Implementing authentication method and system

Abstract

The utility model discloses an authentication method and a authentication system. The core thereof is that when the DHCP network equipment receives the DHCP message sent by the user, the authentication information for the user can be obtained through the interaction with the authentication server. Based on the information needed by the authentication client, the DHCP network equipment can conduct the DHCP authentication for the user. Also, the utility model provides another authentication method as well as a certified server, a DHCP network device and a user device. The utility model guarantees not only the user's safety, but also the network equipment's reliability. Meanwhile, based on the DHCP authentication mechanism, the user can conduct the network authentication. As the relay certified server is added, the user can be effectively certified. The authentication server can launch the re-authentication process, so that the network is supported to conduct the re-authentication for the user.

Description

technical field [0001] The invention relates to the communication field, in particular to authentication technology. Background technique [0002] In order to ensure the access control of legal users, the network side needs to perform access authentication on users, and at the same time, it needs to assign corresponding IP addresses and related parameters to user equipment, so as to enable communication of user equipment. [0003] Before the authentication process, a key is shared between the user and the server. The process of authenticating the user terminal based on the RADIUS (RFC2865Remote Authentication Dial In User Service) protocol is shown in Figure 1. The main idea is : The user initiates authentication, the server sends a challenge word to the user, the user calculates the challenge word based on the shared key, and returns the obtained authentication return value; the server calculates the challenge word based on the shared key, and then compares the calculation ...

AI Technical Summary

Problems solved by technology

[0009] 1. Insufficient security: The identification of users in the existing technology relies on the binding relationship between the user and the access location. When the binding relationship is unreliable, the network cannot verify the legitimacy of the user, and the network is also vulnerable to attacks. Sex is not enough

[0010] 2. The two-way authentication between the network and the user cannot be realized: the existing technology can only realize the authentication of the network to the user, but does not have the ability of the user to authenticate the network

[0011] 3. The existing technology cannot support roaming: the existing technology binds the user to the access location port. When the user roams, the user cannot be effectively identified

Even if the DHCP authentication mechanism is added, when the user needs the local DHCP server to provide services in the roaming area, the network in the roaming area lacks the key shared with the user, and the network in the roaming area cannot effectively authenticate the user and assign addresses.

[0012] 4. It is difficult for the existing technology to support the re-authentication of users by the network: the RADIUS protocol does not support re-authentication. Even if the protocol that supports re-authentication is replaced, such as the DIAMETER protocol, the user cannot re-enter the process shown in Figure 4. This is because DHCP RELAY has no mechanism to trigger re-allocation of addresses

Images