METHOD, SYSTEM AND SERVER FOR REALIZING SECURE ASSIGNMENT OF DHCP ADDRESS

US 20080092213A1
Filed: 10/29/2007
Published: 04/17/2008
Est. Priority Date: 04/29/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for realizing a secure assignment of a DHCP address, comprising:

sending, by a DHCP client, a DHCP Discovery message via an access network;

obtaining, by an access network side, identification information of the DHCP client and performing an authentication to the DHCP client based on the identification information; and

assigning, by a DHCP server, an address to the DHCP client has passed the authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system and an authentication server for realizing a secure assignment of a DHCP address are disclosed. The method includes: sending a DHCP Discovery message via an access network; obtaining the identification information of the DHCP client and performing an authenticating to the DHCP client based on the identification information; and only assigning the address to the DHCP client has passed the authentication. Therefore, in the present invention, access authentication may be performed on a subscriber according to location information, and IP address is only assigned to the valid subscriber and terminal. Therefore, the security of the address assignment in DHCP mode may be enhanced greatly. Moreover, in the present invention, addresses may be managed by an AAA server unitedly, or the addresses may be assigned after being authenticated by the AAA server successfully.

125 Citations

15 Claims

1. A method for realizing a secure assignment of a DHCP address, comprising:
- sending, by a DHCP client, a DHCP Discovery message via an access network;
  
  obtaining, by an access network side, identification information of the DHCP client and performing an authentication to the DHCP client based on the identification information; and
  
  assigning, by a DHCP server, an address to the DHCP client has passed the authentication.
- View Dependent Claims (2, 3, 4, 5, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method for realizing the secure assignment of the DHCP address according to claim 1, wherein, the identification information comprises:
    - a port number, a circuit number and a connection number of the DHCP client.
  - 3. The method for realizing the secure assignment of the DHCP address according to claim 1, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - determining, by an access node or an access server in the access network, the identification information of the DHCP client according to at least one of an ingress port, a circuit information and connection information of the DHCP Discovery message.
  - 4. The method for realizing the secure assignment of the DHCP address according to claim 1, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - performing, by the access node or the access server in the access network, a validity authentication to the DHCP client according to the identification information of the DHCP client and preconfigured identification information for a valid subscriber.
  - 5. The method for realizing the secure assignment of the DHCP address according to claim 1, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - initiating, by the access node or the access server in the access network, an authentication request to an authentication server using the identification information of the client; and
      
      performing, by the authentication server, the validity authentication to the client according to the identification information saved for a valid subscriber.
  - 9. The method for realizing the secure assignment of the DHCP address according to claim 1, further comprises:
    - receiving, by an access node or an access server, the DHCP Discovery message sent from the DHCP client, and inserting identification information of the DHCP client into the DHCP Discovery message and sending the DHCP Discovery message to a DHCP authentication server;
      
      obtaining, by the DHCP authentication server, the identification information of the client from the DHCP Discovery message; and
      
      performing, by the DHCP authentication server, a validity authentication to the client using the identification information, and only performing an address assignment process on the DHCP client has passed the validity authentication.
  - 10. The method for realizing the secure assignment of the DHCP address according to claim 9, further comprises:
    - performing, by the DHCP authentication server, the DHCP authentication for the DHCP client locally according to identification information saved for a valid subscriber, and sending the DHCP Discovery message of the client has passed the DHCP authentication to a DHCP server; and
      
      performing, by the DHCP server, the address assignment process.
  - 11. The method for realizing the secure assignment of the DHCP address according to claim 1, further comprising:
    - receiving, by an access node or an access server, the DHCP Discovery message sent from the DHCP client, and inserting identification information of the DHCP client into the DHCP Discovery message and sending the DHCP Discovery message to a DHCP authentication server;
      
      obtaining, by the DHCP authentication server, the identification information of the DHCP client from the DHCP Discovery message;
      
      sending, by the DHCP authentication server, an authentication request message to an AAA server using the identification information, and performing, by the AAA server, an authentication to the identification information of the DHCP client and assigning an address to the DHCP client has passed the authentication;
      
      or, sending, by the DHCP authentication server, the authentication request message to the AAA server using the identification information, and performing, by the AAA server, an authentication to the identification information of the DHCP client;
      
      assigning, by the DHCP authentication server, the address to the client has passed the authentication after receiving an authentication pass information.
  - 12. The method for realizing the secure assignment of the DHCP address according to claim 2, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - performing, by the access node or the access server in the access network, a validity authentication to the DHCP client according to the identification information of the DHCP client and preconfigured identification information for a valid subscriber.
  - 13. The method for realizing the secure assignment of the DHCP address according to claim 3, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - performing, by the access node or the access server in the access network, a validity authentication to the DHCP client according to the identification information of the DHCP client and preconfigured identification information for a valid subscriber.
  - 14. The method for realizing the secure assignment of the DHCP address according to claim 2, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - initiating, by the access node or the access server in the access network, an authentication request to an authentication server using the identification information of the client; and
      
      performing, by the authentication server, the validity authentication to the client according to the identification information saved for a valid subscriber.
  - 15. The method for realizing the secure assignment of the DHCP address according to claim 3, wherein, obtaining, by the access network side, identification information of the DHCP client and performing the authentication to the DHCP client based on the identification information comprises:
    - initiating, by the access node or the access server in the access network, an authentication request to an authentication server using the identification information of the client; and
      
      performing, by the authentication server, the validity authentication to the client according to the identification information saved for a valid subscriber.

6. A DHCP authentication server for realizing a secure assignment of a DHCP address, comprising a DHCP server module, a protocol converting module and an AAA (Authentication, Authorization and Accounting) client module, wherein:
- the DHCP server module is adapted to receive a DHCP request message sent by a DHCP client via an access node or an access server and respond to the DHCP client with an address assigned to the DHCP client has passed an authentication, the address is returned by an AAA server and received by an AAA client module;
  
  the protocol converting module is adapted to obtain information needed in AAA authentication in a DHCP Discovery message of a corresponding DHCP client sent from the access node or the access server, generate an MA authentication message, generate a DHCP Offer message according to an authentication response message received by the AAA client module and send the DHCP Offer message; and
  
  the AAA client module is adapted to communicate with the AAA server based on the AAA authentication message generated by the DHCP protocol converting module, obtain an authentication result of the DHCP client, and deliver the authentication result to the protocol converting module and the DHCP server module.

7. A DHCP authentication server for realizing a secure assignment of a DHCP address, comprising an authentication processing module and a DHCP server, wherein:
- the authentication processing module is adapted to obtain identification information of a client initiating a DHCP process, perform a validity authentication to the client according to identification information saved for a valid subscriber, and send a DHCP Discovery message of a DHCP client has passed the validity authentication to the DHCP server; and
  
  the DHCP server is adapted to receive the DHCP Discovery message sent by the authentication processing module and send a DHCP Offer message to the DHCP client, and assign an address to a corresponding DHCP client in an address pool of the DHCP server when the DHCP client sends a DHCP request message.

8. A system for realizing a secure assignment of a DHCP address, comprising a DHCP client, an access network and a DHCP authentication server;
- wherein a DHCP client is adapted to communicate with the DHCP authentication server via an access network to obtain an address;
  
  the DHCP authentication server is adapted to perform a validity authentication to a DHCP Discovery message of the DHCP client obtained by the access network, and assign the address to the DHCP client has passed the validity authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Li, Jun, Wei, Jiahong, Chen, Wumao

Application Number

US11/926,729
Publication Number

US 20080092213A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

METHOD, SYSTEM AND SERVER FOR REALIZING SECURE ASSIGNMENT OF DHCP ADDRESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

METHOD, SYSTEM AND SERVER FOR REALIZING SECURE ASSIGNMENT OF DHCP ADDRESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others