CN1416241A - Authentication method for supporting network switching in based on different devices at same time - Google Patents
Authentication method for supporting network switching in based on different devices at same time Download PDFInfo
- Publication number
- CN1416241A CN1416241A CN 02145637 CN02145637A CN1416241A CN 1416241 A CN1416241 A CN 1416241A CN 02145637 CN02145637 CN 02145637 CN 02145637 A CN02145637 A CN 02145637A CN 1416241 A CN1416241 A CN 1416241A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- access point
- access
- point apparatus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
In the network of using the authentication mode based on the device at the access point, the authentication message in the authentication mode based on the access control device through the non controlled port of the device at the access point is transmitted between the user device and the access control device. Thus, the authentication of the user for switching in the network is carrier out. After the authentication of the user is passed, the controlled port of the device of the access point is opened. In the switching in the network, the invention makes the possible that the user can choose the authentication mode based on the access point device such as 802.1x authentication or choose the authentication mode based on access control device for WEB mode.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of method of supporting simultaneously based on the distinct device network access authentication.
Background technology
Ethernet networking mode at present commonly used as shown in Figure 1, a LANSwitch (Ethernet switch) can meet a plurality of PC (computer), LANSwitch is connected on the access control equipment by ethernet line.For wireless local area network technology, the wireless network card of computer links to each other with WAP (wireless access point), and an access point can connect a plurality of computers, and WAP (wireless access point) is connected on the access control equipment by ethernet line.Access control equipment can be LANSwitch or the router with subscriber management function, perhaps has ethernet user's access management product of similar functions.
In the networking of reality, PC can directly be connected in the access point apparatus, also can be connected in the access point apparatus by equipment such as the HUB under the access point apparatus (hub), LanSwitch, PC also can link to each other with VDSL Switch (VDSL switch) by VDSL, and what wherein transmit in the VDSL circuit is the message of ethernet format.In WLAN (wireless local area network), can use but be not limited to 802.11, wireless ethernet agreement such as 802.11a, 802.11b, 802.11g connects PC and access point.Simultaneously, in network, also need to place the RADIUS authentication server, carry out the authentication of user identity legitimacy, realize network insertion control, make things convenient for the management of Virtual network operator network access user.
At present, the access control method that Virtual network operator adopted comprises the multiple authentication methods that have been widely used such as WEB authentication, 802.1x authentication.802.1x be IEEE 802.1x, be a kind of access-control protocol, and be a kind of authentication protocol based on ethernet technology based on port.At present, 802.1x simply with its protocol security, realization, with other authentication protocols together, give to use the user of ADSL (ADSL (Asymmetric Digital Subscriber Line)), VDSL (Very-high-speed Digital Subscriber Line road), LAN multiple broadband access methods such as (local area network (LAN)s) that new authentication mode is provided; 802.1x authentication is normally realizing on the equipment near the user, so the 802.1x authentication is to realize access authentication procedure on access point apparatus, as in LANSwitch (Ethernet switch) and WAP (wireless access point)) on.And the WEB authentication method of another kind of extensive use is normally realized on the access control equipment of Ethernet, when the user carries out the WEB authentication, message identifying need be sent to access control equipment through access point apparatus and authenticate.
But because 802.1x agreement regulation, only there is the uncontrolled port that is mainly used to transmit EAPOL (based on the Extensible Authentication Protocol of local area network (LAN)) message identifying to be in the diconnected state all the time on the access point apparatus, guarantees that client can send or accept authentication all the time; And other messages all transmit through the controlled ports of access point apparatus, but controlled ports is in the state of getting clogged when unauthorized, can't carry out the transmission of message.Only after the 802.1x authentication is passed through, authorize controlled ports open-minded, can the business transferring message.
Therefore, when the user need use the WEB authentication method, perhaps using the 802.1x authentication method to authenticate opens the uncontrolled port of access point, perhaps on access point, open uncontrolled port for user's configuration, make the user can carry out the WEB authentication, otherwise the user can't dynamically freely select authentication mode, and can only use a certain authentication method to carry out the access of network, limited user's authentication and selected.
And,,, therefore can't dispose corresponding authentication method to the user in advance because before the user access network, network can't obtain user profile even certain user only uses a kind of authentication method at many network access at public place.The normal access network of user that this will restricted part use the authentication method of this network acquiescence to carry out network insertion has brought inconvenience for the user normally uses network.
Therefore, prior art can't satisfy the user and wish to select arbitrarily a kind of demand of carrying out network access authentication in the multiple authentication method.
Summary of the invention
The purpose of this invention is to provide a kind of method of supporting simultaneously based on the distinct device network access authentication, thereby make the user in access network process, can select as required based on the authentication mode of access point apparatus or based on the authentication mode access network of access control equipment.
The object of the present invention is achieved like this: support the method based on the distinct device network access authentication simultaneously, it is characterized in that: in the network of employing based on the authentication mode of access point apparatus, to transmit between user and access control equipment through the uncontrolled port of access point apparatus based on the message identifying of the authentication mode of access control equipment, carry out the authentication of user access network; And the user opens the controlled ports of access point apparatus by after authenticating.
Before authenticating, the user also comprises: be user's distributing IP address by dhcp process.
When described authentication mode based on access control equipment is WEB (World Wide Web) authentication mode, described message identifying comprises: based on the message of DHCP (DHCP) with based on the message of HTTP (HTML (Hypertext Markup Language)), and DNS (domain name service) message.
When described authentication mode based on access point apparatus was the 802.1x authentication mode, concrete verification process comprised:
A, user send authentication beginning message to access point apparatus, and the user identity request message of sending according to access point apparatus, and user's identity information is sent to access point apparatus;
B, access point apparatus send to certificate server with user's identity information, and return to access point apparatus by certificate server for it generates a CHALLENGE (challenge code);
C, access point apparatus send to the user with this CHALLENGE, adopt the md5 encryption algorithm that it is encrypted by the user, and the CHALLENGE after the encryption sends to certificate server by access point apparatus;
D, certificate server receive the CHALLENGE after encrypting, and it is authenticated;
E, authentication result is sent to the user by access point apparatus.
For having distributed the IP address user by dhcp process before the authentication, described step e also comprises: the user for authentication is passed through, change the IP address if desired, and then distribute new IP address by dhcp process for it again.
Described its verification process in access control equipment comprises:
F, user send to access control equipment with the uncontrolled port of HTTP request message by access point apparatus, and are forced to Portal server;
The user's that g, Portal server obtain authentication information, and by the CHALLENGE of access control equipment for this user's generation;
H, Portal server send to access control equipment with user identity after CHALLENGE is utilized the md5 encryption algorithm for encryption;
I, access control equipment send to the RADIUS authentication server with above-mentioned information and carry out authentification of user;
G, authentication result is sent to access control equipment by Portal server, for the user that authentication is passed through, the notice access point apparatus is opened the controlled ports of this user's correspondence.
Described step f also comprises: the user carries out the transmission of DHCP message by the uncontrolled port of access point apparatus between user and access control equipment, thinks user's distributing IP address.
Described step g also comprises: for the user that authentication is passed through, if desired for it distributes new IP address, be its distributing IP address again by dhcp process then.
By technique scheme as can be seen, the present invention has realized that in the network insertion process user both can select the authentication mode based on access point apparatus, authenticates as 802.1x etc.; Also can select authentication mode, as WEB authentication mode etc. based on access control equipment.Multiple authentication mode based on distinct device is supported simultaneously, make the user can dynamically freely select authentication mode as required, make the user when many public places access network, need not to be in advance the corresponding authentication method of its configuration, make things convenient for user's access network, improved the service quality of Virtual network operator.
Description of drawings
The network environment schematic diagram that Fig. 1 uses for the present invention;
Fig. 2 is the concrete implementing procedure figure of WEB authentication of the present invention;
Fig. 3 is the concrete implementing procedure figure of 802.1x authentication of the present invention.
Embodiment
Present LAN networking structure as shown in Figure 1, PC (personal computer) is by access point (AP) equipment access network, access point apparatus links to each other with access control equipment.Realization of the present invention makes the user both can adopt the verification process based on access point apparatus to carry out authentication, as the 802.1x authentication, can adopt the verification process based on access control equipment to carry out authentication again, authenticates as WEB.
Specific implementation process of the present invention such as Fig. 2, shown in Figure 3:
Step 1: the user gets access to corresponding IP address by DHCP (DHCP) process of standard from access control equipment.At this moment, access point apparatus allows the DHCP agreement uncontrolled port that flows away, and therefore can the DHCP protocol streams pass through access point apparatus;
If manual configuration IP address user is then omitted step 1;
After the user obtains corresponding IP address, just can select authentication mode as required, promptly can select authentication mode based on access point apparatus, also can select authentication mode based on access control equipment, if the user has selected the WEB authentication mode based on access control equipment, then can carry out the authentication of user access network by execution in step 2 to step 14, as shown in Figure 2:
Step 2: the user selects the WEB authentication, and this moment, the user opened IE, visited certain website, and the user initiates HTTP (HTML (Hypertext Markup Language)) request by send " HTTP Request user-url " message to access control equipment;
Access point apparatus allows the HTTP/HTTPs of the WEB authentication uncontrolled port that flows away, so HTTP/HTTPs stream can pass through access point apparatus; If allow forced portal/compulsory portal (inlet), this moment the user capture website may be any IP address, therefore at this moment should allow all HTTP/HTTPs stream to pass through; If do not allow forced portal/compulsory portal, pass through access point apparatus with regard to the HTTP/HTTPs stream that only allows to specify Portal server to carry out the WEB authentication; Especially, before HTTP request, may also have DNS (domain name service) message interaction, should allow this moment appointment or arbitrarily URL (unified resource location, just we the WWW network address often said) DNS ask to pass through;
Step 3: access control equipment is intercepted and captured user's HTTP request, because the user did not authenticate, just is forced to Portal server, promptly sends " HTTP Requestportal-url " message to the forced portal/compulsory portal server, the corresponding authentication of the request WEB page;
Step 4:Portal server by sending " HTTP Responseportal-url " message, pushes WEB certification page to user terminal according to the message of receiving;
Step 5: the user inserts information such as user name, password on the WEB certification page, be submitted to Portal server, and promptly the user sends " HTTPs POST portal-url " message to Portal server, carries user name username and password pwd in the message;
Step 6:Portal server receives user profile, must be according to CHAP (challenge-handshake authentication protocol) flow process, to access control equipment request Challenge;
Step 7: access control equipment comprises ChallengeID (challenge code sign) and Challenge, and will return to the user for this user generates a Challenge;
Step 8:Porta server is submitted to access control equipment by " REQAUTH " message together with Challenge-Password (challenge code password) and the user name that password and Challenge ID and Challenge do behind the MD5 algorithm, initiates verification process;
Step 9: access control equipment sends to RADIUS (long-range) certificate server with Challenge ID (being chaID), Challenge, Challenge-Password (being Pwd) and user name user profile such as (being usemame) by " Access-Request " message, is authenticated by the RADIUS authentication server;
Step 10:RADIUS certificate server judges according to above-mentioned user profile whether this user is legal, then authentication success/failure " Access-Accept/Access-Reject " message is sent to access control equipment; If consultation parameter is carried in success, and user's related service attribute is given subscriber authorisation;
Step 11: access control equipment sends to Portal server by sending " ACK AUTH " message with authentication result, also comprises the related service attribute, the business of opening as the user, user's bill situation etc.;
Step 12:Portal server sends " HTTP Responseportal-url " message according to authentication result to the user, carries out the propelling movement of the authentication result page;
Step 13: simultaneously, Portal server is also received the authentication result message by sending " AFF ACK AUTH " message response access control equipment;
Step 14: after the authentification of user success, the notice access point apparatus is opened this user's controlled ports, and the user carries out corresponding network access by the controlled ports of opening; If authentification failure, then flow process leaves it at that, and notifies the user can't carry out access to netwoks.
For the user of authentication success, access control equipment also needs it is carried out flow processs such as follow-up mandate, charging.Owing to distributed the IP address, this moment, the user can directly use original IP address to carry out access to netwoks; If behind the authentication success, ISP (Internet Service Provider) requires the user to change the IP address, and then the user obtains the IP address by dhcp process again.
If the user has selected the 802.1x authentication mode based on access point apparatus, then can carry out the authentication of user access network by execution in step 15 to step 25, as shown in Figure 3:
Step 15: the user selects the 802.1x authentication, is example with EAP-MD5 (based on the Extensible Authentication Protocol of MD5), and the user sends " EAPoL-Start " message to access point apparatus, beginning 802.1x access authentication procedure;
Step 16: access point apparatus sends " EAP-Request/Identity " (identity request) message to the user, and the request user sends over user name;
Step 17: after the user receives the identity request message, respond " EAP-Response/Identity " message and give access point apparatus, user's user name is sent to access point apparatus;
Step 18: access point apparatus sends " Access-Request " (inserting request) message with the message format of EAP Over RADIUS (based on the EAP of radius protocol) to the RADIUS authentication server, include EAP-Message (EAP authentication information), " EAP-Response/Identity " (response of EAP authenticating identity) message that the user issues access point apparatus in the message, submit user name to the RADIUS authentication server;
Step 19: access point apparatus produces the Challenge of a 128bit for this user, " Access-Challenge " (access challenge code) of RADIUS authentication server response access point apparatus message, include EAP-Message and " EAP-Request/MD5-Challenge " message, " EAP-Request/MD5-Challenge " message need send to the Challenge of user's correspondence in the access point apparatus;
Step 20: access point apparatus sends " EAP-Request/MD5-Challenge " message to the user, and the request user adopts the MD5 algorithm to handle to Challenge;
Step 21: after the user receives " EAP-Request/MD5-Challenge " message, generate Challenge-Password (challenge code password) after Challenge done the MD5 algorithm, and send it to access point apparatus by " EAP-Response/MD5-Challenge " message;
Step 22: access point apparatus is delivered to the RADIUS authentication server with Challenge-Password, EAP-Message and EAP-Response by " Access-Request " message again, by the RADIUS authentication server user is authenticated, the RADIUS authentication server judges according to user profile whether the user can be by authentication;
Step 23:RADIUS certificate server sends authentication success or authentification failure message to access point apparatus; If consultation parameter is carried in authentification of user success in the message, as authorization message etc., and user's related service attribute, as prepayment information, the business opened etc.;
If authentication success also needs to notify access point apparatus to open controlled ports, the user can carry out corresponding network access by the controlled ports of opening;
Step 24: access point apparatus sends " EAP-Success/EAP-Failure " (authentication success or authentification failure) message according to authentication result to the user, notice authentification of user result; If authentification failure, then flow process finishes;
Step 25: owing to distributed the IP address, this moment, the user can directly use original IP address to carry out access to netwoks;
If behind the authentication success, ISP (Internet Service Provider) requires the user to change the IP address, and then the user obtains the IP address by dhcp process again;
After the user obtains corresponding IP address and access network, also need to carry out flow processs such as follow-up mandate, charging.
Because the 802.1x authentication information all passes through access control equipment on the access point apparatus, access control equipment can be intercepted the authentication information that access point apparatus is initiated, such as the radius protocol message, therefrom obtain user authentication information, thereby conveniently on access control equipment, the user is managed control.
Claims (8)
1, a kind of method of supporting simultaneously based on the distinct device network access authentication, it is characterized in that: in the network of employing based on the authentication mode of access point apparatus, to transmit between user and access control equipment through the uncontrolled port of access point apparatus based on the message identifying of the authentication mode of access control equipment, carry out the authentication of user access network; And the user opens the controlled ports of access point apparatus by after authenticating.
2, the method for supporting simultaneously based on the distinct device network access authentication according to claim 1 is characterized in that the user also comprises before authenticating: be user's distributing IP (the Internet) address by dhcp process.
3, the method for supporting simultaneously based on the distinct device network access authentication according to claim 1, when it is characterized in that described authentication mode based on access control equipment is WEB (World Wide Web) authentication mode, described message identifying comprises: based on the message of DHCP (DHCP) with based on the message of HTTP (HTML (Hypertext Markup Language)), and DNS (domain name service) message.
4, the method for supporting simultaneously based on the distinct device network access authentication according to claim 1 and 2, when it is characterized in that described authentication mode based on access point apparatus is the 802.1x authentication mode, concrete verification process comprises:
A, user send authentication beginning message to access point apparatus, and the user identity request message of sending according to access point apparatus, and user's identity information is sent to access point apparatus;
B, access point apparatus send to certificate server with user's identity information, and return to access point apparatus by certificate server for it generates a CHALLENGE (challenge code);
C, access point apparatus send to the user with this CHALLENGE, adopt the md5 encryption algorithm that it is encrypted by the user, and the CHALLENGE after the encryption sends to certificate server by access point apparatus;
D, certificate server receive the CHALLENGE after encrypting, and it is authenticated;
E, authentication result is sent to the user by access point apparatus.
5, the method for supporting simultaneously based on the distinct device network access authentication according to claim 4, it is characterized in that for having distributed the IP address user by dhcp process before the authentication, described step e also comprises: the user who passes through for authentication, change the IP address if desired, then distribute new IP address by dhcp process for it again.
6, the method for supporting simultaneously based on the distinct device network access authentication according to claim 1 and 2 is characterized in that described its verification process in access control equipment comprises:
F, user send to access control equipment with the uncontrolled port of HTTP request message by access point apparatus, and are forced to Portal server;
The user's that g, Portal server obtain authentication information, and by the CHALLENGE of access control equipment for this user's generation;
H, Portal server send to access control equipment with user identity after CHALLENGE is utilized the md5 encryption algorithm for encryption;
I, access control equipment send to the RADIUS authentication server with above-mentioned information and carry out authentification of user;
G, authentication result is sent to access control equipment by Portal server, for the user that authentication is passed through, the notice access point apparatus is opened the controlled ports of this user's correspondence.
7, the method for supporting simultaneously based on the distinct device network access authentication according to claim 6, it is characterized in that described step f also comprises: the user carries out the transmission of DHCP message by the uncontrolled port of access point apparatus between user and access control equipment, thinks user's distributing IP address.
8, the method for supporting simultaneously based on the distinct device network access authentication according to claim 7, it is characterized in that described step g also comprises: the user who passes through for authentication, if desired for it distributes new IP address, be its distributing IP address again then by dhcp process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021456372A CN1142662C (en) | 2002-10-16 | 2002-10-16 | Authentication method for supporting network switching in based on different devices at same time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021456372A CN1142662C (en) | 2002-10-16 | 2002-10-16 | Authentication method for supporting network switching in based on different devices at same time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1416241A true CN1416241A (en) | 2003-05-07 |
| CN1142662C CN1142662C (en) | 2004-03-17 |
Family
ID=4750952
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021456372A Expired - Fee Related CN1142662C (en) | 2002-10-16 | 2002-10-16 | Authentication method for supporting network switching in based on different devices at same time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1142662C (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005076532A1 (en) * | 2004-02-02 | 2005-08-18 | Huawei Technologies Co., Ltd. | The interactive method for re-selecting the operation network by the wireless area network wlan user terminal |
| WO2006125359A1 (en) * | 2005-05-27 | 2006-11-30 | Huawei Technologies Co., Ltd. | A method for implementing the access domain security of an ip multimedia subsystem |
| CN100438446C (en) * | 2006-07-25 | 2008-11-26 | 杭州华三通信技术有限公司 | Switch-in control equipment, Switch-in control system and switch-in control method |
| CN1655504B (en) * | 2005-02-21 | 2010-05-05 | 西安西电捷通无线网络通信有限公司 | Port-based homologue access controlling method |
| CN1652535B (en) * | 2004-02-03 | 2010-06-23 | 华为技术有限公司 | Method for managing network layer address |
| CN101925065A (en) * | 2010-08-05 | 2010-12-22 | 北京星网锐捷网络技术有限公司 | Authentication method, device, system and wireless access point |
| CN102065067A (en) * | 2009-11-11 | 2011-05-18 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
| CN1551576B (en) * | 2003-05-08 | 2011-06-15 | 日本电气株式会社 | Accessing control device and accessing control method |
| CN1957561B (en) * | 2004-03-03 | 2012-03-21 | 法国电讯公司 | Method and system of accreditation for a client enabling access to a virtual network for access to services |
| CN101299694B (en) * | 2007-04-30 | 2012-04-25 | 华为技术有限公司 | Method and system for managing caller in household network, household gateway |
| CN102740298A (en) * | 2012-07-20 | 2012-10-17 | 北京傲天动联技术有限公司 | Hybrid authentication method and wireless access controller |
| US8335487B2 (en) | 2005-04-30 | 2012-12-18 | Huawei Technologies Co., Ltd. | Method for authenticating user terminal in IP multimedia sub-system |
| CN102917354A (en) * | 2011-08-03 | 2013-02-06 | 中兴通讯股份有限公司 | Access method and system as well as mobile intelligent access point |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
| CN104113418A (en) * | 2014-07-15 | 2014-10-22 | 浪潮通用软件有限公司 | Rule-configuration-based compound identity authentication method in ERP (enterprise resource planning) system |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN107690140A (en) * | 2016-08-04 | 2018-02-13 | 深圳市信锐网科技术有限公司 | WAP authentication method, apparatus and system |
-
2002
- 2002-10-16 CN CNB021456372A patent/CN1142662C/en not_active Expired - Fee Related
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1551576B (en) * | 2003-05-08 | 2011-06-15 | 日本电气株式会社 | Accessing control device and accessing control method |
| WO2005076532A1 (en) * | 2004-02-02 | 2005-08-18 | Huawei Technologies Co., Ltd. | The interactive method for re-selecting the operation network by the wireless area network wlan user terminal |
| US7904087B2 (en) | 2004-02-02 | 2011-03-08 | Huawei Technologies Co., Ltd. | Method and system for WLAN user equipment accessing new operation network |
| CN1652535B (en) * | 2004-02-03 | 2010-06-23 | 华为技术有限公司 | Method for managing network layer address |
| CN1957561B (en) * | 2004-03-03 | 2012-03-21 | 法国电讯公司 | Method and system of accreditation for a client enabling access to a virtual network for access to services |
| CN1655504B (en) * | 2005-02-21 | 2010-05-05 | 西安西电捷通无线网络通信有限公司 | Port-based homologue access controlling method |
| US8176325B2 (en) | 2005-02-21 | 2012-05-08 | China Iwncomm Co., Ltd. | Peer-to-peer access control method based on ports |
| US8335487B2 (en) | 2005-04-30 | 2012-12-18 | Huawei Technologies Co., Ltd. | Method for authenticating user terminal in IP multimedia sub-system |
| CN100461942C (en) * | 2005-05-27 | 2009-02-11 | 华为技术有限公司 | Method for selecting safety mechanism of IP multimedia subsystem acess field |
| WO2006125359A1 (en) * | 2005-05-27 | 2006-11-30 | Huawei Technologies Co., Ltd. | A method for implementing the access domain security of an ip multimedia subsystem |
| CN100438446C (en) * | 2006-07-25 | 2008-11-26 | 杭州华三通信技术有限公司 | Switch-in control equipment, Switch-in control system and switch-in control method |
| CN101299694B (en) * | 2007-04-30 | 2012-04-25 | 华为技术有限公司 | Method and system for managing caller in household network, household gateway |
| CN102065067A (en) * | 2009-11-11 | 2011-05-18 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
| CN102065067B (en) * | 2009-11-11 | 2014-06-25 | 杭州华三通信技术有限公司 | Method and device for preventing replay attack between portal server and client |
| CN101925065A (en) * | 2010-08-05 | 2010-12-22 | 北京星网锐捷网络技术有限公司 | Authentication method, device, system and wireless access point |
| CN102917354A (en) * | 2011-08-03 | 2013-02-06 | 中兴通讯股份有限公司 | Access method and system as well as mobile intelligent access point |
| CN102917354B (en) * | 2011-08-03 | 2018-04-13 | 中兴通讯股份有限公司 | A kind of cut-in method, system and intelligent movable access point |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
| CN103297968B (en) * | 2012-03-02 | 2017-12-29 | 华为技术有限公司 | A kind of method, equipment and the system of wireless terminal certification |
| CN102740298A (en) * | 2012-07-20 | 2012-10-17 | 北京傲天动联技术有限公司 | Hybrid authentication method and wireless access controller |
| CN102740298B (en) * | 2012-07-20 | 2016-02-24 | 北京华信傲天网络技术有限公司 | Hybrid authentication method and Radio Access Controller |
| CN104113418A (en) * | 2014-07-15 | 2014-10-22 | 浪潮通用软件有限公司 | Rule-configuration-based compound identity authentication method in ERP (enterprise resource planning) system |
| CN107690140A (en) * | 2016-08-04 | 2018-02-13 | 深圳市信锐网科技术有限公司 | WAP authentication method, apparatus and system |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1142662C (en) | 2004-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1142662C (en) | Authentication method for supporting network switching in based on different devices at same time | |
| US8635444B2 (en) | System and method for distributing keys in a wireless network | |
| CN1186906C (en) | Wireless LAN safety connecting-in control method | |
| EP2051432A1 (en) | An authentication method, system, supplicant and authenticator | |
| US20090064291A1 (en) | System and method for relaying authentication at network attachment | |
| WO2004015958A2 (en) | Fine grained access control for wireless networks | |
| CN1444386A (en) | Safe inserting method of wide-band wireless IP system mobile terminal | |
| US20090113522A1 (en) | Method for Translating an Authentication Protocol | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| CN1874226A (en) | Terminal access method and system | |
| CN1243434C (en) | Method for implementing EAP authentication in remote authentication based network | |
| CN101064605A (en) | AAA framework of multi-host network and authentication method | |
| CN1725687A (en) | Security identification method | |
| CN1266910C (en) | A method choosing 802.1X authentication mode | |
| CN102271120A (en) | Trusted network access authentication method capable of enhancing security | |
| CN101047502A (en) | Network authorization method | |
| CN1503525A (en) | IP network system for realizing safety verification and method thereof | |
| CN1527557A (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN1235382C (en) | A client authentication method based on 802.1X protocol | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN101272297B (en) | EAP authentication method of WiMAX network user | |
| CN1798024A (en) | Method and device for implementing multicast authentication and fee charging | |
| CN1266889C (en) | Method for management of network access equipment based on 802.1X protocol | |
| CN1297104C (en) | Method for realizing port based identification and transmission layer based identification compatibility | |
| CN1265579C (en) | Method for network access user authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20040317 Termination date: 20201016 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |