WO2008022514A1 - Procédé, système et appareil pour authentification d'accès utilisateur - Google Patents

Procédé, système et appareil pour authentification d'accès utilisateur Download PDF

Info

Publication number
WO2008022514A1
WO2008022514A1 PCT/CN2007/001228 CN2007001228W WO2008022514A1 WO 2008022514 A1 WO2008022514 A1 WO 2008022514A1 CN 2007001228 W CN2007001228 W CN 2007001228W WO 2008022514 A1 WO2008022514 A1 WO 2008022514A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
authentication
network side
random number
user password
Prior art date
Application number
PCT/CN2007/001228
Other languages
English (en)
Chinese (zh)
Inventor
Hongguang Guan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008022514A1 publication Critical patent/WO2008022514A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the present invention relates to network security authentication technologies, and in particular, to a method, system and device for user access authentication.
  • the main access authentication technologies mainly have the following three types: Ethernet point-to-point protocol
  • PPPoE is similar to the traditional dial-up access method. It is an extension of the traditional public switched telephone network (PSTN) narrowband dial-up access technology in Ethernet access technology. It is consistent with the original narrowband network user access authentication system. . Since PPPoE encapsulates each IP packet in an Ethernet frame, once the number of users increases or the IP packet increases, the encapsulation speed must not keep up, which becomes a network bottleneck. Moreover, the PPPoE access mode is not conducive to the development of multicast services, and most of the video services are based on multicast. In addition, the PPPoE access method requires the operator to provide client terminal software, and the maintenance workload is too large.
  • PSTN public switched telephone network
  • DHCP+Web authentication requires a DHCP server to work with a web server.
  • the user first obtains an IP address through the DHCP server and uses this IP address to communicate with the Web server.
  • the Broadband Remote Access Server (BRAS) forces the user to connect to the Web server and pops up the authentication page in the browser. On this page, the user enters the account number and password; the BRAS receives the user's information, checks the legality of the user, and authenticates the user to the AAA server; after the authentication is passed, the user can obtain the user's A new legal IP address allows users to access the external Internet or specific network services.
  • BRAS Broadband Remote Access Server
  • the DHCP + Web authentication method can realize more value-added services and can be well-off. Support for multicast services.
  • the IP address is allocated before the user authentication, which causes a waste of the IP address, and there is no unified standard for the DHCP+Web authentication method.
  • the 802. lx technology is a port-based authentication technology.
  • the authentication phase uses the Extended Authentication Protocol (EAP) packet.
  • the EAP packet is an extension of the PPP packet.
  • the authentication phase is similar to the PPPoE mode.
  • the authentication process is as follows: The user initiates authentication by using the EAP over LAN (EAPL) packet through the 802.1x client software.
  • the switch terminates the EAPoL packet and forwards the EAP packet to the authentication server.
  • the DHCP server is configured.
  • the user assigns an IP address, and the user controlled port is opened, allowing the user to communicate normally.
  • the 802.1x authentication method solves the problems of PPPoE and DHCP + Web authentication methods, the 802.
  • the lx authentication method requires specific client software, and 802.1x does not currently have a standard client. Different vendors have different client programs, so the workload is maintained.
  • the 802.1x protocol is a Layer 2 protocol, it is only responsible for the authentication control of the user port. After the port authentication is completed, the user needs to continue to solve the user IP address allocation and the Layer 3 network after entering the Layer 3 IP network. Security and other issues, therefore, the Ethernet switch + 802.1X alone, can not fully solve the problems of the operational, manageable and access security of the Ethernet access of the metropolitan area network.
  • the prior art also provides an authentication method for implementing user access through a DHCP protocol.
  • the process is as follows:
  • the client device generates a password based on the password and the session parameters (generated by the client device) Certificate ( certificate ).
  • the client device establishes a DHCP Discover message and sends it to the authentication device.
  • the message includes the user identifier, the session parameter, and the certificate generated in step (1).
  • the authentication device generates a verification certificate based on the received session parameters and associated passwords.
  • the user equipment itself selects the session parameters used to generate the certificate, and this method cannot effectively prevent the retransmission attack.
  • the attacker intercepts the DHCP Discover message sent by the client and then resends it, the attacker can obtain the authorized address and access the network smoothly.
  • Embodiments of the present invention provide a method, system, and apparatus for user access authentication to enhance the security of user authentication.
  • the user access authentication method of the embodiment of the present invention uses the IP address allocated by the dynamic host configuration protocol DHCP server to access the network, including: the user end obtains the encrypted information from the network side;
  • the user end encrypts the user password by using the encrypted information, and transmits the encrypted user password to the network side;
  • the network side authenticates the client according to the encrypted information and a pre-stored user password.
  • a user access authentication system includes:
  • the network side device is configured to send a random number, and perform authentication on the user equipment according to the random number and the encryption algorithm, and after the authentication is passed, assign an IP address to the user equipment;
  • the user equipment adds the user password by using the random number delivered by the network side device.
  • the encrypted user password is transmitted to the network side device, and after the authentication is passed, the IP address assigned by the network side is used to access the network.
  • a network side device including:
  • the address allocation module allocates an IP address to the client after the user end authenticates.
  • the embodiment of the invention encrypts the user password by using the encrypted information generated by the network side, so that the password transmission is more secure; no special client software is needed, as long as the DHCP protocol is supported; and the user is assigned an IP address after the authentication, It avoids the waste of IP address; implements user authentication on the network layer to ensure the security of the three-layer network.
  • FIG. 1 is a schematic diagram of a process of user access authentication in an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a process for implementing strong authentication according to an embodiment of the present invention.
  • the embodiment of the present invention obtains the encrypted information, such as a random number, a key or a certificate, from the network side when the user requests the IP address, and the user encrypts the user password by using the encrypted information, and
  • the encrypted user password is transmitted to the network side, and the network side uses the above-mentioned encrypted information and a pre-stored user password to authenticate the user.
  • the user password is encrypted by using the encrypted information sent by the user on the network side.
  • the same encryption information is used to authenticate the user on the network side.
  • the IP address assigned by the DHCP server on the network side can be used.
  • the wave of the IP address Fees, and make password delivery more secure.
  • the following describes an embodiment of the present invention by taking the encrypted information as a random number as an example.
  • the random number can be generated by a Network Access Server (NAS), an Authentication Authorization Accounting Server (AAA Server), or a DHCP server on the network side and provided to the user through a DHCP server.
  • the encryption algorithm used may be set in advance on the user side and the network side, that is, set to the same encryption algorithm, such as the HMAC-MD5 algorithm, or may be negotiated between the user end and the network side.
  • the user access authentication process in the embodiment of the present invention is described in detail below.
  • FIG. 1 is a schematic diagram of a user access authentication process according to an embodiment of the present invention.
  • a random number such as a challenge word (Challenge Id)
  • an encryption algorithm is negotiated between a client and an AAA server.
  • the process of Layer 3 authentication through the DHCP protocol when the user equipment is started for the first time includes:
  • Step 101 The client device, that is, the DHCP client, prompts the user to input a username and a password. For example, the user may be prompted to input a username and password by using a pop-up window or voice on the DHCP client.
  • Step 102 The DHCP client sends a DHCP Discover message to the NAS, where the user identifier and the user's request for the encryption algorithm are carried.
  • the user identifier is used to uniquely identify the user, and may be a username, a MAC address, or the like.
  • the user's request for the encryption algorithm may be an encryption algorithm supported by the user. If the DHCP client does not need to negotiate an encryption algorithm with the AAA server, the DHCP Discover message does not need to carry the user's request for the encryption algorithm.
  • the encryption algorithm requested by the user may be HMAC-MD5 or other algorithms (such as HMAC-SHA algorithm), or multiple encryption algorithms to be selected by the AAA server.
  • Step 103 After receiving the DHCP Discover message, the NAS first caches the DHCP Discover message, and then sends a Challenge Id request message to the AAA server, requesting one. Challenge Id, and negotiate encryption algorithm with AAA server.
  • the Challenge Id request message includes a user's request for an encryption algorithm, that is, one or more encryption algorithms supported by the user that can be used to encrypt the user's password.
  • Step 104 After receiving the Challenge Id request message, the AAA server allocates a Challenge Id to the user, establishes a binding relationship between the Challenge Id and the user, and simultaneously encrypts the user password supported by the user.
  • One or more encryption algorithms select one of the user-available encryption algorithms (such as HMAC-MD5), and return a Challenge Id response message to the NAS, which includes the assigned Challenge Id and the selected encryption algorithm (HMAC-MD5).
  • Step 105 After receiving the Challenge Id response message of the AAA server, the NAS obtains the assigned Challenge Id and the selected encryption algorithm from the Challenge Id response message, and uses the Challenge Id and the selected encryption algorithm as relay agent information options (The Relay Agent Information Option is added to the cached DHCP Discover message and sent to the DHCP server.
  • the Relay Agent Information Option is added to the cached DHCP Discover message and sent to the DHCP server.
  • Step 106 After receiving the DHCP Discover message, the DHCP server selects an IP address in the address pool according to the user identifier (in IPv4, only one IP address is assigned, but in IPv6, it is not limited to one IP address), and The Relay Agent Information Option of the DHCP Discover message acquires the Challenge Id and the selected encryption algorithm, and then sends a DHCP Offer message to the NAS, the message including the selected IP address, Challenge Id, and the selected encryption algorithm.
  • Step 107 The NAS forwards the DHCP Offer message to the DHCP client.
  • Step 108 After receiving the DHCP Offer message, the DHCP client obtains the Challenge Id and the selected encryption algorithm from the DHCP Offer message, and encrypts the user password by using the Challenge Id and the selected encryption algorithm, and sends a DHCP Request message to the NAS. , which carries the user ID, Challenge Id, and encrypted user password.
  • Step 110 After receiving the authentication request message, the AAA server searches for a user password corresponding to the user identifier in the database according to the user identifier. If a matching user password is found, the AAA server encrypts the found user password using the Challenge Id in the authentication request and the selected encryption algorithm; if the AAA server calculates the encrypted user password and the encryption carried in the authentication request message If the user password is the same, the authentication is passed, otherwise the authentication fails. If the authentication is successful, the AAA server sends an authentication success message to the NAS; otherwise, the process ends.
  • Step 111 After receiving the authentication success message, the NAS forwards the cached DHCP Request message to the DHCP server.
  • Step 112 After receiving the DHCP Request message, the DHCP server confirms the address allocation and parameter configuration, and returns a DHCP acknowledgement message (DHCP Ack) to the NAS, indicating that the user is allowed to use the allocated address.
  • DHCP Ack DHCP acknowledgement message
  • Step 113 The NAS forwards the DHCP Ack message to the DHCP client.
  • Step 114 The DHCP client receives the DHCP Ack message and successfully accesses the network.
  • the negotiation of the encryption algorithm between the DHCP client and the AAA server is an optional process, and the encryption algorithm may be directly notified by the AAA server or one of the DHCP clients to the other party without negotiation. , but not limited to this.
  • the encryption algorithm used by the AAA server is directly notified by the DHCP client, the user-supported encryption algorithm or the selected encryption algorithm need not be carried in steps 102-107, and the Challenge Id and the user may be utilized in step 108.
  • Pre-configured plus The secret algorithm encrypts the user password and notifies the AAA server of the adopted encryption algorithm through the DHCP Request message.
  • the Challenge Id may be generated by the AAA server or by the NAS or the DHCP server.
  • steps 103 and 104 may be used only for negotiation of the encryption algorithm without having to request Challenge Id from the AAA server.
  • the Challenge Id is allocated to the user by the NAS, and the binding relationship between the Challenge Id and the user is established, and the Challenge Id is carried in the DHCP Discover message and sent to the DHCP server. If the encryption algorithm negotiation is not required between the DHCP client and the AAA server, steps 103 and 104 can be omitted directly.
  • the DHCP Offer message carries the Challenge Id generated by the DHCP server in step 106, and the Challenge Id does not need to be generated and carried in steps 101-105. If the encryption algorithm negotiation is not required between the DHCP client and the AAA server, steps 103 and 104 can be omitted directly. There are other forms as well.
  • the security problem when transmitting the password is solved.
  • the user can only pass the authentication of the authentication server according to the Challenge Id that is returned by the DHCP server and bound by the user and encrypted by the encryption algorithm. After the authentication is passed, the user can actually assign the IP address. Therefore, even if the attacker intercepts the DHCP Discover message sent by the client, since the Challenge Id is allocated by the network side, the attacker cannot check the binding between the Challenge Id and the user, so it can effectively prevent the retransmission attack.
  • Step 115 The user obtains a key (including a shared key or other key) or a certificate from the network side through a network (such as Web, FTP, or other means), and establishes the key (or certificate) and the user on the network side. Binding relationship, so that after the DHCP client restarts (for example, shutdown and restart), the three-layer authentication process can be performed through the key or certificate.
  • a network such as Web, FTP, or other means
  • encryption is used (such as HMAC-MD5 algorithm, but not limited to this), encryption is a weak authentication method, and users can directly configure (or other out-of-band methods) or extend the authentication protocol before the first startup. EAP and other methods obtain a certificate or key from the network side to achieve strong authentication. ,
  • the process of performing strong authentication by using a certificate or a key through DHCP in the embodiment of the present invention is as shown in FIG. 2, and includes:
  • Step 201 The user equipment (that is, the DHCP client) obtains the user name and password of the user by using a user input manner, for example, by popping up a window on the user equipment, prompting the user to input the user name and password, and of course, other alternative methods may also be adopted. .
  • Step 202 The DHCP client broadcasts a DHCP Discover message, where the message carries the user identifier and the user password encrypted by the key (or certificate).
  • the key (or certificate) may be obtained through the network (Web, FTP, etc.) after the user successfully accesses the network, or may be configured (or other out-of-band method) or extended authentication protocol EAP directly before the first startup.
  • the mode is obtained from the network side, and the network side allocates a key (or a certificate) to the user and establishes a binding relationship between the key (or certificate) and the user.
  • Step 203 After receiving the DHCP Discover message, the NAS caches the message, obtains the user identifier and the encrypted user password from the DHCP Discover, and sends an authentication request message to the AAA server, where the user identifier and the encrypted user password are carried.
  • Step 204 The AAA server receives the authentication request message, extracts the user identifier and the encrypted user password from the authentication request message, and then decrypts the encrypted user password according to the key corresponding to the user in the AAA server, and simultaneously decrypts the encrypted user password. Find users in the database Password, judge whether the decrypted user password and the found user password are the same. If they are the same, the authentication is successful, otherwise the authentication fails.
  • Step 205 If the authentication is successful, the NAS forwards the cached DHCP Discover message to the DHCP server.
  • Step 206 The DHCP server receives the DHCP Discover message and returns a DHCP Offer message.
  • Step 207 The NAS forwards the DHCP Offer message to the DHCP client.
  • Step 208 The DHCP client receives and processes the DHCP Offer message, and returns a DHCP Request message.
  • Step 209 The NAS forwards the DHCP Request message to the DHCP server.
  • Step 210 The DHCP server receives and processes the DHCP Request message, and returns a DHCP Ack message.
  • Step 211 The NAS forwards the DHCP Ack message to the DHCP client.
  • Step 212 The DHCP client receives the DHCP Ack message and successfully accesses the network.
  • the user can directly encrypt the user password by using a key or a certificate, and then the AAA server searches for the corresponding key or certificate to decrypt the encrypted user password, and determines the decrypted user password and the saved user password. Whether it is the same to achieve the authentication of the user.
  • the key or the certificate can be obtained by the user after the user successfully accesses the network, or can be obtained before the authentication by using the configuration mode (or other out-of-band method) or EAP mode. This method can authenticate the user by decrypting the user password by using the key or certificate corresponding to the user in the AAA server, so that the attack of the illegal user can be effectively prevented.
  • the user authentication process in the above embodiments is applicable not only to DHCPv4 authentication, but also to DHCPv6 authentication.
  • the embodiment of the invention encrypts the user password by using the random number assigned by the network side, so that the password transmission is more secure; no special client software is needed, as long as the DHCP protocol is supported; the IP address is assigned after the authentication, and the IP address is avoided. Waste; implement user authentication on the network layer; the authentication server has a binding relationship between the user and the key (or certificate). The illegal user cannot obtain the correct key (or certificate), and thus cannot pass the authentication, which can effectively prevent illegal. User's attack.

Abstract

L'invention concerne un procédé d'authentification d'accès utilisateur, et un serveur de protocole de configuration dynamique d'hôte (DHCP) distribuant des adresses IP aux utilisateurs autorisés. Ledit procédé comprend les étapes suivantes : obtention d'informations de cryptage provenant d'un réseau par des utilisateurs; cryptage du mot de passe des utilisateurs à l'aide des informations de cryptage; et envoi des mots de passe cryptés au réseau, ledit réseau authentifiant les utilisateurs en fonction des informations de cryptage et des mots de passe préstockés. L'invention concerne également un système et un appareil d'authentification d'accès utilisateur. Cette application permet d'envoyer des mots de passe de manière plus sûre, d'empêcher la perte d'adresses IP et d'éviter efficacement une attaque par des utilisateurs non autorisés.
PCT/CN2007/001228 2006-08-14 2007-04-16 Procédé, système et appareil pour authentification d'accès utilisateur WO2008022514A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610115446.4 2006-08-14
CN2006101154464A CN101127600B (zh) 2006-08-14 2006-08-14 一种用户接入认证的方法

Publications (1)

Publication Number Publication Date
WO2008022514A1 true WO2008022514A1 (fr) 2008-02-28

Family

ID=39095537

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001228 WO2008022514A1 (fr) 2006-08-14 2007-04-16 Procédé, système et appareil pour authentification d'accès utilisateur

Country Status (2)

Country Link
CN (1) CN101127600B (fr)
WO (1) WO2008022514A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2595082A1 (fr) * 2011-10-18 2013-05-22 Huawei Device Co., Ltd. Procédé et serveur d'authentification pour vérifier l'identité de l'accès d'un décodeur

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101827106A (zh) * 2010-04-29 2010-09-08 华为技术有限公司 一种dhcp安全通信方法、装置和系统
CN103139136B (zh) * 2011-11-22 2016-06-08 阿里巴巴集团控股有限公司 一种密码的管理方法和设备
CN102663322B (zh) * 2012-02-23 2015-06-24 深圳市乐讯科技有限公司 一种隐藏游戏地图防止用户作弊的方法和装置
DE102012209445A1 (de) * 2012-06-05 2013-12-05 Robert Bosch Gmbh Verfahren und Kommunikationssystem zur sicheren Datenübertragung
CN102833746B (zh) * 2012-09-14 2015-11-25 福建星网锐捷网络有限公司 用户重认证方法及接入控制器
CN103108037B (zh) * 2013-01-22 2015-12-02 华为技术有限公司 一种通信方法,Web服务器及Web通信系统
CN103391292A (zh) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 针对移动应用的安全登录方法、系统和装置
CN103532987B (zh) * 2013-11-11 2016-06-29 国家电网公司 一种防止非认证计算机设备接入企业内网的保护方法及系统
CN103685257B (zh) * 2013-12-06 2018-04-06 上海斐讯数据通信技术有限公司 一种dhcp网络防护系统及方法
GB2526367A (en) * 2014-05-23 2015-11-25 Ibm Password-based authentication
CN105323207A (zh) * 2014-06-06 2016-02-10 南京理工大学常熟研究院有限公司 一种防AP窃取的Web门户安全登录方法
CN105306200B (zh) * 2014-06-09 2019-06-21 腾讯科技(深圳)有限公司 网络账号密码的加密方法和装置
CN105721153B (zh) * 2014-09-05 2020-03-27 三星Sds株式会社 基于认证信息的密钥交换系统及方法
CN105991578A (zh) * 2015-02-12 2016-10-05 中兴通讯股份有限公司 一种实现终端登录的方法和装置
CN106161400B (zh) * 2015-04-22 2020-08-11 腾讯科技(深圳)有限公司 通信消息安全检测方法、装置及系统
CN106209793A (zh) * 2016-06-30 2016-12-07 上海斐讯数据通信技术有限公司 一种身份验证方法及验证系统
CN106357486A (zh) * 2016-08-18 2017-01-25 杭州迪普科技有限公司 一种网络用户接入方法和装置
CN107786423B (zh) * 2016-08-29 2019-10-29 北京融聚世界网络科技有限公司 一种即时通讯的方法和系统
CN107888460B (zh) * 2016-09-29 2020-12-11 新华三技术有限公司 一种客户端接入网络的方法及装置
CN106506479B (zh) * 2016-10-24 2019-09-13 北京明华联盟科技有限公司 密码认证的方法、系统及客户端、服务器和智能设备
CN107070648B (zh) * 2017-03-01 2020-09-18 北京信安世纪科技股份有限公司 一种密钥保护方法及pki系统
CN107135069A (zh) * 2017-04-24 2017-09-05 努比亚技术有限公司 远程协助控制方法及系统
CN107426339B (zh) * 2017-09-04 2020-05-26 珠海迈越信息技术有限公司 一种数据连接通道的接入方法、装置及系统
EP3912377A4 (fr) * 2019-01-15 2022-01-12 ZTE Corporation Procédé et dispositif permettant d'empêcher le traçage d'un utilisateur, support de stockage, et dispositif électronique
CN112788028A (zh) * 2021-01-10 2021-05-11 何顺民 一种获取网络参数的方法和系统
CN112866247A (zh) * 2021-01-18 2021-05-28 杭州中网智慧科技有限公司 一种身份认证方法和装置
CN114024708A (zh) * 2021-09-23 2022-02-08 广东电力信息科技有限公司 一种基于入侵检测技术的网络边界防护方法
CN114944927B (zh) * 2022-03-17 2023-08-08 国网浙江省电力有限公司杭州供电公司 基于Portal认证的无客户端互斥访问平台

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567294A (zh) * 2003-06-14 2005-01-19 华为技术有限公司 一种对用户进行认证的方法
US20050027868A1 (en) * 2003-07-31 2005-02-03 International Business Machines Corporation Method and apparatus for authenticated network address allocation
US6895511B1 (en) * 1998-10-29 2005-05-17 Nortel Networks Limited Method and apparatus providing for internet protocol address authentication
US20060036733A1 (en) * 2004-07-09 2006-02-16 Toshiba America Research, Inc. Dynamic host configuration and network access authentication
CN1741448A (zh) * 2004-08-25 2006-03-01 国际商业机器公司 用于客户计算机自行健康检查的方法和系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1248447C (zh) * 2002-05-15 2006-03-29 华为技术有限公司 一种宽带网络接入方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6895511B1 (en) * 1998-10-29 2005-05-17 Nortel Networks Limited Method and apparatus providing for internet protocol address authentication
CN1567294A (zh) * 2003-06-14 2005-01-19 华为技术有限公司 一种对用户进行认证的方法
US20050027868A1 (en) * 2003-07-31 2005-02-03 International Business Machines Corporation Method and apparatus for authenticated network address allocation
US20060036733A1 (en) * 2004-07-09 2006-02-16 Toshiba America Research, Inc. Dynamic host configuration and network access authentication
CN1741448A (zh) * 2004-08-25 2006-03-01 国际商业机器公司 用于客户计算机自行健康检查的方法和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2595082A1 (fr) * 2011-10-18 2013-05-22 Huawei Device Co., Ltd. Procédé et serveur d'authentification pour vérifier l'identité de l'accès d'un décodeur
US8832727B2 (en) 2011-10-18 2014-09-09 Huawei Device Co., Ltd. Method and authentication server for verifying access identity of set-top box

Also Published As

Publication number Publication date
CN101127600A (zh) 2008-02-20
CN101127600B (zh) 2011-12-07

Similar Documents

Publication Publication Date Title
WO2008022514A1 (fr) Procédé, système et appareil pour authentification d'accès utilisateur
US8046577B2 (en) Secure IP access protocol framework and supporting network architecture
KR100759489B1 (ko) 이동통신망에서 공개키 기반구조를 이용한 아이피보안터널의 보안 방법 및 장치
JP3863852B2 (ja) 無線環境におけるネットワークへのアクセス制御方法及びこれを記録した記録媒体
US6971005B1 (en) Mobile host using a virtual single account client and server system for network access and management
EP1755271B1 (fr) Procede permettant de realiser une authentification synchrone parmi differents dispositifs de commande d'authentification
US20100122338A1 (en) Network system, dhcp server device, and dhcp client device
WO2008034319A1 (fr) Procédé, système et dispositif d'authentification destinés à un dispositif de réseau
CA2414044C (fr) Cadre de protocole d'acces ip protege et architecture de reseau de soutien
WO2011017924A1 (fr) Procede, systeme, serveur et terminal d'authentification dans un reseau local sans fil
WO2006116926A1 (fr) Procede, systeme et serveur pour mettre en œuvre l’attribution de securite d’adresse dhcp
JP2006086907A (ja) 設定情報配布装置、方法、プログラム、媒体、及び設定情報受信プログラム
WO2012116590A1 (fr) Procédé et système d'authentification
WO2014101449A1 (fr) Procédé pour contrôler un point d'accès dans un réseau local sans fil, et système de communication
KR100438431B1 (ko) 통신 네트워크에서 가상 사설 네트워크 서비스 접속을위한 보안 시스템 및 방법
WO2015196441A1 (fr) Procédé, appareil et système d'acquisition de fichiers de configuration
EP1779595B1 (fr) Procede permettant l'inscription d'un terminal utilisateur dans un reseau local sans fil
WO2014176997A1 (fr) Procédé et système de transmission et de réception de données, procédé et dispositif de traitement de message
WO2009082950A1 (fr) Procédé, dispositif et système de distribution de clés
CN102231725A (zh) 一种动态主机配置协议报文的认证方法、设备及系统
WO2014044098A1 (fr) Procédé et système d'accès à un réseau fixé par un utilisateur wlan
CN101471934A (zh) 动态主机配置协议中双向加密及身份鉴权的方法
WO2009012729A1 (fr) Procédé, système et dispositif de conversion d'authentification d'accès à un réseau
WO2013004104A1 (fr) Procédé et système de signature unique
JP4584776B2 (ja) ゲートウェイ装置およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720801

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07720801

Country of ref document: EP

Kind code of ref document: A1