CN101383816B - wireless network authentication system and method thereof - Google Patents
wireless network authentication system and method thereof Download PDFInfo
- Publication number
- CN101383816B CN101383816B CN200710147295.5A CN200710147295A CN101383816B CN 101383816 B CN101383816 B CN 101383816B CN 200710147295 A CN200710147295 A CN 200710147295A CN 101383816 B CN101383816 B CN 101383816B
- Authority
- CN
- China
- Prior art keywords
- data
- equipment
- card
- terminal user
- card reader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention discloses a kind of wireless network authentication system, and this Verification System comprises card, card reader, terminal user equipment and wireless telecommunications and accesses (access) equipment.Wherein, card reader is coupled to wireless telecommunications and accesses equipment.Card is in order to record data, and card reader is in order to read card recorded data.Wireless telecommunications access the data that equipment reads in order to receive card reader, and complete according to these data the certification that terminal user equipment and wireless telecommunications access equipment.
Description
Technical field
The present invention relates to a kind of wireless network authentication system and method thereof, and particularly relate to a kind of wireless network authentication system and the method thereof that use card technology.
Background technology
Network environment usage trend in recent years, is passed to wireless telecommunications networking from traditional cable network, and user can break away from the constraint of tangible connection, optionally surfs the Net in the scope that electric wave is contained, carries out communication, thus achieve the ideal of mobile Internet access.Wireless Communication Equipment cost significantly declines every year, makes many families, office and meeting room adopt wireless network as the preferential solution linking internet one after another.
But, because wireless network still belongs to radio propagation technology, certainly also make assailant be able to carry out the monitoring of Content of communciation in the scope that radio wave is contained and carry out other and attack, stand in the breach be the confidentiality of communication, data integrity and legal use whether.These threats that may cause because of the inborn characteristic of wireless telecommunications comprise: eavesdrop (Eavesdropping), camouflage (Masquerade), playback (Replay), message alters (Message Modification), (SessionHijacking) is kidnapped in communication, block service (Denial-of-Services), kidnap and attack (Man-in-the-Middle) ... etc.
Avoid the threat suffering to attack invasion to protect wireless network, Wireless Communication Equipment must take more tight security mechanism.Especially certification (Authentication) mechanism is the first outpost of the tax office of network access, and the design of security authentication mechanism stresses distribution comprehensively especially with execution.But the security authentication mechanism of distribution, as the PKMv2 of 802.1X, WiMAX of WiFi, its function mode is more complicated, and this makes user for related setting must be more careful, and operating load during Verification System running is also heavier.Also therefore, these are implemented present situation and directly cause Verification System and the burden of user when using wireless network.
Current safety certifying method is many with wireless network infrastructure construction (WiFi, WiMAX, Bluetooth or 3G... etc.) standard criterion, (as: GSM mobile handset uses EAP-SIM for user's networking gear and the authentication method that mutually must arrange in pairs or groups with equipment, 3G mobile uses EAP-AKA, mobile computer collocation digital certificate uses EAP-TLS ... Deng) and wireless device setting (the at home setting of WiFi AP of use occasion, the network equipment setting of organization internal, the network equipment setting of public place) there is direct relation.Up to the present, not a kind ofly reach with single method the safety certification that network has nothing to do, equipment has nothing to do and occasion is irrelevant.
Therefore, the present invention proposes a kind ofly to reach that network has nothing to do, equipment has nothing to do and Verification System that occasion is irrelevant and method thereof.
Summary of the invention
The invention provides a kind of wireless network authentication system, this Verification System is the Verification System that a kind of network has nothing to do, equipment has nothing to do and occasion is irrelevant.
The invention provides a kind of wireless network authentication method, this authentication method is the authentication method that a kind of network has nothing to do, equipment has nothing to do and occasion is irrelevant.
The present invention proposes a kind of wireless network authentication system, and this Verification System comprises card, card reader, terminal user equipment and wireless telecommunications and accesses equipment, and wherein, card reader is coupled to wireless telecommunications and accesses equipment; Card is in order to record data, and card reader is in order to read card recorded data; Wireless telecommunications access the data that equipment reads in order to receive card reader, and complete according to these data the certification that terminal user equipment and wireless telecommunications access equipment, and wherein, this card is non-contact card, and this card reader is induction type card reader.
The present invention also proposes a kind ofly to be applied to the wireless network authentication method that wireless telecommunications access equipment and terminal user equipment, and the method comprises: (a) provides card and card reader, and uses card reader to read card recorded data; B card recorded data is sent to wireless telecommunications and accesses equipment by (); And (c) utilizes card recorded data to access equipment to wireless telecommunications and terminal user carries out certification, wherein, this card is non-contact card, and this card reader is induction type card reader.
The present invention adopts card technology and derives feasible wireless network authentication system and method.This Verification System and method utilize card and card reader to be used as the bridge (bridge) of certification, except still possessing except the operation ease of tabulating equipment, also can exempt the congenital security breaches of radio wave during wireless network transmissions, and various terminal user equipment can be used to realize the safety certification at multiple wireless telecommunications networking.Wherein, terminal user equipment can comprise: mobile computer, PDA ... Deng, wireless telecommunications networking can comprise: GSM, GPRS, WiFi, WiMAX, 3G or 4G ... etc. system.
For making above-mentioned feature and advantage of the present invention become apparent, special embodiment below, and be described with reference to the accompanying drawings as follows.
Accompanying drawing explanation
Figure 1A is a kind of embodiment of wireless network authentication system provided by the present invention.
Figure 1B is the execution mode of a kind of authentication protocol of Figure 1A embodiment.
Fig. 2 is a kind of execution mode of card 101 and card reader 102.
Fig. 3 is the another kind of execution mode of card 101 and card reader 102.
Fig. 4 is another execution mode of card 101 and card reader 102.
Fig. 5 A is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 5 B is the execution mode of a kind of authentication protocol of Fig. 5 A embodiment.
Fig. 6 is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 7 A is the another kind of embodiment of wireless network authentication system provided by the invention.
Fig. 7 B is the execution mode of a kind of authentication protocol of Fig. 7 A embodiment.
Fig. 8 is the schematic flow sheet of wireless network authentication method provided by the present invention.
Reference numeral explanation
100: wireless network authentication system
101: card
102: card reader
103: terminal user equipment
104: wireless telecommunications access equipment
201: non-contact card
202: induction type card reader
301: contact card
302: contact card reader
500: wireless network authentication system
501: card reader
700: wireless network authentication system
701: certification server
800: read step
801: transfer step
802: authenticating step
803: carry out safety communication step
804: interrupt or restart step
Embodiment
In order to make the present invention more easily be understood, below with reference to accompanying drawing and embodiment, wireless network authentication system provided by the present invention and method thereof are described.
Figure 1A is a kind of embodiment of wireless network authentication system provided by the present invention.Please refer to Figure 1A, this Verification System 100 comprises card 101, card reader 102, terminal user equipment 103 and wireless telecommunications and accesses equipment 104.Wherein, card reader 102 is coupled to wireless telecommunications and accesses equipment 104.Card 101 is in order to record data, and card reader 102 is in order to read card 101 recorded data.Wireless telecommunications access the data that equipment 104 reads in order to receive card reader 102, and complete according to comparing the certification that terminal user equipment 103 and wireless telecommunications access equipment 104.
Please refer to Fig. 2 and Fig. 3, Fig. 2 is a kind of execution mode of card 101 and card reader 102, and Fig. 3 is the another kind of execution mode of card 101 and card reader 102.As shown in Figure 2, card 101 comprises non-contact card 201, and card reader 102 comprises induction type card reader 202, and its operating principle is that induction type card reader 202 utilizes its sensor circuit to read non-contact card 201 recorded data.As shown in Figure 3, card 101 comprises contact card 301, card reader 102 comprises contact card reader 302, its operating principle is that contact card 301 utilizes the mode of inserting or swiping the card to contact with contact card reader 302, reads contact card 301 recorded data to make contact card reader 302.
Next, please refer to Fig. 4, Fig. 4 is another execution mode of card 101 and card reader 102.Wherein, card 101 comprises non-contact card 201, and card reader 102 comprises induction type card reader 202, and is built in terminal user equipment 103 in non-contact card 201.Its operating principle as previously described, does not repeat them here.
Above-mentioned card 101 and the execution mode of card reader 102, be only conveniently the present invention is described, and be not used to limit the present invention, allly belongs to spirit of the present invention and scope person, should in the scope that the present invention protects.
Above-mentioned wireless telecommunications access equipment 104 and comprise at least one wireless telecommunications take-away belt (conveyor), and in other words, it can be a group or a wireless telecommunications take-away belt (conveyor) that wireless telecommunications access equipment 104.And this wireless telecommunications take-away belt (conveyor) can be the wireless telecommunications take-away belt (conveyor) being applied to the systems such as GSM, GPRS, WiFi, WiMAX, 3G or 4G....In addition, above-mentioned terminal user equipment 103 can comprise: mobile computer, PDA, flat computer, two net mobile phone, 3G mobile ... wait the similar device possessing and surf the Net by this for user.And above-mentioned wireless telecommunications access equipment 104 with terminal user equipment 103 is only application of the present invention, and be not used to limit the present invention, allly belong to spirit of the present invention and scope person, should in the scope that the present invention protects.In other words, everyly the contact of two kinds of devices or certification is completed to facilitate certain application to be all spirit of the present invention and scope by tabulating equipment.For example, equipment 104 can be video pushing system, and equipment 103 can be the device generally having sound output interface, by System and method for of the present invention, the sound of pushing system can be presented by equipment 103.Lift an example again, equipment 104 can be display systems Data Source device, and equipment 103 can be the device having display interface or have sound output interface, by System and method for of the present invention, the data of display systems can be presented by equipment 103.Similar application, should in the scope that the present invention protects.
Please continue to refer to Figure 1A.Above-mentioned terminal user equipment 103 and wireless telecommunications access the certification of equipment 104, can have different authentication modes according to various different sight.Explain orally with the simple authentication mode of one at this, and for Figure 1B, this explanation is only conveniently explain orally, and is not used to limit the present invention.Figure 1B is the execution mode of a kind of authentication protocol of Figure 1A embodiment.Please also refer to Figure 1A and Figure 1B, terminal user equipment 103 has card 101 recorded data, such as: card account CARD_ID '.First, card reader 102 reads the card account CARD_ID (step 1B00) that card 101 records.Then, card reader 102 transfer card account CARD_ID accesses equipment 104 (step 1B01) to wireless telecommunications.Then, terminal user equipment 103 accesses equipment 104 by the service setting identification code SSID (Service Set Identifier, SSID) that sets with wireless telecommunications and sets up online (step 1B02).Wireless telecommunications access the card account CARD_ID that the card 101 received records by equipment 104 and input hash function (hash function) H0 to produce authentication code AUT (step 1B03).Then, card account CARD_ID ' is inputted hash function H0 to produce authentication code AUT ' (step 1B04) by terminal user equipment 103.Then, produced authentication code AUT ' is sent to wireless telecommunications and accesses equipment 104 (step 1B05) by terminal user equipment 103.Finally, wireless telecommunications access the authentication code AUT that equipment 104 comparison oneself produces and whether are consistent (step 1B06) with the authentication code AUT ' received.If do not conform to, then this Verification System 100 interrupt network is online or restart network on-line; If conform to, terminal user equipment 103 and wireless telecommunications access equipment 104 can calculate one group of common encryption gold key, to carry out safety communication (step 1B07).
The authentication mode that above-mentioned terminal user equipment 103 and wireless telecommunications access equipment 104 is only a kind of execution mode, and is not used to limit the present invention.Above-mentioned authentication mode also can be that terminal user equipment 103 inputs user's account and the password of corresponding card 101 recorded data by user, and terminal user equipment 103 and wireless telecommunications access equipment 104 just can carry out certification according to user's account and password and card 101 recorded data.Certainly, terminal user equipment 103 and wireless telecommunications access between equipment 104 and also can use existing various authentication protocol and technology.In brief, this authentication mode can have multiple different execution mode, and is not used to limit the present invention.
Please refer to Fig. 5 A, Fig. 5 A is the another kind of embodiment of wireless network authentication system provided by the invention.The difference of Fig. 5 A and Figure 1A is only the Verification System more than 500 of Fig. 5 A card reader 501, and wherein, this card reader 501 is coupled to terminal user equipment 103.Card reader 501 in order to read card 101 recorded data, and sends card 101 recorded data to terminal user equipment 103.
The card 101 of Fig. 5 A and card reader 102 and 501 can execution modes as described earlier.Comprise non-contact card at this card 101, card reader 102 comprises induction type card reader, and card reader 501 comprises induction type card reader.In other embodiments, card 101 can comprise contact card, and card reader 102 comprises contact card reader, and card reader 501 comprises contact card reader.In addition, the card reader 501 of Fig. 5 A can in be built in terminal user equipment 103, as shown in Figure 6.
Terminal user equipment 103 and the wireless telecommunications of Fig. 5 A access the authentication mode of equipment 104, also have numerous embodiments as aforementioned.Such as, Fig. 5 B is the execution mode of a kind of authentication protocol of Fig. 5 A embodiment.The authentication mode of above-described embodiment can by the service setting identification code SSID set, and namely static service setting identification code connects.But, in order to avoid forge wireless telecommunications access device cover platform (that is, the wireless telecommunications of forging access power that equipment transmits and are greater than legal wireless telecommunications and access equipment 104) or steal data, following examples will adopt dynamic service setting identification code D_SSID, and the fail safe of whole Verification System is promoted.
Fig. 5 B is that the execution mode carrying out certification with dynamic service setting identification code illustrates, but the execution mode of this kind of authentication protocol is also not used to limit the present invention.Please continue to refer to Fig. 5 A and Fig. 5 B.First, card reader 102 reads card 101 recorded data, such as: card account CARD_ID, random parameter RAND-1 (step 5B00a).Card reader 102 produces random parameter RAND _ 2, and random parameter RAND _ 2 are write card 101 (step 5B00c).Card reader 102 sends random parameter RAND _ 2, RAND_1 and card account CARD_ID to wireless telecommunications and accesses equipment 104 (step 5B00d).Then, wireless telecommunications access equipment 104 and card account CARD_ID and random parameter RAND _ 2 are inputted hash function H1, to produce dynamic service setting identification code D_SSID (step 5B02a).
Then, card reader 501 reads card account CARD_ID that card 101 records, random parameter RAND _ 1 and random parameter RAND _ 2 (step 5B01a).Card reader 501 sends card account CARD_ID, random parameter RAND _ 1 to terminal user equipment 103 (step 5B01b) with random parameter RAND _ 2.Then, random parameter RAND _ 2 received are inputted hash function H1 to produce dynamic service setting identification code D_SSID ' (step 5B03) with card account CARD_ID by terminal user equipment 103.Conform to if dynamic Service setting identification code D_SSID ' and wireless telecommunications that terminal user equipment 103 produces access the dynamic Service setting identification code D_SSID that equipment 104 produces, then terminal user equipment 103 and wireless telecommunications access equipment 104 and connect (step 5B04).
Then, wireless telecommunications access connection (wireless network) that equipment 104 set up by step 5B04 and transmit the card account CARD_ID and random parameter RAND _ 2 that receive to terminal user equipment 103 for verifying (step 5B06).Then, terminal user equipment 103 comparison received by the card reader 501 random parameter RAND _ 2 with access random parameter RAND _ 2 that equipment 104 receives from wireless telecommunications and whether conform to (step 5B07).If do not conform to, then this Verification System 500 interrupt network is online or restart network on-line; If conform to, terminal user equipment 103 sends random parameter RAND _ 1 to wireless telecommunications by wireless network and accesses equipment 104, with as the data (step 5B08) needed for certification.Finally, whether random parameter RAND _ 1 that wireless telecommunications access received by equipment 104 comparison self terminal user equipment 103 conforms to (step 5B09) with from random parameter RAND _ 1 received by card reader 102.If do not conform to, then this Verification System 500 interrupt network is online or restart network on-line; If conform to, terminal user equipment 103 and wireless telecommunications access equipment 104 can calculate one group of common encryption gold key, to carry out safety communication (step 5B10).The use of dynamic Service setting identification code is also the feature of embodiment provided by the present invention, but and be not used to limit the present invention, all belonging to produces or the spirit of application dynamic Service setting identification code and scope person, all should in the scope that the present invention protects.
Please refer to Fig. 7 A, Fig. 7 A is the another kind of embodiment of wireless network authentication system provided by the invention.The difference of Fig. 7 A and Figure 1A is only the Verification System more than 700 of Fig. 7 A certification server 701, and wherein, this certification server 701 is coupled to wireless telecommunications and accesses equipment 104.Wireless telecommunications access equipment 701 and inquire about corresponding user's verify data according to the recorded data of card 101 to certification server 701, and acquired user's verify data and the data inputted by wireless network by terminal user equipment 103 are compared, to complete the certification that terminal user equipment 103 and wireless telecommunications access equipment 104 by this.
Terminal user equipment 103 and the wireless telecommunications of Fig. 7 A access the authentication mode of equipment 104, also have numerous embodiments.Please refer to Fig. 7 B, Fig. 7 B is the execution mode of a kind of authentication protocol of Fig. 7 A embodiment.Though the execution mode that Fig. 7 B carries out certification with dynamic service setting identification code illustrates, but the execution mode of the authentication protocol of this Fig. 7 B is also not used to limit the present invention.First, card reader 102 reads card 101 recorded data (step 7B00a), such as: card account CARD_ID.Card reader 102 sends this card account CARD_ID to wireless telecommunications and accesses equipment 104 (step 7B00b).Then, wireless telecommunications access equipment 701 and inquire about (query) corresponding user's verify data (step 7B01) according to this card account CARD_ID to certification server 701, such as: user account USER_ID and password PWD.Then, certification server 701 transmits corresponding user account USER_ID and password PWD according to card account CARD_ID and accesses equipment 104 (step 7B02) to wireless telecommunications.
Then, wireless telecommunications access equipment 104 and user's account and random parameter RAND _ 1 produced at random are inputted a hash function H2 to produce dynamic service setting identification code D_SSID (step 7B03), wherein, the scope of random parameter RAND _ 1 is between 0 to n-1.Next, wireless telecommunications access equipment 104 and the dynamic service setting identification code D_SSID, the card account CARD_ID that produce, user account USER_ID and password PWD are recorded in wireless telecommunications and access in the database of equipment 104, for follow-up wireless network authentication operation required (step 7B04a).Meanwhile, wireless telecommunications access equipment 104 and also set up one with aforementioned dynamic service setting identification code D_SSID and access service channel.
Then, terminal user equipment 103 inputs user account USER_ID ' and password PWD ' by user, and user account USER_ID ' and numeral 0 ~ n-1 are inputted respectively hash function H2 to produce n dynamic service setting identification code D_SSID_0, D_SSID_1 ..., D_SSID_n-1 (step 7B05), and comparison n dynamic service setting identification code D_SSID_0 ~ D_SSID_n-1 and dynamic service setting identification code D_SSID.If be consistent with dynamic service setting identification code D_SSID without any one in n dynamic service setting identification code D_SSID_0 ~ D_SSID_n-1, then network on-line cannot be started.If have one (such as: D_SSID_0) to be consistent with dynamic service setting identification code D_SSID in the dynamic service setting identification code D_SSID_0 ~ D_SSID_n-1 of n, then terminal user equipment 103 just uses this one to access service channel D_SSID and wireless telecommunications and access equipment 104 and connect (step 7B06).
Then, terminal user equipment 103 transmits user account USER_ID ' and accesses equipment 104 (step 7B08) with password PWD ' to wireless telecommunications.Then, wireless telecommunications access equipment 104 respectively comparison user account (USER_ID=USER_ID '?) and password (PWD=PWD '?) whether conform to (step 7B09).If do not conform to, then this Verification System 700 interrupt network is online; If conform to, terminal user equipment 103 and wireless telecommunications access equipment 104 can calculate one group of common encryption gold key, to carry out safety communication (step 7B10).
Then, please refer to Fig. 8, Fig. 8 is the schematic flow sheet of wireless network authentication method provided by the present invention.The method is applied to the wireless network authentication method that wireless telecommunications access equipment and terminal user equipment, the method comprises: (read step 800) provides card and the first card reader, and uses the first data that the first card reader reading card records; The first data that card records by (transfer step 801) are sent to wireless telecommunications and access equipment; And (authenticating step 802) first data of utilizing card to record access equipment to wireless telecommunications and terminal user equipment carries out certification.The method also comprises: (carrying out safety communication step 803) is if wireless telecommunications access equipment and the success of terminal user device authentication, then wireless telecommunications access equipment and terminal user equipment and can calculate one group of common encryption gold key, to carry out safety communication; (interrupt or restart step 804) if wireless telecommunications access equipment and terminal user device authentication fails, then interrupt network is online or restart network on-line.In addition, according to the above embodiments, known (transfer step 801) also comprises: provide another card reader to read card data, and the first data recorded by this card are sent to terminal user equipment.
The detailed embodiment of authenticating step 802 also embodiment as above has the mode of multiple certification to implement, such as: the first data that terminal user equipment is recorded by wireless network transfer card access equipment to wireless telecommunications, to complete the certification that terminal user equipment and wireless telecommunications access equipment by this.Again such as: the detailed embodiment of authenticating step 802 also can be that (a) is when the first card reader has read the first data, first card reader by generation one second data and transmit the second data give this card, for this card of write, the first card reader also sends the second data and the first data to wireless telecommunications and accesses equipment; (b) second card reader read the first data and the second data that this card records, and send first and second data to terminal user equipment; C () terminal user equipment transmits the first data by wireless network and the second data access equipment for certification to wireless telecommunications.Wherein, the second data are random number.Certainly, as in the previous embodiment, authenticating step 802 also can be that wireless telecommunications access equipment and inquire about corresponding user's verify data according to the first data of card to certification server, and acquired user's verify data and the data to be inputted by terminal user equipment are compared, to complete the certification that terminal user equipment and wireless telecommunications access equipment by this.
Introduce a kind of application mode of the present invention again.Bus sets up contactless card reader and combined with radio communication accesses equipment (as: WiMAX MS), passenger responds to and swap data with a non-contact card (as: EasyCard) and card reader when getting on the bus, responded to data are sent to wireless telecommunications and access equipment and be beneficial to itself and external users's certification server (as: EasyCard card be engaged in system) and carry out user's data query by card reader, after completing inquiry, data (such as: identification code and password) needed for user's certification can be back to wireless telecommunications and access equipment, previous operations is prepared to complete certification.When passenger opens terminal user equipment (as: mobile computer) for online, wireless telecommunications access equipment requirement passenger should for the data (such as: identification code and password) of certification comparison in the input of its terminal user equipment interface, pending data completes and inputs and be back to after wireless telecommunications access equipment, carries out user's certification; Opening network online service after authentication success.Passenger can be interrupted online or again online at any time, and while passenger getting off car deducts fare and ISP with non-contact card by card reader, also deletes this card record accesses equipment related data in wireless telecommunications.
Then, another kind of application mode of the present invention is introduced.Taxi sets up contactless card reader and combined with radio communication accesses equipment (as: WiMAX MS), passenger responds to and swap data with a non-contact card (as: EasyCard) and card reader when getting on the bus, and responded to data are sent to wireless telecommunications and access equipment by card reader.When passenger open terminal user equipment (as: mobile computer) to surf the Net time, the external mounted non-contact card card reader (as: USB CardReader) that taxi driver can be used to provide or provide for oneself is linked to terminal user equipment, and respond to same non-contact card, this non-contact card and terminal user equipment is made to set up data correlation, to access the foundation (its detailed process can refer to aforesaid embodiment) that equipment carries out certification and opening network online service as wireless telecommunications.Passenger can be interrupted online or again online at any time, and while passenger getting off car deducts fare with non-contact card by card reader, except deducting except ISP then and there, also can delete this card record accesses equipment related data in wireless telecommunications.
Moreover, introduce another kind of application mode of the present invention.Have a visitor to visit a certain company, visitor is after visitor service centre completes associated login operation, and visitor service centre core sends out a non-contact card to visitor.This non-contact card is an access card in fact, wherein records the building allowing to enter or meeting room space, and the entrance guard device in each region (contactless card reader) wireless telecommunications corresponding thereto access equipment link.As this visitor with non-contact card induction door access control system with while getting permission to enter certain meeting room, the data of this card are also recorded in the wireless telecommunications that this meeting room administers simultaneously and access in equipment.When this visitor open terminal user equipment (as: mobile computer) to surf the Net time, terminal user equipment is linked to the contactless card reader of external mounted (as: USB Card Reader), and respond to same non-contact card, this non-contact card and terminal user equipment is made to set up data correlation, to access the foundation (its detailed process can refer to aforementioned all embodiments) that equipment carries out certification and opening network online service as wireless telecommunications.This visitor can be interrupted online or again online at any time, and gives back this non-contact card when visitor leaves this company.
Introduce another kind of application mode of the present invention again.There is a certain engineer that a certain meeting room need be gone to have a meeting, his terminal user equipment (as: mobile computer) built-in non-contact inductive circuit (being equal to built-in non-contact card).When his terminal user equipment and contactless card reader mutual induction, being made for certification and being made for the necessary data of network on-line of non-contact card and terminal user equipment, reach wireless telecommunications after together reading via contactless card reader and access equipment, make wireless telecommunications access equipment after receiving the data read out from contactless card reader, the certification with terminal user equipment can be completed.
In addition, no matter existing many video pushing systems are indoor video screen or the large-screen of outdoor, how because of public domain, position place, so, only do the pushing of video, and deliberately by audible closure.But if do not have the auxiliary of sound, providing of much information is just sufficiently complete.The wireless network authentication system that the embodiment of the present invention provides and method thereof can be arranged in pairs or groups with video pushing system, the main frame of video pushing point can link with card reader, that views and admires video browses people, can with the mobile phone of built-in non-contact card or PDA, the annexation of its handheld terminal user's equipment and pushing point main frame is set up easily with the method and system that the embodiment of the present invention provides, afterwards, audio frequency can be sent to terminal user equipment by pushing point main frame, to provide the voice output with audio video synchronization.Certainly, video tour people also can use the external card reader of mobile computer, the annexation made for setting up its mobile computer and pushing point main frame of recycling card, the enable sound source output device by mobile computer carries out the voice output with audio video synchronization.Example as the aforementioned, if there is a visitor to visit a certain company, visitor is after visitor service centre completes associated login operation, visitor service centre core sends out a non-contact card to visitor, this visitor can utilize acquired non-contact card, first first once respond on the card reader of video pushing point main frame, the terminal user equipment (as: mobile computer) of visitor is linked to again with the contactless card reader of external mounted (as: USB Card Reader), and respond to same non-contact card, make non-contact card can set up the annexation of its terminal user equipment and pushing point main frame, afterwards, just the sound source output device by mobile computer carries out the voice output with audio video synchronization.
Another kind of application is the information display that the system that provides with the embodiment of the present invention and method thereof carry out easily and effectively, such as: at quiet museum or any spacial flex ... etc., each machine plotting sets up information display main frame and card reader of arranging in pairs or groups, visiting people can with the earphone of built-in card, by enforcement of the present invention, the audio description of machine plotting is sent to the earphone of visit people to provide the machine plotting recommended information of form of sound.Or visit people can use the terminal user equipment with screen, no matter be with built-in card or the mode using card with external card reader, can implement by the System and method for that provides of the embodiment of the present invention, the exhibition video of machine plotting is sent to this terminal user equipment, browses in order to visit people.Or can implement by the System and method for that provides of the embodiment of the present invention, the Exhibition Information of machine plotting is downloaded to the suitable terminal user equipment visiting people.
In sum, wireless network authentication system provided by the present invention and method thereof have following advantage.
A () promotes certification execution efficiency: the link accessing equipment with contactless card reader and wireless telecommunications, and pass through the closely exchanges data of non-contact inductive technology, can exempt the data transmitted in conventional wireless network verification process as easy as rolling off a log suffer eavesdropping, wireless telecommunications access equipment meet with camouflage counterfeit ... wait the puzzlement of threat, and then evade conventional wireless network must be limited to the security concerns of the congenital transmission of wireless telecommunications consideration when design verification agreement.Therefore, the present invention proposes can significantly simplify wireless network authentication process and complexity thereof, and maintains safe class of equal value, and the benefit that the computational power obtained because of Reduced Design is extremely low, obviously can promote execution efficiency.B the kind of () Verification System provided by the invention and method and the network architecture and terminal user equipment has nothing to do, that is the present invention does not limit the selection of radio network technique.And be identify benchmark with non-contact card, selecting of the present invention and terminal user equipment can be made irrelevant.C () the present invention can start brand-new business model, the present invention can select open wireless network certification, closed wireless network authentication or the direct certification of card in suitable application scenarios, comprising: the application situation of home environment, office space and other emerging business model.D () the present invention can apply with existing non-contact card and mutually arrange in pairs or groups, such as: gate control system card, payment system card ... etc., mutually arrange in pairs or groups.
Although the present invention discloses as above with preferred embodiment; but it is also not used to limit the present invention, those skilled in the art, under the premise without departing from the spirit and scope of the present invention; when doing some changes and modification, therefore protection scope of the present invention is when being as the criterion with claim of the present invention.
Claims (17)
1. a wireless network authentication system, is characterized in that this system comprises:
Card, in order to record the first data;
First card reader, in order to read these first data that this card records;
Terminal user equipment; And
Wireless telecommunications access equipment, are coupled to this first card reader, in order to receive these first data that this first card reader reads, and complete according to these first data the certification that this terminal user equipment and this wireless telecommunications access equipment;
Second card reader, is coupled to this terminal user equipment, in order to read these first data that this card records, and sends these first data to this terminal user equipment,
Wherein, this card is non-contact card, and this first card reader is induction type card reader, and,
Wherein, when this first card reader has read these first data, this first card reader is by generation second data and these second data are write this card, this first card reader also sends these second data and this first data to these wireless telecommunications and accesses equipment, then, these wireless telecommunications access equipment by these first data and these second data input hash function, to produce the first dynamic Service setting identification code;
This second card reader reads these first data and this second data that this card records, and by this first with these second data send this terminal user equipment to, then, the first data received and the second data are inputted hash function by this terminal user equipment, to produce the second dynamic Service setting identification code, conform to if the second dynamic Service setting identification code that this terminal user equipment produces and these wireless telecommunications access the first dynamic Service setting identification code that equipment produces, then terminal user equipment and wireless telecommunications are accessed equipment and are set up by this wireless network and be connected,
These wireless telecommunications access equipment and transmit these second data to this terminal user equipment for certification by this wireless network, and whether this terminal user equipment comparison second data received by the second card reader conform to the second data that the equipment that accesses from wireless telecommunications receives; If do not conform to, then this wireless network authentication system interrupt network is online or restart network on-line; If conform to, terminal user equipment sends the first data to wireless telecommunications by wireless network and accesses equipment, with as the data needed for certification; And
Whether the first data that these wireless telecommunications access received by equipment comparison self terminal user equipment conform to from the first data received by the first card reader; If do not conform to, then this wireless network authentication system interrupt network is online or restart network on-line; If conform to, terminal user equipment and wireless telecommunications access equipment and calculate one group of common encryption gold key, to carry out safety communication.
2. wireless network authentication system as claimed in claim 1, is characterized in that, these wireless telecommunications access between equipment and this terminal user equipment and utilize the service setting identification code dynamically produced to connect.
3. wireless network authentication system as claimed in claim 1, is characterized in that, be built in this terminal user equipment in this non-contact card.
4. wireless network authentication system as claimed in claim 1, is characterized in that, be built in this terminal user equipment in this second card reader.
5. wireless network authentication system as claimed in claim 1, it is characterized in that, this second card reader is the second induction type card reader.
6. wireless network authentication system as claimed in claim 1, it is characterized in that, this second card reader is the second contact card reader.
7. wireless network authentication system as claimed in claim 1, is characterized in that these second data are random number.
8. wireless network authentication system as claimed in claim 1, is characterized in that described wireless network authentication system also comprises:
Certification server, is coupled to these wireless telecommunications and accesses equipment;
Wherein, these wireless telecommunications access equipment and inquire about corresponding user's verify data according to these first data of this card to this certification server, and this acquired user's verify data and the data to be inputted by this terminal user equipment are compared, to complete the certification that this terminal user equipment and this wireless telecommunications access equipment by this.
9. wireless network authentication system as claimed in claim 1, it is characterized in that, these wireless telecommunications access equipment and comprise at least one WiFi take-away belt (conveyor).
10. wireless network authentication system as claimed in claim 1, is characterized in that this system is applied to GSM, GPRS, WiFi, WiMAX, 3G or 4G wireless telecommunication system.
11. wireless network authentication systems as claimed in claim 1, is characterized in that this system is applied to video pushing system, display systems, gate control system or payment system.
12. 1 kinds of wireless network authentication methods, is characterized in that the method comprises:
Use the first data that the first card reader reading card records;
These first data are sent to wireless telecommunications and access equipment;
These first data are utilized to access equipment to these wireless telecommunications and terminal user equipment carries out certification,
The second card reader is used to read the first data of this card; And
These first data are sent to this terminal user equipment,
Wherein, this card is non-contact card, and this first card reader is induction type card reader, and
Wherein, when this first card reader has read these first data, the second data have been write this card by this first card reader; This first card reader sends these second data and this first data to these wireless telecommunications and accesses equipment, and then, these wireless telecommunications access equipment by these first data and these second data input hash function, to produce the first dynamic Service setting identification code;
These first data and this second data that this card records are read by this second card reader; By this second card reader by this first with these second data send this terminal user equipment to, then, the first data received and the second data are inputted hash function by this terminal user equipment, to produce the second dynamic Service setting identification code, conform to if the second dynamic Service setting identification code that this terminal user equipment produces and these wireless telecommunications access the first dynamic Service setting identification code that equipment produces, then terminal user equipment and wireless telecommunications are accessed equipment and are set up by this wireless network and be connected;
These wireless telecommunications access equipment and transmit these second data to this terminal user equipment for certification by this wireless network, and whether this terminal user equipment comparison second data received by the second card reader conform to the second data that the equipment that accesses from wireless telecommunications receives; If do not conform to, then this wireless network authentication system interrupt network is online or restart network on-line; If conform to, terminal user equipment sends the first data to wireless telecommunications by wireless network and accesses equipment, with as the data needed for certification; And
Whether the first data that these wireless telecommunications access received by equipment comparison self terminal user equipment conform to from the first data received by the first card reader; If do not conform to, then this wireless network authentication system interrupt network is online or restart network on-line; If conform to, terminal user equipment and wireless telecommunications access equipment and calculate one group of common encryption gold key, to carry out safety communication.
13. wireless network authentication methods as claimed in claim 12, is characterized in that, these wireless telecommunications access between equipment and this terminal user equipment and utilize the service setting identification code dynamically produced to connect.
14. wireless network authentication methods as claimed in claim 12, is characterized in that these second data are random number.
15. wireless network authentication methods as claimed in claim 12, is characterized in that described wireless network authentication method also comprises:
Certification server is provided;
Access equipment by these wireless telecommunications and inquire about corresponding user's verify data according to these first data of this card to this certification server; And
Access equipment by these wireless telecommunications the verify data that this user's verify data and this terminal user equipment are inputted by this wireless network is compared, to complete the certification that this terminal user equipment and this wireless telecommunications access equipment by this.
16. wireless network authentication methods as claimed in claim 12, is characterized in that the method can be applied to the wireless telecommunication system of GSM, GPRS, WiFi, WiMAX, 3G or 4G.
17. wireless network authentication methods as claimed in claim 12, is characterized in that the method is applied to video pushing system, display systems, gate control system or payment system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710147295.5A CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710147295.5A CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101383816A CN101383816A (en) | 2009-03-11 |
| CN101383816B true CN101383816B (en) | 2015-09-02 |
Family
ID=40463440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710147295.5A Active CN101383816B (en) | 2007-09-06 | 2007-09-06 | wireless network authentication system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101383816B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178876B (en) * | 2011-12-23 | 2016-09-07 | 成都有尔科技有限公司 | A kind of method being connected with electric terminal foundation and electric terminal |
| CN106879047B (en) * | 2012-05-02 | 2020-06-09 | 阿里巴巴集团控股有限公司 | Method for near-field information transfer, information transmission and receiving client and information system |
| CN108921590A (en) * | 2018-05-30 | 2018-11-30 | 苏州介观软件技术有限公司 | For the advertisement delivery system in bus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1551561A (en) * | 2003-05-16 | 2004-12-01 | 华为技术有限公司 | Method for realizing high-srate grouped data business identification |
| CN1599338A (en) * | 2003-09-19 | 2005-03-23 | 皇家飞利浦电子股份有限公司 | Method of improving safety, for radio local network |
| JP2007065715A (en) * | 2005-08-29 | 2007-03-15 | Nec Access Technica Ltd | Method for setting network connection, electronic equipment, setting information generating device, setting system and program |
-
2007
- 2007-09-06 CN CN200710147295.5A patent/CN101383816B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1551561A (en) * | 2003-05-16 | 2004-12-01 | 华为技术有限公司 | Method for realizing high-srate grouped data business identification |
| CN1599338A (en) * | 2003-09-19 | 2005-03-23 | 皇家飞利浦电子股份有限公司 | Method of improving safety, for radio local network |
| JP2007065715A (en) * | 2005-08-29 | 2007-03-15 | Nec Access Technica Ltd | Method for setting network connection, electronic equipment, setting information generating device, setting system and program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101383816A (en) | 2009-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI403145B (en) | Authentication system and method thereof for wireless networks | |
| US8807426B1 (en) | Mobile computing device authentication using scannable images | |
| Chen et al. | NFC mobile transactions and authentication based on GSM network | |
| US20060064458A1 (en) | Secure access to a subscription module | |
| CN104778773A (en) | System and method for controlling entrance guard by mobile phone | |
| JP2007537680A (en) | Authentication wireless phone system | |
| CN101083530A (en) | Method for realizing intra-mobile entity authentication and cipher key negotiation using short message | |
| CN105893802A (en) | Method for locking/unlocking computer screen based on Bluetooth | |
| CN101916459B (en) | Safe electronic ticket method | |
| CN104424676A (en) | Identity information sending method, identity information sending device, access control card reader and access control system | |
| WO2006065002A1 (en) | User authentication method in another network using digital signature made by mobile terminal | |
| CN104202299A (en) | System and method of identity authentication based on Bluetooth | |
| CN106559213A (en) | Device management method, equipment and system | |
| FR2790177B1 (en) | AUTHENTICATION IN A RADIOTELEPHONY NETWORK | |
| CN102547691A (en) | Security electronic control system and method based on 2.4G radio frequency identification (RFID) smart card system | |
| CN101383816B (en) | wireless network authentication system and method thereof | |
| JP2005500708A (en) | Set up calls from mobile radiotelephone terminals with biometric authentication | |
| CN102665208B (en) | Mobile terminal, terminal banking safety certifying method and system | |
| CN101877852B (en) | User access control method and system | |
| EP1890461B1 (en) | Secure access to a subscription module | |
| CN107707560A (en) | Authentication method, system, network access equipment and Portal server | |
| CN114499899B (en) | Identity verification system | |
| CN101848228B (en) | Method and system for authenticating computer terminal server ISP identity by using SIM cards | |
| CN106792687A (en) | The connection method of mobile terminal WIFI network and system | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |