or virtual operator's authentication platform.The present invention can make the client of virtual operator access the network of different telecom operators in the case where the user terminal and telecom operators' authentication platform of virtual operator is not transformed.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of portal authentication methods, system and Portal agency's clothes
Business device.
Background technique
Portal is the meaning of portal in English, and it is that WiFi user is universal that Portal certification, which is otherwise referred to as WEB certification,
A kind of authentication mode used.User terminal (having WiFi network interface card) booting is automatic to obtain IP address, when being initially opened webpage,
Service Gateway, such as BRAS (Broadband Remote Access Server, Broadband Remote Access Server), fusion AC
(Access Controller or Wireless Access Point Controller, access controller) etc., Portal is taken
The URL of business device is redirected to user terminal, user terminal access Portal server, and Portal server can push one to user
A WEB page, user fill in the relevant informations such as user name, password in the WEB page, then click and submit to Portal service
The relevant informations such as user name, password can be transmitted to AAA through Service Gateway and carry out user authentication by device, Portal server, if with
Family authenticates successfully, then Service Gateway can open the user right, and user just may have access to public network.
As client software (such as APP) is used generally, due to being pre-configured with the certification account number of user inside client
(information such as user name, password), client will replace user to carry out Portal certification.
Existing many Internet enterprises (such as Tencent, Baidu) or third party enterprise cooperate with telecom operators, pass through rent
Carry out respective business with operator's WiFi network, presently mainly after to management functions, (user freely uses WiFi, WiFi fortune
Battalion quotient is taken in by playing advertisement etc.), form actual WiFi virtual operator.In order to commence business, telecommunications fortune
Seeking quotient is to provide a certain number of user authentication account numbers according to WiFi virtual operator demand, to belonging to WiFi virtual operator
User uses when accessing the certification of telecom operators' WiFi network.
Due to many mature Internet enterprises or third party enterprise, client (APP) is assembled in user terminal.Visitor
Family end (APP) accesses telecommunications WiFi network and just influences whether original business if user authentication account number is changed to telecommunications account number
Mode, and need certification to virtual operator, using etc. systems be transformed;In addition, the same client is possible to
Needed under different scenes access different operators WiFi network, due to different operators WiFi network be using respective account number into
Row certification, if client certificate account number is changed to a certain carrier authorization account number, also can not just access other operator WiFi nets
Network.
Summary of the invention
The invention solves a technical problem be to provide a kind of portal authentication method, system and Portal agency's clothes
Business device, can make virtual operator in the case where the user terminal and telecom operators' authentication platform of virtual operator is not transformed
Client access the networks of different telecom operators.
According to the present invention, a kind of portal portal authentication method is on the one hand proposed, comprising: Portal proxy server is by
One user authentication information is sent to virtual operator's authentication platform and is authenticated;If user is legitimate user, virtual fortune is received
Seek telecom operators' account number that quotient's authentication platform is sent;Second user is constructed using telecom operators' account number based on portal protocol
Authentication information;Second user authentication information is sent to Portal server, so that Portal server will by Service Gateway
Second user authentication information is sent to telecom operators authentication, authorization, accounting AAA and is authenticated;It is anti-to receive Portal server
The authentication result that the telecom operators AAA of feedback is sent, and by authentication result feed back to client and/or virtual operator authenticate it is flat
Platform.
Further, portal authentication method further include: Portal proxy server receives the visitor that Service Gateway is sent
Family end message identifying;It parses client certificate message and obtains the first user authentication information, wherein the first user authentication information includes
Enterprise characteristic code;Wherein, the first user authentication information corresponding virtual operator is sent to based on enterprise characteristic code to recognize
Card platform is authenticated.
Further, portal authentication method further include: Portal proxy server sends client offline information
To virtual operator's authentication platform, so that the recycling of virtual operator's authentication platform is handed down to telecom operators' account number of client.
Further, portal authentication method further include: Portal proxy server parses the offline of client transmission
Request message obtains enterprise characteristic code;Client offline information virtual operator is sent to based on enterprise characteristic code to recognize
Demonstrate,prove platform.
Further, client offline information is sent to Portal server by Portal proxy server, so as to
Portal server notifies telecom operators AAA to stop charging by Service Gateway.
Further, the first user authentication information further include virtual operator's account number, client mac address, IP address and/
Or operation system information.
Further, second user authentication information is including further including client mac address, IP address, suffix domain-name information
And/or Client location information.
According to another aspect of the present invention, it is also proposed that a kind of Portal proxy server, comprising: the first user authentication information
Transmission unit is authenticated for the first user authentication information to be sent to virtual operator's authentication platform;Telecom operators' account
Number receiving unit receives telecom operators' account number of virtual operator's authentication platform transmission if being legitimate user for user;
Second user authentication information structural unit, for being authenticated based on portal protocol using telecom operators' account number construction second user
Information;Second user authentication information transmission unit, for second user authentication information to be sent to Portal server, so as to
Second user authentication information is sent to telecom operators AAA by Service Gateway and authenticated by Portal server;Certification knot
Fruit receives feedback unit, the authentication result that the telecom operators AAA for receiving Portal server feedback is sent, and will certification
As a result client and/or virtual operator's authentication platform are fed back to.
Further, the Portal proxy server further include: client certificate message receiving unit, for receiving business
The client certificate message that gateway is sent;First user authentication information acquiring unit is obtained for parsing client certificate message
First user authentication information, wherein the first user authentication information includes enterprise characteristic code;Wherein, the first user authentication information
Transmission unit is used to that the first user authentication information to be sent to corresponding virtual operator's authentication platform based on enterprise characteristic code
It is authenticated.
Further, Portal proxy server further include: client offline information transmission unit is used for client
Offline information is sent to virtual operator's authentication platform, so that the recycling of virtual operator's authentication platform is handed down to the telecommunications of client
Operator's account number.
Further, the Portal proxy server further include: offline request message resolution unit, for parsing client
The offline request message sent obtains enterprise characteristic code;Client offline information transmission unit is used to be based on enterprise characteristic generation
Client offline information is sent to virtual operator's authentication platform by code.
Further, client offline information transmission unit is also used to for client offline information being sent to Portal service
Device, so that Portal server notifies telecom operators AAA to stop charging by Service Gateway.
Further, the first user authentication information further include virtual operator's account number, client mac address, IP address and/
Or operation system information.
Further, second user authentication information further include client mac address, IP address, suffix domain-name information and/or
Client location information.
According to another aspect of the present invention, it is also proposed that a kind of portal certification system, including Service Gateway, Portal service
Device, virtual operator's authentication platform, telecom operators AAA and above-mentioned Portal proxy server.
According to another aspect of the present invention, it is also proposed that a kind of Portal proxy server, comprising: memory;And coupling
To the processor of memory, processor is configured as recognizing based on for example above-mentioned Portal agency of the instruction execution for being stored in memory
Card method.
According to another aspect of the present invention, it is also proposed that a kind of computer readable storage medium is stored thereon with computer journey
The step of sequence instruction, which realizes above-mentioned Portal proxy authentication method when being executed by processor.
Compared with prior art, the present invention by Portal proxy server replace user client to Portal server into
Row certification, makees big transformation without the user terminal to virtual operator, meanwhile, telecom operators' authentication platform does not need to make yet
Any transformation avoids the account number that virtual operator is distributed to user client from being changed to the predicament of telecom operators' account number, energy
The client of virtual operator is enough set to access the network of different telecom operators.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become apparent.
Detailed description of the invention
The attached drawing for constituting part of specification describes the embodiment of the present invention, and together with the description for solving
Release the principle of the present invention.
The present invention can be more clearly understood according to following detailed description referring to attached drawing, in which:
Fig. 1 is the flow diagram of one embodiment of portal authentication method of the present invention.
Fig. 2 is the flow diagram of another embodiment of portal authentication method of the present invention.
Fig. 3 is the flow diagram of one embodiment that user is online in portal authentication method of the present invention.
Fig. 4 is the flow diagram of one embodiment of user offline in portal authentication method of the present invention.
Fig. 5 is the structural schematic diagram of one embodiment of Portal proxy server of the present invention.
Fig. 6 is the structural schematic diagram of another embodiment of Portal proxy server of the present invention.
Fig. 7 is the structural schematic diagram of one embodiment of portal certification system of the present invention.
Fig. 8 is that Portal proxy server of the present invention is deployed in telecom operators' side group net topology schematic diagram.
Fig. 9 is that Portal proxy server of the present invention is deployed in virtual operator's side group net topology schematic diagram.
Figure 10 is the structural schematic diagram of the further embodiment of Portal proxy server of the present invention.
Figure 11 is the structural schematic diagram of another embodiment of Portal proxy server of the present invention.
Specific embodiment
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should also be noted that unless in addition having
Body explanation, the unlimited system of component and the positioned opposite of step, numerical expression and the numerical value otherwise illustrated in these embodiments is originally
The range of invention.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
Be to the description only actually of at least one exemplary embodiment below it is illustrative, never as to the present invention
And its application or any restrictions used.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference
Attached drawing, the present invention is described in more detail.
Fig. 1 is the flow diagram of one embodiment of portal authentication method of the present invention.The authentication method is by newly-increased
Portal proxy server executes, specifically includes the following steps:
In step 110, the first user authentication information is sent to virtual operator's authentication platform by Portal proxy server
It is authenticated.Wherein, user client can increase enterprise characteristic code in original authentication information, to show belonging to user
Enterprise.Portal proxy server can determine virtual operator belonging to user according to enterprise characteristic code.
In step 120, if user is legitimate user, Portal proxy server receives virtual operator's authentication platform hair
The telecom operators' account number sent.Wherein, virtual operator's authentication platform can feed back authentication result to Portal proxy server,
For legitimate user, virtual operator's authentication platform can issue the telecommunications account number such as corresponding user name, password simultaneously.
In step 130, Portal proxy server is based on portal protocol and is used using telecom operators' account number construction second
Family authentication information.Wherein, Portal proxy server structuring user's Portal message identifying, by the account number substitution user's of telecommunications
The user account number of virtual operator, the message identifying of construction further include the MAC Address of user, IP address, suffix domain-name information, visitor
The information such as family end position information, wherein Client location information for example can be device number, the slot of client access service gateway
Position number, sub- slot number, VLAN ID etc..
In step 140, second user authentication information is sent to Portal server by Portal proxy server, so as to
Portal server by Service Gateway by second user authentication information be sent to telecom operators AAA (Authentication,
Authorization, Accounting, authentication, authorization, accounting) it is authenticated.
In step 150, what the telecom operators AAA that Portal proxy server receives Portal server feedback was sent recognizes
Card is as a result, and feed back to client and virtual operator's authentication platform for authentication result.
In this embodiment, by increasing Portal proxy server mode, without to Internet enterprises and virtual operation
The user terminal of quotient makees big transformation, meanwhile, telecom operators' authentication platform does not need to make any transformation, can be virtual operation
Quotient by buy telecommunications account number mode commence business mode provide service.
Fig. 2 is the flow diagram of another embodiment of portal authentication method of the present invention.
In step 210, Portal proxy server receives the client certificate message that Service Gateway is sent, authentication authorization and accounting point
Client certificate message is transmitted to Portal proxy server by (telecommunications BAS/ merges AC).
It in step 220, parses client certificate message and obtains the first user authentication information, wherein the first user authentication letter
Breath includes enterprise characteristic code, the client mac address, IP address, virtual operator's account number, operation system information of client
Deng.
In step 230, the first user authentication information is sent to by corresponding virtual operator based on enterprise characteristic code and is recognized
Card platform is authenticated.
Telecom operators' account of virtual operator's authentication platform transmission is received if user is legitimate user in step 240
Number.For legitimate user, virtual operator's authentication platform can issue the telecommunications account number such as corresponding user name, password simultaneously.
In step 250, second user authentication information is constructed using telecom operators' account number based on portal protocol.
In step 260, second user authentication information is sent to Portal server, so that Portal server passes through industry
Second user authentication information is sent to telecom operators AAA and authenticated by business gateway.
In step 270, the authentication result that the telecom operators AAA of Portal server feedback is sent is received, and will certification
As a result client and virtual operator's authentication platform are fed back to.
In step 280, client offline information is sent to virtual operator's authentication platform, so as to virtual operator's certification
Platform recycles the telecom operators' account number for being handed down to client.Wherein, after client is offline, Portal proxy server can be with
The first offline request message that parsing client is sent, obtains enterprise characteristic code, based on enterprise characteristic code that client is offline
Information reports to virtual operator's authentication platform, and virtual operator's authentication platform recycles the telecom operators' account for being handed down to the client
Number, other clients access telecom operators' WiFi network after account can be given uses.In addition, as needed, virtually
Operator can carry out password update by telecommunications AAA to the telecommunications account number of recycling.
In step 290, client offline information is sent to Portal server, so that Portal server passes through business
Gateway notifies telecom operators AAA to stop charging.Wherein, step 280 and step 290 may be performed simultaneously.
In this embodiment, increase enterprise characteristic code, in original authentication information so as to which authentication information to be sent to
Corresponding virtual operator's authentication platform is authenticated, and virtual operator's authentication platform issues telecommunications to Portal proxy server
Operator's account number to construct second user authentication information, and is realized by the certification to second user authentication information to client
The certification at end.The embodiment does not need to be transformed telecom operators' authentication platform, former not influencing virtual operation client
It in the case where the development for having business, solves the problems, such as to merge with telecommunication carrier networks, while nor affecting in other operations
Quotient's network application.
In addition, virtual operator's authentication platform recycles the telecom operators' account number for being handed down to user in user offline, mention
The high service efficiency of account number.
Fig. 3 is the flow diagram of one embodiment that user is online in portal authentication method of the present invention.Wherein, virtually
The client of provider customer accesses telecom operators' WiFi network, opens request of surfing the Internet in APP.
In step 310, client obtains IP address.
In step 320, client initiates HTTP GET to BAS/AC.
In step 330, BAS/AC redirects Portal proxy server URL to client.
In step 340, user accesses Portal proxy server.
In step 350, Portal proxy server parses user's message, with obtaining enterprise characteristic code, client mac
The user authentication informations such as location, IP address, virtual operator's account number, operation system information.Wherein, the client of virtual operator adds
Add enterprise characteristic code, to show that client belongs to specific virtual operator;Portal authentication agent server passes through parsing
The Portal message identifying of client obtains enterprise characteristic code, so that it may by user information be sent to virtual operator's Verification System into
Row certification, authenticates the legitimacy of user.
In step 360, user authentication information is forwarded to corresponding virtual operator's certification and put down by Portal proxy server
Platform is authenticated.
In step 370, virtual operator's authentication platform returns feedback user authentication result;For legitimate user, while can issue
Corresponding telecommunications account number.After the confirmation of virtual operator's Verification System is legitimate user, just from the pre-assigned electricity of telecom operators
A unused account number is found in letter account number and temporarily gives the user, and Portal authentication agent server of feeding is returned with authentication result.
In step 380, Portal proxy server is according to portal protocol structuring user's Portal message identifying, wherein
The message identifying of construction further includes the information such as MAC Address, IP address, suffix domain-name information, the Client location information of user.Its
In, the account number of telecommunications can be substituted to the user account number of the virtual operator of user.
In step 390, Portal proxy server sends user authentication request to Portal server.
In step 3100, Portal server sends user authentication request to BAS/AC.
In step 3110, BAS/AC carries out user authentication request with AAA and interacts.
In step 3120, BAS/AC feeds back certification request result to Portal server.
In step 3130, BAS/AC and AAA accounting start request and response confirm.
In step 3140, Portal server feeds back certification request result to Portal proxy server.
In step 3150, Portal proxy server is asked to client, the feedback certification of virtual operator's authentication platform respectively
Seek result.
In this embodiment, it can be ensured that client can access different telecom operators WiFi under the same virtual operator
A possibility that network, the telecommunications account number that virtual operator can also distribute telecom operators give different use in different time sections
Family use is authenticated, and the service efficiency of account number is improved.
Fig. 4 is the flow diagram of one embodiment of user offline in portal authentication method of the present invention.
In step 410, client sends user offline request to Portal proxy server.
In step 420, Portal proxy server parses user's message, with obtaining enterprise characteristic code, client mac
The information such as location, IP address, telecom operators' account number, operating system, and according to the offline request message of portal protocol structuring user's.
In step 430, Portal proxy server sends user offline request to Portal server.
In step 440, Portal server sends offline request message to BAS.
In step 450, BAS carries out accounting stop request with AAA and interacts.
In step 460, BAS sends offline request to Portal server and responds.
In step 470, Portal server sends offline request to Portal proxy server and responds.
In step 480, Portal proxy server sends user offline notice to virtual operator's authentication platform.
In step 490, virtual operator's authentication platform recycles the telecom operators' account number for being handed down to client.
In step 4100, Portal proxy server sends user offline notice, the online end of user to client.
In this embodiment, when user offline, electricity that the Verification System of virtual operator just temporarily uses the user
Believe that account number is withdrawn, other users can be distributed to and used.In addition, if necessary, can be carried out to the account number of withdrawal by the AAA of telecommunications
Password update.
Fig. 5 is the structural schematic diagram of one embodiment of Portal proxy server of the present invention.The Portal agency service
Device includes the first user authentication information transmission unit 510, telecom operators' account number receiving unit 520, second user authentication information
Structural unit 530, second user authentication information transmission unit 540 and authentication result receive feedback unit 550, in which:
First user authentication information transmission unit 510 is used to the first user authentication information being sent to corresponding virtual operation
Quotient's authentication platform authenticates.Wherein, user client increases enterprise characteristic code in original authentication information, to show user
Affiliated enterprise.Portal proxy server can determine virtual operator belonging to user according to enterprise characteristic code.
If telecom operators' account number receiving unit 520 is legitimate user for user, it is flat to receive virtual operator's certification
Telecom operators' account number that platform is sent.Wherein, virtual operator's authentication platform can feed back to Portal proxy server and authenticate
As a result, virtual operator's authentication platform can issue the telecommunications account number such as corresponding user name, password simultaneously for legitimate user.
Second user authentication information structural unit 530 is used to utilize telecom operators' account number construction the based on portal protocol
Two user authentication informations.Wherein, the account number of telecommunications is substituted and is used by Portal proxy server structuring user's Portal message identifying
The user account number of the virtual operator at family, the message identifying of construction further include the MAC Address of user, IP address, suffix domain name letter
The information such as breath, Client location information, wherein Client location information may include the equipment of client access service gateway
Number, slot number, sub- slot number, VLAN ID etc..
Second user authentication information transmission unit 540 is used to second user authentication information being sent to Portal server,
It is authenticated so that second user authentication information is sent to telecom operators AAA by Service Gateway by Portal server.
Authentication result receives feedback unit 550 and is used to receive what the telecom operators AAA that Portal server is fed back was sent
Authentication result, and authentication result is fed back into client and virtual operator's authentication platform.
In this embodiment, by increasing Portal proxy server mode, without to Internet enterprises and virtual operation
The user terminal of quotient makees big transformation, meanwhile, telecom operators' authentication platform does not need to make any transformation, can be virtual operation
Quotient by buy telecommunications account number mode commence business mode provide service.
Fig. 6 is the structural schematic diagram of another embodiment of Portal proxy server of the present invention.Portal agency's clothes
Business device includes client certificate message receiving unit 610, the first user authentication information acquiring unit 620, the first user authentication letter
Cease transmission unit 630, telecom operators' account number receiving unit 640, second user authentication information structural unit 650, second user
Authentication information transmission unit 660 and authentication result receive feedback unit 670, wherein the first user authentication information transmission unit
630, telecom operators' account number receiving unit 640, second user authentication information structural unit 650, second user authentication information hair
Send unit 660 and authentication result receive feedback unit 670 respectively with the first user authentication information transmission unit 510, telecom operation
Quotient's account number receiving unit 520, second user authentication information structural unit 530, second user authentication information transmission unit 540 and recognize
It is same or similar to demonstrate,prove result reception feedback unit 550.
Client certificate message receiving unit 610 is used to receive the client certificate message of Service Gateway transmission.Wherein industry
Client certificate message is transmitted to Portal proxy server by business gateway (telecommunications BAS/ merges AC).
First user authentication information acquiring unit 620 obtains the first user authentication letter for parsing client certificate message
Breath, wherein the first user authentication information includes the enterprise characteristic code, client mac address, IP address, virtual fortune of client
Seek quotient's account number, operation system information etc..
The Portal proxy server can also include that offline request message resolution unit 680 and client offline information are sent out
Send unit 690.Wherein, offline request message resolution unit 680 is used to parse the offline request message of client transmission, is looked forward to
Industry feature code.Client offline information transmission unit 690 is used to send client offline information based on enterprise characteristic code
To virtual operator's authentication platform, so that the recycling of virtual operator's authentication platform is handed down to telecom operators' account number of client.
Wherein, after client is offline, client offline information is reported to virtual operator's authentication platform by Portal proxy server, empty
Quasi- carrier authorization platform recycling is handed down to telecom operators' account number of the client, account can give after other clients
Telecom operators' WiFi network is accessed to use.In addition, as needed, virtual operator can pass through electricity to the telecommunications account number of recycling
Believe that AAA carries out password update.
In addition, client offline information transmission unit 690 is also used to for client offline information being sent to Portal service
Device, so that Portal server notifies telecom operators AAA to stop charging by Service Gateway.
In this embodiment, increase enterprise characteristic code, in original authentication information so as to which authentication information to be sent to
Corresponding virtual operator's authentication platform is authenticated, and virtual operator's authentication platform issues telecommunications to Portal proxy server
Operator's account number to construct second user authentication information, and is realized by the certification to second user authentication information to client
The certification at end.The embodiment does not need to be transformed telecom operators' authentication platform, former not influencing virtual operation client
It in the case where the development for having business, solves the problems, such as to merge with telecommunication carrier networks, while nor affecting in other operations
Quotient's network application.
Fig. 7 is the structural schematic diagram of one embodiment of portal certification system of the present invention.The Verification System includes business
Gateway 710, Portal server 720, virtual operator's authentication platform 730, telecom operators AAA740 and Portal agency's clothes
Business device 750, wherein Portal proxy server 750 is elaborated in the above-described embodiments.Portal agency service
Device 750 is client for Portal server 720;For with client, Portal proxy server 750 is
The server of Portal certification.
Wherein, Portal proxy server 750 can be deployed in telecom operators side, wherein as shown in figure 8, if
Portal proxy server 750 is deployed in telecom operators side, and same set of Portal proxy server can correspond to multiple virtual
The client and Verification System of operator distinguish different virtual operations by enterprise characteristic code built in client authentication information
Quotient.
Wherein, the function that each unit is realized in Portal proxy server 750 can realize with an equipment,
Two or more independent equipment be can use to realize, such as can be by setting client-side interface, server interface, virtual
Operator interface, protocol processes and control module realize the function of above-mentioned each unit.Wherein, client-side interface is responsible for and is used
Family client communication receives the message identifying that user client is initiated.Server interface is responsible for communicating with Portal server, bears
Duty sends constructed client certificate message.Virtual operator's interface is responsible for communicating with each virtual operator's Verification System, into
The certification of row user validation.Protocol processes and control module are responsible for the parsing, processing, construction of portal protocol message, and use
The functions such as the management of family presentation.
In addition, Portal proxy server 750 can be with as shown in figure 9, be deployed in virtual operator side, i.e. Portal generation
It manages server 750 and corresponding virtual operator's authentication platform 730 can be in the same Intranet, it is however generally that, it can only normalizing
Virtual operator uses, and user client does not need addition enterprise characteristic code there is no need to do any transformation.
In the above-described embodiments, user client is replaced to be recognized to Portal server by Portal proxy server
Card, the predicament of telecom operators' account number is changed to so as to avoid the account number that virtual operator is distributed to user client, is made
The WiFi network that the client of virtual operator accesses different telecom operators is possibly realized.
Figure 10 is the structural schematic diagram of the further embodiment of Portal proxy server of the present invention.Portal agency's clothes
Business device includes memory 1010 and processor 1020.
Memory 1010 can be disk, flash memory or other any non-volatile memory mediums.Memory is for storing figure
Instruction in embodiment corresponding to 1-4.Processor 1020 is coupled to memory 1010, can be used as one or more integrated circuits
Implement, such as microprocessor or microcontroller.The processor 1020 is for executing the instruction stored in memory.
In one embodiment, can also as shown in figure 11, which includes memory 1110 and place
Manage device 1120.Processor 1120 is coupled to memory 1110 by BUS bus 1130.The device 1100 can also be connect by storage
Mouth 1140 is connected to external memory 1150 to call external data, can also be connected to network by network interface 1160
Or an other computer system (not shown), it no longer describes in detail herein.
In this embodiment, user client is replaced to be authenticated to Portal server by Portal proxy server,
It is changed to the predicament of telecom operators' account number so as to avoid the account number that virtual operator is distributed to user client, makes virtual
The WiFi network that the client of operator accesses different telecom operators is possibly realized.
In another embodiment, a kind of computer readable storage medium, is stored thereon with computer program instructions, this refers to
The step of order realizes the method in embodiment corresponding to Fig. 1-4 when being executed by processor.It should be understood by those skilled in the art that,
The embodiment of the present invention can provide as method, apparatus or computer program product.Therefore, complete hardware reality can be used in the present invention
Apply the form of example, complete software embodiment or embodiment combining software and hardware aspects.Moreover, the present invention can be used one
It is a or it is multiple wherein include computer usable program code computer can with non-transient storage medium (including but not limited to
Magnetic disk storage, CD-ROM, optical memory etc.) on the form of computer program product implemented.
The present invention be referring to according to the method for the embodiment of the present invention, the flow chart of equipment (system) and computer program product
And/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructions
And/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer to
Enable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate
One machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizing
The device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
So far, the present invention is described in detail.In order to avoid covering design of the invention, it is public that this field institute is not described
The some details known.Those skilled in the art as described above, completely it can be appreciated how implementing technology disclosed herein
Scheme.
Although some specific embodiments of the invention are described in detail by example, the skill of this field
Art personnel it should be understood that above example merely to being illustrated, the range being not intended to be limiting of the invention.The skill of this field
Art personnel are it should be understood that can without departing from the scope and spirit of the present invention modify to above embodiments.This hair
Bright range is defined by the following claims.
Claims (17)
1. a kind of portal portal authentication method characterized by comprising
First user authentication information is sent to virtual operator's authentication platform and authenticated by Portal proxy server;
If user is legitimate user, telecom operators' account number that virtual operator's authentication platform is sent is received;
Second user authentication information is constructed using telecom operators' account number based on portal protocol;
The second user authentication information is sent to Portal server, so that the Portal server passes through the business
The second user authentication information is sent to telecom operators authentication, authorization, accounting AAA and authenticated by gateway;
The authentication result that the telecom operators AAA of the Portal server feedback is sent is received, and the certification is tied
Fruit feeds back to client and/or virtual operator's authentication platform.
2. portal authentication method according to claim 1, which is characterized in that further include:
The Portal proxy server receives the client certificate message that Service Gateway is sent;
It parses the client certificate message and obtains first user authentication information, wherein first user authentication information
Including enterprise characteristic code;
Wherein, first user authentication information is sent to by corresponding virtual operator's authentication platform based on enterprise characteristic code
It is authenticated.
3. portal authentication method according to claim 1, which is characterized in that further include:
Client offline information is sent to virtual operator's authentication platform by the Portal proxy server, so as to described
Virtual operator's authentication platform recycles the telecom operators' account number for being handed down to client.
4. portal authentication method according to claim 3, which is characterized in that further include:
The Portal proxy server parses the offline request message that the client is sent, and obtains the enterprise characteristic generation
Code;
Client offline information is sent to virtual operator's authentication platform based on the enterprise characteristic code.
5. portal authentication method according to claim 3, which is characterized in that further include:
The client offline information is sent to the Portal server by the Portal proxy server, so as to described
Portal server notifies the telecom operators AAA to stop charging by the Service Gateway.
6. -5 any portal authentication method according to claim 1, which is characterized in that
First user authentication information further includes virtual operator's account number, client mac address, IP address and/or operation system
System information.
7. -5 any portal authentication method according to claim 1, which is characterized in that
The second user authentication information further includes client mac address, IP address, suffix domain-name information and/or client position
Confidence breath.
8. a kind of Portal proxy server characterized by comprising
First user authentication information transmission unit, for by the first user authentication information be sent to virtual operator's authentication platform into
Row certification;
Telecom operators' account number receiving unit receives virtual operator's authentication platform if being legitimate user for user
Telecom operators' account number of transmission;
Second user authentication information structural unit, for utilizing telecom operators' account number construction second based on portal protocol
User authentication information;
Second user authentication information transmission unit, for the second user authentication information to be sent to Portal server, with
Toilet state Portal server by the Service Gateway by the second user authentication information be sent to telecom operators AAA into
Row certification;
Authentication result receives feedback unit, and the telecom operators AAA for receiving the Portal server feedback is sent
Authentication result, and the authentication result is fed back into client and/or virtual operator's authentication platform.
9. Portal proxy server according to claim 8, which is characterized in that further include:
Client certificate message receiving unit, for receiving the client certificate message of Service Gateway transmission;
First user authentication information acquiring unit obtains the first user authentication letter for parsing the client certificate message
Breath, wherein first user authentication information includes enterprise characteristic code;
Wherein, the first user authentication information transmission unit is used to send out the first user authentication information based on enterprise characteristic code
It send to corresponding virtual operator's authentication platform and is authenticated.
10. Portal proxy server according to claim 8, which is characterized in that further include:
Client offline information transmission unit, for client offline information to be sent to virtual operator's authentication platform,
So that virtual operator's authentication platform recycling is handed down to telecom operators' account number of client.
11. Portal proxy server according to claim 10, which is characterized in that further include:
Offline request message resolution unit, the offline request message sent for parsing the client, it is special to obtain the enterprise
Levy code;
The client offline information transmission unit is used to be sent to client offline information based on the enterprise characteristic code
Virtual operator's authentication platform.
12. Portal proxy server according to claim 10, which is characterized in that further include:
The client offline information transmission unit is also used to for the client offline information being sent to the Portal service
Device, so that the Portal server notifies the telecom operators AAA to stop charging by the Service Gateway.
13. according to any Portal proxy server of claim 8-12, which is characterized in that
First user authentication information further includes virtual operator's account number, client mac address, IP address and/or operation system
System information.
14. according to any Portal proxy server of claim 8-12, which is characterized in that
The second user authentication information includes client mac address, IP address, suffix domain-name information and/or client location
Information.
15. a kind of portal certification system, which is characterized in that including Service Gateway, Portal server, virtual operator's certification
Platform, telecom operators AAA and any Portal proxy server of claim 8-14.
16. a kind of Portal proxy server characterized by comprising
Memory;And
It is coupled to the processor of the memory, the processor is configured to based on the instruction execution for being stored in the memory
Portal proxy authentication method as described in any one of claim 1 to 7.
17. a kind of computer readable storage medium, is stored thereon with computer program instructions, real when which is executed by processor
The step of existing claim 1 to 7 described in any item Portal proxy authentication methods.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710793100.8A CN109462568B (en) | 2017-09-06 | 2017-09-06 | Portal authentication method, system and Portal proxy server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710793100.8A CN109462568B (en) | 2017-09-06 | 2017-09-06 | Portal authentication method, system and Portal proxy server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109462568A true CN109462568A (en) | 2019-03-12 |
CN109462568B CN109462568B (en) | 2022-07-05 |
Family
ID=65605744
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710793100.8A Active CN109462568B (en) | 2017-09-06 | 2017-09-06 | Portal authentication method, system and Portal proxy server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109462568B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111246479A (en) * | 2020-01-06 | 2020-06-05 | 上海闻泰电子科技有限公司 | Method, device, terminal equipment and storage medium for resisting counterfeit operator attack |
CN114640533A (en) * | 2022-03-29 | 2022-06-17 | 北京有竹居网络技术有限公司 | Method, device, storage medium and electronic equipment for transmitting messages |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1553341A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Network address distributing method based on customer terminal |
CN103856933A (en) * | 2012-11-30 | 2014-06-11 | 中国移动通信集团公司 | Authentication method and device of roaming terminal, and server |
WO2014096994A1 (en) * | 2012-12-18 | 2014-06-26 | Lakamsani Srirama Krishna | System and method for facilitating payments for purchased products and services |
CN104349294A (en) * | 2013-07-31 | 2015-02-11 | 中国电信股份有限公司 | Authentication charging method and system based on MiFi terminal and MiFi terminal |
CN104378382A (en) * | 2014-11-28 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Multiple client wireless authentication system and authentication method thereof |
-
2017
- 2017-09-06 CN CN201710793100.8A patent/CN109462568B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1553341A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Network address distributing method based on customer terminal |
CN103856933A (en) * | 2012-11-30 | 2014-06-11 | 中国移动通信集团公司 | Authentication method and device of roaming terminal, and server |
WO2014096994A1 (en) * | 2012-12-18 | 2014-06-26 | Lakamsani Srirama Krishna | System and method for facilitating payments for purchased products and services |
CN104349294A (en) * | 2013-07-31 | 2015-02-11 | 中国电信股份有限公司 | Authentication charging method and system based on MiFi terminal and MiFi terminal |
CN104378382A (en) * | 2014-11-28 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Multiple client wireless authentication system and authentication method thereof |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111246479A (en) * | 2020-01-06 | 2020-06-05 | 上海闻泰电子科技有限公司 | Method, device, terminal equipment and storage medium for resisting counterfeit operator attack |
CN111246479B (en) * | 2020-01-06 | 2023-08-01 | 上海闻泰电子科技有限公司 | Method, device, terminal equipment and storage medium for resisting counterfeit operator attack |
CN114640533A (en) * | 2022-03-29 | 2022-06-17 | 北京有竹居网络技术有限公司 | Method, device, storage medium and electronic equipment for transmitting messages |
CN114640533B (en) * | 2022-03-29 | 2023-11-24 | 北京有竹居网络技术有限公司 | Method and device for transmitting message, storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109462568B (en) | 2022-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10531297B2 (en) | Authentication method and server, and computer storage medium | |
CN108108223B (en) | Kubernetes-based container management platform | |
CN103516715B (en) | Information processor, information processing method and information communication system | |
US9596501B2 (en) | Remote control processing method, device and system | |
CN103034530B (en) | Provide services on the Internet exchange time use method and system | |
CN104052746B (en) | Heterogeneous applications single-node login system and its single-point logging method | |
CN108092988B (en) | Non-perception authentication and authorization network system and method based on dynamic temporary password creation | |
CN109429272A (en) | Shunt method and relevant device under a kind of roaming scence | |
CN110505188B (en) | Terminal authentication method, related equipment and authentication system | |
CN109451042A (en) | For matching network method without screen smart machine | |
CN104883402A (en) | Information processing method and cloud-end service platform | |
CN114157579A (en) | Method and device for accessing gateway | |
CN113746633A (en) | Internet of things equipment binding method, device and system, cloud server and storage medium | |
CN106034134A (en) | Method and device and auxiliary method and device for implementing identity authentication request in webpage application | |
CN103944861A (en) | Voice verification system | |
CN108200039B (en) | Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password | |
CN109218389A (en) | The method, apparatus and storage medium and electronic equipment of processing business request | |
CN110198317A (en) | A kind of portal authentication method and system based on port | |
CN108377499A (en) | A kind of method for network access, routing device and terminal | |
CN109462568A (en) | Portal authentication method, system and Portal proxy server | |
CN109726545A (en) | A kind of information display method, equipment, computer readable storage medium and device | |
CN103428161A (en) | Phone authentication service system | |
CN109451497B (en) | Wireless network connection method and device, electronic equipment and storage medium | |
CN101860521B (en) | Authentication treatment method and system | |
CN108053288B (en) | Service arrangement issuing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |