Search

US-12627662-B2 - Network apparatus and network authentication method thereof

US12627662B2US 12627662 B2US12627662 B2US 12627662B2US-12627662-B2

Abstract

A network apparatus and a network authentication method thereof are provided. The network apparatus serving as a server end includes a network interface device and a processor. The network interface device is configured to connect to a network. The processor is coupled to the network interface device, and configured to receive a network packet send by a client end through the network, acquire a verification data commonly agreed with the client end, and establish a network connection with the client end in response to a verification data recorded in the network packet matching the acquired verification data.

Inventors

  • Yi Chang

Assignees

  • MOXA INC.

Dates

Publication Date
20260512
Application Date
20230630

Claims (15)

  1. 1 . A network apparatus, serving as a client end, comprising: a network interface device configured to connect to a network; and a processor, coupled to the network interface device, and configured to: acquire a verification data commonly agreed with a server end; record the verification data in a network packet used for establishing a network connection; establish the network connection with the server end by transmitting the network packet having the verification data which is verified by the server end, to the server end; receive services provided by the server end through the network connection; acquire at least one factor related to connection with the network calculates the verification data according to the at least one factor by using a first algorithm commonly agreed with a server end; establish the network connection with the server end by using the verification data, wherein the at least one factor comprises one or a combination of a shared key with the server end, time, an internet protocol (IP) address of the server end, the client end, or a gateway, a media access control (MAC) address, a previously used source port, a destination port, a netmask, and a hop count; negotiate a second algorithm used in a next network connection with the server end; and establish the next network connection with the server end by using at least one verification data calculated by using the second algorithm or using a second verification data negotiated by the server end.
  2. 2 . The network apparatus according to claim 1 , wherein the processor acquires a plurality of verification data commonly agreed with the server end, communicates with the server end by sequentially using the plurality of verification data, and establishes the network connection with the server end after the server end verifies a variation of the plurality of verification data.
  3. 3 . The network apparatus according to claim 1 , wherein the processor negotiates with the server end so as to acquire the verification data.
  4. 4 . The network apparatus according to claim 3 , wherein the processor negotiates at least one second verification data used in a next network connection with the server end and establishes the next network connection with the server end by using the at least one second verification data; or the processor establishes the next network connection with the server end by using a second verification data negotiated by the server end.
  5. 5 . A network authentication method, adapted for a network apparatus serving as a client end, comprising: acquiring at least one verification data commonly agreed with the server end; recording the at least one verification data in a network packet used for establishing a network connection; establishing or maintaining the network connection with a server end by transmitting the network packet having the at least one verification data which is verified by the server end, to the server end; receiving services provided by the server end through the network connection; acquiring at least one factor related to connection with the network, wherein the at least one factor comprises one or a combination of a shared key with the server end, time, an internet protocol (IP) address of the server end, the client end, or a gateway, a media access control (MAC) address, a previously used source port, a destination port, a netmask, and a hop count; calculating the verification data according to the at least one factor by using a first algorithm commonly agreed with a server end; establishing the network connection with the server end by using the verification data; negotiating a second algorithm used in a next network connection with the client end; and establishing the next network connection with the client end in response to a verification data recorded in a next network packet matching the verification data calculated by using the second algorithm.
  6. 6 . The method according to claim 5 , further comprising: acquiring a plurality of verification data; communicating with the server end by sequentially using the plurality of verification data; and establishing the network connection with the server end after the server end verifies a variation of the plurality of verification data using the first algorithm.
  7. 7 . The method according to claim 6 , wherein the step of acquiring at least one verification data commonly agreed with the server end comprises: negotiating with the server end so as to acquire the verification data.
  8. 8 . A network apparatus, serving as a server end, comprising: a network interface device configured to connect to a network; and a processor, coupled to the network interface device, and configured to: receive a network packet send by a client end through the network; acquire a verification data commonly agreed with the client end; and establish a network connection with the client end in response to a verification data recorded in the network packet matching the acquired verification data, wherein the processor acquires at least one factor related to connection with the network, calculates the verification data according to the at least one factor by using a first algorithm commonly agreed with a client end, verifies a verification data recorded in the network packet by using the calculated verification data, and establishes the network connection with the client end in response to the verification data recorded in the network packet matching the calculated verification data, wherein the at least one factor comprises one or a combination of a shared key with the server end, time, an internet protocol (IP) address of the server end, the client end, or a gateway, a media access control (MAC) address, a previously used source port, a destination port, a netmask, and a hop count.
  9. 9 . The network apparatus according to claim 8 , wherein the processor acquires a plurality of verification data commonly agreed with the client end, sequentially verifies a plurality of network packets send by the client end by using the acquired plurality of verification data, and establishes the network connection with the client end in response to a variation of a plurality of verification data recorded in the plurality of network packets matching a variation of the acquired plurality of verification data.
  10. 10 . The network apparatus according to claim 8 , further comprising: a storage device, configured to store a block list, wherein the processor adds an identification information of the client end to the block list in response to the verification data recorded in the network packet not matching the acquired verification data.
  11. 11 . The network apparatus according to claim 10 , wherein the processor further determines whether an identification information of the client end which sends the network packet is in the block list, and blocks the client end from establishing the network connection in response to the identification information of the client end being in the block list.
  12. 12 . The network apparatus according to claim 8 , wherein the processor negotiates with the client end so as to acquire the verification data.
  13. 13 . The network apparatus according to claim 12 , wherein the processor negotiates at least one second verification data used in a next network connection with the client end and establishing the next network connection with the client end by using the at least one second verification data.
  14. 14 . A network authentication method, adapted for a network apparatus serving as a server end, comprising: receiving a network packet send by a client end through a network; acquiring at least one verification data commonly agreed with the client end; establishing a network connection with the client end in response to the verification data recorded in the network packet matching the acquired at least one verification data; acquiring at least one factor related to connection with the network, wherein the at least one factor comprises one or a combination of a shared key with the server end, time, an internet protocol (IP) address of the server end, the client end, or a gateway, a media access control (MAC) address, a previously used source port, a destination port, a netmask, and a hop count; calculating the verification data according to the at least one factor by using a first algorithm commonly agreed with a client end; negotiating a second algorithm used in a next network connection with the client end; and establishing the next network connection with the client end in response to a verification data recorded in a next network packet matching the verification data calculated by using the second algorithm.
  15. 15 . The method according to claim 14 , wherein the step of acquiring at least one verification data commonly agreed with the client end comprises: negotiating with the client end so as to acquire the verification data.

Description

BACKGROUND Technical Field The disclosure relates to network security, and particularly relates to a network apparatus and a network authentication method thereof. Description of Related Art In a conventional network service scheme, when a client end requests for resource access, the server end identifies the client end by verifying certificates during connection establishment or identifies certificates, passwords or tokens after connection establishment. An internet protocol (IP) address of the client end is used as an access control list (ACL) to determine whether the client end is authorized to establish a connection. However, such kind of verification is rigorous and complicated, and therefore the computing burden on the server end is relatively high. In addition, since the structured data in the certificate may vary depending on the analysis components used, a potential risk may occur during parsing. SUMMARY The disclosure provides a network apparatus and a network authentication method thereof capable of improving security of network service. In an embodiment of the disclosure, a network apparatus serving as a client end is provided. The network apparatus comprises a network interface device and a processor. The network interface device is configured to connect to a network. The processor is coupled to the network interface device, and configured to acquire a verification data commonly agreed with a server end, and establish a network connection with the server end by using the verification data which is verified by the server end, and receive services provided by the server end through the network connection. According to an embodiment of the disclosure, the processor acquires a plurality of verification data commonly agreed with the server end, communicates with the server end by sequentially using the plurality of verification data, and establishes the network connection with the server end after the server end verifies a variation of the plurality of verification data. According to an embodiment of the disclosure, the processor acquires at least one factor related to connection with the network, calculates the verification data according to the at least one factor by using a first algorithm commonly agreed with a server end, and establishes the network connection with the server end by using the verification data. According to an embodiment of the disclosure, the processor negotiates a second algorithm used in a next network connection with the server end and establishes the next network connection with the server end by using at least one verification data calculated by using the second algorithm. According to an embodiment of the disclosure, the processor negotiates with the server end so as to acquire the verification data, or negotiates at least one second verification data used in a next network connection with the server end and establishes the next network connection with the server end by using the at least one second verification data In an embodiment of the disclosure, a network authentication method adapted for a network apparatus serving as a client end is provided. In the method, at least one verification data commonly agreed with the server end is acquired. A network connection with a server end is established by using the at least one verification data which is verified by the server end, and receiving services provided by the server end through the network connection. According to an embodiment of the disclosure, the method further comprises acquiring a plurality of verification data, communicating with the server end by sequentially using the plurality of verification data; and establishing the network connection with the server end after the server end verifies a variation of the plurality of verification data using the first algorithm. According to an embodiment of the disclosure, the step of acquiring at least one verification data commonly agreed with the server end comprises acquiring at least one factor related to connection with the network, and calculating the verification data according to the at least one factor by using a first algorithm commonly agreed with a server end; or negotiating with the server end so as to acquire the verification data. In an embodiment of the disclosure, a network apparatus serving as a server end is provided. The network apparatus comprises a network interface device and a processor. The network interface device is configured to connect to a network. The processor is coupled to the network interface device, and configured to receive a network packet send by a client end through a network, acquire a verification data commonly agreed with the client end, and establish a network connection with the client end in response to a verification data recorded in the network packet matching the acquired verification data. According to an embodiment of the disclosure, the processor acquires a plurality of verification data commonly agreed with the client