A two-way network access authentication method based on digital certificate

Abstract

The invention relates to the technical field of network security. The invention discloses a two-way network access authentication method based on a digital certificate, which specifically includes the following steps: Step 1: Divide the network access authentication system into an access area and a trusted area, and classify the client to be authenticated. The terminal accesses the physical port of the trusted client; Step 2. After receiving the access information of the client to be authenticated, the authentication server actively initiates network access authentication to the client to be authenticated; Step 3. After the client to be authenticated receives the network access authentication, Submit the device authentication information to the authentication server, the authentication server starts authentication after receiving the authentication information, and feeds back the authentication result to the client to be authenticated. By physically connecting the client to be authenticated and the trusted client, the authentication server actively initiates network access authentication to the client to be authenticated after receiving the access information, so as to realize network access identity authentication of routing devices, switching devices, security protection devices, etc. , which improves the security and practicability of the network.

Description

technical field [0001] The invention relates to the technical field of network security, and discloses a two-way network access authentication method based on digital certificates. Background technique [0002] Network access authentication technology plays a vital role in ensuring the security and trustworthiness of network entities and the stability and reliability of network structures. Therefore, at present, the industry has carried out many fruitful researches and practices on network access authentication technology, and proposed many effective network access authentication technical means. However, the existing network access authentication technologies mainly target network access entities as hosts, and the verification process is mainly implemented by using or based on the 802.1x protocol. These technologies are limited to host access, and cannot meet some occasions with high security protection requirements, as well as the network access authentication requirement...

AI Technical Summary

Problems solved by technology

[0007] Aiming at the technical problem that network access authentication cannot realize non-host network access authentication in the prior art, a method capable of realizing network access authentication of network equipment and security protection equipment is disclosed

At the same time, the invention also discloses a method for authenticating the authentication server, which solves the technical problem that the authentication server cannot be authenticated in the prior art

The invention also discloses a method for simultaneously realizing management key negotiation in the process of network access authentication, which solves the management problem in the later stage of network access authentication in the prior art

Images