CN114944927A - Portal authentication-based client-side-free mutual exclusion access platform - Google Patents
Portal authentication-based client-side-free mutual exclusion access platform Download PDFInfo
- Publication number
- CN114944927A CN114944927A CN202210267422.XA CN202210267422A CN114944927A CN 114944927 A CN114944927 A CN 114944927A CN 202210267422 A CN202210267422 A CN 202210267422A CN 114944927 A CN114944927 A CN 114944927A
- Authority
- CN
- China
- Prior art keywords
- portal
- user
- network
- address
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1403—Architecture for metering, charging or billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a client-side-free mutual exclusion access platform based on Portal authentication, which comprises a Portal client, a network controller, a Portal server, an AAA server, an RADIUS server and an equipment fingerprint memory, wherein the Portal client is connected with the network controller; the network controller is used for acquiring the identity information of the access user and opening the network access authority of the user; the portal client is used for inputting the identity authentication information of the access user; the Portal server receives an identity verification request of an access user from a Portal client, provides free Portal service and a Web-based identity verification interface, and interacts with the network controller by the AAA server to complete user authentication, charging and authorization; the RADIUS server carries out identity authentication on identity authentication information of the access user terminal equipment; the device fingerprint memory stores device fingerprint information used for identity authentication of the handheld terminal device. The scheme monitors the networked handheld terminal based on various charging modes and access rights, and customizes more intelligent and personalized network services.
Description
Technical Field
The invention relates to the technical field of network security authentication, in particular to a client-side-free mutual exclusion access platform based on Portal authentication.
Background
In industries such as governments, enterprises, and medical care, there are often multiple scenarios of safe physical isolation, such as intranet and extranet, for safety reasons. Such as an electronic government affair outer network and the Internet, an inspection work network and the Internet, a tax private network and the Internet, an enterprise research and development inner network and the Internet and the like, and meets the high security requirement of multi-network users on office access.
In a traditional scene of multiple safe physical isolation of internal and external networks and the like, if an internal network terminal meets the requirement of accessing the internet along with the change of the requirement, the configuration of network equipment (such as a switch and the like) needs to be adjusted, and even the physical position of the terminal needs to be changed so as to change the internal network terminal into an external network terminal; if the user has the requirement of simultaneously accessing the intranet and the internet, two terminals, namely an intranet terminal and an extranet terminal, are provided.
With the development of mobile internet, internet of things and the like, the access requirements of users, internet of things terminals and the like on the network are not as pure as before, such as a hospital charging system, medical charging information on an intranet server needs to be accessed, and the internet needs to be accessed to realize mobile payment. Network boundaries are increasingly blurred, and in a traditional scene of multiple network security physical isolation, not only more network devices need to be consumed to build different physical networks, but also implementation difficulty is very complex, and requirements of users in related scenes on the networks cannot be met. A technology for integrating multiple networks and facilitating network switching is urgently needed, and different network channels are set according to different user identities and user access requirements, so that network access is not interfered.
Portal authentication is also commonly referred to as Web authentication, and Portal authentication Web sites are commonly referred to as portals. The method provides a simpler user authentication method, and is easier for users to use compared with other authentication methods. It has two major characteristics: 1. The method comprises the following steps of (1) avoiding a client: only needing the support of a web browser (such as IE), the authentication service can be provided for the user, and a special client or a dialing program is not required to be installed; the client-free software is a basic requirement for public network nodes such as hotels, hotels and the like;
2. new service bearer: by using Portal function of Portal certification, the operator can put cell broadcast, advertisement, information inquiry, online shopping and other services on the Portal. The user can forcibly see the information when surfing the internet.
The basic mode of Portal authentication is that an authentication window is arranged at a remarkable position of a Portal page, a user logs in the Portal authentication page to authenticate after starting up to obtain an IP address, and the Internet can be accessed after the authentication is passed.
The terminal access technology based on identity authentication actually uses portal authentication technology, and comprises: the method has the advantages that the authentication client does not need to be installed, the maintenance workload of the client is reduced, the operation is convenient, the service expansion and the technical maturity can be developed on a Portal page, and the method is widely applied to networks such as electric power, operators, schools and the like. Portal authentication is not encrypted in a network access stage, but when a user accesses a network, the user is required to input a user name and a password, the internet can be accessed after the authentication is successful, the Portal authentication has obvious characteristics, a special client is not needed, a browser is available, and therefore the mobile phone can be used in other aspects; however, the disadvantages are obvious, for different terminal users, the networking cost is high, the user connectivity is poor, and it is not easy to detect the user offline, so that the charging based on time is difficult to implement, the IP address is allocated before the user authentication, if the user is not an online user, the address waste is caused, and the support of multiple ISPs is inconvenient.
Disclosure of Invention
The invention aims to design a client-side-free mutual exclusion access platform based on Portal authentication, without installing various client sides in forms on a handheld terminal, the user identity can be authenticated through a Portal website, the ID of an access user and the MAC address of the handheld terminal are automatically bound, and based on various charging modes and access authorities, the networked handheld terminal can be monitored and verified according to different user identities and network requirements, and more intelligent and personalized network services can be customized.
In order to achieve the technical purpose, the invention provides a technical scheme that a client-side-exclusive access platform based on Portal authentication comprises a Portal client side, a network controller, a Portal server, an AAA server, an RADIUS server and an equipment fingerprint memory;
the network controller is used as an access port of the user equipment and is used for acquiring the identity information of an access user and opening the network access right of the user;
the portal client serves as a browser carrier running an HTTP (hyper text transport protocol) and is used for inputting the identity authentication information of an access user; the Portal server receives an authentication request of an access user from a Portal client, provides free Portal service and a Web-based authentication interface, and interacts with handheld terminal equipment of the access user to acquire equipment fingerprint information of the handheld terminal equipment;
the AAA server interacts with the network controller to complete user identity authentication, charging and authorization;
the RADIUS server stores an account number and a password of the access user terminal equipment and performs authentication on authentication information of the access user terminal equipment;
the device fingerprint memory stores device fingerprint information used for identity authentication of the handheld terminal device.
Preferably, the step of acquiring the network access right for the first time by the access user comprises the following steps:
s1, the hand-held terminal device is connected with the network controller and then sends a network request to the portal server;
s2, the portal server feeds back the webpage link of the portal client and initiates a user identity request;
s3, the access user inputs the account and the password through the portal client displayed by the hand-held terminal equipment and submits a connection request; the account comprises a domain user name and a password;
s4, the network controller sends the obtained account and the obtained password to the RADIUS server for verification and matching; if the matching is successful, executing S5, and if the matching is unsuccessful, feeding back an abnormal prompt message to the portal client;
s5, the network controller feeds back the successful result of the access user identity authentication to the portal server;
s6, authorizing the network connection request of the protection user by the portal server, commanding the network controller to open the network and allocate an IP address according to the authority of the AAA server, and binding the relationship between the user identity and the VRF by the network controller; and feeding back the identity confirmation success result to the portal client.
Preferably, in S6, the method for the network controller to open the network according to the authority of the AAA server includes the steps of: the AAA server acquires an account number of an access user and opens corresponding authority according to the limiting condition of the corresponding account number;
the limiting conditions include network connection duration, network data flow size and speed, and network access domain.
Preferably, the handheld terminal accesses the network for the first time, namely, the automatic entry and archiving of the fingerprint information of the device are completed, and the method comprises the following steps:
after the handheld terminal is connected with the network controller through the network, the AAA server carries out real-time monitoring according to the limiting conditions corresponding to the IP address;
when the corresponding IP address touches any one of the limiting conditions, the AAA server interacts with a portal server, and the portal server sends a network service interruption instruction to a network controller;
the portal server inquires whether fingerprint information of the handheld device exists in the device fingerprint memory; if yes, feeding back corresponding authority prompting information to the portal client; if not, the access user sends an authentication request again through the account and the password;
the network controller acquires the MAC address of the handheld terminal, sends a storage bit expansion request to the equipment fingerprint memory, binds the MAC address and the IP address and then sends the binding result to an expansion position.
Preferably, the user requests the network connection for the second time, which includes the following steps:
if the permission prompt message is not released, continuing waiting or releasing the appointment according to the limiting condition for operation;
if the authority prompt information is removed, the network controller carries out network connection according to the IP address of the handheld terminal;
the AAA server feeds back the limiting conditions corresponding to the IP address to a portal server, and the portal server calls the fingerprint information in the device fingerprint storage; performing authority verification by matching the IP address with the MAC address; if the MAC address is successfully matched with the IP address, the network communication is unlimited, and the flow information is forwarded through a dedicated channel through a routing table in a VRF; and if the MAC address is not successfully matched with the IP address, monitoring the network according to the limiting conditions of the original IP address.
Preferably, if the MAC address is unsuccessfully matched with the IP address, the abnormal user is indicated, the user identity information needs to be verified again, after the user identity information is successfully verified, the new MAC address and the IP address are bound, the new MAC address and the IP address are sent to the storage bit of the original IP address after the binding is completed, and the new MAC address serves as the standby fingerprint information of the original MAC address.
Preferably, the memory bit expansion follows the following principle:
if a user logs in user information at different handheld terminals, binding corresponding IP addresses with MAC addresses of new handheld terminals, forming an MAC address pool by a plurality of MAC addresses, setting a threshold value H for the MAC address pool of the user according to the authority of the user, reserving H MAC addresses according to the use frequency of the MAC addresses in unit time, and unbinding the rest MAC addresses from the IP addresses; when the unbound MAC address or a new MAC address is accessed into the network controller again, the user identity needs to be verified separately, and a MAC address use log is generated, so that the MAC address pool can be updated conveniently according to the use frequency.
The invention has the beneficial effects that: the invention designs a client-side-free mutual exclusion access platform based on Portal authentication, without installing clients in various forms on a handheld terminal, the user identity can be authenticated through a Portal website, the ID of the access user and the MAC address of the handheld terminal are automatically bound, and the networked handheld terminal is monitored based on various charging modes and access permissions, so that more intelligent and personalized network services are customized.
Drawings
FIG. 1 is a schematic diagram of a Portal authentication-based client-less mutual exclusion access platform structure according to the present invention.
Fig. 2 is a flowchart of the present invention for an accessing user to obtain network access right for the first time.
The symbols in the figure illustrate: 1-hand-held terminal, 2-Portal client, 3-network controller, 4-Portal server, 5-AAA server, 6-RADIUS server, 7-device fingerprint memory.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail with reference to the accompanying drawings and examples, it is to be understood that the specific embodiment described herein is only a preferred embodiment of the present invention, and is used for illustration only and not for limiting the scope of the present invention, and that all other embodiments obtained by a person of ordinary skill in the art without making any creative efforts shall fall within the scope of the present invention.
Example (b):
as shown in fig. 1, the Portal authentication-based client-less mutual exclusion access platform includes a Portal client 2, a network controller 3, a Portal server 4, an AAA server 5, an RADIUS server 6, and an apparatus fingerprint memory 7;
the network controller is used as an access port of the user equipment and is used for acquiring the identity information of an access user and opening the network access right of the user;
the portal client serves as a browser carrier running an HTTP (hyper text transport protocol) and is used for inputting the identity authentication information of an access user; the Portal server receives an identity authentication request of an access user from a Portal client, provides free Portal service and a Web-based identity authentication interface, and interacts with the handheld terminal 1 equipment of the access user to acquire equipment fingerprint information of the handheld terminal equipment;
the AAA server interacts with the network controller to complete user authentication, charging and authorization;
the RADIUS server stores an account number and a password of the access user terminal equipment and performs authentication on authentication information of the access user terminal equipment;
the device fingerprint memory stores device fingerprint information used for identity authentication of the handheld terminal device.
As shown in fig. 2, the step of the access user obtaining the network access right for the first time includes the following steps:
s1, the hand-held terminal device is connected with the network controller and then sends a network request to the portal server;
s2, the portal server feeds back the webpage link of the portal client and initiates a user identity request;
s3, the access user inputs the account and the password and submits the connection request through the portal client displayed by the handheld terminal device; the account comprises a domain user name and a password;
s4, the network controller sends the obtained account and the obtained password to the RADIUS server for verification and matching; if the matching is successful, executing S5, and if the matching is unsuccessful, feeding back abnormal prompt information to the portal client to re-authenticate the user identity;
s5, the network controller feeds back the successful result of the access user identity authentication to the portal server;
s6, authorizing the network connection request of the protection user by the portal server, commanding the network controller to open the network and allocate an IP address according to the authority of the AAA server, and binding the relationship between the user identity and the VRF by the network controller; and feeding back the successful identity confirmation result to the portal client.
In S6, the network controller opening the network according to the authority of the AAA server includes the steps of: the AAA server acquires an account number of an access user and opens corresponding authority according to the limiting condition of the corresponding account number;
the limiting conditions include network connection duration, network data flow size and speed, and network access domain.
The network controller may be configured as follows:
on a network controller, the association between an authentication domain and a Virtual Router Forwarding (VRF) can be realized by configuring configurations such as a domain name, a VRF (virtual router forwarding), and network isolation, and a specific embodiment is as follows: the user identity is input through a handheld terminal and consists of a user name plus a domain name: for example zhangsan @ inner, if the user authentication is successful, the user is bound with VRF1, and all traffic of the user is forwarded in the routing table of VRF 1; if the user exits the current authentication and uses the user identity zhangsan @ outer authentication, the user is bound with the VRF 2, and all traffic of the user is forwarded in a routing table of the VRF 2.
The handheld terminal accesses the network for the first time, namely, the automatic input and archiving of the fingerprint information of the equipment are completed, and the method comprises the following steps: after the handheld terminal is connected with the network controller through the network, the AAA server carries out real-time monitoring according to the limiting conditions corresponding to the IP address;
when the corresponding IP address touches any one of the limiting conditions, the AAA server interacts with the portal server, and the portal server sends a network service interruption instruction to the network controller; when the AAA server detects that the handheld terminal and the network controller have no data flow within the time T, the portal server sends a network service interruption instruction to the network controller;
the portal server inquires whether fingerprint information of the handheld device exists in the device fingerprint memory; if yes, feeding back corresponding authority prompt information to the portal client; if not, the access user sends an authentication request again through the account and the password;
the network controller acquires the MAC address of the handheld terminal, sends a storage bit expansion request to the equipment fingerprint memory, binds the MAC address and the IP address and then sends the binding result to an expansion position.
Storage bit expansion follows the following principle:
if a user logs in user information at different handheld terminals, binding corresponding IP addresses with MAC addresses of new handheld terminals, forming an MAC address pool by a plurality of MAC addresses, setting a threshold value H for the MAC address pool of the user according to the authority of the user, reserving H MAC addresses according to the use frequency of the MAC addresses in unit time, and unbinding the rest MAC addresses from the IP addresses; when the unbound MAC address or a new MAC address is accessed to the network controller again, the user identity needs to be verified separately, and an MAC address use log is generated, so that the MAC address pool can be updated conveniently according to the use frequency.
One specific example is: if a certain user has MAC addresses (a1, a2, a3, a4, a5) in the MAC address pool used by daily accumulation, and if the user authority is a general user and the number of the authority of the MAC addresses is 3, the MAC addresses are sorted according to the usage frequency of the MAC addresses in a unit time, for example, the usage frequency of the MAC addresses in one month: a1> a2> a3> a4> a 5; the extension bit stores MAC addresses of (a1, a2, a3), unbinding a4 and a 5; when the MAC address a4 or a5 accesses the network controller again, the user identity needs to be verified and a usage log is generated, so that the MAC address pool can be updated according to the usage frequency.
The user requests network connection for the second time, which comprises the following steps:
if the permission prompt message is not released, continuing waiting or releasing the contract according to the limit condition for operation;
if the authority prompt information is removed, the network controller carries out network connection according to the IP address of the handheld terminal;
the AAA server feeds back the limiting condition corresponding to the IP address to a portal server, and the portal server calls the fingerprint information in the device fingerprint memory; performing authority verification by matching the IP address with the MAC address; if the MAC address is successfully matched with the IP address, the network communication is unlimited, and the flow information is forwarded through a dedicated channel through a routing table in a VRF; and if the MAC address is unsuccessfully matched with the IP address, carrying out network monitoring according to the limiting conditions of the original IP address.
If the MAC address is not matched with the IP address successfully, the abnormal user is indicated, the user information needs to be verified again, after the user information is verified successfully, the new MAC address is bound with the IP address and sent to the storage bit of the original IP address after the binding is completed, and the new MAC address serves as the standby fingerprint information of the original MAC address.
The above embodiments are preferred embodiments of the present invention based on Portal authentication, and are not intended to limit the scope of the present invention, which includes but is not limited to the present embodiments, and all equivalent variations in shape and structure according to the present invention are within the scope of the present invention.
Claims (7)
1. The client-side-free mutual exclusion access platform based on Portal authentication is characterized in that: the system comprises a Portal client, a network controller, a Portal server, an AAA server, an RADIUS server and an equipment fingerprint memory;
the network controller is used as an access port of the user equipment and is used for acquiring identity information of an access user and opening network access authority of the user;
the portal client serves as a browser carrier running an HTTP (hyper text transport protocol) and is used for inputting the identity authentication information of an access user;
the Portal server receives an authentication request of an access user from a Portal client, provides free Portal service and a Web-based authentication interface, and interacts with handheld terminal equipment of the access user to acquire equipment fingerprint information of the handheld terminal equipment;
the AAA server interacts with the network controller to complete user identity authentication, charging and authorization;
the RADIUS server stores an account number and a password of the access user terminal equipment and performs identity authentication on identity authentication information of the access user terminal equipment;
the device fingerprint memory stores device fingerprint information used for identity authentication of the handheld terminal device.
2. The Portal authentication-based clientless mutually exclusive access platform according to claim 1, wherein: the method for the access user to acquire the network access right for the first time comprises the following steps:
s1, the hand-held terminal device is connected with the network controller and then sends a network request to the portal server;
s2, the portal server feeds back the webpage link of the portal client and initiates a user identity request;
s3, the access user inputs the account and the password and submits the connection request through the portal client displayed by the handheld terminal device; the account comprises a domain user name and a password;
s4, the network controller sends the obtained account and the obtained password to the RADIUS server for verification and matching; if the matching is successful, S5 is executed, and if the matching is unsuccessful, abnormal prompt information is fed back to the portal client;
s5, the network controller feeds back the successful result of the access user identity authentication to the portal server;
s6, authorizing the network connection request of the protection user by the portal server, commanding the network controller to open the network and allocate an IP address according to the authority of the AAA server, and binding the relationship between the user identity and the VRF by the network controller; and feeding back the identity confirmation success result to the portal client.
3. The Portal authentication-based clientless mutually exclusive access platform according to claim 2, wherein: in S6, the network controller opening the network according to the authority of the AAA server includes the steps of:
the AAA server acquires an account number of an access user and opens corresponding authority according to the limiting condition of the corresponding account number;
the limiting conditions include network connection duration, network data flow size and speed, and network access domain.
4. The Portal authentication-based clientless exclusive access platform according to claim 1 or 2, characterized in that: the handheld terminal accesses the network for the first time, namely, the automatic input and archiving of the fingerprint information of the equipment are completed, and the method comprises the following steps: after the handheld terminal is connected with the network controller through the network, the AAA server carries out real-time monitoring according to the limiting conditions corresponding to the IP address;
when the corresponding IP address touches any one of the limiting conditions, the AAA server interacts with the portal server, and the portal server sends a network service interruption instruction to the network controller;
the portal server inquires whether fingerprint information of the handheld device exists in the device fingerprint memory; if yes, feeding back corresponding authority prompt information to the portal client; if not, the access user sends an authentication request again through the account and the password;
the network controller acquires the MAC address of the handheld terminal, sends a storage bit expansion request to the equipment fingerprint memory, binds the MAC address and the IP address and then sends the MAC address and the IP address to an expansion position.
5. The Portal authentication-based clientless mutually exclusive access platform according to claim 4, wherein:
the user requests network connection for the second time, which comprises the following steps:
if the permission prompt message is not released, continuing waiting or releasing the contract according to the limit condition for operation;
if the authority prompt information is removed, the network controller carries out network connection according to the IP address of the handheld terminal;
the AAA server feeds back the limiting conditions corresponding to the IP address to a portal server, and the portal server calls the fingerprint information in the device fingerprint memory; performing authority verification by matching the IP address with the MAC address; if the MAC address is successfully matched with the IP address, the network communication is unlimited, and the flow information is forwarded through a dedicated channel through a routing table in a VRF; and if the MAC address is not successfully matched with the IP address, monitoring the network according to the limiting conditions of the original IP address.
6. The Portal authentication-based clientless mutually exclusive access platform according to claim 5, wherein:
if the MAC address is not matched with the IP address successfully, the abnormal user is indicated, the user identity information needs to be verified again, after the user identity information is verified successfully, a new MAC address is bound with the IP address, the new MAC address is sent to a storage bit of the original IP address after the binding is completed, and the new MAC address serves as the standby fingerprint information of the original MAC address.
7. The Portal authentication-based client-less mutually exclusive access platform according to claim 4, 5 or 6, wherein: the memory bit expansion follows the following principle:
if a user logs in user information at different handheld terminals, binding corresponding IP addresses with MAC addresses of new handheld terminals, forming an MAC address pool by a plurality of MAC addresses, setting a threshold value H for the MAC address pool of the user according to the authority of the user, reserving H MAC addresses according to the use frequency of the MAC addresses in unit time, and unbinding the rest MAC addresses from the IP addresses; when the unbound MAC address or a new MAC address is accessed into the network controller again, the user identity needs to be verified separately, and a MAC address use log is generated, so that the MAC address pool can be updated conveniently according to the use frequency.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210267422.XA CN114944927B (en) | 2022-03-17 | 2022-03-17 | Portal authentication-based client-free mutual exclusion access platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210267422.XA CN114944927B (en) | 2022-03-17 | 2022-03-17 | Portal authentication-based client-free mutual exclusion access platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114944927A true CN114944927A (en) | 2022-08-26 |
| CN114944927B CN114944927B (en) | 2023-08-08 |
Family
ID=82906174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210267422.XA Active CN114944927B (en) | 2022-03-17 | 2022-03-17 | Portal authentication-based client-free mutual exclusion access platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114944927B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116389032A (en) * | 2022-12-29 | 2023-07-04 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
| CN118694608A (en) * | 2024-08-23 | 2024-09-24 | 四川天邑康和通信股份有限公司 | Portal authentication method and device applied to FTTR gateway and storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| CN101442793A (en) * | 2008-12-30 | 2009-05-27 | 杭州华三通信技术有限公司 | Access method, apparatus and system for wireless network |
| KR20090072687A (en) * | 2007-12-28 | 2009-07-02 | 주식회사 케이티 | Network access authentication system and method for internet access service |
| CN101702717A (en) * | 2009-11-24 | 2010-05-05 | 杭州华三通信技术有限公司 | Method, system and equipment for authenticating Portal |
| CN101895526A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Dial-up authentication method and system |
| CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
| US20130347073A1 (en) * | 2012-06-22 | 2013-12-26 | Ellison W. Bryksa | Authorizing secured wireless access at hotspot having open wireless network and secure wireless network |
| US20140052860A1 (en) * | 2012-08-14 | 2014-02-20 | Benu Networks, Inc. | Ip address allocation |
| US20150089592A1 (en) * | 2013-09-21 | 2015-03-26 | Avaya Inc. | Captive portal systems, methods, and devices |
| CN105764056A (en) * | 2016-04-13 | 2016-07-13 | 北京国创富盛通信股份有限公司 | web certification system and method for public wifi access |
| CN105915550A (en) * | 2015-11-25 | 2016-08-31 | 北京邮电大学 | SDN-based Portal/Radius authentication method |
| CN106375348A (en) * | 2016-11-17 | 2017-02-01 | 杭州华三通信技术有限公司 | Portal authentication method and Portal authentication device |
| CN108600207A (en) * | 2018-04-12 | 2018-09-28 | 清华大学 | Network authentication based on 802.1X and SAVI and access method |
| US20180309756A1 (en) * | 2015-12-28 | 2018-10-25 | Huawei Technologies Co., Ltd. | Identity Authentication Method and Apparatus |
| CN109862565A (en) * | 2019-02-11 | 2019-06-07 | 广东省城乡规划设计研究院 | A kind of WLAN unaware control method, system and readable storage medium storing program for executing |
| CN110831003A (en) * | 2018-08-13 | 2020-02-21 | 广东亿迅科技有限公司 | Authentication method and system based on WLAN flexible access network |
-
2022
- 2022-03-17 CN CN202210267422.XA patent/CN114944927B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
| KR20090072687A (en) * | 2007-12-28 | 2009-07-02 | 주식회사 케이티 | Network access authentication system and method for internet access service |
| CN101442793A (en) * | 2008-12-30 | 2009-05-27 | 杭州华三通信技术有限公司 | Access method, apparatus and system for wireless network |
| CN101895526A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Dial-up authentication method and system |
| CN101702717A (en) * | 2009-11-24 | 2010-05-05 | 杭州华三通信技术有限公司 | Method, system and equipment for authenticating Portal |
| US20130347073A1 (en) * | 2012-06-22 | 2013-12-26 | Ellison W. Bryksa | Authorizing secured wireless access at hotspot having open wireless network and secure wireless network |
| US20140052860A1 (en) * | 2012-08-14 | 2014-02-20 | Benu Networks, Inc. | Ip address allocation |
| CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
| US20150089592A1 (en) * | 2013-09-21 | 2015-03-26 | Avaya Inc. | Captive portal systems, methods, and devices |
| CN105915550A (en) * | 2015-11-25 | 2016-08-31 | 北京邮电大学 | SDN-based Portal/Radius authentication method |
| US20180309756A1 (en) * | 2015-12-28 | 2018-10-25 | Huawei Technologies Co., Ltd. | Identity Authentication Method and Apparatus |
| CN105764056A (en) * | 2016-04-13 | 2016-07-13 | 北京国创富盛通信股份有限公司 | web certification system and method for public wifi access |
| CN106375348A (en) * | 2016-11-17 | 2017-02-01 | 杭州华三通信技术有限公司 | Portal authentication method and Portal authentication device |
| CN108600207A (en) * | 2018-04-12 | 2018-09-28 | 清华大学 | Network authentication based on 802.1X and SAVI and access method |
| CN110831003A (en) * | 2018-08-13 | 2020-02-21 | 广东亿迅科技有限公司 | Authentication method and system based on WLAN flexible access network |
| CN109862565A (en) * | 2019-02-11 | 2019-06-07 | 广东省城乡规划设计研究院 | A kind of WLAN unaware control method, system and readable storage medium storing program for executing |
Non-Patent Citations (3)
| Title |
|---|
| 冯雷;林初建;赵君;高艳;朱悦;: "MAC与Portal相结合的无感知认证技术研究", 华中师范大学学报(自然科学版), no. 1 * |
| 王玮: "高校WLAN无感知认证系统的设计与实现", 《软件工程》, vol. 22, no. 9, pages 23 - 27 * |
| 董学森;: "校园网的身份认证及IP地址管理方案", 泰州职业技术学院学报, no. 03 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116389032A (en) * | 2022-12-29 | 2023-07-04 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
| CN116389032B (en) * | 2022-12-29 | 2023-12-08 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
| CN118694608A (en) * | 2024-08-23 | 2024-09-24 | 四川天邑康和通信股份有限公司 | Portal authentication method and device applied to FTTR gateway and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114944927B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10237732B2 (en) | Mobile device authentication in heterogeneous communication networks scenario | |
| CN1781099B (en) | Automatic configuration of client terminal in public hot spot | |
| CN100437550C (en) | Ethernet confirming access method | |
| CN114944927A (en) | Portal authentication-based client-side-free mutual exclusion access platform | |
| WO2008022589A1 (en) | A system and method for authenticating the accessing request for the home network | |
| US20020042883A1 (en) | Method and system for controlling access by clients to servers over an internet protocol network | |
| WO2015180192A1 (en) | Network connection method, hotspot terminal, and management terminal | |
| CN101212374A (en) | Method and system for remote access to campus network resources | |
| CN108092988B (en) | Non-perception authentication and authorization network system and method based on dynamic temporary password creation | |
| CN108900484B (en) | Access right information generation method and device | |
| WO2013060129A1 (en) | Rapid authentication method, access controller and system for wireless local area network | |
| CN113411286B (en) | Access processing method and device based on 5G technology, electronic equipment and storage medium | |
| CN106790251B (en) | User access method and user access system | |
| EP3043509A1 (en) | Portal authentication method, broadband network gateway (bng), portal server and system | |
| JP2002118562A (en) | Lan which permits authentification rejected terminal to have access under specific conditions | |
| CN107864475A (en) | The quick authentication methods of WiFi based on Portal+ dynamic passwords | |
| CN102916949A (en) | Web authentication method and device | |
| CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
| CN108200039B (en) | Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password | |
| AU2017344389B2 (en) | Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration | |
| CN104936177A (en) | Access authentication method and access authentication system | |
| KR101506594B1 (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
| CN108429624B (en) | QOS dynamic adjustment method, equipment and system | |
| WO2011063658A1 (en) | Method and system for unified security authentication | |
| CN115022068A (en) | Authentication method and system based on user nail |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |