CN114944927A - Portal authentication-based client-side-free mutual exclusion access platform - Google Patents

Portal authentication-based client-side-free mutual exclusion access platform Download PDF

Info

Publication number
CN114944927A
CN114944927A CN202210267422.XA CN202210267422A CN114944927A CN 114944927 A CN114944927 A CN 114944927A CN 202210267422 A CN202210267422 A CN 202210267422A CN 114944927 A CN114944927 A CN 114944927A
Authority
CN
China
Prior art keywords
portal
user
network
authentication
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210267422.XA
Other languages
Chinese (zh)
Other versions
CN114944927B (en
Inventor
钱锦
徐汉麟
徐李冰
倪夏冰
李强强
徐晓华
杜猛俊
向新宇
陈元中
杨谊
周昕悦
卢科帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202210267422.XA priority Critical patent/CN114944927B/en
Publication of CN114944927A publication Critical patent/CN114944927A/en
Application granted granted Critical
Publication of CN114944927B publication Critical patent/CN114944927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了基于Portal认证的无客户端互斥访问平台,包括有门户客户端、网络控制器、Portal服务器、AAA服务器、RADIUS服务器、设备指纹存储器;网络控制器用于获取访问用户的身份信息,开放用户网络访问权限;门户客户端用于输入访问用户的身份验证信息;Portal服务器,接收来自门户客户端的访问用户的身份验证请求,提供免费的门户服务和基于Web的身份验证接口,AAA服务器与网络控制器进行交互,完成用户认证、计费和授权;RADIUS服务器对访问用户终端设备的身份验证信息进行身份验证;设备指纹存储器存储有用于手持终端设备身份认证的设备指纹信息。该方案基于多种计费方式和访问权限,对联网的手持终端进行监控,定制更加智能化和私人化的网络服务。

Figure 202210267422

The invention discloses a clientless mutual exclusive access platform based on Portal authentication, which includes a portal client, a network controller, a Portal server, an AAA server, a RADIUS server, and a device fingerprint memory; the network controller is used to obtain the identity information of the access user, Open user network access rights; the portal client is used to input the authentication information of the access user; the Portal server receives the authentication request of the access user from the portal client, provides free portal services and a web-based authentication interface, and the AAA server communicates with The network controller interacts to complete user authentication, accounting and authorization; the RADIUS server authenticates the identity authentication information of the access user terminal equipment; the device fingerprint memory stores the device fingerprint information used for the identity authentication of the handheld terminal equipment. Based on a variety of billing methods and access rights, the solution monitors networked handheld terminals and customizes more intelligent and personalized network services.

Figure 202210267422

Description

基于Portal认证的无客户端互斥访问平台Clientless Mutual Exclusive Access Platform Based on Portal Authentication

技术领域technical field

本发明涉及网络安全认证技术领域,具体的,涉及基于Portal认证的无客户端互斥访 问平台。The invention relates to the technical field of network security authentication, in particular, to a clientless mutually exclusive access platform based on Portal authentication.

背景技术Background technique

在政府、企业、医疗等行业,出于安全考虑,往往存在内网、外网等多张安全物理隔离的场景。如电子政务外网和互联网、检察工作网和互联网、税务专网和互联网、企业研发开发内网和互联网等,满足多网用户对办公接入访问的高安全性要求。In the government, enterprise, medical and other industries, for security reasons, there are often multiple security physical isolation scenarios such as intranet and extranet. Such as e-government extranet and Internet, procuratorial work network and Internet, taxation special network and Internet, enterprise R&D and development intranet and Internet, etc., to meet the high security requirements of multi-network users for office access.

在传统的内外、外网等多张安全物理隔离的场景中,若内网终端随着需求的变化,出 现访问互联网的需求时,需要调整网络设备(如交换机等)的配置,甚至还需要变更终端的 物理位置,以将内网终端变更为外网终端;若用户有同时访问内网和互联网的需求,将会提 供两台终端,一台内网终端,一台外网终端。In the traditional scenario of multiple security physical isolation, such as internal and external networks, if the internal network terminal needs to access the Internet with changes in demand, the configuration of network equipment (such as switches, etc.) needs to be adjusted, or even needs to be changed. The physical location of the terminal to change the internal network terminal to the external network terminal; if the user needs to access the internal network and the Internet at the same time, two terminals will be provided, one internal network terminal and one external network terminal.

随着移动互联网、物联网等的发展,用户、物联网终端等对网络的访问需求已不再像 以往那么纯粹,如医院收费系统,需要访问内网服务器上的医疗收费信息,还需要访问互联 网实现移动支付。网络边界越来越模糊化,传统的多张网络安全物理隔离的场景,不仅需要 耗费更多的网络设备搭建不同的物理网络,实施难度还非常复杂,已无法满足相关场景用户 对网络的需求。急需一张多张网络融合,且便于网络切换的技术,根据不同的用户身份和用 户访问需求开设不同的网络通道,使其网络访问不受干扰。With the development of mobile Internet, Internet of Things, etc., the access requirements of users and Internet of Things terminals to the network are no longer as pure as before. For example, the hospital charging system needs to access the medical charging information on the intranet server, and also needs to access the Internet. Implement mobile payments. The network boundary is becoming more and more blurred. The traditional scenario of multiple network security physical isolation not only requires more network equipment to build different physical networks, but also is very difficult to implement, which can no longer meet the network requirements of users in related scenarios. There is an urgent need for a technology that integrates multiple networks and facilitates network switching. Different network channels are opened according to different user identities and user access needs, so that network access is not disturbed.

Portal认证通常也称为Web认证,一般将Portal认证网站称为门户网站。它提供了一 种较为简单的用户认证方法,对用户而言,相对其它认证方式更易于使用。它有两大特色: 1、免客户端:只需要网页浏览器(如IE)支持,即可为用户提供认证服务,不需要安装专门的客户端或者拨号程序;免客户端软件对于像宾馆、酒店等公共网络节点,免客户端软件是一个基本要求;Portal authentication is also commonly referred to as web authentication, and Portal authentication websites are generally referred to as portal websites. It provides a relatively simple user authentication method, which is easier for users to use than other authentication methods. It has two major features: 1. Client-free: it only needs the support of a web browser (such as IE) to provide users with authentication services, without the need to install a special client or dial-up program; For public network nodes such as hotels, client-free software is a basic requirement;

2、新业务载体:利用Portal认证的门户功能,运营商可以将小区广播、广告、信息查询、网 上购物等业务放到Portal上。用户上网时会强制地看到上述信息。2. New service carrier: Using the portal function of Portal authentication, operators can put community broadcasting, advertisement, information query, online shopping and other services on Portal. Users will be forced to see the above information when surfing the Internet.

Portal认证的基本方式是通过在Portal页面的显著位置设置认证窗口,用户开机获取IP 地址后,通过登录Portal认证页面进行认证,认证通过后即可访问Internet。The basic method of Portal authentication is to set an authentication window in a prominent position on the Portal page. After the user boots up to obtain an IP address, the user logs in to the Portal authentication page for authentication. After the authentication is passed, the user can access the Internet.

基于身份认证的终端准入技术,实际上是运用了portal认证技术,其具有:不需要安 装认证客户端,减少客户端的维护工作量、便于运营,可以在Portal页面上开展业务拓展、 技术成熟等优点而被广泛应用于电力、运营商、学校等网络。Portal认证在接入网络阶段不进 行加密,但是当用户访问网络的时候,会要求用户输入用户名和密码.认证成功后就可以上网 了,portal认证的特点显而易见,就是不需要特殊的客户端,有浏览器就可以了,所以手机也可 以方面的使用;但缺点也显而易见,对于不同终端用户,其组网成本较高,用户连接性差, 不容易检测用户离线,因此基于时间的计费较难实现,IP地址的分配在用户认证前,如果用 户不是上网用户,则会造成地址的浪费,而且不便于多ISP的支持。The terminal access technology based on identity authentication actually uses the portal authentication technology, which has the following features: it does not need to install the authentication client, reduces the maintenance workload of the client, facilitates operation, and can develop business on the Portal page, mature technology, etc. Due to its advantages, it is widely used in electric power, operators, schools and other networks. Portal authentication is not encrypted in the network access stage, but when the user accesses the network, the user will be required to enter the user name and password. After the authentication is successful, the Internet can be accessed. The characteristics of portal authentication are obvious, that is, no special client is required. The browser is enough, so the mobile phone can also be used; but the disadvantages are also obvious. For different end users, the networking cost is high, the user connectivity is poor, and it is not easy to detect that the user is offline, so it is difficult to implement time-based billing. , IP addresses are allocated before user authentication, if the user is not an Internet user, it will cause a waste of addresses, and it is not convenient to support multiple ISPs.

发明内容SUMMARY OF THE INVENTION

本发明的目的是设计基于Portal认证的无客户端互斥访问平台,无需在手持终端上安 装形式各样的客户端,通过门户网站即可认证用户身份,并将访问用户身份ID和手持终端的 MAC地址进行自动绑定,基于多种计费方式和访问权限,可以根据不同用户身份和网络需求 对联网的手持终端进行监控以及对用户身份进行核验,定制更加智能化和私人化的网络服务。The purpose of the present invention is to design a clientless mutual exclusive access platform based on Portal authentication, without the need to install various forms of clients on the handheld terminal, the user identity can be authenticated through the portal website, and the user identity ID and the handheld terminal can be accessed. The MAC address is automatically bound, and based on a variety of billing methods and access rights, it can monitor the networked handheld terminals and verify the user identity according to different user identities and network requirements, and customize more intelligent and private network services.

为实现上述技术目的,本发明提供的一种技术方案是,基于Portal认证的无客户端互 斥访问平台,包括有门户客户端、网络控制器、Portal服务器、AAA服务器、RADIUS服务器、设备指纹存储器;In order to realize the above-mentioned technical purpose, a kind of technical scheme provided by the present invention is, based on Portal authentication clientless mutual exclusive access platform, including portal client, network controller, Portal server, AAA server, RADIUS server, device fingerprint memory ;

网络控制器作为用户设备的接入端口,用于获取访问用户的身份信息,开放用户网络访问权 限;As the access port of the user equipment, the network controller is used to obtain the identity information of the access user and open the user's network access rights;

门户客户端作为运行HTTP协议的浏览器载体,用于输入访问用户的身份验证信息; Portal服务器,接收来自门户客户端的访问用户的身份验证请求,提供免费的门户服务和基于 Web的身份验证接口,并与访问用户的手持终端设备交互以获取手持终端设备的设备指纹信 息;The portal client, as a browser carrier running the HTTP protocol, is used to input the authentication information of the access user; the Portal server, receives the authentication request of the access user from the portal client, and provides free portal services and a web-based authentication interface, And interact with the handheld terminal device of the visiting user to obtain the device fingerprint information of the handheld terminal device;

AAA服务器与网络控制器进行交互,完成用户身份认证、计费和授权;The AAA server interacts with the network controller to complete user identity authentication, accounting and authorization;

RADIUS服务器存储有访问用户终端设备的账号和密码,对访问用户终端设备的身份验证信 息进行身份验证;The RADIUS server stores the account and password for accessing the user terminal equipment, and performs authentication on the identity verification information for accessing the user terminal equipment;

设备指纹存储器存储有用于手持终端设备身份认证的设备指纹信息。The device fingerprint memory stores device fingerprint information used for the identity authentication of the handheld terminal device.

作为优选,访问用户首次获取网络访问权限包括如下步骤:Preferably, the first time the access user obtains the network access authority includes the following steps:

S1、手持终端设备与网络控制器连接后发送网络请求至portal服务器;S1. After the handheld terminal device is connected to the network controller, a network request is sent to the portal server;

S2、portal服务器反馈门户客户端网页链接,发起用户身份请求;S2. The portal server feeds back the web page link of the portal client, and initiates a user identity request;

S3、访问用户通过手持终端设备显示的门户客户端输入其账户和密码并提交连接请求;所述 账户包括有域用户名和密码;S3, the access user enters its account and password through the portal client displayed by the handheld terminal device and submits a connection request; the account includes a domain user name and a password;

S4、网络控制器将获取的账户和密码发送至RADIUS服务器进行验证匹配;若匹配成功,执 行S5、若匹配不成功,反馈异常提示信息至门户客户端;S4. The network controller sends the obtained account and password to the RADIUS server for verification and matching; if the matching is successful, execute S5, and if the matching is unsuccessful, feedback abnormal prompt information to the portal client;

S5、网络控制器将访问用户身份验证成功结果反馈至portal服务器;S5. The network controller feeds back the successful result of the access user authentication to the portal server;

S6、portal服务器授权防护用户的网络连接请求,命令网络控制器根据AAA服务器的权限开 放网络并分配IP地址,网络控制器绑定用户身份和VRF的关系;反馈身份确认成功结果至 门户客户端。S6. The portal server authorizes and protects the user's network connection request, commands the network controller to open the network and assigns an IP address according to the authority of the AAA server, and the network controller binds the relationship between the user identity and the VRF; feedback the successful result of identity confirmation to the portal client.

作为优选,S6中,网络控制器根据AAA服务器的权限开放网络包括如下步骤: AAA服务器获取访问用户的账号,根据对应账号的限制条件开启对应权限;Preferably, in S6, the network controller opening the network according to the authority of the AAA server includes the following steps: the AAA server obtains the account of the accessing user, and opens the corresponding authority according to the restriction conditions of the corresponding account;

所述限制条件包括网络连接时长、网络数据流大小和速度以及网络访问域。The constraints include network connection duration, network data flow size and speed, and network access domains.

作为优选,手持终端首次访问网络,即完成设备指纹信息的自动录入和存档,包括如 下步骤:Preferably, when the handheld terminal accesses the network for the first time, the automatic entry and archiving of the device fingerprint information is completed, including the following steps:

手持终端与网络控制器实现网络连接后,AAA服务器根据IP地址对应的限制条件进行实时 监控;After the handheld terminal and the network controller are connected to the network, the AAA server performs real-time monitoring according to the restriction conditions corresponding to the IP address;

当对应的IP地址触及限制条件中的任一项,AAA服务器与portal服务器进行交互,portal服 务器向网络控制器发送网络服务中断指令;When the corresponding IP address touches any one of the restriction conditions, the AAA server interacts with the portal server, and the portal server sends a network service interruption instruction to the network controller;

portal服务器查询设备指纹存储器中是否存在手持设备的指纹信息;若有,反馈对应的权限提 示信息至门户客户端;若无,访问用户再次通过账户和密码发送验证请求;The portal server queries whether the fingerprint information of the handheld device exists in the device fingerprint memory; if so, feeds back the corresponding permission prompt information to the portal client; if not, the access user sends a verification request through the account and password again;

网络控制器获取手持终端的MAC地址,向设备指纹存储器发送存储位拓展请求,将MAC地 址和IP地址绑定后发送至拓展位。The network controller obtains the MAC address of the handheld terminal, sends a storage bit expansion request to the device fingerprint memory, binds the MAC address and the IP address, and sends it to the expansion bit.

作为优选,用户二次请求网络连接,包括如下步骤:Preferably, the user requests a network connection for the second time, including the following steps:

若权限提示信息未解除,则需要继续等待,或根据限制条件解除约定进行操作;If the permission prompt message is not released, you need to continue to wait, or operate according to the agreement to release the restrictions;

若权限提示信息解除,网络控制器根据手持终端IP地址进行网络连接;If the permission prompt information is released, the network controller will connect to the network according to the IP address of the handheld terminal;

AAA服务器将IP地址对应的限制条件反馈至portal服务器,portal服务器调取设备指纹存储 器中的指纹信息;通过匹配IP地址与MAC地址进行权限验证;若MAC地址与IP地址匹配 成功,则网络连通无限制,流量信息通过VRF中的路由表进行专属通道转发;若MAC地址 与IP地址匹配不成功,根据原有IP地址的限制条件进行网络监控。The AAA server feeds back the restrictions corresponding to the IP address to the portal server, and the portal server retrieves the fingerprint information in the fingerprint memory of the device; verifies the authority by matching the IP address and the MAC address; if the MAC address and the IP address match successfully, the network is not connected. The traffic information is forwarded through the exclusive channel in the routing table in the VRF; if the MAC address does not match the IP address successfully, the network monitoring is performed according to the restrictions of the original IP address.

作为优选,若MAC地址与IP地址匹配不成功,则表示出现异常用户,需要对用户身份信息再次验证,验证成功后,将新的MAC地址与IP地址进行绑定,绑定完成后发送至原 有IP地址的存储位中,新的MAC地址作为原有MAC地址备用指纹信息。Preferably, if the MAC address does not match the IP address successfully, it means that there is an abnormal user, and the user identity information needs to be verified again. After the verification is successful, the new MAC address and IP address are bound. In the storage bit with the IP address, the new MAC address is used as the backup fingerprint information of the original MAC address.

作为优选,存储位拓展遵循以下原则:Preferably, the storage bit expansion follows the following principles:

若用户在不同的手持终端登录用户信息,对应IP地址与新的手持终端的MAC地址进行绑定, 若干MAC地址形成MAC地址池,根据用户的权限大小对用户的MAC地址池设定阈值H, 根据单位时间内MAC地址的使用频繁度大小保留H个MAC地址,其余MAC地址与IP地 址解绑;当解绑的MAC地址或新的MAC地址再次接入网络控制器时,需要对用户身份进行 单独验证,并生成MAC地址使用日志,便于MAC地址池根据使用频次进行更新。If a user logs in user information on different handheld terminals, the corresponding IP address is bound to the MAC address of the new handheld terminal, and several MAC addresses form a MAC address pool, and a threshold H is set for the user's MAC address pool according to the user's authority. H MAC addresses are reserved according to the frequency of use of MAC addresses per unit time, and the remaining MAC addresses are unbound from the IP addresses; when the unbound MAC addresses or new MAC addresses access the network controller again, the user identity needs to be checked It is verified separately, and a log of MAC address usage is generated, so that the MAC address pool can be updated according to the usage frequency.

本发明的有益效果:本发明设计基于Portal认证的无客户端互斥访问平台,无需在手 持终端上安装形式各样的客户端,通过门户网站即可认证用户身份,并将访问用户身份ID和 手持终端的MAC地址进行自动绑定,基于多种计费方式和访问权限,对联网的手持终端进 行监控,定制更加智能化和私人化的网络服务。Beneficial effects of the present invention: The present invention designs a clientless mutually exclusive access platform based on Portal authentication, without installing various clients on the handheld terminal, the user identity can be authenticated through the portal website, and the access user identity ID and The MAC address of the handheld terminal is automatically bound, and based on a variety of billing methods and access rights, it monitors the networked handheld terminal and customizes more intelligent and private network services.

附图说明Description of drawings

图1为本发明的基于Portal认证的无客户端互斥访问平台结构示意图。FIG. 1 is a schematic structural diagram of a clientless mutually exclusive access platform based on Portal authentication of the present invention.

图2为本发明的访问用户首次获取网络访问权限的流程图。FIG. 2 is a flow chart of the first time an access user obtains a network access right according to the present invention.

图中标记说明:1-手持终端、2-门户客户端、3-网络控制器、4-Portal服务器、5-AAA 服务器、6-RADIUS服务器、7-设备指纹存储器。Description of marks in the figure: 1-handheld terminal, 2-portal client, 3-network controller, 4-Portal server, 5-AAA server, 6-RADIUS server, 7-device fingerprint memory.

具体实施方式Detailed ways

为使本发明的目的、技术方案以及优点更加清楚明白,下面结合附图和实施例对本发 明作进一步详细说明,应当理解的是,此处所描述的具体实施方式仅是本发明的一种最佳实 施例,仅用以解释本发明,并不限定本发明的保护范围,本领域普通技术人员在没有做出创 造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only the best of the present invention. The embodiments are only used to explain the present invention, and do not limit the protection scope of the present invention. All other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present invention.

实施例:Example:

如图1所示,基于Portal认证的无客户端互斥访问平台,包括有门户客户端2、网络控制器3、 Portal服务器4、AAA服务器5、RADIUS服务器6、设备指纹存储器7;As shown in Figure 1, the clientless mutually exclusive access platform based on Portal authentication includes portal client 2, network controller 3, Portal server 4, AAA server 5, RADIUS server 6, device fingerprint memory 7;

网络控制器作为用户设备的接入端口,用于获取访问用户的身份信息,开放用户网络访问权 限;As the access port of the user equipment, the network controller is used to obtain the identity information of the access user and open the user's network access rights;

门户客户端作为运行HTTP协议的浏览器载体,用于输入访问用户的身份验证信息; Portal服务器,接收来自门户客户端的访问用户的身份验证请求,提供免费的门户服务和基于 Web的身份验证接口,并与访问用户的手持终端1设备交互以获取手持终端设备的设备指纹 信息;The portal client, as a browser carrier running the HTTP protocol, is used to input the authentication information of the access user; the Portal server, receives the authentication request of the access user from the portal client, and provides free portal services and a web-based authentication interface, And interact with the handheld terminal 1 device of the visiting user to obtain the device fingerprint information of the handheld terminal device;

AAA服务器与网络控制器进行交互,完成用户认证、计费和授权;The AAA server interacts with the network controller to complete user authentication, accounting and authorization;

RADIUS服务器存储有访问用户终端设备的账号和密码,对访问用户终端设备的身份验证信 息进行身份验证;The RADIUS server stores the account and password for accessing the user terminal equipment, and performs authentication on the identity verification information for accessing the user terminal equipment;

设备指纹存储器存储有用于手持终端设备身份认证的设备指纹信息。The device fingerprint memory stores device fingerprint information used for the identity authentication of the handheld terminal device.

如图2所示,访问用户首次获取网络访问权限包括如下步骤:As shown in Figure 2, the first time an access user obtains network access rights includes the following steps:

S1、手持终端设备与网络控制器连接后发送网络请求至portal服务器;S1. After the handheld terminal device is connected to the network controller, a network request is sent to the portal server;

S2、portal服务器反馈门户客户端网页链接,发起用户身份请求;S2. The portal server feeds back the web page link of the portal client, and initiates a user identity request;

S3、访问用户通过手持终端设备显示的门户客户端输入其账户和密码并提交连接请求;所述 账户包括有域用户名和密码;S3, the access user enters its account and password through the portal client displayed by the handheld terminal device and submits a connection request; the account includes a domain user name and a password;

S4、网络控制器将获取的账户和密码发送至RADIUS服务器进行验证匹配;若匹配成功,执 行S5、若匹配不成功,反馈异常提示信息至门户客户端进行用户身份重新认证;S4, the network controller sends the obtained account and password to the RADIUS server for verification and matching; if the matching is successful, execute S5, if the matching is unsuccessful, feedback abnormal prompt information to the portal client for user identity re-authentication;

S5、网络控制器将访问用户身份验证成功结果反馈至portal服务器;S5. The network controller feeds back the successful result of the access user authentication to the portal server;

S6、portal服务器授权防护用户的网络连接请求,命令网络控制器根据AAA服务器的权限开 放网络并分配IP地址,网络控制器绑定用户身份和VRF的关系;反馈身份确认成功结果至 门户客户端。S6. The portal server authorizes and protects the user's network connection request, commands the network controller to open the network and assigns an IP address according to the authority of the AAA server, and the network controller binds the relationship between the user identity and the VRF; feedback the successful result of identity confirmation to the portal client.

S6中,网络控制器根据AAA服务器的权限开放网络包括如下步骤: AAA服务器获取访问用户的账号,根据对应账号的限制条件开启对应权限;In S6, the network controller opening the network according to the authority of the AAA server includes the following steps: the AAA server obtains the account of the accessing user, and enables the corresponding authority according to the restriction conditions of the corresponding account;

所述限制条件包括网络连接时长、网络数据流大小和速度以及网络访问域。The constraints include network connection duration, network data flow size and speed, and network access domains.

网络控制器可以配置如下内容:The network controller can be configured with the following:

在网络控制器上,可通过配置域名、VRF(虚拟路由转发)、网络隔离等配置,实现认证域与 VRF的关联,一种具体实施例如下:通过手持终端输入的用户身份,用户身份由用户名+域 名组成:例如zhangsan@inner,如果该用户认证成功,则将该用户与VRF1绑定,用户所有 的流量将在VRF1的路由表中转发;如果该用户退出当前认证,使用用户身份zhangsan@outer 认证,则将该用户与VRF 2绑定,用户所有的流量将在VRF 2的路由表中转发。On the network controller, the association between the authentication domain and the VRF can be realized by configuring the domain name, VRF (virtual route forwarding), network isolation, etc. Name + domain name: For example, zhangsan@inner, if the user is authenticated successfully, bind the user to VRF1, and all traffic of the user will be forwarded in the routing table of VRF1; if the user exits the current authentication, use the user identity zhangsan@ If outer authentication is performed, the user will be bound to VRF 2, and all traffic of the user will be forwarded in the routing table of VRF 2.

手持终端首次访问网络,即完成设备指纹信息的自动录入和存档,包括如下步骤:手持终端与网络控制器实现网络连接后,AAA服务器根据IP地址对应的限制条件进行实时监控;When the handheld terminal accesses the network for the first time, the automatic entry and archive of the device fingerprint information is completed, including the following steps: after the handheld terminal and the network controller are connected to the network, the AAA server performs real-time monitoring according to the restrictions corresponding to the IP address;

当对应的IP地址触及限制条件中的任一项,AAA服务器与portal服务器进行交互,portal服 务器向网络控制器发送网络服务中断指令;当AAA服务器检测到手持终端与网络控制器在 时间T内并无数据流动,portal服务器向网络控制器发送网络服务中断指令;When the corresponding IP address touches any of the restriction conditions, the AAA server interacts with the portal server, and the portal server sends a network service interruption instruction to the network controller; when the AAA server detects that the handheld terminal and the network controller are within the time T When there is no data flow, the portal server sends a network service interruption command to the network controller;

portal服务器查询设备指纹存储器中是否存在手持设备的指纹信息;若有,反馈对应的权限提 示信息至门户客户端;若无,访问用户再次通过账户和密码发送验证请求;The portal server queries whether the fingerprint information of the handheld device exists in the device fingerprint memory; if so, feeds back the corresponding permission prompt information to the portal client; if not, the access user sends a verification request through the account and password again;

网络控制器获取手持终端的MAC地址,向设备指纹存储器发送存储位拓展请求,将MAC地 址和IP地址绑定后发送至拓展位。The network controller obtains the MAC address of the handheld terminal, sends a storage bit expansion request to the device fingerprint memory, binds the MAC address and the IP address, and sends it to the expansion bit.

存储位拓展遵循以下原则:The storage bit expansion follows the following principles:

若用户在不同的手持终端登录用户信息,对应IP地址与新的手持终端的MAC地址进行绑定, 若干MAC地址形成MAC地址池,根据用户的权限大小对用户的MAC地址池设定阈值H, 根据单位时间内MAC地址的使用频繁度大小保留H个MAC地址,其余MAC地址与IP地 址解绑;当解绑的MAC地址或新的MAC地址再次接入网络控制器时,需要对用户身份进行 单独验证,并生成MAC地址使用日志,便于MAC地址池根据使用频次进行更新。If a user logs in user information on different handheld terminals, the corresponding IP address is bound to the MAC address of the new handheld terminal, and several MAC addresses form a MAC address pool, and a threshold H is set for the user's MAC address pool according to the user's authority. H MAC addresses are reserved according to the frequency of use of MAC addresses per unit time, and the remaining MAC addresses are unbound from the IP addresses; when the unbound MAC addresses or new MAC addresses access the network controller again, the user identity needs to be checked It is verified separately, and a log of MAC address usage is generated, so that the MAC address pool can be updated according to the usage frequency.

一种具体实例为:若某个用户日常累计使用的MAC地址池有MAC地址(a1、a2、a3、a4、a5),若用户权限为一般用户,其MAC地址的权限个数为3个,则根据一个单位时间内 MAC地址的使用频率对MAC地址进行使用频繁度排序,如一个月内MAC地址进行使用频 繁度:a1>a2>a3>a4>a5;则扩展位存储的MAC地址为(a1、a2、a3),解绑a4和a5;当MAC 地址a4或a5再次接入网络控制器时,需要对用户身份进行验证,并生成使用日志,便于MAC 地址池根据使用频次进行更新。A specific example is: if a user's daily cumulative use of the MAC address pool has MAC addresses (a1, a2, a3, a4, a5), if the user authority is a general user, the number of MAC address authority is 3, Then sort the MAC address usage frequency according to the usage frequency of the MAC address in a unit time. For example, the MAC address usage frequency in one month: a1>a2>a3>a4>a5; then the MAC address stored in the extended bit is ( a1, a2, a3), unbind a4 and a5; when the MAC address a4 or a5 is connected to the network controller again, the user identity needs to be verified, and a usage log is generated, so that the MAC address pool can be updated according to the frequency of use.

用户二次请求网络连接,包括如下步骤:The user requests a network connection for the second time, including the following steps:

若权限提示信息未解除,则需要继续等待,或根据限制条件解除约定进行操作;If the permission prompt message is not released, you need to continue to wait, or operate according to the agreement to release the restrictions;

若权限提示信息解除,网络控制器根据手持终端IP地址进行网络连接;If the permission prompt information is released, the network controller will connect to the network according to the IP address of the handheld terminal;

AAA服务器将IP地址对应的限制条件反馈至portal服务器,portal服务器调取设备指纹存储 器中的指纹信息;通过匹配IP地址与MAC地址进行权限验证;若MAC地址与IP地址匹配 成功,则网络连通无限制,流量信息通过VRF中的路由表进行专属通道转发;若MAC地址 与IP地址匹配不成功,根据原有IP地址的限制条件进行网络监控。The AAA server feeds back the restrictions corresponding to the IP address to the portal server, and the portal server retrieves the fingerprint information in the fingerprint memory of the device; verifies the authority by matching the IP address and the MAC address; if the MAC address and the IP address match successfully, the network is not connected. The traffic information is forwarded through the exclusive channel in the routing table in the VRF; if the MAC address does not match the IP address successfully, the network monitoring is performed according to the restrictions of the original IP address.

若MAC地址与IP地址匹配不成功,则表示出现异常用户,需要对用户信息再次验证, 验证成功后,将新的MAC地址与IP地址进行绑定,绑定完成后发送至原有IP地址的存储位 中,新的MAC地址作为原有MAC地址备用指纹信息。If the match between the MAC address and the IP address is unsuccessful, it means that there is an abnormal user, and the user information needs to be verified again. After the verification is successful, the new MAC address is bound to the IP address. After the binding is completed, it is sent to the original IP address. In the storage bit, the new MAC address is used as the backup fingerprint information of the original MAC address.

以上所述之具体实施方式为本发明基于Portal认证的无客户端互斥访问平台的较佳实 施方式,并非以此限定本发明的具体实施范围,本发明的范围包括并不限于本具体实施方式, 凡依照本发明之形状、结构所作的等效变化均在本发明的保护范围内。The specific embodiment described above is the preferred embodiment of the clientless mutually exclusive access platform based on Portal authentication of the present invention, and is not intended to limit the specific implementation scope of the present invention. The scope of the present invention includes but is not limited to the specific implementation manner. , all equivalent changes made according to the shape and structure of the present invention are within the protection scope of the present invention.

Claims (7)

1. The client-side-free mutual exclusion access platform based on Portal authentication is characterized in that: the system comprises a Portal client, a network controller, a Portal server, an AAA server, an RADIUS server and an equipment fingerprint memory;
the network controller is used as an access port of the user equipment and is used for acquiring identity information of an access user and opening network access authority of the user;
the portal client serves as a browser carrier running an HTTP (hyper text transport protocol) and is used for inputting the identity authentication information of an access user;
the Portal server receives an authentication request of an access user from a Portal client, provides free Portal service and a Web-based authentication interface, and interacts with handheld terminal equipment of the access user to acquire equipment fingerprint information of the handheld terminal equipment;
the AAA server interacts with the network controller to complete user identity authentication, charging and authorization;
the RADIUS server stores an account number and a password of the access user terminal equipment and performs identity authentication on identity authentication information of the access user terminal equipment;
the device fingerprint memory stores device fingerprint information used for identity authentication of the handheld terminal device.
2. The Portal authentication-based clientless mutually exclusive access platform according to claim 1, wherein: the method for the access user to acquire the network access right for the first time comprises the following steps:
s1, the hand-held terminal device is connected with the network controller and then sends a network request to the portal server;
s2, the portal server feeds back the webpage link of the portal client and initiates a user identity request;
s3, the access user inputs the account and the password and submits the connection request through the portal client displayed by the handheld terminal device; the account comprises a domain user name and a password;
s4, the network controller sends the obtained account and the obtained password to the RADIUS server for verification and matching; if the matching is successful, S5 is executed, and if the matching is unsuccessful, abnormal prompt information is fed back to the portal client;
s5, the network controller feeds back the successful result of the access user identity authentication to the portal server;
s6, authorizing the network connection request of the protection user by the portal server, commanding the network controller to open the network and allocate an IP address according to the authority of the AAA server, and binding the relationship between the user identity and the VRF by the network controller; and feeding back the identity confirmation success result to the portal client.
3. The Portal authentication-based clientless mutually exclusive access platform according to claim 2, wherein: in S6, the network controller opening the network according to the authority of the AAA server includes the steps of:
the AAA server acquires an account number of an access user and opens corresponding authority according to the limiting condition of the corresponding account number;
the limiting conditions include network connection duration, network data flow size and speed, and network access domain.
4. The Portal authentication-based clientless exclusive access platform according to claim 1 or 2, characterized in that: the handheld terminal accesses the network for the first time, namely, the automatic input and archiving of the fingerprint information of the equipment are completed, and the method comprises the following steps: after the handheld terminal is connected with the network controller through the network, the AAA server carries out real-time monitoring according to the limiting conditions corresponding to the IP address;
when the corresponding IP address touches any one of the limiting conditions, the AAA server interacts with the portal server, and the portal server sends a network service interruption instruction to the network controller;
the portal server inquires whether fingerprint information of the handheld device exists in the device fingerprint memory; if yes, feeding back corresponding authority prompt information to the portal client; if not, the access user sends an authentication request again through the account and the password;
the network controller acquires the MAC address of the handheld terminal, sends a storage bit expansion request to the equipment fingerprint memory, binds the MAC address and the IP address and then sends the MAC address and the IP address to an expansion position.
5. The Portal authentication-based clientless mutually exclusive access platform according to claim 4, wherein:
the user requests network connection for the second time, which comprises the following steps:
if the permission prompt message is not released, continuing waiting or releasing the contract according to the limit condition for operation;
if the authority prompt information is removed, the network controller carries out network connection according to the IP address of the handheld terminal;
the AAA server feeds back the limiting conditions corresponding to the IP address to a portal server, and the portal server calls the fingerprint information in the device fingerprint memory; performing authority verification by matching the IP address with the MAC address; if the MAC address is successfully matched with the IP address, the network communication is unlimited, and the flow information is forwarded through a dedicated channel through a routing table in a VRF; and if the MAC address is not successfully matched with the IP address, monitoring the network according to the limiting conditions of the original IP address.
6. The Portal authentication-based clientless mutually exclusive access platform according to claim 5, wherein:
if the MAC address is not matched with the IP address successfully, the abnormal user is indicated, the user identity information needs to be verified again, after the user identity information is verified successfully, a new MAC address is bound with the IP address, the new MAC address is sent to a storage bit of the original IP address after the binding is completed, and the new MAC address serves as the standby fingerprint information of the original MAC address.
7. The Portal authentication-based client-less mutually exclusive access platform according to claim 4, 5 or 6, wherein: the memory bit expansion follows the following principle:
if a user logs in user information at different handheld terminals, binding corresponding IP addresses with MAC addresses of new handheld terminals, forming an MAC address pool by a plurality of MAC addresses, setting a threshold value H for the MAC address pool of the user according to the authority of the user, reserving H MAC addresses according to the use frequency of the MAC addresses in unit time, and unbinding the rest MAC addresses from the IP addresses; when the unbound MAC address or a new MAC address is accessed into the network controller again, the user identity needs to be verified separately, and a MAC address use log is generated, so that the MAC address pool can be updated conveniently according to the use frequency.
CN202210267422.XA 2022-03-17 2022-03-17 Clientless Mutual Exclusive Access Platform Based on Portal Authentication Active CN114944927B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210267422.XA CN114944927B (en) 2022-03-17 2022-03-17 Clientless Mutual Exclusive Access Platform Based on Portal Authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210267422.XA CN114944927B (en) 2022-03-17 2022-03-17 Clientless Mutual Exclusive Access Platform Based on Portal Authentication

Publications (2)

Publication Number Publication Date
CN114944927A true CN114944927A (en) 2022-08-26
CN114944927B CN114944927B (en) 2023-08-08

Family

ID=82906174

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210267422.XA Active CN114944927B (en) 2022-03-17 2022-03-17 Clientless Mutual Exclusive Access Platform Based on Portal Authentication

Country Status (1)

Country Link
CN (1) CN114944927B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116389032A (en) * 2022-12-29 2023-07-04 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN118694608A (en) * 2024-08-23 2024-09-24 四川天邑康和通信股份有限公司 PORTAL authentication method, device and storage medium applied to FTTR gateway

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN101127600A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A method for user access authentication
CN101163000A (en) * 2006-10-13 2008-04-16 中兴通讯股份有限公司 Secondary authentication method and system
CN101442793A (en) * 2008-12-30 2009-05-27 杭州华三通信技术有限公司 Access method, apparatus and system for wireless network
KR20090072687A (en) * 2007-12-28 2009-07-02 주식회사 케이티 Network Access Authentication System and Method for Internet Access Service
CN101702717A (en) * 2009-11-24 2010-05-05 杭州华三通信技术有限公司 A method, system and equipment for Portal authentication
CN101895526A (en) * 2009-05-20 2010-11-24 中国电信股份有限公司 Dial-up authentication method and system
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
US20130347073A1 (en) * 2012-06-22 2013-12-26 Ellison W. Bryksa Authorizing secured wireless access at hotspot having open wireless network and secure wireless network
US20140052860A1 (en) * 2012-08-14 2014-02-20 Benu Networks, Inc. Ip address allocation
US20150089592A1 (en) * 2013-09-21 2015-03-26 Avaya Inc. Captive portal systems, methods, and devices
CN105764056A (en) * 2016-04-13 2016-07-13 北京国创富盛通信股份有限公司 web certification system and method for public wifi access
CN105915550A (en) * 2015-11-25 2016-08-31 北京邮电大学 A Portal/Radius authentication method based on SDN
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN108600207A (en) * 2018-04-12 2018-09-28 清华大学 Network authentication based on 802.1X and SAVI and access method
US20180309756A1 (en) * 2015-12-28 2018-10-25 Huawei Technologies Co., Ltd. Identity Authentication Method and Apparatus
CN109862565A (en) * 2019-02-11 2019-06-07 广东省城乡规划设计研究院 A kind of WLAN unaware control method, system and readable storage medium storing program for executing
CN110831003A (en) * 2018-08-13 2020-02-21 广东亿迅科技有限公司 Authentication method and system based on WLAN flexible access network

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN101127600A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A method for user access authentication
CN101163000A (en) * 2006-10-13 2008-04-16 中兴通讯股份有限公司 Secondary authentication method and system
KR20090072687A (en) * 2007-12-28 2009-07-02 주식회사 케이티 Network Access Authentication System and Method for Internet Access Service
CN101442793A (en) * 2008-12-30 2009-05-27 杭州华三通信技术有限公司 Access method, apparatus and system for wireless network
CN101895526A (en) * 2009-05-20 2010-11-24 中国电信股份有限公司 Dial-up authentication method and system
CN101702717A (en) * 2009-11-24 2010-05-05 杭州华三通信技术有限公司 A method, system and equipment for Portal authentication
US20130347073A1 (en) * 2012-06-22 2013-12-26 Ellison W. Bryksa Authorizing secured wireless access at hotspot having open wireless network and secure wireless network
US20140052860A1 (en) * 2012-08-14 2014-02-20 Benu Networks, Inc. Ip address allocation
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
US20150089592A1 (en) * 2013-09-21 2015-03-26 Avaya Inc. Captive portal systems, methods, and devices
CN105915550A (en) * 2015-11-25 2016-08-31 北京邮电大学 A Portal/Radius authentication method based on SDN
US20180309756A1 (en) * 2015-12-28 2018-10-25 Huawei Technologies Co., Ltd. Identity Authentication Method and Apparatus
CN105764056A (en) * 2016-04-13 2016-07-13 北京国创富盛通信股份有限公司 web certification system and method for public wifi access
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN108600207A (en) * 2018-04-12 2018-09-28 清华大学 Network authentication based on 802.1X and SAVI and access method
CN110831003A (en) * 2018-08-13 2020-02-21 广东亿迅科技有限公司 Authentication method and system based on WLAN flexible access network
CN109862565A (en) * 2019-02-11 2019-06-07 广东省城乡规划设计研究院 A kind of WLAN unaware control method, system and readable storage medium storing program for executing

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
冯雷;林初建;赵君;高艳;朱悦;: "MAC与Portal相结合的无感知认证技术研究", 华中师范大学学报(自然科学版), no. 1 *
王玮: "高校WLAN无感知认证系统的设计与实现", 《软件工程》, vol. 22, no. 9, pages 23 - 27 *
董学森;: "校园网的身份认证及IP地址管理方案", 泰州职业技术学院学报, no. 03 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116389032A (en) * 2022-12-29 2023-07-04 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN116389032B (en) * 2022-12-29 2023-12-08 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN118694608A (en) * 2024-08-23 2024-09-24 四川天邑康和通信股份有限公司 PORTAL authentication method, device and storage medium applied to FTTR gateway

Also Published As

Publication number Publication date
CN114944927B (en) 2023-08-08

Similar Documents

Publication Publication Date Title
JP3845086B2 (en) Controlled multicast system and method of execution
JP4291213B2 (en) Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium
CN102340526B (en) Targeted information distribution method, system and home gateway
AU2017344389B2 (en) Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration
CN100417127C (en) A User Management Method Based on Dynamic Host Configuration Protocol
CN1152333C (en) Method for realizing portal authentication based on protocols of authentication, charging and authorization
CN102695167B (en) Mobile subscriber identity management method and apparatus thereof
CN108092988B (en) Non-perception authentication and authorization network system and method based on dynamic temporary password creation
WO2008022589A1 (en) A system and method for authenticating the accessing request for the home network
CN108200039B (en) Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password
US9071505B2 (en) Method and system for dynamically allocating services for subscribers data traffic
CN105516171B (en) Portal keep-alive system and method, Verification System and method based on authentication service cluster
CN114944927B (en) Clientless Mutual Exclusive Access Platform Based on Portal Authentication
CN102340527A (en) Realization method of home portal and home gateway
US8769623B2 (en) Grouping multiple network addresses of a subscriber into a single communication session
WO2020057585A1 (en) Access authentication
JP6840505B2 (en) Systems, service providers, system control methods and programs
CN1309213C (en) Network access anthentication method for improving network management performance
JP5589034B2 (en) Information distribution system, authentication linkage method, apparatus, and program thereof
CN104936177A (en) An access authentication method and access authentication system
KR20120044381A (en) Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof
CN108429624B (en) QOS dynamic adjustment method, equipment and system
CN110831003B (en) Authentication method and system based on WLAN flexible access network
CN105744521A (en) Access authentication management method of wireless network
CN109995533A (en) A kind of digital certificate management method on basis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant