CN101141259A - Method and device of access point equipment for preventing error access - Google Patents

Method and device of access point equipment for preventing error access Download PDF

Info

Publication number
CN101141259A
CN101141259A CN 200710167322 CN200710167322A CN101141259A CN 101141259 A CN101141259 A CN 101141259A CN 200710167322 CN200710167322 CN 200710167322 CN 200710167322 A CN200710167322 A CN 200710167322A CN 101141259 A CN101141259 A CN 101141259A
Authority
CN
China
Prior art keywords
ap
wireless terminal
device
access
network
Prior art date
Application number
CN 200710167322
Other languages
Chinese (zh)
Inventor
刘宝祥
析 姚
张海涛
涛 郑
Original Assignee
杭州华三通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州华三通信技术有限公司 filed Critical 杭州华三通信技术有限公司
Priority to CN 200710167322 priority Critical patent/CN101141259A/en
Publication of CN101141259A publication Critical patent/CN101141259A/en

Links

Abstract

The utility model discloses a method for guarding against the misconnection to the AP equipment. After the wireless terminal requires for the certification from the network via the AP equipment, the network will examine the validity of the wireless terminal. When the certification fails, the network equipment will record the illegal frequency of the wireless terminal's misconnection to the AP equipment. When the illegal frequency reaches the preset threshold, the network equipment will send the signal to the AP equipment for forbidding the wireless terminal access. After the signal is received by the AP equipment, the response t the wireless terminal is forbidden. The utility model can be used to effectively prevent the disabled user's access to the AP equipment. As the frequency of misconnection is arranged and dynamically adjusted, the influence to the user operation can be reduced, so as to lower the frequency of connect failure and the user's complains. As responding to the above method, the utility model also provides a device used for guarding against the misconnection to the AP equipment.

Description

防止误接入接入点设备的方法及装置技术领域本发明涉及无线局域网(Wireless LAN, WLAN)安全技术领域,尤其涉及一种防止误接入4妄入点(Access Point, AP ) i殳备的方法及装置。 BACKGROUND relates prevent security Wireless LAN (Wireless LAN, WLAN) access point device access error and methods Technical Field The present invention particularly relates to a misnomer 4 jump access point (Access Point, AP) i Shu preventing apparatus the method and apparatus. 背景技术由于无线通信开放的传输介质,WLAN的安全性能一直是关注的焦点, 目前已制定的WLAN安全机制主要包括三方面:服务集标识符(Service Set Identifier, SSID )机制、物理地址(MAC )过滤控制机制和有线对等保密(Wired Equivalent Privacy , WEP )机制,下面分别介绍。 BACKGROUND As wireless communication open transmission medium, WLAN security has been the focus of attention, has established WLAN security mechanism consists of three areas: Service Set Identifier (Service Set Identifier, SSID) mechanism, physical address (MAC) filtering and control mechanisms wired equivalent Privacy (wired equivalent Privacy, WEP) mechanism, the following were introduced. 一、 SSIDWLAN中,首先为多个接入点配置不同的SSID,无线终端必须知道SSID 以便在网络中发送和接收数据。 A, SSIDWLAN, the first SSID is configured of a plurality of different access points, you must know the SSID of the wireless terminal to transmit and receive data on the network. 若某移动终端企图接入WLAN, AP首先4企查无线终端的SSID,符合则允许接入WLAN。 If a mobile terminal attempts to access WLAN, AP first half check the wireless terminal 4 as SSID, the access is allowed in line with WLAN. SSID机制在WLAN中实际上为客户端和AP端提供了一个共享密钥, SSID由AP对外广播,非常容易被非法入侵者窃取,通过AP入侵WLAN, 甚至非法侵入者亦可伪装为AP,达到欺骗无线终端的目的。 SSID mechanism in the WLAN client and the AP actually end provides a shared key, SSID broadcast by the AP outside, very easy to steal illegal intruders, through the invasion of WLAN AP, even illegal intruder can pretend to AP, to achieve spoofing object wireless terminal. 二、 MAC地址过滤控制MAC地址过滤控制是采用硬件控制的机制来实现对接入无线终端的识别。 Two, MAC address filtering MAC address filtering control is the use of a control mechanism to achieve recognition hardware control access to a wireless terminal. 由于无线终端的网卡都具备唯一的MAC地址,因此可以通过^r查无线终端数据包的源MAC来识别无线终端的合法性。 Since wireless terminals are equipped with card unique MAC address, the wireless terminal may be identified by the legitimacy of the source MAC ^ r check packet radio terminal. 地址过滤控制方式要求预先在AP服务器中写入合法的MAC地址列表,只有当无线终端的MAC地址和合法的MAC地址列表中的地址匹配时,AP才允许无线终端与之通信,实现物理地址的过滤。 Address filtering control legal requirements previously written in the AP MAC address list server, only when the MAC address of the wireless terminal and the MAC address list of valid addresses match, AP is allowed to communicate with the wireless terminal, implemented physical address filter. 但是由于很多无线网卡支持重新配置MAC地址,因此非法侵入者很可能从开放的无线电波中截获数据帧,分析出合法用户的MAC地址,然后伪装成合法用户,非法接入WLAN,使得网络安全遭到破坏。 However, due to many wireless card supports reconfiguration of MAC addresses, are likely to trespass intercepted radio waves from the open frame data, analyze the legal MAC address, and then masquerade as a legitimate user, unauthorized access WLAN, so that network security was to destruction. 另外,随着无线终端的增减,MAC地址列表需要随时更新,但是AP设备中的合法MAC地址列 Further, the increase or decrease in the wireless terminal, a MAC address list needs to be updated, but the MAC address of a legitimate AP column apparatus

表目前大都是手工维护,因此这种方式的扩展能力很差,只适合小型无线网络。 Table currently mostly manual maintenance, thus expanding the capabilities of this approach is poor, only suitable for small wireless networks. 另外,这种MAC地址过滤控制方式对普通用户要求比较高,需要用户提供MAC地址,如果用户更换了上网设备,需要重新配置,比较繁瑣。 Further, the MAC address filtering control for ordinary users require a relatively high need to provide the MAC address of the user, if the user changes the access device needs to be reconfigured, more cumbersome. 三、WEPWEP是一种基于RC-4算法的40bit或128bit加密技术,无线终端和AP可以配置4组WEP密钥,加密传输数据时可以轮流使用,允许加密密钥动态改变。 Three, WEPWEP a 40bit or 128bit encryption techniques based on RC-4 algorithm, the wireless terminal and the AP 4 may be configured to set the WEP key to be used when encryption for data transmission in turn, allows the key could be altered. 由于WEP机制中所有密钥只能是4组中的一个,因此其实质上还是静态WEP加密。 Because WEP mechanism in all key can only be a group of 4, so it is essentially a static WEP encryption. 同时AP和它所联系的所有无线终端都使用相同的密钥, 使用同一AP的用户也使用相同的密钥,因此会带来如下问题: 一旦其中一个用户的密钥泄漏,其他用户的密钥也无法保密了。 While the AP and all wireless terminals linked to it use the same key, the user can also use the same AP uses the same key, and therefore will bring the following question: Once one of the user's key compromise, the other user's key It can not be kept secret. 另外,这种WEP方式对普通用户要求比较高,需要用户配置WEP加密,如果用户更换了上网设备,需要重新配置,比较繁瑣。 Further, this embodiment WEP high demand for ordinary users, the user needs to configure the WEP encryption, if the user changes the access device needs to be reconfigured, more cumbersome. WLAN系统示意图参见图1。 Referring to FIG 1 a schematic WLAN system. 其中,用户上网的过程是:用户通过PPP 协议(PPP over Ethernet, PPPOE)拨号,AP设备透传用户报文到非对称数字用户线路(Asymmetric Digital Subscriber Line, ADSL);宽带接入网关(BRAS 设备)终结用户认证报文。 Wherein the user access process is: the user through the PPP protocol (PPP over Ethernet, PPPOE) dial-up, the AP user equipment transparently transmit packets to asymmetric digital subscriber line (Asymmetric Digital Subscriber Line, ADSL); broadband access gateway (BRAS equipment ) end user authentication packets. 目前WLAN接入过程参见图2。 Referring now to FIG 2 WLAN access procedure. 包括以下步骤:步骤201:无线终端搜索AP;用户搜索AP的扫描方式有两种:第一种是通过侦听AP定期发送的Beacon帧来发现网络的被动扫描(Passive Scanning)方式;第二种是在每个信道上发送探测请求(Probe request)报文,从AP设备的才果测回复(Probe Response )才艮文中获取AP的基本信息的主动扫描(Active Scanning)方式。 Comprising the following steps: Step 201: the wireless terminal AP search; search for an AP scanning the user in two ways: The first is the Beacon frame periodically sent by listening AP passive scanning to discover the network (Passive Scanning) mode; second sending a probe request (probe request) messages on each channel, the active scanning reply basic information (probe Response) was Gen herein that the AP (active scanning) only if the measurement mode from the AP device. Beacon帧中包含该AP所属的BSS的基本信息以及AP的基本能力等级, 其中包括SSID。 The basic capability class BSS Beacon frame contains the AP belongs to the basic information and the AP, including the SSID. Probe Response包含的信息与Beacon帧类似。 Probe Response Beacon frame contains similar information. 步骤202: 网络侧的BRAS设备或AC控制器利用AP设备透传来的用户报文对无线终端进行合法性验证;步骤203:鉴权成功后,无线终端通过AP设备与网络侧建立通信连接; 步骤204:无线终端通过AP设备与网络侧进行数据传输。 Step 202: BRAS or a network side device controller AC using the AP transmitted through packets of the user verify the legitimacy of the wireless terminal; Step 203: After the authentication succeeds, the wireless terminal establishing a communication connection through the AP and the network side; step 204: the wireless terminal performs data transmission with the network side device via the AP. 其中,SSID用来区分不同的网络。 Wherein, SSID used to distinguish between different networks. 为了管理方^^,运营商各AP与无线终端约定的初始SSID是相同的,那么就存在误接入邻居AP的问题。 For Managing ^^ operators each AP and the wireless terminal initially agreed SSID is the same, there is an issue of erroneous access neighbor AP. 例如: 两个距离很近的无线终端分别属于不同AP,但是在执行上述步骤201的搜索AP过程中,由于与邻居无线终端的SSID相同,很有可能搜索到邻居的AP, 那么,会自动尝试连接邻居的AP,但是由于运营商对ADSL端口、用户名和密码进行了绑定,因此,该无线终端是无法通过邻居的AP接入WLAN的。 For example: two closely spaced AP belong to different wireless terminals, but the search for an AP performing the above process step 201, the same as the SSID of the neighbor wireless terminal is likely to search for neighbor AP, it will attempt to automatically AP connected neighbors, but as operators for ADSL port, user name and password is bound, therefore, the wireless terminal is unable to access the WLAN through AP neighbors. 正如前面分析,可以通过MAC地址过滤和WEP加密方式阻止他人4妄入AP,然而,这两种方式都需要用户手工配置,非常繁瑣,而且,当无线终端的用户改变或者更换上网设备时,需要重新配置,也很不方便。 As previously analyzed, can be filtered by the MAC address and WEP encryption to prevent others jump into the AP 4, however, both of these methods require the user to manually configure, very cumbersome, and, when the user changes the wireless terminal equipment or replace the Internet, requires reconfiguration, is also very convenient. 发明内容有鉴于此,本发明提供一种防止误接入AP设备的方法及装置,以提高WLAN安全性。 SUMMARY OF THE INVENTION Accordingly, the present invention provides a method and apparatus for preventing erroneous access to the AP device to improve WLAN security. 为此,本发明实施例采用如下技术方案:一种防止误接入接入点AP设备的方法,包括:在接收到AP设备转发的无线终端认证请求后,网络侧设备对该无线终端合法性进行认证;当认证失败时,网络侧设备记录该无线终端登陆所述AP设备的非法次数,当所述非法次数达到预置的阈值时,所述网络侧设备向所述AP设备发送禁止接入所述无线终端的通知;所述AP设备在接收到所述通知后,禁止响应所述无线终端。 To this end, embodiments of the present invention adopt the following technical solutions: A method for accessing an access point AP error prevention device, comprising: the wireless terminal after receiving the authentication request forwarded by the AP, the network side of the wireless terminal device legitimacy authentication; if the authentication fails, the network side of the wireless terminal device records the number of illegal AP login device, when the number of illegal reaches a preset threshold, the network side device transmits to the AP the access device prohibits the wireless terminal notification; the AP device after receiving the notification, the wireless terminal is prohibited in response. 无线终端通过AP设备向网络侧请求认证之前,所述方法还包括:无线终端发送Probe Request报文,请求获知包含SSID在内的Probe Response报文; 无线终端接收到所述AP设备的Probe Response才艮文后,利用Probe Response 报文中的SSID,通过信号最强的AP设备请求网络侧对其进行合法性认证。 Before the wireless terminal requests authentication to the network through the AP, the method further comprising: wireless terminal transmits Probe Request packet, a request packet is known Probe Response including the SSID; AP wireless terminal device receiving the Probe Response was Gen described later, using the Probe Response packet as SSID, the AP through the strongest signal requesting the network side for their validity authentication. 所述AP设备向各无线终端广播的Beacon帧中隐藏SSID。 The AP apparatus each Beacon frame broadcast by the wireless terminal hidden SSID. 在所述AP设备禁止响应所述无线终端之后,所述方法还包括:所述无线终端重新搜索AP设备,并通过重新搜索到的AP设备接入网络。 After the wireless terminal is prohibited in response to the AP device, the method further comprising: said wireless terminal AP re-search device, re-search by the AP to access the network.

无线终端通过AP设备向网络侧请求认证之前,所述方法还包括:无线终端侦听所述AP设备广播的包含SSID的Beacon帧;利用SSID通过信号最强的AP设备请求网络侧对其进行合法性认证。 Before the wireless terminal requests authentication to the network through the AP, the method further comprising: the wireless terminal listens for a Beacon frame containing the SSID broadcast by the AP; SSID by using the AP with the strongest signal requesting network device be legitimate certification. 在所述AP设备禁止响应所述无线终端后,在广播Beacon帧的同时,向所述无线终端发送无法匹配通知,告知无线终端连接失败。 After the AP in response to the radio terminal apparatus is prohibited, while the broadcast Beacon frame, to the wireless terminal transmits a notification not match, informing the wireless terminal connection failure. 在所述AP设备禁止响应所述无线终端之后,所述方法还包括:所述无线终端重新搜索AP设备,并通过重新搜索到的AP设备接入网络;或者,所述无线终端从上次搜索结果中选择信号次强的AP设备接入网络。 After the AP in response to the radio terminal apparatus is prohibited, the method further comprising: said wireless terminal AP re-search device, re-search by the AP to access the network; or the wireless terminal from the last search results AP selection signal strong secondary units to the network. 所述网络侧设备向所述AP设备发送禁止接入所述无线终端的通知时,同时下发该通知生存时间;当所述通知生存时间到达时,所述APi殳备重新响应所述无线终端。 When the network side notifies the wireless terminal device to prohibit access by the AP transmitting device, while the survival time of the notification issued; survival time when the notification arrives, the APi Shu for reuse in response to said wireless terminal . 一种防止误接入AP设备的装置,包括用于对无线终端合法性进行认证的认证单元,还包括:统计单元,根据所述认证单元的认证结果,对无线终端通过AP设备接入失败的次数进行统计;阈值单元,用于存储有预置的非法次数最大值;判断单元,用于判断所述统计单元统计的次数是否达到所述阈值单元存储的非法次数最大值,若是,发出禁止接入指示;下发单元,在所述判断单元发出禁止接入指示时,向所述AP设备下发禁止接入所述无线终端的通知,告知AP设备禁止响应所述无线终端。 An apparatus for preventing erroneous access to the AP device, comprising a wireless terminal for authenticating the legitimacy of the authentication unit, further comprising: a counting unit, according to the authentication result of the authentication unit, and the AP of the wireless terminal by the access failure number statistics; threshold means for storing a preset maximum number of illegal; determining means for determining whether the count number has reached a maximum value means the statistical number of illegal means for storing the threshold value, and if so, then issue prohibition the indication; issuing unit, issuing an access prohibition instruction at the AP to send prohibiting access to the apparatus notifies the wireless terminal to inform the AP of the wireless terminal is prohibited in response to said determination unit. 还包括:生存时间单元,用于存储禁止接入通知生存时间;所述下发单元在向所述AP设备下发禁止接入通知时,同时将所述禁止接入通知生存时间下发给所述AP设备。 Further comprising: survival time unit for storing an access prohibiting notification survival; the unit is issued to when a notice issued prohibiting access to the AP device, while prohibiting the access to the notification sent to the survival time said AP device. 所述装置为BRAS设备或AC控制器。 The device is a controller device or the AC BRAS. 一种防止误接入AP设备的装置,存在于AP设备中,所述AP设备包括与网络侧进行通信的网络侧接口单元、以及与无线终端通信的无线终端接口单元,所述网络侧接口单元从网络侧接收所述无线设备的禁止接入通知,所述装置包括:存储单元,用于存储各无线终端的禁止接入通知;禁止响应单元,控制所述APi殳备,禁止响应所述通知对应的无线终端。 An apparatus for preventing erroneous access device AP, AP present in the device, the wireless AP apparatus comprises a terminal interface unit for communication with a network-side interface unit, and a terminal with a wireless communication with the network side, the network side interface unit receiving the wireless device from the network access prohibition notification, the apparatus comprising: a storage unit for storing an access prohibiting notification of each wireless terminal; disabled response unit for controlling the apparatus APi Shu, response to the notification prohibiting corresponding wireless terminal. 所述网络侧接口单元还从网络侧接收所述通知生存时间,所述装置还包括:计时单元,用于从接收到所述通知时开始计时;重新响应单元,用于在 The network interface unit further receives a notification from the network side survival time, said apparatus further comprising: a timing unit configured to starts when the receipt of the notification; re responding unit, configured to

所述计时单元计时到达所述通知的生存时间时,重新响应所述无线终端。 When the timer counting means reaches the survival time of the notification, the wireless terminal re-response. 对于上述技术方案的技术效果分析如下:通过网络侧对非法接入用户的统计,向AP设备下发禁止接入通知,AP 设备对于禁止接入通知对应的的无线终端不响应,从而阻止该无线终端误接入AP设备,特别是对于Beacon帧隐藏SSID的情况,用户无法查看到该AP 设备的SSID等信息,从而更加彻底地避免非法用户误接入他人AP设备,提高WLAN安全性,而且本发明是网络侧设备和AP设备自动完成,不需要用户手工配置和更改,非常简便。 For the technical effect of the above technical solutions are as follows: at the network side for illegal access to statistics of users, the AP device to prohibit access notification issued, the AP is prohibited to access the wireless terminal does not respond to the notification corresponding to prevent the radio error terminal equipment accessing the AP, in particular for the case of Beacon frame hidden SSID, the user can not view the information such as the SSID of the AP, thus more completely avoid the illegal access error others AP device, to improve the WLAN security, but also present invention and the AP network side device automatically, and does not require the user to manually change the configuration, is very simple. 采用本发明,可以有效遏制非法用户接入AP设备,通过设置和动态调整误接入次数,可减少对用户操作的影响,例如,可以设置非法接入阈值为三, 当用户第四次非法接入时,AP设备则不会响应该无线终端,减少用户连接失败的次数,降低用户投诉的风险,在用户无法连接到该AP设备后,自然会连接自身AP设备,提高接入WLAN的成功率。 According to the present invention, a user can effectively curb illegal access to the AP, by setting and dynamically adjusting the number of erroneous access, may reduce the impact on the user's operation, for example, it may be provided three threshold illegal access, the illegal access when a user fourth after fashionable, the AP does not response to the wireless terminal, reduce the number of user connections fail, reducing the risk of user complaints, the user device can not connect to the AP, the AP will naturally connector itself, improve the success rate of access to the WLAN . 附图说明图1为WLAN系统示意图;图2为WLAN 4妄入流程图;图3为本发明方法实施例一流程图;图4为本发明方法实施例二流程图;图5为本发明网络侧装置示意图;图6为本发明AP设备中装置示意图。 BRIEF DESCRIPTION OF DRAWINGS FIG 1 is a schematic WLAN system; FIG. 2 is a flowchart of the WLAN jump 4; FIG. 3 a flow chart of an embodiment of the inventive method; Figure 4 is a flowchart according to a second embodiment of the inventive method; FIG. 5 is a schematic of a network schematic side; FIG. 6 is a schematic AP apparatus of the present invention apparatus. 具体实施方式因此,本发明提供一种智能的非法用户检测方案,不需要用户配置,通过AP设备和网络侧后台接入控制设备的联动,实现非法用户的自动隔离,保证WLAN接入的安全性。 DETAILED DESCRIPTION Accordingly, the present invention provides an intelligent illegal user detection scheme does not require the user to configure, by interlocking the AP and the network access control apparatus background, automatic isolation of illegal users, to ensure the security of WLAN access . 本发明核心在于,网络侧的BRAS设备或AC控制器在用户通过某AP向网络侧i人证不通过时,在网络侧增加统计控制功能,即在用户认证失败次数 The core of the present invention wherein, the BRAS device or the AC network controller when the user side to the network side without passing through a through i witnesses the AP, the network side adds a statistical control functions, i.e. the number of times the user authentication fails

达到阈值时,向AP设备下发禁止接入通知;该用户再次尝试通过该AP接入时,AP设备不作回应,以此防止用户误接入他人AP设备。 When the threshold is reached, next to the AP prohibit access device issued notice; the user tries to access again by the time the AP, the AP does not respond, this is to prevent users access to others the AP. 概括而言,本发明提供的方法包括以下步骤:1、 无线终端通过AP设备向网络侧请求认证后,网络侧设备对该无线终端合法性进行认证;2、 当认证失败时,网络侧设备记录该无线终端登陆所述AP设备的非法次数,当所述非法次数达到预置的阈值时,所述网络侧设备向所述AP设备下发禁止接入该无线终端的通知;3、 所述AP设备在接收到所述通知后,禁止响应该无线终端。 In summary, the present invention provides a method comprising the steps of: 1, after the wireless terminal requests authentication to the network through the AP, the wireless network device to authenticate the legitimacy of the terminal; 2, when the authentication fails, the network-side recording apparatus the number of illegal radio terminal landing the AP device, when the number of illegal reaches a preset threshold, the network side device send a notification prohibiting the access to the wireless terminal apparatus at the AP; 3, the AP when receiving the notification, in response to the wireless terminal is prohibited. 其中,无线终端与AP设备建立通信,优选采用主动扫描的方式,这种方式下Beacon帧中隐藏SSID;也可以采用被动扫描的方式,这种方式下在广播Beacon帧时再额外告知无线终端无法连接。 Wherein the wireless terminal and the AP to establish a communication, preferably by way of the active scanning, this embodiment Beacon frame hide the SSID; passive scanning mode can also be used, then an additional way to inform this Beacon frame broadcast wireless terminal can not connection. 下面结合附图分别详细介绍。 It is described in detail below with the accompanying drawings. 首先介绍本发明方法实施例一:在本实施例中,AP设备向各无线终端广播的Beacon帧中隐藏SSID,无线终端通过Probe Request方式搜索SSID。 It introduces a method embodiment of the present invention: In the present embodiment, Beacon frame to each the radio terminal apparatus AP hidden SSID broadcast, the wireless terminal by Probe Request SSID search mode. 参见图3,为实施例一流程图,包括:步骤301:无线终端发送Probe Request,请求包含SSID等在内的Probe Response;步骤302: AP设备响应无线终端的Probe Request,反馈包含SSID的Probe Response;其中,Probe Response包含该AP所属的BSS的基本信息以及AP的基本能力等级。 Referring to Figure 3, is a diagram of a flow chart, comprising: Step 301: the wireless terminal sends a Probe Request, Request SSID Probe Response, etc., comprising; Step 302: AP wireless terminal device in response to the Probe Request, the feedback comprising an SSID Probe Response ; wherein the base comprises a Probe Response capability level of the BSS AP belongs to the basic information and the AP. 在实际应用中,由于信号强弱,很可能存在这种情况:邻居AP也向该无线终端反馈Probe Response,且该反馈信号更强,导致无线终端误接入该AP 设备。 In practice, since the signal strength, it is likely that this situation exists: the AP neighbor to the wireless terminal feedback Probe Response, and the feedback signal is stronger, resulting in erroneous access to the AP the wireless terminal device. 步骤303:无线终端通过AP设备向网络侧BRAS设备或AC控制器请求认证;步骤304:网络侧BRAS设备或AC控制器根据AP设备透传的用户报文对用户进行PPPOE认证; Step 303: the wireless terminal requests authentication from the network side or the BRAS via the AP controller AC; Step 304: the network side or the BRAS AC control packets to the user authentication based on user PPPOE passthrough the AP;

步骤305:对于认证通过的用户,允许接入WLAN;对于认证不通过的用户,BRAS设备或AC控制器统计该用户尝试非法登陆该AP设备的次数; 参见表l,为BRAS或AC控制器对用户的统计表。 Step 305: For user authentication, allowing access to the WLAN; for user authentication is not passed, or AC controller statistics BRAS device the user attempts the login illegal device AP; Table L, or AC controller to BRAS Statistics users. 其中,可以以无线终端MAC地址标识不同用户。 Wherein the user may identify different wireless terminal MAC address. 表1用户标识 尝试非法登陆某AP的次数 步骤306:当某用户尝试非法登陆次数达到阈值时,BRAS设备或AC控制器向AP设备发送禁止该用户接入的通知;步骤307: AP设备接收到该通知后,对与该用户的任何报文不作回应。 Table 1 identifies the user attempts an illegal landing AP Step 306: When a user attempts to illegally reach the threshold number of login, BRAS equipment or AC controller sends a notification prohibiting the user access to the AP; Step 307: the AP receives after the notification of any message with the user does not respond. 也就是说,当后续该用户广播Probe Request才艮文请求Probe Response时, 该AP不对此用户作任何回应,由此,该用户不会再搜索到该AP设备反馈的SSID等信息,另一方面,由于在Beacon帧中隐藏了SSID信息,用户也不会查看到该AP设备的SSID,不会再试图与该AP设备进行连接。 That is, when the user subsequent broadcast Probe Request packet request until Gen Probe Response, the AP does not respond to any user for this, whereby the user will not search for the SSID of the AP information such as the feedback device, on the other hand Since hidden SSID information in the Beacon frame, users will not see the device's SSID to the AP, it will not attempt to connect with the AP device. 由此,可以保证用户不会连接到邻居AP设备,也能防止非法用户对AP设备的攻击。 This makes it possible to ensure that users do not connect to the neighbor AP device, but also to prevent unauthorized users from attacks on the AP device. 下面介绍本发明方法实施例二:与实施例一中Beacon帧隐藏SSID不同,本实施例Beacon帧携带有SSID, 无线终端通过侦听AP设备广播的Beacon帧获知SSID等信息,当AP设备从BRAS设备或AC控制器接收到某无线终端的禁止接入通知时,向该无线终端发送不匹配通知,告知无线终端所采用的SSID不匹配,无法成功登陆网络, 以便用户釆用其他SSID进行接入WLAN,也避免用户不知情而投诉。 The following describes the method according to the second embodiment of the present invention: Example Beacon frame a hidden SSID is different, according to the present embodiment, the Beacon frame carries SSID, the AP wireless terminal listens to the broadcast SSID information Beacon frame is known, if the AP from the BRAS when the device or the AC to prohibit the access controller receives the notification of a wireless terminal, to the wireless terminal transmits mismatch notification, inform the SSID used by the wireless terminal does not match to successfully access the network, to the user for access to preclude other SSID WLAN, but also to avoid the user's knowledge and complaints. 参见图4,为实施例二流程图,包括:步骤401: AP设备广播携带有SSID的Beacon帧;步骤402:无线终端侦听到Beacon帧后,通过AP设备向BRAS或AC 控制器请求鉴权;步骤403: BRAS设备或AC控制器对用户进行合法性认证; 步骤404:对于合法用户,允许接入网络;对于非法用户,对于认i正不通过的用户,BRAS设备或AC控制器统计该用户尝试非法登陆的次数;统计表也请参见表1;步骤405:当某用户尝试非法登陆次数达到阈值时,BRAS设备或AC控制器向AP设备发送禁止该用户接入通知;步骤406: AP设备接收到该名单后,禁止响应该无线终端,并且,向该用户发送不匹配通知,告知该用户无法采用原SSID接入WLAN;步骤407:无线终端利用其余AP设备Beacon帧中的信息,通过其余AP 连接WLAN。 Referring to Figure 4, is a flow chart according to the second embodiment includes: Step 401: the AP's SSID broadcast carries Beacon frame; Step 402: the wireless terminal listens to the Beacon frame, an authentication request to the BRAS through the AP controller or AC ; step 403: BRAS or AC controller for the user equipment validity authentication; step 404: for the legitimate user, allowing access to the network; for unauthorized users and users recognize i n does not pass, the BRAS device or the AC controller statistics user attempts of illegal landing; statistics also see Table 1; step 405: when a user attempts to illegally reach the threshold number of login, BRAS control device or the AC transmission prohibition notification to the user access device AP; step 406: AP after receiving the device list is prohibited in response to the wireless terminal, and sends the user does not match the notification that the user can not access the WLAN using the original SSID; step 407: the wireless terminal device using the AP information to rest in the Beacon frame, by remaining AP connection WLAN. 上述两个实施例,分别从用户角度的主动扫描和被动扫描获知SSID进行描述,实际上,这两种获知SSID的方式可以结合应用,即,在接收到Beacon 帧时按照Beacon帧中的SSID连接网络,没有收到Beacon帧的情况下,主动发送Probe Request报文侦听AP设备,从而连接网络。 The above two embodiments, users are known from the active scanning and passive scanning angle SSID will be described, in fact, the two may be combined manner known SSID applied, i.e., connected in the SSID Beacon frame upon receiving the Beacon frame network, there is no case where the received Beacon frame, sends Probe Request packets listening AP device, to connect the network. 本领域技术人员都了解,在无线终端搜索AP设备时,可以自动记录所搜索到的AP设备的信息以便下次连接,或者不作记录每次重新搜索,这与具体无线终端以及操作平台类型有关,优选每次重新搜索的方式。 Those skilled in the art are aware, when the wireless terminal searches for the AP, can automatically record information searched AP device is connected to the next, or not recorded per search again, depend on the particular type of wireless terminal and the platform, preferably each way to re-search. 无线终端的驱动程序能够识别各AP设备的信号强弱,并自动按照信号强弱进行排序和显示, 一般情况下,无线终端会自动与信号最强的AP设备进行连接,但由于会出现他人AP设备信号最强的情况,所以采用上述两个实施例禁止信号最强的错误AP设备响应该无线终端。 The driver can recognize the wireless terminal device signal strength of each AP, and automatically sorted and displayed according to the signal strength, in general, the wireless terminal will automatically connect with the AP of the strongest signal, but the others will appear AP equipment strongest signal, the above-described two embodiments prohibits the strongest error signal in response to the AP of the wireless terminal. 在实施例一中,由于在Beacon帧中隐藏了SSID,因此,相当于彻底屏蔽了错误AP设备,釆用此实施例时,无线终端应釆用每次接入网络时都重新搜索AP设备的方式,不对搜索到的AP设备信息进行记录以免仍与错误AP设备进行连接,此时,无线终端后续不会搜索到该AP设备,自然地,无线终端会与这次搜索到的信号最强的AP设备进行连接,假设该最强AP设备正是该无线终端所对应的,那么在网络侧自然会对该用户认证通过,该无线终端即可顺利接入WLAN,避免一直试图接入他人AP 设备而无法登陆的问题。 In an Example, since the hidden SSID in the Beacon frame, and therefore, is equivalent to completely shield the wrong AP device, Bian When using this embodiment, the wireless terminal shall preclude the AP are re-search when the access network with each mode, the AP does not searched information is recorded so as to connect with the error is still the AP at this time, the wireless terminal does not search subsequent to the AP device, naturally, with the wireless terminal will search for the strongest signal AP devices are connected, it is assumed that the strongest AP device corresponding to the wireless terminal, the network side will naturally by the user authentication, the wireless terminal can successfully access the WLAN, the access of others have been trying to avoid the AP but could not land issue. 在实施例二中,在Beacon帧中没有隐藏SSID,而是采用实时通知的方式告知无线终端接入错误,因此,这种情况下无线终端在每次试图接入网络时,可以釆用存储AP设备信息或者每次都重新搜索的两 In Example II, the Beacon frame the SSID is not hidden, but to inform the wireless terminal access real-time error notification manner, therefore, in this case, at each wireless terminal attempting to access the network, may preclude the use of stored AP two each time the device information or re-search

种方式,如果接入信号最强的AP设备失败了,并得到接入失败通知,自然会选捧下一个信号次强的AP设备进行连接。 Way, if the access fails the AP with the strongest signal, and get access failure notification, naturally holding the next connection is selected from the second strongest signal AP device. 另外,在BRAS设备或AC控制器向AP设备下发禁止接入通知时,还可以同时发送该通知生存时间,当该通知生存时间到达时,AP设备删除通知, 重新允许无线终端连接AP设备,这样,可以避免某些不便,例如,当无线终端从原处移至邻居家时,如果一直限制无线设备接入邻居AP设备,这种情况下则无法接入WLAN,采用上述生存时间的灵活设置,可以有效避免这类问题。 Further, may also be sent to the BRAS or AC controller prohibits access notice sent when the AP device while the notification survival, survival time when the notification arrives, the AP deletion notification, re-enables the wireless terminal connected to the AP, this avoids some inconvenience, e.g., when the wireless terminal moves to the neighbor from its place, if the wireless device has access restriction neighbor AP device, in this case it can not access the WLAN, flexible disposed above the survival time can effectively avoid such problems. 采用本发明,可以有效遏制非法用户接入AP设备,通过设置和动态调整误接入次数,可减少对用户操作的影响,例如,可以设置非法接入阈值为三, 当用户第四次非法接入时,AP设备则不会响应该无线终端,减少用户连接失败的次数,降低用户冲殳诉的风险,在用户无法连接到该AP设备后,自然会连接自身AP设备,可成功连接WLAN。 According to the present invention, a user can effectively curb illegal access to the AP, by setting and dynamically adjusting the number of erroneous access, may reduce the impact on the user's operation, for example, it may be provided three threshold illegal access, the illegal access when a user fourth after fashionable, the AP does not response to the wireless terminal, reduce the number of user connections fail, reducing the risk of user complaints punch Shu, the user device can not connect to the AP, the AP will naturally connector itself can be successfully connected to WLAN. 与上述方法相对应,本发明还提供一种防止误接入AP设备的装置,该装置存在于网络侧,为BRAS设备或AC控制器,或者具有BRAS设备/AC控制器功能的其他设备。 Corresponding to the above method, the present invention also provides a means for preventing erroneous access to the AP device, the device is present on the network side, to the BRAS or AC controllers, or other devices having the BRAS / AC controller functionality. 参见图5,该装置包括认证单元501、统计单元502、阈值单元503、判断单元504和下发单元505,其中,认证单元501主要用于根据AP设备透传的用户报文对无线终端进行合法性认证,与现有技术类似,不再赘述,下面着重介绍其余几个单元的功能。 Referring to Figure 5, the apparatus includes an authentication unit 501, counting unit 502, threshold unit 503, determination unit 504 and the sending unit 505, wherein the authentication unit 501 is mainly used for legitimate wireless terminal according to a user packet AP device passthrough certification, and is similar to the prior art, will not be repeated, the following highlights some function of the remaining units. 统计单元502,才艮据所述认证单元501的认证结果,对无线终端通过AP 设备接入失败的次数进行统计;阈值单元503,用于存储有预置的非法次数最大值;判断单元504,用于判断所述统计单元502统计的次数是否达到所述阈值单元503存储的非法次数最大值,若是,发出禁止接入通知的指示;下发单元505,在所述判断单元504下发禁止接入通知的指示时,向所述AP设备下发所述无线终端的禁止接入通知,告知AP i殳备禁止响应所述无线终端。 Statistics unit 502, according to the authentication result of the Gen only authentication unit 501, the radio terminal by the AP access failures statistics; threshold unit 503 for storing a preset maximum number of illegal; judging unit 504, illegal number of times the counting unit 502 for determining whether the statistics unit 503 stores the threshold value of the maximum value, and if so, instructs the access prohibiting notification; issuing unit 505, in the contact determination unit 504 prohibits hair when the notification indicating to the hair at the AP device prohibiting access to the wireless terminal a notification that AP I Shu responsive to said radio terminal apparatus is prohibited.

另外,还可以对所述通知生存时间进行控制,以便某种情况下满足用户需求,此时,该装置还包括生存时间单元506,用于存^f诸所述通知的生存时间; 此时,所述下发单元505在向所述AP设备下发所述通知时,同时将所述通知的生存时间下发给所述AP设备。 Further, the notification may also be survival time control, in order to meet the needs of users under certain conditions, this time, the apparatus further comprising a lifetime unit 506 for storing various survival time of the notification ^ f; in this case, the issuing unit 505 in the apparatus when the AP to send the notification will be sent to the AP device while the survival time of the notification. 上述装置的实现细节与方法实施例类似,例如,可采用用户'MAC地址来识别不同的无线终端等,在此不再赘述。 Implementation details and method of the above-described embodiment of apparatus similar to, for example, a user may employ 'MAC address to identify the different wireless terminals, are not repeated here. 另外,本发明还提供一种存于AP设备中的装置,参见图6,为包含该装置的AP设备示意图。 Further, the present invention also provides an apparatus AP present in the apparatus, see FIG. 6, the AP is a schematic diagram of the apparatus comprising. 其中,AP设备包括与网络侧进行通信的网络侧接口单元601、以及与无线终端通信的无线终端接口单元602和该装置603。 Wherein, the network device comprises the AP-side communication interface unit 601, and a terminal communicating with the wireless network side a wireless terminal interface unit 602 and the device 603. 所述网络侧接口单元601从网络侧接收所述无线设备的禁止接入通知;所述装置603 包括:存储单元6031,用于存储各无线终端的禁止接入通知;禁止响应单元6032,控制所述AP"i殳备,禁止响应所述通知对应的无线终端。当网络侧对所述通知生存时间进行控制时,所述网络侧4妄口单元601还从网络侧接收所述通知生存时间,所述装置还包括:计时单元6033,用于从接收到所述通知时开始计时;重新响应单元6034,用于在所述计时单元计时到达所述通知生存时间时,重新响应所述无线终端。上述装置的实现细节与方法实施例类似,在此不再赘述。以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。 The network interface unit 601 receives a notification prohibiting access to the wireless device from a network side; the means 603 comprises: a storage unit 6031, a notification for inhibiting access memory of each wireless terminal; disabled response unit 6032, the control said AP "i Shu apparatus is prohibited in response to the radio terminal corresponding to when the network side controls the survival time of notification, the network interface unit 601 to jump to 4 further survival time of receiving the notification from the network side, said apparatus further comprising: a timing unit 6033 configured to starts when the receipt of the notification; re-response unit 6034, a notification when the lifetime of the timekeeping unit arrives, again in response to the wireless terminal. implementation details and method of the above-described embodiment apparatus is similar embodiment, not described herein again. the above are only preferred embodiments of the present invention, it should be noted that those of ordinary skill in the art, in the present invention without departing from the principles of under the premise, may make various improvements and modifications, improvements and modifications should also be regarded as the protection scope of the present invention.

Claims (13)

1、一种防止误接入接入点AP设备的方法,其特征在于,包括: 在接收到AP设备转发的无线终端认证请求后,网络侧设备对该无线终端合法性进行认证; 当认证失败时,网络侧设备记录该无线终端登陆所述AP设备的非法次数,当所述非法次数达到预置的阈值时,所述网络侧设备向所述AP设备发送禁止接入所述无线终端的通知; 所述AP设备在接收到所述通知后,禁止响应所述无线终端。 1. A method for preventing erroneous access point AP the access device, characterized by comprising: the wireless terminal after receiving the authentication request forwarded by the AP, the wireless network device to authenticate the legitimacy of the terminal; and when the authentication fails when the network side of the wireless terminal device records the number of illegal AP login device, when the number of illegal reaches a preset threshold, the network side notifies the access device of the wireless terminal device to the AP transmission prohibition ; AP device upon the receipt of the notification, the wireless terminal is prohibited in response.
2、 根据权利要求l所述方法,其特征在于,无线终端通过AP设备向网络侧请求认证之前,所述方法还包括:无线终端发送Probe Request报文,请求获知包含SSID在内的Probe Response才艮文;无线终端接收到所述AP设备的Probe Response 4艮文后,利用Probe Response报文中的SSID,通过信号最强的AP设备请求网络侧对其进行合法性认证。 2, according to the method as claimed in claim l, characterized in that, before the wireless terminal requests authentication, the method further comprises the network-side apparatus through the AP: wireless terminal transmits Probe Request message, requesting the SSID Probe Response including the only known Gen text; after the wireless terminal. 4 Gen Probe Response packet to the AP receiving device by Probe Response packets as SSID, the AP through the strongest signal requesting the network side for their validity authentication.
3、 根据权利要求2所述方法,其特征在于,所述AP设备向各无线终端广播的Beacon帧中隐藏SSID。 3. The method according to claim 2, characterized in that, the Beacon frame by the AP the wireless terminal apparatus broadcasts each hidden SSID.
4、 根据权利要求2或3所述方法,其特征在于,在所述AP设备禁止响应所述无线终端之后,所述方法还包括:所述无线终端重新搜索AP设备,并通过重新搜索到的AP设备接入网络。 4. The method as claimed in claim 2 or claim 3, wherein, after the wireless terminal in response to the AP device is prohibited, the method further comprising: said wireless terminal AP re-search device, and by re-searched AP units to the network.
5、 根据权利要求l所述方法,其特征在于,无线终端通过AP设备向网络侧请求认i正之前,所述方法还包括:无线终端侦听所述AP设备广播的包含SSID的Beacon帧;利用SSID通过信号最强的AP设备请求网络侧对其进行合法性认证。 5. The method as claimed in claim l, wherein, the wireless terminal requests to the network recognized by AP i n prior apparatus, the method further comprising: the wireless terminal listens for a Beacon frame containing the SSID broadcast by the AP; by the AP with the strongest signal requesting network device authentication is performed using authentication SSID.
6、 根据权利要求4所述方法,其特征在于,在所述AP设备禁止响应所述无线终端后,在广播Beacon帧的同时,向所述无线终端发送无法匹配通知, 告知无线终端连接失败。 6. A method according to claim 4, characterized in that, after the AP in response to the radio terminal apparatus is prohibited, while the broadcast Beacon frame, to the wireless terminal transmits a notification not match, informing the wireless terminal connection failure.
7、 根据权利要求5或6所述方法,其特征在于,在所述AP设备禁止响应所述无线终端之后,所述方法还包括: 所述无线终端重新搜索AP设备,并通过重新搜索到的AP设备接入网络; 或者,所述无线终端从上次搜索结果中选择信号次强的AP设备接入网络。 7. The method as claimed in claim 5 or claim 6, wherein, after the wireless terminal in response to the AP device is prohibited, the method further comprising: said wireless terminal AP re-search device, and by re-searched the AP access network; Alternatively, the wireless terminal selects the next strongest signal AP devices access the network from the last search results.
8、 根据权利要求l、 2、 3、 5、 6任一项所述方法,其特征在于,所述网络侧设备向所述AP设备发送禁止接入所述无线终端的通知时,同时下发该通知生存时间;当所述通知生存时间到达时,所述AP i殳备重新响应所述无线终端。 8, according to claim L,, any 2, 3, 56 out the method, characterized in that said apparatus when access to the network side notifies the wireless terminal device to the AP transmission prohibition, applied simultaneously the survival time of notification; survival time when the notification arrives, the AP i Shu for reuse in response to the wireless terminal.
9、 一种防止误接入AP设备的装置,包括用于对无线终端合法性进行认证的认证单元,其特征在于,还包括:统计单元,根据所述认证单元的认证结果,对无线终端通过AP设备接入失败的次数进行统计;阈值单元,用于存储有预置的非法次数最大值;储的非法次数最大值,'若是/发出禁止接入指示;' ^ ^ '下发单元,在所述判断单元发出禁止接入指示时,向所述AP设备下发禁止接入所述无线终端的通知,告知AP设备禁止响应所述无线终端。 9. An apparatus for preventing erroneous access to the AP device, comprising a wireless terminal for authenticating the legitimacy of the authentication unit, characterized in that, further comprising: a counting unit, according to the authentication result of the authentication unit, the radio terminal by the number of the AP access failure statistics; threshold means for storing a preset maximum number of illegal; the maximum number of illegal storage, 'if / access instruction issue prohibition unit;' ^ ^ 'issuing unit, in the when the determination indicates an access prohibition, the AP device to send the notification unit prohibiting access to the wireless terminal, the AP is prohibited in response to inform the wireless terminal.
10、 才艮据权利要求9所述装置,其特征在于,还包括: 生存时间单元,用于存储禁止接入通知生存时间; 所述下发单元在向所述AP设备下发禁止接入通知时,同时将所述禁止接入通知生存时间下发给所述AP设备。 10, only Gen apparatus according to claim 9, characterized in that, further comprising: survival time unit for storing an access prohibiting notification survival time; issued in the issuing unit prohibiting access to the notification to the AP device when, while prohibiting access to the notice sent by the AP device lifetime.
11、 根据权利要求9或IO所述装置,其特征在于,所述装置为BRAS设备或AC控制器。 11. The apparatus according to claim 9 or IO, and so characterized in that said device is a controller device or the AC BRAS.
12、 一种防止误接入AP设备的装置,存在于AP设备中,所述AP设备包括与网络侧进行通信的网络侧接口单元、以及与无线终端通信的无线终端接口单元,其特征在于,所述网络侧接口单元从网络侧接收所述无线设备的禁止接入通知,所述装置包括:存储单元,用于存储各无线终端的禁止接入通知;禁止响应单元,控制所述AP设备,禁止响应所述通知对应的无线终端。 12. An apparatus for preventing erroneous access device AP, AP present in the device, the wireless AP apparatus includes a terminal interface unit of the network-side communication interface unit, and a terminal with a wireless communication with the network side, wherein, the network interface unit receives a notification prohibiting access to the wireless device from the network side, the apparatus comprising: a storage unit for storing an access prohibiting notification of each wireless terminal; disabled response unit, the AP control apparatus, It is prohibited in response to the corresponding radio terminal.
13、根据权利要求12所述装置,其特征在于,所述网络侧接口单元还从网络侧接收所述通知生存时间,所述装置还包括:计时单元,用于从接收到所述通知时开始计时;重新响应单元,用于在所述计时单元计时到达所述通知的生存时间时, 重新响应所述无线终端。 13. The apparatus as claimed in claim 12, wherein said network interface unit further receives a notification from the network side survival time, said apparatus further comprising: a timing unit, when receiving the notification for starting from timing; re-response unit for survival in the timekeeping unit reaches the notification, the wireless terminal re-response.
CN 200710167322 2007-10-22 2007-10-22 Method and device of access point equipment for preventing error access CN101141259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200710167322 CN101141259A (en) 2007-10-22 2007-10-22 Method and device of access point equipment for preventing error access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710167322 CN101141259A (en) 2007-10-22 2007-10-22 Method and device of access point equipment for preventing error access

Publications (1)

Publication Number Publication Date
CN101141259A true CN101141259A (en) 2008-03-12

Family

ID=39193027

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710167322 CN101141259A (en) 2007-10-22 2007-10-22 Method and device of access point equipment for preventing error access

Country Status (1)

Country Link
CN (1) CN101141259A (en)

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065147A (en) * 2011-01-07 2011-05-18 深圳市易聆科信息技术有限公司 Method and device for obtaining user login information based on enterprise application system
CN102185871A (en) * 2011-06-09 2011-09-14 杭州华三通信技术有限公司 Method and equipment for processing messages
CN102378312A (en) * 2010-08-23 2012-03-14 国基电子(上海)有限公司 Mobile handheld device and tracking and positioning method thereof
CN101651682B (en) * 2009-09-15 2012-08-29 杭州华三通信技术有限公司 Method, system and device of security certificate
CN102711215A (en) * 2012-05-23 2012-10-03 海信集团有限公司 Method and system for automatically connecting wireless network and smart television
CN101765114B (en) * 2010-01-18 2012-11-28 杭州华三通信技术有限公司 Method, system and equipment for controlling wireless user access
CN102938886A (en) * 2012-10-12 2013-02-20 深圳市共进电子股份有限公司 Method for preventing wireless network from being detected
CN102986278A (en) * 2010-05-14 2013-03-20 捷讯研究有限公司 Incorporation of a notification in a network name
CN103052172A (en) * 2012-12-28 2013-04-17 上海寰创通信科技股份有限公司 PPPoE (point-to-point protocol over Ethernet) realization method for WLAN (wireless local area networks) sub net terminal
CN103079186A (en) * 2012-03-05 2013-05-01 上海寰创通信科技股份有限公司 License-information transmission method based on wireless network environment
CN102026186B (en) * 2009-09-21 2013-06-12 国基电子(上海)有限公司 Service network detection system and method
CN104038912A (en) * 2014-07-03 2014-09-10 胡继强 Security WIFI advertising method and system
CN104066084A (en) * 2013-03-22 2014-09-24 瑞昱半导体股份有限公司 Wireless network system and connecting method thereof
CN104159244A (en) * 2014-08-05 2014-11-19 王强 Portable wireless network detection evidence-obtaining system
CN104410972A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Method for monitoring running state of wireless local area network
CN104601560A (en) * 2014-12-31 2015-05-06 北京华为朗新科技有限公司 Broadband access device and user authentication method
CN104767743A (en) * 2015-03-25 2015-07-08 广东欧珀移动通信有限公司 Automatic wireless local area network login information switching method and device
CN104871598A (en) * 2012-09-24 2015-08-26 英国电讯有限公司 Wireless access point
CN104936181A (en) * 2015-06-25 2015-09-23 杭州华三通信技术有限公司 Access authentication method and device for connecting specified AP (Access Point)
CN105188058A (en) * 2015-09-25 2015-12-23 上海矽昌通信技术有限公司 Authentication method for performing identity recognition at WIFI (Wireless Fidelity) scanning stage
WO2015196687A1 (en) * 2014-06-25 2015-12-30 中兴通讯股份有限公司 Authentication management method and apparatus, wlan access device and communication system
WO2016041363A1 (en) * 2014-09-15 2016-03-24 Zhejiang Shenghui Lighting Co., Ltd. Method and system for automatically adapting to wi-fi network with hidden ssid
US9301127B2 (en) 2013-02-06 2016-03-29 Blackberry Limited Persistent network negotiation for peer to peer devices
WO2016184208A1 (en) * 2015-11-10 2016-11-24 中兴通讯股份有限公司 Limited terminal identification and processing method, apparatus, and wireless access point device
CN106255106A (en) * 2016-07-26 2016-12-21 广东欧珀移动通信有限公司 A kind of wireless network connecting method and device
WO2017050108A1 (en) * 2015-09-24 2017-03-30 上海斐讯数据通信技术有限公司 Authentication method, apparatus and system for accessing wifi hotspot
US9615383B2 (en) 2010-03-15 2017-04-04 Blackberry Limited Negotiation of quality of service (QoS) information for network management traffic in a wireless local area network (WLAN)
US9622155B2 (en) 2012-07-13 2017-04-11 Blackberry Limited Wireless network service transaction protocol
CN106714158A (en) * 2015-08-18 2017-05-24 中国移动通信集团公司 WiFi access method and device
CN106899967A (en) * 2015-12-21 2017-06-27 北京奇虎科技有限公司 WiFi cipher safe protecting methods and device
US9794967B2 (en) 2011-09-16 2017-10-17 Blackberry Limited Discovering network information available via wireless networks
US9820199B2 (en) 2012-05-11 2017-11-14 Blackberry Limited Extended service set transitions in wireless networks

Cited By (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651682B (en) * 2009-09-15 2012-08-29 杭州华三通信技术有限公司 Method, system and device of security certificate
CN102026186B (en) * 2009-09-21 2013-06-12 国基电子(上海)有限公司 Service network detection system and method
CN101765114B (en) * 2010-01-18 2012-11-28 杭州华三通信技术有限公司 Method, system and equipment for controlling wireless user access
US10356662B2 (en) 2010-03-15 2019-07-16 Blackberry Limited Negotiation of quality of service (QoS) information for network management traffic in a wireless local area network (WLAN)
US9615383B2 (en) 2010-03-15 2017-04-04 Blackberry Limited Negotiation of quality of service (QoS) information for network management traffic in a wireless local area network (WLAN)
CN102986278A (en) * 2010-05-14 2013-03-20 捷讯研究有限公司 Incorporation of a notification in a network name
CN102986278B (en) * 2010-05-14 2016-06-01 黑莓有限公司 Network name is incorporated to notice
CN102378312A (en) * 2010-08-23 2012-03-14 国基电子(上海)有限公司 Mobile handheld device and tracking and positioning method thereof
CN102065147A (en) * 2011-01-07 2011-05-18 深圳市易聆科信息技术有限公司 Method and device for obtaining user login information based on enterprise application system
CN102185871A (en) * 2011-06-09 2011-09-14 杭州华三通信技术有限公司 Method and equipment for processing messages
US9794967B2 (en) 2011-09-16 2017-10-17 Blackberry Limited Discovering network information available via wireless networks
US10200941B2 (en) 2011-09-16 2019-02-05 Blackberry Limited Discovering network information available via wireless networks
CN103079186A (en) * 2012-03-05 2013-05-01 上海寰创通信科技股份有限公司 License-information transmission method based on wireless network environment
CN103079186B (en) * 2012-03-05 2015-07-22 上海寰创通信科技股份有限公司 License-information transmission method based on wireless network environment
US10349321B2 (en) 2012-05-11 2019-07-09 Blackberry Limited Extended service set transitions in wireless networks
US9820199B2 (en) 2012-05-11 2017-11-14 Blackberry Limited Extended service set transitions in wireless networks
CN102711215A (en) * 2012-05-23 2012-10-03 海信集团有限公司 Method and system for automatically connecting wireless network and smart television
US10142921B2 (en) 2012-07-13 2018-11-27 Blackberry Limited Wireless network service transaction protocol
US9622155B2 (en) 2012-07-13 2017-04-11 Blackberry Limited Wireless network service transaction protocol
CN104871598A (en) * 2012-09-24 2015-08-26 英国电讯有限公司 Wireless access point
CN102938886A (en) * 2012-10-12 2013-02-20 深圳市共进电子股份有限公司 Method for preventing wireless network from being detected
CN103052172A (en) * 2012-12-28 2013-04-17 上海寰创通信科技股份有限公司 PPPoE (point-to-point protocol over Ethernet) realization method for WLAN (wireless local area networks) sub net terminal
CN103052172B (en) * 2012-12-28 2015-10-28 上海寰创通信科技股份有限公司 A kind of PPPoE implementation method of WLAN subnet end
US9301127B2 (en) 2013-02-06 2016-03-29 Blackberry Limited Persistent network negotiation for peer to peer devices
US9942316B2 (en) 2013-02-06 2018-04-10 Blackberry Limited Persistent network negotiation for peer to peer devices
CN104066084B (en) * 2013-03-22 2017-05-24 瑞昱半导体股份有限公司 Wireless network system and connecting method thereof
CN104066084A (en) * 2013-03-22 2014-09-24 瑞昱半导体股份有限公司 Wireless network system and connecting method thereof
CN105208556A (en) * 2014-06-25 2015-12-30 中兴通讯股份有限公司 Authentication management method, device, WLAN access apparatus and communication system
WO2015196687A1 (en) * 2014-06-25 2015-12-30 中兴通讯股份有限公司 Authentication management method and apparatus, wlan access device and communication system
CN104038912A (en) * 2014-07-03 2014-09-10 胡继强 Security WIFI advertising method and system
CN104159244A (en) * 2014-08-05 2014-11-19 王强 Portable wireless network detection evidence-obtaining system
WO2016041363A1 (en) * 2014-09-15 2016-03-24 Zhejiang Shenghui Lighting Co., Ltd. Method and system for automatically adapting to wi-fi network with hidden ssid
US10117169B2 (en) 2014-09-15 2018-10-30 Zhejiang Shenghui Lighting Co., Ltd Method and system for automatically adapting to Wi-Fi network with hidden SSID
CN104410972A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Method for monitoring running state of wireless local area network
CN104601560A (en) * 2014-12-31 2015-05-06 北京华为朗新科技有限公司 Broadband access device and user authentication method
CN104767743A (en) * 2015-03-25 2015-07-08 广东欧珀移动通信有限公司 Automatic wireless local area network login information switching method and device
CN104936181A (en) * 2015-06-25 2015-09-23 杭州华三通信技术有限公司 Access authentication method and device for connecting specified AP (Access Point)
CN106714158A (en) * 2015-08-18 2017-05-24 中国移动通信集团公司 WiFi access method and device
CN106714158B (en) * 2015-08-18 2020-02-18 中国移动通信集团公司 WiFi access method and device
WO2017050108A1 (en) * 2015-09-24 2017-03-30 上海斐讯数据通信技术有限公司 Authentication method, apparatus and system for accessing wifi hotspot
CN105188058A (en) * 2015-09-25 2015-12-23 上海矽昌通信技术有限公司 Authentication method for performing identity recognition at WIFI (Wireless Fidelity) scanning stage
CN106686590A (en) * 2015-11-10 2017-05-17 中兴通讯股份有限公司 Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment
WO2016184208A1 (en) * 2015-11-10 2016-11-24 中兴通讯股份有限公司 Limited terminal identification and processing method, apparatus, and wireless access point device
CN106899967A (en) * 2015-12-21 2017-06-27 北京奇虎科技有限公司 WiFi cipher safe protecting methods and device
CN106255106A (en) * 2016-07-26 2016-12-21 广东欧珀移动通信有限公司 A kind of wireless network connecting method and device

Similar Documents

Publication Publication Date Title
EP2742711B1 (en) Detection of suspect wireless access points
ES2686834T3 (en) Method and system to authenticate an access point
US8838752B2 (en) Enterprise wireless local area network switching system
US7496094B2 (en) Method and system for allowing and preventing wireless devices to transmit wireless signals
EP1935143B1 (en) Virtual lan override in a multiple bssid mode of operation
US7200383B2 (en) Subscriber authentication for unlicensed mobile access signaling
US7174564B1 (en) Secure wireless local area network
EP1836830B1 (en) Controlling wireless access to a network
US7913080B2 (en) Setting information distribution apparatus, method, program, and medium, authentication setting transfer apparatus, method, program, and medium, and setting information reception program
US9264895B2 (en) Network infrastructure validation of network management frames
US20150040194A1 (en) Monitoring of smart mobile devices in the wireless access networks
Nikbakhsh et al. A novel approach for rogue access point detection on the client-side
CN1268093C (en) Distribution method of wireless local area network encrypted keys
CN1316400C (en) Detecting an unauthorized station in a wireless local area network
US7653200B2 (en) Accessing cellular networks from non-native local networks
KR100628325B1 (en) Intrusion detection sensor detecting attacks against wireless network and system and method for detecting wireless network intrusion
US8369830B2 (en) Method and system for detecting attacks in wireless data communications networks
KR100450950B1 (en) Authentication method of a mobile terminal for private/public packet data service and private network system thereof
JP3585422B2 (en) Access point device and authentication processing method thereof
US20110271345A1 (en) Detection of rogue wireless devices from dynamic host control protocol requests
EP1502463B1 (en) Method , apparatus and computer program product for checking the secure use of routing address information of a wireless terminal device in a wireless local area network
US8191106B2 (en) System and method of network access security policy management for multimodal device
JP4194046B2 (en) SIM-based authentication and encryption system, apparatus and method for wireless local area network access
Ma et al. A hybrid rogue access point protection framework for commodity Wi-Fi networks
US7673146B2 (en) Methods and systems of remote authentication for computer networks

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C12 Rejection of an application for a patent