Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method for user access authentication

An access authentication and user technology, applied in user identity/authority verification, electrical components, transmission systems, etc., can solve problems such as poor user connectivity, different client programs, single-point bottlenecks and failures, and avoid waste, passwords, etc. The effect of delivering security and preventing attacks

Inactive Publication Date: 2008-02-20
HUAWEI TECH CO LTD
View PDF0 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] (1) In PPPoE authentication, the authentication system must disassemble each packet to judge and identify whether the user is legal. Once the number of users or data packets increases, the encapsulation speed will inevitably fail to keep up and become a network bottleneck;
[0018] (2) After the PPPoE authentication is completed, the business data flow must also pass through the Broadband Access Server (BAS) device, which is likely to cause single-point bottlenecks and failures, and the device is usually very expensive;
[0019] (3) It is difficult to develop multicast services, and most video services are based on multicast;
[0020] (4) Operators are required to provide client terminal software, and the maintenance workload is too large
[0024] (1) Web is hosted on the application layer, which requires high equipment and high network construction costs;
[0025] (2) The user connectivity is poor, it is not easy to detect that the user is offline, and it is difficult to implement time-based billing;
[0026] (3) The ease of use is not good enough. Before accessing the network, whether it is Telnet, Ftp or other services, the user must use a browser for Web authentication;
[0027] (4) IP address distribution is before user authentication, if the user is not an Internet user, it will cause waste of addresses, and it is not convenient for the support of multiple ISPs (Internet Service Providers);
[0028] (5)DHCP+Web currently has no uniform standard
The disadvantages of this authentication method are:
[0031] (1) Specific client software is required: since there is no standard client for 802.1X at present, the client programs of different manufacturers are different, and the maintenance workload is relatively large;
[0032] (2) IP address allocation and network security issues: 802.1X protocol is a layer 2 protocol, which is only responsible for completing the authentication control of user ports. After completing port authentication, users need to continue to resolve user IP addresses after entering the layer 3 IP network. Therefore, relying solely on Ethernet switches + 802.1X cannot fully solve the problems of operability, manageability, and access security of Ethernet access in the metropolitan area network;
[0033] (3) 802.1X is weak in user control ability, and can only control port / bandwidth;
[0039] This technology is used by the client to select the session parameters used to generate the certificate (credential). This method cannot effectively prevent retransmission attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for user access authentication
  • A method for user access authentication
  • A method for user access authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0117]In order to solve the security problem when transmitting user password (password), specific embodiment 1 of the present invention obtains random number (as challenge word: Challenge ID) from network side when user requests address, and user utilizes random number (Challenge ID) and The user password is encrypted, and the encrypted result is sent to the authentication server on the network side. The authentication server on the network side also uses the above random number and the stored user password to perform the same encryption operation, and compares the user password with the network side. The encrypted result is used to authenticate the user.

[0118] The user password is encrypted by using the random number provided by the network side to the user, and the same random number is also used to encrypt the user password on the network side (such as the authentication server side), and the user can use the network side only after the authentication is successful. The ...

Embodiment 2

[0147] As shown in Figure 4, the process for a user to perform Layer 3 authentication through DHCP includes:

[0148]1) The user equipment (that is, the DHCP client) obtains the user name and password of the user through user input. For example, a pop-up window can be displayed on the user equipment to prompt the user to input the user name and password. Of course, other alternative methods can also be used.

[0149] 2) The user equipment broadcasts and sends a DHCP Discover message, which carries the user ID and the password encrypted by the key (or certificate).

[0150] The key (or certificate) can be obtained through the network (Web, Ftp, etc.) after the user successfully accesses the network, or can be directly configured (or other out-of-band methods) or the Extensible Authentication Protocol (EAP) before the first startup. Obtained from the network side, the network side establishes the binding relationship between the key (or certificate) and the user while distributi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The utility model relates to a method for user access verifying, which comprises: during the access verifying process, the user sends a request to the network, which sends a random number back to the user; the user adopts the random number and the user password to perform the encryption calculating and transmits the encryption result to the network; the network adopts the random number and the stored user password to perform the same encryption calculating to verify the user; if the verification is passed, the user is accessed into the network through the IP address distributed by the DHCP server. The utility model has the advantages that the password transmission is safer, the waste of the IP address is avoided and the attack from the illegal user is also effectively avoided.

Description

technical field [0001] The invention relates to network security authentication technology, in particular to a user access authentication method. Background technique [0002] Dynamic Host Configuration Protocol (DHCP: Dynamic Host Configuration Protocol) is based on the client-server model, which can dynamically assign IP addresses and other configuration information to hosts on the network. Figure 1 details the process of the DHCP server dynamically assigning IP addresses to DHCP clients: [0003] (1) Discovery stage: the stage where the DHCP client (Client) searches for the DHCP server (Server). [0004] When the DHCP client logs into the network for the first time, it will broadcast a DHCP discovery (Discover) message to the network. [0005] (2) Provisioning stage: the stage in which the DHCP server provides an IP address. [0006] Each DHCP server with a free address sends a DHCP Offer (Offer) message in response to the DHCP Discover message. [0007] (3) Selection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32
CPCH04L61/2015H04L29/12226H04L63/083H04L63/0428H04L61/5014
Inventor 管红光
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com