CN104917775A - Internet access method - Google Patents

Internet access method Download PDF

Info

Publication number
CN104917775A
CN104917775A CN201510337183.0A CN201510337183A CN104917775A CN 104917775 A CN104917775 A CN 104917775A CN 201510337183 A CN201510337183 A CN 201510337183A CN 104917775 A CN104917775 A CN 104917775A
Authority
CN
China
Prior art keywords
mobile device
mac address
radio network
request message
network gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510337183.0A
Other languages
Chinese (zh)
Inventor
沈沉
简练
陈铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUIWEI YONGXING TECHNOLOGY Co Ltd
Original Assignee
BEIJING HUIWEI YONGXING TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUIWEI YONGXING TECHNOLOGY Co Ltd filed Critical BEIJING HUIWEI YONGXING TECHNOLOGY Co Ltd
Priority to CN201510337183.0A priority Critical patent/CN104917775A/en
Publication of CN104917775A publication Critical patent/CN104917775A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an Internet access method. The Internet access method comprises the following steps that an application program running in a mobile device sends an authentication request message including an MAC (Media Access Control) address of the mobile device; after the authentication request message is received, the authentication server records the MAC address of the mobile device in an authenticated MAC address list; and when the mobile device is connected to a wireless gateway of a wireless local area network and sends an Internet access request, the wireless gateway judges whether the MAC address of the mobile device is authenticated or not according to the locally-stored authenticated MAC address list or the locally-stored authenticated MAC address list and the authenticated MAC address list stored in the authentication server, if yes, the mobile device is allowed to access the Internet.

Description

A kind of internet access method
Technical field
The application relates to networking technology area, particularly relates to a kind of internet access method.
Background technology
Along with popularizing rapidly of the mobile device such as mobile phone, panel computer, WLAN (wireless local area network) becomes a kind of important interconnection network access mode, is widely used in the places such as shop, airport, dining room.In order to improve the safety and stability of network, when disposing WLAN (wireless local area network), usually adopt WEB(webpage) certification as user by AP(Access Point, access point) etc. the security authentication mechanism of WLAN access equipment accessing Internet.
The main implementation of WEB certification of the prior art comprises:
(1) usemame/password authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user inputs username and password and logs in this certification page, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
(2) identifying code authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user inputs correct identifying code (this identifying code is provided by the owner of this AP usually) and logs in this certification page, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
(3) short message verification code authentication mode: after user is connected to AP, or when user is connected to AP and sends internet access request first, for user's pushing certification page, user in this certification page input handset number and click identifying code obtain button, can receive the note that comprises identifying code, user inputs its short message verification code received at above-mentioned certification page and logs in, after login authentication is passed through, namely user by this AP accessing Internet, carries out internet access.
Above-mentioned WEB authentication mode of the prior art needs to user's pushing certification page, and needs user to carry out inputting and the operation such as click at certification page, and verification process is comparatively complicated, and Consumer's Experience is poor.
Summary of the invention
The object of the application is to provide a kind of internet access method.
In order to achieve the above object, this application discloses a kind of internet access method, the method comprises:
The application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to certificate server;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by certificate server;
When described mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, whether the list of certification MAC Address of preserving in the list of certification MAC Address that radio network gateway is preserved according to this locality or the list of certification MAC Address of preserving according to this locality and certificate server judges the MAC Address certification of described mobile device, if certification, allows described mobile device to access the Internet.
In addition, whether radio network gateway judges the MAC Address certification of described mobile device in the following way:
After receiving the internet access request of described mobile device transmission, radio network gateway extracts the source MAC of the message of this internet access request of encapsulation, judge whether described source MAC is present in the local list of certification MAC Address of preserving, if there is no, then send to certificate server the mac-address authentication request message comprising described source MAC;
After receiving described mac-address authentication request message, certificate server judges whether the described source MAC wherein comprised is present in the list of certification MAC Address of preserving in certificate server, and judged result is included in mac-address authentication response message and sends to radio network gateway.
In addition, before sending described authentication request message, also following steps are comprised:
The application program run in a mobile device sends gateway identification to certificate server and obtains request message;
Receive gateway identification to obtain after request message, certificate server is that described mobile device searches available radio network gateway, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
After receiving gateway identification acquisition response message, mobile device is according to the SSID of the radio network gateway wherein comprised, and/or MAC Address is connected to corresponding radio network gateway.
In addition, described gateway identification obtains in request message and comprises: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched;
After receiving described gateway identification acquisition request message, the MAC Address of the radio network gateway that the SSID of the radio network gateway that certificate server has searched according to the positional information of the mobile device wherein comprised and/or mobile device and/or mobile device have searched is that mobile device searches available radio network gateway.
In addition, after receiving described mac-address authentication response message, if the described judged result wherein comprised is: described source MAC is present in the list of certification MAC Address of preserving in certificate server, then described source MAC is recorded in the local list of certification MAC Address of preserving by radio network gateway.
In addition, the list of certification MAC Address that certificate server is preserved is included in described mac-address authentication response message and sends to radio network gateway;
After receiving described mac-address authentication response message, the list of certification MAC Address that radio network gateway is preserved according to the list update of the certification MAC Address this locality wherein comprised.
In addition, also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, certificate server is also verified according to the title of described application program, the version information of described application program and the validity of authentication code to described authentication request message that wherein comprise.
In addition, also comprise in described mac-address authentication request message: the SSID of radio network gateway, the MAC Address of radio network gateway;
After receiving mac-address authentication request message, certificate server is also verified according to the SSID of radio network gateway wherein comprised and the legitimacy of the MAC Address of radio network gateway to described mac-address authentication request message.
In order to achieve the above object, disclosed herein as well is a kind of internet access method, the method comprises:
After being connected to radio network gateway, the application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by radio network gateway;
When described mobile device sends internet access request, whether radio network gateway judges the MAC Address certification of described mobile device according to the list of certification MAC Address that this locality is preserved, if certification, allows described mobile device to access the Internet.
In addition, also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, radio network gateway is also verified according to the title of described application program, the version information of described application program and the validity of described authentication code to described authentication request message that wherein comprise.
Compared with prior art, the technique effect that the application can obtain comprises:
(1) user only needs the specific APP started in mobile device to complete certification, and accessing Internet, simplify the step of authentication operation and accessing Internet, improve Consumer's Experience;
(2) identify mobile device with MAC Address in certificate server, user only needs to carry out once certification, and accessing Internet in all radio network gateways that can manage at this certificate server, improves Consumer's Experience further;
(3) APP run in a mobile device can carry out alternately with certificate server, obtain SSID and/or the MAC Address of available radio network gateway, and be automatically connected to corresponding radio network gateway, further simplify the step of user Internet access, improve Consumer's Experience.
Certainly, the arbitrary product implementing the application might not need to reach above-described all technique effects simultaneously.
Accompanying drawing explanation
The schematic network structure of Fig. 1 corresponding to first embodiment of the invention;
Fig. 2 is the method flow diagram of the internet access method of the application first embodiment;
The schematic network structure of Fig. 3 corresponding to second embodiment of the invention;
Fig. 4 is the method flow diagram of the internet access method of the application second embodiment;
The schematic network structure of Fig. 5 corresponding to third embodiment of the invention;
Fig. 6 is the method flow diagram of the internet access method of the application the 3rd embodiment.
Embodiment
The core of the application is, operate in the mobile device of user (such as, mobile phone) in application program (APP) send to certificate server and comprise the MAC(Media Access Control of this mobile device, medium access control) authentication request message of address, the MAC Address of this mobile device is recorded in the list of certification MAC Address (MAC Address white list) by certificate server; When mobile device is connected to the radio network gateway of WLAN (wireless local area network) (such as, AP), and when sending internet access request, according to the MAC Address white list preserved in local or certificate server, radio network gateway judges whether this mobile device passes through certification, if by certification, allow this mobile device to access the Internet, be this mobile device and forward internet access request and corresponding response message.
In addition, the relevant authentication function of above-mentioned certificate server also can be realized by radio network gateway.In this case, the APP run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway, the MAC Address of this mobile device is recorded in the list of certification MAC Address (MAC Address white list) by radio network gateway; When mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, according to the MAC Address white list that this locality is preserved, radio network gateway judges whether this mobile device passes through certification, if by certification, allow this mobile device to access the Internet, be this mobile device and forward internet access request and corresponding response message.
first embodiment
In the application first embodiment, received by the certificate server independently arranged and process the authentication request message run APP in a mobile device and send, realizing the certification of mobile device.Schematic network structure corresponding to first embodiment of the invention as shown in Figure 1.
Fig. 2 is the method flow diagram of the internet access method of the application first embodiment; As shown in Figure 2, the method comprises:
Step 201: user in a mobile device according to the SSID(Service Set Identifier in wireless network list, service set identifier) select and be connected to radio network gateway;
Radio network gateway is mainly used in the covering of wireless network and the access control of mobile device.
In the present embodiment, radio network gateway is configured to open authentication pattern.In this mode, mobile device can be connected to radio network gateway, but before the certification completing mobile device, radio network gateway will stop the Internet resources of this mobile device access except certificate server.
Step 202: after user starts the APP in mobile device, APP obtains the MAC Address of mobile device;
The method obtaining the machine MAC Address is in a mobile device prior art, repeats no more herein.
Step 203: the APP in mobile device sends authentication request message by radio network gateway to certificate server;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP(HyperText Transfer Protocol, HTML (Hypertext Markup Language)) request message.The URL(Uniform Resource Locator of this HTTP request message, URL(uniform resource locator)) field is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON(JavaScript Object Notation, java script language object representation).
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 204: after radio network gateway receives authentication request message, extraction source MAC Address from the message of this authentication request message of encapsulation, and check whether this source MAC is present in the local list of certification MAC Address (also can be called MAC Address white list) stored; If there is no, then check the object IP address of the message of this authentication request message of encapsulation further, destination address due to this authentication request message is certificate server, allow this request message to be sent to the Internet, therefore this authentication request message is sent to certificate server by the Internet by radio network gateway;
Above-mentionedly can to carry out in the network layer of radio network gateway the operation that the source MAC corresponding to internet access request (being authentication request message in this step) and object IP address check.
Step 205: after certificate server receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, certificate server uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 206: certificate server sends authentication response message by radio network gateway to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 207: after receiving the authentication response message that certificate server sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 208: user uses mobile device to send internet access request by radio network gateway.
Step 209: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, jump to step 213;
If do not comprise this MAC Address in MAC Address white list, then perform next step.
Step 210: radio network gateway sends mac-address authentication request message to certificate server;
Comprise in above-mentioned mac-address authentication request message: the source MAC (i.e. MAC Address to be verified) extracted from the message of this internet access request message of encapsulation, the SSID of radio network gateway, the MAC Address of radio network gateway.
Above-mentioned mac-address authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in radio network gateway.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The SSID of above-mentioned MAC Address to be verified, radio network gateway and the MAC Address of radio network gateway can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 211: after receiving the mac-address authentication request message of radio network gateway transmission, certificate server carries out mac-address authentication, namely in the list of certification MAC Address (MAC Address white list) of this locality storage, the MAC Address to be certified of carrying is searched in mac-address authentication request message, if comprise MAC Address to be certified in MAC Address white list, then mac-address authentication result is by checking; Otherwise mac-address authentication result is not by checking; Mac-address authentication result is included in mac-address authentication response message and sends to radio network gateway by certificate server.
Above-mentioned mac-address authentication response message can be the 200 OK message of HTTP.Mac-address authentication result can be included in the response message entity (response-body) of mac-address authentication response message.
In addition, certificate server, after receiving mac-address authentication request message, can also carry out legitimate verification according to the MAC Address of the SSID of the radio network gateway comprised in this message and radio network gateway to this message.
In addition, the list of certification MAC Address (MAC Address white list) that this locality stores can also be included in mac-address authentication request message and send to radio network gateway by certificate server.
Step 212: after receiving mac-address authentication response message, according to the mac-address authentication result comprised in this message, radio network gateway judges that whether corresponding MAC Address is by checking:
If the MAC Address of correspondence is not by checking, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If the MAC Address of correspondence by checking, is then recorded in the local list of certification MAC Address (MAC Address white list), and performs next step by the MAC Address of correspondence.
In addition, if comprise the list of certification MAC Address (MAC Address white list) of certificate server transmission in mac-address authentication request message, radio network gateway can upgrade the list of certification MAC Address (MAC Address white list) that this locality stores.
Step 213: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.
second embodiment
In the application second embodiment, received by radio network gateway and process the authentication request message run APP in a mobile device and send, realize the certification of mobile device, namely integrated WEB certificate server in radio network gateway, realizes the WEB certification of mobile device.Schematic network structure corresponding to second embodiment of the invention as shown in Figure 3.
Fig. 4 is the method flow diagram of the internet access method of the application second embodiment; As shown in Figure 4, the method comprises:
Step 401: user selects according to the SSID in wireless network list in a mobile device and is connected to radio network gateway;
Radio network gateway is mainly used in the covering of wireless network and the access control of mobile device.
In the present embodiment, radio network gateway is configured to open authentication pattern.In this mode, mobile device can be connected to radio network gateway, but before the certification completing mobile device, radio network gateway is by this mobile device of prevention access Internet resources.
Step 402: after user starts the APP in mobile device, APP obtains the MAC Address of mobile device.
Step 403: the APP in mobile device sends authentication request message to radio network gateway;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP request message.The URL(Uniform Resource Locator of this HTTP request message, URL(uniform resource locator)) field is the gateway authentication address be configured in APP, such as: http: // gateway address/auth.
Wherein, above-mentioned gateway address can call corresponding network parameter by APP and obtain function acquisition.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 404: after radio network gateway receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, radio network gateway uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 405: radio network gateway sends authentication response message to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 406: after receiving the authentication response message that radio network gateway sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 407: user uses mobile device to send internet access request by radio network gateway.
Step 408: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If do not comprise this MAC Address in MAC Address white list, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, perform next step.
Step 409: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.
3rd embodiment
In the application the 3rd embodiment, received by the certificate server independently arranged and process the authentication request message run APP in a mobile device and send, realizing the certification of mobile device; In addition, APP in mobile device can also pass through cordless communication network (mobile communication base station) obtains available wireless gateway SSID from certificate server, after using the SSID of the available wireless gateway got automatically to be connected to radio network gateway, carry out follow-up certification and linking Internet operation.Schematic network structure corresponding to third embodiment of the invention as shown in Figure 5.
Fig. 6 is the method flow diagram of the internet access method of the application the 3rd embodiment.As shown in Figure 6, the method comprises:
Step 601: after user starts the APP in mobile device, APP sends gateway identification by cordless communication network (mobile communication base station) to certificate server and obtains request message;
Above-mentioned cordless communication network can be 2G/3G/4G network.
Above-mentioned gateway identification obtains in request message and can comprise: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched.
In the present embodiment, it can be HTTP request message that above-mentioned gateway identification obtains request message.The url field of this HTTP request message is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The positional information of above-mentioned mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 602: after receiving gateway identification acquisition request message, for this mobile device searches available radio network gateway in the radio network gateway information list that certificate server stores in this locality, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
Following information is comprised: the SSID of radio network gateway, the MAC Address of radio network gateway, the positional information etc. of radio network gateway in above-mentioned radio network gateway information list.
The positional information that certificate server can obtain according to gateway identification the mobile device comprised in request message searches the radio network gateway of correspondence position in radio network gateway information list, and by the SSID of correspondence, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device.
In addition, certificate server also can obtain the SSID of the radio network gateway that the mobile device that comprises in request message has searched according to gateway identification, and/or the MAC Address of radio network gateway that mobile device has searched searches corresponding radio network gateway in radio network gateway information list, and by the SSID of correspondence, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device.
In addition, the current available SSID corresponding to all radio network gateways that certificate server also can be managed and/or MAC Address are included in gateway identification and obtain in response message and send to mobile device, and SSID and/or the MAC Address of selecting the current radio network gateway searched each SSID comprised from this message by mobile device and/or MAC Address connect.In this case, above-mentioned gateway identification obtains the information such as the SSID of the radio network gateway that positional information, the mobile device that can not comprise above-mentioned mobile device in request message has searched and MAC Address.
In the present embodiment, above-mentioned gateway identification obtains the 200 OK message that response message can be HTTP.
Step 603: after receiving the gateway identification acquisition response message of certificate server transmission, the APP in mobile device is connected to corresponding radio network gateway according to the SSID of the radio network gateway comprised in this response message and/or MAC Address;
If gateway identification obtains in response message the SSID and the MAC Address that do not comprise radio network gateway, the APP in mobile device can display reminding information, notifies do not have available wireless gateway near user.
Step 604: the APP in mobile device obtains the MAC Address of mobile device.
Step 605: the APP in mobile device sends authentication request message by the radio network gateway of current connection to certificate server;
Comprise in above-mentioned authentication request message: the MAC Address of mobile device, APP title, APP version information, APP authentication code.
Above-mentioned APP authentication code is corresponding with APP title and APP version information, for the validity of authentication verification request message.
APP authentication code can be encrypted to APP title and APP version information the ciphertext that computing generates.
In the present embodiment, above-mentioned authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in APP.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The MAC Address of above-mentioned mobile device, APP title, APP version information and APP authentication code can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 606: after radio network gateway receives authentication request message, extraction source MAC Address from the message of this authentication request message of encapsulation, and check whether this source MAC is present in the local list of certification MAC Address (also can be called MAC Address white list) stored; If there is no, then check the object IP address of the message of this authentication request message of encapsulation further, destination address due to this authentication request message is certificate server, allow this request message to be sent to the Internet, therefore this authentication request message is sent to certificate server by the Internet by radio network gateway;
Above-mentionedly can to carry out in the network layer of radio network gateway the operation that the source MAC corresponding to internet access request (being authentication request message in this step) and object IP address check.
Step 607: after certificate server receives authentication request message, verifies the validity of this authentication request message; If authentication request message is effective, then by the MAC Address (source MAC namely corresponding to this authentication request message) of mobile device that comprises in this authentication request message stored in the list of certification MAC Address (MAC Address white list) of this locality, be designated certification by this MAC Address; If authentication request message is invalid, then ignore this authentication request message;
In this step, the operation of authentication verification request message validity comprises:
(1) whether the MAC Address form comprised in authentication verification request message is effective;
(2) whether the APP title comprised in authentication verification request message is corresponding with the APP authentication code comprised in authentication request message with APP version information;
Such as, APP authentication code uses the secret key pair APP title and APP version information encryption generation that preset, certificate server uses the APP title that comprises in this secret key pair authentication request message and APP version information to be encrypted, contrast encrypting the APP authentication code comprised in the ciphertext that obtains and authentication request message, if both are consistent, then show that APP title is corresponding with the APP authentication code comprised in authentication request message with APP version information; If both are inconsistent, then show APP title and APP version information not corresponding with the APP authentication code comprised in authentication request message, namely this authentication request message is invalid.
Step 608: certificate server sends authentication response message by radio network gateway to mobile device;
In the present embodiment, above-mentioned authentication response message can be the 200 OK message of HTTP.
Step 609: after receiving the authentication response message that certificate server sends, the APP of mobile device can display reminding information, informs user by certification, can carry out internet access;
This step is optional step.
Step 610: user uses mobile device to send internet access request by radio network gateway.
Step 611: after radio network gateway receives internet access request, extraction source MAC Address from the message of this internet access request message of encapsulation, judges whether this MAC Address is present in the local MAC Address white list stored:
If comprise this MAC Address in MAC Address white list, then show that corresponding mobile device is by certification, allow this mobile device to access the Internet, jump to step 615;
If do not comprise this MAC Address in MAC Address white list, then perform next step.
Step 612: radio network gateway sends mac-address authentication request message to certificate server;
Comprise in above-mentioned mac-address authentication request message: the source MAC (i.e. MAC Address to be verified) extracted from the message of this internet access request message of encapsulation, the SSID of radio network gateway, the MAC Address of radio network gateway.
Above-mentioned mac-address authentication request message can be HTTP request message.The url field of this HTTP request message is the address of the authentication server be configured in radio network gateway.
The data interchange format that above-mentioned HTTP request message adopts can be JSON.
The SSID of above-mentioned MAC Address to be verified, radio network gateway and the MAC Address of radio network gateway can be included in the request entity (request-body) of HTTP request message.In order to improve fail safe, the request entity of Base 64 algorithm to above-mentioned request message can be adopted to be encrypted.
Step 613: after receiving the mac-address authentication request message of radio network gateway transmission, certificate server carries out mac-address authentication, namely in the list of certification MAC Address (MAC Address white list) of this locality storage, the MAC Address to be certified of carrying is searched in mac-address authentication request message, if comprise MAC Address to be certified in MAC Address white list, then mac-address authentication result is by checking; Otherwise mac-address authentication result is not by checking; Mac-address authentication result is included in mac-address authentication response message and sends to radio network gateway by certificate server.
Above-mentioned mac-address authentication response message can be the 200 OK message of HTTP.Mac-address authentication result can be included in the response message entity (response-body) of mac-address authentication response message.
In addition, certificate server, after receiving mac-address authentication request message, can also carry out legitimate verification according to the MAC Address of the SSID of the radio network gateway comprised in this message and radio network gateway to this message.
In addition, the list of certification MAC Address (MAC Address white list) that this locality stores can also be included in mac-address authentication request message and send to radio network gateway by certificate server.
Step 614: after receiving mac-address authentication response message, according to the mac-address authentication result comprised in this message, radio network gateway judges that whether corresponding MAC Address is by checking:
If the MAC Address of correspondence is not by checking, radio network gateway does not forward corresponding internet access request, ignores this internet access request;
If the MAC Address of correspondence by checking, is then recorded in the local list of certification MAC Address (MAC Address white list), and performs next step by the MAC Address of correspondence.
In addition, if comprise the list of certification MAC Address (MAC Address white list) of certificate server transmission in mac-address authentication request message, radio network gateway can upgrade the list of certification MAC Address (MAC Address white list) that this locality stores.
Step 615: radio network gateway forwards corresponding internet access request.
So far, mobile device can carry out internet access.After this, do not affect user yet use this mobile device to carry out internet access even if user closes the APP run in mobile device.

Claims (10)

1. claims P1510002CN
A kind of internet access method, the method comprises:
The application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to certificate server;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by certificate server;
When described mobile device is connected to the radio network gateway of WLAN (wireless local area network), and when sending internet access request, whether the list of certification MAC Address of preserving in the list of certification MAC Address that radio network gateway is preserved according to this locality or the list of certification MAC Address of preserving according to this locality and certificate server judges the MAC Address certification of described mobile device, if certification, allows described mobile device to access the Internet.
2. method according to claim 1, is characterized in that,
Whether radio network gateway judges the MAC Address certification of described mobile device in the following way:
After receiving the internet access request of described mobile device transmission, radio network gateway extracts the source MAC of the message of this internet access request of encapsulation, judge whether described source MAC is present in the local list of certification MAC Address of preserving, if there is no, then send to certificate server the mac-address authentication request message comprising described source MAC;
After receiving described mac-address authentication request message, certificate server judges whether the described source MAC wherein comprised is present in the list of certification MAC Address of preserving in certificate server, and judged result is included in mac-address authentication response message and sends to radio network gateway.
3. method according to claim 1, is characterized in that,
Before sending described authentication request message, also comprise following steps:
The application program run in a mobile device sends gateway identification to certificate server and obtains request message;
Receive gateway identification to obtain after request message, certificate server is that described mobile device searches available radio network gateway, and by the SSID of available wireless gateway, and/or MAC Address is included in gateway identification and obtains in response message and send to mobile device;
After receiving gateway identification acquisition response message, mobile device is according to the SSID of the radio network gateway wherein comprised, and/or MAC Address is connected to corresponding radio network gateway.
4. method according to claim 3, is characterized in that,
Described gateway identification obtains in request message and comprises: the positional information of mobile device, and/or the SSID of radio network gateway that mobile device has searched, and/or the MAC Address of radio network gateway that mobile device has searched;
After receiving described gateway identification acquisition request message, the MAC Address of the radio network gateway that the SSID of the radio network gateway that certificate server has searched according to the positional information of the mobile device wherein comprised and/or mobile device and/or mobile device have searched is that mobile device searches available radio network gateway.
5. method according to claim 2, is characterized in that,
After receiving described mac-address authentication response message, if the described judged result wherein comprised is: described source MAC is present in the list of certification MAC Address of preserving in certificate server, then described source MAC is recorded in the local list of certification MAC Address of preserving by radio network gateway.
6. method according to claim 2, is characterized in that,
The list of certification MAC Address that certificate server is preserved is included in described mac-address authentication response message and sends to radio network gateway;
After receiving described mac-address authentication response message, the list of certification MAC Address that radio network gateway is preserved according to the list update of the certification MAC Address this locality wherein comprised.
7. method according to claim 1, is characterized in that,
Also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, certificate server is also verified according to the title of described application program, the version information of described application program and the validity of authentication code to described authentication request message that wherein comprise.
8. method according to claim 2, is characterized in that,
Also comprise in described mac-address authentication request message: the SSID of radio network gateway, the MAC Address of radio network gateway;
After receiving mac-address authentication request message, certificate server is also verified according to the SSID of radio network gateway wherein comprised and the legitimacy of the MAC Address of radio network gateway to described mac-address authentication request message.
9. an internet access method, the method comprises:
After being connected to radio network gateway, the application program run in a mobile device sends the authentication request message comprising the MAC Address of this mobile device to radio network gateway;
After receiving described authentication request message, the MAC Address of described mobile device is recorded in the list of certification MAC Address by radio network gateway;
When described mobile device sends internet access request, whether radio network gateway judges the MAC Address certification of described mobile device according to the list of certification MAC Address that this locality is preserved, if certification, allows described mobile device to access the Internet.
10. method according to claim 9, is characterized in that,
Also comprise in described authentication request message: the title of described application program, the version information of described application program, and the authentication code corresponding with the title of described application program and version information;
After receiving described authentication request message, radio network gateway is also verified according to the title of described application program, the version information of described application program and the validity of described authentication code to described authentication request message that wherein comprise.
CN201510337183.0A 2015-06-17 2015-06-17 Internet access method Pending CN104917775A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510337183.0A CN104917775A (en) 2015-06-17 2015-06-17 Internet access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510337183.0A CN104917775A (en) 2015-06-17 2015-06-17 Internet access method

Publications (1)

Publication Number Publication Date
CN104917775A true CN104917775A (en) 2015-09-16

Family

ID=54086481

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510337183.0A Pending CN104917775A (en) 2015-06-17 2015-06-17 Internet access method

Country Status (1)

Country Link
CN (1) CN104917775A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530612A (en) * 2016-01-26 2016-04-27 山东康威通信技术股份有限公司 WIFI authentication method using mobile terminal to access outdoor device and system
CN105873055A (en) * 2016-04-18 2016-08-17 北京网康科技有限公司 Wireless network access authentication method and device
CN107071776A (en) * 2017-05-23 2017-08-18 上海斐讯数据通信技术有限公司 It is a kind of to match somebody with somebody network method and its system, a kind of server automatically
CN107248998A (en) * 2017-07-04 2017-10-13 上海斐讯数据通信技术有限公司 The authentication method and device of a kind of application client of terminal device
CN107517491A (en) * 2016-06-16 2017-12-26 国基电子(上海)有限公司 System and method is established in one kind connection
CN107734504A (en) * 2017-11-01 2018-02-23 深圳汇生通科技股份有限公司 To the realization method and system of mobile device MAC Address collection in a kind of WIFI
CN108605199A (en) * 2015-11-19 2018-09-28 网易飞公司 Centralized access point configuration system and its operating method
CN109121136A (en) * 2017-06-22 2019-01-01 中国电信股份有限公司 Network insertion, terminal connection and verification method and terminal, gateway and system
CN109302490A (en) * 2018-11-12 2019-02-01 林昌盛威(北京)科技有限公司 Network connection control method and system, gateway, Cloud Server
CN110233836A (en) * 2019-05-31 2019-09-13 顾宏超 A kind of communication verification method, equipment, system and computer readable storage medium
CN110493366A (en) * 2019-08-01 2019-11-22 新华三技术有限公司成都分公司 The method and device of network management is added in a kind of access point
CN111600832A (en) * 2019-07-25 2020-08-28 新华三技术有限公司 Message processing method and device
CN111901323A (en) * 2020-07-20 2020-11-06 云账户技术(天津)有限公司 Application access method and device
CN112118575A (en) * 2020-09-25 2020-12-22 国网江苏省电力有限公司 Wireless equipment authentication method and system
CN113225350A (en) * 2021-05-21 2021-08-06 广东电网有限责任公司 Network resource management method, device, medium and electronic equipment
CN114374538A (en) * 2021-12-10 2022-04-19 广州河东科技有限公司 LINUX gateway application program installation method and device and intelligent gateway equipment
CN115243258A (en) * 2022-06-30 2022-10-25 上海兴容信息技术有限公司 Network access authentication method and system
CN116405214A (en) * 2023-01-18 2023-07-07 山东奥邦交通设施工程有限公司 Traffic information release information board access safety control method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
US20130263239A1 (en) * 2012-03-27 2013-10-03 University-Industrycooperation Group Of Kyung Hee University Apparatus and method for performing user authentication by proxy in wireless communication system
CN103475996A (en) * 2013-08-19 2013-12-25 小米科技有限责任公司 Network connecting method, network sharing method and devices
CN103796278A (en) * 2014-02-27 2014-05-14 成都悟空科技有限公司 Mobile terminal wireless network access control method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
US20130263239A1 (en) * 2012-03-27 2013-10-03 University-Industrycooperation Group Of Kyung Hee University Apparatus and method for performing user authentication by proxy in wireless communication system
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN103475996A (en) * 2013-08-19 2013-12-25 小米科技有限责任公司 Network connecting method, network sharing method and devices
CN103796278A (en) * 2014-02-27 2014-05-14 成都悟空科技有限公司 Mobile terminal wireless network access control method

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108605199A (en) * 2015-11-19 2018-09-28 网易飞公司 Centralized access point configuration system and its operating method
CN105530612A (en) * 2016-01-26 2016-04-27 山东康威通信技术股份有限公司 WIFI authentication method using mobile terminal to access outdoor device and system
CN105873055A (en) * 2016-04-18 2016-08-17 北京网康科技有限公司 Wireless network access authentication method and device
CN105873055B (en) * 2016-04-18 2019-12-06 北京网康科技有限公司 Wireless network access authentication method and device
CN107517491A (en) * 2016-06-16 2017-12-26 国基电子(上海)有限公司 System and method is established in one kind connection
CN107071776A (en) * 2017-05-23 2017-08-18 上海斐讯数据通信技术有限公司 It is a kind of to match somebody with somebody network method and its system, a kind of server automatically
CN109121136A (en) * 2017-06-22 2019-01-01 中国电信股份有限公司 Network insertion, terminal connection and verification method and terminal, gateway and system
CN107248998A (en) * 2017-07-04 2017-10-13 上海斐讯数据通信技术有限公司 The authentication method and device of a kind of application client of terminal device
CN107734504A (en) * 2017-11-01 2018-02-23 深圳汇生通科技股份有限公司 To the realization method and system of mobile device MAC Address collection in a kind of WIFI
CN109302490A (en) * 2018-11-12 2019-02-01 林昌盛威(北京)科技有限公司 Network connection control method and system, gateway, Cloud Server
CN110233836A (en) * 2019-05-31 2019-09-13 顾宏超 A kind of communication verification method, equipment, system and computer readable storage medium
CN110233836B (en) * 2019-05-31 2021-06-08 顾宏超 Communication verification method, device, system and computer readable storage medium
CN111600832A (en) * 2019-07-25 2020-08-28 新华三技术有限公司 Message processing method and device
CN110493366A (en) * 2019-08-01 2019-11-22 新华三技术有限公司成都分公司 The method and device of network management is added in a kind of access point
CN110493366B (en) * 2019-08-01 2022-03-25 新华三技术有限公司成都分公司 Method and device for adding access point into network management
CN111901323A (en) * 2020-07-20 2020-11-06 云账户技术(天津)有限公司 Application access method and device
CN112118575A (en) * 2020-09-25 2020-12-22 国网江苏省电力有限公司 Wireless equipment authentication method and system
CN112118575B (en) * 2020-09-25 2022-06-28 国网江苏省电力有限公司 Wireless equipment authentication method and system
CN113225350A (en) * 2021-05-21 2021-08-06 广东电网有限责任公司 Network resource management method, device, medium and electronic equipment
CN113225350B (en) * 2021-05-21 2022-11-29 广东电网有限责任公司 Network resource management method, device, medium and electronic equipment
CN114374538A (en) * 2021-12-10 2022-04-19 广州河东科技有限公司 LINUX gateway application program installation method and device and intelligent gateway equipment
CN115243258A (en) * 2022-06-30 2022-10-25 上海兴容信息技术有限公司 Network access authentication method and system
CN116405214A (en) * 2023-01-18 2023-07-07 山东奥邦交通设施工程有限公司 Traffic information release information board access safety control method and system
CN116405214B (en) * 2023-01-18 2024-03-08 山东高速股份有限公司 Traffic information release information board access safety control method and system

Similar Documents

Publication Publication Date Title
CN104917775A (en) Internet access method
US10531297B2 (en) Authentication method and server, and computer storage medium
JP5784827B2 (en) Authentication system via two communication devices
CN102017572B (en) The method logged on for providing single service, equipment and computer program
CN106105134B (en) Method and apparatus for improving end-to-end data protection
CN113796111A (en) Apparatus and method for providing mobile edge computing service in wireless communication system
KR101214836B1 (en) Authentication method and authentication system
CN105027529B (en) Method and apparatus for verifying user's access to Internet resources
CN103188229B (en) The method and apparatus accessed for secure content
CN104994504A (en) Secure and automatic connection to wireless network
WO2015154488A1 (en) Method and device for accessing router
CN105432102A (en) Network assisted bootstrapping for machine-to-machine communication
CN103503407A (en) SSO framework for multiple SSO technologies
CN104253801B (en) Realize the methods, devices and systems of login authentication
CN107864475B (en) WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password
CN106162641B (en) A kind of safe public WiFi authentication method and system
CN105554098A (en) Device configuration method, server and system
JP5952973B2 (en) Mutual authentication method between terminal and remote server via third-party portal
US11711693B2 (en) Non-3GPP device access to core network
CN104144163A (en) Identity verification method, device and system
EP3844929B1 (en) Non-3gpp device access to core network
CN104467923A (en) Apparatus interacting method, apparatus and system
CN104936177B (en) A kind of access authentication method and access authentication system
CN110505188A (en) A kind of terminal authentication method, relevant device and Verification System
CN101771722B (en) System and method for WAPI terminal to access Web application site

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150916