CN102014384A - Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network - Google Patents
Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network Download PDFInfo
- Publication number
- CN102014384A CN102014384A CN2009101899659A CN200910189965A CN102014384A CN 102014384 A CN102014384 A CN 102014384A CN 2009101899659 A CN2009101899659 A CN 2009101899659A CN 200910189965 A CN200910189965 A CN 200910189965A CN 102014384 A CN102014384 A CN 102014384A
- Authority
- CN
- China
- Prior art keywords
- wireless
- sta
- wapi
- network
- mobile telephone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a method for verifying a WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by a mobile phone network. A digital certificate for verifying an identity, a WAPI wireless network device and a mobile phone online device are arranged on a wireless terminal (STA); when a WAPI wireless network (1) and the wireless terminal (STA) identify and verify the identities of the counterpart, identity information is transmitted by the mobile phone network besides the WAPI wireless network (1); and after the information transmitted by the WAPI wireless network (1) and the mobile phone network are checked without error, the identification and the verification of the identity are confirmed to be successful. The method of the invention identifies and verifies the identities of the wireless terminal (STA) and the WAPI wireless network (1), even if a cracker steals the digital certificate in the wireless terminal (STA), the cracker can not pretend to be a user for being accessed into the WAPI wireless network (1) by using the digital certificate, and the wireless terminal (STA) and the WAPI wireless network (1) are safer and more reliable to identify and verify the counterparty identity.
Description
[technical field]
The present invention relates to network security technology, particularly relate to a kind of method by mobile telephone network checking WAPI wireless network terminal identity.
[background technology]
Along with the TD-SCDMA mobile phone of China is that the service of 3G mobile phone is released, the coverage of 3G mobile telephone network has comprised each big small city and small towns, the operator of 3G mobile telephone network also is provided with a large amount of WAPI wireless network focuses throughout the country simultaneously, be user's wireless Internet services efficiently of providing convenience, so more and more computer configuration have 3G mobile phone Internet device and WAPI radio network device, be provided with WAPI wireless network hotspot location at some, computer can adopt the WAPI wireless network online of cheap communication charge, and not having the place of WAPI wireless network focus at some, computer can adopt the wide TD-SCDMA online of coverage.At present, terminal by the online of WAPI wireless network, be by the voucher of the digital certificate in the terminal as the online identity, though the also undiscovered so far security breaches of WAPI wireless network, but might be stolen by all means such as virus or wooden horse formulas as the digital certificate of identity documents but be stored in the terminal by the hacker, the hacker makes the user sustain a loss to steal the digital certificate fake user of returning then.The present invention is by adopting double verification identity mode, when WAPI wireless network and user's wireless terminal is differentiated checking the other side identity mutually, except transmitting the identity verification information by the WAPI wireless network, also transmit identity verification information by the 3G mobile telephone network, and check identity verification information that both transmit all errorless after, just confirm to differentiate the identity verification success.
[summary of the invention]
Purpose of the present invention is to provide a kind of method by mobile telephone network checking WAPI wireless network terminal identity, to be implemented in the application of differentiating identity verification in the WAPI wireless network.
The object of the present invention is achieved like this, adopt a kind of like this method by mobile telephone network checking WAPI wireless network terminal identity, on wireless terminal (STA), be provided for digital certificate and the WAPI radio network device and the mobile phone Internet device of identity verification, it is characterized in that, described method is carried out identity when differentiating in wireless terminal (STA) and WAPI wireless network (1), and employing comprises the steps:
Wireless terminal (STA) will comprise the access of digital certificate and differentiate that solicited message sends WAP (wireless access point) (AP) to, WAP (wireless access point) (AP) will comprise this access and differentiate that the request of certificate authentication information of solicited message is sent to authentication server (AS) request and differentiates then, and wireless terminal (STA) should insert simultaneously differentiates that solicited message is sent to authentication server (AS) request by mobile telephone network (2) and differentiates;
Authentication server (AS) is differentiated request of certificate authentication information that checking is transmitted from WAP (wireless access point) (AP) respectively and is differentiated solicited message from the access that mobile telephone network (2) transmits, both differentiate that all the certificate that checking errorless back authentication server (AS) will comprise identification result differentiates that response message sends WAP (wireless access point) (AP) to and this certificate is differentiated that response message sends wireless terminal (STA) to by mobile telephone network (2), and WAP (wireless access point) (AP) is checked this identification result and this certificate differentiated that response message is sent to wireless terminal (STA) and this wireless terminal of permission (STA) access after errorless;
Wireless terminal (STA) is checked the certificate that transmits from WAP (wireless access point) (AP) respectively and is differentiated the identification result the response message and differentiate identification result the response message from the certificate that mobile telephone network (2) transmits, and checks both and just inserts this WAP (wireless access point) (AP) after all errorless.
In this manual, be arranged in the mobile phone Internet device in the wireless terminal (STA) and be inserted with a SIM card, this SIM card is exactly the identity documents that the mobile phone Internet device is connected to mobile telephone network (2), wireless terminal (STA) is except being connected to the identity documents of WAPI wireless network (1) as it with digital certificate, also need be connected to the identity documents of mobile telephone network (2) as it with this SIM card, could pass through mobile telephone network (2) and transmit identity verification information, wireless terminal (STA) and WAPI wireless network (1) could the mutual identity of differentiating checking the other side of success.
So just realized purpose of the present invention.
Identity by method validation wireless terminal of the present invention (STA) and WAPI wireless network (1) both sides, even the digital certificate in user's the wireless terminal (STA) has been stolen by the hacker, there is not the user's mobile phone Internet device, the hacker can't use the digital certificate fake user of stealing to insert WAPI wireless network (1), makes wireless terminal (STA) and WAPI wireless network (1) checking the other side's identity safety and reliability.
[description of drawings]
Fig. 1 is a schematic illustration of verifying the method for WAPI wireless network terminal identity by mobile telephone network of the present invention;
Fig. 2 is the schematic illustration that method of the present invention is applied to the embodiment of mobile phone.
Accompanying drawing is schematically, in order to formation of the present invention and principal character to be described.
[embodiment]
Below in conjunction with accompanying drawing, method of the present invention is described in further detail.
Consult Fig. 1, Fig. 1 is a schematic illustration of verifying the method for WAPI wireless network terminal identity by mobile telephone network of the present invention, include WAPI wireless network (1) shown in Fig. 1, mobile telephone network (2), wireless terminal (STA), WAP (wireless access point) (AP), authentication server (AS), wherein, the solid line of band arrow shows WAPI wireless network (1) and differentiates the flow direction of verifying both sides' identity information with wireless terminal (STA), this differentiates that checking both sides identity information is exactly the information that discriminates one's identification in the WAPI wireless network standards, and being shown in dotted line by mobile telephone network (2) of band arrow transmits the flow direction of differentiating checking both sides identity information, this dotted line partly is one of principal character of the present invention, transmit the information of differentiating identity verification by two different paths, can differentiate the identity of verifying both sides in safety and reliability ground.
Continue to consult Fig. 1, wireless terminal shown in Fig. 1 (STA) is provided with digital certificate and WAPI radio network device and the mobile phone Internet device that is used for identity verification, be inserted with SIM card in the mobile phone Internet device, the mobile phone Internet device inserts mobile telephone network (2) with the identity of this SIM card.In the method for the invention, wireless terminal (STA) and WAPI wireless network (1) carry out identity when differentiating, employing comprises the steps:
Wireless terminal (STA) will comprise the access of digital certificate and differentiate that solicited message sends WAP (wireless access point) (AP) to, WAP (wireless access point) (AP) will comprise this access and differentiate that the request of certificate authentication information of solicited message is sent to authentication server (AS) request and differentiates then, and wireless terminal (STA) should insert simultaneously differentiates that solicited message is sent to authentication server (AS) request by mobile telephone network (2) and differentiates;
Authentication server (AS) is differentiated request of certificate authentication information that checking is transmitted from WAP (wireless access point) (AP) respectively and is differentiated solicited message from the access that mobile telephone network (2) transmits, both differentiate that all the certificate that checking errorless back authentication server (AS) will comprise identification result differentiates that response message sends WAP (wireless access point) (AP) to and this certificate is differentiated that response message sends wireless terminal (STA) to by mobile telephone network (2), and WAP (wireless access point) (AP) is checked this identification result and this certificate differentiated that response message is sent to wireless terminal (STA) and this wireless terminal of permission (STA) access after errorless;
Wireless terminal (STA) is checked the certificate that transmits from WAP (wireless access point) (AP) respectively and is differentiated the identification result the response message and differentiate identification result the response message from the certificate that mobile telephone network (2) transmits, and checks both and just inserts this WAP (wireless access point) (AP) after all errorless.
Consult Fig. 2, Fig. 2 is the schematic illustration that method of the present invention is applied to the embodiment of mobile phone, compared to Figure 1, the main difference part is that the wireless terminal shown in Fig. 1 (STA) is a notebook computer, and the wireless terminal shown in Fig. 2 (STA) is a mobile phone.In the present invention, wireless terminal (STA) can be notebook computer or equipment such as PDA or mobile phone or desktop computer.In addition; described in this manual mobile telephone network (2) is the TD-SCDMA mobile telephone network; it also can be the mobile telephone network that adopts other standards; mobile telephone networks such as GSM, CDMA, 3G, 4G for example; all can realize purpose of the present invention well, all be to belong to protection scope of the present invention.
The principal character of method of the present invention below has been described, though the present invention is illustrated with the above embodiments, but the present invention is not limited to this, under the situation of the scope of not leaving spirit of the present invention and appended claims, can do multiple change and variation.
Method by mobile telephone network checking WAPI wireless network terminal identity of the present invention, can make wireless terminal (STA) and WAPI wireless network (1) differentiate checking the other side's identity safety and reliability, its enforcement can effectively improve the fail safe of WAPI wireless network (1).
Claims (4)
1. method by mobile telephone network checking WAPI wireless network terminal identity, on wireless terminal (STA), be provided for digital certificate and the WAPI radio network device and the mobile phone Internet device of identity verification, it is characterized in that, described method is carried out identity when differentiating in wireless terminal (STA) and WAPI wireless network (1), and employing comprises the steps:
Wireless terminal (STA) will comprise the access of digital certificate and differentiate that solicited message sends WAP (wireless access point) (AP) to, WAP (wireless access point) (AP) will comprise this access and differentiate that the request of certificate authentication information of solicited message is sent to authentication server (AS) request and differentiates then, and wireless terminal (STA) should insert simultaneously differentiates that solicited message is sent to authentication server (AS) request by mobile telephone network (2) and differentiates;
Authentication server (AS) is differentiated request of certificate authentication information that checking is transmitted from WAP (wireless access point) (AP) respectively and is differentiated solicited message from the access that mobile telephone network (2) transmits, both differentiate that all the certificate that checking errorless back authentication server (AS) will comprise identification result differentiates that response message sends WAP (wireless access point) (AP) to and this certificate is differentiated that response message sends wireless terminal (STA) to by mobile telephone network (2), and WAP (wireless access point) (AP) is checked this identification result and this certificate differentiated that response message is sent to wireless terminal (STA) and this wireless terminal of permission (STA) access after errorless;
Wireless terminal (STA) is checked the certificate that transmits from WAP (wireless access point) (AP) respectively and is differentiated the identification result the response message and differentiate identification result the response message from the certificate that mobile telephone network (2) transmits, and checks both and just inserts this WAP (wireless access point) (AP) after all errorless.
2. the method by mobile telephone network checking WAPI wireless network terminal identity as claimed in claim 1 is characterized in that described wireless terminal (STA) is a notebook computer.
3. the method by mobile telephone network checking WAPI wireless network terminal identity as claimed in claim 1 is characterized in that described wireless terminal (STA) is a mobile phone.
4. the method by mobile telephone network checking WAPI wireless network terminal identity as claimed in claim 1 is characterized in that described mobile telephone network (2) is the TD-SCDMA mobile telephone network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101899659A CN102014384A (en) | 2009-09-04 | 2009-09-04 | Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101899659A CN102014384A (en) | 2009-09-04 | 2009-09-04 | Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102014384A true CN102014384A (en) | 2011-04-13 |
Family
ID=43844353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101899659A Pending CN102014384A (en) | 2009-09-04 | 2009-09-04 | Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102014384A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105578464A (en) * | 2015-07-31 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Enhanced WLAN certificate authentication method, device and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003094438A1 (en) * | 2002-05-01 | 2003-11-13 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for sim-based authentication and encryption in wireless local area network access |
| CN1649297A (en) * | 2005-01-04 | 2005-08-03 | 何正翀 | Attached system for increasing internet account number safety |
| CN1728638A (en) * | 2004-07-28 | 2006-02-01 | 日本电气株式会社 | Cordless communication network, wireless terminal, access server and method thereof |
| CN101212296A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | Certificate and SIM based WLAN access authentication method and system |
-
2009
- 2009-09-04 CN CN2009101899659A patent/CN102014384A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003094438A1 (en) * | 2002-05-01 | 2003-11-13 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for sim-based authentication and encryption in wireless local area network access |
| CN1728638A (en) * | 2004-07-28 | 2006-02-01 | 日本电气株式会社 | Cordless communication network, wireless terminal, access server and method thereof |
| CN1649297A (en) * | 2005-01-04 | 2005-08-03 | 何正翀 | Attached system for increasing internet account number safety |
| CN101212296A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | Certificate and SIM based WLAN access authentication method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105578464A (en) * | 2015-07-31 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Enhanced WLAN certificate authentication method, device and system |
| CN105578464B (en) * | 2015-07-31 | 2019-04-12 | 宇龙计算机通信科技(深圳)有限公司 | A kind of WLAN certificate identification method, the apparatus and system of enhancing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9578025B2 (en) | Mobile network-based multi-factor authentication | |
| CN104168557B (en) | The upgrade method of operating system and the update device of operating system | |
| EP3401866A1 (en) | System and method for secure transaction process via mobile device | |
| CN101662771B (en) | Method for realizing automatic certification of wireless access short message and system thereof | |
| CN102843669B (en) | Data access method and device | |
| CN102811228B (en) | Network login method, equipment and system | |
| JP5739008B2 (en) | Method, apparatus, and system for verifying a communication session | |
| CN106559783B (en) | Authentication method, device and system for WIFI network | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN101795196A (en) | Authentication method and authentication system for logging in to online banks | |
| CN102859966A (en) | Wireless network authentication apparatus and methods | |
| CA2537455A1 (en) | Method and system for enhanced security using location-based wireless authentication | |
| CN101668288A (en) | Identity authenticating method, identity authenticating system and terminal | |
| CN103200150A (en) | Identity authentication method and system | |
| CN101527909A (en) | Method for realizing access authentication, device thereof and mobile terminal | |
| CN102984335B (en) | Dial the identity identifying method of landline telephone, equipment and system | |
| CN106203021B (en) | A kind of more certification modes are integrated to apply login method and system | |
| CN101662768A (en) | Authenticating method and equipment based on user identification module of personal handy phone system | |
| CN102282826A (en) | Method and system for authentication of network nodes of a peer-to-peer network | |
| CN206993151U (en) | Network signal security authentication systems | |
| CN104092599B (en) | A kind of method and mobile terminal of mobile terminal detection mail outbox Service-Port | |
| CN107454557B (en) | Router connection method and system | |
| US20050102519A1 (en) | Method for authentication of a user for a service offered via a communication system | |
| CN102547698B (en) | Authentication system, method and intermediate authentication platform | |
| CN102014384A (en) | Method for verifying WAPI (Wireless Authentication and Privacy Infrastructure) wireless network terminal identity by mobile phone network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Huang Jinfu Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110413 |