Access control system and method between domains based on domain name

Abstract

The invention discloses a cross-domain access control system based on a domain name and a method. The method comprises the step as follows: in step one, a network access control server extracts user domain information in a certification request sent by a user client; in step two, corresponding relation information between a domain and an identity authentication server is stored in the network access control server; the network access control server searches the corresponding identity authentication server according to the user domain information, and transmits the certification request to the searched identity authentication server; and in step three, the identity authentication server performs the user identity authentication according to the received certification request. The network access control server can be directly communicated with a native-place identity authentication server, and a data packet need not to be transmitted through accessing a domain identity authentication server, so that the authentication delay is reduced, and the extensibility is strong.

Description

technical field [0001] The invention belongs to the technical field of access control in network security technology, and in particular relates to a network access control system and method across management domains. Background technique [0002] At present, various network service providers generally implement different degrees of access control on network users. Access control refers to the process of identifying the user's identity through the user identity authentication system, determining whether the user can access the network and setting access rights before the user accesses network resources. [0003] At the same time, sites and resources on the network may belong to different management domains, provided and managed by different organizations, so that the entire network is divided into multiple different management domains. With the increasing abundance of resources on the Internet and the enhancement of user roaming and mobility, more and more users use the netw...

AI Technical Summary

Problems solved by technology

[0020] (1) When accessing across domains, that is, when the user is not a user in the current domain, the identity authentication data packet to the identity authentication server in the home domain must be forwarded by the access domain server, which increases the access control delay and improves the service experience for the user. Relatively poor, affecting the service quality of network service providers

[0021] (2) On the identity authentication server, the identity authentication server information corresponding to the domain to which the user belongs is statically configured, so that only users in a limited number of pre-configured domains can be identified, and users in other domains cannot access the current network, so that the system not scalable

In addition, when the identity authentication server of a certain domain changes, such as changing the IP address, it is necessary to modify the configuration on each identity authentication server one by one, which increases the workload of management personnel and causes service interruption

Images