CN103595712B - A kind of Web authentication method, apparatus and system - Google Patents
A kind of Web authentication method, apparatus and system Download PDFInfo
- Publication number
- CN103595712B CN103595712B CN201310546154.6A CN201310546154A CN103595712B CN 103595712 B CN103595712 B CN 103595712B CN 201310546154 A CN201310546154 A CN 201310546154A CN 103595712 B CN103595712 B CN 103595712B
- Authority
- CN
- China
- Prior art keywords
- message
- switch
- user terminal
- web authentication
- sdn controllers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of Web authentication method, apparatus and system, including:What SDN controllers were received from that the switch of barrel linchpin sends reports message, and it is the message after the switch is packaged to the message for carrying out the specified type of user terminal that this reports message, and the specified type is identical with the type of web authentication request message;When this reports is packaged with message from the web authentication request message of the user terminal, it is authenticated based on the authentication information carried in the web authentication request message, obtains authentication result;Web authentication response message to carrying the authentication result is packaged, and obtains downward message;The downward message is sent to the switch, for the web authentication response message encapsulated in the downward message is returned to the user terminal by the switch.The method provided using the present invention, is reduced the requirement to switch during web authentication, and improves the efficiency being improved to web authentication mechanism.
Description
Technical field
The present invention relates to networking technology area, more particularly to a kind of Web authentication method, apparatus and system.
Background technology
Existing web authentication is based on client/server(Client/Server)Certification, user is in user first
Login window input authentication information on the browser of terminal, and the authentication information is sent to the friendship of access by user terminal
Change planes, switch passes through the remote customer dialing authentication system of itself(Radius, Remote Authentication Dial
In User Service)Client receives the authentication information, is subsequently transmitted to certificate server, i.e. Radius servers,
Radius servers are authenticated to the authentication information, after certification passes through, Radius servers can trigger Radius clients to
User's distribution can access the address of outer net.When user offline, and by the Radius clients on switch to
Radius servers send offline request.
In existing web authentication technology, it is to perform the authentication processing related to web authentication by switch to operate, to equipment
Requirement it is higher, and in network, there is the more switch for needing to have web authentication function, when needing to lift switch
Web authentication function, such as, when improving web authentication mechanism, need to carry out functional promotion respectively to this multiple stage switch, so as to cause
The web authentication system ease for use of network side is poor, and improves less efficient when needing and improving web authentication mechanism.
The content of the invention
The embodiment of the present invention provides a kind of Web authentication method, apparatus and system, to solve present in prior art
It is higher to switch request during web authentication, and the less efficient problem is improved by web authentication mechanism.
The embodiment of the present invention provides a kind of Web authentication method, including:
Software defined network SDN controllers are received from the message that reports of the switch transmission of barrel linchpin, described to report message
Message after being packaged to the message for carrying out the specified type of user terminal for the switch, the specified type and Web
The type of authentication request packet is identical;
When it is described report message in be packaged with from the web authentication request message of the user terminal when, on described
The authentication information carried in the web authentication request message encapsulated in report message is authenticated, and obtains authentication result;
Web authentication response message to carrying the authentication result is packaged, and obtains downward message;
The downward message is sent to the switch, for by the switch by the institute encapsulated in the downward message
State web authentication response message and return to the user terminal.
In method provided in an embodiment of the present invention, SDN controllers ought be received and be packaged with the web authentication for carrying out user terminal
When reporting message of request message, the authentication information carried during the web authentication request message encapsulated in message is reported based on this are entered
Row certification, and authentication result is obtained, the web authentication of user terminal asked to be authenticated by SDN controllers in the method
Reason, thus the authentication processing operation that switch no longer needs execution related to web authentication, the requirement reduction to switch, and
And when needing to improve web authentication mechanism, corresponding functional promotion need to be carried out to SDN controllers only, without right again
Multiple switch carries out functional promotion respectively, and then improves the efficiency being improved to web authentication mechanism.
Further, SDN controllers be received from barrel linchpin switch send report message before, also include:To
The switch for carrying out web authentication of itself administration sends the first configuration file, for being matched somebody with somebody according to described first by switch
Put the message that file carrys out the specified type of user terminal to the SDN controller reports.
So so that switch after the first configuration file is received, according to first configuration file on the switch
All of the port configured, that is, complete the first step start certification process.
Further, SDN controllers be received from barrel linchpin switch send report message before, also include:To
The switch for carrying out web authentication of itself administration sends the second configuration file, for being matched somebody with somebody according to described second by switch
Put the message that file abandons the non-designated type for carrying out user terminal.
So so that switch after the second configuration file is received, according to second configuration file on the switch
All of the port configured, that is, complete second step start certification process.
Further, also include:When the SDN controllers pass through to the user end certification, to the switch
The 3rd configuration file of the end message for carrying the user terminal is sent, for indicating the switch for from the use
The service message of family terminal is processed.
The web authentication request of the user terminal by certification, switch according to the 3rd configuration file for receiving, to corresponding
Port configured, it is allowed to the service message that the user terminal to specifying source IP address and source MAC sends is processed,
Function of surfing the Net is opened in the port.
Further, also include:Receive the switch transmission is packaged with the report from a liner under the Web of the user terminal
The message of text;
The 4th configuration file of the end message for carrying the user terminal is sent to the switch, it is described for indicating
Switch stops being processed for the service message from the user terminal.
So, after the switch receives the 4th configuration file, corresponding port is matched somebody with somebody according to the 4th configuration file
Put, stop being processed for the service message for specifying the user terminal of source IP address and source MAC to send, i.e., in the port
Stop function of surfing the Net.
Further, also include:Send to the switch and cancel web authentication instruction message, for indicating the exchange
Machine cancels to the SDN controllers message of the specified type for sending user terminal.
So, SDN controllers release certification to the switch, when switch receives the specified type for carrying out user terminal
Message when, no longer to SDN controllers send.
The embodiment of the present invention also provides a kind of Web authentication method, including:
The message that switch receive user terminal sends;
When message of the message for receiving for specified type, to the software defined network SDN controllers of own home
Transmission is packaged with the message of reception and reports message, and the specified type is identical with the type of web authentication request message;
The downward message for being packaged with web authentication response message that the SDN controllers send is received, the web authentication rings
Authentication result is carried in answering message, the authentication result is the SDN controllers when the message is web authentication request message
It is authenticated what is obtained based on the authentication information carried in the web authentication request message;
The web authentication response message encapsulated in the downward message is returned to into the user terminal.
In method provided in an embodiment of the present invention, switch receives the web authentication that is packaged with of SDN controllers transmission and responds
The downward message of message, carries authentication result, and the authentication result is that the SDN controllers ought in the web authentication response message
Message is authenticated what is obtained based on the authentication information carried in the web authentication request message when being web authentication request message.Should
The web authentication of user terminal is asked to be to be authenticated processing by SDN controllers in method, therefore switch no longer needs to hold
The row authentication processing operation related to web authentication, the requirement to switch are reduced, and when needing to improve web authentication mechanism,
Corresponding functional promotion need to be carried out to SDN controllers only, without carrying out functional promotion respectively to multiple switch again,
And then improve the efficiency being improved to web authentication mechanism.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, also include:
Receive the first configuration file that the SDN controllers of own home send;
When message of the message for receiving for specified type, to the software defined network SDN controllers of own home
Transmission is packaged with the message of reception and reports message, specifically includes:
Determine that whether the message for receiving is the message of specified type according to first configuration file, and work as the report
Text for the specified type message when, send to the SDN controllers and be packaged with the message of reception and report message.
So, switch is configured to all of the port on the switch according to the first configuration file for receiving, i.e.,
Complete the process that the first step starts certification.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, also include:
Receive the second configuration file that the SDN controllers of own home send;
According to second configuration file, when the message for receiving not is the message of the specified type, institute is abandoned
State message.
So, switch is configured to all of the port on the switch according to the second configuration file for receiving, i.e.,
Complete the process that second step starts certification.
Further, also include:The SDN controllers are received when passing through to the user end certification, transmission is taken
3rd configuration file of the end message with the user terminal;
The service message from the user terminal is processed according to the 3rd configuration file.
The web authentication request of the user terminal by certification, switch according to the 3rd configuration file for receiving, to corresponding
Port configured, it is allowed to the service message that the user terminal to specifying source IP address and source MAC sends is processed,
Function of surfing the Net is opened in the port.
Further, also include:Receive the offline messages of Web that the user terminal sends;
The message for being packaged with the offline messages of the Web is sent to the SDN controllers;
Receive the 4th configuration file of the end message of the carrying user terminal that the SDN controllers send;
Stop being processed for the service message from the user terminal according to the 4th configuration file.
So, after the switch receives the 4th configuration file, corresponding port is matched somebody with somebody according to the 4th configuration file
Put, stop being processed for the service message for specifying the user terminal of source IP address and source MAC to send, i.e., in the port
Stop function of surfing the Net.
Further, also include:Receive the cancellation web authentication instruction message that the SDN controllers send;
According to the report for indicating that message cancels to the SDN controllers specified type for sending user terminal
Text.
So, SDN controllers release certification to the switch, when switch receives the specified type for carrying out user terminal
Message when, no longer to SDN controllers send.
The embodiment of the present invention also provides a kind of web authentication device, is applied to software defined network SDN servers, including:
Receiving unit, what the switch for being received from barrel linchpin sent report message, described to report message to be the friendship
The message of the specified type to carrying out user terminal of changing planes be packaged after message, the specified type and web authentication are asked
The type of message is identical;
Authentication ' unit, for the web authentication request message being packaged with message from the user terminal described ought be reported
When, it is authenticated based on the authentication information carried in the web authentication request message for reporting and encapsulating in message, is obtained
Authentication result;
Encapsulation unit, for being packaged the web authentication response message for carrying the authentication result, obtains down transmitting messages
Text;
Transmitting element, for sending the downward message to the switch, for being issued described by the switch
The web authentication response message encapsulated in message returns to the user terminal.
In web authentication device provided in an embodiment of the present invention, SDN controllers ought be received to be packaged with and carry out user terminal
When reporting message of web authentication request message, the certification carried during the web authentication request message encapsulated in message is reported based on this
Information is authenticated, and obtains authentication result, the web authentication of user terminal asked to be carried out by SDN controllers in the method
Authentication processing, thus the authentication processing operation that switch no longer needs execution related to web authentication, the requirement drop to switch
It is low, and when needing to improve web authentication mechanism, corresponding functional promotion need to be carried out to SDN controllers only, without
Functional promotion is carried out respectively to multiple switch again, and then improves the efficiency being improved to web authentication mechanism.
Further, the switch that SDN controllers are received from barrel linchpin send report message before, it is described to send single
Unit, be additionally operable to itself administration for carry out web authentication switch send the first configuration file, for by switch according to
First configuration file carrys out the message of the specified type of user terminal to the SDN controller reports.
So so that switch after the first configuration file is received, according to first configuration file on the switch
All of the port configured, that is, complete the first step start certification process.
Further, the switch that SDN controllers are received from barrel linchpin send report message before, it is described to send single
Unit, be additionally operable to itself administration for carry out web authentication switch send the second configuration file, for by switch according to
Second configuration file abandons the message of the non-designated type for carrying out user terminal.
So so that switch after the second configuration file is received, according to second configuration file on the switch
All of the port configured, that is, complete second step start certification process.
Further, when the SDN controllers pass through to the user end certification, the transmitting element is additionally operable to
The 3rd configuration file of the end message for carrying the user terminal is sent to the switch, for indicating the exchange eedle
Service message from the user terminal is processed.
The web authentication request of the user terminal by certification, switch according to the 3rd configuration file for receiving, to corresponding
Port configured, it is allowed to the service message that the user terminal to specifying source IP address and source MAC sends is processed,
Function of surfing the Net is opened in the port.
Further, the receiving unit, is additionally operable to receive that the switch sends is packaged with from user's end
The message of the offline messages of Web at end;
The transmitting element, be additionally operable to the end message to the switch transmission carrying user terminal the 4th are matched somebody with somebody
File is put, for indicating that the switch stops being processed for the service message from the user terminal.
So, after the switch receives the 4th configuration file, corresponding port is matched somebody with somebody according to the 4th configuration file
Put, stop being processed for the service message for specifying the user terminal of source IP address and source MAC to send, i.e., in the port
Stop function of surfing the Net.
Further, the transmitting element, is additionally operable to the switch send and cancels web authentication instruction message, be used for
Indicate that the switch cancels to the SDN controllers message of the specified type for sending user terminal.
So, SDN controllers release certification to the switch, when switch receives the specified type for carrying out user terminal
Message when, no longer to SDN controllers send.
The embodiment of the present invention also provides a kind of web authentication device, is applied to the switch of SDN controllers administration, including:
First receiving unit, for the message that receive user terminal sends;
Transmitting element, for when the message of reception is the message of specified type, to the software definition of own home
The transmission of network SDN controllers is packaged with the message that reports of the message of reception, the specified type and web authentication request message
Type it is identical;
Second receiving unit, transmits messages for receiving being packaged with web authentication response message for SDN controllers transmission
Text, carries authentication result in the web authentication response message, the authentication result is the SDN controllers when the message is
It is authenticated what is obtained based on the authentication information carried in the web authentication request message during web authentication request message;
Returning unit, for the web authentication response message encapsulated in the downward message is returned to the user
Terminal.
In device provided in an embodiment of the present invention, switch receives the web authentication that is packaged with of SDN controllers transmission and responds
The downward message of message, carries authentication result, and the authentication result is that the SDN controllers ought in the web authentication response message
Message is authenticated what is obtained based on the authentication information carried in the web authentication request message when being web authentication request message.Should
The web authentication of user terminal is asked to be to be authenticated processing by SDN controllers in method, therefore switch no longer needs to hold
The row authentication processing operation related to web authentication, the requirement to switch are reduced, and when needing to improve web authentication mechanism,
Corresponding functional promotion need to be carried out to SDN controllers only, without carrying out functional promotion respectively to multiple switch again,
And then improve the efficiency being improved to web authentication mechanism.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, second receiving unit is additionally operable to receive the first configuration file that the SDN controllers of own home send;
The transmitting element, specifically for determining whether the message for receiving is specified according to first configuration file
The message of type, and when the message that the message is the specified type, send to the SDN controllers and be packaged with reception
The message reports message.
So, switch is configured to all of the port on the switch according to the first configuration file for receiving, i.e.,
Complete the process that the first step starts certification.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, second receiving unit is additionally operable to receive the second configuration file that the SDN controllers of own home send;Described first
Receiving unit, specifically for according to second configuration file, when the message for receiving message not for the specified type
When, abandon the message.
So, switch is configured to all of the port on the switch according to the second configuration file for receiving, i.e.,
Complete the process that second step starts certification.
Further, second receiving unit, is additionally operable to receive the SDN controllers when to the user end certification
By when, the 3rd configuration file of the end message of the carrying user terminal of transmission;
First receiving unit, specifically for according to the 3rd configuration file to the business from the user terminal
Message is processed.
The web authentication request of the user terminal by certification, switch according to the 3rd configuration file for receiving, to corresponding
Port configured, it is allowed to the service message that the user terminal to specifying source IP address and source MAC sends is processed,
Function of surfing the Net is opened in the port.
Further, first receiving unit, is additionally operable to receive the offline messages of Web that the user terminal sends;
The transmitting element, is additionally operable to the SDN controllers send the message for being packaged with the offline messages of the Web;
Second receiving unit, is additionally operable to receive the terminal of the carrying user terminal that the SDN controllers send
4th configuration file of information;
First receiving unit, specifically for being stopped for from the user terminal according to the 4th configuration file
Service message processed.
So, after the switch receives the 4th configuration file, corresponding port is matched somebody with somebody according to the 4th configuration file
Put, stop being processed for the service message for specifying the user terminal of source IP address and source MAC to send, i.e., in the port
Stop function of surfing the Net.
Further, second receiving unit, the cancellation web authentication for being additionally operable to receive the SDN controllers transmission refer to
Show message;
The transmitting element, sends from user specifically for being cancelled to the SDN controllers according to the instruction message
The message of the specified type of terminal.
So, SDN controllers release certification to the switch, when switch receives the specified type for carrying out user terminal
Message when, no longer to SDN controllers send.
The embodiment of the present invention also provides a kind of web authentication system, including:Software control network SDN controllers and the SDN
The switch of controller itself administration, wherein:
The SDN controllers, what the switch for being received from barrel linchpin sent report message;Message is reported when described
Be packaged with from the web authentication request message of the user terminal when, based on the web authentication for reporting and encapsulating in message
The authentication information carried in request message is authenticated, and obtains authentication result;And the Web to carrying the authentication result recognizes
Card response message is packaged, and obtains downward message;And the downward message is sent to the switch;
The switch, for the message that receive user terminal sends;When the message for receiving is the report of specified type
Wen Shi, the message that is packaged with reception is sent to the SDN controllers of own home report message, the specified type with
The type of web authentication request message is identical;And being packaged with web authentication response message of receiving that the SDN controllers send
Transmit messages text;And the web authentication response message encapsulated in the downward message is returned to into the user terminal.
In system provided in an embodiment of the present invention, SDN controllers ought be received and be packaged with the web authentication for carrying out user terminal
When reporting message of request message, the authentication information carried during the web authentication request message encapsulated in message is reported based on this are entered
Row certification, and authentication result is obtained, the web authentication of user terminal asked to be authenticated by SDN controllers in the method
Reason, thus the authentication processing operation that switch no longer needs execution related to web authentication, the requirement reduction to switch, and
And when needing to improve web authentication mechanism, corresponding functional promotion need to be carried out to SDN controllers only, without right again
Multiple switch carries out functional promotion respectively, and then improves the efficiency being improved to web authentication mechanism.
Further, the SDN controllers, are additionally operable to the switch send and cancel web authentication instruction message;
The switch, is additionally operable to receive the cancellation web authentication instruction message that the SDN controllers send, and according to institute
State the message for indicating that message cancels to the SDN controllers specified type for sending user terminal.
So, SDN controllers release certification to the switch, when switch receives the specified type for carrying out user terminal
Message when, no longer to SDN controllers send.
Other features and advantage will be illustrated in the following description, also, partly be become from description
Obtain it is clear that or being understood by implementing the application.The purpose of the application and other advantages can be by the explanations write
In book, claims and accompanying drawing, specifically noted structure is realizing and obtain.
Description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and constitutes a part for description, with present invention enforcement
Example is used for together explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is one of flow chart of Web authentication method provided in an embodiment of the present invention;
Fig. 2 is the two of the flow chart of Web authentication method provided in an embodiment of the present invention;
Fig. 3 is the Web authentication method flow chart that the embodiment of the present invention 1 is provided;
Web authentication canceling method flow chart when Fig. 4 is the user offline of the offer of the embodiment of the present invention 1;
Fig. 5 is one of structural representation of web authentication device that the embodiment of the present invention 2 is provided;
Fig. 6 is the two of the structural representation of the web authentication device that the embodiment of the present invention 3 is provided;
Fig. 7 is the structural representation of the web authentication system that the embodiment of the present invention 4 is provided.
Specific embodiment
Requirement to switch during web authentication is reduced in order to be given, and improves what web authentication mechanism was improved
The implementation of efficiency, embodiments provides a kind of Web authentication method, apparatus and system, attached below in conjunction with description
Figure is illustrated to the preferred embodiments of the present invention, it will be appreciated that preferred embodiment described herein is merely to illustrate reconciliation
The present invention is released, is not intended to limit the present invention.And in the case where not conflicting, in the embodiment and embodiment in the application
Feature can be mutually combined.
The embodiment of the present invention provides a kind of Web authentication method, is applied to software defined network(SDN, Software
Defined Network)Controller, as shown in figure 1, including:
Step 101, SDN controllers be received from barrel linchpin switch send report message, this report message be the friendship
The message of the specified type to carrying out user terminal of changing planes be packaged after message, the specified type and web authentication request report
The type of text is identical.
Step 102, when this reports and is packaged with message from the web authentication request message of the user terminal, based on this
The authentication information carried in the web authentication request message encapsulated in reporting message is authenticated, and obtains authentication result.
Step 103, the web authentication response message to carrying the authentication result are packaged, and obtain downward message.
Step 104, the downward message is sent to the switch, for should by what is encapsulated in the downward message by the switch
Web authentication response message returns to the user terminal.
Accordingly, the embodiment of the present invention also provides a kind of Web authentication method, is applied to the switch of SDN controllers administration,
As shown in Fig. 2 including:
The message that step 201, switch receive user terminal send.
Step 202, when receive the message for specified type message when, to the software defined network SDN of own home
Controller sends and is packaged with the message of reception and reports message, and the specified type is identical with the type of web authentication request message.
Step 203, the downward message for being packaged with web authentication response message for receiving SDN controllers transmission, the Web are recognized
Authentication result is carried in card response message, the authentication result is SDN controllers base when the message is web authentication request message
The authentication information carried in the web authentication request message is authenticated what is obtained.
Step 204, the web authentication response message encapsulated in the downward message is returned to into the user terminal.
SDN is open network foundation(ONF, Open Networking Foundation)A kind of separate network formulated
Framework, realizes the separation of the chain of command and forwarding surface of legacy network devices in the network architecture, chain of command is focused on SDN controls
On device processed, SDN controllers are referred to as Controller, and SDN controllers are by issuing configuration file to the network equipment(For example
Switch, router)It is controlled, the network equipment completes the forwarding of data according to the configuration file for receiving, and SDN controllers can
To manage the multiple stage network equipment of different vendor, the centralized management to whole network is realized.
In above-mentioned steps 104, SDN controllers send the downward message for being packaged with web authentication response message to switch, should
Web authentication response message is the response for carrying the final authentication result obtained by authentication information of the SDN controllers based on user terminal
Message, as, in web authentication interaction, SDN controllers are also based on the authentication information of user terminal and obtain in some
Between in result, therefore the downward message in addition to comprising the web authentication response message, can also be comprising carrying knot in the middle of these
The response message of fruit.Accordingly, in above-mentioned steps 203 downward message received by switch is consistent with the downward message, here
Repeat no more.
In said method provided in an embodiment of the present invention, SDN controllers ought be received and be packaged with the Web for carrying out user terminal
When reporting message of authentication request packet, the certification carried during the web authentication request message encapsulated in message is reported based on this
Information is authenticated, and obtains authentication result, the web authentication of user terminal asked to be carried out by SDN controllers in the method
Authentication processing, thus the authentication processing operation that switch no longer needs execution related to web authentication, the requirement drop to switch
It is low, and when needing to improve web authentication mechanism, corresponding functional promotion need to be carried out to SDN controllers only, without
Functional promotion is carried out respectively to multiple switch again, and then improves the efficiency being improved to web authentication mechanism.
Below in conjunction with the accompanying drawings, the method and device and corresponding system for being provided to the present invention with specific embodiment is retouched in detail
State.
Embodiment 1:
Under SDN original state, SDN controllers can pass through specific protocol specification(That is OpenFlow agreements)With
Switch sets up connection, after setting up connection, according to which switch that user pre-sets is used to carry out web authentication, SDN controls
Device processed enables web authentication to the unification of these switches, enable web authentication process can by way of issuing configuration file come
Realize.
The first step:SDN controllers send the first configuration file to the switch for web authentication itself administered, and are used for
From switch according to first configuration file to the SDN controller reports come the message of the specified type of user terminal, wherein
Specified type is identical with the type of the web authentication request message that user terminal is sent when web authentication is asked, for example, current
In practical application, the specified type is TCP types.
First configuration file is properly termed as flow table A, including the domain such as Match Field, Action, and particular content is as follows:
The Match Field domains of table 1, flow table A
| Domain | Value | Implication |
| Match Type | 0xFFFF7FFF | All messages must Match IP protocol domain |
| IP Proto Type | TCP | Matching TCP message |
| Other domains of Match Field | Arbitrary value | It is meaningless |
The Action domains of table 2, flow table A
| Domain | Value | Implication |
| Type | 0x0 | Message need to export certain specific port |
| Len | 0x8 | This 8 byte of Action total lengths |
| Value | 0xfffd | Output port is Controller |
Other generic domains of table 3, flow table A
After switch receives flow table A, convection current Table A carries out escape, according to the content in flow table A, the institute to the switch
There is port to be configured, when the message of the TCP types for carrying out user terminal is received, the message of the TCP types is sent to
SDN controllers.
Second step:The second configuration file is sent to the switch for carrying out web authentication of itself administration, for by exchanging
Machine is abandoned come the message of the non-designated type of user terminal according to second configuration file.
Second configuration file is properly termed as flow table B, and particular content is as follows:
The Match Field domains of table 4, flow table B
| Domain | Value | Implication |
| Match Type | 0xFFFFFFFF | All messages are matched entirely |
| Other domains of Match Field | Arbitrary value | It is meaningless |
Other generic domains of table 5, flow table B
Now, flow table B does not have Action fields, represents that all of matching message is all abandoned, and switch receives flow table B
Afterwards, escape is carried out to flow table B, according to the content in flow table B, all of the port of the switch is configured, arrived when receiving
During the message in addition to TCP type messages of user terminal, the message is abandoned.
On to the switch after the completion of all of port configuration, Web between SDN controllers and the switch, is completed
The configuration of authentication function.Next specific web authentication process as shown in figure 3, including:
Step 301, user terminal send message to switch.
After the message that step 302, the switch receive user terminal send, the type of the message is confirmed, if the message
For the message of TCP types, execution step 303, otherwise, execution step 304.
In this step, due to the message that the web authentication request message that user terminal sends is TCP types, so follow-up
The message of the TCP types for carrying out user terminal that web authentication process is received only for switch.
Step 303, the message is packaged, obtains being packaged with message after the encapsulation of the message, message can be with after encapsulation
It is referred to as reporting message.If the message is web authentication request message, this is packaged with the web authentication in reporting message asks
Message.
In this step, specific encapsulation can be as follows according to the encapsulation of OpenFlow forms, specific OpenFlow forms:
Table 6, report message OpenFlow encapsulation format
Message after encapsulation, comprising the exchanger information(The such as Buffer ID of the switch local management), from user
The TCP original messages of terminal and receive switch ports themselves information of the TCP original messages etc..
Step 304, by the packet loss of the non-TCP types.
Step 305, by encapsulation after the message that reports be sent to the SDN controllers of own home.
Step 306, SDN controllers receive this and report message, i.e. Packet_in messages, and the Packet_in messages are unsealed
Dress, extracts exchanger information therein, port information and TCP original messages etc..
Step 307, the web authentication processing module these information for extracting submitted in SDN controllers.
After step 308, the web authentication processing module of SDN controllers receive these information, these information are authenticated,
And web authentication response message is generated based on the authentication result for obtaining.
In this step, the web authentication processing module of SDN controllers is to having in the process details and prior art of these information
Details is consistent to have the web authentication on the switch of web authentication function to process, and here is no longer described in detail.
The web authentication response message, above-mentioned exchanger information, port information are packaged by step 309, SDN controllers,
Packet_out encapsulation is carried out by OpenFlow, the message after encapsulation is referred to as downward message, specific encapsulation format is as follows:
Table 7, downward message OpenFlow encapsulation format
The downward message is sent to switch by step 310, SDN controllers.
After step 311, switch receive the downward message that SDN controllers send, the downward message is decapsulated, and by its
In web authentication response message user terminal is sent to by the port that port information is represented.
In this step, switch sends traditional with web authentication work(in process and the prior art of message to user terminal
The switch of energy is consistent to the process that user terminal sends message, and here is no longer described in detail.
When certification of the SDN controllers to the user terminal passes through, can send to the switch and carry the user terminal
End message the 3rd configuration file, for indicating the switch at the service message of the user terminal
Reason.The end message of the user terminal can be the source IP address and source MAC of the user terminal.
3rd configuration file is properly termed as flow table C, including the domain such as Match Field, Action, and particular content is as follows:
The Match Field domains of table 8, flow table C
The Action domains of table 9, flow table C
Other generic domains of table 10, flow table C
After switch receives flow table C, escape is carried out to flow table C, according to the port information in flow table C, the port is believed
The port that breath is represented is configured, it is allowed to which the service message that the user terminal to specifying source IP address and source MAC sends enters
Row is processed, i.e., open function of surfing the Net in the port.
When user offline, specific handling process as shown in figure 4, including:
Step 401, user terminal send the offline messages of Web to switch.
After the offline message that step 402, switch receive user terminal send, the offline message is packaged, specifically
OpenFlow encapsulation format can be adopted.
Message after encapsulation is sent to SDN controllers by step 403, the switch.
After the encapsulated message that step 404, SDN controllers desampler send, the encapsulated message is unsealed, extracted wherein
Relevant information.
Step 405, the web authentication processing module relevant information for extracting submitted in SDN controllers.
Step 406, the web authentication processing module of SDN controllers are processed to these relevant informations, are completed to specifying use
The offline process at family.
In this step, the web authentication processing module of SDN controllers is to having in the offline process details and prior art of user
There is the offline process details of the web authentication on the switch of web authentication function unanimously, here is no longer described in detail.
Step 407, SDN controllers send the 4th configuration file to switch, and the 4th configuration file is flow table D, wherein
Carry the end message of the user terminal.The end message of the user terminal can be the source IP address of the user terminal and source
MAC Address.
The particular content of flow table D is as follows:
The Match Field domains of table 11, flow table D
Other generic domains of table 12, flow table D
After step 408, switch receive flow table D, escape is carried out to flow table D, it is according to the port information in flow table D, right
The port that the port information is represented is configured, and is deleted and is received what the user terminal for specifying source IP address and source MAC sent
The rule of message, that is, stop being processed for the service message for specifying the user terminal of source IP address and source MAC to send,
Stop function of surfing the Net in the port.
Further, SDN controllers can cancel web authentication instruction message to send to the switch, for indicating this
Switch cancels to the SDN controllers message of the specified type for sending user terminal.Purpose is to be directed to user before
Terminal carries out the process of web authentication generation and reduced, and before mainly recovering, switch is for flow table A, flow table B, flow table C
Corresponding configuration.SDN controllers send the instruction message deleted flow table A, delete flow table B, delete flow table C, the friendship to the switch
Change planes for the instruction message, all of the port on the switch is configured accordingly, i.e., switch all of the port is deleted
TCP message is sent into the rule of SDN controllers, switch all of the port remove ban receives the rule of any message, Yi Jijiao
All of the port of changing planes deletes the rule for receiving that source IP address is the message for specifying IP address.
Further, when switch is offline, i.e., switch disconnects OpenFlow connections, in SDN controllers
OpenFlow modules can receive the instruction message that the switch disconnects OpenFlow, and now SDN controllers are deleted and exchanged with this
Machine carries out all flow tables produced during web authentication interaction.After the switch is disconnected with SDN controllers, the switch institute
There is port to delete the rule that TCP message is sent SDN controllers, switch all of the port remove ban receives the rule of any message
Then, and switch all of the port delete receive source IP address be specify IP address message rule.
Embodiment 2:
Based on same inventive concept, according to the Web authentication method that the above embodiment of the present invention is provided, correspondingly, the present invention
Another embodiment additionally provides a kind of web authentication device, is applied to SDN controllers, and apparatus structure schematic diagram is as shown in figure 5, tool
Body includes:
Receiving unit 501, what the switch for being received from barrel linchpin sent report message, and it is the exchange that this reports message
Machine the message for carrying out the specified type of user terminal is packaged after message, the specified type and web authentication request message
Type it is identical;
Authentication ' unit 502, for reporting the web authentication request message being packaged with message from the user terminal when this
When, the authentication information carried during the web authentication request message encapsulated in message is reported based on this is authenticated, and obtains certification
As a result;
Encapsulation unit 503, for being packaged to the web authentication response message for carrying the authentication result, is issued
Message;
Transmitting element 504, for for sending the downward message to the switch, for will be transmitted messages under this by the switch
The web authentication response message encapsulated in text returns to the user terminal.
Further, SDN controllers be received from barrel linchpin switch send report message before, transmitting element
504, it is additionally operable to send the first configuration file to the switch for carrying out web authentication of itself administration, for by switch root
Carry out the message of the specified type of user terminal according to first configuration file to the SDN controller reports.
Further, SDN controllers be received from barrel linchpin switch send report message before, transmitting element
504, it is additionally operable to send the second configuration file to the switch for carrying out web authentication of itself administration, for by switch root
The message of the non-designated type for carrying out user terminal is abandoned according to second configuration file.
Further, when the SDN controllers pass through to the user end certification, transmitting element 504 is additionally operable to the friendship
Change planes and send the 3rd configuration file of the end message for carrying the user terminal, for indicating the switch for from the user
The service message of terminal is processed.
Further, receiving unit 501, are additionally operable to being packaged with from the user terminal for reception switch transmission
The message of the offline messages of Web;Transmitting element 504, is additionally operable to the switch to send the end message that carries the user terminal
4th configuration file, for indicating that the switch stops being processed for the service message from the user terminal.
Further, transmitting element 504, are additionally operable to the switch send and cancel web authentication instruction message, for indicating
The switch cancels to the SDN controllers message of the specified type for sending user terminal.
The function of above-mentioned each unit may correspond to the respective handling step in flow process shown in Fig. 1 to Fig. 4, and here is no longer gone to live in the household of one's in-laws on getting married
State.
Embodiment 3:
Based on same inventive concept, according to the Web authentication method that the above embodiment of the present invention is provided, correspondingly, the present invention
Embodiment 3 additionally provides a kind of web authentication device, is applied to switch, and apparatus structure schematic diagram is as shown in fig. 6, specifically include:
First receiving unit 601, the message sent for receive user terminal;
Transmitting element 602, for when message of the message for receiving for specified type, the software to own home is fixed
Adopted network SDN controllers are sent the report message, the specified type of the message for being packaged with reception and are reported with web authentication request
The type of text is identical;
Second receiving unit 603, it is packaged with web authentication response message for receive that the SDN controllers send
Transmit messages text, in the web authentication response message, carry authentication result, the authentication result is that the SDN controllers work as the report
Text is authenticated what is obtained based on the authentication information carried in the web authentication request message when being web authentication request message;
Returning unit 604, for the web authentication response message encapsulated in the downward message is returned to the use
Family terminal.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, second receiving unit 603 is additionally operable to receive the first configuration file that the SDN controllers of own home send;The transmission list
Unit 602, specifically for determining that whether the message for receiving is the message of specified type according to first configuration file, and works as
When the message is the message of the specified type, sends to the SDN controllers and be packaged with the message of reception and report
Message.
Further, to own home SDN controllers send be packaged with reception the message report message it
Before, second receiving unit 603 is additionally operable to receive the second configuration file that the SDN controllers of own home send;This first connects
Unit 601 is received, specifically for according to second configuration file, when the message for receiving message not for the specified type
When, abandon the message.
Further, second receiving unit 603, is additionally operable to receive the SDN controllers when recognizing to the user terminal
When card passes through, the 3rd configuration file of the end message of the carrying user terminal of transmission;First receiving unit 601, tool
Body is for processing to the service message from the user terminal according to the 3rd configuration file.
Further, first receiving unit 601, is additionally operable to receive the offline messages of Web that the user terminal sends;Should
Transmitting element 602, is additionally operable to the SDN controllers send the message for being packaged with the offline messages of the Web;Second reception is single
Unit 603, is additionally operable to receive the 4th configuration file of the end message for carrying the user terminal that the SDN controllers send;
First receiving unit 601, specifically for being stopped for the business from the user terminal according to the 4th configuration file
Message is processed.
Further, second receiving unit 603, the cancellation web authentication for being additionally operable to receive the SDN controllers transmission refer to
Show message;The transmitting element 602, sends from user specifically for being cancelled to the SDN controllers according to the instruction message
The message of the specified type of terminal.
The function of above-mentioned each unit may correspond to the respective handling step in flow process shown in Fig. 1 to Fig. 4, and here is no longer gone to live in the household of one's in-laws on getting married
State.
Embodiment 4:
The embodiment of the present invention 4 additionally provides a kind of web authentication system, including:SDN controllers and the controller itself are administered
Switch, system structure diagram is as shown in fig. 7, specifically include:
SDN controllers 701, what the switch for being received from barrel linchpin sent report message;Seal in this reports message
During equipped with web authentication request message from the user terminal, the web authentication request message encapsulated in message is reported based on this
The authentication information of middle carrying is authenticated, and obtains authentication result;And to carrying the web authentication response message of the authentication result
It is packaged, obtains downward message;And the downward message is sent to the switch;
Switch 702, for the message that receive user terminal sends;When the message for receiving is the message of specified type
When, send to the SDN controllers of own home and be packaged with the message of reception and report message, the specified type and web authentication
The type of request message is identical;And receive the downward message for being packaged with web authentication response message that the SDN controllers send;With
And the web authentication response message encapsulated in the downward message is returned to into the user terminal.
Further, SDN controllers 701, are additionally operable to the switch send and cancel web authentication instruction message;Switch
702, it is additionally operable to receive the cancellation web authentication instruction message that the SDN controllers send, and is cancelled to this according to the instruction message
SDN controllers send the message of the specified type of user terminal.
In sum, scheme provided in an embodiment of the present invention, SDN controllers are received from the upper of the switch transmission of barrel linchpin
Report message, it is the message after the switch is packaged to the message for carrying out the specified type of user terminal that this reports message, should
Specified type is identical with the type of web authentication request message;It is packaged with this reports message and recognizes from the Web of the user terminal
During card request message, the authentication information carried during the web authentication request message encapsulated in message is reported based on this is authenticated,
Obtain authentication result;And the web authentication response message to carrying the authentication result is packaged, and obtains downward message;And
The downward message is sent to the switch, for by the switch by the web authentication response message encapsulated in the downward message
Return to the user terminal.The method provided using the present invention, reduces the requirement to switch during web authentication, and
Improve the efficiency being improved to web authentication mechanism.
The web authentication device provided by embodiments herein can be realized by computer program.Those skilled in the art
It should be appreciated that above-mentioned Module Division mode is only the one kind in numerous Module Division modes, if being divided into other moulds
Block or non-division module, as long as web authentication device has above-mentioned functions, all should be within the protection domain of the application.
The application is with reference to method, the equipment according to the embodiment of the present application(System), and computer program flow process
Figure and/or block diagram are describing.It should be understood that can be by computer program instructions flowchart and/or each stream in block diagram
The combination of journey and/or square frame and flow chart and/or flow process and/or square frame in block diagram.These computer programs can be provided
The processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of specifying in present one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory is produced to be included referring to
Make the manufacture of device, the command device realize in one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or
The function of specifying in multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented process, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow process of flow chart or multiple flow processs and/or block diagram one
The step of function of specifying in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention
God and scope.So, if these modifications of the present invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (19)
1. a kind of Web authentication method, it is characterised in that include:
Software defined network SDN controllers are received from the message that reports of the switch transmission of barrel linchpin, described to report message for institute
State the message after switch is packaged to the message for carrying out the specified type of user terminal, the specified type and web authentication
The type of request message is identical, be specially TCP types;
When it is described report message in be packaged with from the web authentication request message of the user terminal when, report report based on described
The authentication information carried in the web authentication request message encapsulated in text is authenticated, and obtains authentication result;
Web authentication response message to carrying the authentication result is packaged, and obtains downward message;
The downward message is sent to the switch, for it will be encapsulated in the downward message by the switch described in
Web authentication response message returns to the user terminal.
2. the method for claim 1, it is characterised in that what the switch for being received from barrel linchpin in SDN controllers sent
Before reporting message, also include:
To itself administration for carry out web authentication switch send the first configuration file, for by switch according to described
First configuration file carrys out the message of the specified type of user terminal to the SDN controller reports.
3. method as claimed in claim 2, it is characterised in that what the switch for being received from barrel linchpin in SDN controllers sent
Before reporting message, also include:
To itself administration for carry out web authentication switch send the second configuration file, for by switch according to described
Second configuration file abandons the message of the non-designated type for carrying out user terminal.
4. the method as described in claim 1-3 is arbitrary, it is characterised in that also include:
When the SDN controllers pass through to the user end certification, send to the switch and carry the user terminal
End message the 3rd configuration file, for indicating that the switch is carried out for the service message from the user terminal
Process.
5. the method as described in claim 1-3 is arbitrary, it is characterised in that also include:
Receive the message for being packaged with the offline messages of Web from the user terminal that the switch sends;
The 4th configuration file of the end message for carrying the user terminal is sent to the switch, for indicating the exchange
Machine stops being processed for the service message from the user terminal.
6. the method for claim 1, it is characterised in that also include:
Send to the switch and cancel web authentication instruction message, for indicating that the switch is cancelled to the SDN controllers
Send the message of the specified type of user terminal.
7. a kind of Web authentication method, it is characterised in that include:
The message that switch receive user terminal sends;
When message of the message for receiving for specified type, send to the software defined network SDN controllers of own home
The message for being packaged with reception reports message, and the specified type is identical with the type of web authentication request message, be specially
TCP types;
Receive the downward message for being packaged with web authentication response message that the SDN controllers send, the web authentication response report
Authentication result is carried in text, the authentication result is that the SDN controllers are based on when the message is web authentication request message
The authentication information carried in the web authentication request message is authenticated what is obtained;
The web authentication response message encapsulated in the downward message is returned to into the user terminal.
8. method as claimed in claim 7, it is characterised in that send in the SDN controllers to own home and be packaged with reception
The message report message before, also include:
Receive the first configuration file that the SDN controllers of own home send;
When message of the message for receiving for specified type, send to the software defined network SDN controllers of own home
The message for being packaged with reception reports message, specifically includes:
Determine that whether the message for receiving is the message of specified type according to first configuration file, and when the message is
During the message of the specified type, send to the SDN controllers and be packaged with the message of reception and report message.
9. method as claimed in claim 8, it is characterised in that send in the SDN controllers to own home and be packaged with reception
The message report message before, also include:
Receive the second configuration file that the SDN controllers of own home send;
According to second configuration file, when the message for receiving not is the message of the specified type, the report is abandoned
Text.
10. the method as described in claim 7-9 is arbitrary, it is characterised in that also include:
The SDN controllers are received when passing through to the user end certification, the terminal of the carrying user terminal of transmission
3rd configuration file of information;
The service message from the user terminal is processed according to the 3rd configuration file.
11. methods as described in claim 7-9 is arbitrary, it is characterised in that also include:
Receive the offline messages of Web that the user terminal sends;
The message for being packaged with the offline messages of the Web is sent to the SDN controllers;
Receive the 4th configuration file of the end message of the carrying user terminal that the SDN controllers send;
Stop being processed for the service message from the user terminal according to the 4th configuration file.
12. methods as claimed in claim 7, it is characterised in that also include:
Receive the cancellation web authentication instruction message that the SDN controllers send;
According to the message for indicating that message cancels to the SDN controllers specified type for sending user terminal.
A kind of 13. web authentication devices, are applied to software defined network SDN servers, it is characterised in that include:
Receiving unit, what the switch for being received from barrel linchpin sent report message, described to report message to be the switch
Message to carrying out the specified type of user terminal be packaged after message, the specified type and web authentication request message
Type it is identical, be specially TCP types;
Authentication ' unit, for when it is described report be packaged with message from the web authentication request message of the user terminal when, base
In it is described report message in the authentication information that carries in the web authentication request message that encapsulates be authenticated, obtain certification knot
Really;
Encapsulation unit, for being packaged to the web authentication response message for carrying the authentication result, obtains downward message;
Transmitting element, for sending the downward message to the switch, for by the switch by the downward message
The web authentication response message of middle encapsulation returns to the user terminal.
14. devices as claimed in claim 13, it is characterised in that the switch for being received from barrel linchpin in SDN controllers sends
Report message before, the transmitting element, be additionally operable to itself administration for carry out web authentication switch send first
Configuration file, for from switch according to first configuration file to the SDN controller reports come the institute of user terminal
State the message of specified type.
15. devices as claimed in claim 14, it is characterised in that the switch for being received from barrel linchpin in SDN controllers sends
Report message before, the transmitting element, be additionally operable to itself administration for carry out web authentication switch send second
Configuration file, for being abandoned come the message of the non-designated type of user terminal according to second configuration file by switch.
A kind of 16. web authentication devices, are applied to the switch of SDN controllers administration, it is characterised in that include:
First receiving unit, for the message that receive user terminal sends;
Transmitting element, for when the message of reception is the message of specified type, to the software defined network of own home
SDN controllers send the class for reporting message, the specified type and web authentication request message of the message for being packaged with reception
Type is identical, be specially TCP types;
Second receiving unit, for receiving the downward message for being packaged with web authentication response message that the SDN controllers send,
Authentication result is carried in the web authentication response message, the authentication result is the SDN controllers when the message is Web
It is authenticated what is obtained based on the authentication information carried in the web authentication request message during authentication request packet;
Returning unit, for the web authentication response message encapsulated in the downward message is returned to the user terminal.
17. devices as claimed in claim 16, it is characterised in that be packaged with the SDN controllers transmission to own home and connect
Receive the message report message before, second receiving unit, be additionally operable to receive own home SDN controllers send
The first configuration file;
The transmitting element, specifically for determining whether the message for receiving is to specify class according to first configuration file
The message of type, and when the message that the message is the specified type, the institute for being packaged with reception is sent to the SDN controllers
That states message reports message.
18. devices as claimed in claim 17, it is characterised in that be packaged with the SDN controllers transmission to own home and connect
Receive the message report message before, second receiving unit, be additionally operable to receive own home SDN controllers send
The second configuration file;First receiving unit, specifically for according to second configuration file, when the message for receiving
When not being the message of the specified type, the message is abandoned.
19. a kind of web authentication systems, it is characterised in that include:Software control network SDN controllers and the SDN controllers are certainly
The switch of barrel linchpin, wherein:
The SDN controllers, what the switch for being received from barrel linchpin sent report message;When described reporting in message encapsulates
When having the web authentication request message for carrying out user terminal, based on the web authentication request message for reporting and encapsulating in message
The authentication information of middle carrying is authenticated, and obtains authentication result;And to carrying the web authentication response message of the authentication result
It is packaged, obtains downward message;And the downward message is sent to the switch;
The switch, for the message that receive user terminal sends;When message of the message for receiving for specified type,
Send to the SDN controllers of own home and be packaged with the message of reception and report message, the specified type and web authentication
The type of request message is identical, be specially TCP types;And receive that the SDN controllers send be packaged with web authentication response report
The downward message of text;And the web authentication response message encapsulated in the downward message is returned to into the user terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310546154.6A CN103595712B (en) | 2013-11-06 | 2013-11-06 | A kind of Web authentication method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310546154.6A CN103595712B (en) | 2013-11-06 | 2013-11-06 | A kind of Web authentication method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103595712A CN103595712A (en) | 2014-02-19 |
| CN103595712B true CN103595712B (en) | 2017-04-05 |
Family
ID=50085694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310546154.6A Active CN103595712B (en) | 2013-11-06 | 2013-11-06 | A kind of Web authentication method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103595712B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104702607B (en) * | 2015-03-12 | 2018-10-09 | 新华三技术有限公司 | A kind of access authentication method of software defined network, device and system |
| CN105162608A (en) * | 2015-10-13 | 2015-12-16 | 上海斐讯数据通信技术有限公司 | Physical address bypass authentication method and device based on software-defined network |
| CN105376252B (en) * | 2015-12-02 | 2019-06-14 | 福建星网锐捷网络有限公司 | Distributed architecture data communication equipment and its authentication method, business board |
| CN105978810A (en) * | 2016-06-27 | 2016-09-28 | 上海斐讯数据通信技术有限公司 | User authentication method and system based on SDN (Software Defined Network) |
| CN107294961A (en) * | 2017-06-09 | 2017-10-24 | 华南理工大学 | A kind of user's real information security certification system and method |
| CN109495477A (en) * | 2018-11-19 | 2019-03-19 | 迈普通信技术股份有限公司 | A kind of authentication method, equipment and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102217228B (en) * | 2007-09-26 | 2014-07-16 | Nicira股份有限公司 | Network operating system for managing and securing networks |
| JP5370592B2 (en) * | 2011-04-18 | 2013-12-18 | 日本電気株式会社 | Terminal, control apparatus, communication method, communication system, communication module, program, and information processing apparatus |
| CN103248573A (en) * | 2013-04-08 | 2013-08-14 | 北京天地互连信息技术有限公司 | Centralization management switch for OpenFlow and data processing method of centralization management switch |
-
2013
- 2013-11-06 CN CN201310546154.6A patent/CN103595712B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN103595712A (en) | 2014-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103595712B (en) | A kind of Web authentication method, apparatus and system | |
| CN103401797B (en) | A kind of message processing method and equipment | |
| CN104168164B (en) | The location mode of data acquisition in AFDX network | |
| CN106685826B (en) | Switchboard stacked system, from equipment, exchange chip and processing protocol message method | |
| CN103944828A (en) | Method and equipment for transmitting protocol messages | |
| CN104092684B (en) | A kind of OpenFlow agreements support VPN method and apparatus | |
| CN102724175A (en) | Remote communication security management architecture of ubiquitous green community control network and method for constructing the same | |
| CN104937896A (en) | Method for processing address resolution protocol message, forwarder and controller | |
| CN108390937B (en) | Remote monitoring method, device and storage medium | |
| CN104734953B (en) | The method, apparatus and interchanger of two layers of message isolation are realized based on VLAN | |
| CN109474507A (en) | A kind of message forwarding method and device | |
| CN105119911A (en) | Safety authentication method and system based on SDN flow | |
| CN107888613A (en) | A kind of management system framework based on cloud platform | |
| CN109412877A (en) | A kind of network capabilities open system based on UTN network | |
| CN108965227A (en) | A kind of data processing method and view networking Conference server | |
| CN104160735A (en) | Packet processing method, forwarder, packet processing device and packet processing system | |
| CN109714376A (en) | A kind of sending method of fixed network message, apparatus and system | |
| CN103944886B (en) | A kind of realization method and system of port security | |
| WO2016101600A1 (en) | Line card determination, determination processing method and device, and line card determination system | |
| WO2015154588A1 (en) | Serial port information transmission method, single board device and common single board | |
| CN101621528B (en) | Conversation system based on Ethernet switch cluster management and method for realizing conversation passage | |
| CN103944892B (en) | A kind of dynamic virtual local area network registration method and apparatus | |
| CN107342940A (en) | The generation method and device and message processing method and device of a kind of control information | |
| CN110113305A (en) | A kind of processing method and system regarding networking service | |
| CN110049100A (en) | A kind of processing method and system of business datum |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee after: RUIJIE NETWORKS CO., LTD. Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee before: Fujian Xingwangruijie Network Co., Ltd. |