CN102075504B - Method and system for realizing two-layer Portal authentication and Portal server - Google Patents
Method and system for realizing two-layer Portal authentication and Portal server Download PDFInfo
- Publication number
- CN102075504B CN102075504B CN 200910238485 CN200910238485A CN102075504B CN 102075504 B CN102075504 B CN 102075504B CN 200910238485 CN200910238485 CN 200910238485 CN 200910238485 A CN200910238485 A CN 200910238485A CN 102075504 B CN102075504 B CN 102075504B
- Authority
- CN
- China
- Prior art keywords
- address
- subscriber equipment
- access device
- portal server
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and system for realizing two-layer Portal authentication and a Portal server. In the technical scheme, a management IP address of access equipment where user equipment is arranged can be obtained by the Portal server, the management IP address is interacted with the access equipment, and then two-layer Portal authentication on the user equipment is realized. In addition, known from the technical scheme for realizing the two-layer Portal authentication in the invention, the Portal server inquires the access equipment of the user equipment in a two-layer network after receiving a page request sent by the user equipment, therefore, even if the user equipment is moved from one access equipment to the other access equipment to access, the Portal server can also accurately find out the access equipment accessed by the user equipment, and the problem of authentication failure caused by moving the user equipment is avoided.
Description
Technical field
The present invention relates to the network authentication technology, espespecially a kind of method, system and portal server of realizing two layers of door (Portal) authentication.
Background technology
In the world of computer and internet, authentication is a key element the most basic, is also the basis of whole information security system, the user only have passed through authentication could normal accesses network resource.The mode of authentication at present has a lot, and 802.1x authentication, Portal authentication etc. are typically arranged.
802.1x authentication techniques are a kind of two layers of authentication techniques.The advantage of this technology is to complete two layers of authentication, overall performance to equipment is less demanding, can effectively reduce the networking cost, simultaneously owing to having used Extensible Authentication Protocol (EAP) commonly used in the RAS system, good autgmentability and adaptability can be provided, realize the compatibility to conventional P PP authentication architecture.But when implementing the 802.1x authentication, the keeper need to install 802.1x authentication proxy software on each terminal equipment, realizes in a large enterprise or terminal distribute the network that comparatively disperses like this that 802.1x authenticates just to seem very difficult.
The Portal authentication generally is called portal website with the Portal authentication website usually also referred to as web authentication.When the user need to access information in the Internet, its access device just authenticated relocating user equipment to portal website, just can use Internet resources in authentication by rear.The specific implementation of Portal authentication can be shown in Figure 1 flow process.
In step 101, subscriber equipment sends the HTTP request to access device.
In step 102, access device returns to the IP address of Portal server to subscriber equipment.
When the user accesses a webpage, the HTTP request that subscriber equipment sends to access device, therefore by authentication, access device need to send to subscriber equipment with the IP address of Portal server here, and relocating user equipment is accepted authentication to Portal server due to subscriber equipment.
In step 103, subscriber equipment is to the Portal server requested webpage.This operation is completed automatically by the Web browser on subscriber equipment.
In step 104, Portal server sends solicited message REQ_INFO message to access device.
In step 105, access device is to Portal server return information response message.
Step 104 and 105 is mainly used to Portal server to the specifying information of access device inquiring user access, and such as VLAN (VLAN), port etc. is used for the right authentication of Portal server.
In step 106, the page request of Portal server response subscriber equipment sends to browser with the Portal certification page.
In step 107, the user is after Portal page input authentication information, and subscriber equipment sends authentication request to Portal equipment, wherein carries authentication information.
In step 108, after Portal server is received authentication request, send the REQ_CHALLENGE message to access device.
In step 109, access device returns to the ACK_CHALLENGE message to Portal server.
In step 110, Portal server sends the REQ_AUTH message to access device.
The user directly inputs user's name on WEB, password authenticates, and only have Portal server to know user's name, password this moment, and follow-up certification work needs access device and Radius server communication to complete.Therefore Portal server need to be informed access device user's name and password, yet, directly these information of transmission easily are stolen on the networking, therefore at first Portal server sends encrypted word of message application in step 108, access device is responded the encrypted word that generates in step 109, and Portal server sends user's name and the encrypted message that uses encrypted word to encrypt in step 110.
In step 111, access device sends the ACCESS_REQUEST message to remote customer dialing authentication system (Radius, RemoteAuthentication Dial In User Service).
In step 112, Radius returns to the ACCESS_ACCEPT message to access device.
ACCESS_REQUEST message in step 111 and 112 and ACCESS_ACCEPT message are the Radius message identifyings of standard.The ACCESS_REQUEST message that access device is crossed the information exchanges such as user's name password in step 111 sends to the Radius server, and Radius sends to access device to the result that information will authenticate after authenticating by the ACCESS_ACCEPT message in step 112.
In step 113, access device sends the ACK_AUTH message to Portal server.
In step 114, Portal server returns to the AFF_ACK_AUTH message to access device.
Here, in step 113, whether authentication success is so that Portal server pushes the different authentication result pages to subscriber equipment to access device by ACK_AUTH message notifying user.AFF_ACK_AUTH message in step 114 represents that Portal server receives the notice of access device.
By top introduction as can be known, when subscriber equipment passed through access internet through browsers, its flow was redirected to Portal server by access device, and Portal server pushes the web authentication page to user browser, the user completes authentication by the Web interface, and then the resource on the access the Internet.Portal authentication is three layers of authentication, realize simple, need to be on terminal equipment installation agent software, dispose very convenient.
In view of 802.1x is realizing existing problem in two layers of authentication, and Portal authentication realizes simple advantage, needs badly in prior art and proposes a kind of technical scheme that realizes two layers of Portal authentication.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method, system and Portal server of realizing two layers of Portal authentication.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that realizes two layers of gate verification, each equipment in double layer network of being applicable to disposes the situation of management ip address;
After portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying described subscriber equipment;
Access device receiver address query message when determining that according to the MAC Address of wherein carrying subscriber equipment accesses from self, to portal server return address inquiry response message, is wherein carried the management ip address of self;
Portal server is after receiving the address lookup response message, and the management ip address that acquisition is wherein carried sends the authentication webpage to described subscriber equipment; And after receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.
A kind of system that realizes two layers of gate verification, each equipment in double layer network of being applicable to disposes the situation of management ip address, comprising: subscriber equipment, portal server and access device;
Described subscriber equipment sends web-page requests to portal server; After receiving the authentication webpage that portal server sends, send authentication request to portal server;
After described portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated;
Described access device receives the address lookup message that portal server sends, and according to the MAC Address of wherein carrying, when determining that described subscriber equipment accesses from self, to portal server return address inquiry response message, wherein carries the management ip address of self; And mutual with portal server, to described subscriber equipment authentication.
A kind of portal server, each equipment in double layer network of being applicable to disposes the situation of management ip address, comprising: processing unit and authentication ' unit;
Described processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment;
Described authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.
The present invention obtains the management ip address of subscriber equipment place access device by Portal server, and mutual by management ip address and access device, and then realizes two layers of Portal authentication of subscriber equipment.In addition, the technical scheme that realizes two layers of Portal authentication by the present invention as can be known, Portal server is after receiving that subscriber equipment sends web-page requests, the access device of ability inquiring user equipment in the double layer network of place, therefore, even subscriber equipment moves to the access of another access device from an access device, the access device that Portal server also can find subscriber equipment to access accurately, the problem that can't authenticate after having avoided subscriber equipment to move.
Description of drawings
Fig. 1 is the flow process that Portal server authenticates the Internet user;
Fig. 2 is the exemplary process diagram that the present invention realizes two layers of Portal authentication method;
Fig. 3 is the exemplary block diagram that the present invention realizes two layers of Portal Verification System;
Fig. 4 is the exemplary block diagram of Portal server of the present invention;
Fig. 5 is the flow chart of embodiment of the present invention method.
Embodiment
In the detailed description of this part, only by to implementing the example of the desired best mode of inventor of the present invention, illustrate and described preferred embodiment of the present invention.It will be appreciated that and not deviate under prerequisite of the present invention, with regard to each apparent aspect, it is modified.Correspondingly, it is exemplary in itself that drawing and description should be regarded as, rather than restrictive.
When each equipment all disposes management ip address in double layer network, just can be undertaken alternately by management ip address between each equipment.Management ip address can be used for the transmission of the information of carrying out, but can not be used for forwarding.Therefore, in order to realize two layers of Portal authentication, as long as Portal server can obtain the management ip address of the access device that subscriber equipment and subscriber equipment connect, just can be undertaken alternately by management ip address and access device, complete two layers of Portal authentication to subscriber equipment.Management ip address for subscriber equipment, because subscriber equipment can send web-page requests to Portal server, therefore it is not difficult that Portal server obtains the management ip address of subscriber equipment, and key is how Portal server obtains the management ip address of subscriber equipment place access device.
Referring to Fig. 2, Fig. 2 is the exemplary process diagram that the present invention realizes two layers of Portal authentication method.The method comprises: in step 201, after Portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; In step 202, access device receiver address query message when determining that according to the MAC Address of wherein carrying subscriber equipment accesses from self, to Portal server return address inquiry response message, is wherein carried the management ip address of self; In step 203, Portal server obtains the management ip address wherein carry, and sends the authentication webpage to subscriber equipment after receiving the address lookup response message that returns; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.The access device here can be BAS Broadband Access Server (BAS, Broadband Access Server).
Referring to Fig. 3, Fig. 3 is the exemplary block diagram that the present invention realizes two layers of Portal Verification System.This system that realizes two layers of Portal authentication comprises: subscriber equipment, Portal server and access device.Wherein, subscriber equipment sends web-page requests to Portal server; After receiving the authentication webpage that Portal server sends, send authentication request to Portal server.After Portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.Access device receives the address lookup message that Portal server sends, and according to the MAC Address of wherein carrying, when determining that subscriber equipment accesses from self, to Portal server return address inquiry response message, wherein carries the management ip address of self; And when described subscriber equipment accesses from self, mutual with Portal server, to described subscriber equipment authentication.In addition, access device can also carry out completing the authentication to subscriber equipment alternately with the Radius server as required.
Wherein, when access device accesses from self at definite described subscriber equipment, according to the mac address table of the MAC Address inquiry of carrying in the address lookup message of receiving self, when having this MAC Address on the down going port of mac address table, determine that described subscriber equipment accesses from self.
In addition, subscriber equipment sends web-page requests to access device usually, by access device, this web-page requests is redirected to Portal server, and then Portal server has been received the web-page requests that subscriber equipment sends.The detailed process that is redirected is: subscriber equipment sends web-page requests to access device; After access device is received the web-page requests that subscriber equipment sends, the IP address of Portal server is sent to subscriber equipment; Subscriber equipment sends described web-page requests to Portal server after receiving the IP address of Portal server that access device returns.
Referring to Fig. 4, Fig. 4 is the exemplary block diagram that the present invention realizes two layers of Portal server.These two layers of Portal server comprise: processing unit and authentication ' unit.Wherein, processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment; Authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.Wherein, processing unit can be by inquiry cluster topology, the access device in the traversal topology, and each access device in double layer network sends the address lookup message.Processing unit can also obtain the cluster topology, be specially: send the network topology request message to the adjacent device that connects, the response message that returns by reception is collected neighbor information and the link information of place each network equipment of network, obtains the cluster topology of the place network equipment.
Below by specific embodiment, technical scheme of the present invention is described in detail.
Referring to Fig. 5, Fig. 5 is the method flow diagram of realizing two layers of Portal authentication in the embodiment of the present invention.
Step 101 in step 501~503 and Fig. 1~103 are identical, specifically can referring to the detailed introduction of step 101~103, be not described in detail in this.
In step 504, Portal server sends address lookup message, the MAC Address of carrying subscriber equipment in message to each access device.
Here, Portal server can be by inquiry cluster topology, and the access device in the traversal topology sends the address lookup message to each access device.The cluster topology obtains by cluster protocol, cluster protocol comprises People Near Me discovery (NDP), discovering network topology (NTDP) and member management protocol (Cluster) etc., appointed management equipment realizes that by cluster protocol the neighbours between two-layer network device find, the collection of whole net topology and the management of member device.
The execution general procedure of cluster protocol is: the equipment of operation NDP regularly sends the NDP message from the port of all activated NDP agreement, receive simultaneously the NDP information that neighbor device sends, NDP can only be used for finding the neighbor information of " directly being connected ", comprise device type, software/hardware version, connectivity port of adjacent device etc., equipment does not forward after receiving the NDP message.After management equipment is designated, send NTDP topology request message to all of its neighbor equipment, the equipment of receiving this request sends response message immediately, report the link information of the NDP information of this equipment that this equipment is collected by the NDP agreement and it and all of its neighbor equipment, and the duplicate requests message sends to its all of its neighbor equipment.Adjacent device will be carried out same operation after receiving request: send response message, the duplicate requests message sends to its all of its neighbor equipment, by that analogy, after each network equipment NDP information that management equipment will be collected and the information of associated devices, form network topology by calculating.When the NDP discovering neighbor on member's equipment changed, by the message informing management equipment that handshake message changes neighbours, management equipment can start NTDP and specify collecting topology, thereby makes NTDP can in time reflect the variation of network topology.
Portal server can obtain by the management equipment of Access Management Access topology the cluster topology.When management equipment was embedded webmaster (WiNet) server, Portal server can be accessed the WiNet server and be obtained the cluster topology.Certainly, the function of collection network topology also can be integrated in Portal server, and Portal server also can be embedded in the WiNet server.
In step 505, access device is received the address lookup message that Portal server sends, check the mac address table of self according to the MAC Address of carrying in message, judge whether the MAC Address of hitting is arranged in mac address table, if hit, return to the management ip address of self to Portal server, this management ip address can be carried in the address lookup response message and return to Portal server; If do not hit, can not process.The present embodiment is the situation of query hit.
Address lookup message in step 504 and the address lookup response message in step 505 can be realized by the type of expansion Portal message, defined two kinds of new type of messages, BAS_REQUEST message and BAS_ACK message.Wherein, BAS_REQUEST is the address lookup message, is worth to be that 0X10, direction are Portal server → access device, and implication is Portal server inquiry main frame on-position, and processing requirements is necessary; BAS_ACK is the address lookup response message, is worth to be that 0x11, direction are access device → Portal server, and implication is that access device is responded, and processing requirements is necessary.Wherein, in the BAS_REQUEST message, increase by an attribute field MAC-Address, AttrType is 0x0d, and property value length is 6Byte (fixing), and the attribute implication is the MAC Address of authenticated user equipment.
Like this, each access device of Portal server sends BAS_REQUEST message, and the purpose IP address of UDP message extends this as the IP address of access device.After access device receives this message, MAC Address attribute and comparing with oneself MAC Address list item in analytic message, if contain this MAC Address use the BAS_ACK message to respond, the BAS-IP attribute in this BAS_ACK message extends this as the managing I P of oneself, the MAC Address that the MAC-Address attribute is filled in subscriber equipment.
When whether access device inquiry self MAC address table has the MAC Address of hitting, only need the inquiry down going port, do not need to inquire about up going port.Be that access device is inquired about the mac address table of self according to the MAC Address of carrying in the query message of address, when having this MAC Address on the down going port of mac address table, define the MAC Address of hitting, subscriber equipment accesses from self.The reason of only inquiring about down going port is, subscriber equipment is in descending access, if up going port has the MAC Address of subscriber equipment, shows that this MAC Address learns from other access devices, and subscriber equipment is not from this access device access.
In step 506, Portal server is received the management ip address that access device returns, and to access device REQ_INFO message, subsequent step 507~517 is identical with step 105~115, is not described in detail in this according to this management ip address.
And then Portal server has been completed the authentication to subscriber equipment according to the management ip address that access device returns, and has realized two layers of Portal authentication.
The technical scheme that the present invention proposes obtains the management ip address of subscriber equipment place access device by Portal server, mutual by management ip address and access device, and then realizes that two layers of Portal of subscriber equipment authenticate.In addition, by the technical scheme of the above-mentioned record of the present invention as can be known, Portal server is after receiving that subscriber equipment sends web-page requests, the access device of ability inquiring user equipment in the double layer network of place, therefore, even subscriber equipment moves to the access of another access device from an access device, the access device that Portal server also can find subscriber equipment to access accurately, the problem that can't authenticate after having avoided subscriber equipment to move.
The above is only preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a method that realizes two layers of gate verification, is characterized in that, each equipment in double layer network of being applicable to disposes the situation of management ip address, and described management ip address is used for communication and is not used in forwarding;
After portal server received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying described subscriber equipment;
Access device receiver address query message when determining that according to the MAC Address of wherein carrying subscriber equipment accesses from self, to portal server return address inquiry response message, is wherein carried the management ip address of self;
Portal server is after receiving the address lookup response message, and the management ip address that acquisition is wherein carried sends the authentication webpage to described subscriber equipment; And after receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated.
2. method according to claim 1, is characterized in that, described according to MAC Address determine subscriber equipment from self the access be:
Access device when having this MAC Address on the down going port of mac address table, determines that described subscriber equipment accesses from self according to the mac address table of the MAC Address inquiry of carrying in the query message of address self.
3. method according to claim 1 and 2, is characterized in that, the web-page requests that described portal server receives the subscriber equipment transmission is:
After access device is received the web-page requests of subscriber equipment transmission, send the IP address of portal server to subscriber equipment;
Subscriber equipment sends web-page requests according to the IP address of receiving from access device to portal server;
Portal server receives the web-page requests that subscriber equipment sends.
4. method according to claim 1, is characterized in that, described portal server sends the address lookup message to each access device in the double layer network of place and is:
Described portal server inquiry cluster topology, the access device in the traversal topology, each access device in double layer network sends the address lookup message.
5. system that realizes two layers of gate verification, it is characterized in that, each equipment in double layer network of being applicable to disposes the situation of management ip address, and described management ip address is used for communication and is not used in forwarding, comprising: subscriber equipment, portal server and access device;
Described subscriber equipment sends web-page requests to portal server; After receiving the authentication webpage that portal server sends, send authentication request to portal server;
After described portal server was received the web-page requests of subscriber equipment transmission, each access device in the double layer network of place sent address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, mutual according to the management ip address and the access device that obtain, subscriber equipment is authenticated;
Described access device receives the address lookup message that portal server sends, and according to the MAC Address of wherein carrying, when determining that described subscriber equipment accesses from self, to portal server return address inquiry response message, wherein carries the management ip address of self; And mutual with portal server, to described subscriber equipment authentication.
6. system according to claim 5, is characterized in that,
When described access device accesses from self at definite described subscriber equipment, according to the mac address table of the MAC Address inquiry of carrying in the query message of address self, when having this MAC Address on the down going port of mac address table, determine that described subscriber equipment accesses from self.
7. according to claim 5 or 6 described systems, is characterized in that,
Described subscriber equipment sends web-page requests to access device; After receiving the IP address of portal server that access device returns, send described web-page requests to portal server;
After described access device is received the web-page requests that subscriber equipment sends, the IP address of portal server is sent to subscriber equipment.
8. a portal server, is characterized in that, each equipment in double layer network of being applicable to disposes the situation of management ip address, and described management ip address is used for communication and is not used in forwarding; Comprise: processing unit and authentication ' unit;
Described processing unit is after receiving the web-page requests that subscriber equipment sends, and each access device in the double layer network of place sends address lookup message, the MAC Address of wherein carrying subscriber equipment; And after receiving the address lookup response message that access device returns, the management ip address that acquisition is wherein carried sends the authentication webpage to subscriber equipment; After receiving the authentication request that subscriber equipment sends, the indication authentication ' unit authenticates subscriber equipment;
Described authentication ' unit, mutual according to management ip address and access device that described processing unit obtains, subscriber equipment is authenticated.
9. portal server according to claim 8, is characterized in that,
Described processing unit inquiry cluster topology, the access device in the traversal topology, each access device in double layer network sends the address lookup message.
10. according to claim 8 or 9 described portal servers, it is characterized in that, described processing unit further sends the network topology request message to the adjacent device that connects, the response message that returns by reception is collected neighbor information and the link information of place each network equipment of network, obtains the cluster topology of the place network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910238485 CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910238485 CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075504A CN102075504A (en) | 2011-05-25 |
| CN102075504B true CN102075504B (en) | 2013-06-26 |
Family
ID=44033850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910238485 Expired - Fee Related CN102075504B (en) | 2009-11-20 | 2009-11-20 | Method and system for realizing two-layer Portal authentication and Portal server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075504B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638472B (en) * | 2012-05-07 | 2015-04-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
| CN103023727B (en) * | 2012-12-28 | 2015-08-26 | 迈普通信技术股份有限公司 | Portal Performance Test System and method |
| CN104426660A (en) * | 2013-09-04 | 2015-03-18 | 中兴通讯股份有限公司 | Portal authentication method, BNG (broadband network gateway), Portal server and Portal authentication system |
| CN103532717B (en) * | 2013-10-16 | 2016-10-12 | 杭州华三通信技术有限公司 | A kind of Portal authentication method, certification assisted method and device |
| CN104836812A (en) * | 2015-05-26 | 2015-08-12 | 杭州华三通信技术有限公司 | Portal authentication method, device and system |
| CN107276819A (en) * | 2017-07-06 | 2017-10-20 | 杭州敦崇科技股份有限公司 | A kind of authentication method of the three-layer network based on snmp protocol |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510862A (en) * | 2002-12-26 | 2004-07-07 | 华为技术有限公司 | Identification and business management for network user |
| CN1581770A (en) * | 2003-08-13 | 2005-02-16 | 华为技术有限公司 | Three-layer user authentication method |
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101217560A (en) * | 2007-12-29 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
-
2009
- 2009-11-20 CN CN 200910238485 patent/CN102075504B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510862A (en) * | 2002-12-26 | 2004-07-07 | 华为技术有限公司 | Identification and business management for network user |
| CN1581770A (en) * | 2003-08-13 | 2005-02-16 | 华为技术有限公司 | Three-layer user authentication method |
| CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101217560A (en) * | 2007-12-29 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075504A (en) | 2011-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
| CN109587135A (en) | Service interaction plateform system based on tertiary-structure network | |
| CN101582856B (en) | Session setup method of portal server and BAS (broadband access server) device and system thereof | |
| CN102075504B (en) | Method and system for realizing two-layer Portal authentication and Portal server | |
| JP2005339093A (en) | Authentication method, authentication system, authentication proxy server, network access authenticating server, program, and storage medium | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN104767715A (en) | Network access control method and equipment | |
| CN107404485A (en) | A kind of self-validation cloud connection method and its system | |
| CN105516163A (en) | Login method, terminal device and communication system | |
| JP2019537175A (en) | Network communication improvements | |
| CN101964800A (en) | Method for authenticating digital certificate user in SSL VPN | |
| CN102111326A (en) | Method, system and device for realizing mobility in layer 2 tunnel protocol virtual private network | |
| EP2997711A1 (en) | Providing single sign-on for wireless devices | |
| CN106685785B (en) | An Intranet Access System Based on IPsec VPN Proxy | |
| CN103327008A (en) | HTTP reorienting method and HTTP reorienting device | |
| CN109495362B (en) | Access authentication method and device | |
| CN109274579A (en) | It is a kind of that user's uniform authentication method is applied based on wechat platform more | |
| CN101083594A (en) | Method and system for managing network appliance | |
| CN105049404A (en) | Dynamic IP addressing method and system for home gateway equipment | |
| CN101599834B (en) | Method for identification and deployment and management equipment thereof | |
| AU2017344389B2 (en) | Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration | |
| KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
| CN117062075B (en) | Private network security authentication method, device and system | |
| CN207706214U (en) | It is a kind of to connect system from verification cloud | |
| CN114401143B (en) | Certificate strengthening authentication system and method based on DNS (Domain name System) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130626 Termination date: 20191120 |