Two-way network access authentication method based on digital certificate

Abstract

The invention relates to the technical field of network security and discloses a two-way network access authentication method based on a digital certificate. The two-way network access authentication method comprises the following steps of step 1, dividing a network access authentication system into an access region and a confidence region and accessing a client to be authenticated to a physical port of a confidence client; step 2, actively initializing the network access authentication to the client to be authenticated after receiving access information of the client to be authenticated by an authentication server; and step 3, after submitting equipment authentication information to the authentication server after the client to be authenticated receives the access authentication, starting the authentication after the authentication server receives the authentication information and feeding the authentication result back to the client to be authenticated. The client to be authenticated is physically connected with the confidence client and the authentication server actively initializes the network access authentication to the client to be authenticated after receiving the access information, so that the authentication of network access identities of router equipment, exchange equipment, security safety equipment and the like is realized and the safety and the practicality of the network are improved.

Description

technical field [0001] The invention relates to the technical field of network security, and discloses a two-way network access authentication method based on digital certificates. Background technique [0002] Network access authentication technology plays a vital role in ensuring the security and trustworthiness of network entities and the stability and reliability of network structures. Therefore, at present, the industry has carried out many fruitful researches and practices on network access authentication technology, and proposed many effective network access authentication technical means. However, the existing network access authentication technologies mainly target network access entities as hosts, and the verification process is mainly implemented by using or based on the 802.1x protocol. These technologies are limited to host access, and cannot meet some occasions with high security protection requirements, as well as the network access authentication requirement...

AI Technical Summary

Problems solved by technology

[0007] Aiming at the technical problem that network access authentication cannot realize non-host network access authentication in the prior art, a method capable of realizing network access authentication of network equipment and security protection equipment is disclosed

At the same time, the invention also discloses a method for authenticating the authentication server, which solves the technical problem that the authentication server cannot be authenticated in the prior art

The invention also discloses a method for simultaneously realizing management key negotiation in the process of network access authentication, which solves the management problem in the later stage of network access authentication in the prior art

Images