CN110290141A - A kind of processing method of terminal authentication request, terminal authentication method and associated component - Google Patents

A kind of processing method of terminal authentication request, terminal authentication method and associated component Download PDF

Info

Publication number
CN110290141A
CN110290141A CN201910579860.8A CN201910579860A CN110290141A CN 110290141 A CN110290141 A CN 110290141A CN 201910579860 A CN201910579860 A CN 201910579860A CN 110290141 A CN110290141 A CN 110290141A
Authority
CN
China
Prior art keywords
terminal
characteristic information
msu message
audit
state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910579860.8A
Other languages
Chinese (zh)
Inventor
邹宇程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Technology Co Ltd Of Xin Ruiwang Section Of Shenzhen
Original Assignee
Technology Co Ltd Of Xin Ruiwang Section Of Shenzhen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Technology Co Ltd Of Xin Ruiwang Section Of Shenzhen filed Critical Technology Co Ltd Of Xin Ruiwang Section Of Shenzhen
Priority to CN201910579860.8A priority Critical patent/CN110290141A/en
Publication of CN110290141A publication Critical patent/CN110290141A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This application discloses a kind of processing methods of terminal authentication request, are applied to certificate server, the treating method comprises: when receiving the certification request of first terminal transmission, parsing certification request obtains the terminal characteristic information of first terminal;When receiving the msu message of second terminal transmission, the audit state of first terminal is determined according to msu message;Wherein, msu message is the information that second terminal is generated according to the corresponding condition code to be identified of terminal characteristic information, and for msu message for describing whether second terminal authorizes first terminal to access network, second terminal is to have authenticated terminal.The application can optimize authentication process, improve the safety of the network system where terminal device.Disclosed herein as well is a kind of terminal authentication method, a kind of processing system of terminal authentication request, a kind of terminal authentication system, a kind of computer readable storage medium, a kind of certificate server and a kind of electronic equipment, have the above beneficial effect.

Description

A kind of processing method of terminal authentication request, terminal authentication method and associated component
Technical field
The present invention relates to field of computer technology more particularly to internet of things field, in particular to a kind of terminal authentication request Processing method, a kind of terminal authentication method, a kind of processing system of terminal authentication request, a kind of terminal authentication system, one kind Computer readable storage medium, a kind of certificate server and a kind of electronic equipment.
Background technique
The certification of terminal authentication, also known as terminal identity, terminal device need to carry out terminal authentication before accessing to a network, only Network can be accessed by the terminal device of certification.Common terminal authentication mode include Portal certification, 802.1x certification, Web+Portal certification etc..
Terminal authentication mode in the related technology needs user to be manually entered account number cipher information on the terminal device, as long as The account number cipher of input correctly can access network.But once account and password are stolen by others, the net where terminal device The safety of network system is unable to get guarantee.
Therefore, how to optimize authentication process, the safety for improving the network system where terminal device is this field The current technical issues that need to address of technical staff.
Summary of the invention
The purpose of the application is to provide a kind of processing method of terminal authentication request, a kind of terminal authentication method, a kind of end Hold the processing system of certification request, a kind of terminal authentication system, a kind of computer readable storage medium, a kind of certificate server and A kind of electronic equipment can optimize authentication process, improve the safety of the network system where terminal device.
In order to solve the above technical problems, the application provides a kind of processing method of terminal authentication request, it is applied to certification clothes Business device, the processing of the terminal authentication request include:
When receiving the certification request of first terminal transmission, parses the certification request and obtain the end of the first terminal Hold characteristic information;
When receiving the msu message of second terminal transmission, examining for the first terminal is determined according to the msu message Nuclear state;
Wherein, the msu message is the second terminal according to the corresponding condition code to be identified of the terminal characteristic information The information of generation, the msu message are described for describing whether the second terminal authorizes the first terminal access network Second terminal is to have authenticated terminal.
Optionally, the audit state for determining first terminal according to the msu message includes:
Parse the msu message;
When the msu message is to agree to authorization, audit is set by the audit state of the first terminal and passes through shape State, to allow the first terminal access network;
When the msu message is refusal authorization, by the audit state of the first terminal shape that is set as that the audit fails State, to forbid the first terminal access network.
Optionally, further includes:
When the audit state of the first terminal be set as audit pass through state when, Xiang Suoshu first terminal return authentication at First prompt information of function;
When the audit state of the first terminal state that is set as that the audit fails, Xiang Suoshu first terminal return authentication Second prompt information of failure.
Optionally, the condition code to be identified is the corresponding two dimensional code of the terminal characteristic information.
Optionally, the certification request is the request of EAP protocol.
Present invention also provides a kind of terminal authentication methods, are applied to first terminal, which includes:
The corresponding condition code to be identified of terminal characteristic information of the first terminal is generated, so as to the second terminal authenticated Corresponding msu message is generated according to the condition code to be identified;Wherein, the msu message is to describe the second terminal to be The information of the no authorization first terminal access network;
The terminal characteristic information is encapsulated into certification request, and sends the certification request to certificate server, with Toilet state certificate server parse the certification request obtain the first terminal terminal characteristic information and according to it is described examine Nuclear information determines the audit state of first terminal.
Optionally, the corresponding condition code to be identified of terminal characteristic information of the first terminal is generated, so as to what is authenticated Second terminal generates corresponding msu message according to the condition code to be identified
It determines the terminal characteristic information of the first terminal, and two dimensional code is generated according to the terminal characteristic information, so as to The second terminal authenticated obtains the terminal characteristic information and according to the terminal feature by scanning the two dimensional code Information generates the msu message.
Optionally, the terminal characteristic information is encapsulated and includes: into certification request
The terminal characteristic information is encapsulated into the certification request of EAP protocol.
Present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, computer program The step of processing method of above-mentioned terminal authentication request and/or terminal authentication method execute is realized when execution.
Present invention also provides a kind of certificate server, including memory and processor, computer is stored in memory Program, processor realize the step that the processing method of above-mentioned terminal authentication request executes when calling the computer program in memory Suddenly.
Present invention also provides a kind of electronic equipment, including memory and processor, computer journey is stored in memory Sequence, processor realize the step of above-mentioned terminal authentication method executes when calling the computer program in memory.
The present invention provides a kind of processing methods of terminal authentication request, are applied to certificate server, the processing method The terminal spy of the first terminal is obtained including when receiving the certification request of first terminal transmission, parsing the certification request Reference breath;When receiving the msu message of second terminal transmission, examining for the first terminal is determined according to the msu message Nuclear state;Wherein, the msu message is the second terminal according to the corresponding condition code to be identified of the terminal characteristic information The information of generation, the msu message are described for describing whether the second terminal authorizes the first terminal access network Second terminal is to have authenticated terminal.
The application has abandoned in the related technology when certificate server receives the certification request of first terminal transmission by recognizing Whether card server verification account number cipher correctly operates, but waits and having led to after the certification request for receiving first terminal Cross the msu message that the second terminal of certification is sent.Certificate server is after the msu message for receiving second terminal transmission, root Allow according to msu message or first terminal is forbidden to access network.The application is set using certificate server as according to msu message control The device of standby access network, second terminal equipment possesses the power to make decision for judging whether that audit passes through, only in second terminal authorization Under the premise of first terminal certification online, certificate server could allow first terminal to access network.Above procedure is not necessarily to user It is manually entered account number cipher information by first terminal, the authentication operation of first terminal can be realized, therefore the application can be excellent Change terminal authentication process, improves the safety of the network system where terminal device.The application additionally provides a kind of terminal simultaneously Authentication method, a kind of processing system of terminal authentication request, a kind of terminal authentication system, a kind of computer readable storage medium, A kind of certificate server and a kind of electronic equipment have above-mentioned beneficial effect, and details are not described herein.
Detailed description of the invention
In ord to more clearly illustrate embodiments of the present application, attached drawing needed in the embodiment will be done simply below It introduces, it should be apparent that, the drawings in the following description are only some examples of the present application, for ordinary skill people For member, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the processing method of terminal authentication request provided by the embodiment of the present application;
Fig. 2 is the flow chart of the processing method of another kind terminal authentication request provided by the embodiment of the present application;
Fig. 3 is a kind of flow chart of terminal authentication method provided by the embodiment of the present application;
Fig. 4 is destination client a kind of in practical application and server authentication flow diagram;
Fig. 5 is a kind of structural schematic diagram of the processing system of terminal authentication request provided by the embodiment of the present application;
Fig. 6 is a kind of structural schematic diagram of terminal authentication system provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall in the protection scope of this application.
Terminal device needs to send certification request to certificate server before accessing to a network, and only certificate server is audited Network could be accessed by rear terminal device.It is defeated manually to be all based on user for certificate server processing certification request in the related technology Enter account number cipher realization, such as in 802.1x verification process, user account password is added in administrator in certificate server Information, and configured 802.1x network.It is clicked when user's using terminal equipment and connects 802.1x wireless network or cable network, After receiving windows system pop-up, account and password are manually typed in.Whether certificate server verification account matches with password, and According to check results return authentication success or failure information.But there may be account and password loss, something lost for above-mentioned the relevant technologies The problems such as forgetting has seriously affected the safety of system.Based on above-mentioned many disadvantages in the related technology, the application passes through following several A embodiment provides the processing mode of new terminal authentication mode and terminal authentication request, can reach optimization terminal authentication stream Journey improves the purpose of the safety of the network system where terminal device.
Below referring to Figure 1, Fig. 1 is a kind of stream of the processing method of terminal authentication request provided by the embodiment of the present application Cheng Tu.
Specific steps may include:
S101: when receiving the certification request of first terminal transmission, parsing certification request obtains the terminal of first terminal Characteristic information;
Wherein, the executing subject of the embodiment of the present application can be certificate server, such as RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication service) server.RADIUS is a kind of Aaa protocol, radius protocol authentication mechanism is flexible, and expansibility is high.Radius server is the service using radius protocol Device is a kind of for carrying out the server of identification and access management.Radius server undertakes IAM in network system The effect of (Identity and Access Management), IAM are a set of comprehensively foundation and safeguard digital identity and mention For the operation flow and management means of effective, safe IT resource access, to realize the unified identity of organizational information assets Certification, authorization and identity data centralized management and audit.
The present embodiment does not limit the specific category for the certification request for needing certificate server to handle, may include 802.1x association View, portal protocol etc..802.1x agreement is access control and authentication protocol based on Client/Server, it can be limited Unauthorized user or equipment pass through access interface access Ethernet or WLAN.
Operation before this step there may be from first terminal to certificate server transmission certification request, certification request can To be that first terminal is generated according to terminal characteristic information.Since same certificate server can be used for multiple terminal devices Certification request is handled, therefore in order to distinguish different terminal devices, certificate server can parse first certification request and obtain To corresponding terminal characteristic information, according to terminal characteristic information distinguishing terminal equipment.It should be noted that by the present embodiment institute Using certification request processing method abandoned account number cipher verification by the way of, therefore obtained data can after parsing certification request Not include account and password.Terminal characteristic information may include MAC Address, hard disk serial number, CPU model of first terminal etc. Information.
The Termination ID of each terminal and the corresponding relationship of terminal characteristic information can be stored in advance in certificate server, The Termination ID of first terminal can be determined later by obtaining terminal characteristic information.Specifically, can also be special by the terminal of first terminal Reference breath it is a certain in perhaps a few contents combination as Termination ID, such as by the MAC Address of first terminal and CPU model As Termination ID.
As a kind of feasible embodiment, corresponding audit is arranged in each Termination ID in position in the database of certificate server State, can specifically include several audit states: pending nuclear state, audit pass through state and the audit fails state.? After the solicited message for receiving first terminal, it can set pending for the corresponding audit state of the Termination ID of first terminal State shows first terminal request access network but does not receive the letter whether second terminal authorizes first terminal access network Breath, the modification for needing to wait msu message to carry out audit state.When the audit state of Termination ID is that audit passes through state, say Bright certificate server allows first terminal to access network;When the audit state of Termination ID is the audit fails state, explanation is recognized Card server forbids first terminal to access network.
S102: when receiving the msu message of second terminal transmission, determine that described first is whole according to the msu message The audit state at end;
Wherein, the first terminal mentioned in the present embodiment is not access the terminal device that network needs to carry out authentication, Second terminal is the terminal device that passes through certification and can be communicated with certificate server.May exist before this step Second terminal judges whether to authorize the operation of first terminal access network, that is to say, that the msu message that second terminal is sent is to retouch State the information whether second terminal authorizes first terminal access network.The present embodiment, which is equivalent to, will verify first terminal identity information Operation second terminal be transferred to by certificate server execute, since first terminal does not access network, first terminal and second is eventually End can not carry out information exchange by network, and being disguised oneself as to avoid other people using the information architecture certification request stolen, other are used The case where network, is accessed at family.
As a kind of feasible embodiment, after user sends certification request using first terminal, certificate server is by the The audit state of the Termination ID of one terminal is set as pending nuclear state, which, which can be used, has passed through certification is audited second eventually Holding and sending content to certificate server is the msu message that audit passes through, and is audit so that certificate server will audit status modifier Pass through state.And when there are illegal user disguise oneself as legitimate user to certificate server send certification request after, due to illegally using Family can not send msu message by the second terminal of user, therefore audit state is remained pending shape by certificate server State, illegal user can not access network.
Specifically, the msu message is generated by second terminal according to the corresponding condition code to be identified of terminal characteristic information.Make For a kind of feasible embodiment, the detailed process that msu message generates can scan spy to be identified using second terminal for user Sign code obtains terminal characteristic information, and user determines whether the corresponding first terminal of the terminal characteristic information according to experience Network is accessed, such as input agrees to or the instruction of refusal, to generate the msu message of permission or refusal access network.As another The feasible embodiment of kind, the detailed process that msu message generates can scan condition code to be identified using second terminal for user Terminal characteristic information is obtained, second terminal automatically believes each single item terminal feature according to the terminal characteristic information auditing standards prestored Breath is verified, and the msu message for allowing to access network is generated if through verification, if unverified generate refusal access The msu message of network.For example, the terminal characteristic information auditing standards for being stored in second terminal are that section where MAC Address is 00:01:6C:06:A6:29—00:01:6C:06:A6:56.Second terminal obtains terminal feature by scanning condition code to be identified Whether information obtains the MAC Address in terminal characteristic information, and judges MAC Address in 00:01:6C:06:A6:29-00:01: In 6C:06:A6:56 section, if so, illustrating that the terminal characteristic information of first terminal can authorize first terminal to connect by verification Enter network, first terminal can not be authorized to access network if it is not, then illustrating that the terminal characteristic information of second terminal is unverified.
On the basis of receiving msu message, the present embodiment can determine the first terminal according to the msu message Audit state, if detailed process can be such that msu message indicate authorization first terminal access network, that is, illustrate solicited message By certification, certificate server can permit first terminal access network;If msu message indicates refusal, first terminal accesses net Network illustrates that solicited message is unauthenticated, certificate server can forbid first terminal to access network.
It should be noted that when allowing or forbidding accessing terminal to network by changing the corresponding audit state realization of Termination ID When, if msu message indicates that authorization first terminal access network can set the corresponding audit state of Termination ID to audit and pass through State, so that first terminal can access network by certificate server;If msu message indicates refusal, first terminal accesses net State that network can set the corresponding audit state of Termination ID to that the audit fails, to forbid first terminal to pass through authentication service Device accesses network.
The present embodiment does not limit the terminal kinds of first terminal and second terminal, and first terminal and second terminal can be platform The equipment such as formula computer, laptop, tablet computer, smart phone.As a preferred embodiment, second terminal is set Standby can be the mobile devices such as smart phone, tablet computer, improve second terminal authorization or refusal so that user carries The convenience of first terminal access network.Further, second terminal can be the equipment with face recognition function, work as face Second terminal sends msu message to certificate server again after identifying successfully, improves the safety of licensing process.
Second terminal in the present embodiment is the equipment authenticated, and the identifying procedure of second terminal is as follows: opening and authenticates Certain relevant APP, if it is for the first time use the APP, need to input administrator distribution account number cipher log in, if it is non-for the first time, It can carry out recognition of face verification.About recognition of face: user for the first time using the APP when need typing face, this face bottom Piece is stored on IAM server.User carries out recognition of face verification later, can find egative film from IAM server and be identified.
The present embodiment certificate server receive first terminal transmission certification request when, abandoned in the related technology by Whether certificate server verification account number cipher correctly operates, but waits after the certification request for receiving first terminal The msu message sent by the second terminal of certification.Certificate server receive second terminal transmission msu message after, Allowed according to msu message or first terminal is forbidden to access network.The present embodiment is using certificate server as according to msu message control Control equipment accesses the device of network, and second terminal equipment possesses the power to make decision for judging whether that audit passes through, only in second terminal Under the premise of authorizing first terminal certification online, certificate server could allow first terminal to access network.Above procedure is not necessarily to User is manually entered account number cipher information by first terminal, and the authentication operation of first terminal, therefore the present embodiment can be realized Terminal authentication process can be optimized, improve the safety of the network system where terminal device.
Fig. 2 is referred to below, and Fig. 2 is the processing method of another kind terminal authentication request provided by the embodiment of the present application Flow chart may comprise steps of:
S201: when receiving the certification request of first terminal transmission, parsing certification request obtains the terminal of first terminal Characteristic information.
S202: the Termination ID of first terminal is determined according to terminal characteristic information, and the corresponding audit state of Termination ID is set It is set to pending nuclear state.
It wherein, can be to after the corresponding audit state of Termination ID is set pending nuclear state by certificate server One terminal returns to prompt information, and the content of prompt information can be with are as follows: authorization or refusal operation are please executed in second terminal, so as to User's operation second terminal is prompted to carry out relevant operation.
S203: the terminal characteristic information of first terminal is saved to database.
S204: judge whether to receive the msu message of second terminal transmission;If so, into S205;If it is not, being then delayed S204 is again introduced into after preset duration;
Wherein, msu message is the information for describing second terminal and whether authorizing first terminal access network.It is careful when receiving The relevant operation of S205 can be entered after nuclear information, be sentenced again if not receiving the msu message preset duration that can be delayed It is disconnected.As a kind of feasible embodiment, the present embodiment can also record the number of delay preset duration, preset when number is greater than When value, illustrates that second terminal is crossed and do not respond to for a long time, directly can set audit not for the corresponding audit state of Termination ID Pass through state.
It, can be in the receiving time for recording the certification request, when pre- more than first as a kind of feasible embodiment If duration does not receive the msu message, time out error error code is returned to the first terminal by EAP protocol, so as to described First terminal updates the condition code to be identified.Aforesaid way can update condition code to be identified after a certain time, improve The safety of verification process.
Further, it can be communicated by HTTP or HTTPS between certificate server and second terminal, to transmit Msu message.
S205: parsing msu message.
Wherein, there are two types of the results that parsing msu message obtains, and, to agree to authorization, second is refusal authorization for the first.
S206: when msu message is to agree to authorization, setting audit for the corresponding audit state of Termination ID and pass through state, Into S207.
S207: to successful first prompt information of first terminal return authentication.
S208: when msu message is refusal authorization, by the corresponding audit state of the Termination ID shape that is set as that the audit fails State, into S209.
S209: to the second prompt information of first terminal return authentication failure.
Above-described embodiment, to first terminal after setting the state of audit to audit by state or the audit fails state The prompt information of returning response executes subsequent relevant operation after receiving prompt information so as to first terminal.
Refer to Fig. 3 below, Fig. 3 is a kind of flow chart of terminal authentication method provided by the embodiment of the present application, can be with The following steps are included:
S301: generating the corresponding condition code to be identified of terminal characteristic information of first terminal, so as to the second end authenticated End generates corresponding msu message according to condition code to be identified;
Wherein, the executing subject of the present embodiment is the terminal device for needing to carry out terminal authentication, i.e. Fig. 1 and Fig. 2 are corresponding real Apply the first terminal being previously mentioned in example.The process that the present embodiment is described sends terminal authentication to certificate server for first terminal The process of request, referring herein to certificate server, that is, Fig. 1 and Fig. 2 corresponding embodiment in the certificate server that is previously mentioned.
There may be the operations for receiving certification instruction before this step, and the terminal for obtaining first terminal is instructed according to certification Characteristic information, terminal characteristic information include but is not limited to the information such as MAC Address, hard disk serial number, CPU model.This step is On the basis of obtaining terminal characteristic information, the corresponding condition code to be identified of terminal characteristic information is generated, condition code to be identified Existence form includes but is not limited to bar code and two dimensional code.Second terminal can obtain first by parsing condition code to be identified The terminal characteristic information of terminal.As an alternative embodiment, generating the terminal characteristic information pair of first terminal in S301 The operation for the condition code to be identified answered may include following operation: determine the terminal characteristic information of first terminal, and according to terminal Characteristic information generates two dimensional code, so that second terminal is by scanning the two-dimensional code to obtain terminal characteristic information.First terminal can incite somebody to action It is shown over the display according to the two dimensional code that terminal characteristic information generates so that second terminal is scanned.Second terminal according to The process that identification feature code generates corresponding msu message can be with are as follows: when detecting condition code to be identified, parses spy to be identified Sign code obtains terminal characteristic information, is judged whether to authorize first terminal access network according to the terminal characteristic information, and then can be with The msu message of authorization first terminal access network is generated, or, generating the msu message of refusal first terminal access network.It can be with Understand, authorization first terminal access network or refusal first terminal can be selected to access net by the user of second terminal Network, the terminal characteristic information that the foundation that user selects can be obtained for second terminal by parsing condition code to be identified.As A kind of optional embodiment, second terminal can also by the terminal characteristic information being resolved to and the standard feature prestored information into Row compare, if comparison result unanimously if automatically generate authorization first terminal access network msu message, if comparison result is different Cause the msu message for then automatically generating refusal first terminal access network.For example, when second terminal is by parsing feature to be identified Code can obtain in the terminal characteristic information of first terminal MAC Address when being known address, can automatic authorization first terminal connect Enter network or refusal first terminal access network;When MAC Address is unknown address, first terminal access net can be refused automatically Network.
S302: terminal characteristic information is encapsulated into certification request, and sends certification request to certificate server, with toilet State certificate server parse the certification request obtain the first terminal terminal characteristic information and according to the audit believe Cease the audit state for determining first terminal.
Wherein, the purpose of this step is to send certification request to certificate server, so that certificate server is whole by first It holds corresponding audit state to be set as audit and passes through state.
As a kind of feasible embodiment, terminal characteristic information is encapsulated the operation into certification request in S302 can be with Specifically: terminal characteristic information is encapsulated into the certification request of EAP protocol.EAP(Extensible Authentication Protocol, prolongable authentication protocol) be a series of verification modes set, the design concept of EAP be meet it is any The authentication demand of link layer supports a variety of link layer authentication modes.EAP can provide different methods support respectively PPP, The link verification of Ethernet, WLAN.Due to terminal characteristic information in EAP protocol safe transmission, centre can be prevented People's attack, verification process have more safety.
It is understood that feature to be identified can be updated according to following two mode in order to improve the safety of certification Code:
Mode one: recording the generation time of the condition code to be identified, when more than the second preset duration (i.e. when the generation Between with time difference of current time be greater than the second preset duration) when not receiving the auditing result that the certificate server returns, Update the condition code to be identified.
Mode two: when receiving the time out error error code that the certificate server is sent, the condition code to be identified is updated. Wherein, the detailed process for generating time out error error code can record the receiving time of the certification request for certificate server, when super Cross the first preset duration (time difference of the i.e. described receiving time and current time be greater than the first preset duration) do not receive it is described Time out error error code is generated when msu message.
Wherein, when successful first prompt information of the certification for receiving certificate server return, first terminal can be by net Network access state is set as access network success;When receiving the second prompt information of the authentification failure that certificate server returns, Access network failure is set by network insertion state.The setting of above-mentioned network insertion state can remind user current first eventually Whether end can access network.
First terminal firstly generates the corresponding condition code to be identified of terminal characteristic information in the present embodiment, so as to authenticated Second terminal audited according to condition code to be identified.First terminal also encapsulates terminal characteristic information into certification request, Certification request is sent to certificate server.Certificate server is after the msu message for receiving second terminal transmission, according to audit Information allows or first terminal is forbidden to access network.The present embodiment connects using certificate server as according to msu message control equipment Enter the device of network, second terminal equipment possesses the power to make decision for judging whether that audit passes through, only in second terminal authorization first Under the premise of terminal authentication is surfed the Internet, certificate server could allow first terminal to access network.Above procedure passes through without user First terminal is manually entered account number cipher information, the authentication operation of first terminal can be realized, therefore the present embodiment can optimize Terminal authentication process improves the safety of the network system where terminal device.
Illustrate the process of above-described embodiment description below by embodiment in practical applications.Fig. 4 is referred to below, is schemed 4 be destination client a kind of in practical application and server authentication flow diagram, and destination client is connect by AP accessing wirelessly Access point, interchanger and router are connect with IAM, and the mobile phone equipped with certain APP is connect by internet with IAM, the present embodiment Detailed process is as follows:
Step 1: user opens destination client (i.e. first terminal) and carries out certification online, and destination client acquisition terminal is special Reference breath simultaneously generates two dimensional code according to terminal characteristic information.
Step 2: terminal characteristic information is encapsulated in EAP message by destination client, is sent to IAM (i.e. with verification process Certificate server).
Step 3:IAM saves end message, and generates pending end message and (set pending shape for audit state State) it is saved in database, before time-out or user agree to examination & approval, IAM does not send EAP failure message.
It wherein, can be the case where parsing and judging request that client is sent after IAM equipment receives request message Under, generate pending end message.
Step 4: user is scanned the two-dimensional code using certain APP in mobile phone (i.e. second terminal), and user clicks examination & approval or refusal.
After step 5:IAM receives APP examination & approval message, changes the copending SOT state of termination and return authentication success or failure disappears Breath.
This programme is not necessarily to key feeding cipher when destination client authenticates, and guarantees account safety.Since terminal characteristic information can With the safe transmission in EAP protocol, man-in-the-middle attack can be prevented, verification process has more safety.Above-mentioned verification process client End can before certification acquisition terminal characteristic information, without certification after report, APP can see current review when being audited End message, be conducive to interactive and business processing.
Fig. 5 is referred to, Fig. 5 is a kind of structural schematic diagram of certificate server provided by the embodiment of the present application;
The certificate server may include:
Certification request parsing module 100, for parsing the certification when receiving the certification request of first terminal transmission Request obtains the terminal characteristic information of the first terminal;
State setting module 200, for when receive second terminal transmission msu message when, according to the msu message Determine the audit state of the first terminal;
Wherein, the msu message is the second terminal according to the corresponding condition code to be identified of the terminal characteristic information The information of generation, the msu message are described for describing whether the second terminal authorizes the first terminal access network Second terminal is to have authenticated terminal.The present embodiment is abandoned when certificate server receives the certification request of first terminal transmission Whether correctly operated by certificate server verification account number cipher in the related technology, but in the certification for receiving first terminal The msu message for waiting the second terminal for having passed through certification to send after request.Certificate server is receiving second terminal transmission Msu message after, according to msu message allow or forbid first terminal access network.The present embodiment using certificate server as The device of equipment access network is controlled according to msu message, second terminal equipment possesses the power to make decision for judging whether that audit passes through, Only under the premise of second terminal authorization first terminal is authenticated and surfed the Internet, certificate server could allow first terminal to access net Network.Above procedure is manually entered account number cipher information by first terminal without user, and the certification behaviour of first terminal can be realized Make, therefore the present embodiment can optimize terminal authentication process, improves the safety of the network system where terminal device.
Fig. 6 is referred to, Fig. 6 is a kind of structural schematic diagram of terminal authentication system provided by the embodiment of the present application;
The system may include:
Condition code generation module 300, the corresponding feature to be identified of terminal characteristic information for generating the first terminal Code, so that the second terminal authenticated generates corresponding msu message according to the condition code to be identified;Wherein, the audit letter Whether breath authorizes the information of the first terminal access network for the description second terminal;
Request sending module 400, for encapsulating the terminal characteristic information into certification request, and to certificate server The certification request is sent, obtains the terminal feature of the first terminal so that the certificate server parses the certification request Information and the audit state that first terminal is determined according to the msu message.
First terminal firstly generates the corresponding condition code to be identified of terminal characteristic information in the present embodiment, so as to authenticated Second terminal audited according to condition code to be identified.First terminal also encapsulates terminal characteristic information into certification request, Certification request is sent to certificate server.Certificate server is after the msu message for receiving second terminal transmission, according to audit Information allows or first terminal is forbidden to access network.The present embodiment connects using certificate server as according to msu message control equipment Enter the device of network, second terminal equipment possesses the power to make decision for judging whether that audit passes through, only in second terminal authorization first Under the premise of terminal authentication is surfed the Internet, certificate server could allow first terminal to access network.Above procedure passes through without user First terminal is manually entered account number cipher information, the authentication operation of first terminal can be realized, therefore the present embodiment can optimize Terminal authentication process improves the safety of the network system where terminal device.
Since the embodiment of components of system as directed is corresponded to each other with the embodiment of method part, the embodiment of components of system as directed is asked Referring to the description of the embodiment of method part, wouldn't repeat here.
Present invention also provides a kind of computer readable storage mediums, have computer program thereon, the computer program It is performed and step provided by above-described embodiment may be implemented.The storage medium may include: USB flash disk, mobile hard disk, read-only deposit Reservoir (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or The various media that can store program code such as CD.
Present invention also provides a kind of certificate servers, may include memory and processor, have in the memory When the processor calls the computer program in the memory, above-mentioned terminal authentication request is may be implemented in computer program Processing Example provided by step.Certain certificate server can also include various network interfaces, the components such as power supply.
Present invention also provides a kind of electronic equipment, may include memory and processor, have meter in the memory When the processor calls the computer program in the memory, above-mentioned terminal authentication embodiment is may be implemented in calculation machine program Provided step.Certain electronic equipment can also include various network interfaces, the components such as power supply.Electronic equipment can have Body is the terminal devices such as computer, smart phone or tablet computer
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration ?.It should be pointed out that for those skilled in the art, under the premise of not departing from the application principle, also Can to the application, some improvement and modification can also be carried out, these improvement and modification also fall into the protection scope of the claim of this application It is interior.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.Under the situation not limited more, the element limited by sentence "including a ..." is not arranged Except there is also other identical elements in the process, method, article or apparatus that includes the element.

Claims (11)

1. a kind of processing method of terminal authentication request, which is characterized in that be applied to certificate server, the processing method packet It includes:
When receiving the certification request of first terminal transmission, parses the certification request and obtain the terminal spy of the first terminal Reference breath;
When receiving the msu message of second terminal transmission, the audit shape of the first terminal is determined according to the msu message State;
Wherein, the msu message is that the second terminal is generated according to the corresponding condition code to be identified of the terminal characteristic information Information, whether the msu message authorize first terminal access network for describing the second terminal, described second Terminal is to have authenticated terminal.
2. the processing method of terminal authentication request according to claim 1, which is characterized in that determined according to the msu message The audit state of first terminal includes:
Parse the msu message;
When the msu message is to agree to authorization, audit is set by the audit state of the first terminal and passes through state, with Just allow the first terminal access network;
When the msu message is refusal authorization, by the corresponding audit state of the first terminal shape that is set as that the audit fails State, to forbid the first terminal access network.
3. the processing method of terminal authentication request according to claim 2, which is characterized in that further include:
When the audit state of the first terminal, which is set as audit, passes through state, Xiang Suoshu first terminal return authentication is successful First prompt information;
When the audit state of the first terminal state that is set as that the audit fails, the failure of Xiang Suoshu first terminal return authentication The second prompt information.
4. the processing method of terminal authentication request according to claim 1, which is characterized in that the condition code to be identified is institute State the corresponding two dimensional code of terminal characteristic information.
5. the processing method of terminal authentication request according to claim 1, which is characterized in that the certification request is EAP association The request of view.
6. a kind of terminal authentication method, which is characterized in that be applied to first terminal, the terminal authentication method includes:
Generate the corresponding condition code to be identified of terminal characteristic information of the first terminal, so as to the second terminal that has authenticated according to The condition code to be identified generates corresponding msu message;Wherein, the msu message is to describe whether the second terminal awards Weigh the information of the first terminal access network;
The terminal characteristic information is encapsulated into certification request, and sends the certification request to certificate server, with toilet State certificate server parse the certification request obtain the first terminal terminal characteristic information and according to the audit believe Cease the audit state for determining first terminal.
7. terminal authentication method according to claim 6, which is characterized in that generate the terminal characteristic information of the first terminal Corresponding condition code to be identified, so that the second terminal authenticated generates corresponding msu message according to the condition code to be identified Include:
It determines the terminal characteristic information of the first terminal, and two dimensional code is generated according to the terminal characteristic information, to have recognized The second terminal of card obtains the terminal characteristic information and according to the terminal characteristic information by scanning the two dimensional code Generate the msu message.
8. terminal authentication method according to claim 6, which is characterized in that encapsulate the terminal characteristic information to certification and ask Include: in asking
The terminal characteristic information is encapsulated into the certification request of EAP protocol.
9. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program is realized when the computer program is executed by processor such as the step of any one of claim 1 to 8 method.
10. a kind of certificate server characterized by comprising
Memory, for storing computer program;
Processor, realizing the terminal authentication request as described in any one of claim 1 to 5 when for executing the computer program The step of processing method.
11. a kind of electronic equipment characterized by comprising
Memory, for storing computer program;
Processor, realizing the terminal authentication method as described in any one of claim 6 to 8 when for executing the computer program Step.
CN201910579860.8A 2019-06-28 2019-06-28 A kind of processing method of terminal authentication request, terminal authentication method and associated component Pending CN110290141A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910579860.8A CN110290141A (en) 2019-06-28 2019-06-28 A kind of processing method of terminal authentication request, terminal authentication method and associated component

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910579860.8A CN110290141A (en) 2019-06-28 2019-06-28 A kind of processing method of terminal authentication request, terminal authentication method and associated component

Publications (1)

Publication Number Publication Date
CN110290141A true CN110290141A (en) 2019-09-27

Family

ID=68019854

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910579860.8A Pending CN110290141A (en) 2019-06-28 2019-06-28 A kind of processing method of terminal authentication request, terminal authentication method and associated component

Country Status (1)

Country Link
CN (1) CN110290141A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111833507A (en) * 2020-07-10 2020-10-27 腾讯科技(深圳)有限公司 Visitor authentication method, device, equipment and computer readable storage medium
CN112328996A (en) * 2020-11-25 2021-02-05 杭州和利时自动化有限公司 Operation authentication method, device, equipment and storage medium based on DCS system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080104594A (en) * 2007-05-28 2008-12-03 삼성전자주식회사 Online certificate verification apparatus and method for offline device
CN103248489A (en) * 2013-05-17 2013-08-14 刘琦 Method for realizing client login through intelligent terminal, server and intelligent terminal
CN103475480A (en) * 2013-09-05 2013-12-25 北京星网锐捷网络技术有限公司 Certificate authority method and device
CN107155185A (en) * 2017-06-30 2017-09-12 迈普通信技术股份有限公司 A kind of access WLAN authentication method, apparatus and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080104594A (en) * 2007-05-28 2008-12-03 삼성전자주식회사 Online certificate verification apparatus and method for offline device
CN103248489A (en) * 2013-05-17 2013-08-14 刘琦 Method for realizing client login through intelligent terminal, server and intelligent terminal
CN103475480A (en) * 2013-09-05 2013-12-25 北京星网锐捷网络技术有限公司 Certificate authority method and device
CN107155185A (en) * 2017-06-30 2017-09-12 迈普通信技术股份有限公司 A kind of access WLAN authentication method, apparatus and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111833507A (en) * 2020-07-10 2020-10-27 腾讯科技(深圳)有限公司 Visitor authentication method, device, equipment and computer readable storage medium
CN111833507B (en) * 2020-07-10 2023-09-01 腾讯科技(深圳)有限公司 Visitor authentication method, device, equipment and computer readable storage medium
CN112328996A (en) * 2020-11-25 2021-02-05 杭州和利时自动化有限公司 Operation authentication method, device, equipment and storage medium based on DCS system

Similar Documents

Publication Publication Date Title
CN103249045B (en) A kind of methods, devices and systems of identification
EP2772078B1 (en) Two-factor authentication systems and methods
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
US8369833B2 (en) Systems and methods for providing authentication and authorization utilizing a personal wireless communication device
CN104184705B (en) Verification method, device, server, subscriber data center and system
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
CN101136915B (en) Method and system for implementing multi-service united safety authentication
TWI756200B (en) Method and device for account binding and business processing
US20040097217A1 (en) System and method for providing authentication and authorization utilizing a personal wireless communication device
CN108900561A (en) The method, apparatus and system of single-sign-on
CN110266642A (en) Identity identifying method and server, electronic equipment
CN108234509A (en) FIDO authenticators, Verification System and method based on TEE and PKI certificates
CN106060072B (en) Authentication method and device
CN105868970A (en) Authentication method and electronic device
CN107370765A (en) A kind of ftp server identity identifying method and system
CN107196914A (en) Identity identifying method and device
CN107113613A (en) Server, mobile terminal, real-name network authentication system and method
CN110290141A (en) A kind of processing method of terminal authentication request, terminal authentication method and associated component
CN107294910A (en) A kind of login method and server
CN101854357B (en) Method and system for monitoring network authentication
JP2008199618A (en) Method, system, and computer program for using personal communication device to obtain additional information
CN105991619A (en) Safety authentication method and device
JP5317795B2 (en) Authentication system and authentication method
CN109933974A (en) Cryptographic initialization method, apparatus, computer equipment and storage medium
CN109859349A (en) A kind of entrance guard authentication method and system based on data SMS technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190927