CN102035797A - WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method - Google Patents
WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method Download PDFInfo
- Publication number
- CN102035797A CN102035797A CN2009101757997A CN200910175799A CN102035797A CN 102035797 A CN102035797 A CN 102035797A CN 2009101757997 A CN2009101757997 A CN 2009101757997A CN 200910175799 A CN200910175799 A CN 200910175799A CN 102035797 A CN102035797 A CN 102035797A
- Authority
- CN
- China
- Prior art keywords
- access point
- wapi
- wapi terminal
- server
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method. The mutual identification can be finished after a WAPI terminal, an access point and a server are started; and the server encrypts service data requested by the WAPI terminal by using a confidentiality protocol specified by a WAPI protocol and then transmits the encrypted data to the WAPI terminal through the access point. By adopting the invention, the access point can transparently transmit data information received by the server to the WAPI terminal after the WAPI terminal finishes the identification and verification with the access point and the server through a digital certificate; under the condition of ensuring the confidential transmission characteristic, the transmission efficiency is improved, the use cost of users is reduced and relevant programs are favored to watch from the WAPI terminal; meanwhile, the invention facilitates the management and the charging of an operator on the users and ensures the prudent development of video on demand and other services.
Description
Technical field
The present invention relates to media play and WAPI technical field, particularly a kind of medium transmission system and method based on WAPI.
Background technology
WAPI is the english abbreviation of WLAN Authentication and Privacy Infrastructure.Be WAPI, it is at WEP protocol security problem among the IEEE 802.11, the wlan security solution that proposes in Chinese WLAN (wireless local area network) standard GB 15629.11.Its main feature is the certificate mechanism that adopts based on the public key cryptography system, has really realized two-way discriminating between portable terminal (MT) and WAP (wireless access point) (AP).
In present network media playing process, the user adopts the mode logon server of username and password mostly, obtains the authorization and can carry out download, the broadcast of medium.
Fig. 1 is traditional user's operating platform and server structure chart and data flowchart, and this structure comprises user's operating terminal and server.The user is in the business application, and the user is provided with username and password by operating terminal on server, and server examination username and password is also authorized.The user is when using business, and behind input right user name and password on the server, the user watches program by operating terminal to the user on server by operating terminal.This structure is unfavorable for the management of server to subscriber data, is unfavorable for that the network operator charges, and is unfavorable for the secret transmission of data etc.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of medium transmission system and method based on WAPI, when the WAPI terminal finish by digital certificate with the discriminating of access point and server checking after, the data message transparent transmission that access point can receive from server has improved efficiency of transmission to the WAPI terminal.
In order to address the above problem, the invention provides a kind of media transmission method based on WAPI, comprise: behind WAPI terminal, access point and startup of server, finish mutual discriminating, described server uses the confidentiality agreement of WAPI agreement regulation that the business datum of WAPI terminal request is encrypted, and afterwards data encrypted is sent to the WAPI terminal by access point.
Further, described access point carries out demodulation after receiving the business datum of described encryption, afterwards the business datum after the demodulation is sent to described WAPI terminal.
Further, described server is also issued digital certificate for described WAPI terminal and access point;
Described WAPI terminal, access point and server are finished mutual discriminating and be meant: described WAPI terminal obtains the security strategy of access point, and then finishes checking according to the digital certificate of described security strategy, WAPI terminal and the digital certificate and the access point of access point; Described server differentiates by access point digital certificate and described access point, and differentiates by the digital certificate and the WAPI terminal of WAPI terminal, and judges the rights of using of described WAPI terminal according to the digital certificate of WAPI terminal.
Further, described WAPI terminal is inquired after the security strategy that obtains access point by passive listening beacon frame or active.
Further, described WAPI terminal and server are finished and are differentiated that the back is by described access point and server negotiate session key.
The present invention also provides a kind of medium transmission system based on WAPI, comprises WAPI terminal, access point and server;
Described WAPI terminal is used for starting the back and verifies with described access point, finishes discriminating with described server;
Described access point is used for starting the back and verifies with described WAPI terminal, finishes discriminating with described server, and the business datum after the encryption that server is sent is sent to the WAPI terminal;
Described server is used for starting the back and finishes discriminating with described WAPI terminal and access point, also is used to use the confidentiality agreement of WAPI agreement regulation that the business datum of WAPI terminal request is encrypted, and data encrypted is sent to access point.
Further, described access point carries out demodulation after also being used to receive the business datum of described encryption, afterwards the business datum after the demodulation is sent to described WAPI terminal.
Further, described server comprises the discriminating service module, is used for issuing digital certificate to described WAPI terminal and access point;
Described WAPI terminal and described access point verify and are meant that the WAPI terminal obtains the security strategy of access point, and then finish checking according to the digital certificate of described security strategy, WAPI terminal and the digital certificate and the access point of access point;
Described server and WAPI terminal and access point are finished discriminating and are meant, the discriminating service module is finished discriminating by access point digital certificate and described access point, digital certificate and described WAPI terminal by the WAPI terminal are differentiated, and the rights of using of judging described WAPI terminal.
Further, described WAPI terminal is inquired after the security strategy that obtains access point by passive listening beacon frame or active.
Further, after described WAPI terminal also is used for finishing discriminating with server, by described access point and server negotiate session key;
After described server also is used for finishing discriminating with the WAPI terminal, by described access point and WAPI terminal consulting session key.
In sum, the invention provides a kind of medium transmission system and method based on WAPI, when the WAPI terminal finish by digital certificate with the discriminating of access point and server checking after, the data message transparent transmission that access point can receive from server is to the WAPI terminal, under the situation that guarantees secret transmission characteristic, improved efficiency of transmission, reduced user's use cost, make things convenient for the WAPI terminal to watch related-program, simultaneously also help management and the charging of network operator, guaranteed professional sane developments such as video request program the user.
Description of drawings
Fig. 1 a to Fig. 1 c is traditional user's operating platform and server structure chart and data flowchart;
Fig. 2 is the graph of a relation of user's operating platform of the present invention and server;
Fig. 3 is the schematic diagram of WAPI terminal;
Fig. 4 is the operational flowchart of user terminal of the present invention and server.
Embodiment
The present invention a kind of medium transmission system and method based on WAPI, the mode of employing digital certificate mandate can allow the WAPI terminal use who has digital certificate watch related-program very easily.
Present embodiment provides a kind of medium transmission system based on WAPI, as shown in Figure 2, comprises WAPI terminal, AP (Access Point, access point) and server;
Server comprises ASU (authentication service unit differentiates service module);
The WAPI terminal is used for starting the back and verifies with access point, finishes discriminating with server; And by access point and server negotiate session key; Also be used to receive and decode after the data encrypted and play.
Access point is used for starting the back and verifies with the WAPI terminal, finishes discriminating with server, and the business datum after the encryption that server is sent is sent to the WAPI terminal;
Server is used for starting the back and finishes discriminating with WAPI terminal and access point, and by AP and WAPI terminal consulting session key;
Judge whether the WAPI terminal has this professional authority of use after also being used to receive the service request that the WAPI terminal sends, use the confidentiality agreement of WAPI agreement regulation that business datum is encrypted if having, and data encrypted is sent to access point.
Access point carries out demodulation after also being used to receive the business datum of encryption, afterwards the business datum after the demodulation is sent to the WAPI terminal.
Differentiate service module, be used to WAPI terminal and access point to issue digital certificate;
Server and WAPI terminal and access point are finished discriminating and are meant, the discriminating service module is finished discriminating by access point digital certificate and access point, differentiate by the digital certificate and the WAPI terminal of WAPI terminal, and the rights of using of judging the WAPI terminal.
Other outer WAPI equipment of WAPI terminal comprise WAPI personal device PDA, WAPI notebook computer, WAPI personal broadcasting equipment etc.
Fig. 3 is the schematic diagram of WAPI terminal, comprises media play unit, WAPI communication unit and control unit.Media play unit is used to receive the data of WAPI communication unit, and the data that receive are decoded and play; The WAPI communication unit is responsible for being connected authentication associated with other WAPI equipment such as WAPI access point and communicating by letter with access point; Control unit is used to dispose the mode of operation of media play unit and WAPI communication unit and the processing of parameter and upper-layer protocol.
Media play unit is supported multiple broadcast instrument, as MPC, and audio-visual star, realplayer, kmplayer, realone etc.The medium of supporting comprise multimedia broadcast-multicast service MBMS (Multimedia Broadcast/Multicast Service), Streaming Media, movie program, the DVB-H of mobile TV system of European standard, the mobile phone television broadcasting system MediaFLO that QualCom is leading, the T-DMB of mobile TV system of Korea S, the ISDB-T of mobile TV system of Japan, the mobile multimedia broadcast system CMMB and the TMMB of China, the S-DVB in Europe, Japan, the S-DMB of Korea S, the mobile multimedia broadcast system CMMB of China etc.This WAPI terminal also comprises the program selection function, selects suitable program.The WAPI communication unit comprises WAPI hardware module and WAPI agreement.Other outer WAPI equipment of WAPI terminal comprise WAPI personal device PDA, WAPI notebook computer, WAPI personal broadcasting equipment etc.Control unit can be included in media play unit or the WAPI communication unit, uses the processor of media play unit or WAPI communication unit to finish controlled function, can independently not exist.
Present embodiment provides a kind of media transmission method based on WAPI, and it comprises:
Step 201, the WAPI function of other WAPI equipment such as startup WAPI terminal, and start access point and server;
Step 202, WAPI terminal are by the passive listening beacon frame or initiatively inquire after the security strategy that obtains AP, and then finish checking according to the digital certificate of this security strategy, WAPI terminal and the digital certificate and the access point of access point;
Step 203, WAPI terminal and access point are all finished with server and are differentiated checking, promptly, server is differentiated by the digital certificate and the access point of access point, digital certificate and WAPI terminal by the WAPI terminal are differentiated, judge with this whether WAPI terminal and access point be all legal, and judge its rights of using by the digital certificate of WAPI terminal.The rule execution in step 204 if WAPI terminal and access point are combined, otherwise finish.
Step 204, the WAPI terminal is by access point and server negotiate session key;
When step 205, server send data to the WAPI terminal, use the confidentiality agreement of WAPI agreement regulation that the data that will send are encrypted, afterwards data encrypted is sent to access point;
Step 206, access point is received data encrypted, and the confidentiality agreement of the WAPI agreement regulation of using because of server is encrypted, and access point need not to be decrypted and encrypts, directly sends to the WAPI terminal after the modulation, has realized the transparent transmission of data.
Step 207, WAPI terminal are to the data of the receiving broadcast of decoding, and the WAPI terminal can be downloaded related content or the online related-program of watching from server.
Adopt the media playing method based on the WAPI technology of the present invention, owing to can utilize the discriminating of third party's identity, secret transmission characteristic, the high speed data transfers characteristic of the technology of WAPI, reduce user's use cost, make things convenient for the WAPI terminal to watch related-program, simultaneously also help management and the charging of network operator, guaranteed professional sane developments such as video request program the user.
Claims (10)
1. media transmission method based on WAPI, comprise: behind WAPI terminal, access point and startup of server, finish mutual discriminating, described server uses the confidentiality agreement of WAPI agreement regulation that the business datum of WAPI terminal request is encrypted, and afterwards data encrypted is sent to the WAPI terminal by access point.
2. the method for claim 1 is characterized in that:
Described access point carries out demodulation after receiving the business datum of described encryption, afterwards the business datum after the demodulation is sent to described WAPI terminal.
3. the method for claim 1 is characterized in that:
Described server is also issued digital certificate for described WAPI terminal and access point;
Described WAPI terminal, access point and server are finished mutual discriminating and be meant: described WAPI terminal obtains the security strategy of access point, and then finishes checking according to the digital certificate of described security strategy, WAPI terminal and the digital certificate and the access point of access point; Described server differentiates by access point digital certificate and described access point, and differentiates by the digital certificate and the WAPI terminal of WAPI terminal, and judges the rights of using of described WAPI terminal according to the digital certificate of WAPI terminal.
4. method as claimed in claim 3 is characterized in that:
Described WAPI terminal is inquired after the security strategy that obtains access point by passive listening beacon frame or active.
5. the method for claim 1 is characterized in that, described method also comprises:
Described WAPI terminal and server are finished and are differentiated that the back is by described access point and server negotiate session key.
6. the medium transmission system based on WAPI comprises WAPI terminal, access point and server, it is characterized in that:
Described WAPI terminal is used for starting the back and verifies with described access point, finishes discriminating with described server;
Described access point is used for starting the back and verifies with described WAPI terminal, finishes discriminating with described server, and the business datum after the encryption that server is sent is sent to the WAPI terminal;
Described server is used for starting the back and finishes discriminating with described WAPI terminal and access point, also is used to use the confidentiality agreement of WAPI agreement regulation that the business datum of WAPI terminal request is encrypted, and data encrypted is sent to access point.
7. system as claimed in claim 6 is characterized in that:
Described access point carries out demodulation after also being used to receive the business datum of described encryption, afterwards the business datum after the demodulation is sent to described WAPI terminal.
8. system as claimed in claim 6 is characterized in that:
Described server comprises the discriminating service module, is used for issuing digital certificate to described WAPI terminal and access point;
Described WAPI terminal and described access point verify and are meant that the WAPI terminal obtains the security strategy of access point, and then finish checking according to the digital certificate of described security strategy, WAPI terminal and the digital certificate and the access point of access point;
Described server and WAPI terminal and access point are finished discriminating and are meant, the discriminating service module is finished discriminating by access point digital certificate and described access point, digital certificate and described WAPI terminal by the WAPI terminal are differentiated, and the rights of using of judging described WAPI terminal.
9. system as claimed in claim 8 is characterized in that:
Described WAPI terminal is inquired after the security strategy that obtains access point by passive listening beacon frame or active.
10. system as claimed in claim 6 is characterized in that:
After described WAPI terminal also is used for finishing discriminating with server, by described access point and server negotiate session key;
After described server also is used for finishing discriminating with the WAPI terminal, by described access point and WAPI terminal consulting session key.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101757997A CN102035797B (en) | 2009-09-29 | 2009-09-29 | WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method |
| PCT/CN2010/071968 WO2011038588A1 (en) | 2009-09-29 | 2010-04-21 | Method, system and server for medium transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101757997A CN102035797B (en) | 2009-09-29 | 2009-09-29 | WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102035797A true CN102035797A (en) | 2011-04-27 |
| CN102035797B CN102035797B (en) | 2013-06-05 |
Family
ID=43825521
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101757997A Expired - Fee Related CN102035797B (en) | 2009-09-29 | 2009-09-29 | WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102035797B (en) |
| WO (1) | WO2011038588A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916872A (en) * | 2011-08-02 | 2013-02-06 | 李帜 | Communication proxy gateway |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111935718B (en) * | 2020-10-09 | 2021-01-08 | 中科开创(广州)智能科技发展有限公司 | WAPI authentication method, device, system, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642073A (en) * | 2004-01-17 | 2005-07-20 | 神州亿品科技(北京)有限公司 | Group key consultation and updating method for wireless LAN |
| US20060135155A1 (en) * | 2004-12-20 | 2006-06-22 | Institute For Information Industry | Method for roaming authentication in public wireless LAN |
| CN101442749A (en) * | 2008-12-15 | 2009-05-27 | 广州杰赛科技股份有限公司 | Authentication method for wireless netted network based on WAPI |
| CN101483866A (en) * | 2009-02-11 | 2009-07-15 | 中兴通讯股份有限公司 | WAPI terminal certificate managing method, apparatus and system |
-
2009
- 2009-09-29 CN CN2009101757997A patent/CN102035797B/en not_active Expired - Fee Related
-
2010
- 2010-04-21 WO PCT/CN2010/071968 patent/WO2011038588A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642073A (en) * | 2004-01-17 | 2005-07-20 | 神州亿品科技(北京)有限公司 | Group key consultation and updating method for wireless LAN |
| US20060135155A1 (en) * | 2004-12-20 | 2006-06-22 | Institute For Information Industry | Method for roaming authentication in public wireless LAN |
| CN101442749A (en) * | 2008-12-15 | 2009-05-27 | 广州杰赛科技股份有限公司 | Authentication method for wireless netted network based on WAPI |
| CN101483866A (en) * | 2009-02-11 | 2009-07-15 | 中兴通讯股份有限公司 | WAPI terminal certificate managing method, apparatus and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916872A (en) * | 2011-08-02 | 2013-02-06 | 李帜 | Communication proxy gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102035797B (en) | 2013-06-05 |
| WO2011038588A1 (en) | 2011-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100548044C (en) | Mobile TV playing control system and playing network and broadcasting method | |
| KR101819556B1 (en) | Apparatus and method for supporting family cloud in cloud computing system | |
| US8082591B2 (en) | Authentication gateway apparatus for accessing ubiquitous service and method thereof | |
| EP2294819B1 (en) | Systems and methods for securely place shifting media content | |
| CN101951318B (en) | Bidirectional mobile streaming media digital copyright protection method and system | |
| WO2008040201A1 (en) | A method for obtaining ltk and a subscribe management server | |
| US8805443B2 (en) | Method and apparatus for playing china mobile multimedia broadcasting services | |
| US20150304725A1 (en) | Network terminal system, display device, terminal device, information processing method in display device, and program | |
| CN101854362B (en) | Data card, data card system and method for realizing multimedia service | |
| CN101124825B (en) | Method and apparatus for secure transfer and playback of multimedia content | |
| CN101146209B (en) | A method and system for program stream secret key encryption in mobile multi-media broadcasting service | |
| CN102035797B (en) | WAPI (Wireless Local Area network Authentication and Privacy Infrastructure)-based media transmission system and method | |
| CN101321261B (en) | Front-end system, user terminal and authorization management information distribution method | |
| US20110258657A1 (en) | System and method for secured digital video broadcasting of instantaneous testimony | |
| US8745382B2 (en) | Method, apparatus, computer program, data storage medium and computer program product for preventing reception of media data from a multicast service by an unauthorized apparatus | |
| CA2815099C (en) | Authenticated broadcast transmission utilizing a content retransmitter | |
| JP2004007185A (en) | Broadcast receiver, information processor, communication equipment, and information distributing method | |
| KR20080088012A (en) | Method of combined certification of plural terminals using user identification | |
| JP2013115468A (en) | Local internet construction system | |
| CN106488272B (en) | streaming media playing method, device and system | |
| CN101499866B (en) | Service cipher key transmitting method in multimedia broadcast service | |
| CN101552903A (en) | Television program distribution method and system | |
| CN102457774B (en) | Method, device and system for processing television program data | |
| CN101184274B (en) | Method of implementing mobile terminal condition reception | |
| KR20120050369A (en) | Method for transmitting and receiving contents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170825 Address after: 300171, Hedong District, Tianjin, Qi Xi, No. 2, building 1, room 504 Patentee after: Zheng Dongliang Address before: 518057 Nanshan District high tech Industrial Park, Guangdong, South Road, science and technology, ZTE building, legal department Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zheng Dongliang Inventor before: Zhou Zhenglin |
|
| CB03 | Change of inventor or designer information | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130605 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |