CN109451503A - A kind of offline user authentication state maintaining method and system - Google Patents
A kind of offline user authentication state maintaining method and system Download PDFInfo
- Publication number
- CN109451503A CN109451503A CN201811632394.7A CN201811632394A CN109451503A CN 109451503 A CN109451503 A CN 109451503A CN 201811632394 A CN201811632394 A CN 201811632394A CN 109451503 A CN109451503 A CN 109451503A
- Authority
- CN
- China
- Prior art keywords
- authentication
- wireless terminal
- equipment
- information
- list item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a kind of offline user authentication state maintaining method and system, the method in practical applications, first pass through the unifying identifier information that AC equipment obtains wireless terminal to be certified, and authentication-exempt list item is searched in AC equipment;If finding unified identification information in authentication-exempt list item, extracting corresponding authentication information;And post-auth is set by the authentication state of wireless terminal, so that wireless terminal is connected internet.Method provided by the present application removes read-write database without radius server, mitigates the burden of radius server in the of short duration offline wlan network of access again of user.And authentication-exempt function is only implemented in AC equipment, configuration is all supported without AC equipment and radius server, increase database server without additional, furthermore, authentication state maintenance process does not increase message interaction in network, network load can be mitigated, improve the authentication efficiency of maintaining method.
Description
Technical field
This application involves WLAN authentication techniques field more particularly to a kind of offline user authentication state maintaining method and it is
System.
Background technique
Wireless terminal is using internet by WLAN (Wireless Local Area Networks, WLAN)
When, the certificate server in WLAN can provide authentication service for wireless terminal.The wireless terminal of user has in AC equipment
Two kinds of authentication states of pre-auth (before certification) and post-auth (after certification).Generally, wlan network is accessed for the first time in user
When, wireless terminal is in pre-auth state, to be certified that post-auth is changed to after.It is used after being changed to post-auth
The family accessible internet of.In practical application, after wireless terminal authenticates successfully, list item is usually created in AC equipment, used
With authentication storage state.But after in user, offline and corresponding list item is also deleted, the corresponding authentication state of user is then lost.
If user accesses WLAN again, need to be authenticated again.Therefore, frequent verification process can make troubles to user, shadow
Ring user experience.
In order to enable not needing to be authenticated again to promote user experience, existing skill when user accesses WLAN again
In art, the information of wireless terminal can be recorded in (Remote in Radius server after wireless terminal authenticates pass through for the first time
Authentication Dial In User Service, remote customer dialing authentication system).It is accessed again in wireless terminal
When, it directly uses corresponding information as account number cipher, is authenticated to Radius server, and pass through rear User Status in certification
Directly become post-auth.Therefore, when user accesses again, entire verification process, not will pop up portal certification page to
Wireless terminal allows user to input account number cipher, and verification process user will not perceive, to promote user experience.
But the authentication mode of above-mentioned offline user is in practical applications, and user needs when accessing wlan network for the first time
It just will do it normal Portal certification after unaware authentification failure.Cause the Portal page to authenticate than normal Portal to flow
Journey has delay.And above-mentioned authentication mode needs radius server to support that database is written the information of wireless terminal into, and
From database from lookup.Also, due to for radius server, MAC Address is as the certification request of account number cipher and common
The certification request of account number cipher is not different, therefore Radius server often receives an authentication request packet and requires
Correspondence database is inquired, the burden of radius server is increased.In addition, if deploying multiple RADIUS in current WLAN environment
Server is completed if the certification for the first time of the same wireless terminal in radius server 1, and online in RADIUS clothes again
Business device 2 is completed, then needs to repeat to authenticate or individually dispose a database server and read and write for all radius servers.Cause
This, traditional maintaining method will increase the burden of radius server, cause authenticate and safeguard inefficiency the problem of.
Summary of the invention
This application provides a kind of offline user authentication state maintaining method and systems, to solve conventional authentication state-maintenance
The problem of method validation low efficiency.
In a first aspect, the application provides a kind of offline user authentication state maintaining method, comprising:
AC equipment obtains the unifying identifier information of wireless terminal to be certified;
According to the unifying identifier information, authentication-exempt list item is searched in the AC equipment;
If finding the corresponding unified identification information of the wireless terminal in the authentication-exempt list item, described in extraction
The corresponding authentication information of wireless terminal;
According to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
Optionally, described after the step of searching authentication-exempt list item in the AC equipment according to the unifying identifier information
Method further include:
If the corresponding unified identification information of the wireless terminal is not found, to certification in the authentication-exempt list item
Server initiates certification;
Receive the authentication result message that the certificate server returns;
If it is rope using the corresponding unifying identifier information of the wireless terminal successfully that the authentication result message received, which is,
Draw, authentication-exempt list item is created in AC equipment.
Optionally, the configuration attribute information issued in the authentication-exempt list item including the certificate server, the method
Further include:
The corresponding configuration attribute information of the wireless terminal is obtained from the certificate server;
It is index with the unifying identifier information, the configuration attribute information is stored in the authentication-exempt list item.
Optionally, described after the step of searching authentication-exempt list item in the AC equipment according to the unifying identifier information
Method further include:
If not finding the corresponding unified identification information of the wireless terminal, certification clothes in the authentication-exempt list item
Business device sends certification page to the wireless terminal;
After the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
After the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result message.
Optionally, after the authentication information of submission is verified, the method also includes:
The certificate server issues configuration attribute information to the AC equipment;So that the AC equipment, according to the system
One identification information is index, by the configuration attribute information preservation in the authentication-exempt list item.
Optionally, the unifying identifier information is the MAC Address of the wireless terminal.
Optionally, the step of state that the wireless terminal is arranged is post-auth, further includes:
The authentication state of the wireless terminal is saved by terminal table entries;
The authentication information saved in the authentication-exempt list item is copied to the terminal table entries.
Optionally, the method also includes:
The presence of the wireless terminal as described in AC device real-time monitoring;
When the wireless terminal is offline, the offline duration is recorded;
After the offline duration of record reaches default ageing time, the terminal table entries are deleted.
On the other hand, the application also provides a kind of offline user authentication state maintenance system, comprising: wireless terminal, AC are set
Standby, AP equipment and certificate server, wherein formed between the AC equipment, AP equipment and certificate server by networking
The wlan network of internet is connected, the wireless terminal connects the AC equipment by the AP equipment;
The wireless terminal includes or is labeled with unifying identifier information, and the wireless terminal is for showing authentication page
Face, and user's interaction is provided, the wireless terminal triggers the certificate server to described after connecting the wlan network
Wireless terminal is authenticated;
The AC equipment is further configured to execute following procedure step:
Obtain the unifying identifier information of wireless terminal to be certified;
According to the unifying identifier information, authentication-exempt list item is searched in the AC equipment;
If finding the corresponding unified identification information of the wireless terminal in the authentication-exempt list item, described in extraction
The corresponding authentication information of wireless terminal;
According to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
Optionally, the AC equipment is further configured to execute following procedure step:
If the corresponding unified identification information of the wireless terminal is not found, to certification in the authentication-exempt list item
Server initiates certification;
Receive the authentication result message that the certificate server returns;
If it is rope using the corresponding unifying identifier information of the wireless terminal successfully that the authentication result message received, which is,
Draw, authentication-exempt list item is created in AC equipment;
The certificate server is further configured to execute following procedure step:
If not finding the corresponding unified identification information of the wireless terminal, certification clothes in the authentication-exempt list item
Business device sends certification page to the wireless terminal;
After the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
After the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result message.
From the above technical scheme, the application provides a kind of offline user authentication state maintaining method and system, described
Method in practical applications, first passes through the unifying identifier information that AC equipment obtains wireless terminal to be certified, and in AC equipment
Search authentication-exempt list item;If finding unified identification information in authentication-exempt list item, extracting corresponding authentication information;And
Post-auth is set by the authentication state of wireless terminal, wireless terminal is made to connect internet.
Method provided by the present application goes to read in the of short duration offline wlan network of access again of user without radius server
Database is write, the burden of radius server is mitigated.And authentication-exempt function is only implemented in AC equipment, without AC equipment and
Radius server is all supported configuration, increases database server without additional, in addition, authentication state maintenance process does not have
Have and increase message interaction in network, network load can be mitigated, improve the authentication efficiency of maintaining method.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of the application, letter will be made to attached drawing needed in the embodiment below
Singly introduce, it should be apparent that, for those of ordinary skills, without creative efforts, also
Other drawings may be obtained according to these drawings without any creative labor.
Fig. 1 is a kind of flow diagram of offline user authentication state maintaining method of the application;
Fig. 2 is maintenance process schematic diagram of the application when wireless terminal accesses wlan network for the first time;
Fig. 3 is the flow diagram of the application storage configuration attribute information in authentication-exempt list item;
Fig. 4 is the application certificate server to the flow diagram that access WLAN wireless terminal is authenticated for the first time;
Fig. 5 is the flow diagram that the application deletes terminal table entries;
A kind of structural schematic diagram of offline user authentication state maintenance system of Fig. 6 the application.
Specific embodiment
Embodiment will be illustrated in detail below, the example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings,
Unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Implement described in following embodiment
Mode does not represent all embodiments consistent with the application.It is only and be described in detail in claims, the application
The example of the consistent system and method for some aspects.
In technical solution provided by the present application, the wireless terminal (Station, STA) refers to the online that user uses
Equipment, wireless terminal is supported to connect internet by WLAN mode, and has corresponding calculation function and data-handling capacity,
Such as mobile phone, personal computer, wireless network card, tablet computer etc..In technical solution provided by the present application, unless otherwise stated,
The user being previously mentioned also refers to the wireless terminal.For wireless terminal, in verification process, including before certification (pre-auth)
With (post-auth) two states after certification.In general, wireless terminal when just accessing wlan network, is in pre-auth shape
State, and after the certification for passing through certificate server, it is in post-auth state.Obviously, when wireless terminal is in post-auth shape
When state, can normal use wlan network surf the Internet.
The AP equipment (Access Point, wireless access point) can form wlan network together with AC equipment,
In, AC equipment can be connected as wireless controller into multiple AP equipment simultaneously, and the upper layer network as AP equipment is to access
AP equipment carry out control management.In practical applications, AP equipment is arranged in specific application scenarios, can cover different
Area of space so that the wireless terminal in coverage area is able to detect that the wireless network signal of AP equipment, and passes through AP equipment
It is online to arrive wlan network.According to different network sizes, in practical applications, it may include multiple AP equipment and multiple AC set
It is standby.
The certificate server, including Portal server and radius server.Wherein, Portal server
(portal server) is a kind of web server, therefore http protocol interaction can be carried out with wireless terminal, pushing certification page,
Certification information needed such as user name password etc. is obtained from certification page.The radius server (RADIUS Server) is used
In the message identifying that reception AC equipment is sent;Authentication verification information and return authentication result give AC equipment.It is right in practical application
In large-scale wlan network, wherein may include multiple certificate servers, multiple certificate servers are respectively the net of its subordinate
Road provides authentication service.
It is a kind of flow diagram of offline user authentication state maintaining method of the application referring to Fig. 1.As shown in Figure 1, originally
The offline user authentication state maintaining method provided is provided, comprising:
S11:AC equipment obtains the unifying identifier information of wireless terminal to be certified.
In technical solution provided by the present application, the unifying identifier information is the mark for referring to the unique identification wireless terminal
Know information, such as MAC Address (Media Access Control Address, the media access control of the wireless terminal
Location).In practical application, due to wireless terminal MAC Address can the unique identification wireless terminal, can be in wireless terminal
After certification passes through for the first time, the MAC Address of wireless terminal is recorded in Radius server.Then it is accessed again in wireless terminal
When, it directly uses the MAC Address of wireless terminal as account number cipher, carries out RADIUS authentication in Radius server, certification passes through
User Status directly becomes post-auth afterwards.When user accesses again in this way, entire verification process user is not perceived, Bu Huizai
It plays Portal certification page and allows user to input account number cipher to STA, to promote user experience.
But due to only Radius server record wireless terminal MAC Address exist occupy Radius server write-in and
The problem of controlling calculation resources, therefore in technical solution provided by the present application, the AC equipment is also to the MAC of wireless terminal
Location extracts, and the authentication-exempt table for recording Wireless terminal-MAC address and authentication information is additionally created in AC equipment
, to implement corresponding lookup from AC equipment.Therefore, for step S11, the wireless terminal of user is in access wlan network
Afterwards, it needs to trigger corresponding authentication function, and determines whether wireless terminal to be certified is to access for the first time for the ease of AC equipment
Wlan network equally uses the MAC Address of wireless terminal as index in technical solution provided by the present application.By MAC
On the one hand location can directly uniquely determine wireless terminal, avoid the occurrence of misjudgment;On the other hand it can be directly compatible with existing
Authentication state maintaining method can be copied directly, exchanged and be stored so as to list item information.
S12: according to the unifying identifier information, authentication-exempt list item is searched in the AC equipment.
It, can be according to MAC Address in AC equipment after AC equipment extracts the MAC Address of wireless terminal in practical application
It is searched in the authentication-exempt list item of storage.For the authentication-exempt list item stored in AC equipment, it includes within a certain period of time
All Wireless terminal-MAC address for having passed through certification, and correspond to what wireless terminal was output and input when carrying out verification process
Authentication information.For example, the configuration attribute etc. after certification account, password and certification.
In technical solution provided by the present application, AC equipment all passes through the MAC Address for obtaining wireless terminal, and is exempting to recognize
Corresponding MAC Address is searched in card list item, to determine whether contemporary wireless terminals can carry out authentication-exempt.It is saved when from AC equipment
Authentication-exempt list item in find the corresponding MAC Address of contemporary wireless terminals, it is determined that contemporary wireless terminals are in current slot
It is interior, it authenticates into merits and demerits, it can carry out authentication-exempt.And it is corresponding when not inquiring contemporary wireless terminals in authentication-exempt list item
When MAC Address, then it can determine that contemporary wireless terminals are to access wlan network for the first time.For the wireless end of authentication-exempt can be carried out
End, the application can complete the authentication-exempt of wireless terminal by executing step S13, it may be assumed that
S13: if in the authentication-exempt list item, the corresponding unified identification information of the wireless terminal is found, is extracted
The corresponding authentication information of the wireless terminal.
It is authenticated for example, wireless terminal 1 when accessing wlan network, needs to send message relevant to certification, at this point,
The authentication state of wireless terminal 1 is pre-auth.AC equipment, can be in the message received or direct after receiving message
From the connection profile of wireless terminal 1, the MAC Address of wireless terminal 1 is extracted are as follows: 00:01:6C:06:A6:29 is being obtained
After MAC Address, authentication-exempt list item is searched according to the MAC Address.If searched successfully, it is determined that wireless terminal 1 is in current time
In section, authenticates into merits and demerits, therefore, post-auth directly can be set for the authentication state of wireless terminal by AC equipment.
S14: according to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
In technical solution provided by the present application, after the wireless terminal authentication state in AC equipment becomes post-auth
It is normal to connect internet, net operation in implementation.Due in verification process, no longer need to carry out portal identifying procedure without
Radius server participates in, therefore in user experience angle, can think that accessing WLAN again does not carry out certification
Internet is directly accessed, achievees the effect that authentication-exempt.
Above-mentioned steps show the authentication-exempt effect for how realizing wireless terminal.Due in conventional maintenance method, when wireless
When terminal accesses wlan network again, wireless terminal corresponding table item content is searched from database by radius server.And it is real
In the application of border, if there are many wireless terminal quantity for connecting in the corresponding network of radius server or once connecting, data
The data volume saved in library is also very big, therefore will cause radius server and need to distribute biggish calculation resources and go to complete
The lookup of MAC.As it can be seen that being compared with the traditional method, the application can use the authentication-exempt list item of AC equipment preservation to wireless terminal
MAC Address searched, relative to certificate server, the wireless terminal quantity that AC equipment is connected to be lacked more, therefore AC
The efficiency that equipment implements when searching will be apparently higher than certificate server.Meanwhile AC equipment is searched, and authentication service can be also saved
The operational capability of device, to mitigate the burden of certificate server significantly.
Further, as shown in Fig. 2, searching authentication-exempt list item in the AC equipment according to the unifying identifier information
After step, the method also includes:
S121: if in the authentication-exempt list item, not finding the corresponding unified identification information of the wireless terminal, to
Certificate server initiates certification;
S122: the authentication result message that the certificate server returns is received;
S123: if the authentication result message received is successfully, to be believed using the corresponding unifying identifier of the wireless terminal
Breath is index, and authentication-exempt list item is created in AC equipment.
In practical application, when wireless terminal accesses wlan network for the first time, or WLAN is accessed for the first time in current slot
Network can not inquire the corresponding unified identification information of wireless terminal then in the authentication-exempt list item that AC equipment saves.Therefore,
In this application, if wireless terminal accesses wlan network for the first time, the state of wireless terminal is pre-auth.It is also possible to logical
Cross the MAC Address for extracting wireless terminal.Also, corresponding authentication-exempt list item is searched in AC equipment, it is clear that can not be from authentication-exempt
Corresponding information is found in list item, i.e., searches failure for the first time.
After searching failure for the first time, then need to carry out wireless terminal authenticating, i.e. portal certification, specific identifying procedure
Can be identical as conventional Portal identifying procedure, the application repeats no more.Until certificate server replys Access accept report
Text, expression authenticate successfully.AC equipment is after receiving Access accept message in practical application, by the certification shape of wireless terminal
State is set as post-auth.Meanwhile the MAC Address that AC equipment passes through wireless terminal is index, creates authentication-exempt list item.
Further, as shown in figure 3, including the configuration attribute letter that the certificate server issues in the authentication-exempt list item
Breath, the method also includes:
S124: the corresponding configuration attribute information of the wireless terminal is obtained from the certificate server;
S125: it is index with the unifying identifier information, the configuration attribute information is stored in the authentication-exempt list item
In.
As it can be seen that in the present embodiment, certificate server can be wireless for certification in wireless terminal online certification for the first time
Terminal issues configuration attribute, such as: upstream and downstream bandwidth etc..Due to when wireless terminal is online again, if searched in AC equipment
To the authentication-exempt list item of corresponding MAC, it is therefore not necessary to which certificate server is gone to be authenticated again.In turn, exempt to recognize in the storage of AC equipment
It demonstrate,proves in list item, it should the attribute that these certificate servers issue is stored in authentication-exempt list item, so that wireless terminal can lead to
It crosses using these configuration attributes, fast implements online.Further, other can also be saved in authentication-exempt list item to tie up for information
The information of wireless terminal authentication state is protected, such as: terminal type etc..Specific other information for needing to save can be according to realization feelings
Condition specific choice.
Further, in the method, the authentication state of the wireless terminal can also be saved by terminal table entries;By institute
It states the authentication information saved in authentication-exempt list item and is copied to the terminal table entries.In the application, terminal table entries save maintenance
Wireless terminal authentication state institute relevant information in need.
It should be noted that above-mentioned steps are suitable for AC equipment, i.e., it can be to hold by AC device configuration in practical applications
Row procedure above step.And in above-mentioned steps, for authenticating unauthenticated wireless terminal, then Maintenance free its authenticate shape
State, therefore also there is no need to create corresponding authentication-exempt list item and terminal table entries.
It is corresponding to need to configure certificate server as follows, i.e., such as in this application with technical solution provided above
Shown in Fig. 4, the certificate server needs to be implemented following steps when wireless terminal accesses wlan network for the first time:
S21: if in the authentication-exempt list item, the corresponding unified identification information of the wireless terminal is not found, is recognized
It demonstrate,proves server and sends certification page to the wireless terminal;
S22: after the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
S23: after the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result report
Text.
In the application, if not finding the corresponding unified identification letter of the wireless terminal in the authentication-exempt list item
Breath then represents contemporary wireless terminals and accesses wlan network for the first time (or within a certain period of time for the first time), then needs certificate server
It is authenticated, authentication authorization and accounting server sends certification page to the wireless terminal, and wireless terminal is receiving certification page, inputs
Account and password are authenticated, completes to submit authentication information.It is by the URL of AC equipment pushing certification page, then in practical application
After wireless terminal accesses URL, the Portal server return authentication page.Certificate server again verifies authentication information,
And after certification passes through, AC equipment returned content is successful authentication result message.
Further, after the authentication information of submission is verified, the method also includes: the certificate server issues
Configuration attribute information is to the AC equipment;So that the AC equipment, is index according to the unified identification information, by the configuration
Attribute information is stored in the authentication-exempt list item.
In the section Example of the application, as shown in figure 5, after completing certification in the certificate server, the side
Method further include:
S151: the presence of the wireless terminal as described in AC device real-time monitoring;
S152: when the wireless terminal is offline, the offline duration is recorded;
S153: after the offline duration of record reaches default ageing time, the terminal table entries are deleted.
In the present embodiment, wireless terminal is after completing certification, into post-auth state, it can carries out on normal
Net operation.And AC equipment saves relevant authentication information to the wireless terminal creation authentication-exempt list item passed through is authenticated for the first time.To
After wireless terminal is offline, the offline duration of terminal can be judged, if user in preset ageing time again
It is secondary online, then the authentication-exempt list item saved in AC equipment can be searched by the MAC Address of wireless terminal.In turn, if found
Corresponding list item, then wireless terminal is directly authenticated using the authentication information of preservation, and the authentication state of wireless terminal is become
For post-auth, go to be authenticated again without STA.It needs to re-start certification if not finding.
If the offline time of wireless terminal is more than default ageing time, i.e., the described wireless terminal is in preset ageing time
It is interior, without online again.In order to avoid storing a large amount of garbages in AC equipment, terminal entry aging can be deleted.Due to
In the application, the authentication-exempt list item saved in AC equipment is relied on, therefore the list item should survive a long period, also, real
It can be determined by being configured on AC when the use of border.
It should be noted that there are two list items, i.e. terminal table entries and authentication-exempt list item for storage in AC equipment.Terminal table entries are seen
For safeguarding the off-line state of wireless terminal, but the time-to-live of terminal table entries is shorter, such as 1 hour.And authentication-exempt table
Item can be longer with the time-to-live, such as 1 day.What the time-to-live of two list items can configure on AC.But terminal table entries are deposited
Live time too long will lead to stores a large amount of useless list items in AC equipment, and wastes memory, and memory required for authentication-exempt list item
Can be smaller than terminal table entries it is more, therefore be arranged the time-to-live more long.
From the above technical scheme, offline user authentication state maintaining method provided by the present application and conventional maintenance method
It compares, may be implemented without using certificate server, by the authentication-exempt list item in AC equipment, so that user is again
Secondary access WLAN is without certification.And by configuring, the flexible time-to-live for defining authentication-exempt list item in AC equipment.And
And use the MAC Address of wireless terminal as index come maintenance list item can be to avoid to AC without defining other identifier information
Equipment and radius server change configuration simultaneously.
In addition, offline user authentication state maintaining method provided by the present application, it is not necessary to which radius server goes to read and write
Database mitigates the burden of radius server.And safeguard that authentication function is only realized in AC equipment, without AC equipment and
Radius server will be supported, without increase database server.Also, relative to normal verification process, the application
Do not increase message interaction in network, network load can also be mitigated.
Based on above-mentioned offline user authentication state maintaining method, recognize as shown in fig. 6, the application also provides a kind of offline user
Demonstrate,prove state-maintenance system, comprising: wireless terminal, AC equipment, AP equipment and radius server, wherein the AC equipment, AP
The wlan network of connection internet is formed between equipment and radius server by networking, the wireless terminal passes through described
AP equipment connects the AC equipment;
The wireless terminal includes or is labeled with unifying identifier information, and the wireless terminal is for showing authentication page
Face, and user's interaction is provided, the wireless terminal triggers the radius server to institute after connecting the wlan network
Wireless terminal is stated to be authenticated;
The AC equipment is further configured to execute following procedure step:
Obtain the unifying identifier information of wireless terminal to be certified;
According to the unifying identifier information, authentication-exempt list item is searched in the AC equipment;
If finding the corresponding unified identification information of the wireless terminal in the authentication-exempt list item, described in extraction
The corresponding authentication information of wireless terminal;
According to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
Further, the AC equipment is further configured to execute following procedure step:
If the corresponding unified identification information of the wireless terminal is not found, to certification in the authentication-exempt list item
Server initiates certification;
Receive the authentication result message that the certificate server returns;
If it is rope using the corresponding unifying identifier information of the wireless terminal successfully that the authentication result message received, which is,
Draw, authentication-exempt list item is created in AC equipment;
The certificate server is further configured to execute following procedure step:
If not finding the corresponding unified identification information of the wireless terminal, certification clothes in the authentication-exempt list item
Business device sends certification page to the wireless terminal;
After the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
After the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result message.
It should be noted that the MAC Address of wireless terminal and its can also be used in technical solution provided by the present application
Its information carrys out maintenance list item as index, so that corresponding list item maintenance process is more intelligent.And for being safeguarded in AC equipment
List item can also dispose a database server, that is, be arranged in AC equipment the machine or other addressable equipment of AC equipment
On, so that AC equipment carries out Card read/write, improve the storage capacity of whole system.
From the above technical scheme, the application provides a kind of offline user authentication state maintaining method and system, described
Method in practical applications, first passes through the unifying identifier information that AC equipment obtains wireless terminal to be certified, and in AC equipment
Search authentication-exempt list item;If finding unified identification information in authentication-exempt list item, extracting corresponding authentication information;And
Post-auth is set by the authentication state of wireless terminal, wireless terminal is made to connect internet.
Method provided by the present application goes to read in the of short duration offline wlan network of access again of user without radius server
Database is write, the burden of radius server is mitigated.And authentication-exempt function is only implemented in AC equipment, without AC equipment and
Radius server is all supported configuration, increases database server without additional, in addition, authentication state maintenance process does not have
Have and increase message interaction in network, network load can be mitigated, improve the authentication efficiency of maintaining method.
Similar portion cross-reference between embodiment provided by the present application, specific embodiment provided above is only
It is several examples under the total design of the application, does not constitute the restriction of the application protection scope.For those skilled in the art
For member, any other embodiment expanded without creative efforts according to application scheme all belongs to
In the protection scope of the application.
Claims (10)
1. a kind of offline user authentication state maintaining method characterized by comprising
AC equipment obtains the unifying identifier information of wireless terminal to be certified;
According to the unifying identifier information, authentication-exempt list item is searched in the AC equipment;
If finding the corresponding unified identification information of the wireless terminal in the authentication-exempt list item, extracting described wireless
The corresponding authentication information of terminal;
According to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
2. maintaining method according to claim 1, which is characterized in that according to the unifying identifier information in the AC equipment
After the step of middle lookup authentication-exempt list item, the method also includes:
If the corresponding unified identification information of the wireless terminal is not found, to authentication service in the authentication-exempt list item
Device initiates certification;
Receive the authentication result message that the certificate server returns;
If it is index using the corresponding unifying identifier information of the wireless terminal successfully that the authentication result message received, which is,
Authentication-exempt list item is created in AC equipment.
3. maintaining method according to claim 2, which is characterized in that include the authentication service in the authentication-exempt list item
The configuration attribute information that device issues, the method also includes:
The corresponding configuration attribute information of the wireless terminal is obtained from the certificate server;
It is index with the unifying identifier information, the configuration attribute information is stored in the authentication-exempt list item.
4. maintaining method according to claim 1, which is characterized in that according to the unifying identifier information in the AC equipment
After the step of middle lookup authentication-exempt list item, the method also includes:
If not finding the corresponding unified identification information of the wireless terminal, certificate server in the authentication-exempt list item
Certification page is sent to the wireless terminal;
After the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
After the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result message.
5. maintaining method according to claim 4, which is characterized in that described after the authentication information of submission is verified
Method further include:
The certificate server issues configuration attribute information to the AC equipment;So that the AC equipment, according to the unified knowledge
Other information is index, by the configuration attribute information preservation in the authentication-exempt list item.
6. maintaining method according to claim 1-5, which is characterized in that the unifying identifier information is the nothing
The MAC Address of line terminal.
7. maintaining method according to claim 1, which is characterized in that the state that the wireless terminal is arranged is post-
The step of auth, further includes:
The authentication state of the wireless terminal is saved by terminal table entries;
The authentication information saved in the authentication-exempt list item is copied to the terminal table entries.
8. maintaining method according to claim 7, which is characterized in that the method also includes:
The presence of the wireless terminal as described in AC device real-time monitoring;
When the wireless terminal is offline, the offline duration is recorded;
After the offline duration of record reaches default ageing time, the terminal table entries are deleted.
9. a kind of offline user authentication state maintenance system characterized by comprising wireless terminal, AC equipment, AP equipment and
Certificate server, wherein connection internet is formed by networking between the AC equipment, AP equipment and certificate server
Wlan network, the wireless terminal connect the AC equipment by the AP equipment;
The wireless terminal includes or is labeled with unifying identifier information, and the wireless terminal is used to show certification page, with
And user's interaction is provided, the wireless terminal triggers the certificate server to described wireless after connecting the wlan network
Terminal is authenticated;
The AC equipment is further configured to execute following procedure step:
Obtain the unifying identifier information of wireless terminal to be certified;
According to the unifying identifier information, authentication-exempt list item is searched in the AC equipment;
If finding the corresponding unified identification information of the wireless terminal in the authentication-exempt list item, extracting described wireless
The corresponding authentication information of terminal;
According to the authentication information, the authentication state that the wireless terminal is arranged is post-auth.
10. maintenance system according to claim 9, which is characterized in that the AC equipment be further configured to execute with
Lower program step:
If the corresponding unified identification information of the wireless terminal is not found, to authentication service in the authentication-exempt list item
Device initiates certification;
Receive the authentication result message that the certificate server returns;
If it is index using the corresponding unifying identifier information of the wireless terminal successfully that the authentication result message received, which is,
Authentication-exempt list item is created in AC equipment;
The certificate server is further configured to execute following procedure step:
If not finding the corresponding unified identification information of the wireless terminal, certificate server in the authentication-exempt list item
Certification page is sent to the wireless terminal;
After the wireless terminal submits authentication information from certification page, the authentication information of submission is verified;
After the authentication information of submission is verified, Xiang Suoshu AC equipment returned content is successful authentication result message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811632394.7A CN109451503A (en) | 2018-12-29 | 2018-12-29 | A kind of offline user authentication state maintaining method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811632394.7A CN109451503A (en) | 2018-12-29 | 2018-12-29 | A kind of offline user authentication state maintaining method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109451503A true CN109451503A (en) | 2019-03-08 |
Family
ID=65538749
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811632394.7A Pending CN109451503A (en) | 2018-12-29 | 2018-12-29 | A kind of offline user authentication state maintaining method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109451503A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112312400A (en) * | 2020-10-15 | 2021-02-02 | 新华三大数据技术有限公司 | Access control method, access controller and storage medium |
| CN114302393A (en) * | 2021-11-17 | 2022-04-08 | 锐捷网络股份有限公司 | Communication control method, device, equipment and system based on authentication |
| WO2022179243A1 (en) * | 2021-02-27 | 2022-09-01 | 华为技术有限公司 | Wi-fi access method and related device |
| CN115567261A (en) * | 2022-09-20 | 2023-01-03 | 浪潮思科网络科技有限公司 | Authentication method, device, equipment and medium for access equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188662A (en) * | 2011-12-30 | 2013-07-03 | ***通信集团广西有限公司 | Method and device for verifying wireless access point |
| WO2016004822A1 (en) * | 2014-07-10 | 2016-01-14 | 华为技术有限公司 | Method and apparatus for network switching |
| CN105744517A (en) * | 2014-12-08 | 2016-07-06 | ***通信集团江苏有限公司 | Information authentication method and network side device |
| CN106060006A (en) * | 2016-05-09 | 2016-10-26 | 杭州华三通信技术有限公司 | Access method and device |
| CN108123950A (en) * | 2017-12-22 | 2018-06-05 | 成都飞鱼星科技股份有限公司 | A kind of unaware authentication method based on network foundation protocal analysis |
-
2018
- 2018-12-29 CN CN201811632394.7A patent/CN109451503A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188662A (en) * | 2011-12-30 | 2013-07-03 | ***通信集团广西有限公司 | Method and device for verifying wireless access point |
| WO2016004822A1 (en) * | 2014-07-10 | 2016-01-14 | 华为技术有限公司 | Method and apparatus for network switching |
| CN105744517A (en) * | 2014-12-08 | 2016-07-06 | ***通信集团江苏有限公司 | Information authentication method and network side device |
| CN106060006A (en) * | 2016-05-09 | 2016-10-26 | 杭州华三通信技术有限公司 | Access method and device |
| CN108123950A (en) * | 2017-12-22 | 2018-06-05 | 成都飞鱼星科技股份有限公司 | A kind of unaware authentication method based on network foundation protocal analysis |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112312400A (en) * | 2020-10-15 | 2021-02-02 | 新华三大数据技术有限公司 | Access control method, access controller and storage medium |
| CN112312400B (en) * | 2020-10-15 | 2022-03-29 | 新华三大数据技术有限公司 | Access control method, access controller and storage medium |
| WO2022179243A1 (en) * | 2021-02-27 | 2022-09-01 | 华为技术有限公司 | Wi-fi access method and related device |
| CN114302393A (en) * | 2021-11-17 | 2022-04-08 | 锐捷网络股份有限公司 | Communication control method, device, equipment and system based on authentication |
| CN115567261A (en) * | 2022-09-20 | 2023-01-03 | 浪潮思科网络科技有限公司 | Authentication method, device, equipment and medium for access equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109451503A (en) | A kind of offline user authentication state maintaining method and system | |
| CN103023875B (en) | A kind of account management system and method | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| CN105007282A (en) | Malicious software network behavior detection method specific to network service provider and system thereof | |
| CN102271133B (en) | Authentication method, device and system | |
| CN110311929A (en) | A kind of access control method, device and electronic equipment and storage medium | |
| CN108881308A (en) | A kind of user terminal and its authentication method, system, medium | |
| CN105187392A (en) | Mobile terminal malicious software detection method based on network access point and system thereof | |
| CN106060072B (en) | Authentication method and device | |
| CN204376941U (en) | Outer net middleware, Intranet middleware and middleware system | |
| CN104144095A (en) | Terminal authentication method and interchanger | |
| CN104348895A (en) | Method and device for sharing data among programs in mobile terminal | |
| CN109309655A (en) | Stateless communication security endorsement method, terminal and server end | |
| CN104468552B (en) | A kind of connection control method and device | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| CN101986598A (en) | Authentication method, server and system | |
| CN106330880A (en) | Management method for address book and home gateway | |
| CN105357224B (en) | A kind of registration of intelligent domestic gateway, removing method and system | |
| CN105991610B (en) | Log in the method and device of application server | |
| CN110034979A (en) | A kind of proxy resources monitoring method, device, electronic equipment and storage medium | |
| CN107396363B (en) | Method and equipment for carrying out wireless connection pre-authorization on user equipment | |
| CN102801728A (en) | Management method and system for automatic login of client side | |
| CN105871851B (en) | Based on SaaS identity identifying method | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |
|
| RJ01 | Rejection of invention patent application after publication |