METHOD, SYSTEM AND SERVER FOR REALIZING SECURE ASSIGNMENT OF DHCP ADDRESS
First Claim
1. A method for realizing a secure assignment of a DHCP address, comprising:
- sending, by a DHCP client, a DHCP Discovery message via an access network;
obtaining, by an access network side, identification information of the DHCP client and performing an authentication to the DHCP client based on the identification information; and
assigning, by a DHCP server, an address to the DHCP client has passed the authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, a system and an authentication server for realizing a secure assignment of a DHCP address are disclosed. The method includes: sending a DHCP Discovery message via an access network; obtaining the identification information of the DHCP client and performing an authenticating to the DHCP client based on the identification information; and only assigning the address to the DHCP client has passed the authentication. Therefore, in the present invention, access authentication may be performed on a subscriber according to location information, and IP address is only assigned to the valid subscriber and terminal. Therefore, the security of the address assignment in DHCP mode may be enhanced greatly. Moreover, in the present invention, addresses may be managed by an AAA server unitedly, or the addresses may be assigned after being authenticated by the AAA server successfully.
125 Citations
15 Claims
-
1. A method for realizing a secure assignment of a DHCP address, comprising:
-
sending, by a DHCP client, a DHCP Discovery message via an access network;
obtaining, by an access network side, identification information of the DHCP client and performing an authentication to the DHCP client based on the identification information; and
assigning, by a DHCP server, an address to the DHCP client has passed the authentication. - View Dependent Claims (2, 3, 4, 5, 9, 10, 11, 12, 13, 14, 15)
-
-
6. A DHCP authentication server for realizing a secure assignment of a DHCP address, comprising a DHCP server module, a protocol converting module and an AAA (Authentication, Authorization and Accounting) client module, wherein:
-
the DHCP server module is adapted to receive a DHCP request message sent by a DHCP client via an access node or an access server and respond to the DHCP client with an address assigned to the DHCP client has passed an authentication, the address is returned by an AAA server and received by an AAA client module;
the protocol converting module is adapted to obtain information needed in AAA authentication in a DHCP Discovery message of a corresponding DHCP client sent from the access node or the access server, generate an MA authentication message, generate a DHCP Offer message according to an authentication response message received by the AAA client module and send the DHCP Offer message; and
the AAA client module is adapted to communicate with the AAA server based on the AAA authentication message generated by the DHCP protocol converting module, obtain an authentication result of the DHCP client, and deliver the authentication result to the protocol converting module and the DHCP server module.
-
-
7. A DHCP authentication server for realizing a secure assignment of a DHCP address, comprising an authentication processing module and a DHCP server, wherein:
-
the authentication processing module is adapted to obtain identification information of a client initiating a DHCP process, perform a validity authentication to the client according to identification information saved for a valid subscriber, and send a DHCP Discovery message of a DHCP client has passed the validity authentication to the DHCP server; and
the DHCP server is adapted to receive the DHCP Discovery message sent by the authentication processing module and send a DHCP Offer message to the DHCP client, and assign an address to a corresponding DHCP client in an address pool of the DHCP server when the DHCP client sends a DHCP request message.
-
-
8. A system for realizing a secure assignment of a DHCP address, comprising a DHCP client, an access network and a DHCP authentication server;
- wherein a DHCP client is adapted to communicate with the DHCP authentication server via an access network to obtain an address;
the DHCP authentication server is adapted to perform a validity authentication to a DHCP Discovery message of the DHCP client obtained by the access network, and assign the address to the DHCP client has passed the validity authentication.
- wherein a DHCP client is adapted to communicate with the DHCP authentication server via an access network to obtain an address;
Specification