CN103152332B - A kind of EAP authentication method and apparatus under WEB service assistance - Google Patents
A kind of EAP authentication method and apparatus under WEB service assistance Download PDFInfo
- Publication number
- CN103152332B CN103152332B CN201310051830.2A CN201310051830A CN103152332B CN 103152332 B CN103152332 B CN 103152332B CN 201310051830 A CN201310051830 A CN 201310051830A CN 103152332 B CN103152332 B CN 103152332B
- Authority
- CN
- China
- Prior art keywords
- eap
- authentication
- user terminal
- bng
- web server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of EAP authentication method and apparatus under being assisted the invention provides WEB service, wherein, the method that BNG carries out EAP authentication includes:The EAP failed authentications of user terminal are known from aaa server, judge whether to need user terminal being pushed to WEB server, if necessary to which user terminal is pushed into WEB server, after receiving and carrying out the HTTP request of user terminal, HTTP request is redirected to the WEB server that can eliminate EAP failed authentication reasons;After the notice for receiving that EAP continues authentication from WEB server, the EAP authentication requests to user terminal are sent to aaa server again.The present invention realizes existing online Self-Service and is combined with EAP authentication.
Description
Technical field
The present invention relates to the authentication protocol of extension(EAP)EAP under field of authentication, more particularly to a kind of assistance of WEB service
Authentication method and equipment.
Background technology
Extensible Authentication Protocol(Extensible Authentication Protocol,EAP), it is one and generally uses
Authentication mechanism, it is commonly used in the connection of wireless network or point-to-point.EAP can be not only used for WLAN, Er Qieke
For cable LAN.When EAP is by the network access equipment based on IEEE 802.1X(Such as 802.11a/b/g, wirelessly connect
Access point)During calling, modern EAP methods can provide a security authentication mechanism.IEEE802.1X+EAP authentication methods are main
Including EAP-SIM, EAP-AKA, EAP-PEAP, EAP-TLS and EAP-TTLS.By EAP-SIM/EAP-AKA to user terminal
When being authenticated, checking, authorization and accounting(Authentication, Authorization, Accounting, AAA)Server
Whether final authentication successfully also relies on the signing information of user terminal and operator(Such as contract period, the prepayment of contract user
Take customer service rental period and residual flow);The factors such as user's order business contract is expired, subscriber arrearage can result in AAA clothes
Business device fails to the user end certification, and user terminal can not access network.By EAP-TLS/EAP-TTLS to user terminal
When being authenticated, EAP-TLS/EAP-TTLS authentication methods depend on the term of validity of digital certificate, if user terminal numeral card
Book fails, then aaa server fails to the user end certification, and user terminal can not normally access network.In such case
Under, to continue aaa authentication, user is usually required at present and updates digital certificate to the agency of operator or re-rents business, it is this
Mode efficiency is low, influences customer service experience.
With the appearance of online Self-Service, user can handle multiple business by network, such as online recharge, renewal number
Word certificate etc..If can combine existing online Self-Service with EAP authentication, existing EAP authentication effect will certainly be improved
Rate, lift the business experience of user.
The content of the invention
A kind of EAP authentication method and apparatus under being assisted the invention provides WEB service, will be existing so that how solution is realized
The technical problem that is combined with EAP authentication of online Self-Service.
In order to solve the above technical problems, the invention provides a kind of wideband network gateway(BNG)It is extended authentication protocol
(EAP)The method of certification, methods described include:
The EAP failed authentications of user terminal are known from aaa server, judge whether to need user terminal being pushed to WEB
Server, if necessary to which user terminal is pushed into WEB server, receiving the Hyper text transfer from the user terminal
Agreement(HTTP)After request, the HTTP request is redirected to the WEB server that can eliminate EAP failed authentication reasons;
After the notice for receiving that EAP continues authentication from the WEB server, sent again to aaa server to the user
The EAP authentication requests of terminal.
Further, judge whether to need user terminal being pushed to WEB server, including:
Judge whether failed authentication reason belongs to the default failed authentication for needing for user terminal to be pushed to WEB server
Reason;
Or,
Judge whether to receive the instruction that user terminal is pushed to WEB server that aaa server is sent.
Further,
When the HTTP request to be redirected to the WEB server that can eliminate EAP failed authentication reasons, also described in carrying
Failure cause in EAP failed authentication message.
In order to solve the above technical problems, present invention also offers a kind of WEB server to assist Extensible Authentication Protocol(EAP)Recognize
The method of card, methods described include:
Receive wideband network gateway(BNG)The HTTP of the user terminal of forwarding(HTTP)Request;
Establish and connect with the user terminal, receive the self-help operation that the user terminal eliminates EAP failed authentication reasons;
The user terminal complete eliminate EAP failed authentication reasons operation after, to the BNG send instruction EAP after
The notice of continuous authentication.
Further:
After the HTTP request of the user terminal of the reception BNG forwardings, also judge that EAP authentications whether are carried in the request to be lost
Lose reason;
If carrying EAP failed authentication reasons in the request, pushed by the BNG to user described for eliminating
The webpage of EAP failed authentication reasons, receive the self-help operation that the user terminal eliminates EAP failed authentication reasons;
The user terminal complete eliminate EAP failed authentication reasons operation after, to the BNG send instruction EAP after
The notice of continuous authentication, including:Whether the operation for judging the elimination EAP failed authentication reasons that the user terminal is completed is to eliminate institute
The operation of the EAP failed authentication reasons carried in HTTP request is stated, if it is, sending instruction EAP to the BNG continues authentication
Notice.
A kind of in order to solve the above technical problems, Extensible Authentication Protocol under being assisted present invention also offers WEB service(EAP)
Authentication method, methods described include:
Wideband network gateway(BNG)EAP authentication is carried out using method any one of as described above;
WEB server carries out EAP using method any one of as described above and assists certification.
In order to solve the above technical problems, present invention also offers one kind to be extended authentication protocol(EAP)The broadband of certification
Network gateway(BNG), the BNG includes EAP authentication modules and WEB redirection modules, wherein,
The EAP authentication modules, taken for sending the EAP authentication requests to user terminal to aaa server, and from AAA
Business device receives the user terminal EAP authenticating results, and authenticating result is notified into the WEB redirection modules;
The WEB redirection modules, for knowing authenticating result for after user terminal EAP failed authentication message, judgement is
It is no to need user terminal being pushed to WEB server, if necessary to which user terminal is pushed into WEB server, come receiving
From the HTTP of the user terminal(HTTP)After request, the HTTP request, which is redirected to, can eliminate EAP mirror
Weigh the WEB server of failure cause;And after WEB server reception EAP continues the notice of authentication, notice EAP authentications
Module sends the EAP authentication requests to the user terminal to aaa server again.
Further,
The WEB redirection modules, for judging whether to need user terminal being pushed to WEB server, including:
The WEB redirection modules, judge whether failed authentication reason belongs to default and need user terminal being pushed to
The failed authentication reason of WEB server;Or, judge whether that the WEB that is pushed to user terminal for receiving aaa server transmission takes
The instruction of business device.
Further,
The WEB redirection modules, EAP failed authentication reasons can be eliminated by being additionally operable to the HTTP request being redirected to
During WEB server, the failure cause in the EAP failed authentications message is carried.
In order to solve the above technical problems, present invention also offers one kind to assist Extensible Authentication Protocol(EAP)The WEB clothes of certification
Business device, the WEB server includes authentication indicating module and module is established in network connection, wherein,
Module is established in the network connection, for receiving wideband network gateway(BNG)The hypertext of the user terminal of forwarding
Host-host protocol(HTTP)Request, and establish and connect with the user terminal;
The authentication indicating module, for the connection by the foundation, receive the user terminal and eliminate EAP authentication mistakes
Lose the self-help operation of reason;After the operation that the user terminal completes elimination EAP failed authentication reasons, sent to the BNG
Indicate that EAP continues the notice of authentication.
Further,
Module is established in the network connection, also after the HTTP request of user terminal of BNG forwardings is received, judges to ask
EAP failed authentication reasons whether are carried in asking, if in the request carry EAP failed authentication reasons, by the BNG to
Family pushes the webpage for eliminating the EAP failed authentications reason;
The authentication indicating module, the elimination EAP failed authentications original carried out for receiving user terminal by the webpage
The self-help operation of cause;After the operation that the user terminal completes elimination EAP failed authentication reasons, send and indicate to the BNG
EAP continues the notice of authentication, including:Judge the elimination EAP failed authentication reasons that the user terminal is completed operation whether be
The operation of the EAP failed authentication reasons carried in the HTTP request is eliminated, is continued if it is, sending instruction EAP to the BNG
The notice of authentication.
A kind of in order to solve the above technical problems, Extensible Authentication Protocol under being assisted present invention also offers WEB service(EAP)
The system of certification, the system include wideband network gateway(BNG)And WEB server, wherein,
The BNG is using the as above BNG described in any one;
The WEB server is using the as above WEB server described in any one.
Above-mentioned technical proposal, after AAA fails to the authentication operations of user terminal, it is not necessary to which user terminal goes to run in person
The agency of business eliminate the operation of failed authentication reason, and user can directly be pushed to the WEB server of correlation, profit by BNG
Help user to eliminate failed authentication reason by network with online Self-Service, be effectively improved existing EAP authentication efficiency,
Improve the business experience of user.
Brief description of the drawings
Fig. 1 is that the BNG of the present embodiment carries out the method flow diagram of EAP authentication;
Fig. 2 is that the WEB server of the present embodiment assists the method flow diagram of EAP authentication;
Fig. 3 is the network topological diagram of this first application example and the second application example;
Fig. 4 is the BNG comprising modules figures of the present embodiment;
Fig. 5 is the WEB server comprising modules figure of the present embodiment.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with accompanying drawing to the present invention
Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application
Feature can mutually be combined.
Fig. 1 is that the BNG of the present embodiment carries out the method flow diagram of EAP authentication.
S101 sends the EAP authentication requests to user terminal to aaa server;
S102 receives user terminal EAP failed authentication message from aaa server;
S103 judges whether to need user terminal being pushed to WEB server, if it is desired, performs step S104;Otherwise,
Perform step S107;
BNG can determine whether failed authentication reason belongs to the default mirror for needing for user terminal to be pushed to WEB server
Failure cause is weighed, if belonged to, needs user terminal being pushed to WEB server;
Or,
BNG judges whether to receive the instruction that user terminal is pushed to WEB server of aaa server transmission, if
The instruction from AA servers is received, then needs user terminal being pushed to WEB server;
The failed authentication reason for needing for user terminal to be pushed to WEB server typically may include:EAP failed authentication reasons
Can be that arrearage causes failed authentication, business rental period are expired to cause failed authentication, user terminal digital certificate are expired to cause to authenticate
Failure etc.;In addition to these failed authentication enumerated reasons, it can also be any by the i.e. eliminable mirror of the online Self-Service of user
Weigh failure cause;
S104 judges whether to receive the HTTP request for carrying out user terminal, if receiving HTTP request, performs step
S105;Otherwise, step S107 is performed;
The HTTP request is redirected to the WEB server that can eliminate EAP failed authentication reasons by S105;
The WEB server that EAP failed authentication reasons can be eliminated can be with the server where the portal website of business;Should
Server can include the webpage of explanation authentification failure reason and prompting user terminal carries out eliminating failure cause Self-Service
Webpage;
S106 continues the notice of authentication from WEB server reception EAP, is sent again to aaa server to the use
The EAP authentication requests of family terminal;
S107 flows terminate.
In above-described embodiment, BNG may be used also after the user terminal EAP failed authentication message from aaa server is received
First judge whether the failed authentication message carries failure cause;If carrying failure cause in failed authentication message, will use
, can be by the failure cause when family terminal transmission HTTP request is redirected to the WEB server that can eliminate EAP failed authentication reasons
Carry and sent in the HTTP request to the WEB server, help WEB server fast positioning to enter to prompting user terminal
Row eliminates the webpage of the failure cause Self-Service, improves the response speed of WEB server, lifts Consumer's Experience.
Fig. 2 is that the WEB server of the present embodiment assists the method flow diagram of EAP authentication.
S201 receives the HTTP of the user terminal of BNG forwardings(HTTP)Request;
After the HTTP request for receiving the user terminal of BNG forwardings, it can also first judge EAP authentications whether are carried in the request
Failure cause, if carrying failed authentication reason, it can be navigated to according to the failed authentication reason for eliminating the failure cause
Webpage;
S202 is established with user terminal and connected, and receives the self-help operation that the user terminal eliminates EAP failed authentication reasons;
S203 sends to the BNG and indicated after the operation that the user terminal completes elimination EAP failed authentication reasons
EAP continues the notice of authentication.
A kind of Extensible Authentication Protocol under being assisted present invention also offers WEB service(EAP)The embodiment of authentication method, should
Embodiment is related to wideband network gateway(BNG)And WEB server, wherein, BNG carries out EAP authentication using method as described above,
WEB server also carries out EAP authentication using method as described above, is not repeated herein.
Example is applied with 2 below, the embodiment of the EAP authentication method under being assisted to above-mentioned WEB service is carried out further
Describe in detail.
Using example one:Common wireline accesses scene, and network topological diagram is as shown in Figure 3.
AN can be the front end access network of DSLAM+SW compositions in this application example, but be not limited to DSLAM+SW.
Because terminal user's arrearage causes EAP failed authentications in this application example.
Step 1:BNG receives the EAPoL-Start messages that user terminal is initiated via AN networks;
If user terminal supports more than EAPoL-v3 agreements, user terminal can pass through EAPoL-Start-
TLV scaling options in Annoncement messages, notice BNG whether in failed authentication support WEB praise and admire business by force, whether permit
Perhaps BNG obtains IP address by DHCP, whether Self address is the professional qualifications such as static ip address, so that BNG carries out correlation
Strategy processing;
BNG can also be defaulted as in failed authentication, and business is praised and admired by force using WEB to user terminal;Or come from receiving
After the failed authentication result of aaa server, judge whether to carry in the failed authentication result and user terminal is praised and admired by force using WEB
The instruction of business, if receiving the instruction, business is praised and admired by force using WEB to user terminal;
Step 2:BNG receives EAPoL-Start message, starts to create EAPoL user conversations;BNG is sent via AN networks
EAPoL-EAP-Request-Identity message obtains identity information to user terminal;
Step 3:BNG obtains the EAPoL-EAP-Response-Identity that user terminal is sent via AN networks;
Step 4:BNG encapsulates EAPoL-EAP-Response-Identity message to authentication request message (such as RADIUS
The Access-Request messages of agreement) in, send the authentication request message and give authentication server AAA;
Step 5:Aaa server consults specific authentication method (such as EAP-PEAP, EAP-SIM, EAP- with user terminal
AKA, EAP-TLS, EAP-TTLS), client is authenticated according to the specific method of negotiation;Meanwhile aaa server also cooperates with
HLR is checked the signing information and traffic performance of user, judges whether the user terminal is legal;If aaa server is sentenced
Break and that the user terminal is legal, and the EAP of user terminal is authenticated successfully, perform step 14;Otherwise, step 6 is performed;
Step 6:Aaa server returns to the failed authentication message of instruction user arrearage to BNG, and BNG returns to the failed message
To user terminal;Meanwhile BNG determines to need to praise and admire business by force using WEB to user terminal;
Step 7:BNG carries out DHCP message with user terminal and interacted, and obtains the IP address of user terminal;IP address is set
With the corresponding relation of portal website of operator;
Step 8:BNG receives the HTTP request from the IP address(The HTTP request includes instruction user arrearage
Information), according to the corresponding relation of setting, the HTTP request is redirected to the WEB server where the portal website of operator;
Step 9:WEB server supplements webpage with money according to subscriber arrearage Information locating user;
Step 10:The TCP connections that BNG is established between user terminal and the WEB server;WEB server will be used by BNG
Family is supplemented webpage with money and promoted to be interacted to user terminal, WEB server by the webpage with the user terminal, receives the user
The self-help operation that terminal is supplemented with money;
Step 11:After the user terminal performs and supplements operation with money, WEB server is recognized by the portal protocol of extension
Card request message informs that BNG continues to carry out user EAP authentication sessions;
Step 12:BNG sends EAPoL-EAP-Request-Identity message to user terminal, retriggered user
Terminal and AAA carry out EAP authentication interaction;
Step 13:Aaa server sends user terminal EAP authentication successful messages to BNG;
Step 14:Flow terminates.
Using example two:Wireless access scene.
In application example, AN can be front end access network or the AP-FIT+AC networkings of AP-FAT compositions
Network is accessed in front end.
Subscription authentication is caused to fail because end-user service signing is expired in this application example.
Step 1:BNG receives the EAPoL-Start messages that user terminal is initiated via AP;
Step 2:BNG receives the EAPoL-Start messages of AP forwardings, creates EAP sessions, sends EAPoL-EAP-
Request-Identity messages obtain identity information to user terminal;
Step 3:BNG obtains the EAPoL-EAP-Response-Identity that user terminal is sent via AP;
Step 4:BNG encapsulates EAPoL-EAP-Response-Identity message to authentication request message(Such as:RADIUS
Access-Request messages in agreement)In, send the authentication request message and give authentication server AAA;
Step 5:Aaa server consults specific authentication method (EAP-PEAP, EAP-SIM, EAP- with user terminal
AKA, EAP-TLS, EAP-TTLS), client is authenticated according to the specific method of negotiation;Meanwhile aaa server also cooperates with
HLR is checked the signing information and traffic performance of user to judge whether the user terminal is legal, and obtains PMK;Such as
Fruit aaa server judges that the user terminal is legal, and the EAP of user terminal is authenticated successfully, performs step 14;Otherwise,
Perform step 6;
Step 6:Aaa server returns to the overdue failed authentication message of instruction user service contracting to BNG, and BNG is returned should
Failed message is to user terminal;Meanwhile BNG determines to need to praise and admire business by force using WEB to user terminal;
The overdue configured information of customer service signing is carried in EAPoL-Announcement message or directly existed
In the extension TLV options of EAPoL-EAP-Fail message;
User terminal is after EAPoL-Announcement or EAPoL-EAP-Fail message is received, if necessary to continue
Interacted with AP, the PMK that the reservation EAP authentication stage learns, continue and AP carries out key agreement, so that AP eats dishes without rice or wine in WPA/WPA2
The DHCP message and other service messages of normal forwarding user terminal under environment are encrypted, is ensured through the safety to E-Packet of eating dishes without rice or wine
Property;
Step 7:BNG carries out DHCP message with user terminal and interacted, and obtains the IP address of user terminal;IP address is set
With the corresponding relation of portal website of operator;
Step 8:BNG receives the HTTP request from the IP address(The HTTP request is believed comprising instruction user arrearage
Breath), according to the corresponding relation of setting, the HTTP request is redirected to the WEB server where the portal website of operator;
Step 9:WEB server re-rents webpage according to the overdue configured information positioning service of customer service signing;
Step 10:The TCP connections that BNG is established between user terminal and the WEB server;WEB server is by BNG by industry
Business is re-rented webpage and promoted to be interacted to user terminal, WEB server by the webpage with the user terminal, receives the user
The self-help operation that terminal is re-rented;
Step 11:After the user terminal performs and re-rents operation, WEB server is recognized by the portal protocol of extension
Card request message informs that BNG carries out EAP authentication sessions to user again;
Step 12:BNG sends EAPoL-EAP-Request-Identity message to user terminal, retriggered user
Terminal and AAA carry out EAP authentication interaction;
Step 13:Aaa server sends user terminal EAP authentication successful messages to BNG;
Step 14:Flow terminates.
Fig. 4 is the BNG comprising modules figures of the present embodiment.
The BNG includes EAP authentication modules and WEB redirection modules, wherein,
EAP authentication modules, for sending the EAP authentication requests to user terminal to aaa server, and from aaa server
The user terminal EAP authenticating results are received, and authenticating result is notified into the WEB redirection modules;
WEB redirection modules, for know authenticating result be user terminal EAP failed authentication message after, judge whether need
User terminal is pushed to WEB server, if necessary to which user terminal is pushed into WEB server, institute is come from receiving
State the HTTP of user terminal(HTTP)After request, the HTTP request, which is redirected to, which can eliminate EAP authentications, loses
Lose the WEB server of reason;And after WEB server reception EAP continues the notice of authentication, notify EAP authentication modules
Again the EAP authentication requests to the user terminal are sent to aaa server;
Above-mentioned WEB redirection modules, for judging whether to need user terminal being pushed to WEB server, including:Judge
Whether failed authentication reason belongs to the default failed authentication reason for needing for user terminal to be pushed to WEB server, if category
In then needing user terminal being pushed to WEB server;Or, judge whether to receive aaa server transmission by user terminal
It is pushed to the instruction of WEB server;If receiving the instruction from AA servers, need user terminal being pushed to WEB
Server;
Above-mentioned WEB redirection modules, EAP failed authentication reasons can be eliminated by being additionally operable to the HTTP request being redirected to
During WEB server, the failure cause in the EAP failed authentications message is carried, helps WEB server fast positioning to be used to prompting
Family terminal eliminate the webpage of the failure cause Self-Service, improves the response speed of WEB server, lifts Consumer's Experience.
Fig. 5 is the WEB server comprising modules figure of the present embodiment.
The WEB server includes authentication indicating module and module is established in network connection, wherein,
Module is established in the network connection, for receiving wideband network gateway(BNG)The hypertext of the user terminal of forwarding
Host-host protocol(HTTP)Request, and establish and connect with the user terminal;
The authentication indicating module, for the connection by the foundation, receive the user terminal and eliminate EAP authentication mistakes
Lose the self-help operation of reason;After the operation that the user terminal completes elimination EAP failed authentication reasons, sent to the BNG
Indicate that EAP continues the notice of authentication.
Module is established in above-mentioned network connection, can also be after the HTTP request of user terminal of BNG forwardings is received, and judging should
EAP failed authentication reasons whether are carried in request, if in the request carry EAP failed authentication reasons, by the BNG to
User pushes the webpage for eliminating the EAP failed authentications reason;
Indicating module is authenticated, the elimination EAP failed authentication reasons carried out for receiving user terminal by the webpage
Self-help operation;The user terminal complete eliminate EAP failed authentication reasons operation after, to the BNG send instruction EAP after
The notice of continuous authentication, including:Whether the operation for judging the elimination EAP failed authentication reasons that the user terminal is completed is to eliminate institute
The operation of the EAP failed authentication reasons carried in HTTP request is stated, if it is, sending instruction EAP to the BNG continues authentication
Notice.
A kind of Extensible Authentication Protocol under being assisted present invention also offers WEB service(EAP)The embodiment of Verification System, should
Embodiment is related to wideband network gateway(BNG)And WEB server, wherein, BNG is using the BNG of as above comprising modules, WEB service
Device also using the WEB server of as above comprising modules, is not repeated herein.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program
Related hardware is completed, and described program can be stored in computer-readable recording medium, such as read-only storage, disk or CD
Deng.Alternatively, all or part of step of above-described embodiment can also be realized using one or more integrated circuits, accordingly
Ground, each module/unit in above-described embodiment can be realized in the form of hardware, can also use the shape of software function module
Formula is realized.The present invention is not restricted to the combination of the hardware and software of any particular form.
It should be noted that the present invention can also have other various embodiments, without departing substantially from of the invention spiritual and its essence
In the case of, those skilled in the art can make various corresponding changes and deformation according to the present invention, but these are corresponding
Change and deform the protection domain that should all belong to appended claims of the invention.
Claims (8)
1. a kind of method that wideband network gateway BNG is extended authentication protocol EAP authentication, it is characterised in that methods described bag
Include:
The EAP failed authentications of user terminal are known from aaa server, judge whether to need user terminal being pushed to WEB service
Device, if necessary to which user terminal is pushed into WEB server, receiving the HTTP from the user terminal
After HTTP request, the HTTP request is redirected to the WEB server that can eliminate EAP failed authentication reasons;
After the notice for receiving that EAP continues authentication from the WEB server, sent again to aaa server to the user terminal
EAP authentication requests;
Judge whether to need user terminal being pushed to WEB server, further comprise:
Judge whether failed authentication reason belongs to default and need the failed authentication that user terminal is pushed to WEB server former
Cause;
Or,
Judge whether to receive the instruction that user terminal is pushed to WEB server that aaa server is sent.
2. the method as described in claim 1, it is characterised in that:
When the HTTP request to be redirected to the WEB server that can eliminate EAP failed authentication reasons, the EAP mirror are also carried
Weigh the failure cause in failed message.
3. a kind of method that WEB server assists Extensible Authentication Protocol EAP authentication, it is characterised in that methods described includes:
Receive the HTTP request of the user terminal of wideband network gateway BNG forwardings;
Establish and connect with the user terminal, receive the self-help operation that the user terminal eliminates EAP failed authentication reasons;
After the operation that the user terminal completes elimination EAP failed authentication reasons, send instruction EAP to the BNG and continue to reflect
The notice of power;
After the HTTP request of the user terminal of the reception BNG forwardings, also judge EAP failed authentications original whether is carried in the request
Cause;
If carrying EAP failed authentication reasons in the request, pushed to user by the BNG and reflected for eliminating the EAP
The webpage of failure cause is weighed, receives the self-help operation that the user terminal eliminates EAP failed authentication reasons;
After the operation that the user terminal completes elimination EAP failed authentication reasons, send instruction EAP to the BNG and continue to reflect
The notice of power, including:Whether the operation for judging the elimination EAP failed authentication reasons that the user terminal is completed is described in elimination
The operation of the EAP failed authentication reasons carried in HTTP request, if it is, sending instruction EAP to the BNG continues the logical of authentication
Know.
4. a kind of Extensible Authentication Protocol EAP authentication method under WEB service assistance, it is characterised in that methods described includes:
Wideband network gateway BNG uses method according to any one of claims 1 to 2 such as to carry out EAP authentication;
WEB server carries out EAP using method as claimed in claim 3 and assists certification.
5. a kind of wideband network gateway BNG for being extended authentication protocol EAP authentication, it is characterised in that the BNG includes EAP
Authentication module and WEB redirection modules, wherein,
The EAP authentication modules, for sending the EAP authentication requests to user terminal to aaa server, and from aaa server
The user terminal EAP authenticating results are received, and authenticating result is notified into the WEB redirection modules;
The WEB redirection modules, for know authenticating result be user terminal EAP failed authentication message after, judge whether need
User terminal is pushed to WEB server, if necessary to which user terminal is pushed into WEB server, institute is come from receiving
After the HTTP request for stating user terminal, the HTTP request, which is redirected to, can eliminate EAP failed authentications
The WEB server of reason;And after WEB server reception EAP continues the notice of authentication, notify EAP authentication module weights
Newly the EAP authentication requests to the user terminal are sent to aaa server;
The WEB redirection modules, for judging whether to need user terminal being pushed to WEB server, including:
The WEB redirection modules, judge whether failed authentication reason belongs to default and need user terminal being pushed to WEB clothes
The failed authentication reason of business device;Or, judge whether to receive aaa server transmission is pushed to WEB server by user terminal
Instruction.
6. BNG as claimed in claim 5, it is characterised in that
The WEB redirection modules, it is additionally operable to for the HTTP request to be redirected to the WEB that can eliminate EAP failed authentication reasons
During server, the failure cause in the EAP failed authentications message is carried.
7. a kind of WEB server for assisting Extensible Authentication Protocol EAP authentication, it is characterised in that the WEB server includes authentication
Module is established in indicating module and network connection, wherein,
Module is established in the network connection, the Hyper text transfer association of the user terminal for receiving wideband network gateway BNG forwardings
HTTP request is discussed, and establishes and connects with the user terminal;
The authentication indicating module, for the connection by the foundation, receive the user terminal and eliminate EAP failed authentications original
The self-help operation of cause;After the operation that the user terminal completes elimination EAP failed authentication reasons, send and indicate to the BNG
EAP continues the notice of authentication;
Module is established in the network connection, also after the HTTP request of user terminal of BNG forwardings is received, is judged in the request
EAP failed authentication reasons whether are carried, if carrying EAP failed authentication reasons in the request, are pushed away by the BNG to user
Send the webpage for eliminating the EAP failed authentications reason;
The authentication indicating module, the elimination EAP failed authentication reasons carried out for receiving user terminal by the webpage
Self-help operation;The user terminal complete eliminate EAP failed authentication reasons operation after, to the BNG send instruction EAP after
The notice of continuous authentication, including:Whether the operation for judging the elimination EAP failed authentication reasons that the user terminal is completed is to eliminate institute
The operation of the EAP failed authentication reasons carried in HTTP request is stated, if it is, sending instruction EAP to the BNG continues authentication
Notice.
8. the system of the Extensible Authentication Protocol EAP authentication under a kind of WEB service assistance, it is characterised in that the system includes width
Band network gateway BNG and WEB server, wherein,
The BNG is using the BNG any one of claim 5~6;
The WEB server is using the WEB server described in claim 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310051830.2A CN103152332B (en) | 2013-02-17 | 2013-02-17 | A kind of EAP authentication method and apparatus under WEB service assistance |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310051830.2A CN103152332B (en) | 2013-02-17 | 2013-02-17 | A kind of EAP authentication method and apparatus under WEB service assistance |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103152332A CN103152332A (en) | 2013-06-12 |
CN103152332B true CN103152332B (en) | 2018-02-16 |
Family
ID=48550195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310051830.2A Active CN103152332B (en) | 2013-02-17 | 2013-02-17 | A kind of EAP authentication method and apparatus under WEB service assistance |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103152332B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243522B (en) * | 2013-06-19 | 2018-02-06 | 华为技术有限公司 | Method and wideband network gateway for HTTP network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1909456A (en) * | 2006-08-24 | 2007-02-07 | 华为技术有限公司 | Method, system and identification server for configuring service channel after identification failure |
CN1968094A (en) * | 2006-11-23 | 2007-05-23 | 华为技术有限公司 | Method, system and server for prompting the cause for user terminal authentication failure |
CN101656684A (en) * | 2008-08-21 | 2010-02-24 | ***通信集团公司 | Content access authentication method, equipment and system for dynamic content delivery |
WO2012142867A1 (en) * | 2011-04-21 | 2012-10-26 | 中兴通讯股份有限公司 | Authentication notification method and system |
-
2013
- 2013-02-17 CN CN201310051830.2A patent/CN103152332B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1909456A (en) * | 2006-08-24 | 2007-02-07 | 华为技术有限公司 | Method, system and identification server for configuring service channel after identification failure |
CN1968094A (en) * | 2006-11-23 | 2007-05-23 | 华为技术有限公司 | Method, system and server for prompting the cause for user terminal authentication failure |
CN101656684A (en) * | 2008-08-21 | 2010-02-24 | ***通信集团公司 | Content access authentication method, equipment and system for dynamic content delivery |
WO2012142867A1 (en) * | 2011-04-21 | 2012-10-26 | 中兴通讯股份有限公司 | Authentication notification method and system |
Also Published As
Publication number | Publication date |
---|---|
CN103152332A (en) | 2013-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9020467B2 (en) | Method of and system for extending the WISPr authentication procedure | |
CN105007579B (en) | A kind of access authentication of WLAN method and terminal | |
US8769647B2 (en) | Method and system for accessing 3rd generation network | |
AU2004214799B2 (en) | Fast re-authentication with dynamic credentials | |
CN101032142B (en) | Means and methods for signal sign-on access to service network through access network | |
CN101867476B (en) | 3G virtual private dialing network user safety authentication method and device thereof | |
CN106105134B (en) | Method and apparatus for improving end-to-end data protection | |
CN105027529B (en) | Method and apparatus for verifying user's access to Internet resources | |
US20050114680A1 (en) | Method and system for providing SIM-based roaming over existing WLAN public access infrastructure | |
WO2011017924A1 (en) | Method, system, server, and terminal for authentication in wireless local area network | |
US20090119742A1 (en) | Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol | |
WO2012145134A1 (en) | Method of and system for utilizing a first network authentication result for a second network | |
US20090328167A1 (en) | Network access method and system | |
CN101163000A (en) | Secondary authentication method and system | |
KR101260648B1 (en) | Online activation method and system of user subscription for wireless internet service | |
CN106686589A (en) | VoWiFi business achieving method, system and AAA server | |
US20080070544A1 (en) | Systems and methods for informing a mobile node of the authentication requirements of a visited network | |
Zhang et al. | Virtual operator based AAA in wireless LAN hot spots with ad-hoc networking support | |
WO2012163159A1 (en) | Method and device for unifying corporate network aaa server and public network aaa server | |
CN103152332B (en) | A kind of EAP authentication method and apparatus under WEB service assistance | |
US9532218B2 (en) | Implementing a security association during the attachment of a terminal to an access network | |
KR101119869B1 (en) | Web Based Authentication Method for Wireless Internet Access Service at Business Places | |
US20210090087A1 (en) | Methods for access point systems and payment systems therefor | |
WO2017107745A1 (en) | Terminal authentication method, device and system | |
WO2017185589A1 (en) | Virtual sim card-based method and device for accessing wifi hotspot |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |