CN106888091A - Trustable network cut-in method and system based on EAP - Google Patents
Trustable network cut-in method and system based on EAP Download PDFInfo
- Publication number
- CN106888091A CN106888091A CN201510982871.2A CN201510982871A CN106888091A CN 106888091 A CN106888091 A CN 106888091A CN 201510982871 A CN201510982871 A CN 201510982871A CN 106888091 A CN106888091 A CN 106888091A
- Authority
- CN
- China
- Prior art keywords
- terminal
- identifying code
- authentication
- eap
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of trustable network cut-in method based on EAP and system, methods described includes:NAC servers carry out preliminary authentication to terminal;After preliminary certification passes through, NAC servers carry out re-authentication to terminal;After re-authentication passes through, NAC servers carry out secure and trusted detection to terminal.The method of the invention and system, by secondary authentication, enhance the accuracy of authenticating user identification and the security of network;Based on IEEE802.1x standard agreements and EAP protocol, network equipment compatibility is improve.
Description
Technical field
The present invention relates to technical field of communication network, more particularly to a kind of trusted networks based on EAP
Network cut-in method and system.
Background technology
With the rapid popularization of the Internet, applications, people become more and more tightr with the relation of network.
However, because internet has the features such as opening, interconnectivity, causing network to exist much not
Safety factor, Malware is wantonly vilified, and hacker's destruction agaainst the law all seriously threatens
The interests safety of people.Therefore, computer can either be protected not receive it is highly desirable to a set of
Malicious attack, can provide the solution of safety guarantee for access network again.By trust computing
The TNC (Trusted Network Connect, trusted network connection) that tissue (TCG) is proposed
It is exactly to produce in this context.
TNC can solve the problem that terminal security problem in a network environment, and enter by terminal
Row integrity measurement assesses applicability of the terminal for network to be accessed, to ensure only have
Legal and inherently safe terminal can be linked into network.TNC is complete in conjunction with terminal
Property inspection access control technology realize the secure connection of end host.
In TNC, before accessing terminal to network, the identity to user is authenticated;If recognized
Card passes through, and the identity to terminal platform is authenticated;If certification passes through, to the platform of terminal
Trusted status are measured;If measurement results meet the security strategy of network insertion, allow
Accessing terminal to network, terminal is otherwise connected to the area of isolation specified, and security is carried out to it
Repairing and upgrading.
But, once attacker steals the data that user identity just can be obtained in network.With
Network security requirement more and more higher, existing identification authentication mode has been difficult to meet and has required, its
Authentication security has much room for improvement.
The content of the invention
In view of the above problems, it is proposed that the present invention is to provide a kind of trustable network based on EAP
Cut-in method and system, for overcoming above mentioned problem or solving at least in part or slow down
State the shortcoming of problem.
According to an aspect of the invention, there is provided a kind of trustable network based on EAP connects
Enter, including:NAC servers carry out preliminary authentication to terminal;Preliminary certification passes through
Afterwards, NAC servers carry out re-authentication to terminal;After re-authentication passes through, NAC services
Device carries out secure and trusted detection to terminal.
Optionally, the NAC servers carry out preliminary authentication to terminal includes:
Receive user name response message;
Inquire about whether the user name is legal user from customer data base according to user name
Name;
If so, send puing question to message, the response message of receiving terminal to terminal;
Authentication is carried out to terminal according to the response message.
Optionally, the NAC servers carry out re-authentication to terminal includes:
According to the user name that terminal sends, assistant authentification information is inquired about;
First identifying code is sent to user according to assistant authentification information;
Identifying code request message is sent to terminal, request provides identifying code;
The identifying code response message that receiving terminal sends, carries in the identifying code response message and uses
Second identifying code of family input;The first identifying code for having sent and the second checking for receiving
Code.
The optional identifying code request message and identifying code response message are EAP messages.
Optionally, heartbeat, Mei Geyi are maintained with NAC servers after the success of terminal re-authentication
Section the time send a heartbeat, NAC servers according to heartbeat judge terminal user in wire
State.
Optionally, message forwarding is carried out by NAS between terminal and NAC servers;Terminal
Directly pass through EAP message interactions between NAS;Pass through between NAS and NAC servers
EAP messages are encapsulated in into RADIUS messages to interact.
According to another aspect of the present invention, there is provided a kind of trustable network based on EAP connects
Enter system, including the first authentication module, preliminary authentication is carried out to terminal;Second body
Part authentication module, after preliminary certification passes through, re-authentication is carried out to terminal;Secure and trusted shape
State authentication module, after re-authentication passes through, secure and trusted detection is carried out to terminal.
Optionally, first authentication module includes:
The sub- receiver module of user name response message, the user name sound for carrying user name is received from terminal
Answer message;
Inquiry submodule, inquired about from customer data base according to user name the user name whether be
Legal user name;
The sub- sending module of message is putd question to, is sent to terminal and is putd question to message;
Response message receiving submodule, the response message of receiving terminal;
Authentication submodule, authentication is carried out according to the response message to terminal.
Optionally, second authentication module includes:
According to the user name that terminal sends, assistant authentification information is inquired about;
First identifying code is sent to user according to assistant authentification information;
Identifying code request message is sent to terminal, request provides identifying code;
The identifying code response message that receiving terminal sends, carries in the identifying code response message and uses
Second identifying code of family input;The first identifying code for having sent and the second checking for receiving
Code.
Optionally, the identifying code request message and identifying code response message are EAP reports
Text.
Optionally, the system is additionally included in wire state maintenance module, for receiving terminal certification
A heartbeat sending at regular intervals after success, according to heartbeat judge terminal in wire
State..
Beneficial effects of the present invention are:
By secondary authentication, the accuracy of authenticating user identification and the peace of network are enhanced
Quan Xing;Based on IEEE802.1x standard agreements and EAP protocol, the network equipment is improve compatible
Property..
Described above is only the general introduction of technical solution of the present invention, in order to better understand this hair
Bright technological means, and being practiced according to the content of specification, and in order to allow the present invention
Above and other objects, features and advantages can become apparent, below especially exemplified by of the invention
Specific embodiment.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantage and benefit
Will be clear understanding for those of ordinary skill in the art.Accompanying drawing is only used for showing to be preferable to carry out
The purpose of mode, and it is not considered as limitation of the present invention.And in whole accompanying drawing, use
Identical reference symbol represents identical part.In the accompanying drawings:
Fig. 1 diagrammatically illustrates the trustable network based on EAP according to an embodiment of the invention
The flow chart of cut-in method;
Fig. 2 diagrammatically illustrates NAC servers according to an embodiment of the invention and terminal is entered
The preliminary authentication Signalling exchange schematic diagram of row;
Fig. 3 diagrammatically illustrates NAC servers according to an embodiment of the invention and terminal is entered
Row re-authentication Signalling exchange schematic diagram;
Fig. 4 diagrammatically illustrates the trustable network based on EAP according to an embodiment of the invention
The schematic diagram of access system.
Specific embodiment
Make optional description to the present invention with specific embodiment below in conjunction with the accompanying drawings.
The network access layer of TNC be based on existing network access technology, mainly including 802.1x,
VPN and P2P.802.1x provides the access control based on port for LAN, can be by receiving
Control port is controlled with uncontrolled port to network connection, and this is also most widely used at present
Method for network access.Therefore, the present embodiment is realized based on IEEE802.1x standard agreements.
Fig. 1 diagrammatically illustrates the trustable network based on EAP according to an embodiment of the invention
The flow chart of cut-in method, as shown in figure 1, specifically including following steps:
Step 101, NAC servers carry out preliminary authentication to terminal, as shown in Figure 2;
Specifically, including following sub-step:
Step 1011:Nas server (network access server, network insertion service
Device) receive the network authentication request message that network insertion requestor initiates from terminal
(EAPOL-Start), user name request message (EAP-Request/Identity) is sent to terminal;
NAC servers receive user name response message (EAP-Response/Identity);, wherein,
EAPOL (EAP OVER LAN) is the extension identity authentication protocol based on LAN, is to be based on
802.1X network access au-thentication technologies are developed;EAP(Extensible Authentication
Protocol, EAP);
Step 1012:NAC servers inquire about the use according to user name from customer data base
Whether name in an account book is legal user name, if it is not, not being further processed then;
Step 1013, if so, internal produce a random number, random number is added and puts question to message
(EAP-Request/Challenge) terminal, the response message of receiving terminal are sent to
(EAP-Response/Challenge);Wherein, the response message is that terminal will be using described
Random number is encrypted the byte serial for obtaining to user cipher;Put question to and response message is by public and private
The form of secret key pair is signed, to ensure transmission security.
Step 1014:NAC servers carry out authentication according to the response message to terminal;
NAC servers if the two is identical, lead to response string and the comparison of computational results of oneself
Cross preliminary certification;Otherwise, authentification failure.
In preliminary verification process, the message interaction between terminal and NAC servers is by NAS
Carry out forwarding realization.
Step 102, is confirming terminal by the way that after preliminary certification, NAC servers are carried out to terminal
Re-authentication, as shown in Figure 3;
Specifically, including following sub-step:
Step 1021, according to the subscriber identity information that terminal sends, i.e. user name, inquiry is local
User message table, subscriber identity information and assistant authentification information are saved in the user message table
Binding relationship.Wherein, assistant authentification information is entered for NAC servers to preliminary certification user
Row re-authentication, the assistant authentification information can for cell-phone number, micro-signal, No. QQ etc. with net
The information that the subscriber identity information of network access request person is uniquely bound.
Step 1022, the assistant authentification information obtained according to step 1021 is asked to network insertion
Person sends the first identifying code.For example, it is assumed that cell-phone number of the assistant authentification information for registered users
Code, then NAC servers are to the phone number the first identifying code of transmission.NAC servers can lead to
Cross on cell-phone number of the modes such as short message, multimedia message to network insertion requestor and send the first identifying code.
First identifying code is except for completing follow-up re-authentication, can also in time remind network to connect
Whether be currently he or she to terminal operate, illegal so as to know whether if entering requestor
Network insertion requestor has usurped its identity information, to take counter-measure in time, it is to avoid no
Necessary loss.
Step 1023, NAC servers send identifying code request message to terminal
(EAP-Request/SMS), request provides identifying code.
If the network insertion requestor on present terminal is validated user, it will can be obtained
The first identifying code be input to terminal, be sent to NAC servers as the second identifying code.
Step 1024, the checking that NAC server receiving terminals are responded for identifying code request message
Code response message (EAP-Response/SMS), carries network and connects in the identifying code response message
Enter the second identifying code of requestor's input.The first identifying code for having sent and receive second
Identifying code, when the first identifying code and identical the second identifying code, illustrates that network insertion requestor is
Validated user, by secondary checking.If that currently carry out authentication is disabled user,
It is difficult to obtain the first identifying code that NAC servers are sent by assistant authentification information, nothing simultaneously
Method passes through identifying code verification process.
During re-authentication, the identifying code request message and identifying code response message are
EAP messages.Terminal and NAC servers are realized appointing auth type, setting EAP messages
In type fields, for example, when the type fields are 8, representing the EAP messages
It is checking code authentication association message.
During re-authentication, the message interaction between terminal and NAC servers is by NAS
Carry out forwarding realization.Message interaction between terminal and NAS is directly to pass through EAP messages
Realize;Message interaction between NAS and NAC servers is encapsulated by by EAP messages
Realized in RADIUS messages.
Heartbeat is maintained with NAC servers after terminal authentication success, is sent at regular intervals once
Heartbeat simultaneously receive server return, NAC servers according to heartbeat judge terminal user in wire
State.
Step 103, after re-authentication passes through, secure and trusted detection is carried out to terminal.
Fig. 4 diagrammatically illustrates the trustable network based on EAP according to an embodiment of the invention
The schematic diagram of access system;As shown in figure 4, a kind of trustable network access system based on EAP,
Including:
First authentication module, the second authentication module, secure and trusted state verification module;
Wherein,
First authentication module, preliminary authentication is carried out to terminal;
Second authentication module, after preliminary certification passes through, carries out secondary recognizing to terminal
Card;
The secure and trusted state verification module, after re-authentication passes through, pacifies to terminal
Complete credible detection.
Specifically, first authentication module,
Specifically, including,
The sub- receiver module of user name response message, the user name sound for carrying user name is received from terminal
Answer message (EAP-Response/Identity);, wherein, EAPOL (EAP OVER LAN)
It is the extension identity authentication protocol based on LAN, is based on 802.1X network access au-thentication technologies
Develop;EAP (test by Extensible Authentication Protocol, expansible identity
Card agreement);
Inquiry submodule, inquired about from customer data base according to user name the user name whether be
Legal user name, if it is not, not being further processed then;
Put question to the sub- sending module of message, if so, internal produce a random number, by random number plus
Enter to put question to message (EAP-Request/Challenge) to be sent to terminal;
Response message receiving submodule, the response message of receiving terminal
(EAP-Response/Challenge);Wherein, the response message is that terminal will be using described
Random number is encrypted the byte serial for obtaining to user cipher;Put question to and response message is by public and private
The form of secret key pair is signed, to ensure transmission security.
Authentication submodule, authentication is carried out according to the response message to terminal;Should
String and the comparison of computational results of oneself are answered, if the two is identical, by preliminary certification;Otherwise,
Authentification failure.
In preliminary verification process, the message interaction between terminal and the first authentication module is logical
Crossing NAS carries out forwarding realization.
Second authentication module, after preliminary certification passes through, carries out secondary recognizing to terminal
Card;
Specifically, including:
Assistant authentification information inquiry submodule, according to the subscriber identity information that terminal sends, that is, uses
Name in an account book, inquires about local user message table, and subscriber identity information is saved in the user message table
With the binding relationship of assistant authentification information.Wherein, assistant authentification information is used for NAC servers pair
Preliminary certification user carries out re-authentication, the assistant authentification information can for cell-phone number, micro-signal,
The information that QQ etc. uniquely bind with the subscriber identity information of network insertion requestor.
First identifying code sending submodule, according to the auxiliary that assistant authentification information inquiry module is obtained
Authentication information sends the first identifying code to network insertion requestor.For example, it is assumed that assistant authentification is believed
The phone number for registered users is ceased, then sends the first identifying code to the phone number.Can lead to
Cross on cell-phone number of the modes such as short message, multimedia message to network insertion requestor and send the first identifying code.
First identifying code is except for completing follow-up re-authentication, can also in time remind network to connect
Whether be currently he or she to terminal operate, illegal so as to know whether if entering requestor
Network insertion requestor has usurped its identity information, to take counter-measure in time, it is to avoid no
Necessary loss.
The sub- sending module of identifying code request message, identifying code request message is sent to terminal
(EAP-Request/SMS), request provides identifying code.
If the network insertion requestor on present terminal is validated user, it will can be obtained
The first identifying code be input to terminal, be sent to as the second identifying code.
Identifying code response message receiving submodule, receiving terminal is responded for identifying code request message
Identifying code response message (EAP-Response/SMS), in the identifying code response message carry
Second identifying code of network insertion requestor input.The first identifying code for having sent and reception
The second identifying code, when the first identifying code and identical the second identifying code, illustrate network insertion please
The person of asking is validated user, by secondary checking.If currently carry out authentication is illegal using
Family, then its be difficult to obtain the first identifying code sending module simultaneously and sent by assistant authentification information
First identifying code, it is impossible to by identifying code verification process.
During re-authentication, the identifying code request message and identifying code response message are
EAP messages.
The system is additionally included in wire state maintenance module, for every after receiving terminal certification success
Every the heartbeat that a period of time sends, the presence of terminal is judged according to heartbeat.
The secure and trusted state verification module, after re-authentication passes through, safety is carried out to terminal
Credible detection.
The trustable network cut-in method based on EAP and system of the embodiment of the present invention, by secondary
Authentication method, enhances the accuracy of authenticating user identification and the security of network;It is based on
IEEE802.1x standard agreements and EAP protocol, improve network equipment compatibility.
All parts embodiment of the invention can realize with hardware, or with one or many
The software module run on individual processor is realized, or is realized with combinations thereof.This area
It will be appreciated by the skilled person that microprocessor or digital signal processor can be used in practice
(DSP) come in realizing the trustable network access system based on EAP according to embodiments of the present invention
Some or all parts some or all functions.The present invention be also implemented as
Perform method as described herein some or all equipment or program of device (for example,
Computer program and computer program product).It is such to realize that program of the invention be stored
On a computer-readable medium, or can have one or more signal form.So
Signal can be downloaded from internet website and obtain, or provided on carrier signal, or
There is provided in any other form.
" one embodiment ", " embodiment " or " one or more implementation referred to herein
Example " is it is meant that the special characteristic, structure or the characteristic that describe are included in the present invention in conjunction with the embodiments
At least one embodiment in.Further, it is noted that word " in one embodiment " here
Example is not necessarily all referring to same embodiment.
In specification mentioned herein, numerous specific details are set forth.However, can manage
Solution, embodiments of the invention can be put into practice in the case of without these details.One
In a little examples, known method, structure and technology is not been shown in detail, so as not to fuzzy to this
The understanding of specification.
It should be noted that above-described embodiment the present invention will be described is carried out rather than to the present invention
Limit, and those skilled in the art without departing from the scope of the appended claims may be used
Design alternative embodiment.In the claims, any reference that will should not be located between bracket
Symbol construction is into limitations on claims.Word "comprising" do not exclude the presence of be not listed in right will
Element or step in asking.Word "a" or "an" before element does not exclude the presence of many
Individual such element.The present invention by means of the hardware for including some different elements and can be borrowed
Help properly programmed computer to realize.If in the unit claim for listing equipment for drying,
Several in these devices can be embodied by same hardware branch.Word first,
Second and third use do not indicate that any order.These words can be construed to title.
Furthermore, it should also be noted that the language used in this specification primarily to it is readable and
The purpose of teaching and select, selected rather than in order to explain or limit subject of the present invention
's.Therefore, in the case of without departing from the scope of the appended claims and spirit, for this
Many modifications and changes will be apparent from for the those of ordinary skill of technical field.For
The scope of the present invention, is illustrative and not restrictive, sheet to the disclosure that the present invention is done
The scope of invention is defined by the appended claims.
Claims (10)
1. a kind of trustable network cut-in method based on EAP, it is characterised in that including:
NAC servers carry out preliminary authentication to terminal;
After preliminary certification passes through, NAC servers carry out re-authentication to terminal;
After re-authentication passes through, NAC servers carry out secure and trusted detection to terminal.
2. the trustable network cut-in method of EAP, its feature are based on as claimed in claim 1
It is that the NAC servers carry out preliminary authentication to terminal to be included:
Receive user name response message;
Inquire about whether the user name is legal user from customer data base according to user name
Name;
If so, send puing question to message, the response message of receiving terminal to terminal;
Authentication is carried out to terminal according to the response message.
3. the trustable network cut-in method of EAP, its feature are based on as claimed in claim 1
It is that the NAC servers carry out re-authentication to terminal to be included:
According to the user name that terminal sends, assistant authentification information is inquired about;
First identifying code is sent to user according to assistant authentification information;
Identifying code request message is sent to terminal, request provides identifying code;
The identifying code response message that receiving terminal sends, carries in the identifying code response message and uses
Second identifying code of family input;The first identifying code for having sent and the second checking for receiving
Code.
4. the trustable network cut-in method of EAP, its feature are based on as claimed in claim 3
It is,
The identifying code request message and identifying code response message are EAP messages.
5. the trustable network cut-in method of EAP, its feature are based on as claimed in claim 1
It is to further include:
Heartbeat is maintained with NAC servers after the success of terminal re-authentication, is sent out at regular intervals
A heartbeat is sent, NAC servers judge the presence of terminal user according to heartbeat.
6. the trustable network cut-in method of EAP, its feature are based on as claimed in claim 1
It is to further include:
Message forwarding is carried out by NAS between terminal and NAC servers;Terminal and NAS
Between directly pass through EAP message interactions;By by EAP between NAS and NAC servers
Message is encapsulated in RADIUS messages and interacts.
7. a kind of trustable network access system based on EAP, it is characterised in that including first
Authentication module, the second authentication module, secure and trusted state verification module;Wherein,
First authentication module, preliminary authentication is carried out to terminal;
Second authentication module, after preliminary certification passes through, carries out secondary recognizing to terminal
Card;
The secure and trusted state verification module, after re-authentication passes through, pacifies to terminal
Complete credible detection.
8. the trustable network access system of EAP, its feature are based on as claimed in claim 7
It is that first authentication module includes:
The sub- receiver module of user name response message, the user name sound for carrying user name is received from terminal
Answer message;
Inquiry submodule, inquired about from customer data base according to user name the user name whether be
Legal user name;
The sub- sending module of message is putd question to, is sent to terminal and is putd question to message;
Response message receiving submodule, the response message of receiving terminal;
Authentication submodule, authentication is carried out according to the response message to terminal.
9. the trustable network access system of EAP, its feature are based on as claimed in claim 7
It is that second authentication module includes:
According to the user name that terminal sends, assistant authentification information is inquired about;
First identifying code is sent to user according to assistant authentification information;
Identifying code request message is sent to terminal, request provides identifying code;
The identifying code response message that receiving terminal sends, carries in the identifying code response message and uses
Second identifying code of family input;The first identifying code for having sent and the second checking for receiving
Code.
10. the trustable network access system of EAP, its feature are based on as claimed in claim 9
It is,
The identifying code request message and identifying code response message are EAP messages;
The system is further included:
Presence maintenance module, for being sent at regular intervals after receiving terminal certification success
A heartbeat, the presence of terminal is judged according to heartbeat.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510982871.2A CN106888091A (en) | 2015-12-23 | 2015-12-23 | Trustable network cut-in method and system based on EAP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510982871.2A CN106888091A (en) | 2015-12-23 | 2015-12-23 | Trustable network cut-in method and system based on EAP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106888091A true CN106888091A (en) | 2017-06-23 |
Family
ID=59176119
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510982871.2A Pending CN106888091A (en) | 2015-12-23 | 2015-12-23 | Trustable network cut-in method and system based on EAP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106888091A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108263337A (en) * | 2018-01-19 | 2018-07-10 | 杭州左中右网络科技有限公司 | Self-service car lending system password matching method based on bluetooth communication |
CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
CN109361659A (en) * | 2018-09-28 | 2019-02-19 | 新华三技术有限公司 | A kind of authentication method and device |
CN113438081A (en) * | 2021-06-16 | 2021-09-24 | 新华三大数据技术有限公司 | Authentication method, device and equipment |
WO2023072295A1 (en) * | 2021-11-01 | 2023-05-04 | 中兴通讯股份有限公司 | Network access method and apparatus, and electronic device and computer-readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101827112A (en) * | 2010-05-25 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for recognizing client software through network authentication server |
CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
CN104079569A (en) * | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | BLP improved model integrated with credibility level and authentication access method |
CN104618396A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
CN104869121A (en) * | 2015-05-26 | 2015-08-26 | 杭州华三通信技术有限公司 | 802.1x-based authentication method and device |
-
2015
- 2015-12-23 CN CN201510982871.2A patent/CN106888091A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101827112A (en) * | 2010-05-25 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for recognizing client software through network authentication server |
CN102307099A (en) * | 2011-09-06 | 2012-01-04 | 北京星网锐捷网络技术有限公司 | Authentication method and system as well as authentication server |
CN104079569A (en) * | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | BLP improved model integrated with credibility level and authentication access method |
CN104618396A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
CN104869121A (en) * | 2015-05-26 | 2015-08-26 | 杭州华三通信技术有限公司 | 802.1x-based authentication method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108263337A (en) * | 2018-01-19 | 2018-07-10 | 杭州左中右网络科技有限公司 | Self-service car lending system password matching method based on bluetooth communication |
CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
CN109361659A (en) * | 2018-09-28 | 2019-02-19 | 新华三技术有限公司 | A kind of authentication method and device |
CN113438081A (en) * | 2021-06-16 | 2021-09-24 | 新华三大数据技术有限公司 | Authentication method, device and equipment |
CN113438081B (en) * | 2021-06-16 | 2022-05-31 | 新华三大数据技术有限公司 | Authentication method, device and equipment |
WO2023072295A1 (en) * | 2021-11-01 | 2023-05-04 | 中兴通讯股份有限公司 | Network access method and apparatus, and electronic device and computer-readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101861026B1 (en) | Secure proxy to protect private data | |
JP6656157B2 (en) | Network connection automation | |
US8220032B2 (en) | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith | |
US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
US9781096B2 (en) | System and method for out-of-band application authentication | |
EP2770662A1 (en) | Centralized security management method and system for third party application and corresponding communication system | |
CN108684041A (en) | The system and method for login authentication | |
CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
US20130254857A1 (en) | Preventing Unauthorized Account Access Using Compromised Login Credentials | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN106888091A (en) | Trustable network cut-in method and system based on EAP | |
CA2689847A1 (en) | Network transaction verification and authentication | |
US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
Berbecaru et al. | Providing login and Wi-Fi access services with the eIDAS network: A practical approach | |
CN106488452A (en) | A kind of mobile terminal safety access authentication method of combination fingerprint | |
CN110278084B (en) | eID establishing method, related device and system | |
US20200092281A1 (en) | Asserting a mobile identity to users and devices in an enterprise authentication system | |
JP2015053674A (en) | Method for safely accessing network from personal device, personal device, network server, and access point | |
WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN108040044A (en) | A kind of management method and system for realizing eSIM card security authentications | |
JP2016521029A (en) | Network system comprising security management server and home network, and method for including a device in the network system | |
CN104869121A (en) | 802.1x-based authentication method and device | |
US11812269B2 (en) | Asserting user, app, and device binding in an unmanaged mobile device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170623 |
|
RJ01 | Rejection of invention patent application after publication |