CN104917775A - Internet access method - Google Patents
Internet access method Download PDFInfo
- Publication number
- CN104917775A CN104917775A CN201510337183.0A CN201510337183A CN104917775A CN 104917775 A CN104917775 A CN 104917775A CN 201510337183 A CN201510337183 A CN 201510337183A CN 104917775 A CN104917775 A CN 104917775A
- Authority
- CN
- China
- Prior art keywords
- mobile device
- mac address
- radio network
- request message
- network gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an Internet access method. The Internet access method comprises the following steps that an application program running in a mobile device sends an authentication request message including an MAC (Media Access Control) address of the mobile device; after the authentication request message is received, the authentication server records the MAC address of the mobile device in an authenticated MAC address list; and when the mobile device is connected to a wireless gateway of a wireless local area network and sends an Internet access request, the wireless gateway judges whether the MAC address of the mobile device is authenticated or not according to the locally-stored authenticated MAC address list or the locally-stored authenticated MAC address list and the authenticated MAC address list stored in the authentication server, if yes, the mobile device is allowed to access the Internet.
Description
Technical field
The application relates to networking technology area, particularly relates to a kind of internet access method.
Background technology
Along with popularizing rapidly of the mobile device such as mobile phone, panel computer, WLAN (wireless local area network) becomes a kind of important interconnection network access mode, is widely used in the places such as shop, airport, dining room.In order to improve the safety and stability of network, when disposing WLAN (wireless local area network), usually adopt WEB(webpage) certification as user by AP(Access Point, access point) etc. the security authentication mechanism of WLAN access equipment accessing Internet.
The main implementation of WEB certification of the prior art comprises:
(1) usemame/password authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user inputs username and password and logs in this certification page, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
(2) identifying code authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user inputs correct identifying code (this identifying code is provided by the owner of this AP usually) and logs in this certification page, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
(3) short message verification code authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user in this certification page input handset number and click identifying code obtain button, can receive the note that comprises identifying code, user inputs its short message verification code received at above-mentioned certification page and logs in, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
Above-mentioned WEB authentication mode of the prior art needs to user's pushing certification page, and needs user to carry out inputting and the operation such as click at certification page, and verification process is comparatively complicated, and Consumer's Experience is poor.
Summary of the invention
The object of the application is to provide a kind of internet access method.
In order to achieve the above object, this application discloses a kind of internet access method, the method comprises:
The application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to certificate server;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by certificate server;
When described mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, whether the list of certification MAC Address of preserving in the list of certification MAC Address that radio network gateway is preserved according to this locality or the list of certification MAC Address of preserving according to this locality and certificate server judges the MAC Address certification of described mobile device, if certification, allows described mobile device to access the Internet.
In addition, whether radio network gateway judges the MAC Address certification of described mobile device in the following way:
After receiving the internet access request of described mobile device transmission, radio network gateway extracts the source MAC of the message of this internet access request of encapsulation, judge whether described source MAC is present in the local list of certification MAC Address of preserving, if there is no, then send to certificate server the mac-address authentication request message comprising described source MAC;
After receiving described mac-address authentication request message, certificate server judges whether the described source MAC wherein comprised is present in the list of certification MAC Address of preserving in certificate server, and judged result is included in mac-address authentication response message and sends to radio network gateway.
In addition, before sending described authentication request message, also following steps are comprised:
The application program run in a mobile device sends gateway identification to certificate server and obtains request message;
Receive gateway identification to obtain after request message, certificate server is that described mobile device searches available radio network gateway, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
After receiving gateway identification acquisition response message, mobile device is according to the SSID of the radio network gateway wherein comprised, and/or MAC Address is connected to corresponding radio network gateway.
In addition, described gateway identification obtains in request message and comprises: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched;
After receiving described gateway identification acquisition request message, the MAC Address of the radio network gateway that the SSID of the radio network gateway that certificate server has searched according to the positional information of the mobile device wherein comprised and/or mobile device and/or mobile device have searched is that mobile device searches available radio network gateway.
In addition, after receiving described mac-address authentication response message, if the described judged result wherein comprised is: described source MAC is present in the list of certification MAC Address of preserving in certificate server, then described source MAC is recorded in the local list of certification MAC Address of preserving by radio network gateway.
In addition, the list of certification MAC Address that certificate server is preserved is included in described mac-address authentication response message and sends to radio network gateway;
After receiving described mac-address authentication response message, the list of certification MAC Address that radio network gateway is preserved according to the list update of the certification MAC Address this locality wherein comprised.
In addition, also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, certificate server is also verified according to the title of described application program, the version information of described application program and the validity of authentication code to described authentication request message that wherein comprise.
In addition, also comprise in described mac-address authentication request message: the SSID of radio network gateway, the MAC Address of radio network gateway;
After receiving mac-address authentication request message, certificate server is also verified according to the SSID of radio network gateway wherein comprised and the legitimacy of the MAC Address of radio network gateway to described mac-address authentication request message.
In order to achieve the above object, disclosed herein as well is a kind of internet access method, the method comprises:
After being connected to radio network gateway, the application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by radio network gateway;
When described mobile device sends internet access request, whether radio network gateway judges the MAC Address certification of described mobile device according to the list of certification MAC Address that this locality is preserved, if certification, allows described mobile device to access the Internet.
In addition, also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, radio network gateway is also verified according to the title of described application program, the version information of described application program and the validity of described authentication code to described authentication request message that wherein comprise.
Compared with prior art, the technique effect that the application can obtain comprises:
(1) user only needs the specific APP started in mobile device to complete certification, and accessing Internet, simplify the step of authentication operation and accessing Internet, improve Consumer's Experience;
(2) identify mobile device with MAC Address in certificate server, user only needs to carry out once certification, and accessing Internet in all radio network gateways that can manage at this certificate server, improves Consumer's Experience further;
(3) APP run in a mobile device can carry out alternately with certificate server, obtain SSID and/or the MAC Address of available radio network gateway, and be automatically connected to corresponding radio network gateway, further simplify the step of user Internet access, improve Consumer's Experience.
Certainly, the arbitrary product implementing the application might not need to reach above-described all technique effects simultaneously.
Accompanying drawing explanation
The schematic network structure of Fig. 1 corresponding to first embodiment of the invention;
Fig. 2 is the method flow diagram of the internet access method of the application first embodiment;
The schematic network structure of Fig. 3 corresponding to second embodiment of the invention;
Fig. 4 is the method flow diagram of the internet access method of the application second embodiment;
The schematic network structure of Fig. 5 corresponding to third embodiment of the invention;
Fig. 6 is the method flow diagram of the internet access method of the application the 3rd embodiment.
Embodiment
The core of the application is, operate in the mobile device of user (such as, mobile phone) in application program (APP) send to certificate server and comprise the MAC(Media Access Control of this mobile device, medium access control) authentication request message of address, the MAC Address of this mobile device is recorded in the list of certification MAC Address (MAC Address white list) by certificate server; When mobile device is connected to the radio network gateway of WLAN (wireless local area network) (such as, AP), and when sending internet access request, according to the MAC Address white list preserved in local or certificate server, radio network gateway judges whether this mobile device passes through certification, if by certification, allow this mobile device to access the Internet, be this mobile device and forward internet access request and corresponding response message.
In addition, the relevant authentication function of above-mentioned certificate server also can be realized by radio network gateway.In this case, the APP run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway, the MAC Address of this mobile device is recorded in the list of certification MAC Address (MAC Address white list) by radio network gateway; When mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, according to the MAC Address white list that this locality is preserved, radio network gateway judges whether this mobile device passes through certification, if by certification, allow this mobile device to access the Internet, be this mobile device and forward internet access request and corresponding response message.
first embodiment
In the application first embodiment, received by the certificate server independently arranged and process the authentication request message run APP in a mobile device and send, realizing the certification of mobile device.Schematic network structure corresponding to first embodiment of the invention as shown in Figure 1.
Fig. 2 is the method flow diagram of the internet access method of the application first embodiment; As shown in Figure 2, the method comprises:
Step 201: user in a mobile device according to the SSID(Service Set Identifier in wireless network list, service set identifier) select and be connected to radio network gateway;
Radio network gateway is mainly used in the covering of wireless network and the access control of mobile device.
In the present embodiment, radio network gateway is configured to open authentication pattern.In this mode, mobile device can be connected to radio network gateway, but before the certification completing mobile device, radio network gateway will stop the Internet resources of this mobile device access except certificate server.
Step 202: after user starts the APP in mobile device, APP obtains the MAC Address of mobile device;
The method obtaining the machine MAC Address is in a mobile device prior art, repeats no more herein.
Step 203: the APP in mobile device sends authentication request message by radio network gateway to certificate server;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP(HyperText Transfer Protocol, HTML (Hypertext Markup Language)) request message.The URL(Uniform Resource Locator of this HTTP request message, URL(uniform resource locator)) field is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON(JavaScript Object Notation, java script language object representation).
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 204: after radio network gateway receives authentication request message, extraction source MAC Address from the message of this authentication request message of encapsulation, and check whether this source MAC is present in the local list of certification MAC Address (also can be called MAC Address white list) stored; If there is no, then check the object IP address of the message of this authentication request message of encapsulation further, destination address due to this authentication request message is certificate server, allow this request message to be sent to the Internet, therefore this authentication request message is sent to certificate server by the Internet by radio network gateway;
Above-mentionedly can to carry out in the network layer of radio network gateway the operation that the source MAC corresponding to internet access request (being authentication request message in this step) and object IP address check.
Step 205: after certificate server receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, certificate server uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 206: certificate server sends authentication response message by radio network gateway to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 207: after receiving the authentication response message that certificate server sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 208: user uses mobile device to send internet access request by radio network gateway.
Step 209: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, jump to step 213;
If do not comprise this MAC Address in MAC Address white list, then perform next step.
Step 210: radio network gateway sends mac-address authentication request message to certificate server;
Comprise in above-mentioned mac-address authentication request message: the source MAC (i.e. MAC Address to be verified) extracted from the message of this internet access request message of encapsulation, the SSID of radio network gateway, the MAC Address of radio network gateway.
Above-mentioned mac-address authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in radio network gateway.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The SSID of above-mentioned MAC Address to be verified, radio network gateway and the MAC Address of radio network gateway can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 211: after receiving the mac-address authentication request message of radio network gateway transmission, certificate server carries out mac-address authentication, namely in the list of certification MAC Address (MAC Address white list) of this locality storage, the MAC Address to be certified of carrying is searched in mac-address authentication request message, if comprise MAC Address to be certified in MAC Address white list, then mac-address authentication result is by checking; Otherwise mac-address authentication result is not by checking; Mac-address authentication result is included in mac-address authentication response message and sends to radio network gateway by certificate server.
Above-mentioned mac-address authentication response message can be the 200 OK message of HTTP.Mac-address authentication result can be included in the response message entity (response-body) of mac-address authentication response message.
In addition, certificate server, after receiving mac-address authentication request message, can also carry out legitimate verification according to the MAC Address of the SSID of the radio network gateway comprised in this message and radio network gateway to this message.
In addition, the list of certification MAC Address (MAC Address white list) that this locality stores can also be included in mac-address authentication request message and send to radio network gateway by certificate server.
Step 212: after receiving mac-address authentication response message, according to the mac-address authentication result comprised in this message, radio network gateway judges that whether corresponding MAC Address is by checking:
If the MAC Address of correspondence is not by checking, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If the MAC Address of correspondence by checking, is then recorded in the local list of certification MAC Address (MAC Address white list), and performs next step by the MAC Address of correspondence.
In addition, if comprise the list of certification MAC Address (MAC Address white list) of certificate server transmission in mac-address authentication request message, radio network gateway can upgrade the list of certification MAC Address (MAC Address white list) that this locality stores.
Step 213: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.
second embodiment
In the application second embodiment, received by radio network gateway and process the authentication request message run APP in a mobile device and send, realize the certification of mobile device, namely integrated WEB certificate server in radio network gateway, realizes the WEB certification of mobile device.Schematic network structure corresponding to second embodiment of the invention as shown in Figure 3.
Fig. 4 is the method flow diagram of the internet access method of the application second embodiment; As shown in Figure 4, the method comprises:
Step 401: user selects according to the SSID in wireless network list in a mobile device and is connected to radio network gateway;
Radio network gateway is mainly used in the covering of wireless network and the access control of mobile device.
In the present embodiment, radio network gateway is configured to open authentication pattern.In this mode, mobile device can be connected to radio network gateway, but before the certification completing mobile device, radio network gateway is by this mobile device of prevention access Internet resources.
Step 402: after user starts the APP in mobile device, APP obtains the MAC Address of mobile device.
Step 403: the APP in mobile device sends authentication request message to radio network gateway;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP request message.The URL(Uniform Resource Locator of this HTTP request message, URL(uniform resource locator)) field is the gateway authentication address be configured in APP, such as: http: // gateway address/auth.
Wherein, above-mentioned gateway address can call corresponding network parameter by APP and obtain function acquisition.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 404: after radio network gateway receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, radio network gateway uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 405: radio network gateway sends authentication response message to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 406: after receiving the authentication response message that radio network gateway sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 407: user uses mobile device to send internet access request by radio network gateway.
Step 408: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If do not comprise this MAC Address in MAC Address white list, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, perform next step.
Step 409: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.
3rd embodiment
In the application the 3rd embodiment, received by the certificate server independently arranged and process the authentication request message run APP in a mobile device and send, realizing the certification of mobile device; In addition, APP in mobile device can also pass through cordless communication network (mobile communication base station) obtains available wireless gateway SSID from certificate server, after using the SSID of the available wireless gateway got automatically to be connected to radio network gateway, carry out follow-up certification and linking Internet operation.Schematic network structure corresponding to third embodiment of the invention as shown in Figure 5.
Fig. 6 is the method flow diagram of the internet access method of the application the 3rd embodiment.As shown in Figure 6, the method comprises:
Step 601: after user starts the APP in mobile device, APP sends gateway identification by cordless communication network (mobile communication base station) to certificate server and obtains request message;
Above-mentioned cordless communication network can be 2G/3G/4G network.
Above-mentioned gateway identification obtains in request message and can comprise: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched.
In the present embodiment, it can be HTTP request message that above-mentioned gateway identification obtains request message.The url field of this HTTP request message is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The positional information of above-mentioned mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 602: after receiving gateway identification acquisition request message, for this mobile device searches available radio network gateway in the radio network gateway information list that certificate server stores in this locality, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
Following information is comprised: the SSID of radio network gateway, the MAC Address of radio network gateway, the positional information etc. of radio network gateway in above-mentioned radio network gateway information list.
The positional information that certificate server can obtain according to gateway identification the mobile device comprised in request message searches the radio network gateway of correspondence position in radio network gateway information list, and by the SSID of correspondence, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device.
In addition, certificate server also can obtain the SSID of the radio network gateway that the mobile device that comprises in request message has searched according to gateway identification, and/or the MAC Address of radio network gateway that mobile device has searched searches corresponding radio network gateway in radio network gateway information list, and by the SSID of correspondence, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device.
In addition, the current available SSID corresponding to all radio network gateways that certificate server also can be managed and/or MAC Address are included in gateway identification and obtain in response message and send to mobile device, and SSID and/or the MAC Address of selecting the current radio network gateway searched each SSID comprised from this message by mobile device and/or MAC Address connect.In this case, above-mentioned gateway identification obtains the information such as the SSID of the radio network gateway that positional information, the mobile device that can not comprise above-mentioned mobile device in request message has searched and MAC Address.
In the present embodiment, above-mentioned gateway identification obtains the 200 OK message that response message can be HTTP.
Step 603: after receiving the gateway identification acquisition response message of certificate server transmission, the APP in mobile device is connected to corresponding radio network gateway according to the SSID of the radio network gateway comprised in this response message and/or MAC Address;
If gateway identification obtains in response message the SSID and the MAC Address that do not comprise radio network gateway, the APP in mobile device can display reminding information, notifies do not have available wireless gateway near user.
Step 604: the APP in mobile device obtains the MAC Address of mobile device.
Step 605: the APP in mobile device sends authentication request message by the radio network gateway of current connection to certificate server;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 606: after radio network gateway receives authentication request message, extraction source MAC Address from the message of this authentication request message of encapsulation, and check whether this source MAC is present in the local list of certification MAC Address (also can be called MAC Address white list) stored; If there is no, then check the object IP address of the message of this authentication request message of encapsulation further, destination address due to this authentication request message is certificate server, allow this request message to be sent to the Internet, therefore this authentication request message is sent to certificate server by the Internet by radio network gateway;
Above-mentionedly can to carry out in the network layer of radio network gateway the operation that the source MAC corresponding to internet access request (being authentication request message in this step) and object IP address check.
Step 607: after certificate server receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, certificate server uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 608: certificate server sends authentication response message by radio network gateway to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 609: after receiving the authentication response message that certificate server sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 610: user uses mobile device to send internet access request by radio network gateway.
Step 611: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, jump to step 615;
If do not comprise this MAC Address in MAC Address white list, then perform next step.
Step 612: radio network gateway sends mac-address authentication request message to certificate server;
Comprise in above-mentioned mac-address authentication request message: the source MAC (i.e. MAC Address to be verified) extracted from the message of this internet access request message of encapsulation, the SSID of radio network gateway, the MAC Address of radio network gateway.
Above-mentioned mac-address authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in radio network gateway.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The SSID of above-mentioned MAC Address to be verified, radio network gateway and the MAC Address of radio network gateway can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 613: after receiving the mac-address authentication request message of radio network gateway transmission, certificate server carries out mac-address authentication, namely in the list of certification MAC Address (MAC Address white list) of this locality storage, the MAC Address to be certified of carrying is searched in mac-address authentication request message, if comprise MAC Address to be certified in MAC Address white list, then mac-address authentication result is by checking; Otherwise mac-address authentication result is not by checking; Mac-address authentication result is included in mac-address authentication response message and sends to radio network gateway by certificate server.
Above-mentioned mac-address authentication response message can be the 200 OK message of HTTP.Mac-address authentication result can be included in the response message entity (response-body) of mac-address authentication response message.
In addition, certificate server, after receiving mac-address authentication request message, can also carry out legitimate verification according to the MAC Address of the SSID of the radio network gateway comprised in this message and radio network gateway to this message.
In addition, the list of certification MAC Address (MAC Address white list) that this locality stores can also be included in mac-address authentication request message and send to radio network gateway by certificate server.
Step 614: after receiving mac-address authentication response message, according to the mac-address authentication result comprised in this message, radio network gateway judges that whether corresponding MAC Address is by checking:
If the MAC Address of correspondence is not by checking, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If the MAC Address of correspondence by checking, is then recorded in the local list of certification MAC Address (MAC Address white list), and performs next step by the MAC Address of correspondence.
In addition, if comprise the list of certification MAC Address (MAC Address white list) of certificate server transmission in mac-address authentication request message, radio network gateway can upgrade the list of certification MAC Address (MAC Address white list) that this locality stores.
Step 615: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.
Claims (10)
1. claims P1510002CN
A kind of internet access method, the method comprises:
The application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to certificate server;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by certificate server;
When described mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, whether the list of certification MAC Address of preserving in the list of certification MAC Address that radio network gateway is preserved according to this locality or the list of certification MAC Address of preserving according to this locality and certificate server judges the MAC Address certification of described mobile device, if certification, allows described mobile device to access the Internet.
2. method according to claim 1, is characterized in that,
Whether radio network gateway judges the MAC Address certification of described mobile device in the following way:
After receiving the internet access request of described mobile device transmission, radio network gateway extracts the source MAC of the message of this internet access request of encapsulation, judge whether described source MAC is present in the local list of certification MAC Address of preserving, if there is no, then send to certificate server the mac-address authentication request message comprising described source MAC;
After receiving described mac-address authentication request message, certificate server judges whether the described source MAC wherein comprised is present in the list of certification MAC Address of preserving in certificate server, and judged result is included in mac-address authentication response message and sends to radio network gateway.
3. method according to claim 1, is characterized in that,
Before sending described authentication request message, also comprise following steps:
The application program run in a mobile device sends gateway identification to certificate server and obtains request message;
Receive gateway identification to obtain after request message, certificate server is that described mobile device searches available radio network gateway, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
After receiving gateway identification acquisition response message, mobile device is according to the SSID of the radio network gateway wherein comprised, and/or MAC Address is connected to corresponding radio network gateway.
4. method according to claim 3, is characterized in that,
Described gateway identification obtains in request message and comprises: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched;
After receiving described gateway identification acquisition request message, the MAC Address of the radio network gateway that the SSID of the radio network gateway that certificate server has searched according to the positional information of the mobile device wherein comprised and/or mobile device and/or mobile device have searched is that mobile device searches available radio network gateway.
5. method according to claim 2, is characterized in that,
After receiving described mac-address authentication response message, if the described judged result wherein comprised is: described source MAC is present in the list of certification MAC Address of preserving in certificate server, then described source MAC is recorded in the local list of certification MAC Address of preserving by radio network gateway.
6. method according to claim 2, is characterized in that,
The list of certification MAC Address that certificate server is preserved is included in described mac-address authentication response message and sends to radio network gateway;
After receiving described mac-address authentication response message, the list of certification MAC Address that radio network gateway is preserved according to the list update of the certification MAC Address this locality wherein comprised.
7. method according to claim 1, is characterized in that,
Also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, certificate server is also verified according to the title of described application program, the version information of described application program and the validity of authentication code to described authentication request message that wherein comprise.
8. method according to claim 2, is characterized in that,
Also comprise in described mac-address authentication request message: the SSID of radio network gateway, the MAC Address of radio network gateway;
After receiving mac-address authentication request message, certificate server is also verified according to the SSID of radio network gateway wherein comprised and the legitimacy of the MAC Address of radio network gateway to described mac-address authentication request message.
9. an internet access method, the method comprises:
After being connected to radio network gateway, the application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by radio network gateway;
When described mobile device sends internet access request, whether radio network gateway judges the MAC Address certification of described mobile device according to the list of certification MAC Address that this locality is preserved, if certification, allows described mobile device to access the Internet.
10. method according to claim 9, is characterized in that,
Also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, radio network gateway is also verified according to the title of described application program, the version information of described application program and the validity of described authentication code to described authentication request message that wherein comprise.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510337183.0A CN104917775A (en) | 2015-06-17 | 2015-06-17 | Internet access method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510337183.0A CN104917775A (en) | 2015-06-17 | 2015-06-17 | Internet access method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104917775A true CN104917775A (en) | 2015-09-16 |
Family
ID=54086481
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510337183.0A Pending CN104917775A (en) | 2015-06-17 | 2015-06-17 | Internet access method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104917775A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105530612A (en) * | 2016-01-26 | 2016-04-27 | 山东康威通信技术股份有限公司 | WIFI authentication method using mobile terminal to access outdoor device and system |
CN105873055A (en) * | 2016-04-18 | 2016-08-17 | 北京网康科技有限公司 | Wireless network access authentication method and device |
CN107071776A (en) * | 2017-05-23 | 2017-08-18 | 上海斐讯数据通信技术有限公司 | It is a kind of to match somebody with somebody network method and its system, a kind of server automatically |
CN107248998A (en) * | 2017-07-04 | 2017-10-13 | 上海斐讯数据通信技术有限公司 | The authentication method and device of a kind of application client of terminal device |
CN107517491A (en) * | 2016-06-16 | 2017-12-26 | 国基电子(上海)有限公司 | System and method is established in one kind connection |
CN107734504A (en) * | 2017-11-01 | 2018-02-23 | 深圳汇生通科技股份有限公司 | To the realization method and system of mobile device MAC Address collection in a kind of WIFI |
CN108605199A (en) * | 2015-11-19 | 2018-09-28 | 网易飞公司 | Centralized access point configuration system and its operating method |
CN109121136A (en) * | 2017-06-22 | 2019-01-01 | 中国电信股份有限公司 | Network insertion, terminal connection and verification method and terminal, gateway and system |
CN109302490A (en) * | 2018-11-12 | 2019-02-01 | 林昌盛威(北京)科技有限公司 | Network connection control method and system, gateway, Cloud Server |
CN110233836A (en) * | 2019-05-31 | 2019-09-13 | 顾宏超 | A kind of communication verification method, equipment, system and computer readable storage medium |
CN110493366A (en) * | 2019-08-01 | 2019-11-22 | 新华三技术有限公司成都分公司 | The method and device of network management is added in a kind of access point |
CN111600832A (en) * | 2019-07-25 | 2020-08-28 | 新华三技术有限公司 | Message processing method and device |
CN111901323A (en) * | 2020-07-20 | 2020-11-06 | 云账户技术(天津)有限公司 | Application access method and device |
CN112118575A (en) * | 2020-09-25 | 2020-12-22 | 国网江苏省电力有限公司 | Wireless equipment authentication method and system |
CN113225350A (en) * | 2021-05-21 | 2021-08-06 | 广东电网有限责任公司 | Network resource management method, device, medium and electronic equipment |
CN114374538A (en) * | 2021-12-10 | 2022-04-19 | 广州河东科技有限公司 | LINUX gateway application program installation method and device and intelligent gateway equipment |
CN115243258A (en) * | 2022-06-30 | 2022-10-25 | 上海兴容信息技术有限公司 | Network access authentication method and system |
CN116405214A (en) * | 2023-01-18 | 2023-07-07 | 山东奥邦交通设施工程有限公司 | Traffic information release information board access safety control method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1842000A (en) * | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for realizing access authentication of WLAN |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
US20130263239A1 (en) * | 2012-03-27 | 2013-10-03 | University-Industrycooperation Group Of Kyung Hee University | Apparatus and method for performing user authentication by proxy in wireless communication system |
CN103475996A (en) * | 2013-08-19 | 2013-12-25 | 小米科技有限责任公司 | Network connecting method, network sharing method and devices |
CN103796278A (en) * | 2014-02-27 | 2014-05-14 | 成都悟空科技有限公司 | Mobile terminal wireless network access control method |
-
2015
- 2015-06-17 CN CN201510337183.0A patent/CN104917775A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1842000A (en) * | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for realizing access authentication of WLAN |
US20130263239A1 (en) * | 2012-03-27 | 2013-10-03 | University-Industrycooperation Group Of Kyung Hee University | Apparatus and method for performing user authentication by proxy in wireless communication system |
CN102984173A (en) * | 2012-12-13 | 2013-03-20 | 迈普通信技术股份有限公司 | Network access control method and system |
CN103475996A (en) * | 2013-08-19 | 2013-12-25 | 小米科技有限责任公司 | Network connecting method, network sharing method and devices |
CN103796278A (en) * | 2014-02-27 | 2014-05-14 | 成都悟空科技有限公司 | Mobile terminal wireless network access control method |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108605199A (en) * | 2015-11-19 | 2018-09-28 | 网易飞公司 | Centralized access point configuration system and its operating method |
CN105530612A (en) * | 2016-01-26 | 2016-04-27 | 山东康威通信技术股份有限公司 | WIFI authentication method using mobile terminal to access outdoor device and system |
CN105873055A (en) * | 2016-04-18 | 2016-08-17 | 北京网康科技有限公司 | Wireless network access authentication method and device |
CN105873055B (en) * | 2016-04-18 | 2019-12-06 | 北京网康科技有限公司 | Wireless network access authentication method and device |
CN107517491A (en) * | 2016-06-16 | 2017-12-26 | 国基电子(上海)有限公司 | System and method is established in one kind connection |
CN107071776A (en) * | 2017-05-23 | 2017-08-18 | 上海斐讯数据通信技术有限公司 | It is a kind of to match somebody with somebody network method and its system, a kind of server automatically |
CN109121136A (en) * | 2017-06-22 | 2019-01-01 | 中国电信股份有限公司 | Network insertion, terminal connection and verification method and terminal, gateway and system |
CN107248998A (en) * | 2017-07-04 | 2017-10-13 | 上海斐讯数据通信技术有限公司 | The authentication method and device of a kind of application client of terminal device |
CN107734504A (en) * | 2017-11-01 | 2018-02-23 | 深圳汇生通科技股份有限公司 | To the realization method and system of mobile device MAC Address collection in a kind of WIFI |
CN109302490A (en) * | 2018-11-12 | 2019-02-01 | 林昌盛威(北京)科技有限公司 | Network connection control method and system, gateway, Cloud Server |
CN110233836A (en) * | 2019-05-31 | 2019-09-13 | 顾宏超 | A kind of communication verification method, equipment, system and computer readable storage medium |
CN110233836B (en) * | 2019-05-31 | 2021-06-08 | 顾宏超 | Communication verification method, device, system and computer readable storage medium |
CN111600832A (en) * | 2019-07-25 | 2020-08-28 | 新华三技术有限公司 | Message processing method and device |
CN110493366A (en) * | 2019-08-01 | 2019-11-22 | 新华三技术有限公司成都分公司 | The method and device of network management is added in a kind of access point |
CN110493366B (en) * | 2019-08-01 | 2022-03-25 | 新华三技术有限公司成都分公司 | Method and device for adding access point into network management |
CN111901323A (en) * | 2020-07-20 | 2020-11-06 | 云账户技术(天津)有限公司 | Application access method and device |
CN112118575A (en) * | 2020-09-25 | 2020-12-22 | 国网江苏省电力有限公司 | Wireless equipment authentication method and system |
CN112118575B (en) * | 2020-09-25 | 2022-06-28 | 国网江苏省电力有限公司 | Wireless equipment authentication method and system |
CN113225350A (en) * | 2021-05-21 | 2021-08-06 | 广东电网有限责任公司 | Network resource management method, device, medium and electronic equipment |
CN113225350B (en) * | 2021-05-21 | 2022-11-29 | 广东电网有限责任公司 | Network resource management method, device, medium and electronic equipment |
CN114374538A (en) * | 2021-12-10 | 2022-04-19 | 广州河东科技有限公司 | LINUX gateway application program installation method and device and intelligent gateway equipment |
CN115243258A (en) * | 2022-06-30 | 2022-10-25 | 上海兴容信息技术有限公司 | Network access authentication method and system |
CN116405214A (en) * | 2023-01-18 | 2023-07-07 | 山东奥邦交通设施工程有限公司 | Traffic information release information board access safety control method and system |
CN116405214B (en) * | 2023-01-18 | 2024-03-08 | 山东高速股份有限公司 | Traffic information release information board access safety control method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104917775A (en) | Internet access method | |
US10531297B2 (en) | Authentication method and server, and computer storage medium | |
JP5784827B2 (en) | Authentication system via two communication devices | |
CN102017572B (en) | The method logged on for providing single service, equipment and computer program | |
CN106105134B (en) | Method and apparatus for improving end-to-end data protection | |
CN113796111A (en) | Apparatus and method for providing mobile edge computing service in wireless communication system | |
KR101214836B1 (en) | Authentication method and authentication system | |
CN105027529B (en) | Method and apparatus for verifying user's access to Internet resources | |
CN103188229B (en) | The method and apparatus accessed for secure content | |
CN104994504A (en) | Secure and automatic connection to wireless network | |
WO2015154488A1 (en) | Method and device for accessing router | |
CN105432102A (en) | Network assisted bootstrapping for machine-to-machine communication | |
CN103503407A (en) | SSO framework for multiple SSO technologies | |
CN104253801B (en) | Realize the methods, devices and systems of login authentication | |
CN107864475B (en) | WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password | |
CN106162641B (en) | A kind of safe public WiFi authentication method and system | |
CN105554098A (en) | Device configuration method, server and system | |
JP5952973B2 (en) | Mutual authentication method between terminal and remote server via third-party portal | |
US11711693B2 (en) | Non-3GPP device access to core network | |
CN104144163A (en) | Identity verification method, device and system | |
EP3844929B1 (en) | Non-3gpp device access to core network | |
CN104467923A (en) | Apparatus interacting method, apparatus and system | |
CN104936177B (en) | A kind of access authentication method and access authentication system | |
CN110505188A (en) | A kind of terminal authentication method, relevant device and Verification System | |
CN101771722B (en) | System and method for WAPI terminal to access Web application site |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150916 |