CN105939519A - Authentication method and device - Google Patents
Authentication method and device Download PDFInfo
- Publication number
- CN105939519A CN105939519A CN201510535329.2A CN201510535329A CN105939519A CN 105939519 A CN105939519 A CN 105939519A CN 201510535329 A CN201510535329 A CN 201510535329A CN 105939519 A CN105939519 A CN 105939519A
- Authority
- CN
- China
- Prior art keywords
- address
- client device
- wireless client
- certification
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an authentication method and device. The method comprises the following steps of: when an IP address of wireless client side equipment is changed from a first IP address to a second IP address, receiving an address change message sent by the wireless client side equipment, wherein a MAC address of the wireless client side equipment and the second IP address are carried in the address change message; searching whether the MAC address of the wireless client side equipment exists in a MAC address white list or not, wherein the MAC address white list is used for recording the MAC address of the wireless client side equipment passing authentication; and, when the MAC address of the wireless client side equipment exists, deleting the first IP address in an IP address white list, and adding the second IP address into the IP address white list, wherein the IP address white list is used for recording the IP address of the wireless client side equipment passing authentication. According to the authentication method and device disclosed by the invention, network interruption when the wireless client side equipment roams across a local area network can be avoided; and thus, the user experience is improved.
Description
Technical field
The application relates to network communication technology field, particularly relates to a kind of authentication method and device.
Background technology
One large-scale wireless network is generally made up of multiple Small-scale LANs, when user is at different locals
During the internetwork roaming of net, and the IP of the wireless client device that user is used (Internet Protocol, internet
Agreement) address and access VLAN (Virtual Local Area Network, VLAN) all
Can change, accordingly, it would be desirable to suspension re-authentication, cause Consumer's Experience to be deteriorated.
Summary of the invention
In view of this, the application provides a kind of authentication method and device.
Specifically, the application is achieved by the following technical solution:
The application provides a kind of authentication method, is applied on wireless client device, and the method includes:
When the Internet protocol IP address of described wireless client device becomes the 2nd IP ground from an IP address
During location, obtain current authentication state;
When described current authentication state is verified status, send address change message to certificate server,
Described address change message carries described wireless client device medium access control MAC Address and
Described 2nd IP address, so that described certificate server is confirming described wireless according to described MAC Address
After client device is by certification, secondary IP address white list is deleted a described IP address, add
Described 2nd IP address.
The application also provides for a kind of authentication method, is applied on certificate server, and the method includes:
When the Internet protocol IP address of wireless client device becomes the 2nd IP address from an IP address,
Receive the address change message that described wireless client device sends, described address change message carries institute
State medium access control MAC Address and the 2nd IP address of wireless client device;
Search the MAC Address that whether there is described wireless client device in MAC Address white list,
Described MAC Address white list has passed through the MAC Address of the wireless client device of certification for record;
When there is the MAC Address of described wireless client device, delete the in IP address white list
One IP address, adds to described 2nd IP address in the white list of described IP address, described IP address
White list has passed through the IP address of the wireless client device of certification for record.
The application also provides for a kind of certification device, is applied on wireless client device, and this device includes:
Acquiring unit, for the Internet protocol IP address when described wireless client device from an IP ground
When location becomes the 2nd IP address, obtain current authentication state;
Transmitting element, for when described current authentication state is verified status, sends out to certificate server
Send address change message, described address change message carries the medium access of described wireless client device
Control MAC Address and described 2nd IP address, so that described certificate server is according to described MAC
After wireless client device described in Address Confirmation is by certification, secondary IP address white list is deleted described
One IP address, adds described 2nd IP address.
The application also provides for a kind of certification device, is applied on certificate server, and this device includes:
Receive unit, for when the Internet protocol IP address of wireless client device becomes from an IP address
When being the 2nd IP address, receive the address change message that described wireless client device sends, described address
Change message carries medium access control MAC Address and the 2nd IP ground of described wireless client device
Location;
Search unit, be used for searching in MAC Address white list whether there is described wireless client device
MAC Address, described MAC Address white list for record by the wireless client device of certification
MAC Address;
Processing unit, for when there is the MAC Address of described wireless client device, deletes IP ground
An IP address in the white list of location, adds to described 2nd IP address in the white list of described IP address,
Described IP address white list has passed through the IP address of the wireless client device of certification for record.
By foregoing description it can be seen that the application is by the MAC Address of wireless client device and IP address
Combine and be authenticated, utilize MAC Address to identify as the unique of wireless client device, thus
During wireless client device IP address change, it is confirmed whether to need re-authentication according to MAC Address.This
Application can reduce the certification number of times of wireless client device, it is to avoid wireless client device roams across LAN
Time network interrupt, improve Consumer's Experience.
Accompanying drawing explanation
Fig. 1 is the radio roaming network diagram shown in the application one exemplary embodiment;
Fig. 2 is a kind of authentication method flow chart shown in the application one exemplary embodiment;
Fig. 3 is a kind of authentication method flow chart shown in the application another exemplary embodiment;
Fig. 4 is the underlying hardware of a kind of certification device place equipment shown in the application one exemplary embodiment
Structural representation;
Fig. 5 is the structural representation of a kind of certification device shown in the application one exemplary embodiment;
Fig. 6 is the structural representation of a kind of certification device shown in the application another exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following
When description relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous
Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the application
There is embodiment.On the contrary, they only with as appended claims describes in detail, the one of the application
The example of the apparatus and method that a little aspects are consistent.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting
The application." a kind of " of singulative used in the application and appended claims, " institute
State " and " being somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.Also should
Work as understanding, term "and/or" used herein refer to and comprise one or more be associated list item
Any or all possible combination of purpose.
Although should be appreciated that may use term first, second, third, etc. various to describe in the application
Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that
This distinguishes.Such as, in the case of without departing from the application scope, the first information can also be referred to as
Two information, similarly, the second information can also be referred to as the first information.Depend on linguistic context, as in this institute
Use word " if " can be construed to " and ... time " or " when ... time " or " response
In determining ".
Fig. 1 show a kind of radio roaming network diagram.Wherein, DHCP Server is DHCP clothes
Business device, Radius Server is certificate server, and Internet is the Internet, SW1 and SW2 is exchange
Equipment, AP1 and AP2 is WAP, the wireless client device that STA is used by user,
VLAN1 and VLAN2 is VLAN, and the VLAN1 correspondence network segment is 172.254.1.1/24, VLAN2
The corresponding network segment is that 172.254.2.1/24, SW1 and AP 1 belongs to VLAN1, SW2 and AP2 and belong to
VLAN2, STA can be at the internetwork roamings of VLAN1 and VLAN2.
When STA accesses VLAN1 by AP1, DHCP Server is that the IP address of its distribution is
172.254.1.10, after user inputs user name, password by STA, recognize to Radius Server
Card, certification is by rear access the Internet.When user uses STA to roam into VLAN2 network, DHCP
Server be its distribution IP address be 172.254.2.20, user needs to re-enter username and password
To Radius Server certification, certification accesses the Internet by rear just can continuation.Visible, above-mentioned unrestrained
During trip, the access of the Internet is interrupted by user due to needs re-authentication, and Consumer's Experience is imitated
The most poor.
For the problems referred to above, the embodiment of the present application proposes a kind of authentication method, and the method is by wireless client
The MAC Address of equipment is as unique mark of wireless client device, the MAC when IP address change
Without re-authentication when address is constant.Make certification wireless client device at different locals by the method
Without re-authentication during the internetwork roaming of net, thus avoiding suspension problem, the online improving user is experienced.
Seeing Fig. 2, for an embodiment flow chart of the application authentication method, this embodiment is from wireless visitor
Verification process is described by family end equipment side.
Step 201, when the Internet protocol IP address of described wireless client device becomes from an IP address
When being the 2nd IP address, obtain current authentication state.
As it was previously stated, wireless client device can occur IP address change when the internetwork roaming of LAN,
IP address before change is referred to as an IP address by the embodiment of the present application, and the IP address after change is referred to as
2nd IP address.Meanwhile, the wireless client device in the embodiment of the present application can be revised according to ruuning situation
The authentication state of self, when wireless client device is by certificate server certification, repaiies authentication state
Change verified status into;Otherwise, authentication state is revised as un-authenticated state.So, work as wireless client
When the IP address of end equipment becomes the 2nd IP address from an IP address, wireless client device can obtain
To current authentication state, complete subsequent authentication procedure according to the most different authentication states.
Step 202, when described current authentication state is verified status, sends ground to certificate server
Location change message, carries the medium access control of described wireless client device in described address change message
MAC Address and described 2nd IP address, so that described certificate server is according to described MAC Address
After confirming that described wireless client device is by certification, secondary IP address white list is deleted a described IP
Address, adds described 2nd IP address.
After getting current authentication state by step 201, divide following two according to current authentication state
Situation processes:
When the current authentication state of wireless client device is un-authenticated state, current wireless client is described
End equipment is probably access network or owing to Network Abnormal needs re-authentication first, now, wireless client
End equipment can access outer net according to existing identifying procedure, when the request of this access outer net arrives authentication service
During device, certificate server is according to source IP address (the IP ground of current wireless client device of request message
Location is the 2nd IP address) inquire about the IP address white list recorded (for record by the nothing of certification
The IP address of line client device) in the most there is the 2nd IP address.When in the white list of IP address
When there is not the 2nd IP address, certificate server sends redirection message to this wireless client device.
Wireless client device receives after redirection message, the certification page of display inputs user name,
Password, such as, this user name can be cell-phone number, and password is the dynamic verification code that user mobile phone obtains,
Authentication request packet is sent to certificate server, except carrying user in this authentication request packet after input
Outside name, password, also carry MAC Address and the 2nd IP address of wireless client device.Certification takes
Wireless client device is authenticated by business device according to user name, password, and after certification is passed through, by nothing
The MAC Address of line client device adds MAC Address white list to (for record by certification
The MAC Address of wireless client device) in, the 2nd IP address is added in the white list of IP address.
Meanwhile, certificate server sends certification success message to wireless client device.Wireless client sets
Standby receive this certification success message after, amendment current authentication state is verified status, in order to follow-up send out again
According to the flow processing of certification wireless client device during raw IP address change.
When authentication state when wireless client device occurs IP address change is verified status, explanation
It is that this wireless client device once successfully passed the certification of certificate server, i.e. this wireless client device
Authenticating device, then without by user name, password re-authentication.Wireless client device can be actively to recognizing
Card server sends address change message, carries wireless client device in this address change message
The 2nd IP address after MAC Address and change, to notify that certificate server current wireless client sets
Standby IP address changes, and makes certificate server confirm wireless client device according to MAC Address
After by certification, secondary IP address white list is deleted an IP address, adds the 2nd IP address, from
And complete the change of the address of certification wireless client device IP.
When wireless client device accesses outer net, the IP address white list of certificate server records this
2nd IP address of wireless client device, therefore, this wireless client device is without re-starting identity
Certification can normally access outer net, it is to avoid the access interrupt that verification process causes.
Additionally, wireless client device can periodically send heartbeat message, certification in normal course of operation
Server returns response message, to show that network service is normal after receiving this heartbeat message.As wireless visitor
When family end equipment does not receives the response message that certificate server returns, statistics does not receives the secondary of response message
Number.When the number of times not received continuously reaches default dont answer frequency threshold value, illustrate that network service is different
Often, wireless client device needs re-authentication, therefore, is un-authenticated state by current authentication status modifier.
When wireless client visits again outer net, authentication need to be carried out again through user name, password.
Seeing Fig. 3, for another embodiment flow chart of the application authentication method, this embodiment is from certification
Verification process is described by server side.
Step 301, when the Internet protocol IP address of wireless client device becomes from an IP address
During two IP addresses, receive the address change message that described wireless client device sends, described address change
Message carries medium access control MAC Address and the 2nd IP address of described wireless client device.
See the description of abovementioned steps 201 and step 202, wireless client device when IP address change,
Obtain current authentication state, when current authentication state is verified status, send ground to certificate server
Location change message.After certificate server receives this address change message, obtain from address change message
The 2nd IP address after the MAC Address of wireless client device and change.
Step 302, searches in MAC Address white list whether there is described wireless client device
MAC Address, described MAC Address white list has passed through the wireless client device of certification for record
MAC Address.
First, judge that whether wireless client device is authenticating device according to the MAC Address obtained.
Specifically, search the MAC Address that whether there is this wireless client device in MAC Address white list.
This is by the MAC Address record of all wireless client devices by certification due to certificate server
In MAC Address white list, therefore, certificate server can be confirmed by inquiry MAC Address white list
Wireless client device has passed through certification the most.
Step 303, when there is the MAC Address of described wireless client device, deletes IP address white
An IP address in list, adds to described 2nd IP address in the white list of described IP address, institute
State IP address white list for record by the IP address of the wireless client device of certification.
When confirming that wireless client device is authenticating device by step 302, i.e. MAC Address is white
When list exists the MAC Address of wireless client device, find the IP in the white list of IP address
Address, deletes an IP address, is added in the white list of IP address the 2nd IP address, thus complete
The IP address becoming certification wireless client device updates.When this wireless client device roams across LAN
Time, owing to the wireless client device IP address in the IP address white list of certificate server updates,
It is therefore not necessary to interrupt network re-authentication i.e. may have access to outer net.
Said process is the processing procedure of certification wireless client device, as the IP of wireless client device
Address changes, and when current authentication state is un-authenticated state, wireless client device will not send
Address change message, but use prior art to directly transmit the request accessing outer net.Certificate server root
Redirection message is sent to wireless client device, so that wireless client device passes through user according to this request
Name, password carry out authentication to certificate server.
Certificate server receives the authentication request packet that wireless client device sends, from this certification request report
Literary composition obtains user name, password, the also MAC Address of wireless client device and the 2nd IP address.
According to user name, password, certificate server determines whether this wireless client device can pass through certification, when
When user name, password are correct, confirm that current wireless client device can pass through certification.For passing through body
The wireless client device of part certification, adds the MAC Address of this wireless client device to MAC
In the white list of address, the 2nd corresponding IP address is added in the white list of IP address, and to wireless visitor
Family end equipment sends certification success message, so that wireless client device updates according to this certification success message
Authentication state is verified status, in order to during follow-up this wireless client device IP address change, it is not necessary to
Walk flow for authenticating ID, it is to avoid network disruption.
Additionally, certificate server can be periodically received the heartbeat message that wireless client device sends, with
Show normal with the network service of opposite end.Certificate server presets heart beating duration threshold value, this heart beating duration threshold
Value shows the largest interval duration of twice heartbeat message of reception that certificate server allows.When at the default heart
When the most again receiving the heartbeat message that wireless client device sends in jumping duration threshold value, illustrate that network leads to
Letter is abnormal, and certificate server requires that wireless client device re-authentication is reached the standard grade, specifically, authentication service
Device deletes the MAC Address of this wireless client device, and secondary IP address from MAC Address white list
White list is deleted the IP address of this wireless client device.Meanwhile, described above noted above, due to net
Network is abnormal, and wireless client device naturally also cannot receive the response message of certificate server, therefore,
Authentication state can be revised as un-authenticated state, thus by flow for authenticating ID re-authentication.
By foregoing description it can be seen that the application is by the MAC Address of wireless client device and IP address
Combine and be authenticated, utilize MAC Address to identify as the unique of wireless client device, thus
During wireless client device IP address change, it is confirmed whether to need re-authentication according to MAC Address.This
Application can reduce the certification number of times of wireless client device, it is to avoid wireless client device roams across LAN
Time network interrupt, improve Consumer's Experience.
The most still as a example by Fig. 1, verification process is discussed in detail.
In this specific embodiment, wireless client device STA to roam into local from LAN VLAN1
Net VLAN2.
First, STA accesses VLAN1, STA and obtains IP address from DHCP Server is 172.254.1.10.
It is assumed that STA accesses wireless network first, do not carried out certification to certificate server Radius Server,
Then the current authentication state of STA is un-authenticated state, directly initiates extranet access request, Radius Server
Source IP address (172.254.1.10) inquiry IP address white list according to access request, current IP address
White list there is no IP address 172.254.1.10, it is thus identified that this STA is unauthenticated device.
Radius Server sends redirection message to STA, STA according to this redirection message at authentication page
Input user name, password on face, send authentication request packet to Radius Server.This certification request report
In literary composition in addition to carrying the user name of input, password, the MAC Address also carrying STA (is assumed
MAC Address is EF-11-34-56-DF-16) and IP address (172.254.1.10), Radius Server
After being validated user according to user name, the current STA of password confirming, by MAC Address
EF-11-34-56-DF-16 and IP address 172.254.1.10 is respectively added to MAC Address white list and IP
In the white list of address, and send certification success message to STA, after STA receives certification success message,
Authentication state is revised as verified status.STA accesses outer net by VLAN1.
When STA roams into VLAN2 from VLAN1, again obtaining IP address from DHCP Server is
172.254.2.20.After the change of STA perception own IP address, obtain current authentication state, work as certification
When state is verified status, actively send address change message, this address change to Radius Server
Message comprises STA MAC Address (EF-11-34-56-DF-16) and change after IP address
(172.254.2.20).Radius Server obtains the MAC Address (EF-11-34-56-DF-16) of STA
With IP address (172.254.2.20).The MAC Address white list that inquiry is local, current in confirmation
When MAC Address white list exists MAC Address (EF-11-34-56-DF-16) of STA, search
IP address (172.254.1.10) last for the STA of record in the white list of IP address, deletes this IP
Address (172.254.1.10), the IP address (172.254.2.20) after being changed by STA adds IP to
In the white list of address.
When STA initiates extranet access request in VLAN2, Radius Server is according to the IP of STA
, now, in the white list of IP address, there is IP in inquiry IP address, address (172.254.2.20) white list
Address (172.254.2.20), therefore, STA i.e. may have access to outer net without re-starting authentication, keeps away
Exempt from network interruption, improve Consumer's Experience.
Corresponding with the embodiment of aforementioned authentication method, present invention also provides the embodiment of certification device.
The embodiment of the application certification device can be applied on wireless client device or certificate server.
Device embodiment can be realized by software, it is also possible to realizes by the way of hardware or software and hardware combining.
As a example by implemented in software, as the device on a logical meaning, it it is the processor by its place equipment
Computer program instructions corresponding in run memory is formed.For hardware view, as shown in Figure 4,
For a kind of hardware structure diagram of the application certification device place equipment, except the processor shown in Fig. 4, net
Outside network interface and memorizer, in embodiment, the equipment at device place is generally according to the reality of this equipment
Function, it is also possible to include other hardware, this is repeated no more.
Refer to Fig. 5, for the structural representation of the certification device in one embodiment of the application.This certification
Device includes acquiring unit 501 and transmitting element 502, wherein:
Acquiring unit 501, for when the Internet protocol IP address of described wireless client device is from an IP
When address becomes the 2nd IP address, obtain current authentication state;
Transmitting element 502, for when described current authentication state is verified status, to authentication service
Device sends address change message, carries the medium of described wireless client device in described address change message
Access control MAC addresses and described 2nd IP address, so that described certificate server is according to described
After MAC Address confirms that described wireless client device is by certification, secondary IP address white list is deleted
A described IP address, adds described 2nd IP address.
Further, described device also includes:
Receive unit, for when described current authentication state is un-authenticated state, receive described certification clothes
The redirection message that business device sends;
Described transmitting element 502, is additionally operable to send to described certificate server according to described redirection message
Authentication request packet, carries user name, password and described wireless client in described authentication request packet
The MAC Address of equipment and the 2nd IP address so that described certificate server according to described user name,
When wireless client device described in password confirming is by certification, add described MAC Address to MAC
In the white list of address, described 2nd IP address is added in the white list of IP address;
Described reception unit, also with receiving described certificate server according to described user name, password confirming
The certification success message sent when described wireless client device is by certification;
Amendment unit, is verified status for revising current authentication state according to described certification success message.
Further, described device also includes:
Described transmitting element 502, is additionally operable to periodically send heartbeat message to described certificate server;
Statistic unit, is used for adding up and does not receives described certificate server continuously and return according to described heartbeat message
The number of times of the response message returned;
Described amendment unit, the number of times being additionally operable to not receive continuously response message reaches default should not
When answering frequency threshold value, amendment current authentication state is un-authenticated state.
Refer to Fig. 6, for the structural representation of the certification device in another embodiment of the application.This is recognized
Card device includes receiving unit 601, searching unit 602 and processing unit 603, wherein:
Receive unit 601, for the Internet protocol IP address when wireless client device from an IP ground
When location becomes the 2nd IP address, receive the address change message that described wireless client device sends, described
Address change message carries the medium access control MAC Address and second of described wireless client device
IP address;
Search unit 602, be used for searching in MAC Address white list and whether there is described wireless client and set
Standby MAC Address, described MAC Address white list is set by the wireless client of certification for record
Standby MAC Address;
Processing unit 603, for when there is the MAC Address of described wireless client device, deletes
An IP address in the white list of IP address, adds described 2nd IP address to described IP address white name
Dan Zhong, described IP address white list has passed through the IP address of the wireless client device of certification for record.
Further, described device also includes:
Transmitting element, is used for when not receiving the address change message that described wireless client device sends,
Redirection message is sent to described wireless client device;
Described reception unit 601, is additionally operable to receive described wireless client device and redirects report according to described
The authentication request packet that literary composition sends, carries user name, password and described nothing in described authentication request packet
The MAC Address of line client device and the 2nd IP address;
Determine unit, for determining whether described wireless client device leads to according to described user name, password
Cross certification;
Described processing unit 603, is additionally operable to when described wireless client device is by certification, by described
The MAC Address of wireless client device adds in described MAC Address white list, by described second
IP adds to address in the white list of described IP address;
Described transmitting element, is additionally operable to send certification success message to described wireless client device.
Further, described device also includes:
Acquiring unit, for obtaining default heart beating duration threshold value;
Described processing unit 603, is additionally operable to when not receiving institute in described default heart beating duration threshold value
When stating the heartbeat message that wireless client device sends, delete described from described MAC Address white list
The MAC Address of wireless client device, and delete described wireless client from the white list of described IP address
The IP address of end equipment, so that the online of described wireless client device re-authentication.
In said apparatus, the function of unit and the process that realizes of effect specifically refer in said method corresponding
Step realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part ginseng
See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically,
The wherein said unit illustrated as separating component can be or may not be physically separate, makees
The parts shown for unit can be or may not be physical location, i.e. may be located at a place,
Or can also be distributed on multiple NE.Can select according to the actual needs part therein or
The whole module of person realizes the purpose of the application scheme.Those of ordinary skill in the art are not paying creativeness
In the case of work, i.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all at this
Within the spirit of application and principle, any modification, equivalent substitution and improvement etc. done, should be included in
Within the scope of the application protection.
Claims (12)
1. an authentication method, is applied on wireless client device, it is characterised in that the method includes:
When the Internet protocol IP address of described wireless client device becomes the 2nd IP ground from an IP address
During location, obtain current authentication state;
When described current authentication state is verified status, send address change message to certificate server,
Described address change message carries described wireless client device medium access control MAC Address and
Described 2nd IP address, so that described certificate server is confirming described wireless according to described MAC Address
After client device is by certification, secondary IP address white list is deleted a described IP address, add
Described 2nd IP address.
2. the method for claim 1, it is characterised in that described method also includes:
When described current authentication state is un-authenticated state, receive resetting of described certificate server transmission
To message;
Sending authentication request packet according to described redirection message to described certificate server, described certification please
Ask and message carries user name, password and the MAC Address of described wireless client device and the 2nd IP
Address, so that described certificate server is setting according to wireless client described in described user name, password confirming
For during by certification, described MAC Address is added in MAC Address white list, by described second
IP adds to address in the white list of IP address;
Receive described certificate server according to wireless client device described in described user name, password confirming
The certification success message sent during by certification;
It is verified status according to described certification success message amendment current authentication state.
3. method as claimed in claim 1 or 2, it is characterised in that described method also includes:
Periodically send heartbeat message to described certificate server;
Statistics does not receives continuously the response message that described certificate server returns according to described heartbeat message
Number of times;
When the number of times not receiving response message continuously reaches default dont answer frequency threshold value, amendment is worked as
Front authentication state is un-authenticated state.
4. an authentication method, is applied on certificate server, it is characterised in that the method includes:
When the Internet protocol IP address of wireless client device becomes the 2nd IP address from an IP address,
Receive the address change message that described wireless client device sends, described address change message carries institute
State medium access control MAC Address and the 2nd IP address of wireless client device;
Search the MAC Address that whether there is described wireless client device in MAC Address white list, institute
State MAC Address white list for record by the MAC Address of the wireless client device of certification;
When there is the MAC Address of described wireless client device, delete the in IP address white list
One IP address, adds to described 2nd IP address in the white list of described IP address, described IP address
White list has passed through the IP address of the wireless client device of certification for record.
5. method as claimed in claim 4, it is characterised in that described method also includes:
When not receiving the address change message that described wireless client device sends, to described wireless visitor
Family end equipment sends redirection message;
Receive the authentication request packet that described wireless client device sends, institute according to described redirection message
State and authentication request packet carries user name, password and the MAC Address of described wireless client device
With the 2nd IP address;
Determine whether described wireless client device passes through certification according to described user name, password;
When described wireless client device is by certification, by the MAC ground of described wireless client device
Location is added in described MAC Address white list, adds described 2nd IP address to described IP address
In white list;
Certification success message is sent to described wireless client device.
6. the method as described in claim 4 or 5, it is characterised in that described method also includes:
Obtain the heart beating duration threshold value preset;
When not receiving the heart that described wireless client device sends in described default heart beating duration threshold value
When jumping message, from described MAC Address white list, delete the MAC Address of described wireless client device,
And delete the IP address of described wireless client device from the white list of described IP address, so that described nothing
Line client device re-authentication is surfed the Net.
7. a certification device, is applied on wireless client device, it is characterised in that this device includes:
Acquiring unit, for the Internet protocol IP address when described wireless client device from an IP ground
When location becomes the 2nd IP address, obtain current authentication state;
Transmitting element, for when described current authentication state is verified status, sends out to certificate server
Send address change message, described address change message carries the medium access of described wireless client device
Control MAC Address and described 2nd IP address, so that described certificate server is according to described MAC
After wireless client device described in Address Confirmation is by certification, secondary IP address white list is deleted described
One IP address, adds described 2nd IP address.
8. device as claimed in claim 7, it is characterised in that described device also includes:
Receive unit, for when described current authentication state is un-authenticated state, receive described certification clothes
The redirection message that business device sends;
Described transmitting element, is additionally operable to send certification according to described redirection message to described certificate server
Request message, carries user name, password and described wireless client device in described authentication request packet
MAC Address and the 2nd IP address so that described certificate server is according to described user name, password
When confirming described wireless client device by certification, add described MAC Address to MAC Address white
In list, described 2nd IP address is added in the white list of IP address;
Described reception unit, also with receiving described certificate server according to described user name, password confirming
The certification success message sent when described wireless client device is by certification;
Amendment unit, is verified status for revising current authentication state according to described certification success message.
9. device as claimed in claim 7 or 8, it is characterised in that described device also includes:
Described transmitting element, is additionally operable to periodically send heartbeat message to described certificate server;
Statistic unit, is used for adding up and does not receives described certificate server continuously and return according to described heartbeat message
The number of times of the response message returned;
Described amendment unit, the number of times being additionally operable to not receive continuously response message reaches default should not
When answering frequency threshold value, amendment current authentication state is un-authenticated state.
10. a certification device, is applied on certificate server, it is characterised in that this device includes:
Receive unit, for when the Internet protocol IP address of wireless client device becomes from an IP address
When being the 2nd IP address, receive the address change message that described wireless client device sends, described address
Change message carries medium access control MAC Address and the 2nd IP ground of described wireless client device
Location;
Search unit, be used for searching in MAC Address white list whether there is described wireless client device
MAC Address, described MAC Address white list for record by the wireless client device of certification
MAC Address;
Processing unit, for when there is the MAC Address of described wireless client device, deletes IP ground
An IP address in the white list of location, adds to described 2nd IP address in the white list of described IP address,
Described IP address white list has passed through the IP address of the wireless client device of certification for record.
11. devices as claimed in claim 10, it is characterised in that described device also includes:
Transmitting element, is used for when not receiving the address change message that described wireless client device sends,
Redirection message is sent to described wireless client device;
Described reception unit, is additionally operable to receive described wireless client device and sends out according to described redirection message
The authentication request packet sent, carries user name, password and described wireless visitor in described authentication request packet
The MAC Address of family end equipment and the 2nd IP address;
Determine unit, for determining whether described wireless client device leads to according to described user name, password
Cross certification;
Described processing unit, is additionally operable to when described wireless client device is by certification, by described wireless
The MAC Address of client device adds in described MAC Address white list, by described 2nd IP ground
Location is added in the white list of described IP address;
Described transmitting element, is additionally operable to send certification success message to described wireless client device.
12. devices as described in claim 10 or 11, it is characterised in that described device also includes:
Acquiring unit, for obtaining default heart beating duration threshold value;
Described processing unit, is additionally operable to when not receiving described nothing in described default heart beating duration threshold value
During the heartbeat message that line client device sends, delete described wireless from described MAC Address white list
The MAC Address of client device, and from the white list of described IP address, delete described wireless client set
Standby IP address, so that the online of described wireless client device re-authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510535329.2A CN105939519B (en) | 2015-08-27 | 2015-08-27 | A kind of authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510535329.2A CN105939519B (en) | 2015-08-27 | 2015-08-27 | A kind of authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105939519A true CN105939519A (en) | 2016-09-14 |
| CN105939519B CN105939519B (en) | 2019-07-09 |
Family
ID=57152809
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510535329.2A Active CN105939519B (en) | 2015-08-27 | 2015-08-27 | A kind of authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105939519B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| CN107483480A (en) * | 2017-09-11 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of processing method and processing device of address |
| CN108234503A (en) * | 2018-01-11 | 2018-06-29 | 中国电子科技集团公司第三十研究所 | A kind of safety neighbor automatic discovering method of network node |
| CN108243418A (en) * | 2016-12-23 | 2018-07-03 | 北京明朝万达科技股份有限公司 | A kind of connection of mobile terminal into network smooth-switching method and system |
| CN108600153A (en) * | 2018-03-05 | 2018-09-28 | 北京小米移动软件有限公司 | Verification method and device |
| CN110943962A (en) * | 2018-09-21 | 2020-03-31 | 华为技术有限公司 | Authentication method, network equipment, authentication server and forwarding equipment |
| CN112448939A (en) * | 2019-09-05 | 2021-03-05 | 阿里巴巴集团控股有限公司 | Safety protection method, device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050082046A (en) * | 2004-02-17 | 2005-08-22 | 아이피원(주) | Vlan architecture method based on user's authentication in lan |
| CN101848463A (en) * | 2010-03-16 | 2010-09-29 | 苏州汉明科技有限公司 | Method for protecting access of legal user based on wireless access point |
| CN102075904A (en) * | 2010-12-24 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and device for preventing re-authentication of roaming user |
| CN103501495A (en) * | 2013-10-16 | 2014-01-08 | 苏州汉明科技有限公司 | Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication |
| CN104144095A (en) * | 2014-08-08 | 2014-11-12 | 福建星网锐捷网络有限公司 | Terminal authentication method and interchanger |
-
2015
- 2015-08-27 CN CN201510535329.2A patent/CN105939519B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050082046A (en) * | 2004-02-17 | 2005-08-22 | 아이피원(주) | Vlan architecture method based on user's authentication in lan |
| CN101848463A (en) * | 2010-03-16 | 2010-09-29 | 苏州汉明科技有限公司 | Method for protecting access of legal user based on wireless access point |
| CN102075904A (en) * | 2010-12-24 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and device for preventing re-authentication of roaming user |
| CN103501495A (en) * | 2013-10-16 | 2014-01-08 | 苏州汉明科技有限公司 | Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication |
| CN104144095A (en) * | 2014-08-08 | 2014-11-12 | 福建星网锐捷网络有限公司 | Terminal authentication method and interchanger |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108243418A (en) * | 2016-12-23 | 2018-07-03 | 北京明朝万达科技股份有限公司 | A kind of connection of mobile terminal into network smooth-switching method and system |
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| CN107360184B (en) * | 2017-08-14 | 2020-09-08 | 杭州迪普科技股份有限公司 | Terminal equipment authentication method and device |
| US10944744B2 (en) | 2017-08-14 | 2021-03-09 | Hangzhou Dptech Technologies Co., Ltd. | Verifying terminal device |
| CN107483480A (en) * | 2017-09-11 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of processing method and processing device of address |
| CN108234503A (en) * | 2018-01-11 | 2018-06-29 | 中国电子科技集团公司第三十研究所 | A kind of safety neighbor automatic discovering method of network node |
| CN108234503B (en) * | 2018-01-11 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Automatic discovery method for safety neighbors of network nodes |
| CN108600153A (en) * | 2018-03-05 | 2018-09-28 | 北京小米移动软件有限公司 | Verification method and device |
| CN110943962A (en) * | 2018-09-21 | 2020-03-31 | 华为技术有限公司 | Authentication method, network equipment, authentication server and forwarding equipment |
| CN110943962B (en) * | 2018-09-21 | 2021-01-29 | 华为技术有限公司 | Authentication method, network equipment, authentication server and forwarding equipment |
| CN112448939A (en) * | 2019-09-05 | 2021-03-05 | 阿里巴巴集团控股有限公司 | Safety protection method, device and storage medium |
| CN112448939B (en) * | 2019-09-05 | 2023-08-22 | 阿里巴巴集团控股有限公司 | Security protection method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105939519B (en) | 2019-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105939519A (en) | Authentication method and device | |
| CN107005442B (en) | Method and apparatus for remote access | |
| JP6280641B2 (en) | Account login method, device and system | |
| US9936390B2 (en) | Method and apparatus of triggering applications in a wireless environment | |
| EP3122144A1 (en) | Device and method for accessing wireless network | |
| CN103874069B (en) | A kind of wireless terminal MAC authentication devices and method | |
| CN103746812A (en) | Access authentication method and system | |
| US9275204B1 (en) | Enhanced network access-control credentials | |
| CN106658498A (en) | Portal approved quick roaming method and WiFi device | |
| CN104113548A (en) | Authentication message processing method and device | |
| CN101986598A (en) | Authentication method, server and system | |
| CN107995070A (en) | Networking control method, device and BRAS based on IPOE | |
| CN106507383B (en) | Real name auditing method, equipment and system | |
| CN107294992A (en) | The authentication method and device of a kind of application client of terminal device | |
| CN107528712A (en) | The determination of access rights, the access method of the page and device | |
| US8613069B1 (en) | Providing single sign-on for wireless devices | |
| CN105991640A (en) | Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request | |
| CN107645570A (en) | Client loading method and device | |
| CN106230788A (en) | The reorientation method of a kind of portal certification, radio reception device, portal server | |
| CN109379339B (en) | Portal authentication method and device | |
| US11134384B2 (en) | Access point AP authentication method, system, and related device | |
| CN105790944B (en) | A kind of method for network authorization and device based on wechat | |
| US8151338B2 (en) | Method and system for continuously serving authentication requests | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| US10212090B2 (en) | Policy control method and related apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |