CN101621803A - Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate - Google Patents
Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate Download PDFInfo
- Publication number
- CN101621803A CN101621803A CN200910162372A CN200910162372A CN101621803A CN 101621803 A CN101621803 A CN 101621803A CN 200910162372 A CN200910162372 A CN 200910162372A CN 200910162372 A CN200910162372 A CN 200910162372A CN 101621803 A CN101621803 A CN 101621803A
- Authority
- CN
- China
- Prior art keywords
- certificate
- wapi
- sim card
- digital certificate
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for managing a wireless LAN authentication and privacy infrastructure (WAPI) certificate, which comprises the following steps: storing a downloaded WAPI certificate in a self memory area by a terminal; when the terminal is accessed into a wireless local area network (WLAN), reading the stored WAPI certificate from the memory area for authentication by the terminal; and if the authentication is passed, writing the WAPI certificate into an SIM card of a subscriber identity module. The method conveniently and safely manages the WAPI digital certificate by managing a file of the SIM card which can provide extra security protection for the digital certificate, thus the reliability is higher. Meanwhile, the method also sufficiently utilizes a digital certificate on FLASH of the terminal as a backup mechanism, thereby avoiding the condition that a user cannot normally use the WAPI terminal because the SIM card is damaged, and the like. The invention enables the user to manage the certificate in the terminal any time and any where according to self requirements and has convenience and flexibility.
Description
Technical field
The present invention relates to WLAN authentication and privacy infrastructure (WLAN Authentication andPrivacy Infrastructure, be called for short WAPI) technical field, relate in particular to a kind of management method and device of WLAN authentication and privacy infrastructure certificate.
Background technology
Along with the development of mobile technology, mobile phone becomes more and more important in people's life, and its function also becomes increasingly abundant, and the wireless interconnected intercommunication between mobile phone and the other-end also becomes an important topic.WAPI makes the WAPI mobile phone become the new lover on the market owing to adopted the more senior cipher mode than WIFI (Wireless Fidelity).
As everyone knows, the WAPI technology is actually by WAI (WLAN AuthenticationInfrastructure) and WPI (WLAN Privacy Infrastructure) two parts to be formed, and WAI and WPI realize respectively the discriminating of user identity and the data encryption to transmitting.The WAPI technology adopts public key cryptography mechanism at present, and certificate of utility comes STA (terminal) in WLAN (WLAN (wireless local area network)) system and AP (access point) are authenticated.Defined a kind of ASU by name (Authentication Service Unit in the WAPI system, asu (authentication service unit)) entity, be used for management and participate in the needed digital certificate of information exchange each side (WAPI certificate), comprise certificate generation, issue, revoke and renewal etc.
In the WAPI system, digital certificate is to play a very important role, if the management link of digital certificate goes wrong, not only the user uses the WAPI mobile phone to be affected, and can cause great potential safety hazard.
At present, WAPI is responsible for accepting user's request by CA (Certificate Authority) center in telecommunications network, sign and issue and managing digital certificate, provides certificate query, the acceptance certificate de-registration request.The user passes through to business hall (RA/RAT) application digital certificate, or utilize computer, mobile phone directly to download digital certificate from the Internet, usually digital certificate is kept at the FLASH district of mobile phone, there is the problem of certificate management inconvenience in this mode, if the user changes mobile phone, just need again digital certificate to be write the FLASH district of new cell-phone.
Summary of the invention
The invention provides a kind of management method and device of WLAN authentication and privacy infrastructure certificate, after being implemented in the user and changing terminal, need not the WAPI certificate is write the FLASH district again.
For solving the problems of the technologies described above, the management method of a kind of WLAN authentication and privacy infrastructure certificate of the present invention comprises:
Terminal is saved in the WLAN authentication and privacy infrastructure WAPI certificate of downloading in the memory block of self;
When terminal inserts WLAN (wireless local area network) WLAN, from the memory block, read the WAPI certificate of being preserved and authenticate,, then the WAPI certificate is write in the client identification module SIM card if authentication is passed through.
Further, after terminal writes SIM card with the WAPI certificate, when inserting WLAN once more, from SIM card, read the WAPI certificate and authenticate, if authentification failure, then carry out and from the memory block, read the WAPI certificate of being preserved and authenticate.
Further, in SIM card, also dispose digital certificate status indicator file, terminal is when writing SIM card with the WAPI certificate, and also this digital certificate status indicator file is set to identify effective status, and the initial condition of this digital certificate status indicator file is the sign disarmed state.
Further, terminal reads the WAPI certificate of being preserved and authenticates from the memory block before, also comprise:
Terminal check dight certificate status identification document is if the sign disarmed state is then carried out and read the WAPI certificate of being preserved authenticate from the memory block; If the sign effective status is then carried out and is read the WAPI certificate authenticate from SIM card.
Further, when terminal read the WAPI certificate and authenticates from SIM card, if read failure, then digital certificate status indicator file was set to identify disarmed state.
Further, a kind of management devices of WLAN authentication and privacy infrastructure certificate comprises: certificate download module and authentication module, wherein:
The certificate download module, the WAPI certificate that is used for downloading is saved in the memory block;
Authentication module is used for reading the WAPI certificate of being preserved and authenticate from the memory block when inserting WLAN, if authentication is passed through, then the WAPI certificate is write in the SIM card.
Further, authentication module also is used for after the WAPI certificate is write SIM card, when inserting WLAN once more, reads the WAPI certificate and authenticate from SIM card, if authentification failure, then carries out and reads the WAPI certificate of being preserved authenticate from the memory block.
Further, in SIM card, also dispose digital certificate status indicator file; The initial condition of this digital certificate status indicator file is the sign disarmed state;
Authentication module also is used for, and when the WAPI certificate was write SIM card, also this digital certificate status indicator file was set to identify effective status.
Further, authentication module also is used for before reading the WAPI certificate of being preserved from the memory block and authenticating, and if check dight certificate status identification document the sign disarmed state, is then carried out and read the WAPI certificate of being preserved authenticate from the memory block; If the sign effective status is then carried out and is read the WAPI certificate authenticate from SIM card.
Further, authentication module also is used for when reading the WAPI certificate from SIM card and authenticate, if read failure, then digital certificate status indicator file is set to identify disarmed state.
In sum, utilization of the present invention has realized the management to the WAPI digital certificate easily and safely to the file management of SIM card, and SIM card can provide extra safeguard protection for digital certificate, and reliability is higher.Simultaneously, the present invention has also made full use of digital certificate on the FLASH of terminal as back mechanism, avoided the user can not normally use the WAPI terminal because of reasons such as SIM card damages, the present invention can make the user according to the needs of self digital certificate of lane terminal be managed whenever and wherever possible, and is convenient, flexible.
Description of drawings
Fig. 1 is the flow chart of the management method of embodiment of the invention WAPI certificate;
Fig. 2 is the Organization Chart of the management devices of embodiment of the invention WAPI certificate.
Embodiment
The user can pass through OTA (aerial download technology) or from modes such as the Internet download among the present invention, digital certificate is downloaded to the Flash scratchpad area (SPA) of terminal, after finishing the storage of digital certificate, terminal is selected the file (digital certificate status indicator file) of sign digital certificate state in the SIM card, initialization digital certificate status indicator file identification disarmed state.
When inserting wlan network, terminal activating and authenticating process, the authentication control module will read digital certificate from the scratchpad area (SPA) and authenticate, if authentication is passed through, think that then this digital certificate is effective, terminal is written to the binary file (digital certificate file) that is used for storing digital certificate in the SIM card with the digital certificate in the Flash scratchpad area (SPA), and digital certificate status indicator file modification is the sign effective status; If authentication is not passed through, then down loading updating digital certificate again.
After digital certificate write digital certificate file in the SIM card, during each the authentication, the authentication control module reads digital certificate from the digital certificate file of SIM card, authenticate, behind the authentication success, the digital certificate in the digital certificate file is set to give tacit consent to digital certificate; If problems such as SIM card damage take place, when causing the authentication control module from the digital certificate file, to read digital certificate, then digital certificate status indicator file is rewritten as the sign disarmed state, and from the Flash scratchpad area (SPA), reads digital certificate and authenticate.
Below in conjunction with accompanying drawing specific implementation method of the present invention is described.
Figure 1 shows that the management method of embodiment of the invention WAPI certificate, comprising:
Step 101: the user is by the OTA mode or by the mode downloading digital certificate from page download;
Step 102: terminal is saved in the Flash scratchpad area (SPA) with digital certificate;
Step 103: terminal initial digital certificate status indicator file is the sign disarmed state;
Step 104: when terminal inserts wlan network, the activating and authenticating process, authentication module check dight certificate status identification document, if disarmed state, then execution in step 105; If effective status, then execution in step 108;
Step 105: authentication module reads digital certificate from the Flash scratchpad area (SPA) and authenticates, if authentication is not passed through, then execution in step 106; If authentication is passed through, then execution in step 107;
Step 106: terminal is downloading digital certificate again, is saved in the Flash scratchpad area (SPA), execution in step 104;
Step 107: authentication module writes digital certificate in the digital certificate file in the SIM card, revises digital certificate status indicator file identification effective status, inserts wlan network, finishes;
Step 108: authentication module reads digital certificate and authenticates from the digital certificate file of SIM card, if authentication is passed through, then inserts wlan network, finishes; If authentication is not passed through, then execution in step 105;
If authentication module can't read digital certificate from SIM card, then rewrite digital certificate status indicator file identification disarmed state.
If the user has changed SIM card, then can re-execute above-mentioned flow process, digital certificate is deposited in the SIM card.
Fig. 2 is the management devices of embodiment of the invention WAPI certificate, comprising: certificate download module, authentication module, SIM card and memory block (as the Flash scratchpad area (SPA)), and wherein:
The certificate download module is used for by the OTA mode or by the mode downloading digital certificate from page download, and digital certificate is saved in the Flash scratchpad area (SPA);
Authentication module, be used for when inserting wlan network, the activating and authenticating process, check the digital certificate status indicator file that disposes in the SIM card, if disarmed state, then read digital certificate from the Flash scratchpad area (SPA) and authenticate, if authentication is not passed through, notice certificate download module is downloading digital certificate again; If authentication is passed through, then digital certificate is write in the digital certificate file in the SIM card, revise digital certificate status indicator file identification effective status, be linked into wlan network, finish; If effective status then reads digital certificate and authenticates from the digital certificate file of SIM card, if authentication is passed through, then insert wlan network, finish; If authentication is not passed through, then read digital certificate and authenticate from the Flash scratchpad area (SPA); If authentication module can't read digital certificate from SIM card, then rewrite digital certificate status indicator file identification disarmed state.
Should be understood that; concerning the those of ordinary skill in field, the technology of the present invention place; can be equal to accordingly according to technical scheme of the present invention and design thereof and change or replace, and all these changes or replacement, all should belong to the protection range of claims of the present invention.
Claims (10)
1, a kind of management method of WLAN authentication and privacy infrastructure certificate comprises:
Terminal is saved in the WLAN authentication and privacy infrastructure WAPI certificate of downloading in the memory block of self;
When terminal inserts WLAN (wireless local area network) WLAN, from described memory block, read the WAPI certificate of being preserved and authenticate,, then described WAPI certificate is write in the client identification module SIM card if authentication is passed through.
2, the method for claim 1, it is characterized in that, after described terminal writes SIM card with the WAPI certificate, when inserting WLAN once more, reading the WAPI certificate from described SIM card authenticates, if authentification failure is then carried out the described WAPI certificate of being preserved that reads and is authenticated from described memory block.
3, method as claimed in claim 2, it is characterized in that, in described SIM card, also dispose digital certificate status indicator file, described terminal is when writing SIM card with the WAPI certificate, also this digital certificate status indicator file is set to identify effective status, and the initial condition of this digital certificate status indicator file is the sign disarmed state.
4, method as claimed in claim 3 is characterized in that, described terminal reads the WAPI certificate of being preserved and authenticates from described memory block before, also comprises:
Described terminal is checked described digital certificate status indicator file, if the sign disarmed state is then carried out the described WAPI certificate of being preserved that reads and authenticated from described memory block; If the sign effective status is then carried out the described WAPI certificate that reads and is authenticated from described SIM card.
5, method as claimed in claim 4 is characterized in that, when described terminal read the WAPI certificate and authenticates from described SIM card, if read failure, then described digital certificate status indicator file was set to identify disarmed state.
6, a kind of management devices of WLAN authentication and privacy infrastructure certificate comprises: certificate download module and authentication module, wherein:
Described certificate download module, the WAPI certificate that is used for downloading is saved in the memory block;
Described authentication module is used for reading the WAPI certificate of being preserved and authenticate from described memory block when inserting WLAN, if authentication is passed through, then the WAPI certificate is write in the SIM card.
7, device as claimed in claim 6 is characterized in that,
Described authentication module also is used for after the WAPI certificate is write SIM card, when inserting WLAN once more, reads the WAPI certificate and authenticate from described SIM card, if authentification failure is then carried out the described WAPI certificate of being preserved that reads and authenticated from described memory block.
8, device as claimed in claim 7 is characterized in that,
In described SIM card, also dispose digital certificate status indicator file; The initial condition of this digital certificate status indicator file is the sign disarmed state;
Described authentication module also is used for, and when the WAPI certificate was write SIM card, also this digital certificate status indicator file was set to identify effective status.
9, device as claimed in claim 8 is characterized in that,
Described authentication module, also be used for before reading the WAPI certificate of being preserved from described memory block and authenticating, check described digital certificate status indicator file, if the sign disarmed state is then carried out the described WAPI certificate of being preserved that reads and authenticated from described memory block; If the sign effective status is then carried out the described WAPI certificate that reads and is authenticated from described SIM card.
10, device as claimed in claim 9 is characterized in that,
Described authentication module also is used for when reading the WAPI certificate from described SIM card and authenticate, if read failure, then described digital certificate status indicator file is set to identify disarmed state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910162372A CN101621803A (en) | 2009-08-11 | 2009-08-11 | Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910162372A CN101621803A (en) | 2009-08-11 | 2009-08-11 | Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101621803A true CN101621803A (en) | 2010-01-06 |
Family
ID=41514776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910162372A Pending CN101621803A (en) | 2009-08-11 | 2009-08-11 | Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101621803A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102083065A (en) * | 2011-02-14 | 2011-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for managing certificates |
| WO2012092711A1 (en) * | 2011-01-06 | 2012-07-12 | 宇龙计算机通信科技(深圳)有限公司 | Method for configuring wireless local area network digital certificate and mobile terminal |
| CN109922121A (en) * | 2014-09-05 | 2019-06-21 | 高通股份有限公司 | Access and traffic differentiation are carried out using multiple certificates |
| CN114553502A (en) * | 2022-01-29 | 2022-05-27 | 联想开天科技有限公司 | Network authentication method and electronic equipment |
-
2009
- 2009-08-11 CN CN200910162372A patent/CN101621803A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012092711A1 (en) * | 2011-01-06 | 2012-07-12 | 宇龙计算机通信科技(深圳)有限公司 | Method for configuring wireless local area network digital certificate and mobile terminal |
| CN102083065A (en) * | 2011-02-14 | 2011-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for managing certificates |
| CN102083065B (en) * | 2011-02-14 | 2013-11-13 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for managing certificates |
| CN109922121A (en) * | 2014-09-05 | 2019-06-21 | 高通股份有限公司 | Access and traffic differentiation are carried out using multiple certificates |
| US11223628B2 (en) | 2014-09-05 | 2022-01-11 | Qualcomm Incorporated | Using multiple credentials for access and traffic differentiation |
| CN114553502A (en) * | 2022-01-29 | 2022-05-27 | 联想开天科技有限公司 | Network authentication method and electronic equipment |
| CN114553502B (en) * | 2022-01-29 | 2024-03-29 | 联想开天科技有限公司 | Network authentication method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9438600B2 (en) | Apparatus and methods for distributing and storing electronic access clients | |
| US8811971B2 (en) | Mobile communication device and method for disabling applications | |
| CN101755291B (en) | Method, system and trusted service manager for securely transmitting an application to a mobile phone | |
| CN101394615B (en) | Mobile payment terminal and payment method based on PKI technique | |
| US20180089434A1 (en) | Preserving trust data during operating system updates of a secure element of an electronic device | |
| US20070150736A1 (en) | Token-enabled authentication for securing mobile devices | |
| EP2472923B1 (en) | Remote control method and system for smart card | |
| JP2006180498A (en) | Mobile communication terminal with function for preventing hacking of subscriber identification module and method for preventing hacking of subscriber identification module | |
| ES2409807B1 (en) | METHOD FOR MANAGING COMMUNICATION WITHOUT CONTACT IN A USER DEVICE | |
| CN102149083A (en) | Personalized card writing method, system and device | |
| WO2013023510A1 (en) | User information storage method and equipment thereof | |
| US8412270B2 (en) | Using network authentication to counter subscriber identity module card man-in-the-middle subsidy lock attack | |
| CN102752754B (en) | Subscriber Identity Module lock data are carried out method and the mobile terminal of safety certification | |
| WO2011022914A1 (en) | Method and system for smart card remote control | |
| CN101621803A (en) | Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate | |
| CN101166320B (en) | A mobile phone and method for realizing mobile phone true name system based on RF recognition technology | |
| CN101350985B (en) | Method for backup of SIM card information, mobile terminal and system | |
| CN101282347B (en) | Method for controlling intelligent storing card | |
| Mantoro et al. | Smart card authentication for Internet applications using NFC enabled phone | |
| CN104462893A (en) | Method and device for managing multiple SE modules | |
| KR101297527B1 (en) | Circuit card data protection | |
| CN1980427A (en) | Device for mobile terminal to automatically deleting information, and method thereof | |
| KR101040577B1 (en) | Method and System for issuing of Mobile Application | |
| KR20130141371A (en) | Methods for backup and restoration of profile in euicc environment and devices therefor | |
| CN106557372B (en) | Application sharing method and device and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100106 |