Authentication system and authentication method for network security access

Abstract

The invention provides a network security access authentication system. The network security access authentication system comprises security access control switches, a Web access authentication server and user terminals. The invention further provides an authentication method of the network security access authentication system. The method includes the steps that (1) new user terminals have access to a network; (2) the Web access authentication server validates redirection information; (3) the Web access authentication server authenticates users; (4) DSCP values corresponding to the users are obtained if the users pass authentication (5) the Web access authentication server transmits authentication passing information and the DSCP values to the security access control switches through a control interface module; (6) the security access control switches execute actions related to authentication passing of the users and enable the DSCP values of IP messages of the users to be set as corresponding values. The network security access authentication system and the authentication method of the network security access authentication system have the advantages of improving the security of network access and providing support for QoS guarantees.

Description

technical field [0001] The invention relates to a network security access technology, in particular to an authentication system and an authentication method for network security access. Background technique [0002] With the rapid increase in the number and types of access network devices, network management and security issues are becoming more and more severe, and network users have different needs for accessing the network, and the traditional secure access system is becoming more and more difficult to adapt to the increase in network scale and user needs. The requirement of diversity makes the disadvantages of traditional network access increasingly prominent. Web authentication is a widely used secure access authentication method at present. It relies on a Web browser to perform interactive authentication with a Web authentication server through the HTTP protocol. The current IP Quality of Service (QoS) technology mainly adopts the differential service model: when the ...

AI Technical Summary

Problems solved by technology

[0003] 1. Since there is no legality check on the source MAC address and source IP address of the user IP message that has passed web authentication, false address spoofing and related network attacks may occur, and such network spoofing and attack behaviors are difficult to track, making It is becoming more and more difficult for network administrators to effectively manage the network

[0004] 2. Since the DSCP value of the IP packet is mainly set by the user terminal when sending the packet, the network access system does not check the legality of the DSCP value of the IP packet, resulting in some DSCP values ​​of the IP packet appearing in the network Irregularities or DSCP value spoofing, etc., it is difficult for network service providers to provide differentiated services for various services based on the DSCP value of IP packets

Images