CN103546348A - Method for detecting abnormal offline of authenticated user - Google Patents
Method for detecting abnormal offline of authenticated user Download PDFInfo
- Publication number
- CN103546348A CN103546348A CN201310529053.8A CN201310529053A CN103546348A CN 103546348 A CN103546348 A CN 103546348A CN 201310529053 A CN201310529053 A CN 201310529053A CN 103546348 A CN103546348 A CN 103546348A
- Authority
- CN
- China
- Prior art keywords
- authentication
- equipment
- access layer
- user
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract 9
- 230000002159 abnormal effect Effects 0.000 title claims abstract 8
- 238000001514 detection method Methods 0.000 claims 5
- 238000012217 deletion Methods 0.000 claims 1
- 230000037430 deletion Effects 0.000 claims 1
- 230000000737 periodic effect Effects 0.000 claims 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method for detecting abnormal offline of an authenticated user includes the steps that first, user equipment sends an online request to network access layer equipment, and the mac address and authentication information of the user equipment are stored on the network access layer equipment; second, the network access layer equipment starts an authentication procedure and sends an authentication request to an AAA server; third, after the authentication of the AAA server succeeds, the success of the authentication is fed back to the user equipment and meanwhile fed back to the access layer equipment, and the user equipment is allowed to have access to a network; fourth, after the authentication succeeds, the network access layer equipment updates the authentication information, and meanwhile a timed authentication inquiry procedure is started. After the method is adopted, whether the user equipment is online or not is judged through the timed authentication inquiry with a user, if the user equipment gets offline abnormally, the user equipment cannot reply to an inquiry message of the network access layer equipment, at the moment, the procedure of the abnormal offline of the user is started, the AAA server stops charging the user according to a specified strategy, meanwhile, when the user equipment gets offline abnormally, user resources are released timely, and thus network resources can be utilized reasonably.
Description
Technical field
The present invention relates to network system technical field, particularly relate to a kind of detection method of authenticated user abnormal off-line.
Background technology
When user carries out internet behavior, if user is not according to the standard flow process that rolls off the production line, as power-off, directly close computer, pull out in the situations such as netting twine, accounting server will can not stop charging to client, simultaneously, can the relevant Internet resources of releasing user yet, thus user's loss and network losses caused.
In 802.1x Verification System, when subscriber equipment carries out network insertion in the mode of two layers of access, need to obtain access authority and stop charging through following flow process:
A, use Authentication Client send user's internet information.
B, the authentication by network, mandate, charging policy processing server authenticate complete to user, and object information is fed back to network access layer equipment and subscriber equipment,
When C, object information are authentication success, network layer access device is opened the state of subscriber equipment access interface, allows subscriber equipment by the network message of this port.
Summary of the invention
Based on this, be necessary to provide a kind of detection method of authenticated user abnormal off-line.
A detection method for authenticated user abnormal off-line, comprising:
Step 1: subscriber equipment sends to reach the standard grade and asks to network access layer equipment, and network access layer equipment is preserved mac address and the authentication information of subscriber equipment;
Step 2: network access layer equipment starts identifying procedure, carries out authentication request to aaa server;
After the success of step 3:AAA server authentication, feed back to subscriber equipment, feed back to access layer equipment simultaneously, allow user equipment access network;
Step 4: after authentication success, authentication information described in network access layer renewal of the equipment, starts regularly authentication simultaneously and condescends to inquire flow process.
Further, described authentication information comprises user name, password and authentication state.
Further, described timing authentication is condescended to inquire flow process and is comprised:
Network access layer equipment periodic or acyclicly send authentication to subscriber equipment and condescend to inquire message, if do not receive the message of condescending to inquire of subscriber equipment reply in Preset Time, judge that subscriber equipment rolls off the production line, described network access layer equipment sends to aaa server the message that subscriber equipment has rolled off the production line.
Further, described Preset Time is 15 seconds.
Further, also comprise:
If subscriber equipment rolls off the production line, network access layer unit deletion mac address and authentication information, discharge its Internet resources, and aaa server according to strategy, stops the charging to user to user.
Adopt after method of the present invention, user descends in line process in improper flow process, access device is not needing to increase other too much expenses and function just can judge user's not presence, make authentication, mandate, charge system releasing network resources in time, and user is carried out to correct charging flow.The present invention also has following advantage:
First under existing TCP/IP framework, realize, arp agreement is all supported at present in all-network equipment;
Next is the message of the radius accounting server of compatible all standards, does not increase extra privately owned message.
Accompanying drawing explanation
Fig. 1 is network structure of the present invention;
Fig. 2 is the flow chart of an embodiment provided by the invention.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is described in more detail.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Fig. 1 is application network structure of the present invention.In Fig. 1, aaa server carries out authentication,authorization,accounting operation to online user.
Consult Fig. 2, the detection method of the authenticated user abnormal off-line of first embodiment provided by the invention, comprising:
Step 11, subscriber equipment sends to reach the standard grade and asks to network access layer equipment, and network access layer equipment is preserved mac address and the authentication information of subscriber equipment;
Concrete, authentication information comprises user name, password and authentication state, and whether authentication state is by the authentication of aaa server.
Step 12, network access layer equipment starts identifying procedure, by network access layer equipment, to aaa server, carries out authentication request;
Step 13, aaa server is by the authentication request of subscriber equipment, and authentication success, opens subscriber equipment place port, allows user equipment access network;
Step 14, network access layer renewal of the equipment authentication information, authentication authorization and accounting state;
Step 15, aaa server is to the information of subscriber equipment feedback authentication success;
Step 16, network access layer equipment periodic or the acyclic message of condescending to inquire to subscriber equipment transmission authentication, if do not receive the message of condescending to inquire that subscriber equipment replys in Preset Time, in Preset Time, subscriber equipment is not replied and is condescended to inquire message and think subscriber equipment abnormal off-line;
Step 17, subscriber equipment is replied message in Preset Time, thinks that subscriber equipment is online.
Step 18, subscriber equipment is not replied message in Preset Time, and judgement subscriber equipment rolls off the production line.
Step 19, if judging subscriber equipment rolls off the production line, start abnormal off-line and flow out flow process, by network access layer equipment, to aaa server, send the message that subscriber equipment has rolled off the production line, network access layer unit deletion mac address and authentication information, discharge its Internet resources, aaa server according to strategy, stops the charging to user to user.
In a preferred embodiment, Preset Time is 15 seconds.
Adopt after method of the present invention, utilize regularly and authenticate and condescend to inquire interpretation subscriber equipment whether online with user, if subscriber equipment abnormal off-line, subscriber equipment will can not be replied the message of condescending to inquire of access device, now starts user's abnormal off-line flow process, and aaa server stops the processing of charging to user according to the strategy of appointment, simultaneously, during subscriber equipment abnormal off-line, in time user resources are discharged, Internet resources are rationally utilized.The present invention also has following advantage:
First under existing TCP/IP framework, realize;
Secondly at the message of the radius of all standards of compatibility accounting server, do not increase extra privately owned message.
The above embodiment has only expressed several execution mode of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.
Claims (5)
1. a detection method for authenticated user abnormal off-line, is characterized in that, comprising:
Step 1: subscriber equipment sends to reach the standard grade and asks to network access layer equipment, and network access layer equipment is preserved mac address and the authentication information of subscriber equipment;
Step 2: network access layer equipment starts identifying procedure, carries out authentication request to aaa server;
After the success of step 3:AAA server authentication, feed back to subscriber equipment, feed back to access layer equipment simultaneously, allow user equipment access network;
Step 4: after authentication success, authentication information described in network access layer renewal of the equipment, starts regularly authentication simultaneously and condescends to inquire flow process.
2. the detection method of authenticated user abnormal off-line according to claim 1, is characterized in that, described authentication information comprises user name, password and authentication state.
3. the detection method of authenticated user abnormal off-line according to claim 1, is characterized in that, described timing authentication is condescended to inquire flow process and comprised:
Network access layer equipment periodic or acyclicly send authentication to subscriber equipment and condescend to inquire message, if do not receive the message of condescending to inquire of subscriber equipment reply in Preset Time, judge that subscriber equipment rolls off the production line, described network access layer equipment sends to aaa server the message that subscriber equipment has rolled off the production line.
4. the detection method of authenticated user abnormal off-line according to claim 3, described Preset Time is 15 seconds.
5. the detection method of authenticated user abnormal off-line according to claim 3, is characterized in that, also comprises:
If subscriber equipment rolls off the production line, network access layer unit deletion mac address and authentication information, discharge its Internet resources, and aaa server according to strategy, stops the charging to user to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310529053.8A CN103546348A (en) | 2013-10-30 | 2013-10-30 | Method for detecting abnormal offline of authenticated user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310529053.8A CN103546348A (en) | 2013-10-30 | 2013-10-30 | Method for detecting abnormal offline of authenticated user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103546348A true CN103546348A (en) | 2014-01-29 |
Family
ID=49969423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310529053.8A Pending CN103546348A (en) | 2013-10-30 | 2013-10-30 | Method for detecting abnormal offline of authenticated user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546348A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282270A (en) * | 2015-11-03 | 2016-01-27 | 北京星网锐捷网络技术有限公司 | Method, device and system for preventing fraudulent use of IP address |
| CN106067857A (en) * | 2016-08-10 | 2016-11-02 | 杭州华三通信技术有限公司 | A kind of user of preventing is forced the method and device rolled off the production line |
| CN108900480A (en) * | 2018-06-12 | 2018-11-27 | 新华三技术有限公司 | Client certificate management method and device |
| CN109104475A (en) * | 2018-07-27 | 2018-12-28 | 新华三技术有限公司 | Connect restoration methods, apparatus and system |
| CN109428924A (en) * | 2017-08-29 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Presence maintaining method, access layer assembly, application system and the equipment of application |
| WO2023029981A1 (en) * | 2021-09-03 | 2023-03-09 | 中兴通讯股份有限公司 | Terminal exception processing method, base station, electronic device, and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501636A (en) * | 2002-11-19 | 2004-06-02 | 华为技术有限公司 | A method for detecting whether or not WEB authentication user is on line |
| CN1571366A (en) * | 2003-07-23 | 2005-01-26 | 华为技术有限公司 | Method for monitoring user connection state |
| CN101645907A (en) * | 2009-09-04 | 2010-02-10 | 中兴通讯股份有限公司 | Method and system for processing abnormal off-line of Web authenticated user |
| CN102148838A (en) * | 2011-05-12 | 2011-08-10 | 福建星网锐捷网络有限公司 | Web authentication method, network equipment and Web authentication system |
| CN103166803A (en) * | 2011-12-13 | 2013-06-19 | 中国移动通信集团山东有限公司 | Method, device and system for offline processing of wireless local area network users |
| CN103200172A (en) * | 2013-02-19 | 2013-07-10 | 中兴通讯股份有限公司 | Method and system for keep-alive of 802.1X access conversation |
-
2013
- 2013-10-30 CN CN201310529053.8A patent/CN103546348A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501636A (en) * | 2002-11-19 | 2004-06-02 | 华为技术有限公司 | A method for detecting whether or not WEB authentication user is on line |
| CN1571366A (en) * | 2003-07-23 | 2005-01-26 | 华为技术有限公司 | Method for monitoring user connection state |
| CN101645907A (en) * | 2009-09-04 | 2010-02-10 | 中兴通讯股份有限公司 | Method and system for processing abnormal off-line of Web authenticated user |
| CN102148838A (en) * | 2011-05-12 | 2011-08-10 | 福建星网锐捷网络有限公司 | Web authentication method, network equipment and Web authentication system |
| CN103166803A (en) * | 2011-12-13 | 2013-06-19 | 中国移动通信集团山东有限公司 | Method, device and system for offline processing of wireless local area network users |
| CN103200172A (en) * | 2013-02-19 | 2013-07-10 | 中兴通讯股份有限公司 | Method and system for keep-alive of 802.1X access conversation |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282270A (en) * | 2015-11-03 | 2016-01-27 | 北京星网锐捷网络技术有限公司 | Method, device and system for preventing fraudulent use of IP address |
| CN105282270B (en) * | 2015-11-03 | 2019-09-20 | 北京星网锐捷网络技术有限公司 | A kind of method, apparatus and system for preventing IP address from falsely using |
| CN106067857A (en) * | 2016-08-10 | 2016-11-02 | 杭州华三通信技术有限公司 | A kind of user of preventing is forced the method and device rolled off the production line |
| CN106067857B (en) * | 2016-08-10 | 2020-05-08 | 新华三技术有限公司 | Method and device for preventing user from being forced off-line |
| CN109428924A (en) * | 2017-08-29 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Presence maintaining method, access layer assembly, application system and the equipment of application |
| CN108900480A (en) * | 2018-06-12 | 2018-11-27 | 新华三技术有限公司 | Client certificate management method and device |
| CN108900480B (en) * | 2018-06-12 | 2021-12-07 | 新华三技术有限公司 | Client authentication management method and device |
| CN109104475A (en) * | 2018-07-27 | 2018-12-28 | 新华三技术有限公司 | Connect restoration methods, apparatus and system |
| CN109104475B (en) * | 2018-07-27 | 2022-03-11 | 新华三技术有限公司 | Connection recovery method, device and system |
| WO2023029981A1 (en) * | 2021-09-03 | 2023-03-09 | 中兴通讯股份有限公司 | Terminal exception processing method, base station, electronic device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103546348A (en) | Method for detecting abnormal offline of authenticated user | |
| CN102244866B (en) | Gate verification method and access controller | |
| CN106301785B (en) | Method and system for binding intelligent household equipment and intelligent terminal | |
| CN102843682B (en) | Access point authorizing method, device and system | |
| CN104639624B (en) | A kind of method and apparatus for realizing mobile terminal remote access control | |
| CN103874069B (en) | A kind of wireless terminal MAC authentication devices and method | |
| CN101217575A (en) | An IP address allocation and device in user end certification process | |
| CN102932785A (en) | Rapid authentication method, system and equipment of wireless local area network | |
| CN103475751B (en) | A kind of method and device of IP address switching | |
| CN103905579B (en) | The communication means of platform and terminal room, communication system, platform and relevant device | |
| CN103166803B (en) | Method, device and system for offline processing of wireless local area network users | |
| EP3017584A1 (en) | Access terminal | |
| CN103544752B (en) | A kind of wireless video access control system and its control method based on IGRS protocol | |
| CN105163317A (en) | Network access method, server, terminal and system | |
| CN107864475A (en) | The quick authentication methods of WiFi based on Portal+ dynamic passwords | |
| CN104601743A (en) | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet | |
| CN106982430B (en) | Portal authentication method and system based on user use habits | |
| CN110138714A (en) | Method, apparatus, electronic equipment and the storage medium of access process | |
| CN101072139A (en) | Method for realizing network quit for WiMAX communication system | |
| CN106330911A (en) | CC (Challenge Collapsar) attack protection method and device | |
| CN113271299A (en) | Login method and server | |
| CN104754689B (en) | home gateway access management method and system | |
| CN105578616A (en) | Wi-Fi connection state based method for determining user identity | |
| CN110839050A (en) | Method, system and wireless access point for detecting user offline | |
| CN102143165A (en) | Method, network switch and network system for authenticating terminals |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140129 |