CN101582769A - Authority setting method of user access network and equipment - Google Patents
Authority setting method of user access network and equipment Download PDFInfo
- Publication number
- CN101582769A CN101582769A CNA2009101487926A CN200910148792A CN101582769A CN 101582769 A CN101582769 A CN 101582769A CN A2009101487926 A CNA2009101487926 A CN A2009101487926A CN 200910148792 A CN200910148792 A CN 200910148792A CN 101582769 A CN101582769 A CN 101582769A
- Authority
- CN
- China
- Prior art keywords
- network
- network insertion
- user
- access
- user account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
- H04W12/64—Location-dependent; Proximity-dependent using geofenced areas
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an authority setting method of a user access network and equipment, which are applied to a network system comprising a network authentication server and a plurality of network access areas. The network authentication server stores access authority information of at least one user name in the plurality of network access areas respectively; when a user request is accessed, the user name and the position recognition information of the current network access area are provided, the corresponding resource access authority is obtained and network access is carried out. The invention realizes access authority allocation based on the actual access position of the user, can avoid that the access authority can not be controlled due to change of the access area, can adopt uniform access authority control for unfixed staff in all access areas, and adopts a single account number mode to access, thus providing convenience for use of users, improving network security of the network and simultaneously user experience.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of authority setting method of user access network and equipment.
Background technology
Along with constantly popularizing and development of network application, network security becomes the problem that each enterprise very payes attention to gradually.Wherein, how the user being carried out access control is vital problem, and allowing legal users to use network and it is carried out correct authentication, authorizes is the basic demand of the user being carried out network insertion control.Far-end is dialled in the service for checking credentials, and (Remote Access Dial In user Services, RADIUS) agreement is the standard agreement that the Control Network user inserts, based on client/server (Client/Server, C/S) pattern.The user must be earlier before access network through authentication, (AuthenticationAuthorization Accounting, the AAA) authentication of server guarantee to have only the validated user ability accesses network by authentication to authorize chargings.
On the basis of network ID authentication, (Network Admission Control, the NAC) proposition of technical scheme have proposed more strict safety requirements to the user terminal of access network in the network access control.Network access control scheme is an integrated scheme, and its basic element of character comprises third party's servers such as security client, safety interaction equipment, Security Policy Server and antivirus server, patch server.Each performs its own functions for each parts in the scheme, coordinated and each functional part of integration by the security strategy center, finishes security state evaluation, isolation and reparation to the network insertion terminal jointly, promotes the whole defence capability of network.
Personal computer (Personal Computer, PC) desktop computer and pocket computer and other equipment that can carry out network insertion are referred to as terminal, the client software of network access control application system all operates on each terminal, network access control scheme requires carry out the safety certification of terminal by the user of authentication, security strategy according to network manager customization is carried out safety inspection, and for example: virus base is the black and white lists, USB flash disk peripheral hardware operating position or the like of new situation, system mend installation situation, software more.According to the result who checks, network access control scheme is authorized the user network access and is controlled.Through safety certification, the user can normally use network, and meanwhile, network access control scheme can be audited and monitors user terminal ruuning situation and network operating position.
As shown in Figure 1, be the typical networking diagram of the technical scheme of a user access network.
Enterprise when introducing network insertion control technology scheme, often in each mechanism, department according to the different safety control strategy of relevant information security policy making etc.But, often exist network access authentication and control of authority problem to " roamer " (network access user moves to another position from a position, still can normally use network promptly to roam) along with the trans-departmental running development collaborative with office.
As shown in Figure 2, enterprise is owing to function is divided into different administrative regions, and each administrative region disposes different network security control strategies because of the needs of information security.In real work, often there is trans-departmental work exchange problem, for example among Fig. 2, certain employee of market department carries notebook computer and carries out work exchange to research and development department, and then there are the following problems for possibility:
Can't insert research and development department's network (the connecting system unauthorized inserts the research and development zone) if 1 this employee uses it to insert user name, then this employee can't use current Internet resources;
If 2 these employees can insert the research and development zone, and use the set network security control strategy in research and development district, the resource in addressable research and development zone then may cause the research and development leakage of information.
For solving roamer's access problem, enterprise often adopts the mode of " multiuser, multiple domain name " to distinguish the user and roams into the different zones of inserting.The user uses different user name or domain names to carry out network access authentication in different access zones, and the authentication access server is discerned different safety control strategies and authorized the user different access rights according to user name, domain name.For example " ABC " is the user name of access market portion network, and " ABC@research " (user name+domain name mode) is to insert the user name of research and development district network, and " ABC.bj " is the user name that inserts Beijing office.This user roams into different zones at every turn and all uses different user's access accounts to carry out network access authentication like this.
In realizing process of the present invention, the applicant finds that there is following problem at least in prior art:
1, the roamer need remember various access account, is linked into the switch operating that access account all will be carried out in different zones at every turn;
2, do not dispose access account and authority if the roamer inserts the zone at certain, need request webmaster personnel to distribute access account and access rights for it;
3, configuration of a large amount of Account Administration and access rights are distributed to the webmaster personnel and are brought the work that repeats in a large number;
4, can't the life cycle of account number be control effectively, for example certain labor turnover, though the account number of its department is also nullified simultaneously, its roaming account number still exists in the system, brings back door hidden danger to enterprise network;
5, each administrative region shortage is carried out unified management to roamer's secure access authority, unavoidable difference because of the configuration of secure access authority, and cause the addressable undelegated Internet resources of some roamer.
Summary of the invention
The invention provides a kind of authority setting method and equipment of user access network, make the user carry out network authentication and insert, and can distribute the corresponding network access authority according to this user's on-position by single account number.
For achieving the above object, one aspect of the present invention provides a kind of authority setting method of user access network, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each described network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in the described network system, the corresponding user name of described user account, described method comprises:
Described network authentication server is respectively each described network insertion zone and sets up at least a resource access authority;
Described network authentication server is provided with described user account pairing resource access authority in each described network insertion zone respectively;
The resource access authority of the user name that described network authentication server is preserved described user account in each network insertion zone and the correspondence relationship information of the position identification information in described network insertion zone.
Preferably, the position identification information in described network insertion zone is specially:
The IP address of the access device in described network insertion zone; Or,
The IP address of the user terminal in the described network insertion zone.
Preferably, if the position identification information in described network insertion zone is specially the IP address of the user terminal in the described network insertion zone, described method also comprises:
Described a plurality of network insertions zone is corresponding a plurality of IP address sections respectively;
The IP address of included user terminal is in the described network insertion area relative IP address section in the described network insertion zone.
Preferably, when user account request access resources, described method also comprises:
Described network authentication server receives the authentication request message of the position identification information in the user name that comprises described user account, password and described user account present located network insertion zone that described access device sends;
Described network authentication server authenticates the matching relationship of the username and password of described user account, and obtains user name pairing resource access authority in the pairing network insertion of the position identification information zone in described network insertion zone of described user account.
Preferably, described method also comprises:
If the matching relationship to the username and password of described user account carries out authentication success, described network authentication server sends the authenticate-acknowledge information of described user account to described access device, is described user account Resources allocation access rights;
If the matching relationship to the username and password of described user account carries out authentification failure, or described network authentication server obtains user name pairing resource access authority failure in the pairing network insertion of the position identification information zone in described network insertion zone of described user account, described network authentication server sends authentification failure message to described access device, refuses described user account and carries out resource access.
On the other hand, the present invention also provides a kind of network authentication server, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each described network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in the described network system, the corresponding user name of described user account comprises:
Module is set, is used to each described network insertion zone to set up at least a resource access authority, and described user account pairing resource access authority in each described network insertion zone is set respectively;
Memory module electrically connects with the described module that is provided with, and the user name that is used for storing described user account is in the correspondence relationship information of the position identification information in the resource access authority in each network insertion zone and described network insertion zone;
Communication module, electrically connect with described memory module, be used to receive the authentication request message of the position identification information in the user name that comprises described user account, password and described user account present located network insertion zone that described access device sends, and send the authenticate-acknowledge information or the authentification failure message of described user name to described access device according to authentication result, and under the situation of user name authentication success, send described user's resource access authority to access device;
Authentication module, electrically connect with described memory module and described communication module, be used for the access authority information of storing and described user name at the corresponding relation in network insertion zone, described user name is authenticated in described network insertion zone according to described memory module.
Preferably, the position identification information in the pairing user account present located of described user name network insertion zone is specially:
The IP address of the access device in described network insertion zone; Or,
The IP address of the user terminal in the described network insertion zone.
Preferably, if the position identification information in described network insertion zone is specially the IP address of the user terminal in the described network insertion zone, specifically also comprise:
Described a plurality of network insertions zone is corresponding a plurality of IP address sections respectively;
The IP address of at least one included user terminal is in the described network insertion area relative IP address section in the described network insertion zone.
Preferably, described authentication module is specially the authentication of user account in the network insertion zone:
If described authentication module carries out authentication success to the matching relationship of the username and password of user account, described network authentication server sends the authenticate-acknowledge information of described user account to described access device, and according to access authority information and described user name at the corresponding relation in network insertion zone, be described user account Resources allocation access rights;
If described authentication module carries out authentification failure to the matching relationship of the username and password of described user account, or described network authentication server obtains user name pairing resource access authority failure in the pairing network insertion of the position identification information zone in described network insertion zone of described user account, described network authentication server sends authentification failure message to described access device, refuses described user account and carries out resource access.
Compared with prior art, the present invention has the following advantages:
By the present invention, realized actual on-position based on the user right assignment that conducts interviews, can avoid that access rights are uncontrollable owing to insert the zone change, and can adopt unified access rights control for each on-fixed staff who inserts the zone, and the mode that single number of the account conducts interviews is also provided convenience for user's use, when improving internet security, improved user experience.
Description of drawings
Fig. 1 is the networking structure schematic diagram of network insertion control technology scheme of the prior art;
Fig. 2 is an enterprise of the prior art subregion networking structure schematic diagram;
Fig. 3 is the schematic flow sheet of the authority setting method of a kind of user access network provided by the invention;
Fig. 4 is a kind of schematic flow sheet that carries out purview certification according to the authority setting of user access network provided by the invention;
Fig. 5 is the classical group web frame schematic diagram of a kind of 802.1x authentication provided by the invention;
Fig. 6 is the schematic flow sheet of the RADIUS authentication process in a kind of classical group web frame that is applied to 802.1x authentication provided by the invention;
Fig. 7 is the structural representation of a kind of network authentication server provided by the invention.
Embodiment
As stated in the Background Art, existing network insertion controlling mechanism can't control effectively for the user's who roams between zones of different access rights on the one hand, increased the Internet resources potential safety hazard, on the other hand, can not carry out effective unified management to user's access authority information, increase the workload of network management, simultaneously, bring inconvenience also for the network resource accession of user between zones of different, influenced user experience.
So the present invention wishes by the regional extent of the actual access network of user user's access rights to be distinguished setting.
For achieving the above object, the invention provides a kind of authority setting method of user access network, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in this network system, the corresponding user name of this user account.
As shown in Figure 3, this method specifically may further comprise the steps:
Step S301, network authentication server are respectively each network insertion zone and set up at least a resource access authority.
By this step, can be as required, for the network insertion zone is provided with multi-level access rights rule, the resource access scope when different user accounts is carried out resource access is controlled.
Step S302, network authentication server are provided with user account pairing resource access authority in each network insertion zone respectively.
The resource access authority of same user name correspondence in different network insertion zones is set, realizes that same user account can carry out resource access by same user name in different network insertion zones.
These information can specifically be set according to the specific object or the access rule of user account.
The resource access authority of the user name that step S303, network authentication server preserve user account in each network insertion zone and the correspondence relationship information of the position identification information in network insertion zone.
Wherein, the position identification information in network insertion zone specifically comprises two kinds of situations:
The IP address of the access device in situation one, network insertion zone.
In this case, the access device in network insertion zone directly is used as in this network area unique recognizing and levies a little.
Network authentication server and to pay no attention to user account be to carry out resource access during which platform in this network insertion zone accesses terminal, therefore, when user account carries out resource access, only need inform that the network authentication server present located is which network insertion zone gets final product, and such effect can be realized in the IP address of the access device in this network insertion zone.
In the application scenarios of reality; above-mentioned access device typically refers to access-layer switch; and the position identification information in corresponding network insertion zone is except the IP address information of access-layer switch; can also comprise that the user asks the port information that inserts, such variation does not influence protection scope of the present invention.
This situation has more in the networking structure of present 802.1x authentication.
The IP address of the user terminal in situation two, the network insertion zone.
Be the positional information that to access terminal sign in this case as the network insertion zone, the prerequisite of She Zhiing is the corresponding relation that network authentication server stores the positional information that all accesses terminal and this residing network insertion zone that accesses terminal like this, perhaps, the positional information that accesses terminal (IP address) setting has certain rules, such as, each corresponding certain IP address range in network insertion zone, all IP addresses that access terminal in this network insertion zone, all go out with above-mentioned IP address range within.
In such cases, though be that the IP address that will access terminal is as position identification information, but, network authentication server just finds corresponding IP address range by the IP address that accesses terminal, thereby determine corresponding network insertion zone, therefore, similar with situation one, network authentication server and to pay no attention to user account be to carry out resource access during which platform in this network insertion zone accesses terminal, and just need the residing network insertion of consumer positioning account zone.
This situation has more in the networking structure of present Portal authentication.
Though the specifying information content of above-mentioned two kinds of situations is different, the purpose information of finally obtaining by above-mentioned information is consistent, therefore; in concrete application scenarios; as long as can realize the location in network insertion zone, specifically use above-mentioned the sort of information, do not influence protection scope of the present invention.
Simultaneously, above-mentioned access device and the IP address that accesses terminal are the preferred embodiments of the present invention, and other can reach the information content of constructed effect, also should belong to protection scope of the present invention.
After above-mentioned authority setting up procedure is finished, if the situation of resource access is carried out in the user account request, then at first be provided with this user account is carried out purview certification according to above-mentioned authority, this verification process specifically may further comprise the steps as shown in Figure 4:
The authentication request message of the position identification information in the user name that comprises user account, password and user account present located network insertion zone that step S401, network authentication server reception access device send.
Wherein, according to the particular content of the position identification information in network insertion zone, corresponding two kinds of above-mentioned situations are elaborated:
The IP address of the access device in situation one, user account present located network insertion zone.
In this case, the user is by request authentication in any user terminal of user name in certain network insertion zone of a user account, this asks pairing authentication request message all can be the unique identification that current network inserts the zone with the IP address of access device, inserts corresponding purview certification in the zone to network authentication server request user in current network.
The IP address of the user terminal that situation two, the pairing user of user name authenticate.
In this case, when if the user authenticates by any user terminal requests in certain network insertion zone, the IP address of in corresponding authentication request message, carrying this user terminal, because being in current networking, previous IP address set inserts in the area relative IP address section, so, when the authentication request message of the IP address that carries this user terminal sends to network authentication server, network authentication server can directly be determined its residing IP address section according to the IP address of user terminal, thereby determine corresponding network insertion zone, thereby finish the determining of user's regional location of living in, and and then determine corresponding access rights.
Step S402, network authentication server authenticate the matching relationship of the username and password of user account, and obtain user name pairing resource access authority in the pairing network insertion of the position identification information in network insertion zone zone of user account.
In this step, network authentication server is at first confirmed the matching relationship of username and password, judge whether this user name is legal, if this username and password is not corresponding, judge that promptly this user name is illegal, thereby, need not further to judge user's present located network insertion zone, and directly refuse the access request of this user name.Certainly, in concrete application scenarios, also authentication of user name legitimacy and purview certification can be carried out simultaneously, just, if user name legitimacy authentification failure even purview certification is finished, also no longer returns the result of purview certification.
On the contrary,, proceed subsequent step if this username and password correspondence judges that promptly this user name is legal, because the judgement of the matching relationship of username and password is not the emphasis that the present invention pays close attention to, therefore, explanation no longer separately.
In this step, network authentication server is clear and definite two dot informations:
1, whether user name is legal.
If illegal, then if the authentication request of direct refusing user's legal, then begin to carry out the identification in the residing network insertion of user zone or confirms that the identification in the residing network insertion of user zone is effective.
2, the identification in the residing network insertion of user zone.
Determine the network insertion zone that the user goes out by the IP address of above-mentioned access device or the residing IP address section in IP address of user terminal.
After above-mentioned two dot informations were clear and definite, network authentication server was directly determined the access authority information of this user name in this network insertion zone according to user name and network insertion area information.
Concrete access authority information is to be provided with in the flow process in aforesaid authority, in network authentication server, unify in advance to set by the keeper, for concrete user name, in a plurality of network insertions zone, can have different access rights respectively, for example: the user has not limited access rights in the network insertion zone under department own, the all Internet resources of visit that can be not limited, and have limited access rights in the network insertion zone under other departments, the user can only the access portion Internet resources, perhaps can not visit current Internet resources fully.
In concrete application scenarios, default authority definition can also be set, when the user name of user account is not set corresponding access rights in certain network insertion zone, when promptly the access rights of this user name in certain network insertion zone are default, network authentication server can be according to default authority definition, judge that this user name does not have the resource access authority in this network insertion zone, therefore, can not visit the Internet resources in the current network access zone.
Default authority definition like this is the consideration for Internet resources safety; certainly; in actual applications; also can set default authority definition is limited resource access authority; promptly can only the access portion Internet resources; these resources are open resources, can not endanger enterprise information security, and such variation belongs to protection scope of the present invention equally.
Accordingly, according to above-mentioned network authentication server the matching relationship of the username and password of user account is carried out authentication result, also there is corresponding difference in subsequent step, and is specific as follows:
If the matching relationship to the username and password of user account carries out authentication success, then execution in step S403;
If the matching relationship to the username and password of user account carries out authentification failure, then execution in step S404.
Step S403, network authentication server send the authenticate-acknowledge information of user account to access device, are user account Resources allocation access rights.
Step S404, network authentication server send authentification failure message to access device, and the refusing user's account is carried out resource access.
This step correspondence be the situation that the matching relationship of the username and password of user account carries out authentification failure; in the application scenarios of reality; the user name that network authentication server obtains user account pairing resource access authority failure in the pairing network insertion of the position identification information in network insertion zone zone also can cause the generation of this step; promptly can not find out the resource access authority information maybe can not look into the resource access authority information and then think purview certification failure; certainly; can handle according to above-mentioned default authority definition, such variation does not influence protection scope of the present invention yet.
By the present invention, realized actual on-position based on the user right assignment that conducts interviews, can avoid that access rights are uncontrollable owing to insert the zone change, and can adopt unified access rights control for each on-fixed staff who inserts the zone, and the mode that single number of the account conducts interviews is also provided convenience for user's use, when improving internet security, improved user experience.
By above-mentioned explanation as can be seen, the basic ideas of technical scheme proposed by the invention are as follows:
In each network insertion zone, distribute corresponding access rights according to the user property that inserts the user;
Network authentication server is discerned the corresponding access rights of this user according to user's present located network insertion zone, and distributes corresponding Internet resources for it.
In concrete enforcement scene; above-mentioned user property can be this user's a job function; each network insertion zone can be administrative region concrete in the enterprise; the concrete basis of characterization in network insertion zone can be the access device IP or the IP address that accesses terminal; certainly; according to the actual needs, corresponding variation also can take place in above-mentioned every content, and such variation belongs to protection scope of the present invention equally.
Set forth the realization thinking of technical scheme proposed by the invention below in conjunction with concrete enforcement scene.
Enterprise network realizes that the authentication access mainly contains 802.1x and Portal dual mode.These two kinds of networking modes are slightly different on the implementation of this programme, but realize on the thinking basic identical.Concrete between the two difference is:
In the 802.1x system, the concrete basis of characterization in network insertion zone is the IP address of access device, for example the IP address of access-layer switch.
And in the Portal system, the concrete basis of characterization in network insertion zone is the IP address that accesses terminal, and for example the user is used for carrying out the IP address of the user terminal of access to netwoks.
For fear of the repetition of concrete narration literal, will technology implementation procedure of the present invention be described with 802.1x authentication group net mode in the follow-up explanation of the present invention.
For convenience of description, the present invention gives concrete network model, as shown in Figure 5, is a kind of typical networking diagram of 802.1x authentication, and each accesses terminal access switch as authentication points.
Because the network characteristic of access-layer switch, so each administrative region all has independently one and many access devices.According to the situation of enterprise practical, the information in zone can be inserted as identification in the IP address of the access device in each administrative region, radius server can insert what regional access network network the user is from according to the IP Address Recognition of the access device of message identifying.
Based on above-mentioned networking structure, technical scheme proposed by the invention may further comprise the steps specifically as shown in Figure 6:
Step S601, divide the network insertion zone, and various access rights are set in radius server according to administration.
At radius server (also can be based on the network access control system of radius server) upward is that each inserts all kinds of access rights of area configurations.For example: be the higher access rights of steady job personnel configuration level in the one's respective area, comprise the authority of the resource such as server, operation system, memory device of addressable this administrative region network.And at the on-fixed staff in the one's respective area, for example: roaming staff, visitor, cooperation supplier, can provide the most basic network access authority as required, comprise addressable the Internet, but the authority of the keystone resources in the network of inaccessible this administrative region.
Step S602, radius server are provided with and insert the access rights of user in each administrative region.
According to the physical function and the need of work that insert the user, going up at radius server (also can be based on the network access control system of radius server) is its allocation of access rights.Affiliated administrative department according to inserting the user for it is provided with suitable network access authority, is beneficial to it normally visits need of work in affiliated administrative region resource.If this user has the demand that roams into other administrative department's work, then need to apply for other and insert the access rights in zone for it.This access rights are through unified Definition, and concrete authority content can be set as required, avoid the potential safety hazard that causes because of the workplace roaming.
Step S603, access main frame send username and password to access device, and request authenticates.
Insert the user and no matter what administrative region to insert online, all adopt the fixed-line subscriber name to insert online by the 802.1x protocol authentication in.
Step S604, access device send the authentication request message that comprises user name, password and access device IP address information to radius server.
After receiving the request that the user authenticates, access device sends a visit-request (Access-Request) message to radius server, and this message generally comprises following information:
(1) user name;
(2) user password of encryption format;
(3) access device IP and port.
Step S605, radius server are to success of access device return authentication or failure.
If radius server has carried out successful authentication to the user, will send a visit-acceptance (Access-Accept) message.It is right that this message has comprised the authorization attribute value (AVP) that is applied to the user;
If when radius server is not accepted access device and offered any one value of radius server, can send a visit-refusal (Access-Reject) message.
Follow-up step S606 is specially resource access flow process behind the authentication success to step S611, and therefore the emphasis that this also divides the present invention to pay close attention to, no longer is described in detail.
It is pointed out that charging process wherein, for enterprises, the concrete charging numerical value in the charging process is 0 always.
Can confirm that by above-mentioned explanation authentication request packet comprises access device IP and port in the RADIUS authentication process.Because in step S601, by the IP group of access device is arranged to insert area information according to administrative division, and be saved in the radius server.Therefore, when authentication, radius server can judge inserting the user from what zone inserts.According to inserting the access authority information in zone for what the user was provided with at each among the step S502, after inserting the authentification of user success, the access to netwoks authorization message that radius server will meet set security strategy is handed down to access device, thereby has guaranteed to insert the safe handling of user to network.
In order to realize above-mentioned technical scheme, the present invention also provides a kind of network authentication server, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in the network system, the corresponding user name of user account.
As shown in Figure 7, network authentication server specifically comprises:
Wherein, in concrete application scenarios, the position identification information in the pairing user's present located of user name network insertion zone is specially:
The IP address of the access device in the pairing user's present located of user name network insertion zone; Or,
The IP address of the user terminal in the pairing user's present located of the user name network insertion zone.
In concrete application scenarios, if the position identification information in the pairing user's present located of user name network insertion zone is specially the IP address of the user terminal that the pairing user of user name authenticates, also need to carry out following setting in the network authentication server:
A plurality of network insertions zone is corresponding a plurality of IP address sections respectively;
The IP address of at least one included user terminal is in the network insertion area relative IP address section in the network insertion zone.
In concrete application scenarios, 74 pairs of user accounts of authentication module are specifically realized in the following manner in the authentication in network insertion zone.
If the matching relationship of the username and password of 74 pairs of user accounts of authentication module carries out authentication success, then communication module 73 sends the authenticate-acknowledge information of user account to access device, and according to access authority information and user name at the corresponding relation in network insertion zone, be these user account Resources allocation access rights;
If the matching relationship of the username and password of 74 pairs of described user accounts of authentication module carries out authentification failure, or authentication module 74 obtains user name pairing resource access authority failure in the pairing network insertion of the position identification information in network insertion zone zone of user account to memory module 72, t communication module 73 sends authentification failure message to access device, refuses this user account and carries out resource access.
By the present invention, realized actual on-position based on the user right assignment that conducts interviews, can avoid that access rights are uncontrollable owing to insert the zone change, and can adopt unified access rights control for each on-fixed staff who inserts the zone, and the mode that single number of the account conducts interviews is also provided convenience for user's use, when improving internet security, improved user experience.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by hardware, also can realize by the mode that software adds necessary general hardware platform.Based on such understanding, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) each implements the described method of scene to carry out the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is a preferred schematic diagram of implementing scene, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device of implementing in the scene can be distributed in the device of implementing scene according to implementing scene description, also can carry out respective change and be arranged in the one or more devices that are different from this enforcement scene.The module of above-mentioned enforcement scene can be merged into a module, also can further split into a plurality of submodules.
The invention described above sequence number is not represented the quality of implementing scene just to description.
More than disclosed only be several concrete enforcement scene of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (9)
1, a kind of authority setting method of user access network, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each described network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in the described network system, the corresponding user name of described user account is characterized in that described method comprises:
Described network authentication server is respectively each described network insertion zone and sets up at least a resource access authority;
Described network authentication server is provided with described user account pairing resource access authority in each described network insertion zone respectively;
The resource access authority of the user name that described network authentication server is preserved described user account in each network insertion zone and the correspondence relationship information of the position identification information in described network insertion zone.
2, the method for claim 1 is characterized in that, the position identification information in described network insertion zone is specially:
The IP address of the access device in described network insertion zone; Or,
The IP address of the user terminal in the described network insertion zone.
3, method as claimed in claim 2 is characterized in that, if the position identification information in described network insertion zone is specially the IP address of the user terminal in the described network insertion zone, described method also comprises:
Described a plurality of network insertions zone is corresponding a plurality of IP address sections respectively;
The IP address of included user terminal is in the described network insertion area relative IP address section in the described network insertion zone.
4, the method for claim 1 is characterized in that, when user account request access resources, described method also comprises:
Described network authentication server receives the authentication request message of the position identification information in the user name that comprises described user account, password and described user account present located network insertion zone that described access device sends;
Described network authentication server authenticates the matching relationship of the username and password of described user account, and obtains user name pairing resource access authority in the pairing network insertion of the position identification information zone in described network insertion zone of described user account.
5, method as claimed in claim 4 is characterized in that, also comprises:
If the matching relationship to the username and password of described user account carries out authentication success, described network authentication server sends the authenticate-acknowledge information of described user account to described access device, is described user account Resources allocation access rights;
If the matching relationship to the username and password of described user account carries out authentification failure, or described network authentication server obtains user name pairing resource access authority failure in the pairing network insertion of the position identification information zone in described network insertion zone of described user account, described network authentication server sends authentification failure message to described access device, refuses described user account and carries out resource access.
6, a kind of network authentication server, be applied to comprise in the network system in network authentication server and a plurality of network insertions zone, wherein, each described network insertion zone comprises an access device and at least one user terminal respectively, set up at least one user account in the described network system, the corresponding user name of described user account is characterized in that, comprising:
Module is set, is used to each described network insertion zone to set up at least a resource access authority, and described user account pairing resource access authority in each described network insertion zone is set respectively;
Memory module electrically connects with the described module that is provided with, and the user name that is used for storing described user account is in the correspondence relationship information of the position identification information in the resource access authority in each network insertion zone and described network insertion zone;
Communication module, electrically connect with described memory module, be used to receive the authentication request message of the position identification information in the user name that comprises described user account, password and described user account present located network insertion zone that described access device sends, and send the authenticate-acknowledge information or the authentification failure message of described user name to described access device according to authentication result, and under the situation of user name authentication success, send described user's resource access authority to access device;
Authentication module, electrically connect with described memory module and described communication module, be used for the access authority information of storing and described user name at the corresponding relation in network insertion zone, described user name is authenticated in described network insertion zone according to described memory module.
7, network authentication server as claimed in claim 6 is characterized in that, the position identification information in the pairing user account present located of described user name network insertion zone is specially:
The IP address of the access device in described network insertion zone; Or,
The IP address of the user terminal in the described network insertion zone.
8, network authentication server as claimed in claim 7 is characterized in that, if the position identification information in described network insertion zone is specially the IP address of the user terminal in the described network insertion zone, specifically also comprises:
Described a plurality of network insertions zone is corresponding a plurality of IP address sections respectively;
The IP address of at least one included user terminal is in the described network insertion area relative IP address section in the described network insertion zone.
9, network authentication server as claimed in claim 7 is characterized in that, described authentication module is specially the authentication of user account in the network insertion zone:
If described authentication module carries out authentication success to the matching relationship of the username and password of user account, described network authentication server sends the authenticate-acknowledge information of described user account to described access device, and according to access authority information and described user name at the corresponding relation in network insertion zone, be described user account Resources allocation access rights;
If described authentication module carries out authentification failure to the matching relationship of the username and password of described user account, or described network authentication server obtains user name pairing resource access authority failure in the pairing network insertion of the position identification information zone in described network insertion zone of described user account, described network authentication server sends authentification failure message to described access device, refuses described user account and carries out resource access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101487926A CN101582769B (en) | 2009-07-03 | 2009-07-03 | Authority setting method of user access network and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101487926A CN101582769B (en) | 2009-07-03 | 2009-07-03 | Authority setting method of user access network and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101582769A true CN101582769A (en) | 2009-11-18 |
| CN101582769B CN101582769B (en) | 2012-07-04 |
Family
ID=41364751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101487926A Active CN101582769B (en) | 2009-07-03 | 2009-07-03 | Authority setting method of user access network and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582769B (en) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101958846A (en) * | 2010-11-03 | 2011-01-26 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| CN102404110A (en) * | 2011-12-08 | 2012-04-04 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for obtaining keys |
| CN102413137A (en) * | 2011-11-21 | 2012-04-11 | 北京地拓科技发展有限公司 | Data access method and device |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁***软件有限公司 | Industrial internet distributed system safety access control device |
| CN102959928A (en) * | 2011-02-28 | 2013-03-06 | 西门子企业通讯有限责任两合公司 | Apparatus and mechanism for dynamic assignment of survivability services to mobile devices |
| CN103383724A (en) * | 2013-06-28 | 2013-11-06 | 记忆科技(深圳)有限公司 | Storing device and data access authority management method thereof |
| CN103607372A (en) * | 2013-08-19 | 2014-02-26 | 深信服网络科技(深圳)有限公司 | Authentication method and device for network access |
| CN104052756A (en) * | 2014-06-27 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Method and system for service network elements to have safe access to service controller |
| CN104125066A (en) * | 2013-04-26 | 2014-10-29 | 美国博通公司 | Methods and systems for secured authentication of applications on a network |
| CN104394219A (en) * | 2014-11-27 | 2015-03-04 | 英业达科技有限公司 | Cloud management method |
| CN104468553A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Method, device and system for login of public account |
| CN104717062A (en) * | 2013-12-11 | 2015-06-17 | 杭州华三通信技术有限公司 | Method and device for quick visitor access based on BYOD management system |
| CN104767715A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Network access control method and equipment |
| CN104916101A (en) * | 2015-04-14 | 2015-09-16 | 北京网河时代科技有限公司 | Bluetooth 4.0 wall switch control system |
| CN104951692A (en) * | 2015-05-04 | 2015-09-30 | 联想(北京)有限公司 | Information processing method and first electronic equipment |
| CN105429998A (en) * | 2015-01-06 | 2016-03-23 | 李先志 | Network security area login method and device |
| CN105516378A (en) * | 2014-09-25 | 2016-04-20 | 华为技术有限公司 | Method and device for providing access position |
| CN106034104A (en) * | 2015-03-07 | 2016-10-19 | 华为技术有限公司 | Verification method, verification device and verification system for network application accessing |
| CN106162549A (en) * | 2015-05-19 | 2016-11-23 | 中兴通讯股份有限公司 | The processing method and processing device of access network |
| CN107005546A (en) * | 2014-12-12 | 2017-08-01 | 英特尔公司 | Technology for the Authorized operation of authentication server |
| CN103905431B (en) * | 2014-03-07 | 2017-08-08 | 汉柏科技有限公司 | A kind of user authen method and subscriber authentication server |
| CN108429732A (en) * | 2018-01-23 | 2018-08-21 | 平安普惠企业管理有限公司 | A kind of method and system obtaining resource |
| US10079836B2 (en) | 2013-04-26 | 2018-09-18 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Methods and systems for secured authentication of applications on a network |
| CN109145560A (en) * | 2018-08-08 | 2019-01-04 | 北京小米移动软件有限公司 | The method and device of accessing monitoring equipment |
| CN109150787A (en) * | 2017-06-13 | 2019-01-04 | 西安中兴新软件有限责任公司 | A kind of authority acquiring method, apparatus, equipment and storage medium |
| CN109660593A (en) * | 2018-11-05 | 2019-04-19 | 深圳绿米联创科技有限公司 | Platform of internet of things access management method, apparatus and system |
| CN109831492A (en) * | 2013-08-14 | 2019-05-31 | 华为技术有限公司 | Access the method and device of OTT application, server push message |
| WO2019157934A1 (en) * | 2018-02-14 | 2019-08-22 | 华为技术有限公司 | Network access method and related apparatus |
| CN110519404A (en) * | 2019-08-02 | 2019-11-29 | 锐捷网络股份有限公司 | A kind of policy management method based on SDN, device and electronic equipment |
| CN110620782A (en) * | 2019-09-29 | 2019-12-27 | 深圳市珍爱云信息技术有限公司 | Account authentication method and device, computer equipment and storage medium |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
| CN113271285A (en) * | 2020-02-14 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Method and device for accessing network |
| CN113596044A (en) * | 2021-08-03 | 2021-11-02 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
| CN113612740A (en) * | 2021-07-21 | 2021-11-05 | 腾讯科技(深圳)有限公司 | Authority management method and device, computer readable medium and electronic equipment |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973711B (en) * | 2014-05-28 | 2018-07-24 | 中国农业银行股份有限公司 | A kind of verification method and device |
| CN113468511B (en) * | 2021-07-21 | 2022-04-15 | 腾讯科技(深圳)有限公司 | Data processing method and device, computer readable medium and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7072945B1 (en) * | 2000-06-30 | 2006-07-04 | Nokia Corporation | Network and method for controlling appliances |
| CN1248455C (en) * | 2003-02-21 | 2006-03-29 | 北京润汇科技有限公司 | Customer access management system for wideband network |
| CN100499554C (en) * | 2007-06-28 | 2009-06-10 | 杭州华三通信技术有限公司 | Network admission control method and network admission control system |
-
2009
- 2009-07-03 CN CN2009101487926A patent/CN101582769B/en active Active
Cited By (58)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101958846A (en) * | 2010-11-03 | 2011-01-26 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| CN101958846B (en) * | 2010-11-03 | 2015-04-15 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁***软件有限公司 | Industrial internet distributed system safety access control device |
| CN102487383B (en) * | 2010-12-02 | 2015-01-28 | 上海可鲁***软件有限公司 | Industrial internet distributed system safety access control device |
| CN102959928B (en) * | 2011-02-28 | 2016-09-07 | 西门子企业通讯有限责任两合公司 | Device and the mechanism of survivability service is dynamically distributed to mobile device |
| CN102959928A (en) * | 2011-02-28 | 2013-03-06 | 西门子企业通讯有限责任两合公司 | Apparatus and mechanism for dynamic assignment of survivability services to mobile devices |
| CN102413137B (en) * | 2011-11-21 | 2014-10-08 | 北京地拓科技发展有限公司 | Data access method and device |
| CN102413137A (en) * | 2011-11-21 | 2012-04-11 | 北京地拓科技发展有限公司 | Data access method and device |
| CN102404110A (en) * | 2011-12-08 | 2012-04-04 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for obtaining keys |
| CN104125066A (en) * | 2013-04-26 | 2014-10-29 | 美国博通公司 | Methods and systems for secured authentication of applications on a network |
| US10079836B2 (en) | 2013-04-26 | 2018-09-18 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Methods and systems for secured authentication of applications on a network |
| CN104125066B (en) * | 2013-04-26 | 2018-01-26 | 安华高科技通用Ip(新加坡)公司 | The method and system of the safety certification of application on network |
| CN103383724A (en) * | 2013-06-28 | 2013-11-06 | 记忆科技(深圳)有限公司 | Storing device and data access authority management method thereof |
| CN109831492B (en) * | 2013-08-14 | 2021-06-22 | 华为技术有限公司 | Method and device for accessing OTT application and server push message |
| CN109831492A (en) * | 2013-08-14 | 2019-05-31 | 华为技术有限公司 | Access the method and device of OTT application, server push message |
| CN103607372A (en) * | 2013-08-19 | 2014-02-26 | 深信服网络科技(深圳)有限公司 | Authentication method and device for network access |
| CN103607372B (en) * | 2013-08-19 | 2016-12-28 | 深信服网络科技(深圳)有限公司 | The authentication method of network insertion and device |
| CN104717062B (en) * | 2013-12-11 | 2018-03-16 | 新华三技术有限公司 | The method and device that a kind of visitor based on BYOD management systems quickly accesses |
| CN104717062A (en) * | 2013-12-11 | 2015-06-17 | 杭州华三通信技术有限公司 | Method and device for quick visitor access based on BYOD management system |
| WO2015085872A1 (en) * | 2013-12-11 | 2015-06-18 | Hangzhou H3C Technologies Co., Ltd | Method and device for access of guests |
| CN104767715A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Network access control method and equipment |
| CN104767715B (en) * | 2014-01-03 | 2018-06-26 | 华为技术有限公司 | Access control method and equipment |
| CN103905431B (en) * | 2014-03-07 | 2017-08-08 | 汉柏科技有限公司 | A kind of user authen method and subscriber authentication server |
| CN104052756A (en) * | 2014-06-27 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Method and system for service network elements to have safe access to service controller |
| CN104052756B (en) * | 2014-06-27 | 2017-08-01 | 北京思特奇信息技术股份有限公司 | A kind of method and system of business network element secure accessing service controller |
| CN105516378B (en) * | 2014-09-25 | 2019-02-12 | 华为技术有限公司 | The method and apparatus of on-position is provided |
| CN105516378A (en) * | 2014-09-25 | 2016-04-20 | 华为技术有限公司 | Method and device for providing access position |
| CN104394219A (en) * | 2014-11-27 | 2015-03-04 | 英业达科技有限公司 | Cloud management method |
| CN104468553A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Method, device and system for login of public account |
| CN107005546A (en) * | 2014-12-12 | 2017-08-01 | 英特尔公司 | Technology for the Authorized operation of authentication server |
| CN107005546B (en) * | 2014-12-12 | 2020-11-17 | 英特尔公司 | Method, device and apparatus for verifying authorized operation of server |
| CN105429998A (en) * | 2015-01-06 | 2016-03-23 | 李先志 | Network security area login method and device |
| US10924495B2 (en) | 2015-03-07 | 2021-02-16 | Huawei Technologies Co., Ltd. | Verification method, apparatus, and system used for network application access |
| CN106034104A (en) * | 2015-03-07 | 2016-10-19 | 华为技术有限公司 | Verification method, verification device and verification system for network application accessing |
| CN104916101A (en) * | 2015-04-14 | 2015-09-16 | 北京网河时代科技有限公司 | Bluetooth 4.0 wall switch control system |
| CN104951692A (en) * | 2015-05-04 | 2015-09-30 | 联想(北京)有限公司 | Information processing method and first electronic equipment |
| CN106162549A (en) * | 2015-05-19 | 2016-11-23 | 中兴通讯股份有限公司 | The processing method and processing device of access network |
| CN109150787A (en) * | 2017-06-13 | 2019-01-04 | 西安中兴新软件有限责任公司 | A kind of authority acquiring method, apparatus, equipment and storage medium |
| CN108429732A (en) * | 2018-01-23 | 2018-08-21 | 平安普惠企业管理有限公司 | A kind of method and system obtaining resource |
| WO2019157934A1 (en) * | 2018-02-14 | 2019-08-22 | 华为技术有限公司 | Network access method and related apparatus |
| US11297587B2 (en) | 2018-02-14 | 2022-04-05 | Huawei Technologies Co., Ltd. | Network access method and related apparatus |
| CN110167102A (en) * | 2018-02-14 | 2019-08-23 | 华为技术有限公司 | A kind of method and relevant apparatus of network insertion |
| CN110167102B (en) * | 2018-02-14 | 2021-01-15 | 华为技术有限公司 | Network access method and related device |
| CN109145560A (en) * | 2018-08-08 | 2019-01-04 | 北京小米移动软件有限公司 | The method and device of accessing monitoring equipment |
| CN109145560B (en) * | 2018-08-08 | 2022-03-25 | 北京小米移动软件有限公司 | Method and device for accessing monitoring equipment |
| CN109660593A (en) * | 2018-11-05 | 2019-04-19 | 深圳绿米联创科技有限公司 | Platform of internet of things access management method, apparatus and system |
| CN109660593B (en) * | 2018-11-05 | 2021-12-07 | 深圳绿米联创科技有限公司 | Internet of things platform access management method, device and system |
| CN110519404A (en) * | 2019-08-02 | 2019-11-29 | 锐捷网络股份有限公司 | A kind of policy management method based on SDN, device and electronic equipment |
| CN110519404B (en) * | 2019-08-02 | 2022-04-26 | 锐捷网络股份有限公司 | SDN-based policy management method and device and electronic equipment |
| CN110620782A (en) * | 2019-09-29 | 2019-12-27 | 深圳市珍爱云信息技术有限公司 | Account authentication method and device, computer equipment and storage medium |
| CN113271285A (en) * | 2020-02-14 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Method and device for accessing network |
| CN113271285B (en) * | 2020-02-14 | 2023-08-08 | 北京沃东天骏信息技术有限公司 | Method and device for accessing network |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
| CN112822160B (en) * | 2020-12-29 | 2022-10-21 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
| CN113612740A (en) * | 2021-07-21 | 2021-11-05 | 腾讯科技(深圳)有限公司 | Authority management method and device, computer readable medium and electronic equipment |
| CN113612740B (en) * | 2021-07-21 | 2022-08-26 | 腾讯科技(深圳)有限公司 | Authority management method and device, computer readable medium and electronic equipment |
| CN113596044A (en) * | 2021-08-03 | 2021-11-02 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
| CN113596044B (en) * | 2021-08-03 | 2023-04-25 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101582769B (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101582769B (en) | Authority setting method of user access network and equipment | |
| US8973122B2 (en) | Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method | |
| US11350279B2 (en) | Dynamic policy-based on-boarding of devices in enterprise environments | |
| CN104158824B (en) | Genuine cyber identification authentication method and system | |
| Panda et al. | A blockchain based decentralized authentication framework for resource constrained iot devices | |
| CN102916946B (en) | Connection control method and system | |
| JP2007219935A (en) | Distributed authentication system and distributed authentication method | |
| CN102724647A (en) | Method and system for access capability authorization | |
| CN101764742A (en) | Network resource visit control system and method | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| US20130263239A1 (en) | Apparatus and method for performing user authentication by proxy in wireless communication system | |
| CN104159225A (en) | Wireless network based real-name registration system management method and system | |
| CN101986598B (en) | Authentication method, server and system | |
| CN101001144B (en) | Method for implementing authentication by entity authentication centre | |
| CN100512107C (en) | Security identification method | |
| CN109413080B (en) | Cross-domain dynamic authority control method and system | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| CN101540757A (en) | Method and system for identifying network and identification equipment | |
| CN105518689A (en) | Method and system related to authentication of users for accessing data networks | |
| CN106127888A (en) | Smart lock operational approach and smart lock operating system | |
| CN105827663A (en) | Access control method and system | |
| CN109088890A (en) | A kind of identity identifying method, relevant apparatus and system | |
| Pérez-Méndez et al. | Identity federations beyond the web: A survey | |
| CN101291220B (en) | System, device and method for identity security authentication | |
| CN104052829A (en) | Adaptive name resolution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | "change of name, title or address" | ||
| CP03 | "change of name, title or address" |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |