NETWORK AUTHENTICATION METHOD, METHOD FOR CLIENT TO REQUEST AUTHENTICATION, CLIENT, AND DEVICE
First Claim
1. A network authentication method, comprising:
- receiving synchronize (SYN) data sent by a client, wherein the SYN data comprises a sequence number SEQ1 and a network parameter;
sending synchronize acknowledge (SYN_ACK) data to the client in response to the SYN data, wherein the SYN_ACK data comprises an acknowledgment number ACK2, and a value of ACK2 is a value obtained by carrying out a function transformation according to the network parameter of the SYN data;
receiving RESET (RST) data sent by the client in response to the SYN_ACK data, wherein the RST data comprises a sequence number SEQ3 or an acknowledgment number ACK3, a value of SEQ3 or ACK3 is the same as that of ACK2, and the RST data further comprises a network parameter the same as that of the SYN data;
carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and
passing the authentication of the client if CHK matches the value of SEQ3 or ACK3.
4 Assignments
0 Petitions
Accused Products
Abstract
A network authentication method, a method for a client to request authentication, a client, and a device are provided. The method includes: receiving synchronize (SYN) data sent by a client, where the SYN data includes a sequence number SEQ1 and a network parameter; sending synchronize acknowledge (SYN_ACK) data to the client in response to the SYN data, where the SYN_ACK data includes an acknowledgment number ACK2, and the value of ACK2 is a value obtained by carrying out a function transformation according to the network parameter of the SYN data; receiving RESET (RST) data sent by the client in response to the SYN_ACK data, where the RST data includes a sequence number SEQ3 or an acknowledgment number ACK3, and the value of SEQ3 or ACK3 is the same as that of ACK2, and the RST data further includes a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches SEQ3 or ACK3. Therefore, the occupation of storage resources is reduced.
18 Citations
12 Claims
-
1. A network authentication method, comprising:
-
receiving synchronize (SYN) data sent by a client, wherein the SYN data comprises a sequence number SEQ1 and a network parameter; sending synchronize acknowledge (SYN_ACK) data to the client in response to the SYN data, wherein the SYN_ACK data comprises an acknowledgment number ACK2, and a value of ACK2 is a value obtained by carrying out a function transformation according to the network parameter of the SYN data; receiving RESET (RST) data sent by the client in response to the SYN_ACK data, wherein the RST data comprises a sequence number SEQ3 or an acknowledgment number ACK3, a value of SEQ3 or ACK3 is the same as that of ACK2, and the RST data further comprises a network parameter the same as that of the SYN data; carrying out the function transformation according to the network parameter of the RST data to obtain a check value CHK; and passing the authentication of the client if CHK matches the value of SEQ3 or ACK3. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network authentication device, comprising:
-
a first receiving unit, configured to receive synchronize (SYN) data sent by a client, wherein the SYN data comprises a sequence number SEQ1 and a network parameter; a sending unit, configured to send synchronize acknowledge (SYN_ACK) data to the client in response to the SYN data received by the first receiving unit, wherein the SYN_ACK data comprises an acknowledgment number ACK2, and a value of ACK2 is a value obtained by carrying out a function transformation according to the network parameter of the SYN data; a second receiving unit, configured to receive RESET (RST) data sent by the client in response to the SYN_ACK data sent by the sending unit, wherein the RST data comprises a sequence number SEQ3 or an acknowledgment number ACK3, and a value of ACK3 is the same as that of SEQ3 or ACK2, and the RST data further comprises a network parameter the same as that of the SYN data; a calculating unit, configured to carry out the function transformation according to the network parameter of the RST data received by the second receiving unit to obtain a check value CHK; and an authenticating unit, configured to pass the authentication of the client when CHK calculated by the calculating unit matches SEQ3 or ACK3 of the RST data. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A client, comprising:
-
a sending unit, configured to send synchronize (SYN) data to a gateway, wherein the SYN data comprises a sequence number SEQ1 and a network parameter; a receiving unit, configured to receive synchronize acknowledge (SYN_ACK) data sent by the gateway in response to the SYN data, wherein the SYN_ACK data comprises an acknowledgment number ACK2, and a value of ACK2 is a value obtained by carrying out a function transformation according to the network parameter of the SYN data; and a judging unit, configured to judge whether the value of ACK2 is the same as an expected value, and if the value of ACK2 is different from the expected value, send RESET (RST) data to the gateway in response to the SYN_ACK data, wherein the RST data comprises a sequence number SEQ3 or an acknowledgment number ACK3, a value of SEQ3 or ACK3 is the same as that of ACK2, and the RST data further comprises a network parameter the same as that of the SYN data; and
instruct the gateway to authenticate the client according to the RST data and SEQ3 or ACK3.
-
Specification