CN103595712A - Method, device and system for Web authentication - Google Patents

Method, device and system for Web authentication Download PDF

Info

Publication number
CN103595712A
CN103595712A CN201310546154.6A CN201310546154A CN103595712A CN 103595712 A CN103595712 A CN 103595712A CN 201310546154 A CN201310546154 A CN 201310546154A CN 103595712 A CN103595712 A CN 103595712A
Authority
CN
China
Prior art keywords
message
switch
sdn controller
user terminal
web authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310546154.6A
Other languages
Chinese (zh)
Other versions
CN103595712B (en
Inventor
吴航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CN201310546154.6A priority Critical patent/CN103595712B/en
Publication of CN103595712A publication Critical patent/CN103595712A/en
Application granted granted Critical
Publication of CN103595712B publication Critical patent/CN103595712B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method, device and system for Web authentication. The method comprises the steps that an SDN controller receives a reported message sent by an exchanger administered by the SDN controller, the reported message is a message obtained after a message with an appointed type obtained from a user terminal is packaged by the exchanger, and the appointed type is identical to the type of a Web authenticated and requested message; when the Web authentication request message obtained from the user terminal is packaged in the reported message, authentication is conducted based on authentication information carried in the Web authentication request message, and therefore an authentication result is obtained; a Web authentication response message with the authentication result is packaged so that an issued message can be obtained; the issued message is sent to the exchanger so that the Web authentication response message packaged in the issued message can be returned to the user terminal through the exchanger. According to the method, the requirement for the exchanger is reduced in the process of Web authentication, and the efficiency of the improvement of a Web authentication mechanism is improved.

Description

A kind of web authentication method, Apparatus and system
Technical field
The present invention relates to networking technology area, relate in particular to a kind of web authentication method, Apparatus and system.
Background technology
Existing web authentication is the authentication based on client/server (Client/Server), first the login window input authentication information of user on the browser of user terminal, and by user terminal, this authentication information is sent to the switch of access, switch is by the remote customer dialing authentication system (Radius of self, Remote Authentication Dial In User Service) this authentication information of client, then send it to certificate server, it is Radius server, Radius server authenticates this authentication information, after authentication is passed through, Radius server can trigger Radius client can access the address of outer net to user assignment.When user offline, be also to Radius server, to send off-line request by the Radius client on switch.
In existing web authentication technology, by switch, to carry out the authentication processing relevant to web authentication to operate, to having relatively high expectations of equipment, and in network, there is the more switch that need to possess web authentication function, when promoting the web authentication function of switch, for example, while improving web authentication mechanism, need to carry out respectively functional promotion to these many switches, thereby cause the web authentication system ease for use of network side poor, and it is lower when needs improve web authentication mechanism, to improve efficiency.
Summary of the invention
The embodiment of the present invention provides a kind of web authentication method, Apparatus and system, in order to solve exist in prior art higher to switch request in web authentication process, and web authentication mechanism is carried out to the problem that improved efficiency is lower.
The embodiment of the present invention provides a kind of web authentication method, comprising:
Software defined network SDN controller is received from the message that reports that the switch of barrel linchpin sends, the described message that reports is the message after described switch encapsulates the message of the specified type from user terminal, and described specified type is identical with the type of web authentication request message;
When described while reporting the web authentication request message being packaged with in message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result;
To carrying the web authentication response message of described authentication result, encapsulate, obtain downward message;
To described switch, send described downward message, for the described web authentication response message described downward message being encapsulated by described switch, return to described user terminal.
In the method that the embodiment of the present invention provides, SDN controller when receive be packaged with from the web authentication request message of user terminal report message time, based on this, report the authentication information carrying in the web authentication request message encapsulating in message to authenticate, and obtain authentication result, web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, also comprise: to self administration for carrying out the switch of web authentication, send the first configuration file, for by switch according to described the first configuration file to described SDN controller report the message from the described specified type of user terminal.
Like this, make switch after receiving the first configuration file, according to this first configuration file, all of the port on this switch is configured, complete the process that the first step starts authentication.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, also comprise: that to self, administers sends the second configuration file for carrying out the switch of web authentication, for abandoning the message from the non-designated type of user terminal by switch according to described the second configuration file.
Like this, make switch after receiving the second configuration file, according to this second configuration file, all of the port on this switch is configured, complete the process that second step starts authentication.
Further, also comprise: when described SDN controller passes through described user end certification, the 3rd configuration file that sends the end message that carries described user terminal to described switch, is used to indicate described switch and processes for the service message from described user terminal.
The web authentication request of this user terminal is by authentication, switch is according to the 3rd configuration file receiving, corresponding port is configured, allows the service message to specifying the user terminal of source IP address and source MAC to send to process, at this port, open function of surfing the Net.
Further, also comprise: what receive that described switch sends is packaged with the roll off the production line message of message of Web from described user terminal;
The 4th configuration file that sends the end message that carries described user terminal to described switch, is used to indicate described switch and stops processing for the service message from described user terminal.
Like this, this switch receives after the 4th configuration file, according to the 4th configuration file, corresponding port is configured, and the service message that stops sending for the user terminal of specifying source IP address and source MAC is processed, and at this port, stops function of surfing the Net.
Further, also comprise: to described switch, send and cancel web authentication Indication message, be used to indicate described switch cancellation and send the message from the described specified type of user terminal to described SDN controller.
Like this, SDN controller is removed authentication to this switch, when switch receives the message from the specified type of user terminal, no longer to SDN controller, sends.
The embodiment of the present invention also provides a kind of web authentication method, comprising:
Switch receives the message that user terminal sends;
When message that the described message receiving is specified type, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message;
Receive the downward message that is packaged with web authentication response message that described SDN controller sends, in described web authentication response message, carry authentication result, described authentication result is that described SDN controller authentication information based on carrying in described web authentication request message when described message is web authentication request message authenticates and obtains;
The described web authentication response message encapsulating in described downward message is returned to described user terminal.
In the method that the embodiment of the present invention provides, switch receives the downward message that is packaged with web authentication response message that this SDN controller sends, in this web authentication response message, carry authentication result, and this authentication result for authenticating, this SDN controller authentication information based on carrying in this web authentication request message when this message is web authentication request message obtains.Web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, also comprise:
Receive the first configuration file of the SDN controller transmission self belonging to;
When message that the described message receiving is specified type, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, specifically comprise:
Whether the described message determine receiving according to described the first configuration file is the message of specified type, and when message that described message is described specified type, to described SDN controller transmission, be packaged with reception described message report message.
Like this, switch is configured all of the port on this switch according to the first configuration file receiving, and completes the process that the first step starts authentication.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, also comprise:
Receive the second configuration file of the SDN controller transmission self belonging to;
According to described the second configuration file, when the described message receiving is not the message of described specified type, abandon described message.
Like this, switch is configured all of the port on this switch according to the second configuration file receiving, and completes the process that second step starts authentication.
Further, also comprise: receive described SDN controller when described user end certification is passed through, the 3rd configuration file of the end message that carries described user terminal of transmission;
According to described the 3rd configuration file, the service message from described user terminal is processed.
The web authentication request of this user terminal is by authentication, switch is according to the 3rd configuration file receiving, corresponding port is configured, allows the service message to specifying the user terminal of source IP address and source MAC to send to process, at this port, open function of surfing the Net.
Further, also comprise: receive Web that described user terminal the sends message that rolls off the production line;
To described SDN controller, send and be packaged with the roll off the production line message of message of described Web;
Receive the 4th configuration file of the end message that carries described user terminal of described SDN controller transmission;
According to described the 4th configuration file, stop processing for the service message from described user terminal.
Like this, this switch receives after the 4th configuration file, according to the 4th configuration file, corresponding port is configured, and the service message that stops sending for the user terminal of specifying source IP address and source MAC is processed, and at this port, stops function of surfing the Net.
Further, also comprise: receive the cancellation web authentication Indication message that described SDN controller sends;
According to described Indication message, cancel and send the message from the described specified type of user terminal to described SDN controller.
Like this, SDN controller is removed authentication to this switch, when switch receives the message from the specified type of user terminal, no longer to SDN controller, sends.
The embodiment of the present invention also provides a kind of web authentication device, is applied to software defined network SDN server, comprising:
Receiving element, for being received from the message that reports that the switch of barrel linchpin sends, the described message that reports is the message after described switch encapsulates the message of the specified type from user terminal, and described specified type is identical with the type of web authentication request message;
Authentication ' unit, for when described in while reporting message to be packaged with the web authentication request message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result;
Encapsulation unit, for encapsulating carrying the web authentication response message of described authentication result, obtains downward message;
Transmitting element, for sending described downward message to described switch, returns to described user terminal for the described web authentication response message described downward message being encapsulated by described switch.
In the web authentication device that the embodiment of the present invention provides, SDN controller when receive be packaged with from the web authentication request message of user terminal report message time, based on this, report the authentication information carrying in the web authentication request message encapsulating in message to authenticate, and obtain authentication result, web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, described transmitting element, also for to self administration for carrying out the switch of web authentication, send the first configuration file, for by switch according to described the first configuration file to described SDN controller report the message from the described specified type of user terminal.
Like this, make switch after receiving the first configuration file, according to this first configuration file, all of the port on this switch is configured, complete the process that the first step starts authentication.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, described transmitting element, also for what administer to self, for carrying out the switch of web authentication, send the second configuration file, for abandoning the message from the non-designated type of user terminal by switch according to described the second configuration file.
Like this, make switch after receiving the second configuration file, according to this second configuration file, all of the port on this switch is configured, complete the process that second step starts authentication.
Further, when described SDN controller passes through described user end certification, described transmitting element, also, for send the 3rd configuration file of the end message that carries described user terminal to described switch, be used to indicate described switch and process for the service message from described user terminal.
The web authentication request of this user terminal is by authentication, switch is according to the 3rd configuration file receiving, corresponding port is configured, allows the service message to specifying the user terminal of source IP address and source MAC to send to process, at this port, open function of surfing the Net.
Further, described receiving element, also for being packaged with of receiving that described switch sends from the roll off the production line message of message of the Web of described user terminal;
Described transmitting element, also, for send the 4th configuration file of the end message that carries described user terminal to described switch, is used to indicate described switch and stops processing for the service message from described user terminal.
Like this, this switch receives after the 4th configuration file, according to the 4th configuration file, corresponding port is configured, and the service message that stops sending for the user terminal of specifying source IP address and source MAC is processed, and at this port, stops function of surfing the Net.
Further, described transmitting element, also for sending and cancel web authentication Indication message to described switch, is used to indicate described switch cancellation and sends the message from the described specified type of user terminal to described SDN controller.
Like this, SDN controller is removed authentication to this switch, when switch receives the message from the specified type of user terminal, no longer to SDN controller, sends.
The embodiment of the present invention also provides a kind of web authentication device, is applied to the switch of SDN controller administration, comprising:
The first receiving element, the message sending for receiving user terminal;
During message that transmitting element is specified type for the described message when receiving, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message;
The second receiving element, the downward message that is packaged with web authentication response message sending for receiving described SDN controller, in described web authentication response message, carry authentication result, described authentication result is that described SDN controller authentication information based on carrying in described web authentication request message when described message is web authentication request message authenticates and obtains;
Return to unit, for the described web authentication response message that described downward message is encapsulated, return to described user terminal.
In the device that the embodiment of the present invention provides, switch receives the downward message that is packaged with web authentication response message that this SDN controller sends, in this web authentication response message, carry authentication result, and this authentication result for authenticating, this SDN controller authentication information based on carrying in this web authentication request message when this message is web authentication request message obtains.Web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, described the second receiving element, the first configuration file also sending for receiving the SDN controller of self ownership;
Described transmitting element, specifically for determining according to described the first configuration file whether the described message receiving is the message of specified type, and when message that described message is described specified type, to described SDN controller send be packaged with reception described message report message.
Like this, switch is configured all of the port on this switch according to the first configuration file receiving, and completes the process that the first step starts authentication.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, described the second receiving element, the second configuration file also sending for receiving the SDN controller of self ownership; Described the first receiving element, specifically for according to described the second configuration file, when the described message receiving is not the message of described specified type, abandons described message.
Like this, switch is configured all of the port on this switch according to the second configuration file receiving, and completes the process that second step starts authentication.
Further, described the second receiving element, also for receiving described SDN controller when described user end certification is passed through, the 3rd configuration file of the end message that carries described user terminal of transmission;
Described the first receiving element, specifically for processing the service message from described user terminal according to described the 3rd configuration file.
The web authentication request of this user terminal is by authentication, switch is according to the 3rd configuration file receiving, corresponding port is configured, allows the service message to specifying the user terminal of source IP address and source MAC to send to process, at this port, open function of surfing the Net.
Further, described the first receiving element, also for receiving Web that described user terminal the sends message that rolls off the production line;
Described transmitting element, is also packaged with the roll off the production line message of message of described Web for sending to described SDN controller;
Described the second receiving element, also for receiving the 4th configuration file of the end message that carries described user terminal of described SDN controller transmission;
Described the first receiving element, specifically for stopping processing for the service message from described user terminal according to described the 4th configuration file.
Like this, this switch receives after the 4th configuration file, according to the 4th configuration file, corresponding port is configured, and the service message that stops sending for the user terminal of specifying source IP address and source MAC is processed, and at this port, stops function of surfing the Net.
Further, described the second receiving element, the cancellation web authentication Indication message also sending for receiving described SDN controller;
Described transmitting element, specifically for cancelling and send the message from the described specified type of user terminal to described SDN controller according to described Indication message.
Like this, SDN controller is removed authentication to this switch, when switch receives the message from the specified type of user terminal, no longer to SDN controller, sends.
The embodiment of the present invention also provides a kind of web authentication system, comprising: the switch of software control network SDN controller and described SDN controller self administration, wherein:
Described SDN controller, for being received from the message that reports that the switch of barrel linchpin sends; When described while reporting the web authentication request message being packaged with in message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result; And encapsulate carrying the web authentication response message of described authentication result, obtain downward message; And send described downward message to described switch;
Described switch, the message sending for receiving user terminal; When message that the described message receiving is specified type, to the SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message; And receive the downward message that is packaged with web authentication response message that described SDN controller sends; And the described web authentication response message encapsulating in described downward message is returned to described user terminal.
In the system that the embodiment of the present invention provides, SDN controller when receive be packaged with from the web authentication request message of user terminal report message time, based on this, report the authentication information carrying in the web authentication request message encapsulating in message to authenticate, and obtain authentication result, web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Further, described SDN controller, also for sending and cancel web authentication Indication message to described switch;
Described switch, the cancellation web authentication Indication message also sending for receiving described SDN controller, and cancel and send the message from the described specified type of user terminal to described SDN controller according to described Indication message.
Like this, SDN controller is removed authentication to this switch, when switch receives the message from the specified type of user terminal, no longer to SDN controller, sends.
The application's further feature and advantage will be set forth in the following description, and, partly from specification, become apparent, or understand by implementing the application.The application's object and other advantages can be realized and be obtained by specifically noted structure in the specification write, claims and accompanying drawing.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, is used from explanation the present invention with the embodiment of the present invention one, is not construed as limiting the invention.In the accompanying drawings:
One of flow chart of the web authentication method that Fig. 1 provides for the embodiment of the present invention;
Two of the flow chart of the web authentication method that Fig. 2 provides for the embodiment of the present invention;
The web authentication method flow diagram that Fig. 3 provides for the embodiment of the present invention 1;
Web authentication canceling method flow chart during user offline that Fig. 4 provides for the embodiment of the present invention 1;
One of structural representation of the web authentication device that Fig. 5 provides for the embodiment of the present invention 2;
Two of the structural representation of the web authentication device that Fig. 6 provides for the embodiment of the present invention 3;
The structural representation of the web authentication system that Fig. 7 provides for the embodiment of the present invention 4.
Embodiment
In order to provide, reduce the requirement to switch in web authentication process, and improve the implementation that web authentication mechanism is carried out to improved efficiency, the embodiment of the present invention provides a kind of web authentication method, Apparatus and system, below in conjunction with Figure of description, the preferred embodiments of the present invention are described, be to be understood that, preferred embodiment described herein only, for description and interpretation the present invention, is not intended to limit the present invention.And in the situation that not conflicting, embodiment and the feature in embodiment in the application can combine mutually.
The embodiment of the present invention provides a kind of web authentication method, is applied to software defined network (SDN, Software Defined Network) controller, as shown in Figure 1, comprising:
Step 101, SDN controller are received from the message that reports that the switch of barrel linchpin sends, and this reports message is the message after this switch encapsulates the message of the specified type from user terminal, and this specified type is identical with the type of web authentication request message.
Step 102, when this reports the web authentication request message being packaged with in message from this user terminal, based on this, report the authentication information carrying in this web authentication request message encapsulating in message to authenticate, obtain authentication result.
Step 103, to carrying the web authentication response message of this authentication result, encapsulate, obtain downward message.
Step 104, to this switch, send this downward message, for this web authentication response message this downward message being encapsulated by this switch, return to this user terminal.
Accordingly, the embodiment of the present invention also provides a kind of web authentication method, is applied to the switch of SDN controller administration, as shown in Figure 2, comprising:
Step 201, switch receive the message that user terminal sends.
Step 202, when message that this message receiving is specified type, to the software defined network SDN controller of self ownership send be packaged with reception this message report message, this specified type is identical with the type of web authentication request message.
Step 203, receive the downward message that is packaged with web authentication response message that this SDN controller sends, in this web authentication response message, carry authentication result, this authentication result obtains for this SDN controller authentication information based on carrying in this web authentication request message when this message is web authentication request message authenticates.
Step 204, this web authentication response message encapsulating in this downward message is returned to this user terminal.
SDN is open network foundation (ONF, Open Networking Foundation) a kind of separate network framework of formulating, in this network architecture, realize the chain of command of legacy network devices and forwarded the separated of face, chain of command is focused on SDN controller, SDN controller also can be called Controller, SDN controller is by for example issuing configuration file, to the network equipment (switch, router) control, the network equipment completes the forwarding of data according to the configuration file receiving, SDN controller can be managed many network equipments of different vendor, the centralized management of realization to whole network.
In above-mentioned steps 104, SDN controller sends the downward message that is packaged with web authentication response message to switch, this web authentication response message is the response message that carries the final authentication result of the authentication information gained of SDN controller based on user terminal, due in web authentication reciprocal process, SDN controller can also obtain some intermediate object programs by the authentication information based on user terminal, therefore in this downward message except comprising this web authentication response message, can also comprise the response message that carries these intermediate object programs.Accordingly, the downward message that in above-mentioned steps 203, switch receives is consistent with this downward message, does not repeat them here.
In the said method that the embodiment of the present invention provides, SDN controller when receive be packaged with from the web authentication request message of user terminal report message time, based on this, report the authentication information carrying in this web authentication request message encapsulating in message to authenticate, and obtain authentication result, web authentication request to user terminal in the method is carried out authentication processing by SDN controller, therefore switch no longer needs to carry out the authentication processing operation relevant to web authentication, the requirement of switch is reduced, and when needs improve web authentication mechanism, only need carry out corresponding functional promotion to SDN controller, and do not need again a plurality of switches to be carried out respectively to functional promotion, and then improved web authentication mechanism has been carried out to improved efficiency.
Below in conjunction with accompanying drawing, with specific embodiment, method provided by the invention and device and corresponding system are described in detail.
Embodiment 1:
Under SDN network initial condition, SDN controller can connect by specific protocol specification (being OpenFlow agreement) and switch, after connecting, which switch setting in advance according to user is for carrying out web authentication, SDN controller is enabled web authentication to these switch unifications, and the process of enabling web authentication can realize by issuing the mode of configuration file.
The first step: SDN controller sends the first configuration file to the switch for web authentication of self administration, for by switch according to this first configuration file to this SDN controller report the message from the specified type of user terminal, the type of the web authentication request message that wherein specified type sends when asking web authentication with user terminal is identical, for example, in practical application at present, this specified type is TCP type.
This first configuration file can be called stream Table A, comprises the territories such as Match Field, Action, and particular content is as follows:
The Match Field territory of table 1, stream Table A
Territory Value Implication
Match?Type 0xFFFF7FFF All messages must Match IP protocol domain
IP?Proto?Type TCP Coupling TCP message
Other territory of Match Field Arbitrary value Meaningless
The Action territory of table 2, stream Table A
Territory Value Implication
Type 0x0 Message need output to certain concrete port
Len 0x8 These Action total length 8 bytes
Value 0xfffd Output port is Controller
Other generic domains of table 3, stream Table A
Figure BDA0000409364210000141
Switch receives after stream Table A, and convection current Table A carries out escape, and the content according to stream in Table A, is configured all of the port of this switch, when receive from the TCP type of user terminal message time, the message of this TCP type is sent to SDN controller.
Second step: that administers to self sends the second configuration file for carrying out the switch of web authentication, for abandoning the message from the non-designated type of user terminal by switch according to described the second configuration file.
This second configuration file can be called stream table B, and particular content is as follows:
The Match Field territory of table 4, stream table B
Territory Value Implication
Match?Type 0xFFFFFFFF All messages mate entirely
Other territory of Match Field Arbitrary value Meaningless
Other generic domains of table 5, stream table B
Figure BDA0000409364210000151
Now, stream table B does not have Action field, represent that all matching messages all abandon, switch receives after stream table B, convection current table B carries out escape, and the content according in stream table B, is configured all of the port of this switch, when receive from user terminal message except TCP type message time, abandon this message.
After all port arrangement complete on to this switch, between SDN controller and this switch, completed the configuration of web authentication function.Next concrete web authentication process as shown in Figure 3, comprising:
Step 301, user terminal send message to switch.
Step 302, this switch receive after the message of user terminal transmission, confirm the type of this message, if this message is the message of TCP type, perform step 303, otherwise, perform step 304.
In this step, the web authentication request message sending due to user terminal is the message of TCP type, so the message of the TCP type from user terminal that follow-up web authentication process only receives for switch.
Step 303, this message is encapsulated, obtain being packaged with message after the encapsulation of this message, after encapsulation, message can be called and reports message.If this message is web authentication request message, this reports and in message, is packaged with this web authentication request message.
Encapsulation concrete in this step can be according to the encapsulation of OpenFlow form, and concrete OpenFlow form is as follows:
Table 6, report message OpenFlow encapsulation format
Figure BDA0000409364210000161
Message after encapsulation, comprises this exchanger information (as the Buffer ID of this switch local management), from the TCP original message of user terminal and receive switch ports themselves information of this TCP original message etc.
Step 304, by the packet loss of this non-TCP type.
Step 305, by encapsulation after report message send to self ownership SDN controller.
Step 306, SDN controller receive this and report message, and Packet_in message, to this Packet_in message decapsulation, extracts exchanger information, port information and TCP original message etc. wherein.
Step 307, these information that extract are submitted to the web authentication processing module in SDN controller.
The web authentication processing module of step 308, SDN controller receives after these information, these information are authenticated, and the authentication result based on obtaining generates web authentication response message.
In this step, to process details consistent with having web authentication on the switch of web authentication function in prior art to the processing details of these information for the web authentication processing module of SDN controller, at this, is no longer described in detail.
Step 309, SDN controller encapsulate this web authentication response message, above-mentioned exchanger information, port information, by OpenFlow, carry out Packet_out encapsulation, and the message after encapsulation is called downward message, and concrete encapsulation format is as follows:
Table 7, downward message OpenFlow encapsulation format
Figure BDA0000409364210000171
Step 310, SDN controller send to switch by this downward message.
Step 311, switch receive after the downward message of SDN controller transmission, and to this downward message decapsulation, and the port that web authentication response message is wherein represented by port information sends to user terminal.
In this step, switch is consistent to the process of user terminal transmission message with the switch with web authentication function traditional in prior art to the process of user terminal transmission message, at this, is no longer described in detail.
When SDN controller passes through the authentication of this user terminal, can to this switch, send the 3rd configuration file of the end message that carry this user terminal, be used to indicate this switch and process for the service message from this user terminal.The end message of this user terminal can be source IP address and the source MAC of this user terminal.
The 3rd configuration file can be called stream table C, comprises the territories such as Match Field, Action, and particular content is as follows:
The Match Field territory of table 8, stream table C
Figure BDA0000409364210000181
The Action territory of table 9, stream table C
Figure BDA0000409364210000182
Other generic domains of table 10, stream table C
Switch receives after stream table C, convection current table C carries out escape, and according to the port information in stream table C, the port that this port information is represented is configured, permission is processed the service message of specifying the user terminal of source IP address and source MAC to send, and at this port, opens function of surfing the Net.
When user offline, concrete handling process as shown in Figure 4, comprising:
Step 401, user terminal send the Web message that rolls off the production line to switch.
Step 402, switch receive rolling off the production line after message of user terminal transmission, and this message that rolls off the production line is encapsulated, and specifically can adopt OpenFlow encapsulation format.
Step 403, this switch send to SDN controller by the message after encapsulation.
After the encapsulated message that step 404, SDN controller desampler send, to this encapsulated message deblocking, extract relevant information wherein.
Step 405, the relevant information extracting is submitted to the web authentication processing module in SDN controller.
The web authentication processing module of step 406, SDN controller is processed these relevant informations, completes the processing of rolling off the production line to designated user.
In this step, rolling off the production line of user processed to details to the web authentication processing module of SDN controller and in prior art, to have web authentication on the switch of the web authentication function processing details that rolls off the production line consistent, at this, is no longer described in detail.
Step 407, SDN controller send the 4th configuration file to switch, and the 4th configuration file flows table D, wherein carry the end message of this user terminal.The end message of this user terminal can be source IP address and the source MAC of this user terminal.
The particular content of stream table D is as follows:
The Match Field territory of table 11, stream table D
Figure BDA0000409364210000191
Other generic domains of table 12, stream table D
Figure BDA0000409364210000201
Step 408, switch receive after stream table D, convection current table D carries out escape, according to the port information in stream table D, the port that this port information is represented is configured, delete the rule of the message that receives the user terminal transmission of specifying source IP address and source MAC, the service message that stops sending for the user terminal of specifying source IP address and source MAC is processed, and at this port, stops function of surfing the Net.
Further, SDN controller can also send and cancel web authentication Indication message to this switch, is used to indicate this switch cancellation and sends the message from the specified type of user terminal to this SDN controller.Object is that the processing of carrying out web authentication generation for user terminal is before reduced, be mainly recover before switch for the corresponding configuration of stream Table A, stream table B, stream table C.SDN controller sends and deletes stream Table A, deletes the Indication message that flows table B, deletes stream table C to this switch, this switch is for this Indication message, all of the port on this switch is configured accordingly, be that switch all of the port is deleted the rule that TCP message is sent to SDN controller, switch all of the port is deleted the rule of forbidding receiving any message, and switch all of the port deletion reception source IP address is the rule of the message of assigned ip address.
Further, when switch off-line, while being switch disconnection OpenFlow connection, the OpenFlow module in SDN controller can receive the Indication message that this switch disconnects OpenFlow, and now SDN controller is deleted all stream tables that carry out the generation of web authentication during interaction with this switch.After this switch and SDN controller disconnect, this switch all of the port is deleted the rule that TCP message is sent to SDN controller, switch all of the port is deleted the rule of forbidding receiving any message, and switch all of the port deletion reception source IP address is the rule of the message of assigned ip address.
Embodiment 2:
Based on same inventive concept, the web authentication method providing according to the above embodiment of the present invention, correspondingly, another embodiment of the present invention also provides a kind of web authentication device, is applied to SDN controller, and apparatus structure schematic diagram as shown in Figure 5, specifically comprises:
Receiving element 501, for being received from the message that reports that the switch of barrel linchpin sends, this reports message is the message after this switch encapsulates the message of the specified type from user terminal, this specified type is identical with the type of web authentication request message;
Authentication ' unit 502, when reporting message to be packaged with the web authentication request message from this user terminal when this, based on this report in this web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result;
Encapsulation unit 503, for encapsulating carrying the web authentication response message of this authentication result, obtains downward message;
Transmitting element 504, for for sending this downward message to this switch, returns to this user terminal for this web authentication response message this downward message being encapsulated by this switch.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, transmitting element 504, also for to self administration for carrying out the switch of web authentication, send the first configuration file, for by switch according to this first configuration file to this SDN controller report the message from this specified type of user terminal.
Further, at SDN controller, be received from that the switch of barrel linchpin sends report message before, transmitting element 504, also for what administer to self, for carrying out the switch of web authentication, send the second configuration file, for abandoning the message from the non-designated type of user terminal by switch according to this second configuration file.
Further, when this SDN controller passes through this user end certification, transmitting element 504, also, for send the 3rd configuration file of the end message that carries this user terminal to this switch, is used to indicate this switch and processes for the service message from this user terminal.
Further, receiving element 501, also for being packaged with of receiving that this switch sends from the roll off the production line message of message of the Web of this user terminal; Transmitting element 504, also, for send the 4th configuration file of the end message that carries this user terminal to this switch, is used to indicate this switch and stops processing for the service message from this user terminal.
Further, transmitting element 504, also for sending and cancel web authentication Indication message to this switch, is used to indicate this switch cancellation and sends the message from this specified type of user terminal to this SDN controller.
The function of above-mentioned each unit can, corresponding to the respective handling step in flow process shown in Fig. 1 to Fig. 4, not repeat them here.
Embodiment 3:
Based on same inventive concept, the web authentication method providing according to the above embodiment of the present invention, correspondingly, the embodiment of the present invention 3 also provides a kind of web authentication device, is applied to switch, and apparatus structure schematic diagram as shown in Figure 6, specifically comprises:
The first receiving element 601, the message sending for receiving user terminal;
When transmitting element 602, the message that is specified type for the described message when receiving, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message;
The second receiving element 603, the downward message that is packaged with web authentication response message sending for receiving described SDN controller, in described web authentication response message, carry authentication result, described authentication result is that described SDN controller authentication information based on carrying in described web authentication request message when described message is web authentication request message authenticates and obtains;
Return to unit 604, for the described web authentication response message that described downward message is encapsulated, return to described user terminal.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, this second receiving element 603, the first configuration file also sending for receiving the SDN controller of self ownership; This transmitting element 602, specifically for determining according to described the first configuration file whether the described message receiving is the message of specified type, and when message that described message is described specified type, to described SDN controller send be packaged with reception described message report message.
Further, the SDN controller to self ownership send be packaged with reception described message report message before, this second receiving element 603, the second configuration file also sending for receiving the SDN controller of self ownership; This first receiving element 601, specifically for according to described the second configuration file, when the described message receiving is not the message of described specified type, abandons described message.
Further, this second receiving element 603, also for receiving described SDN controller when described user end certification is passed through, the 3rd configuration file of the end message that carries described user terminal of transmission; This first receiving element 601, specifically for processing the service message from described user terminal according to described the 3rd configuration file.
Further, this first receiving element 601, also for receiving Web that described user terminal the sends message that rolls off the production line; This transmitting element 602, is also packaged with the roll off the production line message of message of described Web for sending to described SDN controller; This second receiving element 603, also for receiving the 4th configuration file of the end message that carries described user terminal of described SDN controller transmission; This first receiving element 601, specifically for stopping processing for the service message from described user terminal according to described the 4th configuration file.
Further, this second receiving element 603, the cancellation web authentication Indication message also sending for receiving described SDN controller; This transmitting element 602, specifically for cancelling and send the message from the described specified type of user terminal to described SDN controller according to described Indication message.
The function of above-mentioned each unit can, corresponding to the respective handling step in flow process shown in Fig. 1 to Fig. 4, not repeat them here.
Embodiment 4:
The embodiment of the present invention 4 also provides a kind of web authentication system, comprising: the switch of SDN controller and this controller self administration, and system configuration schematic diagram as shown in Figure 7, specifically comprises:
SDN controller 701, for being received from the message that reports that the switch of barrel linchpin sends; When this reports the web authentication request message being packaged with in message from this user terminal, based on this report in this web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result; And encapsulate carrying the web authentication response message of this authentication result, obtain downward message; And send this downward message to this switch;
Switch 702, the message sending for receiving user terminal; When message that this message receiving is specified type, to the SDN controller of self ownership send be packaged with reception this message report message, this specified type is identical with the type of web authentication request message; And receive the downward message that is packaged with web authentication response message that this SDN controller sends; And this web authentication response message encapsulating in this downward message is returned to this user terminal.
Further, SDN controller 701, also for sending and cancel web authentication Indication message to this switch; Switch 702, the cancellation web authentication Indication message also sending for receiving this SDN controller, and cancel and send the message from this specified type of user terminal to this SDN controller according to this Indication message.
In sum, the scheme that the embodiment of the present invention provides, SDN controller is received from the message that reports that the switch of barrel linchpin sends, this reports message is the message after this switch encapsulates the message of the specified type from user terminal, and this specified type is identical with the type of web authentication request message; When this reports the web authentication request message being packaged with in message from this user terminal, based on this, report the authentication information carrying in this web authentication request message encapsulating in message to authenticate, obtain authentication result; And encapsulate carrying the web authentication response message of this authentication result, obtain downward message; And send this downward message to this switch, for this web authentication response message this downward message being encapsulated by this switch, return to this user terminal.Adopt method provided by the invention, reduced the requirement to switch in web authentication process, and improved web authentication mechanism is carried out to improved efficiency.
The web authentication device that the application's embodiment provides can be realized by computer program.Those skilled in the art should be understood that; above-mentioned Module Division mode is only a kind of in numerous Module Division modes; if be divided into other modules or do not divide module, as long as web authentication device has above-mentioned functions, all should be within the application's protection range.
The application is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present application, equipment (system) and computer program.Should understand can be in computer program instructions realization flow figure and/or block diagram each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction of carrying out by the processor of computer or other programmable data processing device is produced for realizing the device in the function of flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame on computer or other programmable devices.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention is also intended to comprise these changes and modification interior.

Claims (19)

1. a web authentication method, is characterized in that, comprising:
Software defined network SDN controller is received from the message that reports that the switch of barrel linchpin sends, the described message that reports is the message after described switch encapsulates the message of the specified type from user terminal, and described specified type is identical with the type of web authentication request message;
When described while reporting the web authentication request message being packaged with in message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result;
To carrying the web authentication response message of described authentication result, encapsulate, obtain downward message;
To described switch, send described downward message, for the described web authentication response message described downward message being encapsulated by described switch, return to described user terminal.
2. the method for claim 1, is characterized in that, at SDN controller, be received from that the switch of barrel linchpin sends report message before, also comprise:
To self administration for carrying out the switch of web authentication, send the first configuration file, for by switch according to described the first configuration file to described SDN controller report the message from the described specified type of user terminal.
3. method as claimed in claim 2, is characterized in that, at SDN controller, be received from that the switch of barrel linchpin sends report message before, also comprise:
That to self, administers sends the second configuration file for carrying out the switch of web authentication, for abandoning the message from the non-designated type of user terminal by switch according to described the second configuration file.
4. the method as described in as arbitrary in claim 1-3, is characterized in that, also comprises:
When described SDN controller passes through described user end certification, to described switch, send the 3rd configuration file of the end message that carries described user terminal, be used to indicate described switch and process for the service message from described user terminal.
5. the method as described in as arbitrary in claim 1-3, is characterized in that, also comprises:
What receive that described switch sends is packaged with the roll off the production line message of message of Web from described user terminal;
The 4th configuration file that sends the end message that carries described user terminal to described switch, is used to indicate described switch and stops processing for the service message from described user terminal.
6. the method for claim 1, is characterized in that, also comprises:
To described switch, send and cancel web authentication Indication message, be used to indicate described switch cancellation and send the message from the described specified type of user terminal to described SDN controller.
7. a web authentication method, is characterized in that, comprising:
Switch receives the message that user terminal sends;
When message that the described message receiving is specified type, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message;
Receive the downward message that is packaged with web authentication response message that described SDN controller sends, in described web authentication response message, carry authentication result, described authentication result is that described SDN controller authentication information based on carrying in described web authentication request message when described message is web authentication request message authenticates and obtains;
The described web authentication response message encapsulating in described downward message is returned to described user terminal.
8. method as claimed in claim 7, is characterized in that, the SDN controller to self ownership send be packaged with reception described message report message before, also comprise:
Receive the first configuration file of the SDN controller transmission self belonging to;
When message that the described message receiving is specified type, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, specifically comprise:
Whether the described message determine receiving according to described the first configuration file is the message of specified type, and when message that described message is described specified type, to described SDN controller transmission, be packaged with reception described message report message.
9. method as claimed in claim 8, is characterized in that, the SDN controller to self ownership send be packaged with reception described message report message before, also comprise:
Receive the second configuration file of the SDN controller transmission self belonging to;
According to described the second configuration file, when the described message receiving is not the message of described specified type, abandon described message.
10. the method as described in as arbitrary in claim 7-9, is characterized in that, also comprises:
Receive described SDN controller when described user end certification is passed through, the 3rd configuration file of the end message that carries described user terminal of transmission;
According to described the 3rd configuration file, the service message from described user terminal is processed.
11. methods as described in as arbitrary in claim 7-9, is characterized in that, also comprise:
Receive Web that described user terminal the sends message that rolls off the production line;
To described SDN controller, send and be packaged with the roll off the production line message of message of described Web;
Receive the 4th configuration file of the end message that carries described user terminal of described SDN controller transmission;
According to described the 4th configuration file, stop processing for the service message from described user terminal.
12. methods as claimed in claim 7, is characterized in that, also comprise:
Receive the cancellation web authentication Indication message that described SDN controller sends;
According to described Indication message, cancel and send the message from the described specified type of user terminal to described SDN controller.
13. 1 kinds of web authentication devices, are applied to software defined network SDN server, it is characterized in that, comprising:
Receiving element, for being received from the message that reports that the switch of barrel linchpin sends, the described message that reports is the message after described switch encapsulates the message of the specified type from user terminal, and described specified type is identical with the type of web authentication request message;
Authentication ' unit, for when described in while reporting message to be packaged with the web authentication request message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result;
Encapsulation unit, for encapsulating carrying the web authentication response message of described authentication result, obtains downward message;
Transmitting element, for sending described downward message to described switch, returns to described user terminal for the described web authentication response message described downward message being encapsulated by described switch.
14. devices as claimed in claim 13, it is characterized in that, at SDN controller, be received from that the switch of barrel linchpin sends report message before, described transmitting element, also for to self administration for carrying out the switch of web authentication, send the first configuration file, for by switch according to described the first configuration file to described SDN controller report the message from the described specified type of user terminal.
15. devices as claimed in claim 14, it is characterized in that, at SDN controller, be received from that the switch of barrel linchpin sends report message before, described transmitting element, also for what administer to self, for carrying out the switch of web authentication, send the second configuration file, for abandoning the message from the non-designated type of user terminal by switch according to described the second configuration file.
16. 1 kinds of web authentication devices, are applied to the switch that SDN controller is administered, and it is characterized in that, comprising:
The first receiving element, the message sending for receiving user terminal;
During message that transmitting element is specified type for the described message when receiving, to the software defined network SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message;
The second receiving element, the downward message that is packaged with web authentication response message sending for receiving described SDN controller, in described web authentication response message, carry authentication result, described authentication result is that described SDN controller authentication information based on carrying in described web authentication request message when described message is web authentication request message authenticates and obtains;
Return to unit, for the described web authentication response message that described downward message is encapsulated, return to described user terminal.
17. devices as claimed in claim 16, it is characterized in that, the SDN controller to self ownership send be packaged with reception described message report message before, described the second receiving element, the first configuration file also sending for receiving the SDN controller of self ownership;
Described transmitting element, specifically for determining according to described the first configuration file whether the described message receiving is the message of specified type, and when message that described message is described specified type, to described SDN controller send be packaged with reception described message report message.
18. devices as claimed in claim 17, it is characterized in that, the SDN controller to self ownership send be packaged with reception described message report message before, described the second receiving element, the second configuration file also sending for receiving the SDN controller of self ownership; Described the first receiving element, specifically for according to described the second configuration file, when the described message receiving is not the message of described specified type, abandons described message.
19. 1 kinds of web authentication systems, is characterized in that, comprising: the switch of software control network SDN controller and described SDN controller self administration, wherein:
Described SDN controller, for being received from the message that reports that the switch of barrel linchpin sends; When described while reporting the web authentication request message being packaged with in message from described user terminal, based on described report in the described web authentication request message encapsulating in message, carry authentication information authenticate, obtain authentication result; And encapsulate carrying the web authentication response message of described authentication result, obtain downward message; And send described downward message to described switch;
Described switch, the message sending for receiving user terminal; When message that the described message receiving is specified type, to the SDN controller of self ownership send be packaged with reception described message report message, described specified type is identical with the type of web authentication request message; And receive the downward message that is packaged with web authentication response message that described SDN controller sends; And the described web authentication response message encapsulating in described downward message is returned to described user terminal.
CN201310546154.6A 2013-11-06 2013-11-06 A kind of Web authentication method, apparatus and system Active CN103595712B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310546154.6A CN103595712B (en) 2013-11-06 2013-11-06 A kind of Web authentication method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310546154.6A CN103595712B (en) 2013-11-06 2013-11-06 A kind of Web authentication method, apparatus and system

Publications (2)

Publication Number Publication Date
CN103595712A true CN103595712A (en) 2014-02-19
CN103595712B CN103595712B (en) 2017-04-05

Family

ID=50085694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310546154.6A Active CN103595712B (en) 2013-11-06 2013-11-06 A kind of Web authentication method, apparatus and system

Country Status (1)

Country Link
CN (1) CN103595712B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702607A (en) * 2015-03-12 2015-06-10 杭州华三通信技术有限公司 Access authentication method, device and system of SDN (Software Defined Network)
CN105376252A (en) * 2015-12-02 2016-03-02 福建星网锐捷网络有限公司 Distributed architecture data communication device, distributed architecture data communication device authentication method and service board
CN105978810A (en) * 2016-06-27 2016-09-28 上海斐讯数据通信技术有限公司 User authentication method and system based on SDN (Software Defined Network)
WO2017063458A1 (en) * 2015-10-13 2017-04-20 上海斐讯数据通信技术有限公司 Physical address bypass authentication method and apparatus based on software defined networking
CN107294961A (en) * 2017-06-09 2017-10-24 华南理工大学 A kind of user's real information security certification system and method
CN109495477A (en) * 2018-11-19 2019-03-19 迈普通信技术股份有限公司 A kind of authentication method, equipment and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090138577A1 (en) * 2007-09-26 2009-05-28 Nicira Networks Network operating system for managing and securing networks
CN103250383A (en) * 2011-04-18 2013-08-14 日本电气株式会社 Terminal, control device, communication method, communication system, communication module, program, and information processing device
CN103248573A (en) * 2013-04-08 2013-08-14 北京天地互连信息技术有限公司 Centralization management switch for OpenFlow and data processing method of centralization management switch

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090138577A1 (en) * 2007-09-26 2009-05-28 Nicira Networks Network operating system for managing and securing networks
CN103250383A (en) * 2011-04-18 2013-08-14 日本电气株式会社 Terminal, control device, communication method, communication system, communication module, program, and information processing device
CN103248573A (en) * 2013-04-08 2013-08-14 北京天地互连信息技术有限公司 Centralization management switch for OpenFlow and data processing method of centralization management switch

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104702607A (en) * 2015-03-12 2015-06-10 杭州华三通信技术有限公司 Access authentication method, device and system of SDN (Software Defined Network)
CN104702607B (en) * 2015-03-12 2018-10-09 新华三技术有限公司 A kind of access authentication method of software defined network, device and system
WO2017063458A1 (en) * 2015-10-13 2017-04-20 上海斐讯数据通信技术有限公司 Physical address bypass authentication method and apparatus based on software defined networking
CN105376252A (en) * 2015-12-02 2016-03-02 福建星网锐捷网络有限公司 Distributed architecture data communication device, distributed architecture data communication device authentication method and service board
CN105376252B (en) * 2015-12-02 2019-06-14 福建星网锐捷网络有限公司 Distributed architecture data communication equipment and its authentication method, business board
CN105978810A (en) * 2016-06-27 2016-09-28 上海斐讯数据通信技术有限公司 User authentication method and system based on SDN (Software Defined Network)
CN107294961A (en) * 2017-06-09 2017-10-24 华南理工大学 A kind of user's real information security certification system and method
CN109495477A (en) * 2018-11-19 2019-03-19 迈普通信技术股份有限公司 A kind of authentication method, equipment and system

Also Published As

Publication number Publication date
CN103595712B (en) 2017-04-05

Similar Documents

Publication Publication Date Title
CN103595712A (en) Method, device and system for Web authentication
CN104469660B (en) Network-building method based on bluetooth
CN104009925B (en) Bridge joint method for building up, device and the router of router
US9825950B2 (en) Method, apparatus, and system for controlling access of user terminal
CN103118064A (en) Method and device of Portal centralized authentication
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
CN104394577B (en) The wireless network access method of wireless routing device and electronic equipment
CN107222321B (en) Configuration message sending method and device
CN105516960A (en) Non-perceptual authentication method system, management method and system based on the method system
WO2019157968A1 (en) Communication method, apparatus and system
CN108390937B (en) Remote monitoring method, device and storage medium
CN107257300B (en) A kind of 4G access devices of wireless backup, system and method
WO2016138636A1 (en) Node networking method, apparatus and system
CN103442358A (en) Method for local forwarding concentrated authentication and control device
WO2015103848A1 (en) Method, system and terminal for realizing network access via wifi
CN103944756A (en) Method for controlling wireless access point equipment based on OpenFlow protocol
CN108966363A (en) A kind of connection method for building up and device
WO2016169260A1 (en) Authentication and registration method, device and system for optical access module
CN106533934A (en) Border gateway applicable to all interconnected manufacturing networks
CN104168302B (en) Equipment manipulation implementation method, system and proxy gateway
CN104065689A (en) Broadband wireless access sharing and advertising method
WO2017076146A1 (en) Network access authentication method and system
CN103986692B (en) Data forwarding method and system based on wireless access point
CN107342940A (en) The generation method and device and message processing method and device of a kind of control information
EP3220584A1 (en) Wifi sharing method and system, home gateway and wireless local area network gateway

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee after: RUIJIE NETWORKS CO., LTD.

Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee before: Fujian Xingwangruijie Network Co., Ltd.

CP01 Change in the name or title of a patent holder