CN114125842A - Private network equipment access authentication system and method based on mobile phone short message - Google Patents
Private network equipment access authentication system and method based on mobile phone short message Download PDFInfo
- Publication number
- CN114125842A CN114125842A CN202111407261.1A CN202111407261A CN114125842A CN 114125842 A CN114125842 A CN 114125842A CN 202111407261 A CN202111407261 A CN 202111407261A CN 114125842 A CN114125842 A CN 114125842A
- Authority
- CN
- China
- Prior art keywords
- authentication
- verification code
- mobile phone
- equipment
- short message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
Abstract
The invention discloses a system and a method for access authentication of proprietary network equipment based on mobile phone short messages. The system and the method ensure the dynamic property and the secrecy of the authentication information, enhance the security of the equipment network access authentication, improve the credibility of the network access equipment, and further can trace back the network access behavior of the corresponding equipment through the mobile phone number input during the authentication, thereby providing a certificate for the later tracing.
Description
Technical Field
The invention belongs to the field of network authentication, and particularly relates to a system and a method for access authentication of private network equipment based on mobile phone short messages in a private protocol network.
Background
In a particular industry, the network environment used is a private network environment, which typically has higher data security requirements than the internet. In order to secure the data of the private network, it is required that the network device accessing the private network is trusted. In the current environment of intelligent device development, the variety of dedicated devices used by a dedicated network and personal devices of a dedicated network operator are various, and network devices to be accessed to the network need to be authenticated through a specific authentication mode to ensure device availability. However, the conventional authentication method based on the user name and the password has the safety problem that the password is collided or leaked, and further the equipment adopting the user password and the password authentication method cannot be guaranteed to be credible.
Disclosure of Invention
In order to solve the problems, the invention provides a system and a method for access authentication of private network equipment based on a mobile phone short message, which ensure the dynamic property and the secrecy of authentication information, enhance the security of equipment access authentication, improve the credibility of the access equipment, and can further trace back the access behavior of corresponding equipment through a mobile phone number recorded during authentication, thereby providing a certificate for the later tracing.
The technical scheme of the invention is as follows:
a proprietary network equipment access authentication system based on mobile phone short messages comprises a network controller, wherein the network controller comprises an authentication module, a storage module and a short message module; wherein:
an authentication module: acquiring an authentication request of a terminal, responding to the terminal, and requiring the terminal to input a mobile phone number for authentication; acquiring a mobile phone number responded by a terminal, and sending a short message verification code through a short message module; acquiring a verification code responded by the terminal, wherein the verification code is consistent with a verification code which is recorded in a storage module and sent to an authenticator by a designated mobile phone number through a short message;
a storage module: storing verification code data sent to a specified mobile phone number;
a short message module: and sending the random verification code to the appointed mobile phone number through the short message platform.
Further, the authentication module defines the transmitted Data by using 255 experiment types according to the request and response types related to the short message authentication based on the EAPOL protocol, and the format of the Data field of the message is defined as follows: 2-bit 16-system type value + transmission data.
Further, when the terminal device accesses the private network, the network controller allocates a corresponding IP in the address pool through a DHCP protocol.
Further, after acquiring the IP, the terminal device sends an authentication request to the network controller through the authentication module using the EAPOL protocol, and after receiving the request, the network controller confirms whether the authentication is acceptable to the terminal device.
Further, the authentication module of the terminal equipment prompts a user to input a mobile phone number for receiving the short message verification code, and the prompting mode comprises webpage and shell interaction.
Further, the network controller receives data transmitted by the terminal equipment, the type value of the identification data is 0x01, and the latter data is read as a mobile phone number; an authentication module of the network controller randomly generates a verification code, the verification code is sent to a mobile phone number transmitted by the terminal equipment through a short message module, equipment information, the mobile phone number and the verification code are recorded in a storage module, and the verification code is marked for 1 minute; and simultaneously responding the sent mobile phone verification code to the terminal equipment, wherein the Data content is as follows: 0x11, no data.
Further, after receiving the verification code, the network controller searches the verification code corresponding to the equipment information from the storage equipment, then verifies the received verification code and the searched verification code, and if the verification is consistent, the authentication is successful; if the checks are not consistent, the authentication fails. If the authentication fails, the network controller immediately broadcasts invalid IP distributed by the equipment with failed authentication to all the equipment of the private network after sending a response of failed authentication to the terminal equipment, and recovers the IP.
The invention also relates to a private network equipment access authentication method based on the mobile phone short message, which comprises the following contents:
acquiring an authentication request of a terminal, and responding to a request for inputting a mobile phone number for authentication;
acquiring a mobile phone number responded by a terminal, and sending a short message verification code through a short message module; acquiring a verification code responded by the terminal, wherein the verification code is consistent with a verification code which is recorded in a storage module and sent to an authenticator by a designated mobile phone number through a short message;
storing verification code data sent to a specified mobile phone number;
and sending the random verification code to the appointed mobile phone number through the short message platform.
Further, after receiving the verification code, the network controller searches the verification code corresponding to the equipment information from the storage equipment, then verifies the received verification code and the searched verification code, and if the verification is consistent, the authentication is successful; if the checks are not consistent, the authentication fails. If the authentication fails, the network controller immediately broadcasts invalid IP distributed by the equipment with failed authentication to all the equipment of the private network after sending a response of failed authentication to the terminal equipment, and recovers the IP.
Compared with the prior art, the invention has the following beneficial effects:
based on the system and the method of the invention, when the terminal network equipment in the private network accesses the network, authentication is needed to ensure the credibility of the equipment, and the authentication safety is enhanced through the short message of the mobile phone. When the equipment is authenticated by network access, the authentication verification code is sent to an operator in the form of a mobile phone short message through the authentication center of the special network, the dynamic property and the secrecy of authentication information are ensured, the security of the equipment authentication by network access is enhanced, the credibility of the equipment by network access is improved, the operator can be traced back through a mobile phone number recorded during authentication, the network access behavior of the corresponding equipment is audited, and a certificate is provided for tracing back afterwards.
Drawings
FIG. 1 is a block diagram of the architecture of the system of the present invention;
fig. 2 is a flow chart of an authentication method of the present invention.
Detailed Description
The technical solutions in the embodiments will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the examples without making any creative effort, shall fall within the protection scope of the present application.
Unless otherwise defined, technical or scientific terms used in the embodiments of the present application should have the ordinary meaning as understood by those having ordinary skill in the art. The use of "first," "second," and similar terms in the present embodiments does not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. "mounted," "connected," and "coupled" are to be construed broadly and may, for example, be fixedly coupled, detachably coupled, or integrally coupled; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. "Upper," "lower," "left," "right," "lateral," "vertical," and the like are used solely in relation to the orientation of the components in the figures, and these directional terms are relative terms that are used for descriptive and clarity purposes and that can vary accordingly depending on the orientation in which the components in the figures are placed.
The access authentication system of the proprietary network equipment based on the mobile phone short message comprises a network controller, wherein the network controller comprises an authentication module, a storage module and a short message module.
In this embodiment, in a private network using a private protocol, an authentication module is added to a terminal device accessing the network, and an authentication module, a storage module, and a short message module are added to a network controller, as shown in fig. 1. Meanwhile, the network controller has a DHCP function and is responsible for IP allocation of the authenticated terminal equipment.
Wherein:
an authentication module: acquiring an authentication request of a terminal, and responding to a request for inputting a mobile phone number for authentication; acquiring a mobile phone number responded by a terminal, and sending a short message verification code through a short message module; and acquiring whether the verification code responded by the terminal is consistent with the verification code which is recorded in the storage module and sent to the authenticator by the appointed mobile phone number through the short message.
A storage module: and storing the verification code data sent to the appointed mobile phone number.
A short message module: and configuring a short message platform and sending a random verification code to the appointed mobile phone number through the short message platform.
In the system for accessing and authenticating the private network device based on the mobile phone short message, the network terminal device accesses the private network to surf the internet, provides corresponding authentication service for the device needing authentication and the network controller, and allocates an IP for the terminal device passing the authentication. The method comprises the following steps:
step 1, the authentication is based on EAPOL protocol, the type of the request and the response related to the short message authentication can use 255 experiment type to define the transmitted Data, and the format of the Data field of the message can be defined as: 2-bit 16-system type value + transmission data as follows:
firstly, the terminal equipment sends a mobile phone number: 0x01 + cell phone number;
the terminal equipment responds to the verification code: 0x02+ passcode;
third, the network controller responds to the sent verification code, please input the verification code: 0x11 (no data).
And 2, when the terminal equipment is accessed to the special network, the network controller allocates corresponding IP for the terminal equipment in the address pool through a DHCP protocol.
And 3, after the terminal equipment acquires the IP, the terminal equipment initiates an authentication request to the network controller by using an EAPOL protocol through the authentication module, and after receiving the request, the network controller confirms whether the terminal equipment can accept the authentication or not.
Step 4, if the network controller responds to the acceptable authentication, the authentication module of the terminal equipment prompts a user to input a mobile phone number for receiving the short message verification code in a webpage, shell interaction and other modes, and after the terminal equipment operator inputs the mobile phone number, the authentication module takes Data as: the terminal equipment sends a mobile phone number: sending data to an authentication server in a form of 0x01 + mobile phone number;
step 5, the network controller receives data transmitted by the terminal equipment, identifies the type value of the data as 0x01, and reads the following data as a mobile phone number; an authentication module of the network controller randomly generates a verification code, the verification code is sent to a mobile phone number transmitted by the terminal equipment through a short message module, equipment information, the mobile phone number and the verification code are recorded in a storage module, and the verification code is marked for 1 minute; and simultaneously responding to the terminal equipment, wherein the Data is as follows: the authentication server responds to the sent verification code, and requests to input the verification code: 0x11 (no data), after the terminal equipment receives the response, the interactive interface is switched to wait for inputting the verification code
And 6, after receiving the short message, the mobile phone of the terminal operator checks the verification code and inputs the verification code on the interactive interface of the terminal equipment, wherein the authentication module of the terminal equipment takes Data as: authenticator response authentication code: 0x02+ authentication code to the network controller
Step 7, after receiving the verification code, the network controller searches the verification code corresponding to the equipment information from the storage equipment, then verifies the received verification code and the searched verification code, and if the verification is consistent, the authentication is successful; if the checks are not consistent, the authentication fails. If the authentication fails, the network controller immediately broadcasts invalid IP distributed by the equipment with failed authentication to all the equipment of the private network after sending a response of failed authentication to the terminal equipment, and recovers the IP.
And 8, the terminal equipment receives the authentication result information, the authentication process is completed, and the whole process is as shown in fig. 2.
It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware.
The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when some of the above modules are implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can invoke the program code. For another example, the modules may be integrated together and implemented in the form of a System-on-a-Chip (SOC).
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a readable storage medium or transmitted from one readable storage medium to another readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is to be understood that the various numerical references referred to in the embodiments of the present application are merely for descriptive convenience and are not intended to limit the scope of the embodiments of the present application.
It should be understood that, in the embodiment of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.
Claims (10)
1. A proprietary network equipment access authentication system based on mobile phone short messages is characterized in that: the system comprises a network controller, wherein the network controller comprises an authentication module, a storage module and a short message module; wherein:
an authentication module: acquiring an authentication request of a terminal, responding to the terminal, and requiring the terminal to input a mobile phone number for authentication; acquiring a mobile phone number responded by a terminal, and sending a short message verification code through a short message module; acquiring a verification code responded by the terminal, wherein the verification code is consistent with a verification code which is recorded in a storage module and sent to an authenticator by a designated mobile phone number through a short message;
a storage module: storing verification code data sent to a specified mobile phone number;
a short message module: and sending the random verification code to the appointed mobile phone number through the short message platform.
2. The proprietary network device access authentication system of claim 1, wherein: the authentication module is based on an EAPOL protocol, the type of the request and the response related to the short message authentication uses 255 experiment type definition to transmit Data, and the format of a message Data field is defined as follows: 2-bit 16-system type value + transmission data.
3. The proprietary network device access authentication system of claim 1, wherein: when the terminal equipment accesses the private network, the network controller allocates corresponding IP in the address pool through a DHCP protocol.
4. The proprietary network device access authentication system of claim 1, wherein: after the terminal equipment acquires the IP, an authentication request is sent to the network controller by using an EAPOL protocol through the authentication module, and after the network controller receives the request, whether the authentication can be accepted or not is confirmed to the terminal equipment.
5. The proprietary network device access authentication system of claim 1, wherein: and the authentication module of the terminal equipment prompts a user to input the mobile phone number for receiving the short message verification code, and the prompting mode comprises webpage and shell interaction.
6. The proprietary network device access authentication system of claim 1, wherein: the network controller receives data transmitted by the terminal equipment, identifies the type value of the data as 0x01, and reads the following data as a mobile phone number; an authentication module of the network controller randomly generates a verification code, the verification code is sent to a mobile phone number transmitted by the terminal equipment through a short message module, equipment information, the mobile phone number and the verification code are recorded in a storage module, and the verification code is marked for 1 minute; and simultaneously responding the sent mobile phone verification code to the terminal equipment, wherein the Data content is as follows: 0x11, no data.
7. The proprietary network device access authentication system of claim 1, wherein: after receiving the verification code, the network controller searches the verification code corresponding to the equipment information from the storage equipment, then verifies the received verification code and the searched verification code, and if the verification is consistent, the authentication is successful; if the checks are not consistent, the authentication fails.
8. If the authentication fails, the network controller immediately broadcasts invalid IP distributed by the equipment with failed authentication to all the equipment of the private network after sending a response of failed authentication to the terminal equipment, and recovers the IP.
9. A private network equipment access authentication method based on mobile phone short messages is characterized in that: the method comprises the following steps:
acquiring an authentication request of a terminal, and responding to a request for inputting a mobile phone number for authentication;
acquiring a mobile phone number responded by a terminal, and sending a short message verification code through a short message module; acquiring a verification code responded by the terminal, wherein the verification code is consistent with a verification code which is recorded in a storage module and sent to an authenticator by a designated mobile phone number through a short message;
storing verification code data sent to a specified mobile phone number;
and sending the random verification code to the appointed mobile phone number through the short message platform.
10. The proprietary network device access authentication method of claim 1, wherein: after receiving the verification code, the network controller searches the verification code corresponding to the equipment information from the storage equipment, then verifies the received verification code and the searched verification code, and if the verification is consistent, the authentication is successful; if the verification is inconsistent, the authentication fails; if the authentication fails, the network controller immediately broadcasts invalid IP distributed by the equipment with failed authentication to all the equipment of the private network after sending a response of failed authentication to the terminal equipment, and recovers the IP.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111407261.1A CN114125842A (en) | 2021-11-24 | 2021-11-24 | Private network equipment access authentication system and method based on mobile phone short message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111407261.1A CN114125842A (en) | 2021-11-24 | 2021-11-24 | Private network equipment access authentication system and method based on mobile phone short message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114125842A true CN114125842A (en) | 2022-03-01 |
Family
ID=80372323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111407261.1A Pending CN114125842A (en) | 2021-11-24 | 2021-11-24 | Private network equipment access authentication system and method based on mobile phone short message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114125842A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090025079A1 (en) * | 2007-05-31 | 2009-01-22 | Yoshimichi Tanizawa | Communication system for authenticating or relaying network access, relaying apparatus, authentication apparatus, and communication method |
| CN105898743A (en) * | 2015-06-17 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Network connection method, device and system |
| CN110769482A (en) * | 2019-09-16 | 2020-02-07 | 浙江大华技术股份有限公司 | Method and device for network connection of wireless equipment and wireless router equipment |
-
2021
- 2021-11-24 CN CN202111407261.1A patent/CN114125842A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090025079A1 (en) * | 2007-05-31 | 2009-01-22 | Yoshimichi Tanizawa | Communication system for authenticating or relaying network access, relaying apparatus, authentication apparatus, and communication method |
| CN105898743A (en) * | 2015-06-17 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Network connection method, device and system |
| CN110769482A (en) * | 2019-09-16 | 2020-02-07 | 浙江大华技术股份有限公司 | Method and device for network connection of wireless equipment and wireless router equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109787991B (en) | Secret-free login method, device, equipment and storage medium based on mobile terminal | |
| CN112771826B (en) | Application program login method, application program login device and mobile terminal | |
| CN107026860B (en) | Login authentication method, device and system | |
| TWI756200B (en) | Method and device for account binding and business processing | |
| JP2016541082A (en) | Connection management method, apparatus, electronic equipment, program, and recording medium | |
| CN111433770B (en) | Method and apparatus for user authentication and computer readable medium | |
| US11409861B2 (en) | Passwordless authentication | |
| US20230269103A1 (en) | Blockchain-based user information processing method and system | |
| US9235696B1 (en) | User authentication using a portable mobile device | |
| CN116484338A (en) | Database access method and device | |
| CN112272093B (en) | Token management method, electronic equipment and readable storage medium | |
| CN113761498A (en) | Third party login information hosting method, system, equipment and storage medium | |
| TW201430608A (en) | Single-sign-on system and method | |
| CN109858235B (en) | Portable equipment and password obtaining method and device thereof | |
| CN114866247B (en) | Communication method, device, system, terminal and server | |
| CN111600882A (en) | Block chain-based account password management method and device and electronic equipment | |
| CN109802927B (en) | Security service providing method and device | |
| CN114125842A (en) | Private network equipment access authentication system and method based on mobile phone short message | |
| CN113591053A (en) | Method and system for identifying general mobile equipment based on biological information | |
| CN114117373B (en) | Equipment authentication system and method based on secret key | |
| CN114500109B (en) | Processing method and system for product registration platform | |
| CN113765876B (en) | Report processing software access method and device | |
| CN114500025B (en) | Account identifier acquisition method, device, server and storage medium | |
| TWI768307B (en) | Open source software integration approach | |
| CN110430163B (en) | Method, apparatus and medium for saving third party connection information and verifying connection validity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220301 |