CN1564524A - Method of radio terminal charging fee in radio LAN - Google Patents
Method of radio terminal charging fee in radio LAN Download PDFInfo
- Publication number
- CN1564524A CN1564524A CN 200410029788 CN200410029788A CN1564524A CN 1564524 A CN1564524 A CN 1564524A CN 200410029788 CN200410029788 CN 200410029788 CN 200410029788 A CN200410029788 A CN 200410029788A CN 1564524 A CN1564524 A CN 1564524A
- Authority
- CN
- China
- Prior art keywords
- sta
- certificate
- message
- production line
- rolls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The method includes following procedures: in safe access session procedure specified in WAI, after AP receives response of certificate authentication (CA) returned from ASU, if result of STA in information of CA result is successful, then AP records name of holder in STA certificate; in procedure of negotiating about cipher key between AP and STA, if AP determines the said negotiation is successful, then the said name of holder is as id of charged user; charging message of starting up is sent to charging server; when session is ended, STA sends drop note to AP, which validates the note and sends message of stopping charging to charging server if validation is passed. The method is compatible to current program and protocols.
Description
Technical field
The present invention relates to a kind of be applied to WLAN (wireless local area network) to wireless terminal (STA) charging method.Specifically, the present invention relates to a kind of WLAN (WLAN (wireless local area network)) conversation procedure that charges based on the band of GB WAPI (WLAN Authentication and Privacy Infrastructure, WAPI).
Background technology
In May, 2003, national wide-band wireless IP working group has issued WLAN standard GB 15629.11.Defined GB WLAN authentication and privacy infrastructure (WAPI) at GB the 8th chapter.
WAPI mainly comprises wireless local area network authentication infrastructure (WAI) and wireless local area network security foundation structure (WPI) two parts content.Wherein WAI mechanism has realized two-way authentication between STA and the wireless network by the elliptic curve cipher certificate, and adopts two message of public key encryption to realize session key agreement.A STA safety access process authentication that defines in WAPI comprises certificate discriminating and key agreement two parts.The safe access process of WLAN standard GB 15629.11 regulations is as follows:
1. differentiate and activate.Related or when being associated to AP again as STA, send to STA by AP and to differentiate and activate to start whole discrimination process.
2. insert the request of discriminating.STA sends access to AP and differentiates request, and the current system time that is about to STA certificate and STA mails to AP, and wherein system time is called access discriminating request time.
3. request of certificate authentication.AP at first writes down and differentiates request time after receiving that STA access discriminating is asked, and sends request of certificate authentication to ASU then, and soon the private key of STA certificate, access discriminating request time, AP certificate and AP sends to ASU to their signature formation request of certificate authentication.
4. certificate is differentiated response.ASU receive the certificate of AP sign do not invite ask after, the signature of checking AP and the validity of AP certificate, if incorrect, then discrimination process failure, otherwise further verify the STA certificate.After verifying, STA certificate identification result information (comprising STA certificate and identification result), AP certificate are signed other object information (comprise AP certificate and identification result and insert the discriminating request time) to ASU and ASU differentiates that to their signature formation certificate response sends back to AP.
5. insert and differentiate response.The certificate that AP returns ASU is signed to hold your noise and should be carried out signature verification, obtains the identification result of STA certificate, according to this result STA is carried out access control.AP signs the certificate of receiving to hold your noise and should be recycled to STA.Behind the signature of STA checking ASU, obtain the identification result of AP certificate, whether insert this AP according to this identification result decision.
6. key negotiation request.AP produces a string random data, utilize the public key encryption of STA after, send key negotiation request to STA.This request comprises all alternate session algorithm informations of requesting party.
7. key negotiation response.After STA receives the key negotiation request that AP sends, at first carry out the session negotiating algorithm, if response side does not support all alternate session algorithms of requesting party,, otherwise in the alternative algorithm that the requesting party provides, select a kind of algorithm of oneself supporting then to the failure of requesting party's response session negotiating algorithm; Utilize local private key deciphering negotiation data again, obtain the random data that AP produces; Produce a string random data then, utilize the public key encryption of AP after, send to AP again.
When carrying out other application of carrier-class based on the WLAN (wireless local area network) of GB WAPI, as the airport, the hot spot application in hotel is chargeed and can not be ignored as a critical function.And at how supporting to charge do not design among the WAPI.
Present wireless local area network charging method normally adopts the Radius agreement to charge.Carry a unique user ID in the Radius protocol requirement charging message, charge so that search user profile at accounting server.
Behind the STA authentication success, AP sends to charge to accounting server and begins request, in charging message, need carry a unique user ID, to determine the charge information at the user.This user ID is provided in verification process by STA.In the safe access procedure (comprise inserting and differentiate and key agreement) of GB WAPI definition, there is not the process of determining user ID.The accuracy of chargeing need stop to guarantee that this point also is that GB WAPI is short of by charge beginning and charging.The safe access procedure of GB WAPI definition is the beginning part of a STA and AP conversation procedure, does not define STA and how to roll off the production line.The beginning of chargeing can be sent to accounting server by AP after access is differentiated successfully, and owing to lack line process under the STA, AP can't determine when and stop to charge.
Summary of the invention
The WLAN (wireless local area network) that the present invention is directed to based on GB WAPI is applied under public's wireless network scenario, and the problem that can not charge has designed the charging method based on WAPI, and summary of the invention is as follows:
Safety in the WAI regulation inserts in the conversation procedure:
1.AP after receiving that certificate that ASU returns is differentiated response, if the STA object code in the certificate identification result information be " 0 ", promptly represent authentication success, AP writes down the certificate holder title in the STA certificate;
2.AP carry out in the cipher key agreement process with STA, if AP judges the key agreement failure, the key agreement failure is not then chargeed; If AP judges the key agreement success, then be referred to as the user's fee sign with the certificate holder name in the described STA certificate of prior buffer memory, send the beginning message that charges to accounting server;
3. when conversation end, STA sends the notice that rolls off the production line to AP, after AP receives, verifies the notice message that rolls off the production line; After checking is passed through, send charging to accounting server and stop message; Otherwise, abandon this notice message that rolls off the production line;
4.STA during abnormal off-line, AP should set by rational time-out time, is referred to as the user's fee sign according to the certificate holder name in the certificate, sends to accounting server to stop charging message.
The invention solves the charging problem under the scene that ought be applied to public network based on the WLAN of national standard WAPI, and can be well compatible with existing account software and agreement.
Description of drawings
Fig. 1 is the access procedure flow chart that once complete band of the present invention charges;
Fig. 2 is the packet basic format schematic diagram of the WAI in the GB;
Fig. 3 is the notice message data paragraph format schematic diagram that rolls off the production line.
Embodiment
As shown in Figure 1, the conversation procedure that charges for once complete band.Conversation procedure is as follows:
1. related or when being associated to AP again as STA, send to STA by AP and to differentiate and activate to start whole discrimination process.
Differentiate request 2.STA send access to AP, the current system time that is about to STA certificate and STA mails to AP, and wherein system time is called access discriminating request time.
3.AP after receiving that STA access discriminating is asked, at first write down and differentiate request time, send request of certificate authentication to ASU then, soon the private key of STA certificate, access discriminating request time, AP certificate and AP sends to ASU to their signature formation request of certificate authentication.
4.ASU receive the certificate of AP sign do not invite ask after, the signature of checking AP and the validity of AP certificate, if incorrect, then discrimination process failure, otherwise further verify the STA certificate.After verifying, STA certificate identification result information (comprising STA certificate and identification result), AP certificate are signed other object information (comprise AP certificate and identification result and insert the discriminating request time) to ASU and ASU differentiates that to their signature formation certificate response sends back to AP.
5. insert and differentiate response.The certificate that AP returns ASU is signed to hold your noise and should be carried out signature verification, obtain the identification result of STA certificate, STA carried out access control, if the STA object code in the certificate identification result information is according to this result " 0 ", promptly represent authentication success, then write down the certificate holder title in the STA certificate.AP signs the certificate of receiving to hold your noise and should be recycled to STA.Behind the signature of STA checking ASU, obtain the identification result of AP certificate, whether insert this AP according to this identification result decision.
6.AP and STA carries out key agreement.If the key agreement success, AP is referred to as the user's fee sign with the certificate holder name in the certificate, sends the beginning message that charges to accounting server.
7. in conversation procedure, AP sends charging message according to time or flow to accounting server.When user's abnormal off-line, AP should send to accounting server according to certain timeout mechanism and stop charging message.
8. when conversation end, STA sends the notice message that rolls off the production line to AP, and after AP received, checking was rolled off the production line and notified the session identification of message.After checking is passed through, to accounting server transmission stopping charging message.Otherwise, abandon this notice message that rolls off the production line.
The roll off the production line Notification Format corresponding with above-mentioned conversation procedure:
In the packet basic format of WAI in GB, add the notice type of message that rolls off the production line, promptly differentiated packet type field as shown in Figure 2.
The discriminating packet type field is defined as:
" 5 " expression notice type of message number that rolls off the production line.
Fig. 3 is the data segment content of the notice that rolls off the production line in the packet basic format of WAI.The notice that rolls off the production line is that STA is used for notifying AP, and STA will finish a WAPI session, and AP can disconnect the connection of STA according to the notice that rolls off the production line, and stops charging process.
Claims (3)
1. the method for wireless terminal charging in the WLAN (wireless local area network) is characterized in that described method comprises following treatment step:
1) safety in WAI regulation inserts in the conversation procedure, and after AP received that certificate that ASU returns is differentiated response, if the STA result in the certificate identification result information be an authentication success, AP write down the certificate holder title in the STA certificate;
2) AP and STA carry out in the cipher key agreement process, if AP judges the key agreement success, then are referred to as the user's fee sign with the certificate holder name in the described STA certificate of prior buffer memory, send the beginning message that charges to accounting server;
3) when conversation end, STA sends the notice that rolls off the production line to AP, after AP receives, verifies the notice message that rolls off the production line; After checking was passed through, AP sent to charge to accounting server and stops message; Otherwise, abandon this notice message that rolls off the production line.
2. the method for wireless terminal charging is characterized in that in the WLAN (wireless local area network) according to claim 1, and the notice that rolls off the production line in described step 3) message comprises session identification, and after AP received message, checking was rolled off the production line and notified the session identification of message.
3. the method for wireless terminal charging in the WLAN (wireless local area network) according to claim 1 and 2, it is characterized in that, when the STA abnormal off-line, AP sets by rational time-out time, be referred to as the user's fee sign according to the certificate holder name in the certificate, AP sends to accounting server and stops charging message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410029788 CN1564524A (en) | 2004-03-26 | 2004-03-26 | Method of radio terminal charging fee in radio LAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410029788 CN1564524A (en) | 2004-03-26 | 2004-03-26 | Method of radio terminal charging fee in radio LAN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1564524A true CN1564524A (en) | 2005-01-12 |
Family
ID=34480999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410029788 Pending CN1564524A (en) | 2004-03-26 | 2004-03-26 | Method of radio terminal charging fee in radio LAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1564524A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100358282C (en) * | 2005-03-23 | 2007-12-26 | 西安电子科技大学 | Key agreement method in WAPI authentication mechanism |
| WO2008080351A1 (en) * | 2006-12-29 | 2008-07-10 | China Iwncomm Co., Ltd. | Wireless local network operation method based on wapi |
| WO2008080352A1 (en) * | 2006-12-29 | 2008-07-10 | China Mobile Group Design Institute Co., Ltd. | A wlan authentication charging method based on wapi |
| CN1913435B (en) * | 2005-08-11 | 2010-09-01 | 索尼株式会社 | Wireless communication system, terminal and status report method |
| WO2010102496A1 (en) * | 2009-03-11 | 2010-09-16 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing zero-interference charging at wapi system terminal |
| CN101286858B (en) * | 2007-04-12 | 2010-12-08 | 中兴通讯股份有限公司 | Method and system for charging of WAP gateway for mobile terminal |
| CN101527908B (en) * | 2009-04-08 | 2011-04-20 | 中兴通讯股份有限公司 | Method for pre-identifying wireless local area network terminal and wireless local area network system |
| CN101425909B (en) * | 2008-09-28 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing WAPI system terminal zero interference charging |
| CN102833746A (en) * | 2012-09-14 | 2012-12-19 | 福建星网锐捷网络有限公司 | User re-authentication method and AC (Access Controller) |
-
2004
- 2004-03-26 CN CN 200410029788 patent/CN1564524A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100358282C (en) * | 2005-03-23 | 2007-12-26 | 西安电子科技大学 | Key agreement method in WAPI authentication mechanism |
| CN1913435B (en) * | 2005-08-11 | 2010-09-01 | 索尼株式会社 | Wireless communication system, terminal and status report method |
| WO2008080351A1 (en) * | 2006-12-29 | 2008-07-10 | China Iwncomm Co., Ltd. | Wireless local network operation method based on wapi |
| WO2008080352A1 (en) * | 2006-12-29 | 2008-07-10 | China Mobile Group Design Institute Co., Ltd. | A wlan authentication charging method based on wapi |
| CN100448196C (en) * | 2006-12-29 | 2008-12-31 | 西安西电捷通无线网络通信有限公司 | WAPI-based wireless LAN operation method |
| CN101286858B (en) * | 2007-04-12 | 2010-12-08 | 中兴通讯股份有限公司 | Method and system for charging of WAP gateway for mobile terminal |
| CN101425909B (en) * | 2008-09-28 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing WAPI system terminal zero interference charging |
| WO2010102496A1 (en) * | 2009-03-11 | 2010-09-16 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing zero-interference charging at wapi system terminal |
| CN101527908B (en) * | 2009-04-08 | 2011-04-20 | 中兴通讯股份有限公司 | Method for pre-identifying wireless local area network terminal and wireless local area network system |
| CN102833746A (en) * | 2012-09-14 | 2012-12-19 | 福建星网锐捷网络有限公司 | User re-authentication method and AC (Access Controller) |
| CN102833746B (en) * | 2012-09-14 | 2015-11-25 | 福建星网锐捷网络有限公司 | User's re-authentication method and access controller |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101212297B (en) | WEB-based WLAN access authentication method and system | |
| JP4272920B2 (en) | Method and apparatus for checking the validity of a first communication participant in a communication network | |
| US20050154909A1 (en) | Certificate based authentication authorization accounting scheme for loose coupling interworking | |
| KR20140005306A (en) | Continuous voice authentication for a mobile device | |
| CN103167497B (en) | A kind of authentication processing method and authentication process system | |
| CN1564509A (en) | Key consaltation method in radio LAN | |
| CN1564524A (en) | Method of radio terminal charging fee in radio LAN | |
| US9161217B2 (en) | Method and system for authenticating in a communication system | |
| WO2011009268A1 (en) | Wapi (wlan authentication and privacy infrastructure) -based authentication system and method | |
| CN100544253C (en) | The safe re-authentication method of mobile terminal of wireless local area network | |
| CN101969639B (en) | Multi-certificate and multi-certification mode combined access authentication method and system | |
| CN102264050A (en) | Network access method, system and authentication server | |
| CN101425909B (en) | Method for implementing WAPI system terminal zero interference charging | |
| CN101282215A (en) | Method and apparatus for distinguishing certificate | |
| CN101540985B (en) | Method for implementing terminal zero intervention charging of WAPI system | |
| CN111884812B (en) | Binding method and system of hardware equipment | |
| CN100459536C (en) | Method and network for WLAN session control | |
| CN1299526C (en) | A method of wireless local area network terminal user authentication based on user identifying module | |
| CN1564516A (en) | Allopatic access authentication method of mobile terminal of radio LAN | |
| CN101860865A (en) | Method and device for realizing secondary access | |
| CN1213565C (en) | Method of real time modifying business during realizing identifying authorized charge procedure | |
| CN114615309A (en) | Client access control method, device and system, electronic equipment and storage medium | |
| CN1567859A (en) | A method of access authentication for WLAN | |
| CN102131199B (en) | WAPI (Wlan Authentication and Privacy Infrastructure) authentication method and access point | |
| JP4592850B2 (en) | Authentication method in mobile radio communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |