CN101383816A - Wireless network authentication system and method thereof - Google Patents
Wireless network authentication system and method thereof Download PDFInfo
- Publication number
- CN101383816A CN101383816A CNA2007101472955A CN200710147295A CN101383816A CN 101383816 A CN101383816 A CN 101383816A CN A2007101472955 A CNA2007101472955 A CN A2007101472955A CN 200710147295 A CN200710147295 A CN 200710147295A CN 101383816 A CN101383816 A CN 101383816A
- Authority
- CN
- China
- Prior art keywords
- data
- equipment
- card
- wireless network
- card reader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a certification system of a wireless network, comprising a card, a card reader, end user equipment and wireless communication access equipment; wherein the card reader is coupled with the wireless communication access equipment; the card is used for recording data; the card reader is used for reading the data recorded in the card; the wireless communication access equipment is used for receiving the data read by the card reader and completing certification of the end user equipment and the wireless communication access equipment according to the data.
Description
Technical field
The present invention relates to a kind of wireless network authentication system and method thereof, and particularly relate to a kind of wireless network authentication system and method thereof of using the card technology.
Background technology
The network environment usage trend is passed to the wireless telecommunications networking from traditional cable network in recent years, and the user can break away from the constraint that tangible circuit connects, and optionally surfs the Net in the scope that electric wave is contained, carries out communication, thereby realized the ideal of mobile Internet access.The Wireless Communication Equipment cost significantly descends every year, makes many families, office and meeting room adopt wireless network as the preferential solution that links the internet one after another.
But, because wireless network still belongs to the radio propagation technology, certainly also make the assailant be able in the scope that radio wave is contained, carry out the monitoring of Content of communciation and carry out other and attack, stand in the breach be communication confidentiality, data integrity and legal use whether.These threats that may cause because of the inborn characteristic of wireless telecommunications comprise: eavesdropping (Eavesdropping), camouflage (Masquerade), playback (Replay), message alter that (SessionHi jacking), blocking-up service (Denial-of-Services) are kidnapped in (Message Modification), communication, (Man-in-the-Middle) attacked in kidnapping ... etc.
In order to protect wireless network to avoid to be attacked the threat of invasion, Wireless Communication Equipment must be taked more tight security mechanism.Especially authentication (Authentication) mechanism is the outpost of the tax office, first road of network access, and the design of security authentication mechanism is stressed comprehensively and distribution especially with execution.Yet, the security authentication mechanism of distribution, as the 802.1X of WiFi, the PKMv2 of WiMAX, its function mode is complicated more, and this makes that the user must be more careful for related setting, and the operating load during the Verification System running is also heavier.Also therefore, these are implemented present situation and directly cause Verification System and the burden of user when using wireless network.
Many and the wireless network capital construction (WiFi of present safety certifying method, WiMAX, Bluetooth or 3G... etc.) standard criterion, (as: GSM mobile handset is used EAP-SIM for user's networking gear and the authentication method that must arrange in pairs or groups mutually with equipment, 3G mobile uses EAP-AKA, mobile computer collocation digital certificate uses EAP-TLS... etc.) and the wireless device of use occasion set the (setting of WiFi AP at home, the network equipment of organization internal is set, the network equipment setting of public place) direct relation is arranged.Up to the present, do not have a kind of with single method reach that network is irrelevant, device independent and the irrelevant safety certification of occasion.
Therefore, the present invention propose a kind ofly to reach that network is irrelevant, device independent and irrelevant Verification System and the method thereof of occasion.
Summary of the invention
The invention provides a kind of wireless network authentication system, this Verification System is that a kind of network is irrelevant, device independent and the irrelevant Verification System of occasion.
The invention provides a kind of wireless network authentication method, this authentication method is that a kind of network is irrelevant, device independent and the irrelevant authentication method of occasion.
The present invention proposes a kind of wireless network authentication system, and this Verification System comprises that card, card reader, terminal user equipment and wireless telecommunications access equipment.Wherein, card reader is coupled to wireless telecommunications and accesses equipment.Card is in order to record data, and card reader is in order to read the card recorded data.Wireless telecommunications access equipment in order to receiving the data that card reader read, and finish the authentication that terminal user equipment and wireless telecommunications access equipment according to these data.
The present invention also proposes a kind of wireless network authentication method that wireless telecommunications access equipment and terminal user equipment that is applied to, and the method comprises: card and card reader (a) are provided, and use card reader to read the card recorded data; (b) the card recorded data is sent to wireless telecommunications and accesses equipment; And (c) utilize the card recorded data that wireless telecommunications are accessed equipment and terminal user authenticates.
The present invention adopts the card technology and derives feasible wireless network authentication system and method.This Verification System and method utilize card and card reader to be used as the bridge of authentication (bridge), except the operation ease of still possessing tabulating equipment, the congenital security breaches of radio wave in the time of also can exempting wireless network transmissions, and can use various terminal user equipment to be implemented in the safety certification at multiple wireless telecommunications networking.Wherein, terminal user equipment can comprise: mobile computer, PDA... etc., the wireless telecommunications networking can comprise: systems such as GSM, GPRS, WiFi, WiMAX, 3G or 4G....
For above-mentioned feature and advantage of the present invention can be become apparent, embodiment cited below particularly, and be described with reference to the accompanying drawings as follows.
Description of drawings
Figure 1A is a kind of embodiment of wireless network authentication system provided by the present invention.
Figure 1B is the execution mode of a kind of authentication protocol of Figure 1A embodiment.
Fig. 2 is a kind of execution mode of card 101 and card reader 102.
Fig. 3 is the another kind of execution mode of card 101 and card reader 102.
Fig. 4 is another execution mode of card 101 and card reader 102.
Fig. 5 A is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 5 B is the execution mode of a kind of authentication protocol of Fig. 5 A embodiment.
Fig. 6 is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 7 A is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 7 B is the execution mode of a kind of authentication protocol of Fig. 7 A embodiment.
Fig. 8 is the schematic flow sheet of wireless network authentication method provided by the present invention.
The reference numeral explanation
100: wireless network authentication system
101: card
102: card reader
103: terminal user equipment
104: wireless telecommunications access equipment
201: non-contact card
202: the induction type card reader
301: the contact card
302: the contact card reader
500: wireless network authentication system
501: card reader
700: wireless network authentication system
701: the authentication server
800: read step
801: transfer step
802: authenticating step
803: carry out the safety communication step
804: interrupt or restart step
Embodiment
For the easier quilt of the present invention is understood, wireless network authentication system provided by the present invention and method thereof are described below with reference to accompanying drawing and embodiment.
Figure 1A is a kind of embodiment of wireless network authentication system provided by the present invention.Please refer to Figure 1A, this Verification System 100 comprises that card 101, card reader 102, terminal user equipment 103 access equipment 104 with wireless telecommunications.Wherein, card reader 102 is coupled to wireless telecommunications and accesses equipment 104.Card 101 is in order to write down data, and card reader 102 is in order to read card 101 recorded data.Wireless telecommunications access equipment 104 in order to receiving the data that card reader 102 is read, and the authentication that terminal user equipment 103 and wireless telecommunications access equipment 104 is finished in comparison according to data.
Please refer to Fig. 2 and Fig. 3, Fig. 2 is a kind of execution mode of card 101 and card reader 102, and Fig. 3 is the another kind of execution mode of card 101 and card reader 102.As shown in Figure 2, card 101 comprises non-contact card 201, and card reader 102 comprises induction type card reader 202, and its operating principle is that induction type card reader 202 utilizes its sensor circuit to read non-contact card 201 recorded data.As shown in Figure 3, card 101 comprises contact card 301, card reader 102 comprises contact card reader 302, its operating principle is that contact card 301 utilizes the mode of inserting or swiping the card to contact with contact card reader 302, so that contact card reader 302 reads contact card 301 recorded data.
Next, please refer to Fig. 4, Fig. 4 is another execution mode of card 101 and card reader 102.Wherein, card 101 comprises non-contact card 201, and card reader 102 comprises induction type card reader 202, and is built in terminal user equipment 103 in the non-contact card 201.Its operating principle does not repeat them here as previously described.
The execution mode of above-mentioned card 101 and card reader 102 only is in order to convenient explanation the present invention, is not in order to limiting the present invention, allly belongs to spirit of the present invention and scope person, should be in the scope that the present invention protected.
Above-mentioned wireless telecommunications access equipment 104 and comprise at least one wireless telecommunications take-away belt (conveyor), and in other words, it can be a group or a wireless telecommunications take-away belt (conveyor) that wireless telecommunications access equipment 104.And this wireless telecommunications take-away belt (conveyor) can be the wireless telecommunications take-away belt (conveyor) that is applied to systems such as GSM, GPRS, WiFi, WiMAX, 3G or 4G....In addition, above-mentioned terminal user equipment 103 can comprise: mobile computer, PDA, flat computer, two net mobile phone, 3G mobile ... wait to possess the similar device of surfing the Net by this for the user.And it only is application of the present invention with terminal user equipment 103 that above-mentioned wireless telecommunications access equipment 104, is not in order to limiting the present invention, allly belongs to spirit of the present invention and scope person, should be in the scope that the present invention protected.In other words, every contact or authentication of finishing two kinds of devices by tabulating equipment all is spirit of the present invention and scope to facilitate certain application.For instance, equipment 104 can be video pushing system, and equipment 103 can be the device that the sound output interface is generally arranged, and by System and method for of the present invention, the sound of pushing system can be presented by equipment 103.Lift an example again, equipment 104 can be display systems Data Source device, and equipment 103 can be the device that display interface is arranged or the sound output interface is arranged, and by System and method for of the present invention, the data of display systems can be presented by equipment 103.Similarly use, should be in the scope that the present invention protected.
Please continue with reference to Figure 1A.The authentication that above-mentioned terminal user equipment 103 and wireless telecommunications access equipment 104 can have different authentication modes according to various sight.Explain orally with a kind of simple authentication mode at this, and be example with Figure 1B, this explanation only is to explain orally for convenience, is not in order to limit the present invention.Figure 1B is the execution mode of a kind of authentication protocol of Figure 1A embodiment.Please also refer to Figure 1A and Figure 1B, terminal user equipment 103 has card 101 recorded data, for example: card number of the account CARD_ID '.At first, card reader 102 reads the card number of the account CARD_ID (step 1B00) that card 101 is write down.Then, card reader 102 transfer card number of the account CARD_ID access equipment 104 (step 1B01) to wireless telecommunications.Then, (Service Set Identifier SSID) accesses equipment 104 with wireless telecommunications and sets up online (step 1B02) the service setting identification code SSID of terminal user equipment 103 by configuring.Wireless telecommunications access card number of the account CARD_ID input hash function (hash function) H0 that equipment 104 write down the card 101 that receives to produce authentication code AUT (step 1B03).Then, terminal user equipment 103 is imported hash function H0 to produce authentication code AUT ' (step 1B04) with card number of the account CARD_ID '.Then, terminal user equipment 103 is sent to wireless telecommunications with the authentication code AUT ' that is produced and accesses equipment 104 (step 1B05).At last, wireless telecommunications access equipment 104 comparison own authentication code AUT that is produced and the authentication code AUT ' that receives whether be consistent (step 1B06).If do not conform to, then these Verification System 100 interrupt networks are online or restart network on-line; If conform to, terminal user equipment 103 accesses equipment 104 with wireless telecommunications can calculate one group of common encryption gold key, to carry out safety communication (step 1B07).
Above-mentioned terminal user equipment 103 only is a kind of execution mode with the authentication mode that wireless telecommunications access equipment 104, is not in order to limit the present invention.Also can be terminal user equipment 103 input the user's number of the account and the password of corresponding card 101 recorded data by the user to above-mentioned authentication mode, and terminal user equipment 103 and wireless telecommunications access equipment 104 and just can authenticate according to user's number of the account and password and card 101 recorded data.Certainly, terminal user equipment 103 and wireless telecommunications access and also can use existing various authentication protocols and technology between the equipment 104.In brief, this authentication mode can have multiple different execution mode, is not in order to limit the present invention.
Please refer to Fig. 5 A, Fig. 5 A is the another kind of embodiment of wireless network authentication system provided by the invention.The difference of Fig. 5 A and Figure 1A only be Fig. 5 A Verification System more than 500 card reader 501, wherein, this card reader 501 is coupled to terminal user equipment 103.Card reader 501 is in order to reading card 101 recorded data, and sends card 101 recorded data to terminal user equipment 103.
The terminal user equipment 103 of Fig. 5 A and wireless telecommunications access the authentication mode of equipment 104, also as aforementioned numerous embodiments are arranged.For example, Fig. 5 B is the execution mode of a kind of authentication protocol of Fig. 5 A embodiment.The authentication mode of the foregoing description can be by the service setting identification code SSID that configures, and just Jing Tai service setting identification code connects.Yet, for fear of the wireless telecommunications of forging access the device cover platform (that is, the power that the wireless telecommunications equipment of forging that accesses transmits accesses equipment 104 greater than legal wireless telecommunications) or steal data, following examples will adopt dynamic service setting identification code D_SSID, make the fail safe of whole Verification System promote.
Fig. 5 B is the execution mode explanation that authenticates with dynamic service setting identification code, yet the execution mode of this kind authentication protocol is not in order to limit the present invention.Please continue with reference to figure 5A and Fig. 5 B.At first, card reader 102 reads card 101 recorded data, for example: card number of the account CARD_ID, random number RA ND_1 (step 5B00a).Card reader 102 produces random number RA ND_2, and random number RA ND_2 is write card 101 (step 5B00c).Card reader 102 sends random number RA ND_2, RAND_1 and card number of the account CARD_ID to wireless telecommunications and accesses equipment 104 (step 5B00d).Then, wireless telecommunications access equipment 104 with card number of the account CARD_ID and random number RA ND_2 input hash function H1, to produce dynamic service setting identification code D_SSID (step 5B02a).
Then, card reader 501 reads card number of the account CARD_ID, random number RA ND_1 and the random number RA ND_2 (step 5B01a) that card 101 is write down.Card reader 501 sends card number of the account CARD_ID, random number RA ND_1 and random number RA ND_2 to terminal user equipment 103 (step 5B01b).Then, terminal user equipment 103 is imported hash function H1 to produce dynamic service setting identification code D_SSID ' (step 5B03) with random number RA ND_2 and the card number of the account CARD_ID that receives.Conform to if the dynamic Service setting identification code D_SSID ' that terminal user equipment 103 produces and wireless telecommunications access the dynamic Service setting identification code D_SSID that equipment 104 produces, then terminal user equipment 103 and wireless telecommunications access equipment 104 connect (step 5B04).
Then, wireless telecommunications access connection (wireless network) that equipment 104 set up by step 5B04 and transmit the card number of the account CARD_ID that receives and give terminal user equipment 103 for verifying (step 5B06) with random number RA ND_2.Then, terminal user equipment 103 comparison from card reader 501 received random number RA ND_2 with access random number RA ND_2 that equipment 104 receives whether conform to (step 5B07) from wireless telecommunications.If do not conform to, then these Verification System 500 interrupt networks are online or restart network on-line; If conform to, terminal user equipment 103 sends random number RA ND_1 to wireless telecommunications by wireless network and accesses equipment 104, with as the required data (step 5B08) of authentication.At last, wireless telecommunications access the received random number RA ND_1 of equipment 104 comparison self terminal user equipment 103 and whether conform to from the received random number RA ND_1 of card reader 102 (step 5B09).If do not conform to, then these Verification System 500 interrupt networks are online or restart network on-line; If conform to, terminal user equipment 103 accesses equipment 104 with wireless telecommunications can calculate one group of common encryption gold key, to carry out safety communication (step 5B10).The use of dynamic Service setting identification code is the characteristics of embodiment provided by the present invention also, but is not in order to qualification the present invention, and all spirit and scope persons who belongs to generation or use the dynamic Service setting identification code should be in the scope that the present invention protected.
Please refer to Fig. 7 A, Fig. 7 A is the another kind of embodiment of wireless network authentication system provided by the invention.The difference of Fig. 7 A and Figure 1A only be Fig. 7 A Verification System more than 700 authentication server 701, wherein, this authentication server 701 is coupled to wireless telecommunications and accesses equipment 104.Wireless telecommunications access equipment 701 and inquire about corresponding user's verify data according to the recorded data of card 101 to authentication server 701, and obtained user's verify data and the data of being imported by wireless network by terminal user equipment 103 are compared, to finish the authentication that terminal user equipment 103 and wireless telecommunications access equipment 104 by this.
Then, wireless telecommunications access equipment 104 user's number of the account are imported a hash function H2 to produce dynamic service setting identification code D_SSID (step 7B03) with the random number RA ND_1 that produces at random, wherein, the scope of random number RA ND_1 between 0 to n-1.Next, wireless telecommunications access dynamic service setting identification code D_SSID, card number of the account CARD_ID, user's number of the account USER_ID and password PWD that equipment 104 will produce and are recorded in wireless telecommunications and access in the database of equipment 104, for follow-up wireless network authentication operation required (step 7B04a).Meanwhile, wireless telecommunications access equipment 104 and also set up one with aforementioned dynamic service setting identification code D_SSID and access the service channel.
Then, terminal user equipment 103 is inputed user's number of the account USER_ID ' and password PWD ' by the user, and with user's number of the account USER_ID ' and numeral 0~n-1 import respectively hash function H2 with produce n dynamic service setting identification code D_SSID_0, D_SSID_1 ..., D_SSID_n-1 (step 7B05), and n dynamic service setting identification code D_SSID_0~D_SSID_n-1 of comparison and dynamic service setting identification code D_SSID.If be consistent with dynamic service setting identification code D_SSID without any one among n dynamic service setting identification code D_SSID_0~D_SSID_n-1, then can't start network on-line.If (for example: D_SSID_0) be consistent with service setting identification code D_SSID dynamically, then terminal user equipment 103 just uses this one to access service channel D_SSID and wireless telecommunications and access equipment 104 connect (step 7B06) one among the dynamic service setting identification code D_SSID_0~D_SSID_n-1 of n.
Then, terminal user equipment 103 transmits user's number of the account USER_ID ' and accesses equipment 104 (step 7B08) with password PWD ' to wireless telecommunications.Then, wireless telecommunications access equipment 104 compare respectively user's number of the account (USER_ID=USER_ID '?) and password (PWD=PWD '?) whether conform to (step 7B09).If do not conform to, then these Verification System 700 interrupt networks are online; If conform to, terminal user equipment 103 accesses equipment 104 with wireless telecommunications can calculate one group of common encryption gold key, to carry out safety communication (step 7B10).
Then, please refer to Fig. 8, Fig. 8 is the schematic flow sheet of wireless network authentication method provided by the present invention.The method is applied to the wireless network authentication method that wireless telecommunications access equipment and terminal user equipment, and the method comprises: (read step 800) provides the card and first card reader, and uses first card reader to read first data that card writes down; (transfer step 801) is sent to wireless telecommunications with first data that card write down and accesses equipment; And wireless telecommunications are accessed equipment to (authenticating step 802) first data of utilizing card to write down and terminal user authenticates.The method also comprises: (carrying out safety communication step 803) if wireless telecommunications access the success of equipment and user's terminal device authentication, and then wireless telecommunications access equipment and user's terminal equipment can calculate one group of golden key of common encryption, to carry out safety communication; (interrupting or restart step 804) if wireless telecommunications access equipment and user's terminal device authentication fails, and then interrupt network is online or restart network on-line.In addition, according to the above embodiments, (transfer step 801) also comprises as can be known: provide another card reader to read card data, and first data that this card write down are sent to terminal user equipment.
The detailed execution mode of authenticating step 802 also as above embodiment has the mode of multiple authentication to implement, for example: terminal user equipment accesses equipment by first data that the wireless network transfer card is write down to wireless telecommunications, to finish the authentication that terminal user equipment and wireless telecommunications access equipment by this.Again for example: the detailed execution mode of authenticating step 802 also can be that (a) is when first card reader has read first data, first card reader will produce one second data and transmit second data and give this card, for writing this card, first card reader also sends second data and first data to wireless telecommunications and accesses equipment; (b) second Card Reader is machine-readable gets first data and second data that this card writes down, and sends first and second data to terminal user equipment; (c) terminal user equipment transmits first data by wireless network and second data access equipment for authentication to wireless telecommunications.Wherein, second data are random number.Certainly, as described in previous embodiment, authenticating step 802 also can be that the wireless telecommunications equipment that accesses is inquired about corresponding user's verify data according to first data of card to the authentication server, and obtained user's verify data and the data of being imported by terminal user equipment are compared, to finish the authentication that terminal user equipment and wireless telecommunications access equipment by this.
Introduce a kind of application mode of the present invention again.On bus, set up contactless card reader and combined with radio communication and access equipment (as: WiMAX MS), the passenger responds to and swap data with a non-contact card (as: EasyCard) and card reader when getting on the bus, card reader is sent to the wireless telecommunications equipment of accessing with the data of being responded to and is beneficial to itself and external users and authenticates server (as: EasyCard card affair system) and carry out user's data query, after finishing inquiry, the user authenticates required data (for example: identification code and password) and can be back to wireless telecommunications and access equipment, prepares previous operations to finish authentication.When the passenger opens the online of terminal user equipment (as: mobile computer) desire, wireless telecommunications access the equipment requirements passenger should confess the card comparison in its terminal user equipment interface input data (for example: identification code and password), pending data is finished input and is back to after wireless telecommunications access equipment, carries out the user and authenticates; Open the network on-line service behind the authentication success.The passenger can be interrupted online or online again at any time, and when the passenger gets off with non-contact card by card reader deduction fare and ISP, also deletes this card record accesses equipment in wireless telecommunications related data.
Then, introduce another kind of application mode of the present invention.On taxi, set up contactless card reader and combined with radio communication and access equipment (as: WiMAX MS), with a non-contact card (as: EasyCard) and card reader induction and swap data, card reader is sent to wireless telecommunications with the data of being responded to and accesses equipment the passenger when getting on the bus.When the passenger opens terminal user equipment (as: mobile computer) and will surf the Net, the external mounted non-contact card card reader (as: USB CardReader) that can use the taxi driver to provide or provide for oneself is linked to terminal user equipment, and respond to same non-contact card, it is related to make this non-contact card and terminal user equipment set up data, with the foundation that authenticates and open network on-line service as the wireless telecommunications equipment of accessing (its detailed process can with reference to aforesaid embodiment).The passenger can be interrupted online or online again at any time, and when the passenger gets off with non-contact card by card reader deduction fare, except that deducting the ISP, also can delete this card record accesses equipment in wireless telecommunications related data then and there.
Moreover, introduce another kind of application mode of the present invention.Have a visitor to visit a certain company, the visitor is after visitor service centre finishes relevant login operation, and visitor service centre authorizes a non-contact card and gives the visitor.This non-contact card is gate inhibition card in fact, and wherein record allows the building or the meeting room space that enter, and corresponding with it the wireless telecommunications of each regional entrance guard device (contactless card reader) equipment that accesses links.When this visitor with non-contact card induction door access control system when getting permission to enter certain meeting room, the data of this card also are recorded in the wireless telecommunications that this meeting room administers simultaneously and access in the equipment.When this visitor opens terminal user equipment (as: mobile computer) and will surf the Net, (as: USB Card Reader) is linked to terminal user equipment with the contactless card reader of external mounted, and respond to same non-contact card, it is related to make this non-contact card and terminal user equipment set up data, with the foundation that authenticates and open network on-line service as the wireless telecommunications equipment of accessing (its detailed process can with reference to aforementioned all embodiment).This visitor can be interrupted online or online again at any time, and gives back this non-contact card when the visitor leaves this company.
Introduce another kind of application mode of the present invention again.There is a certain engineer need go to a certain meeting room meeting, his built-in non-contact inductive circuit of terminal user equipment (as: mobile computer) (being equal to built-in non-contact card).When his terminal user equipment and contactless card reader when interacting, being made for authentication and being made for the necessary data of network on-line of non-contact card and terminal user equipment, reach wireless telecommunications after together reading and access equipment via contactless card reader, make wireless telecommunications access equipment after receiving the data that read out from contactless card reader, can finish authentication with terminal user equipment.
In addition, no matter existing many video pushing system is indoor video screen or outdoor large-screen, how because of public domain, place, position, so, only do the pushing of video, and painstakingly with audible closure.Yet if there be not the auxiliary of sound, just providing of many information is not sufficiently complete.Wireless network authentication system that the embodiment of the invention provided and method thereof can be done collocation with video pushing system, the main frame of video pushing point can link with card reader, view and admire the people that browses of video, can be with the mobile phone or the PDA of built-in non-contact card, set up the annexation of its handheld terminal user's equipment and pushing point main frame easily with the method and system that the embodiment of the invention provided, afterwards, pushing point main frame can be sent to audio frequency terminal user equipment, so that the voice output with audio video synchronization to be provided.Certainly, the video tour people also can use the external card reader of mobile computer, utilize making of card to be used for setting up the annexation of its mobile computer and pushing point main frame again, the sound source output device that enable pass is crossed mobile computer carries out the voice output with audio video synchronization.Example as the aforementioned, if there is a visitor to visit a certain company, the visitor is after visitor service centre finishes relevant login operation, visitor service centre authorizes a non-contact card and gives the visitor, this visitor can utilize acquired non-contact card, on the card reader of video pushing point main frame, do once induction earlier earlier, be linked to visitor's terminal user equipment (as: mobile computer) again with the contactless card reader of external mounted (as: USB Card Reader), and respond to same non-contact card, make non-contact card can set up the annexation of its terminal user equipment and pushing point main frame, afterwards, just can carry out voice output with audio video synchronization by the sound source output device of mobile computer.
The another kind of application is that the system that provided with the embodiment of the invention and method thereof are carried out information exhibition easily and effectively, for example: at quiet museum or any spacial flex ... etc., each machine plotting sets up the information exhibition main frame and the card reader of arranging in pairs or groups, visiting the people can be with the earphone of built-in card, by enforcement of the present invention, with the audio description of machine plotting be sent to visit the people earphone so that the machine plotting recommended information of form of sound to be provided.Or visit the people and can use terminal user equipment with screen, no matter be with built-in card or use the mode of card with external card reader, System and method for that can the embodiment of the invention provided is implemented, the exhibition video of machine plotting is sent to this terminal user equipment, browses in order to visiting the people.Or System and method for that can the embodiment of the invention provided implements, with the exhibition download of information of machine plotting to the suitable terminal user equipment of visiting the people.
In sum, wireless network authentication system provided by the present invention and method thereof have following advantage.(a) promote authentication and carry out efficient: the binding that accesses equipment with contactless card reader and wireless telecommunications, and the closely exchanges data of passing through the non-contact inductive technology, can exempt as easy as rolling off a log eavesdropping, the wireless telecommunications equipment of accessing of suffering of the data of being transmitted in the conventional wireless network verification process is pretended counterfeit ... wait the puzzlement of threat, and then evade conventional wireless network must be subject to the congenital transmission safety doubt of wireless telecommunications when the design verification agreement consideration.Therefore, the present invention proposes significantly to simplify wireless network authentication process and complexity thereof, and keeps safe class of equal value, because of simplifying the low benefit of computing energy level that design obtains, can obviously promote execution efficient.(b) kind of Verification System provided by the invention and method thereof and the network architecture and terminal user equipment is irrelevant, that is the present invention does not limit the selection of radio network technique.And be the identification benchmark with the non-contact card, can make selecting for use of the present invention and terminal user equipment irrelevant.(c) the present invention can start brand-new business model, the present invention can select for use open wireless network authentication, closed wireless network authentication or card directly to authenticate in suitable application scenarios, comprising: the application situation of home environment, office space and other emerging business model.(d) the present invention can use collocation mutually with existing non-contact card, for example: gate control system card, payment system card ... etc., collocation mutually.
Though the present invention discloses as above with preferred embodiment; but it is not in order to qualification the present invention, those skilled in the art, under the premise without departing from the spirit and scope of the present invention; when can doing some changes and modification, so protection scope of the present invention is when being as the criterion with claim of the present invention.
Claims (28)
1. wireless network authentication system is characterized in that this system comprises:
Card is in order to write down first data;
First card reader is in order to read these first data that this card writes down;
Terminal user equipment; And
Wireless telecommunications access equipment, are coupled to this first card reader, in order to receiving these first data that this first card reader is read, and finish the authentication that this terminal user equipment and this wireless telecommunications access equipment according to these first data.
2. wireless network authentication system as claimed in claim 1 is characterized in that, these wireless telecommunications access and utilize fixing service setting identification code to connect between equipment and this terminal user equipment.
3. wireless network authentication system as claimed in claim 1 is characterized in that, these wireless telecommunications access and utilize the service setting identification code that dynamically produces to connect between equipment and this terminal user equipment.
4. wireless network authentication system as claimed in claim 1 is characterized in that, this card is a non-contact card, and this first card reader is the induction type card reader.
5. wireless network authentication system as claimed in claim 4 is characterized in that, is built in this terminal user equipment in this non-contact card.
6. wireless network authentication system as claimed in claim 1 is characterized in that, this card is the contact card, and this first card reader is the contact card reader.
7. wireless network authentication system as claimed in claim 1 is characterized in that described wireless network authentication system also comprises:
Second card reader is coupled to this terminal user equipment, in order to reading these first data that this card writes down, and sends these first data to this terminal user equipment.
8. wireless network authentication system as claimed in claim 7 is characterized in that, is built in this terminal user equipment in this second card reader.
9. wireless network authentication system as claimed in claim 7 is characterized in that, this card is a non-contact card, and this first card reader is the first induction type card reader, and this second card reader is the second induction type card reader.
10. wireless network authentication system as claimed in claim 7 is characterized in that, this card is the contact card, and this first card reader is the first contact card reader, and this second card reader is the second contact card reader.
11. wireless network authentication system as claimed in claim 7, it is characterized in that this terminal user equipment transmits these first data by this wireless network and accesses equipment for these wireless telecommunications, to finish the authentication that this terminal user equipment and this wireless telecommunications access equipment by this.
12. wireless network authentication system as claimed in claim 7, it is characterized in that, when this first card reader has read these first data, this first card reader will produce second data and these second data are write this card, and this first card reader also sends these second data and this first data to these wireless telecommunications and accesses equipment; These first data and this second data that this second card reader also reads this card and write down, and first send this to this terminal user equipment with these second data; These wireless telecommunications equipment that accesses transmits these second data by this wireless network and gives this terminal user equipment for authentication; And this terminal user equipment transmits these first data by this wireless network and accesses equipment for authentication for these wireless telecommunications.
13. wireless network authentication system as claimed in claim 12 is characterized in that these second data are random number.
14. wireless network authentication system as claimed in claim 1 is characterized in that described wireless network authentication system also comprises:
The authentication server is coupled to these wireless telecommunications and accesses equipment;
Wherein, these wireless telecommunications access equipment and inquire about corresponding user's verify data according to these first data of this card to this authentication server, and this obtained user's verify data and the data of being imported by this terminal user equipment are compared, to finish the authentication that this terminal user equipment and this wireless telecommunications access equipment by this.
15. wireless network authentication system as claimed in claim 1 is characterized in that, this wireless telecommunications equipment of accessing comprises at least one WiFi take-away belt (conveyor).
16. wireless network authentication system as claimed in claim 1 is characterized in that this system applies is in GSM, GPRS, WiFi, WiMAX, 3G or 4G wireless telecommunication system.
17. wireless network authentication system as claimed in claim 1 is characterized in that this system applies is in video pushing system, display systems, gate control system or payment system etc.
18. a wireless network authentication method is characterized in that this method comprises:
Use first card reader to read first data that card writes down;
These first data are sent to wireless telecommunications access equipment; And
Utilize these first data that these wireless telecommunications are accessed equipment and terminal user authenticates.
19. wireless network authentication method as claimed in claim 18 is characterized in that this method also comprises:
If wireless telecommunications access the success of equipment and user's terminal device authentication, then wireless telecommunications access equipment and user's terminal equipment can calculate one group of golden key of common encryption, to carry out safety communication; And
If wireless telecommunications access equipment and user's terminal device authentication and fail, then interrupt network is online or restart network on-line.
20. wireless network authentication method as claimed in claim 18 is characterized in that, these wireless telecommunications access and utilize fixing service setting identification code to connect between equipment and this terminal user equipment.
21. wireless network authentication method as claimed in claim 18 is characterized in that, these wireless telecommunications access and utilize the service setting identification code that dynamically produces to connect between equipment and this terminal user equipment.
22. wireless network authentication method as claimed in claim 18 is characterized in that this method also comprises:
Use machine-readable first data of getting this card of second Card Reader; And
These first data are sent to this terminal user equipment.
23. wireless network authentication method as claimed in claim 22 is characterized in that this method also comprises:
This terminal user equipment transmits these first data by this wireless network and accesses equipment for these wireless telecommunications, to finish the authentication that this terminal user equipment and this wireless telecommunications access equipment by this.
24. wireless network authentication method as claimed in claim 22 is characterized in that this method also comprises:
When this first card reader had read these first data, this first card reader write this card with second data;
This first card reader sends these second data and this first data to these wireless telecommunications and accesses equipment;
Get these first data and this second data that this card writes down by this second Card Reader is machine-readable;
By this second card reader with this first with these second data send this terminal user equipment to;
These wireless telecommunications equipment that accesses transmits these second data by this wireless network and gives this terminal user equipment for authentication; And
This terminal user equipment transmits these first data by this wireless network and accesses equipment for authentication for these wireless telecommunications.
25. wireless network authentication method as claimed in claim 24 is characterized in that these second data are random number.
26. wireless network authentication method as claimed in claim 18 is characterized in that described wireless network authentication method also comprises:
The authentication server is provided;
Inquire about corresponding user verify data according to these first data of this card to this authentication server by these wireless telecommunications equipment that accesses;
Compare by these wireless telecommunications equipment that accesses is imported this user's verify data and this terminal user equipment by this wireless network verify data, to finish the authentication that this terminal user equipment and this wireless telecommunications access equipment by this.
27. wireless network authentication method as claimed in claim 18 is characterized in that this method can be applied to the wireless telecommunication system of GSM, GPRS, WiFi, WiMAX, 3G or 4G.
28. wireless network authentication method as claimed in claim 18 is characterized in that this method is applied to video pushing system, display systems, gate control system or payment system etc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710147295.5A CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710147295.5A CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101383816A true CN101383816A (en) | 2009-03-11 |
| CN101383816B CN101383816B (en) | 2015-09-02 |
Family
ID=40463440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710147295.5A Active CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101383816B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178876A (en) * | 2011-12-23 | 2013-06-26 | 成都有尔创意品牌管理有限公司 | Method for establishing connection with electronic terminal, and electronic terminal |
| CN106879047A (en) * | 2012-05-02 | 2017-06-20 | 阿里巴巴集团控股有限公司 | Client, information system are passed on and received to the method for near field transmission information, information |
| CN108921590A (en) * | 2018-05-30 | 2018-11-30 | 苏州介观软件技术有限公司 | For the advertisement delivery system in bus |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1327648C (en) * | 2003-05-16 | 2007-07-18 | 华为技术有限公司 | Method for realizing high-srate grouped data business identification |
| CN1599338A (en) * | 2003-09-19 | 2005-03-23 | 皇家飞利浦电子股份有限公司 | Method of improving safety, for radio local network |
| JP4322853B2 (en) * | 2005-08-29 | 2009-09-02 | Necアクセステクニカ株式会社 | Network connection setting method, electronic apparatus, setting information generating apparatus, setting system, and program |
-
2007
- 2007-09-06 CN CN200710147295.5A patent/CN101383816B/en active Active
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178876A (en) * | 2011-12-23 | 2013-06-26 | 成都有尔创意品牌管理有限公司 | Method for establishing connection with electronic terminal, and electronic terminal |
| CN103178876B (en) * | 2011-12-23 | 2016-09-07 | 成都有尔科技有限公司 | A kind of method being connected with electric terminal foundation and electric terminal |
| CN106879047A (en) * | 2012-05-02 | 2017-06-20 | 阿里巴巴集团控股有限公司 | Client, information system are passed on and received to the method for near field transmission information, information |
| CN108921590A (en) * | 2018-05-30 | 2018-11-30 | 苏州介观软件技术有限公司 | For the advertisement delivery system in bus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101383816B (en) | 2015-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI403145B (en) | Authentication system and method thereof for wireless networks | |
| US11622265B2 (en) | Security system for handheld wireless devices using time-variable encryption keys | |
| CN104994504B (en) | With the safety of wireless network and automatically it connect | |
| US20130068837A1 (en) | Mobile computing device authentication using scannable images | |
| CN104778773A (en) | System and method for controlling entrance guard by mobile phone | |
| CN103873454A (en) | Authentication method and equipment | |
| WO2006065002A1 (en) | User authentication method in another network using digital signature made by mobile terminal | |
| JP2007537680A (en) | Authentication wireless phone system | |
| CN101316167A (en) | Registration and login method of safety authentication, system and mobile terminal | |
| CN102984698A (en) | Near field communication safety protection method and mobile communication terminal | |
| CN107529160A (en) | A kind of VoWiFi method for network access and system, terminal and wireless access points equipment | |
| CN101916459B (en) | Safe electronic ticket method | |
| CN103152329B (en) | Bluetooth is utilized to carry out identity authentication method and system | |
| CN105430764B (en) | A kind of method and terminal connecting Wi-Fi Hotspot | |
| CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
| FR2790177B1 (en) | AUTHENTICATION IN A RADIOTELEPHONY NETWORK | |
| CN101795196A (en) | Authentication method and authentication system for logging in to online banks | |
| CN106559213A (en) | Device management method, equipment and system | |
| CN103716332A (en) | Internet identity authentication method based on incoming calls | |
| CN105516977B (en) | Exempt from password WiFi authentication method based on two-channel wireless router or AP | |
| JP3829803B2 (en) | Set up calls from mobile radiotelephone terminals with biometric authentication | |
| Sadiku et al. | Mobile banking | |
| CN101383816B (en) | wireless network authentication system and method thereof | |
| CN102665208B (en) | Mobile terminal, terminal banking safety certifying method and system | |
| CN107707560B (en) | Authentication method, system, network access equipment and Portal server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |