CN117278248A - User access method, system and medium for server to specify authentication mode - Google Patents
User access method, system and medium for server to specify authentication mode Download PDFInfo
- Publication number
- CN117278248A CN117278248A CN202310993988.5A CN202310993988A CN117278248A CN 117278248 A CN117278248 A CN 117278248A CN 202310993988 A CN202310993988 A CN 202310993988A CN 117278248 A CN117278248 A CN 117278248A
- Authority
- CN
- China
- Prior art keywords
- authentication
- dynamic
- information
- user terminal
- remote server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000013475 authorization Methods 0.000 claims abstract description 81
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000006872 improvement Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a user access method, a system and a medium for a server to specify an authentication mode, and belongs to the technical field of data communication. The method comprises the following steps: the remote server adds the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through an authentication system; the remote server constructs dynamic authorization information based on the Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; the dynamic authorization information comprises a specified authentication mode and specified authentication information; the user terminal sends dynamic authentication information to a remote server based on the dynamic authorization information; and the remote server checks the dynamic authentication information and adds the user terminal into the target network under the condition that the dynamic authentication information passes the check. The method realizes that when the server is accessed to the user, the user is appointed to use a specific mode and carry a specific Radius field for authentication.
Description
Technical Field
The present invention relates to the field of data communications technologies, and in particular, to a method, a system, and a medium for accessing a user in a server specified authentication mode.
Background
The server with higher security coefficient can require the access user to use different modes for authentication, and the authentication system lacks a method for negotiating authorization rules with the server under the condition of not supporting the requirements of the server.
Most authentication servers use Radius Change of Authorization (CoA) messages when sending re-authentication requests, whereas Radius CoA messages cannot specify which method an access user uses for authentication.
Generally, the server has fields which are necessary for Radius authentication, and the access user has information of the fields and does not know which information is required by the server, so that the access user is difficult to check the problems under the condition that the access user cannot directly interface with a server administrator.
Therefore, how to make a server identify a user by using a specific manner and carrying a specific Radius field when accessing the user is a technical problem to be solved.
Disclosure of Invention
The embodiment of the application provides a user access method, a system and a medium for a server to specify an authentication mode, which are used for solving the following technical problems: how to enable a server to specify a user to use a specific mode and carry a specific Radius field for authentication when accessing the user.
In a first aspect, an embodiment of the present application provides a user access method for designating an authentication mode by a server, where the method includes: the remote server adds the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through an authentication system; the remote server constructs dynamic authorization information based on the Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; the dynamic authorization information comprises a specified authentication mode and specified authentication information; the user terminal sends dynamic authentication information to a remote server based on the dynamic authorization information; and the remote server checks the dynamic authentication information and adds the user terminal into the target network under the condition that the dynamic authentication information passes the check.
In one implementation manner of the present application, the remote server joins the user terminal to the temporary visitor network based on an authentication application initiated by the user terminal through the authentication system, and specifically includes: the user terminal carries basic authentication information and initiates authentication notification to an authentication system; the authentication system assembles an authentication application message based on the basic authentication information and sends the authentication application message to a remote server; the remote server checks the basic authentication information in the assembled authentication application message, and issues a temporary authorization rule to the authentication system under the condition that the check is passed; the authentication system joins the user terminal to the temporary guest network based on the temporary authorization rule.
In one implementation of the present application, the remote server constructs dynamic authorization information based on a Radius CoA message carrier, and specifically includes: determining a field to be operated in a Radius CoA message carrier; and adding a specified authentication mode and specified authentication information to the field to be operated based on a preset specified identification rule so as to obtain dynamic authorization information.
In one implementation manner of the present application, adding a specified authentication mode and specified authentication information to a field to be operated based on a preset specified identification rule specifically includes: determining a field type value, a field length value and a provider identification field value of the field to be operated based on the field attribute of the field to be operated; determining a specified authentication mode and specified authentication information, and determining a custom field type value, a custom field length value and custom content based on the specified authentication mode and the specified authentication information; the custom content is used for describing a specified authentication mode and specified authentication information.
In one implementation manner of the present application, the method for transmitting the dynamic authorization information to the user terminal through the authentication system specifically includes: the remote server sends the dynamic authentication information to an authentication system; the authentication system performs validity check and feasibility check on the authentication information; and under the condition that the dynamic authentication information is legal and feasible, initiating re-authentication to the user terminal so as to send the dynamic authentication information to the user terminal.
In one implementation of the present application, the method further includes: and under the condition that the dynamic authentication information format is illegal or the appointed authentication mode in the dynamic authentication information is not feasible, the authentication system returns a NAK message to the remote server so as to inform that the dynamic authorization is failed to be executed.
In one implementation manner of the present application, the user terminal sends dynamic authentication information to the remote server based on the dynamic authorization information, which specifically includes: the user terminal determines re-authentication information to be assembled based on the dynamic authorization information and sends the re-authentication information to an authentication system; the authentication system assembles the re-authentication information to obtain a dynamic authentication information message, and sends the dynamic authentication information message to the remote server so that the remote server can obtain the dynamic authentication information.
In one implementation of the present application, the field to be operated on is Radius Attribute 26.
In a second aspect, an embodiment of the present application further provides a user access system for designating an authentication mode by a server, where the system includes: a remote server, an authentication system and a user terminal; the remote server is used for adding the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through the authentication system; the remote server is also used for constructing dynamic authorization information based on the Radius CoA message carrier and sending the dynamic authorization information to the user terminal through the authentication system; the dynamic authorization information comprises a specified authentication mode and specified authentication information; the user terminal is used for transmitting dynamic authentication information to the remote server based on the dynamic authorization information; the remote server is also used for checking the dynamic authentication information and adding the user terminal into the target network under the condition that the dynamic authentication information passes the check.
In a third aspect, an embodiment of the present application further provides a non-volatile computer storage medium in which a server specifies user access of an authentication method, where computer executable instructions are stored, where the computer executable instructions are configured to: the remote server adds the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through an authentication system; the remote server constructs dynamic authorization information based on the Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; the dynamic authorization information comprises a specified authentication mode and specified authentication information; the user terminal sends dynamic authentication information to a remote server based on the dynamic authorization information; and the remote server checks the dynamic authentication information and adds the user terminal into the target network under the condition that the dynamic authentication information passes the check.
The user access method, the system and the medium for the server to assign the authentication mode, which are provided by the embodiment of the application, are sent by the server administrator and assign the authentication mode of the access user, and can also be used for informing the access user of which information should be carried for authentication; under the condition of adhering to the RFC protocol, new content is added to the CoA message, the information carrying capacity of dynamic authorization of the CoA message is enhanced, and the CoA message is used as a carrier of the invention to realize the function. The definition of the content of the Radius CoA message is supplemented, the authorization operation type issued by the Radius CoA message is enriched, the influence range of the message is enlarged, and technical guarantee is provided for complex application scenes. Compared with the re-authentication triggered by the timer, the method for transmitting the information from the server is more flexible, the dynamic authorization strategy of the server can be changed in real time according to the requirement, and finally different network access strategies are adopted for the access user according to the authorization result.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a flowchart of a user access method of a server specified authentication mode provided in an embodiment of the present application;
fig. 2 is a schematic diagram of an internal structure of a user access system of a server-specified authentication method according to an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
CoA (Change of Authorization) is a message sent by the authentication server to the authentication system for modifying the authorization information of an authenticated user. For example, the server may update the user identity information in real time by periodically sending the CoA to allow the user to reauthenticate; or the server remotely sends Disconnect Message the CoA to take the designated user off line. After the server administrator modifies the server parameters, the user services are dynamically modified using the CoA, which is also referred to as dynamic authorization.
Dot1x re-authentication: dot1X re-authentication means that the authentication system initiates a complete Dot1X authentication process again through timing and periodical authentication of Dot1X users, and the authentication process is used for ensuring the real-time updating of the authorization information issued by the server or being used as an online confirmation means of the users. The re-authentication can be initiated by an authentication system or by an authentication server through issuing re-authentication time after successful authentication.
The scheme has the defects that:
the CoA authorization options specified by the RFC protocol are very limited, and only relatively basic operations such as offline and re-authentication can be performed, so that the method is not suitable for complex authentication scenes, and an access user cannot be appointed to use a certain authentication mode for authentication.
Coa also lacks means to prompt the access user which Radius fields must be carried, and even if the access user is able to upload such information, authentication failure due to lack of information may occur due to the inability to learn about the field requirements of the server.
The Dot1x re-authentication only has a timer of an authentication system, or the timer issued by the server is triggered when the authentication is successful, and the flexibility is lacking, and the access user information required by the server cannot be acquired.
The embodiment of the application provides a user access method, a system and a medium for a server to specify an authentication mode, which are used for solving the following technical problems: how to enable a server to specify a user to use a specific mode and carry a specific Radius field for authentication when accessing the user.
The following describes in detail the technical solution proposed in the embodiments of the present application through the accompanying drawings.
Fig. 1 is a flowchart of a user access method of a server specified authentication mode according to an embodiment of the present application. As shown in fig. 1, the user access method of the server specified authentication mode provided in the embodiment of the present application specifically includes the following steps:
step 101, the remote server joins the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through the authentication system.
In one embodiment of the present application, in order to implement a user access method of a server specifying an authentication manner, first, a user terminal carries an authentication notification initiated by basic authentication information to an authentication system; the authentication system assembles an authentication application message based on the basic authentication information and sends the authentication application message to a remote server; the remote server checks the basic authentication information in the assembled authentication application message, and issues a temporary authorization rule to the authentication system under the condition that the check is passed; the authentication system joins the user terminal to the temporary guest network based on the temporary authorization rule.
Further, if the verification is not passed, the subsequent actions such as dynamic authorization are not performed.
Step 102, the remote server constructs dynamic authorization information based on the Radius CoA message carrier, and sends the dynamic authorization information to the user terminal through the authentication system.
In one embodiment of the present application, after issuing the temporary authorization to join the user terminal to the temporary guest network, the remote server constructs dynamic authorization information based on the Radius CoA message bearer. The dynamic authorization information comprises a specified authentication mode and specified authentication information.
Specifically, determining a field to be operated in a Radius CoA message carrier; and adding a specified authentication mode and specified authentication information to the field to be operated based on a preset specified identification rule so as to obtain dynamic authorization information.
In one embodiment of the present application, adding a specified authentication mode and specified authentication information to a field to be operated based on a preset specified identification rule specifically includes: determining a field type value, a field length value and a provider identification field value of the field to be operated based on the field attribute of the field to be operated; determining a specified authentication mode and specified authentication information, and determining a custom field type value, a custom field length value and custom content based on the specified authentication mode and the specified authentication information; the custom content is used for describing a specified authentication mode and specified authentication information.
In one embodiment of the present application, the field to be operated on is Radius Attribute 26. (vendor-Specific) which is used to extend in the Radius protocol to support vendor-defined extension properties, mainly refers to property extension which is not suitable for conventional use, which is used to extend private properties for each large vendor by special users in the Radius protocol, and since the Radius protocol ignores unsupported fields, the definition format of the properties has no influence on the protocol theme.
The field type value and the field length value of the Radius Attribute 26 number field respectively occupy one byte; wherein the field type value is fixed to 26, the field length value indicates the length of the entire Attribute, and the vendor identification field value occupies 2 bytes and represents the name of the vendor. The custom field type value and the custom field length value represent the custom type number and length. The custom content is used for describing a specified authentication mode and specified authentication information, for example: designating the information format of the authentication mode as character string 'auth-method=', and splicing the required authentication method after waiting for the number, if 'auth-method=dot 1X', then the authentication is carried out by using 802.1X mode for the access user; optional values are a) dot1X,802.1X protocol authentication; b) MAC, MAC address authentication; c) portal, authenticating by pushing a web page to an access user; d) local, local authentication; e) Other ways. The required field mode is designated as a character string of 'auth-attributes=', all required Radius attributes codes are spliced after waiting, the codes are separated by English commas, if NAS-IP-Address (4) and NAS-Port-Id (87) are required, and the information character string is supposed to be 'auth-attributes= 4,87'. The authentication system or the user terminal may add optional fields according to its own design, but must be provided with Radius attributes required for dynamic authorization of the server.
Further, the dynamic authorization information is sent to the user terminal through the authentication system.
Specifically, the remote server sends dynamic authentication information to an authentication system; the authentication system performs validity check and feasibility check on the authentication information; and under the condition that the dynamic authentication information is legal and feasible, initiating re-authentication to the user terminal so as to send the dynamic authentication information to the user terminal.
In one embodiment of the present application, the authentication system returns a NAK message to the remote server to inform the current dynamic authorization execution failure in the case that it is determined that the dynamic authentication information format is not legal or that the designated authentication method in the dynamic authentication information is not feasible.
Step 103, the user terminal sends dynamic authentication information to the remote server based on the dynamic authorization information.
In one embodiment of the present application, after the dynamic authorization information is sent to the user terminal through the authentication system, the user terminal sends the dynamic authentication information to the remote server based on the dynamic authorization information.
Specifically, the user terminal determines re-authentication information to be assembled based on dynamic authorization information, and sends the re-authentication information to an authentication system; the authentication system assembles the re-authentication information to obtain a dynamic authentication information message, and sends the dynamic authentication information message to the remote server so that the remote server can obtain the dynamic authentication information.
Step 104, the remote server checks the dynamic authentication information, and joins the user terminal into the target network if the dynamic authentication information passes the check.
In one embodiment of the present application, the dynamic authentication information is checked after the remote server obtains the dynamic authentication information. And under the condition that the dynamic authentication information passes the verification, issuing a complete authorization rule to the authentication system so that the authentication system joins the user terminal into the target network.
In one embodiment of the present application, in the case that the dynamic authentication information is not verified, the access of the user terminal is denied, and the next authentication must be performed by a complete procedure again from the time of obtaining the temporary authorization.
The foregoing is a method embodiment presented herein. Based on the same inventive concept, the embodiment of the application also provides a user access system of a server specified authentication mode, and the structure of the user access system is shown in fig. 2.
Fig. 2 is a schematic diagram of an internal structure of a user access system of a server-specified authentication method according to an embodiment of the present application. As shown in fig. 2, the system includes: a remote server 201, an authentication system 202, a user terminal 203.
In one embodiment of the present application, the remote server 201 is configured to join the user terminal 203 in a temporary guest network based on an authentication application initiated by the user terminal 203 through the authentication system 202; the remote server 201 is further configured to construct dynamic authorization information based on the Radius CoA message carrier, and send the dynamic authorization information to the user terminal 203 through the authentication system 202; the dynamic authorization information comprises a specified authentication mode and specified authentication information; a user terminal 203 for transmitting dynamic authentication information to the remote server 201 based on the dynamic authorization information; the remote server 201 is further configured to verify the dynamic authentication information, and join the user terminal 203 to the target network if the dynamic authentication information passes the verification.
Some embodiments of the present application provide a non-volatile computer storage medium corresponding to a server-specified authentication mode of fig. 1, storing computer-executable instructions configured to:
the remote server adds the user terminal into the temporary visitor network based on an authentication application initiated by the user terminal through an authentication system;
the remote server constructs dynamic authorization information based on the Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; the dynamic authorization information comprises a specified authentication mode and specified authentication information;
the user terminal sends dynamic authentication information to a remote server based on the dynamic authorization information;
and the remote server checks the dynamic authentication information and adds the user terminal into the target network under the condition that the dynamic authentication information passes the check.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present specification.
It will be appreciated by those skilled in the art that the present description may be provided as a method, system, or computer program product. Accordingly, the present specification embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description embodiments may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present description is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus, devices, non-volatile computer storage medium embodiments, the description is relatively simple, as it is substantially similar to method embodiments, with reference to the section of the method embodiments being relevant.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing is merely one or more embodiments of the present description and is not intended to limit the present description. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present description, is intended to be included within the scope of the claims of the present description.
Claims (10)
1. A method for accessing a user by a server in a specified authentication mode, the method comprising:
the remote server adds the user terminal into a temporary visitor network based on an authentication application initiated by the user terminal through an authentication system;
the remote server constructs dynamic authorization information based on a Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; wherein the dynamic authorization information comprises a specified authentication mode and specified authentication information;
the user terminal sends dynamic authentication information to the remote server based on the dynamic authorization information;
and the remote server checks the dynamic authentication information and joins the user terminal into a target network under the condition that the dynamic authentication information passes the check.
2. The method for accessing a user by a server according to claim 1, wherein the remote server joins the user terminal to the temporary visitor network based on an authentication application initiated by the user terminal through the authentication system, specifically comprising:
the user terminal carries basic authentication information and initiates authentication notification to an authentication system;
the authentication system assembles an authentication application message based on the basic authentication information and sends the authentication application message to the remote server;
the remote server checks the basic authentication information in the assembly authentication application message, and issues a temporary authorization rule to the authentication system under the condition that the basic authentication information passes the check;
the authentication system joins the user terminal to a temporary guest network based on the temporary authorization rule.
3. The method for accessing a user by a server-specific authentication method according to claim 1, wherein the remote server constructs dynamic authorization information based on a Radius CoA message carrier, specifically comprising:
determining a field to be operated in the Radius CoA message carrier;
and adding a specified authentication mode and specified authentication information to the field to be operated based on a preset specified identification rule so as to obtain dynamic authorization information.
4. The method for accessing a user by a server in a specified authentication mode according to claim 3, wherein adding the specified authentication mode and the specified authentication information to the field to be operated based on a preset specified authentication rule specifically comprises:
determining a field type value, a field length value and a provider identification field value of the field to be operated based on the field attribute of the field to be operated;
determining a specified authentication mode and specified authentication information, and determining a custom field type value, a custom field length value and custom content based on the specified authentication mode and the specified authentication information; the custom content is used for describing the specified authentication mode and the specified authentication information.
5. The method for accessing a user by a server according to claim 1, wherein the step of transmitting the dynamic authorization information to the user terminal through the authentication system comprises:
the remote server sends the dynamic authentication information to the authentication system;
the authentication system performs validity check and feasibility check on the authentication information;
and under the condition that the dynamic authentication information is legal and feasible, initiating reauthentication to the user terminal so as to send the dynamic authentication information to the user terminal.
6. The method for accessing a user by a server-specific authentication method according to claim 5, further comprising:
and under the condition that the dynamic authentication information format is illegal or the appointed authentication mode in the dynamic authentication information is not feasible, the authentication system returns a NAK message to the remote server so as to inform that the dynamic authorization is failed to be executed.
7. The method for accessing a user by a server-specific authentication method according to claim 1, wherein the user terminal sends dynamic authentication information to the remote server based on the dynamic authorization information, specifically comprising:
the user terminal determines re-authentication information to be assembled based on the dynamic authorization information and sends the re-authentication information to the authentication system;
the authentication system assembles the re-authentication information to obtain a dynamic authentication information message, and sends the dynamic authentication information message to the remote server so that the remote server can obtain the dynamic authentication information.
8. A method for user access with server-specific authentication as defined in claim 3, wherein,
the field to be operated is Radius Attribute number 26.
9. A server-specific authentication mode user access system, the system comprising: a remote server, an authentication system and a user terminal;
the remote server is used for adding the user terminal into a temporary visitor network based on an authentication application initiated by the user terminal through an authentication system;
the remote server is further configured to construct dynamic authorization information based on a Radius CoA message carrier, and send the dynamic authorization information to the user terminal through the authentication system; wherein the dynamic authorization information comprises a specified authentication mode and specified authentication information;
the user terminal is used for sending dynamic authentication information to the remote server based on the dynamic authorization information;
the remote server is further configured to check the dynamic authentication information, and join the user terminal into a target network when the dynamic authentication information passes the check.
10. A non-volatile computer storage medium storing computer executable instructions for a server to designate user access to an authentication method, the computer executable instructions configured to:
the remote server adds the user terminal into a temporary visitor network based on an authentication application initiated by the user terminal through an authentication system;
the remote server constructs dynamic authorization information based on a Radius CoA message carrier and sends the dynamic authorization information to the user terminal through the authentication system; wherein the dynamic authorization information comprises a specified authentication mode and specified authentication information;
the user terminal sends dynamic authentication information to the remote server based on the dynamic authorization information;
and the remote server checks the dynamic authentication information and joins the user terminal into a target network under the condition that the dynamic authentication information passes the check.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310993988.5A CN117278248A (en) | 2023-08-08 | 2023-08-08 | User access method, system and medium for server to specify authentication mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310993988.5A CN117278248A (en) | 2023-08-08 | 2023-08-08 | User access method, system and medium for server to specify authentication mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117278248A true CN117278248A (en) | 2023-12-22 |
Family
ID=89216715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310993988.5A Pending CN117278248A (en) | 2023-08-08 | 2023-08-08 | User access method, system and medium for server to specify authentication mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117278248A (en) |
-
2023
- 2023-08-08 CN CN202310993988.5A patent/CN117278248A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111680274B (en) | Resource access method, device and equipment | |
| CN110460595B (en) | Authentication and service method, device and equipment | |
| CN109065054A (en) | Speech recognition error correction method, device, electronic equipment and readable storage medium storing program for executing | |
| KR20190117485A (en) | Service data processing method and device, and Service processing method and device | |
| CN110944046B (en) | Control method of consensus mechanism and related equipment | |
| CN108990059B (en) | Verification method and device | |
| TW201914354A (en) | A binding method, device and system for smart apparatus, and telecommunications system | |
| CN110096306B (en) | Application version switching method and device, electronic equipment and storage medium | |
| WO2023151439A1 (en) | Account login processing | |
| CN110442307A (en) | Binding method, equipment and the storage medium of disk in a kind of linux system | |
| CN111460428B (en) | Authority management method and device of android system and readable medium | |
| CN112491885B (en) | Electronic certificate transmission method, device and equipment | |
| CN113852498B (en) | Method and device for deploying, managing and calling components | |
| US11272336B2 (en) | System, method, and computer program for transferring subscriber identity module (SIM) information for SIM card or eSIM activation | |
| CN108550033A (en) | A kind of method and device of display Digital Object Unique Identifier | |
| CN111367560A (en) | Method, system, equipment and medium for expanding server function | |
| CN111314380B (en) | Authentication system, equipment and medium based on micro service | |
| CN107908552A (en) | A kind of test method based on link, device and equipment | |
| WO2023151440A1 (en) | Program update processing | |
| CN117278248A (en) | User access method, system and medium for server to specify authentication mode | |
| CN110022351B (en) | Service request processing method and device | |
| CN111338655A (en) | Installation package distribution method and system | |
| CN113259305B (en) | Intranet and extranet communication method and device | |
| CN111835513B (en) | Method, device and equipment for updating certificate data | |
| CN113133072A (en) | Method and device for controlling terminal, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |