CN101369893B - Method for local area network access authentication of casual user - Google Patents
Method for local area network access authentication of casual user Download PDFInfo
- Publication number
- CN101369893B CN101369893B CN2008101575301A CN200810157530A CN101369893B CN 101369893 B CN101369893 B CN 101369893B CN 2008101575301 A CN2008101575301 A CN 2008101575301A CN 200810157530 A CN200810157530 A CN 200810157530A CN 101369893 B CN101369893 B CN 101369893B
- Authority
- CN
- China
- Prior art keywords
- user
- casual
- casual user
- authentication
- client computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a method for implementing a user access authentication in a local area network, especially to a method for implementing a casual user access authentication in a public local area network. Firstly an internal user applies a casual user name and a key for the casual user through the authentication of a authentication server, the authentication server dynamically generates the casual user name and the key, then the casual user name and the key are stored in a user list of the authentication server, simultaneously the casual user name and the key are transmitted to a mobile phone of the internal user, the casual user uses the casual user name and the key for access authentication, and visits the authorized network resource after the authentication of the authentication server. The method of the invention adopts a double-factor and strong authentication system, the internal user is authenticated once, and the casual user is authenticated twice. The method can greatly improves the system safety, the casual user name and the key are all dynamically generated which are not easy to steal with high safety, and the management process for the casual user is simple and standard.
Description
Technical field:
The present invention relates to a kind of access authentication method of in LAN, realizing the user, especially a kind of method of in the public local area networks network, the casual user being carried out access authentication.
Background technology:
In general, for obtaining the visit to certain service, need the input username and password, insert in the WEB authentication techniques scheme at existing public network, the mode of taking to import fixed-line subscriber name and fixed password authenticates more.General process is as follows, and the casual user proposes to insert application, and the network management personnel adds username and password in certificate server, and this casual user uses this username and password to carry out network access authentication, authentication by after be the accessible services project.There is following shortcoming in this certificate scheme: the first, and the use that is stolen easily of fixed-line subscriber name and fixed password, poor stability; The second, it is fast that public network inserts district's flow of personnel, for user's management process complexity, is unfavorable for management and network access authentication.
Summary of the invention:
The invention provides a kind of method of the casual user being carried out the LAN access authentication, it adopts internal user to assist the casual user to carry out access authentication, casual user's identity information dynamically generates, be difficult for stealing, safe, management process simple specification to the casual user has solved problems of the prior art.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be: a kind of method that the casual user is carried out the LAN access authentication comprises the steps:
By physics mode client computer is connected to LAN, switch is that client computer is distributed temporary ip address by Dynamic Host Configuration Protocol;
The site address that input will be visited in the browser address bar of client computer, client computer links according to this visit site address;
In the link process, switch is directed to Portal server with visit, on client computer, send certification page, internal user is imported the username and password of internal user on the page, and selection application casual user's function choosing-item, client computer sends above-mentioned internal user identity and application information through switch to authentication server by procotol;
After authentication server is received the identity and application information of internal user, at first the identity information with the internal user of this internal user identity information and its storage compares checking, checking by after begin to handle casual user's application, generate a temporary user name and interim password, and this temporary user name and interim password sent to certificate server, and store in the corresponding user list, by communication network send to the mobile phone of internal user on according to the notice number of setting this temporary user name and interim password simultaneously; If authentication failed, then authentication server sends authentication failed information by switch to client computer;
Temporary user name and interim password that the casual user sends authentication server are input in the certification page, login, and client computer sends to this casual user's identity information on the certificate server by switch;
After certificate server is received casual user's identity information, this casual user's identity information and the casual user's identity information in its user list are compared checking, checking sends authentication success message by switch to client computer by the back certificate server, switch distributes implicit IP address for the casual user simultaneously, and this casual user is addressable corresponding internal network resource; If authentication failed, then certificate server sends authentication failed information by switch to client computer.
According to predetermined casual user's expiration policy, after preset time interval or login times, deletion casual user's identity information forbids that it re-uses in the user list of certificate server.
The present invention allows the at first authentication by authentication server of internal user, apply for temporary user name and password for the casual user then, this temporary user name and password dynamically generate, store into then in the user list in the certificate server, send on the mobile phone of internal user by short message mode simultaneously, the casual user uses this temporary user name and password to carry out access authentication, Internet resources by the certificate server authentication addressable mandate in rear, the present invention takes dual factors strong identity authentication system, casual user's access authentication needs the assistance of internal user, take internal user once to authenticate, the mode of casual user's re-authentication, the fail safe that can improve system greatly, temporary user name and password dynamically generate, be difficult for stealing, safe, to casual user's management process simple specification.
Description of drawings:
Fig. 1 is the system configuration connection diagram of the method for the invention.
Fig. 2 is the signaling process figure of the method for the invention.
Embodiment:
For clearly demonstrating the technical characterstic of this programme, below by embodiment, and in conjunction with its accompanying drawing, the present invention will be described in detail.
As shown in Figure 1, be the system configuration connection diagram of authentication method of the present invention.The computer of client is connected with the switch of built-in Portal server, switch is connected with certificate server with authentication server respectively, authentication server is connected with certificate server, and the information transmitting unit in the authentication server is carried out communication by the mobile phone of communication network and internal user.Described certificate server is the Radius server, also can be any certificate server.The described Portal server that is built in the switch also can adopt the WEB server.
In signaling process figure shown in Figure 2, shown a kind of implementation according to the method for the invention.By physics mode client computer is connected to LAN, switch distributes temporary ip address (step 1) by Dynamic Host Configuration Protocol (DHCP) for client computer; The site address (Web address) that input will be visited in the browser address bar of client computer, client computer links (step 2) according to this visit site address; In the link process, switch is directed to Portal server with visit, sends the authentification of user page (step 3) on client computer; Internal user is imported the username and password of internal user on the page, and selects application casual user's function, and client computer sends to switch (step 4) by procotol with internal user identity and application information; Switch sends checking request (step 5) to authentication server; After authentication server is received the identity and application information of internal user, at first the identity information with the internal user of this internal user identity information and its storage compares checking, checking by after begin to handle casual user's application, generate a temporary user name and interim password, and this temporary user name and interim password sent to certificate server, and store (step 6) in the corresponding user list into; The simultaneous verification server sends to according to the notice number of setting this temporary user name and interim password (step 7) on the mobile phone of internal user by communication network; Temporary user name and interim password that the casual user sends authentication server are input in the certification page, select login, and client computer sends to switch (step 8) with this casual user's identity information; Switch sends authentication request (step 9) to certificate server; After certificate server is received casual user's identity information, this casual user's identity information and the casual user's identity information in its user list are compared checking, checking sends to switch (step 10) by the back certificate server with authentication success message, switch sends the authentication success page to client computer, and be simultaneously casual user's assigns authorized IP address (step 11), this moment casual user's corresponding internal network resource that can conduct interviews.At last, according to predetermined casual user's expiration policy, after preset time interval or login times, with the identity information deletion of casual user in the user list of certificate server, forbid that it re-uses, to improve the fail safe of access authentication.
The present invention does not describe part in detail, is those skilled in the art of the present technique's known technology.
Claims (1)
1. the method that the casual user is carried out the LAN access authentication is characterized in that: comprise the steps:
By physics mode client computer is connected to LAN, switch is that client computer is distributed temporary ip address by Dynamic Host Configuration Protocol;
The site address that input will be visited in the browser address bar of client computer, client computer links according to this visit site address;
In the link process, switch is directed to Portal server with visit, on client computer, send certification page, internal user is imported the username and password of internal user on the page, and selection application casual user's function choosing-item, client computer sends the identity and the application information of above-mentioned internal user to authentication server through switch by procotol;
After authentication server is received the identity and application information of internal user, at first the identity information with the internal user of this internal user identity information and its storage compares checking, checking by after begin to handle casual user's application, generate a temporary user name and interim password, and this temporary user name and interim password sent to certificate server, and store in the corresponding user list, by communication network send to the mobile phone of internal user on according to the notice number of setting this temporary user name and interim password simultaneously; If authentication failed, then authentication server sends authentication failed information by switch to client computer;
Temporary user name and interim password that the casual user sends authentication server are input in the certification page, login, and client computer sends to this casual user's identity information on the certificate server by switch;
After certificate server is received casual user's identity information, this casual user's identity information and the casual user's identity information in its user list are compared checking, checking sends authentication success message by switch to client computer by the back certificate server, switch distributes implicit IP address for the casual user simultaneously, and this casual user is addressable corresponding internal network resource; If authentication failed, then certificate server sends authentication failed information by switch to client computer;
According to predetermined casual user's expiration policy, after preset time interval or login times, deletion casual user's identity information forbids that it re-uses in the user list of certificate server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101575301A CN101369893B (en) | 2008-10-06 | 2008-10-06 | Method for local area network access authentication of casual user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101575301A CN101369893B (en) | 2008-10-06 | 2008-10-06 | Method for local area network access authentication of casual user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101369893A CN101369893A (en) | 2009-02-18 |
| CN101369893B true CN101369893B (en) | 2010-08-18 |
Family
ID=40413543
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101575301A Active CN101369893B (en) | 2008-10-06 | 2008-10-06 | Method for local area network access authentication of casual user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101369893B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486362A (en) * | 2014-12-31 | 2015-04-01 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Obtaining method and system for WiFi access point description information |
Families Citing this family (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662771B (en) * | 2009-10-14 | 2011-12-21 | 中国电信股份有限公司 | Method for realizing automatic certification of wireless access short message and system thereof |
| CN102131197B (en) * | 2010-01-20 | 2015-09-16 | 中兴通讯股份有限公司 | A kind of method and system of access network on common equipment |
| CN102130975A (en) * | 2010-01-20 | 2011-07-20 | 中兴通讯股份有限公司 | Method and system for accessing network on public equipment by using identifier |
| CN101873593A (en) * | 2010-06-21 | 2010-10-27 | 江苏鸿信***集成有限公司 | Android-based Wifi wireless dial system and method |
| CN102651739B (en) * | 2011-02-28 | 2016-01-13 | 阿里巴巴集团控股有限公司 | Login validation method, system and IM server |
| CN102752746B (en) * | 2011-04-21 | 2018-01-19 | 中兴通讯股份有限公司 | A kind of authentication notification method and system |
| CN102420819B (en) | 2011-11-28 | 2014-11-05 | 华为技术有限公司 | User registering method, interaction method and associated device |
| CN103379108B (en) * | 2012-04-28 | 2016-06-08 | 中国邮政储蓄银行股份有限公司 | A kind of flexible safe central authentication method |
| CN102769629B (en) * | 2012-07-27 | 2016-03-02 | 汉柏科技有限公司 | Client-side password storage method and service system |
| CN102843357B (en) * | 2012-07-30 | 2016-11-16 | 北京网蜜在线网络有限公司 | Access the method for network, application server and system |
| CN102821110B (en) * | 2012-09-06 | 2016-02-24 | 深圳英飞拓科技股份有限公司 | A kind of password method for retrieving for audio/video storage device |
| CN102916946B (en) * | 2012-09-29 | 2015-08-19 | 李勇奇 | Connection control method and system |
| CN102970674B (en) * | 2012-11-01 | 2016-01-20 | 中兴通讯股份有限公司 | NFC is utilized to realize the method and system of provisional dynamic authorization |
| CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
| CN102932219B (en) * | 2012-11-22 | 2016-03-09 | 青岛海信宽带多媒体技术有限公司 | The method of dynamic group net facility registration and cancellation |
| CN102916982A (en) * | 2012-11-22 | 2013-02-06 | 青岛海信宽带多媒体技术有限公司 | Network equipment identity authentication method |
| CN102946434A (en) * | 2012-11-23 | 2013-02-27 | 广东宜通世纪科技股份有限公司 | Communication method of wireless local area network (WLAN) |
| CN102984252B (en) * | 2012-11-26 | 2015-04-08 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| EP2747339A1 (en) * | 2012-12-20 | 2014-06-25 | Alcatel Lucent | Method for supporting data-communication, a related system and related devices |
| CN103116721B (en) * | 2013-02-05 | 2015-09-02 | 中标软件有限公司 | A kind of method and module thereof realizing Koji certification |
| CN103647695A (en) * | 2013-10-31 | 2014-03-19 | 北京奇虎科技有限公司 | Client application program user registration method, mobile terminal and server |
| CN103780394B (en) * | 2014-01-23 | 2017-11-10 | 北京邮电大学 | A kind of access authentication and certificate scheme suitable for satellite data acquisition system |
| CN105101191B (en) * | 2014-05-23 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | The method and device of wlan security mechanism setting |
| CN104156808A (en) * | 2014-08-01 | 2014-11-19 | 杨晓怡 | Financial regulation method with image processing capability |
| CN104837182B (en) * | 2015-06-01 | 2018-06-01 | 联想(北京)有限公司 | Connection control method, control method, access control apparatus and control device |
| CN107924434A (en) * | 2015-08-19 | 2018-04-17 | 沈爰仪 | Talked with only one, registration on demand voucher verifies the system and method for user's access safety network |
| CN106506439A (en) * | 2015-11-30 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of method and apparatus of certification accessing terminal to network |
| CN105657660B (en) * | 2016-02-04 | 2019-02-15 | 中国联合网络通信集团有限公司 | Cut-in method, inspection terminal, server and the base station of base station patrol checking terminal |
| KR102035312B1 (en) * | 2016-04-25 | 2019-11-08 | (주)이스톰 | User centric authentication mehtod and system |
| CN107872445B (en) * | 2016-09-28 | 2021-01-29 | 华为技术有限公司 | Access authentication method, device and authentication system |
| CN106713263B (en) * | 2016-11-18 | 2018-07-13 | 上海红阵信息科技有限公司 | The system and method for the on-demand dynamic authentication connection of user in LAN |
| CN108616885A (en) * | 2016-12-06 | 2018-10-02 | 中兴通讯股份有限公司 | a kind of authentication method and device |
| CN107480495B (en) * | 2017-07-24 | 2020-12-01 | Oppo广东移动通信有限公司 | Unlocking method of mobile terminal and related product |
| CN107196977B (en) * | 2017-07-28 | 2020-11-03 | 杭州聪普智能科技有限公司 | Safety maintenance method for smart home |
| CN107623701B (en) * | 2017-10-31 | 2020-07-14 | 江苏神州信源***工程有限公司 | Fast safety authentication method and device based on 802.1X |
| CN107896224A (en) * | 2017-12-04 | 2018-04-10 | 宁波升维信息技术有限公司 | A kind of Web information issuance method based on dual link safety check |
| CN109547412B (en) * | 2018-10-23 | 2022-05-27 | 平安科技(深圳)有限公司 | Two-factor authentication method, device, system, electronic equipment and storage medium |
| CN112989310B (en) * | 2021-04-02 | 2024-04-19 | 深圳市腾讯信息技术有限公司 | Information processing method, computer equipment and readable storage medium |
| CN113163401B (en) * | 2021-04-30 | 2022-08-19 | 中国银行股份有限公司 | Bank business handling method and device, electronic equipment and computer storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1426200A (en) * | 2002-11-06 | 2003-06-25 | 西安西电捷通无线网络通信有限公司 | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link |
| CN1567859A (en) * | 2003-06-23 | 2005-01-19 | 华为技术有限公司 | A method of access authentication for WLAN |
| CN1604549A (en) * | 2003-09-30 | 2005-04-06 | 华为技术有限公司 | Method for acquiring WLAN accessing one-time password |
| CN1607765A (en) * | 2003-10-13 | 2005-04-20 | 华为技术有限公司 | Method for distributing one time ciphers for access networks |
-
2008
- 2008-10-06 CN CN2008101575301A patent/CN101369893B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1426200A (en) * | 2002-11-06 | 2003-06-25 | 西安西电捷通无线网络通信有限公司 | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link |
| CN1567859A (en) * | 2003-06-23 | 2005-01-19 | 华为技术有限公司 | A method of access authentication for WLAN |
| CN1604549A (en) * | 2003-09-30 | 2005-04-06 | 华为技术有限公司 | Method for acquiring WLAN accessing one-time password |
| CN1607765A (en) * | 2003-10-13 | 2005-04-20 | 华为技术有限公司 | Method for distributing one time ciphers for access networks |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486362A (en) * | 2014-12-31 | 2015-04-01 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Obtaining method and system for WiFi access point description information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101369893A (en) | 2009-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101369893B (en) | Method for local area network access authentication of casual user | |
| US10972478B2 (en) | Data processing method and apparatus, terminal, and access point computer | |
| JP6612358B2 (en) | Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point | |
| CN101163000B (en) | Secondary authentication method and system | |
| US20080160959A1 (en) | Method for Roaming User to Establish Security Association With Visited Network Application Server | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN103888265A (en) | Login system and method based on mobile terminal | |
| CN101986598B (en) | Authentication method, server and system | |
| CN101695022B (en) | Management method and device for service quality | |
| CN105027529A (en) | Method and device for secure network access | |
| WO2015089996A1 (en) | Security authentication method and authorization authentication server | |
| CN101426190A (en) | Service access authentication method and system | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN106534050A (en) | Method and device for realizing key agreement of virtual private network (VPN) | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN101867588A (en) | Access control system based on 802.1x | |
| CN102255904A (en) | Communication network and terminal authentication method thereof | |
| CN105451225B (en) | Access authentication method and access authentication equipment | |
| CN105812218A (en) | Method for realizing multi-VPN-protocol application access, middleware and mobile terminal | |
| CN102694779B (en) | Combination attestation system and authentication method | |
| CN102075567B (en) | Authentication method, client, server, feedthrough server and authentication system | |
| CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server | |
| CN104038482B (en) | The method and apparatus of multi-line routing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |