CN1968094A - Method, system and server for prompting the cause for user terminal authentication failure - Google Patents
Method, system and server for prompting the cause for user terminal authentication failure Download PDFInfo
- Publication number
- CN1968094A CN1968094A CN 200610145583 CN200610145583A CN1968094A CN 1968094 A CN1968094 A CN 1968094A CN 200610145583 CN200610145583 CN 200610145583 CN 200610145583 A CN200610145583 A CN 200610145583A CN 1968094 A CN1968094 A CN 1968094A
- Authority
- CN
- China
- Prior art keywords
- server
- authentication
- web page
- user terminal
- page address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a method for prompting user terminal about the identification failure reason via net page, wherein it comprises that: when user terminal fail to identify on the identification charge server, the server based on failure reason sends one page address; user terminal connects said address and displays the reason. The invention also provides relative system and charge server.
Description
Technical field
The present invention relates to Internet technical field, relate in particular to a kind of method, system and server by webpage reminding subscriber terminal authentification failure reason.
Background technology
Development through decades, the Internet access technology is comparative maturity, the user generally uses PPP (Point to Point Protocol, point-to-point protocol)/PPPoE (PPP over Ethernet is based on the point-to-point protocol of Ethernet) dialer software online now.NAS (Network Access Server, network access server) receive user's dialing request after, can be to AAA (Authentication, Authorization andAccounting, authentication and authorization charging server) sends RADIUS (Remote Authentication DialIn User Service, far-end authentication dial-up access customer service) authentication request, request AAA carries out authentication, AAA can check user account number, password, state, information such as remaining sum, pass through as inspection, then issue authentication and accept message, the open user Internet of NAS access rights to NAS; Otherwise, issue the authentication refuse information and give NAS, the visit of NAS refusing user's.
Figure 1 shows that the schematic diagram of the AAA group-network construction of present standard, user terminal can be PC, notebook, PDA, cell phone apparatus etc.; NAS inserts the gateway of Internet as each user terminal; AAA is undertaken alternately by radius protocol and NAS, finishes the authentication function of user terminal online.
In early days the stage, AAA only checks user account number and encrypted message, and corresponding error prompting is " user account number or a password not to ".If subscriber dialing online failure behind the eliminating network problem, can think that user account number or password be not to causing authentification failure.
Development along with the AAA technology, the aaa authentication checkpoint is more and more, as to the inspection of computer modem port, to the inspection of user account number state, to the inspection of user balance, to inspection of surf time section or the like, in the aaa authentication process, as long as an above-mentioned checkpoint is not passed through, AAA will refusing user's surf the Net; This just relates to the user in authentification failure, how to notify the reason of user authentication failure easily, taking relative counter measures, when Sorry, your ticket has not enough value, buys and can surf the Net after rechargeable card is supplemented with money account number.
At present, one of method of reminding subscriber terminal authentification failure reason is that the dialer software on the user terminal is expanded, require dialer software to support the demonstration of Reply-message (answer message) information that AAA issues in the authentication refuse information, Reply-message has illustrated the reason of aaa authentication refusal as a standard attribute of radius protocol definition.
In this solution, the flow process of user terminal 1 by aaa authentication as shown in Figure 2:
Step s201, user terminal 1 carry out the PPP/PPPoE/802.1X dialing, send authentication request to NAS;
Step s202, NAS send authentication request message to AAA;
Step s203, AAA carry out authentication processing, authentication success;
Step s204, AAA send authentication to NAS equipment and accept message;
After step s205, NAS equipment receive that message is accepted in authentication, send the authentication success notice to user terminal 1, open the Internet network access authority of user terminal 1 simultaneously, identifying procedure finishes.
Among the embodiment of this solution, the flow process that user terminal 2 is refused by aaa authentication as shown in Figure 2:
Step s211, user terminal 2 carry out the PPP/PPPoE/802.1X dialing, send authentication request to NAS;
Step s212, NAS send authentication request message to AAA;
Step s213, AAA carry out authentication processing, authentification failure;
Step s214, AAA send the authentication refuse information to NAS equipment, wherein, have filled in the authentification failure cause information in the Reply-message attribute of AAA in the authentication refuse information;
Step s215, NAS informing user terminal 2 authentification failures have comprised Reply-message information in the notification message, dialer software is obtained this Reply-message information, and show authentification failure and cause information at user terminal 2.
Though this method can show the reason of authentification failure, but its shortcoming is: the dialer software of installing on the method requirement terminal is supported the demonstration of Reply-message, though defined this attribute in the related specifications, but the dialer software that present operating system carries is not supported this function, the professional dialer software of main flow is not supported this function too, operator can only be by developing or customizing dialer software by other manufacturers voluntarily, and the upgrading of responsible this software, not only workload is bigger for this, and certain technical difficulty is arranged.
Summary of the invention
The invention provides a kind of method, may further comprise the steps by webpage reminding subscriber terminal authentification failure reason:
During authentification failure, described authentication and authorization charging server sends a web page address according to failure cause to user terminal on authentication and authorization charging server;
Described user terminal connects described web page address, shows the authentification failure reason.
The present invention also provides a kind of system by webpage reminding subscriber terminal authentification failure reason, comprises network gateway server, authentication and authorization charging server and network access server,
The webpage that described network gateway server stores and renewal are used to point out various authentification failure reasons;
The corresponding relation of the web page address of the described failure cause of storing in described authentication and authorization charging server authentication storage failure cause and the described network gateway server of demonstration, and when user end certification is failed, the web page address corresponding with failure cause sent to described network access server;
Described network access server is redirected to the described web page address that receives from described authentication and authorization charging server with the accessed web page request of the user terminal of authentification failure.
The present invention also provides a kind of authentication and authorization charging server, comprise the corresponding relation administrative unit, the corresponding relation that is used for the web page address of the described failure cause of demonstration that authentication storage failure cause and network gateway server store, and the web page address corresponding with failure cause sent to network access server when user end certification is failed by described authentication and authorization charging server.
Compared with prior art, the present invention has the following advantages:
When user end certification is failed, the present invention does not need specific client's dialer software that the reason of authentification failure just can be provided by the webpage mode to user terminal, thereby simplified requirement, made user terminal when authentification failure, can in time understand the reason of authentification failure to take relative counter measures to dialer software.
Description of drawings
Fig. 1 is an AAA group-network construction schematic diagram of the prior art;
Fig. 2 is the flow chart that AAA authenticates user terminal in the prior art;
Fig. 3 is the AAA group-network construction schematic diagram of embodiment one among the present invention;
Fig. 4 is the structural representation of the AAA of embodiment one among the present invention;
Fig. 5 be among the present invention embodiment two pass through the flow chart that the webpage mode is pointed out the method for user authentication failure reason;
Fig. 6 is the signaling process figure that the webpage mode of passing through of embodiment two is pointed out the user authentication failure reason among the present invention.
Embodiment
In the embodiments of the invention one, a kind of system by webpage reminding subscriber terminal authentification failure reason comprises network gateway server 301, authentication and authorization charging server 302 and network access server 303 as shown in Figure 3.
Authentication and authorization charging server 302 is used for the corresponding relation of this failure cause web page address of prompting of authentication storage failure cause and network gateway server 303 storages, and when user end certification fail with the web page address of correspondence to network access server 303 transmissions.For example, when causing authentification failure because of Sorry, your ticket has not enough value, the web page address that shows " Sorry, your ticket has not enough value for you, examination again after please supplementing with money " in failure cause and the network gateway server 301 is corresponding, and authentication and authorization charging server 302 sends this page address to network access server 303.Simultaneously, authentication and authorization charging server 302 generates the Access Control List (ACL) that is used to control authentification failure user terminal access network legal power, and sends to network access server 303.
Among the embodiment one, also provide a kind of authentication and authorization charging server, as shown in Figure 4, authentication and authorization charging server 302 comprises corresponding relation administrative unit 3021 and Access Control List (ACL) unit 3022, wherein:
Corresponding relation administrative unit 3021 is used for the corresponding relation of this failure cause web page address of prompting that authentication storage failure cause and network gateway server store, and when user end certification is failed the web page address of correspondence is sent to network access server.For example, when causing authentification failure, show in failure cause and the network gateway server that the web page address of " Sorry, your ticket has not enough value for you, examination again after please supplementing with money " is corresponding, this page address is sent to network access server because of Sorry, your ticket has not enough value.
Access Control List (ACL) unit 3022 is used to generate the Access Control List (ACL) of control user terminal access network legal power and sends to network access server.
By adopting one described system by webpage reminding subscriber terminal authentification failure reason as embodiment, user terminal is when authentification failure, do not need specific dialer software just can know the reason of authentification failure by the webpage that network access server provides, thereby simplified specific (special) requirements, made user terminal when authentification failure, can in time understand the reason of authentification failure to take relative counter measures to dialer software.
In the embodiments of the invention two, a kind of method by webpage reminding subscriber terminal authentification failure reason as shown in Figure 5, wherein the network gateway server abbreviates that Portal, authentication and authorization charging server abbreviate AAA as, network access server abbreviates NAS as, and this method comprises:
Step s501, user terminal send authentication request through NAS to AAA;
Step s502, user terminal authentification failure on AAA;
Step s503, AAA send authentication by message, ACL (Access Control List, Access Control List (ACL)) and Portal web page address to NAS;
Step s504, NAS send authentication by message to user terminal, and the access rights of control user terminal; The ACL information control user's that NAS issues according to AAA access rights make the user terminal can only calling party Portal, and can not visit other Internet network address; The authentication here just guides user terminal to carry out a kind of mode of next step by message, and in fact the authentication of this user terminal on AAA do not passed through;
Step s505, user terminal send and connect web-page requests;
Step s506, NAS are redirected to the Portal web page address with user terminal requests;
Step s507, user terminal displays authentification failure reason.
Signaling process figure in this step comprises as shown in Figure 6:
Step s601, user terminal carry out the PPP/PPPoE/802.1X dialing, send authentication request to NAS;
After step s602, NAS receive request, send authentication request message to AAA;
Step s603, AAA carry out authentication processing, authentification failure;
Step s604, AAA send authentication by message to NAS equipment, also comprise ACL control information and Portal web page address in this message.Wherein the effect of ACL is control NAS, makes NAS only allow user terminal access user Portal, and can not visit other Internet addresses.And store the web page address tabulation that is used to show various failure causes, the authentication error that wherein different webpages is corresponding different on the Portal in advance.The last while of AAA also stores this tabulation, according to this tabulation, AAA inquires about the web page address on the Portal corresponding with failure cause, and return to NAS equipment, be used to point out the reason and the suggestion of this authentification failure, as corresponding Sorry, your ticket has not enough value mistake, prompting is: Sorry, your ticket has not enough value for you, dialing again after please supplementing with money;
Step s605, NAS send authentication by message to terminal, and the ACL information that issues according to AAA is controlled user's access rights simultaneously, makes user terminal can only visit the Portal web page address, and can not visit other Internet addresses.Because in fact user terminal does not have authentication success, for avoiding the AAA overcharge, NAS does not send charging message to AAA after receiving the Portal web page address and ACL information that AAA issues;
Step s606, user terminal send HTTP (HyperText Transport Protocol, the HTML (Hypertext Markup Language)) request that connects any station address by browser;
Step s607, NAS detect the HTTP request of user terminal, and the HTTP request are redirected to the Portal web page address of appointment;
Step s608, user terminal show the prompting webpage of authentification failure on browser.
By adopting two described methods by webpage reminding subscriber terminal authentification failure reason as embodiment, user terminal is when authentification failure, do not need specific dialer software just can know the reason of authentification failure by the webpage mode, thereby simplified specific (special) requirements, made user terminal when authentification failure, can in time understand the reason of authentification failure to take relative counter measures to dialer software.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (10)
1, a kind of method by webpage reminding subscriber terminal authentification failure reason is characterized in that, may further comprise the steps:
During authentification failure, described authentication and authorization charging server sends a web page address according to failure cause to user terminal on authentication and authorization charging server;
Described user terminal connects described web page address, shows the authentification failure reason.
According to claim 1 by the method for webpage reminding subscriber terminal authentification failure reason, it is characterized in that 2, the described web page address that described authentication and authorization charging server sends is positioned at the network gateway server.
3, according to claim 1 by the method for webpage reminding subscriber terminal authentification failure reason, it is characterized in that the step that described user terminal connects described web page address specifically comprises:
Network access server receives the described web page address that described authentication and authorization charging server sends;
Described network access server sends authentication to described user terminal and passes through message;
Described user terminal sends the accessed web page request to described network access server;
Described network access server is redirected to described web page address with the described accessed web page request of described user terminal.
4, as the method by webpage reminding subscriber terminal authentification failure reason as described in the claim 3, it is characterized in that, during described web page address that described network access server receives that described authentication and authorization charging server sends, receive the Access Control List (ACL) that described authentication and authorization charging server sends simultaneously.
5, as described in the claim 4 by the method for webpage reminding subscriber terminal authentification failure reason, it is characterized in that described network access server is controlled described user terminal according to the described Access Control List (ACL) that receives can only connect described web page address.
6, as the method by webpage reminding subscriber terminal authentification failure reason as described in the claim 3, it is characterized in that, after described network access server receives the described web page address of described authentication and authorization charging server transmission, stop to send the charging message of described user terminal to described mandate accounting server.
7, a kind of system by webpage reminding subscriber terminal authentification failure reason comprises network gateway server, authentication and authorization charging server and network access server, it is characterized in that,
The webpage that described network gateway server stores and renewal are used to point out various authentification failure reasons;
The corresponding relation of the web page address of the described failure cause of storing in described authentication and authorization charging server authentication storage failure cause and the described network gateway server of demonstration, and when user end certification is failed, the web page address corresponding with failure cause sent to described network access server;
Described network access server is redirected to the described web page address that receives from described authentication and authorization charging server with the accessed web page request of the user terminal of authentification failure.
8, as the system by webpage reminding subscriber terminal authentification failure reason as described in the claim 7, it is characterized in that described authentication and authorization charging server also generates the Access Control List (ACL) of control user terminal access network legal power and sends to described network access server;
Described network access server is controlled the access rights of the user terminal of authentification failure according to the described Access Control List (ACL) that receives from described authentication and authorization charging server.
9, a kind of authentication and authorization charging server, it is characterized in that, comprise the corresponding relation administrative unit, the corresponding relation that is used for the web page address of the described failure cause of demonstration that authentication storage failure cause and network gateway server store, and the web page address corresponding with failure cause sent to network access server when user end certification is failed by described authentication and authorization charging server.
10, as authentication and authorization charging server as described in the claim 9, it is characterized in that, also comprise the Access Control List (ACL) unit, be used to generate the Access Control List (ACL) of control user terminal access network legal power and send to network access server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610145583 CN1968094A (en) | 2006-11-23 | 2006-11-23 | Method, system and server for prompting the cause for user terminal authentication failure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610145583 CN1968094A (en) | 2006-11-23 | 2006-11-23 | Method, system and server for prompting the cause for user terminal authentication failure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1968094A true CN1968094A (en) | 2007-05-23 |
Family
ID=38076666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610145583 Pending CN1968094A (en) | 2006-11-23 | 2006-11-23 | Method, system and server for prompting the cause for user terminal authentication failure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1968094A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101188860B (en) * | 2007-12-19 | 2010-11-10 | 华为技术有限公司 | A method and device for recognizing exceptional terminal |
| WO2010148664A1 (en) * | 2009-12-22 | 2010-12-29 | 中兴通讯股份有限公司 | Method, client, server and communication system for message obtaining and processing |
| CN101442397B (en) * | 2007-11-23 | 2012-07-04 | 中兴通讯股份有限公司 | Transmission method for reason value |
| CN103152332A (en) * | 2013-02-17 | 2013-06-12 | 中兴通讯股份有限公司 | Method and equipment for authenticating extensible authentication protocol (EAP) with WEB service assistance |
| CN103227729A (en) * | 2013-04-19 | 2013-07-31 | 深圳市吉祥腾达科技有限公司 | Method and device for prompting PPPoE dialing user name and password error failures |
| CN103560996A (en) * | 2013-10-09 | 2014-02-05 | 北京奇虎科技有限公司 | Access permission control method and device |
| CN103905382A (en) * | 2012-12-26 | 2014-07-02 | 中国电信股份有限公司 | Broadband user dial-up authentication error processing method and system |
| CN105391561A (en) * | 2015-11-27 | 2016-03-09 | 小米科技有限责任公司 | Method and apparatus for processing network arrears |
| CN106549918A (en) * | 2015-09-21 | 2017-03-29 | ***通信集团黑龙江有限公司 | A kind of method and device of the transmission service abnormal cause page |
-
2006
- 2006-11-23 CN CN 200610145583 patent/CN1968094A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442397B (en) * | 2007-11-23 | 2012-07-04 | 中兴通讯股份有限公司 | Transmission method for reason value |
| CN101188860B (en) * | 2007-12-19 | 2010-11-10 | 华为技术有限公司 | A method and device for recognizing exceptional terminal |
| WO2010148664A1 (en) * | 2009-12-22 | 2010-12-29 | 中兴通讯股份有限公司 | Method, client, server and communication system for message obtaining and processing |
| CN103905382A (en) * | 2012-12-26 | 2014-07-02 | 中国电信股份有限公司 | Broadband user dial-up authentication error processing method and system |
| CN103152332A (en) * | 2013-02-17 | 2013-06-12 | 中兴通讯股份有限公司 | Method and equipment for authenticating extensible authentication protocol (EAP) with WEB service assistance |
| CN103152332B (en) * | 2013-02-17 | 2018-02-16 | 中兴通讯股份有限公司 | A kind of EAP authentication method and apparatus under WEB service assistance |
| CN103227729A (en) * | 2013-04-19 | 2013-07-31 | 深圳市吉祥腾达科技有限公司 | Method and device for prompting PPPoE dialing user name and password error failures |
| CN103227729B (en) * | 2013-04-19 | 2016-01-13 | 深圳市吉祥腾达科技有限公司 | PPPoE dial user name and code error fault cues method and device |
| CN103560996A (en) * | 2013-10-09 | 2014-02-05 | 北京奇虎科技有限公司 | Access permission control method and device |
| CN103560996B (en) * | 2013-10-09 | 2017-01-25 | 北京奇安信科技有限公司 | access permission control method and device |
| CN106549918A (en) * | 2015-09-21 | 2017-03-29 | ***通信集团黑龙江有限公司 | A kind of method and device of the transmission service abnormal cause page |
| CN106549918B (en) * | 2015-09-21 | 2019-10-18 | ***通信集团黑龙江有限公司 | A kind of method and device of the transmission service abnormal cause page |
| CN105391561A (en) * | 2015-11-27 | 2016-03-09 | 小米科技有限责任公司 | Method and apparatus for processing network arrears |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1968094A (en) | Method, system and server for prompting the cause for user terminal authentication failure | |
| AU2006232450B2 (en) | System and method for managing documents with multiple network applications | |
| US7216070B2 (en) | System and method for managing documents with multiple applications | |
| US8037191B2 (en) | Low-level remote sharing of local devices in a remote access session across a computer network | |
| CN1288575C (en) | System and method for managing connections between client and server | |
| CN1459067A (en) | System and method for providing content on network | |
| EP3185150A1 (en) | Methods and apparatus for providing access to content | |
| CN1809060A (en) | Method and system for implementing privacy notice, consent, and preference with a privacy proxy | |
| CN1758596A (en) | Relay device, authentication server, and authentication method | |
| EP2332114A2 (en) | Form filling with digital identities, and automatic password generation | |
| CN1354856A (en) | World wide web access for voice mail and page | |
| CN1941009A (en) | Method for realizing fee payment by mobile telecommunication terminal | |
| CN1848883A (en) | Call system, proxy dial server apparatus and proxy dial method for use therewith, and program thereof | |
| CN1859604A (en) | Power discriminating method for service request start flow | |
| CN1217278C (en) | Method and system for assuring usability of service recommendal by service supplier | |
| CN1614929A (en) | Initiating distribution of server based content via web-enabled device | |
| CN1929376A (en) | Method for establishing universal identity authentication system and user's information storage | |
| CN1960304A (en) | Method for realizing cross-domain access by using local domain proxy server | |
| CN101035093A (en) | Method and system for processing message | |
| CN1761198A (en) | Contents delivery management apparatus and contents delivery management method | |
| CN101030860A (en) | Method and apparatus for preventing server from being attacked by automatic software | |
| US20100088359A1 (en) | Network based jit on a priori knowledge of a set of disparate clients | |
| CN1656479A (en) | Method and system for distributing data | |
| CN1864391A (en) | Mitigating self-propagating e-mail viruses | |
| JP2004171571A (en) | Document management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20070523 |