CN102404738B - Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN) - Google Patents

Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN) Download PDF

Info

Publication number
CN102404738B
CN102404738B CN201010282525.0A CN201010282525A CN102404738B CN 102404738 B CN102404738 B CN 102404738B CN 201010282525 A CN201010282525 A CN 201010282525A CN 102404738 B CN102404738 B CN 102404738B
Authority
CN
China
Prior art keywords
terminal
wlan
communication identifier
terminal iidentification
state information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010282525.0A
Other languages
Chinese (zh)
Other versions
CN102404738A (en
Inventor
黄杰
位莅
孔建坤
杜伟
张社华
崔可升
刘海冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Shandong Co Ltd
Original Assignee
China Mobile Group Shandong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Shandong Co Ltd filed Critical China Mobile Group Shandong Co Ltd
Priority to CN201010282525.0A priority Critical patent/CN102404738B/en
Publication of CN102404738A publication Critical patent/CN102404738A/en
Application granted granted Critical
Publication of CN102404738B publication Critical patent/CN102404738B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a method, a system and an authentication server for being switched in and retreating from the wireless local area network (WLAN), which include storing corresponding relation among communication identification, terminal identification and business state information in advance in the authentication server, so that corresponding business state information can be updated to waiting for online according to the communication identification carried in online business request when the terminal demands to be on line. Therefore, when an AC conducts authentication on the terminal, the AC can search corresponding business state information according to the terminal identification, and only terminals with both the terminal identification and corresponding business state information meeting the requirements can be allowed to be switched in the WLAN network. Further, only terminals with terminal identification meeting the requirements are allowed to conduct off line operation when retreating from the WLAN network, so that generality of the WLAN business authentication is higher, no extra authentication link is required to be added, and authentication safety is higher.

Description

A kind of access, the method that exits wlan network, system and certificate server
Technical field
The present invention relates to wireless communication field, relate in particular to a kind of access, exit method, system and the certificate server of wlan network.
Background technology
WLAN (wireless local area network) (WLAN, Wireless LAN) utilizes wireless technology to realize the technology of quick access to LAN.Operator adopts the unified plan mode to carry out building of wireless network environment, in order to the WLAN business of networking to be provided.
The WLAN business guarantees by the mode of business authentication the fail safe that business is carried out, business authentication can adopt the authentication modes such as authentication of client-based authentication, the authentication based on webpage (WEB) and the network interface card based on terminal (MAC) address, below respectively these three kinds of authentication modes is described.
1, client-based authentication mode is that special-purpose client software is installed on terminal, when terminal need to access the purpose network by WLAN, at first the user inputs the WLAN accounts informations such as user name, password to client, the WLAN accounts information of input, after certificate server (RADIUS) authentication is passed through, allows terminal to access the purpose network.
Client-based authentication mode need to be installed specific client software on terminal, and terminal type is various at present, it is all very difficult developing a kind of client software that is applicable to the even all terminals of major part, and adopt the carrier customization terminal and the mode of built in client in terminal, certain limitation is also arranged, can't effectively support the popularization of WLAN business.
2, the authentication mode of Base on Web refers to that terminal is when accessing the purpose network by WLAN, the access of terminal is redirected to entrance (PORTAL) webpage, the window that the user provides by the PORTAL webpage is inputted the WLAN accounts informations such as user name, password, after the WLAN accounts information authentication of input is passed through, allow terminal access purpose network.
The authentication mode of Base on Web because not needing that client is installed, highly versatile is used widely, but the authentication mode of Base on Web needs initial landing PORTAL certification page, increased the link that the user moves WLAN, and after the user reaches the standard grade, can not close the PORTAL certification page, once because close the PORTAL certification page, the user can't initiatively be rolled off the production line, can only be by the time without overtime rear passive the rolling off the production line of flow, the business of networking that causes the user is the problem of Fare determined by travel time accurately; In addition, the authentication mode of Base on Web equally can not compatible all terminals, especially current PORTAL authentication mode can not compatible all mobile phone browsers, can't correctly show the PORTAL page on the part mobile phone, and the part mobile phone can not be opened two and above browser page simultaneously, if the user need to use the web page browsing business, need to close the PORTAL certification page after reaching the standard grade, cause the accurately problem of Fare determined by travel time of online.
3, the WLAN authentication method based on MAC address authentication refers to that the MAC Address based on terminal carries out access authentication, and main operation is:
When the user uses first the WLAN business on designated terminal, carry out the authentication of the WLAN accounts informations such as user name, password, after authentication success, network side is bound and be kept to the MAC Address of designated terminal and this WLAN account; Do not need to input accounts information when the user uses the WLAN business again on this designated terminal, network side carries out business authentication according to the terminal MAC ground identified.
Mode based on MAC address authentication still needs to carry out once to the verification process of the WLAN accounts informations such as user name, password, exists the user to forget the risk of WLAN accounts information; In addition, in the situation that only utilize MAC Address to be authenticated, because MAC Address can be revised software by MAC Address and arbitrarily revises, therefore, when the user successfully accessed wlan network, the binding of MAC Address and WLAN account, will cause the be stolen risk of rear illegal use WLAN account of MAC Address.
In sum, under the authentication mode of current WLAN business, there is the problem that the client certificate versatility is poor, use WEB authentication link is more and the MAC address authentication fail safe is poor.
Summary of the invention
The embodiment of the present invention provides a kind of access, exits the method for wlan network, system and certificate server, the problem poor for the versatility existed in the verification process that solves prior art WLAN business, that use WEB authentication link is more and the MAC address authentication fail safe is poor.
The method of accessing WLAN WLAN a kind of, the method comprises:
When the WLAN that receives the first terminal initiation reaches the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state;
When receiving the authentication request of the terminal iidentification that carries the second terminal, determine the business state information that described terminal iidentification is corresponding, when described business state information is the first state, be that the second terminal distribution is for accessing the IP address of wlan network.
The method of WLAN withdraw WLAN a kind of, described method comprises:
When receiving WLAN that first terminal initiates and rolling off the production line service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries;
Be released to the IP address of the second terminal distribution that definite described terminal iidentification is corresponding.
A kind of certificate server, described certificate server comprises:
Information storage module, for the corresponding relation between storing communication sign, terminal iidentification and business state information and three;
The first message response module, while for the WLAN receiving the first terminal initiation, reaching the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save in information storage module, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state;
The second message response module, for when receiving authentication request, when the business state information that the terminal iidentification that indicating services server A C carries in described authentication request is corresponding is the first state, is that the second terminal distribution is for accessing the IP address of wlan network.
A kind of service server, described service server comprises:
Sending module, for sending the authentication request of carried terminal sign;
Receiver module, for receiving the business state information that described terminal iidentification is corresponding;
Operational module, while for the business state information receiving, being the first state, for terminal distribution corresponding to described terminal iidentification for accessing the IP address of wlan network.
A kind of WLAN Operational Visit system, described system comprises first terminal, the second terminal, server, wherein:
First terminal, for the service request of reaching the standard grade to server initiation WLAN;
The second terminal, for initiating the request of WLAN Operational Visit to server;
Server, while for the WLAN receiving the first terminal initiation, reaching the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state, and when receiving the authentication request of the terminal iidentification that carries the second terminal, determine the business state information that described terminal iidentification is corresponding, when described business state information is the first state, be that the second terminal distribution is for accessing the IP address of wlan network.
In scheme provided by the invention, corresponding relation in certificate server between pre-save communication identifier, terminal iidentification and business state information, so that when terminal request is reached the standard grade, upgrading corresponding business state information according to the communication identifier carried in the service request of reaching the standard grade reaches the standard grade for waiting for, make AC when being authenticated for terminal, corresponding business state information can be inquired about according to terminal iidentification in certificate server, the terminal access wlan network that only allows terminal iidentification and corresponding business state information all to satisfy the demands; And, when exiting wlan network, the terminal that also only allows terminal iidentification to satisfy the demands is carried out off-line operation; Because the scheme of the embodiment of the present invention need to not installed client and not need and carried out terminal authentication by the PORTAL page in terminal, improve the versatility of system, reduce WEB authentication link; And, using business state information and terminal iidentification simultaneously as the parameters for authentication that accesses wlan network, the fail safe that has improved access procedure.
The accompanying drawing explanation
A kind of method flow diagram of opening and changing the WLAN business that Fig. 1 provides for the embodiment of the present invention one;
A kind of method flow diagram that accesses wlan network that Fig. 2 provides for the embodiment of the present invention two;
A kind of method flow diagram that exits wlan network that Fig. 3 provides for the embodiment of the present invention three;
The structural representation of a kind of WLAN Operational Visit system that Fig. 4 provides for the embodiment of the present invention four;
The structural representation of a kind of certificate server that Fig. 5 provides for the embodiment of the present invention five;
The structural representation of a kind of service server that Fig. 6 provides for the embodiment of the present invention six.
Embodiment
Below in conjunction with Figure of description, various embodiments of the present invention are described in detail.
Before terminal is used the WLAN business, need to open the WLAN business of terminal, sometimes also need the WLAN business that terminal has been opened to be changed, below by a pair of flow process of opening and change the WLAN business of terminal of embodiment, be elaborated.
Embodiment mono-,
As shown in Figure 1, for opening and change the method flow diagram of WLAN business, concrete steps are as follows:
The WLAN service fulfillment request that step 101, accounting server (BOSS) receiving terminal are submitted to, comprise communication identifier and terminal iidentification in the request of described WLAN service fulfillment.
When terminal asks to open the WLAN business or open the WLAN business for the other-end request for self, need to initiate registration to BOSS.In embodiments of the present invention, the communication identifier in the request of WLAN service fulfillment is the communication identifier of initiating the terminal of this request, if terminal is to ask to open the WLAN business for self, described terminal iidentification is the terminal iidentification of initiating the terminal of WLAN service fulfillment request; If terminal is to open the WLAN business for the other-end request, described terminal iidentification is the terminal iidentification of described other-end.
When terminal is opened the WLAN business for self or other-end request, the terminal iidentification that terminal is opened the WLAN service terminal by the communication identifier of self and actual request is submitted to BOSS.In order to facilitate subsequent descriptions, the terminal that to initiate the request of WLAN service fulfillment in the present embodiment is referred to as first terminal, the terminal of actual request being opened to the WLAN business is referred to as the second terminal, and first terminal and the second terminal can be same terminals, can be also two terminals.For example: first terminal and the second terminal are same mobile phone, or first terminal is mobile phone, and the second terminal is computer.
Described communication identifier in the request of WLAN service fulfillment can be the phone number of first terminal, and described terminal iidentification can be network interface card (MAC) address or central processing unit (CPU) sign of the second terminal.BOSS is registered the terminal iidentification and the communication identifier that receive, for subsequent charging.
In this step, the method for WLAN service fulfillment has multiple, and first terminal can be opened the WLAN business by short message mode, can also be to open the WLAN business by modes such as operator business hall or online business halls.
Step 102, BOSS send to certificate server by the communication identifier and the terminal iidentification that receive.
Step 103, certificate server are set up and are preserved described communication identifier, terminal iidentification and be the corresponding relation between the business state information of described WLAN traffic assignments.
Certificate server is receiving communication identifier and with it after corresponding terminal iidentification, for the WLAN traffic assignments space of asking is used for the preservation business state information corresponding with communication identifier and terminal iidentification, described business state information means that actual request opens the state that the second terminal of WLAN business is carried out the WLAN business, described state can comprise the first state, the second state, the third state and the 4th state, take the first state respectively in embodiments of the present invention as " wait is reached the standard grade ", the second state is " rolling off the production line ", the third state is that " reaching the standard grade " and the 4th state describe for example for " wait is rolled off the production line ".The initial condition of the second terminal is " rolling off the production line ", in the process of the second terminal request operation WLAN business, its state is " wait is reached the standard grade ", in the process of operation WLAN business, its state is " reaching the standard grade ", and in finishing the WLAN business procedure, its state is " wait is rolled off the production line ", after successfully finishing the WLAN business procedure, its state is for again getting back to " rolling off the production line ".
Can determine the current state of the WLAN business that the second terminal is carried out by the variation of business state information, thereby determine the current operation that can carry out of the second terminal.For example: if the state of the second terminal is " wait is reached the standard grade ",, after the operation of reaching the standard grade to the second terminal is complete, corresponding " reaching the standard grade " operation is carried out in operation.
Certificate server is preserved the corresponding relation between communication identifier, terminal iidentification and business state information, for follow-up authentication when the second terminal is used to the WLAN business, so far, has completed the flow process of opening to terminal WLAN business.
It should be noted that, when the WLAN service fulfillment, if first terminal and the second terminal are not same terminals, in corresponding relation between communication identifier, terminal iidentification and business state information that certificate server is set up, it can be the corresponding relation between a plurality of communication identifiers and a terminal iidentification and a service condition identify, in the case, the terminal that each communication identifier is corresponding can be reached the standard grade and lower line service for terminal request WLAN corresponding to described terminal iidentification.Perhaps, can be the corresponding relation between a communication identifier and a plurality of terminal iidentification and a service condition identify, in the case, can only carry out the WLAN business by a terminal corresponding to terminal iidentification simultaneously.
After the WLAN service fulfillment, for this WLAN business, in the time the communication identifier stored in BOSS and terminal iidentification need to being upgraded, after step 103, also further comprise:
Step 104, BOSS receive communication identifier and terminal iidentification after changing, and communication identifier and terminal iidentification after changing are synchronized to certificate server.
Described communication identifier and terminal iidentification after changing comprises following two kinds of situations:
1, communication identifier after changing and the not terminal iidentification of change;
2, terminal iidentification after changing and the not communication identifier of change.
BOSS is after the communication identifier and terminal iidentification that receive after changing, and the communication identifier that renewal has been preserved and the corresponding relation of terminal iidentification also comprise following two kinds of update modes:
1, BOSS, from the corresponding relation of the communication identifier preserved and terminal iidentification, finds out the described not communication identifier corresponding to terminal iidentification of change, and the communication identifier will described communication identifier replacement after changing found out;
2, BOSS, from the corresponding relation of the communication identifier preserved and terminal iidentification, finds out the described not terminal iidentification corresponding to communication identifier of change, and the terminal iidentification will described terminal iidentification replacement after changing found out.
Step 105, certificate server receive and upgrade the communication identifier preserved and the corresponding relation of terminal iidentification.
Certificate server, after the communication identifier and terminal iidentification that receive after changing, also upgrades the corresponding relation between communication identifier, terminal iidentification and business state information according to the mode identical with BOSS.
By step 104 and step 105, completed opening the change of WLAN business.
In the embodiment of the present invention two and embodiment tri-, still take the first state as " wait is reached the standard grade ", the second state as " rolling off the production line ", the third state describes as " wait is rolled off the production line " as example as " reaching the standard grade " and the 4th state.
Embodiment bis-,
Complete the WLAN business open and after changing, in the use procedure of WLAN business, the embodiment of the present invention two provides a kind of method that accesses wlan network, to improve the fail safe of verification process, prevent that the disabled user from using the WLAN business.
In the present embodiment, suppose after opening and change the WLAN business, the business state information that this WLAN service fulfillment recorded in certificate server is corresponding is " rolling off the production line ".
As shown in Figure 2, be a kind of method flow diagram that accesses wlan network that the embodiment of the present invention provides, concrete steps are as follows:
Step 201, first terminal send to certificate server the service request of reaching the standard grade.
When the second terminal need to access wlan network, by the service fulfillment process, with the first terminal of the second terminal binding, to certificate server, initiating to reach the standard grade service request, trigger the second terminal access wlan network process.The described service request of reaching the standard grade can be, but not limited to submit to certificate server by mobile phone short messages.
If first terminal sends by the mode of SMS the service request of reaching the standard grade, certificate server can extract the communication identifier of first terminal from SMS, if first terminal sends by other signaling methods the service request of reaching the standard grade, extract the communication identifier of first terminal in the information that certificate server carries from signaling.
In certificate server, preserve be the corresponding relation between a plurality of communication identifiers and terminal iidentification and service condition sign the time, the first terminal that arbitrary communication identifier is corresponding can initiate to reach the standard grade service request for the second terminal corresponding to this terminal iidentification; In certificate server, preserve be the corresponding relation between a communication identifier and a plurality of terminal iidentification and service condition sign the time, the first terminal that communication identifier is corresponding can initiate to reach the standard grade service request for the second terminal corresponding to arbitrary terminal iidentification.
Step 202, certificate server are updated to reach the standard grade in service request business state information corresponding to communication identifier that carry of WLAN to wait for and reaching the standard grade.
Certificate server is determined the communication identifier carried in the service request of reaching the standard grade of the first terminal transmission received, corresponding relation according to the communication identifier of having preserved, terminal iidentification and business state information, business state information corresponding to communication identifier carried in the service request of reaching the standard grade is updated to " wait is reached the standard grade ", by the mode of note or other signalings, will upgrades business state information event notice first terminal.
If first terminal and the second terminal are same terminals, after first terminal receives and upgrades the business state information event, can carry out subsequent step; If first terminal and the second terminal are not same terminals, first terminal is carried out subsequent step by renewal business state information event notice the second terminal received, or will upgrade the business state information event and show to the user, trigger the second terminal by the user and carry out subsequent step.
Preferably, in order to prevent from sending the uneasy congruent factor of the account of not bringing into use the WLAN business to cause for a long time after the request of reaching the standard grade of WLAN business, certificate server can be when being updated to " wait is reached the standard grade " by business state information, start timer 1, if in the duration 1 of setting, business state information does not upgrade again, the state of terminal is set to " rolling off the production line ", as, if in 10 minutes, business state information remains at " wait is reached the standard grade ", business state information is updated to " rolling off the production line ", thereby further strengthens the fail safe of authentication.
Step 203, the second terminal are submitted the request of WLAN Operational Visit to service server (AC).
The second terminal, after definite certificate server business state information has upgraded, is submitted the request of WLAN Operational Visit to AC, and request is by wlan network access destination network.
Step 204, AC determine the terminal iidentification carried in the request of WLAN Operational Visit, and send the authentication request of carried terminal sign to certificate server.
AC is when the WLAN Operational Visit request that receives the second terminal, determine the terminal iidentification of second terminal of carrying in the request of WLAN Operational Visit, and the terminal iidentification of described the second terminal of determining is submitted to certificate server by authentication request, the second terminal that the request authentication server means described terminal iidentification is authenticated.
Step 205, certificate server return to AC by business state information corresponding to terminal iidentification received.
Certificate server, according to the corresponding relation of communication identifier, terminal iidentification and the business state information preserved, is determined business state information corresponding to terminal iidentification received.
When step 206, AC are " wait is reached the standard grade " at the business state information received, it is described the second terminal distribution IP address.
In this step, only have the terminal iidentification of the second terminal to be kept at certificate server, and when its corresponding business state information is " wait is reached the standard grade ", just by the authentication of the second terminal that described terminal iidentification is meaned, preserved by terminal iidentification respectively and business state information is set to " wait is reached the standard grade " the second terminal of request access wlan network is carried out to two-layer authentication, improved the fail safe of authentication.
When being the second terminal distribution IP, AC can also add the terminal iidentification of described the second terminal in white list to, automatically jump to the PORTAL certification page while preventing the IP address access network of described the second terminal by distributing, saved joining procedure, improved access efficiency.
Step 207, AC send to certificate server the response message of reaching the standard grade.
AC is after being described the second terminal distribution IP address, and the second terminal successfully accesses wlan network according to the IP address of distributing, and now, AC can send the response message of reaching the standard grade to certificate server, and current the second terminal of notification authentication server has accessed wlan network.
Step 208, the described business state information of certificate server are set to " reaching the standard grade ".
This step is a preferred steps, certificate server is reaching the standard grade during response message of receiving that AC sends, confirm access network of described the second terminal, the state of described the second terminal is set to " reaching the standard grade ", thereby business state information is upgraded in time, be convenient to other follow-up associative operations.
Certificate server in the embodiment of the present invention two and service server can be two equipment independently, also can be integrated in an equipment.Above-described embodiment two be take certificate server and service server as two independently equipment describe as example, if certificate server and service server are integrated into a server, this server can be realized certificate server in embodiment bis-and the function of business device, and the certificate server related in embodiment bis-and the information interaction between service server will become the server internal information transmission after integrated.
Embodiment tri-,
After utilizing the method access wlan network of the embodiment of the present invention two, the embodiment of the present invention three also provides a kind of method that exits wlan network, be illustrated in figure 3 a kind of method flow diagram that exits wlan network that the embodiment of the present invention three provides, certificate server and service server can be also two independently equipment in the present embodiment, can be also to be integrated into an equipment.Similar with embodiment bis-, if certificate server and service server are integrated into a server, this server can be realized certificate server in embodiment following examples three and the function of business device, and the certificate server related in embodiment tri-and the information interaction between service server will become the server internal information transmission after integrated.
The embodiment of the present invention three take certificate server and service server as two independently equipment describe as example, concrete steps are as follows:
Step 301, first terminal send to certificate server the service request that rolls off the production line.
When the second terminal need to finish the WLAN business, by the service fulfillment process, with the first terminal of the second terminal binding, to certificate server, initiating to roll off the production line service request, trigger the second terminal and exit the wlan network process.Described request can be, but not limited to submit to certificate server by short message mode.
If first terminal sends by the mode of SMS the service request that rolls off the production line, certificate server can extract the communication identifier of first terminal from SMS, if first terminal sends by other signaling methods the service request that rolls off the production line, extract the communication identifier of first terminal in the information that certificate server carries from signaling.
With upper line process similarly, in certificate server, preserve be the corresponding relation between a plurality of communication identifiers and terminal iidentification and service condition sign the time, the first terminal that arbitrary communication identifier is corresponding can initiate to roll off the production line service request for the second terminal corresponding to this terminal iidentification; In certificate server, preserve be the corresponding relation between a communication identifier and a plurality of terminal iidentification and service condition sign the time, the first terminal that communication identifier is corresponding can initiate to roll off the production line service request for the second terminal corresponding to arbitrary terminal iidentification.
Preferably, certificate server can, when definite the second terminal need to exit wlan network, be updated to " wait is rolled off the production line " by the state of described the second terminal.
Step 302, certificate server are determined terminal iidentification corresponding to communication identifier that WLAN rolls off the production line in service request and carries.
Step 303, certificate server send to AC by definite terminal iidentification, and indication AC is released to the IP address of the second terminal distribution that the terminal iidentification that receives is corresponding.
After step 304, AC are released to the IP address of described the second terminal distribution, to certificate server, send the response message that rolls off the production line.
When AC receives withdrawal that certificate server sends and distributes to the indication of IP address of described the second terminal, confirm that described the second terminal need to disconnect network and connect, be released to the IP address of described the second terminal distribution, and sending to certificate server the response message that rolls off the production line, the wlan network that notice has disconnected described the second terminal connects.
Preferably, AC can, after the IP address of described the second terminal is distributed in release, delete the terminal iidentification of described the second terminal from white list.
Step 305, certificate server are revised as business state information " rolling off the production line ".
This step is a preferred steps, and certificate server, rolling off the production line during response message of receiving that AC sends, confirms that the network that has disconnected described the second terminal connects, and the business state information that the terminal iidentification of described the second terminal is corresponding is updated to " rolling off the production line ".
Embodiment tetra-,
As shown in Figure 4, the structural representation of a kind of WLAN Operational Visit system provided for the embodiment of the present invention four, described system comprises first terminal 11, the second terminal 12 and server 13, wherein, first terminal and the second terminal refer to same terminal or two terminals:
First terminal 11 is for the service request of reaching the standard grade to server initiation WLAN; The second terminal 12 is for initiating the request of WLAN Operational Visit to server; When server 13 is reached the standard grade service request for the WLAN receiving the first terminal initiation, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state, and when receiving the authentication request of the terminal iidentification that carries the second terminal, determine the business state information that described terminal iidentification is corresponding, when described business state information is the first state, be that the second terminal distribution is for accessing the IP address of wlan network.
Described system also comprises:
Communication identifier and terminal iidentification that accounting server 15 carries for definite WLAN service fulfillment request received, and communication identifier and the terminal iidentification determined are sent to certificate server.
The communication identifier after changing that described accounting server 15 also carries for definite information-change request received and the terminal iidentification do not changed, or terminal iidentification after changing and the communication identifier of change not, and terminal iidentification and the communication identifier determined are sent to certificate server.
Described first terminal 11 is also for the service request that rolls off the production line to server initiation WLAN.
When described server 13 also rolls off the production line service request for the WLAN receiving the first terminal initiation, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries, be released to the IP address of the second terminal distribution that definite described terminal iidentification is corresponding.
Described server 13 can further include certificate server 131 and service server 132, wherein:
When described certificate server 131 is reached the standard grade service request for the WLAN receiving the first terminal initiation, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state, when receiving the authentication request of AC transmission, the business state information that described terminal iidentification is corresponding sends to AC, and, when the WLAN that receives the first terminal initiation rolls off the production line service request, definite terminal iidentification is sent to AC.
When described service server 132 is the first state for the described business state information receiving, be that the second terminal distribution is for accessing the IP address of wlan network, and, when receiving the terminal iidentification of certificate server transmission, be released to the IP address of the second terminal distribution that this terminal iidentification is corresponding.
Described certificate server 131 also when not receiving the authentication request of AC transmission in the setting duration after upgrading business state information, is updated to the 4th state by business state information by the first state.
Described certificate server 131 also, for being after the second terminal distribution IP address at AC, according to after described IP address access wlan network, is updated to second state by described business state information in the second terminal.
When described certificate server 131 also rolls off the production line service request for the WLAN receiving the first terminal initiation, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries, definite terminal iidentification is sent to AC.
Described certificate server 131 also rolls off the production line after service request for receiving WLAN, and before terminal iidentification is sent to AC, and described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the third state.
After described certificate server 131 also is released to the IP address of the second terminal distribution that the terminal iidentification that receives is corresponding for AC, described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the 4th state.
Described service server 132 also confirms to be described the second terminal distribution IP address for send the response message of reaching the standard grade to certificate server.
Described service server 132 is also for being released to the IP address of the second terminal distribution that the terminal iidentification that receives is corresponding.
Described service server 132 also confirms to be released to the IP address of the second terminal distribution that the terminal iidentification that receives is corresponding for send the response message that rolls off the production line to certificate server.
Certificate server 131 in the embodiment of the present invention four and the function of service server 132 can be carried out by server 13.
Embodiment five,
As shown in Figure 5, the structural representation of a kind of certificate server provided for the embodiment of the present invention five, described certificate server comprises information storage module 21, the first message response module 22 and the second message response module 23, wherein, first terminal and the second terminal refer to same terminal or two terminals:
Information storage module 21 is for the corresponding relation between storing communication sign, terminal iidentification and business state information and three; When the first message response module 22 is reached the standard grade service request for the WLAN receiving the first terminal initiation, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save in information storage module, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state; The second message response module 23, for when receiving authentication request, when the business state information that the terminal iidentification that indicating services server A C carries in described authentication request is corresponding is the first state, is that the second terminal distribution is for accessing the IP address of wlan network.
Described certificate server also comprises:
The 3rd message response module 24 is for when receiving WLAN the 4th state service request of first terminal initiation, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save in information storage module, determine terminal iidentification corresponding to communication identifier carried in described WLAN the 4th state service request, indication AC is released to the IP address of the second terminal distribution that definite terminal iidentification is corresponding.
Communication identifier and terminal iidentification that described information storage module 21 sends specifically for receiving BOSS, set up and preserve described communication identifier, terminal iidentification and be the corresponding relation between the business state information of described WLAN traffic assignments, described communication identifier and terminal iidentification are to carry in the WLAN service fulfillment request that receives of BOSS.
Described information storage module 21 is specifically for the communication identifier after changing that receives the BOSS transmission and the terminal iidentification do not changed, from the corresponding relation of the communication identifier preserved and terminal iidentification, find out the described not communication identifier corresponding to terminal iidentification of change, and described communication identifier is after changing replaced to the communication identifier found out, the terminal iidentification of described communication identifier after changing and not change is to carry in the information-change request that receives of BOSS, perhaps receive the terminal iidentification after changing of BOSS transmission and the communication identifier do not changed, from the corresponding relation of the communication identifier preserved and terminal iidentification, find out the described not terminal iidentification corresponding to communication identifier of change, and described terminal iidentification is after changing replaced to the terminal iidentification found out, the communication identifier of described terminal iidentification after changing and not change is to carry in the information-change request that receives of BOSS.
Described the first message response module 22 also when not receiving the authentication request of AC transmission in the setting duration after upgrading business state information, is updated to the 4th state by business state information by the first state.
Described the second message response module 23 also, for being after the second terminal distribution IP address at AC, according to after described IP address access wlan network, is updated to second state by described business state information in the second terminal.
Described the 3rd message response module 24 also rolls off the production line after service request for receiving WLAN, and before terminal iidentification is sent to AC, and described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the third state.
After described the 3rd message response module 24 also is released to the IP address of the second terminal distribution that the terminal iidentification that receives is corresponding for AC, described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the 4th state.
Embodiment six,
The embodiment of the present invention six provides a kind of service server, and the structural representation of described service server as shown in Figure 6, comprises sending module 31, receiver module 32 and operational module 33, wherein:
Sending module 31 is for sending the authentication request of carried terminal sign; Receiver module 32 is for receiving the business state information that described terminal iidentification is corresponding; When operational module 33 is the first state for the business state information receiving, for terminal distribution corresponding to described terminal iidentification for accessing the IP address of wlan network.
Described operational module 33 is also for when receiver module receives terminal iidentification, is released to the IP address of the terminal distribution that the terminal iidentification that receives is corresponding.
Server in embodiment tetra-can be considered as the integrated of certificate server in embodiment five and the service server in embodiment six, and this server can comprise certificate server and the modules in the service server in embodiment six in embodiment five and realize the function of each module; Equally, the certificate server in embodiment five can have the function that the certificate server in embodiment tetra-has, and the service server in embodiment six can have the function that the service server in embodiment tetra-has.
Except the technical problem that can solve the present invention's proposition, in embodiments of the present invention, can preserve the corresponding relation of a communication identifier and a plurality of terminal iidentification and a business state information in certificate server, can realize that a plurality of terminals share a WLAN account, facilitate the user to use the WLAN business on different terminals; Also can preserve the corresponding relation of a plurality of communication identifiers and a terminal iidentification and a business state information, for the user provides multiple control modes, the user can pass through any one approach control terminal visited WLAN network.
In embodiments of the present invention, owing to not needing to input user name, the WLAN accounts informations such as password, when terminal does not have input interface, still can be authenticated terminal, and the business state information in the certificate server that can upgrade in time according to the state of WLAN business in terminal, so that the operation of being correlated with, simultaneously, while not receiving the authentication request of AC transmission in the setting duration after certificate server upgrades business state information, certificate server is reached the standard grade business state information to be updated to rolling off the production line of the 4th state by the wait of the first state, prevent from waiting as long in the process that receives authentication request, cause the leakage of WLAN accounts information, further strengthened the fail safe of authentication.
Obviously, those skilled in the art can carry out various changes and modification and not break away from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention also is intended to comprise these changes and modification interior.

Claims (20)

1. the method for an accessing WLAN WLAN, is characterized in that, the method comprises:
When the WLAN that receives the first terminal initiation reaches the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state;
When receiving the authentication request of the terminal iidentification that carries the second terminal, determine the business state information that described terminal iidentification is corresponding, when described business state information is the first state, be that the second terminal distribution is for accessing the IP address of wlan network.
2. the method for claim 1, is characterized in that, reaches the standard grade before service request receiving WLAN, and described method also comprises:
Receive communication identifier and terminal iidentification that accounting server BOSS sends, described communication identifier and terminal iidentification are to carry in the WLAN service fulfillment request that receives of BOSS;
Set up and preserve described communication identifier, terminal iidentification and be the corresponding relation between the business state information of described WLAN traffic assignments.
3. method as claimed in claim 2, is characterized in that, after preserving the corresponding relation between communication identifier, terminal iidentification and business state information, and receives WLAN and reach the standard grade before service request, and described method also comprises:
Receive communication identifier after changing that BOSS sends and the terminal iidentification of change not, described communication identifier after changing and the terminal iidentification do not changed are to carry in the information-change request that receives of BOSS;
From the corresponding relation of the communication identifier preserved and terminal iidentification, find out the described not communication identifier corresponding to terminal iidentification of change, and the communication identifier will described communication identifier replacement after changing found out;
Perhaps
Receive terminal iidentification after changing that BOSS sends and the communication identifier of change not, described terminal iidentification after changing and the communication identifier do not changed are to carry in the information-change request that receives of BOSS;
From the corresponding relation of the communication identifier preserved and terminal iidentification, find out the described not terminal iidentification corresponding to communication identifier of change, and the terminal iidentification will described terminal iidentification replacement after changing found out.
4. the method for claim 1, is characterized in that, if business state information is updated in the first state setting duration afterwards and does not receive authentication request, described business state information is updated to the second state by the first state.
5. the method for claim 1, is characterized in that, is that after the second terminal distribution IP address, described method also comprises:
According to after described IP address access wlan network, described business state information is updated to the third state in the second terminal.
6. described method as arbitrary as claim 1~5, is characterized in that,
Described communication identifier is the phone number of first terminal, and described terminal iidentification is MAC Address of Network Card or the central processor CPU sign of the second terminal.
7. described method as arbitrary as claim 1~5, is characterized in that, described first terminal and the second terminal refer to same terminal or two terminals.
8. after the method accessing WLAN WLAN that a kind is utilized accessing WLAN WLAN claimed in claim 1, the method for WLAN withdraw WLAN, is characterized in that, described method comprises:
When receiving WLAN that first terminal initiates and rolling off the production line service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries;
Be released to the IP address of the second terminal distribution that definite described terminal iidentification is corresponding.
9. method as claimed in claim 8, is characterized in that, receive WLAN and roll off the production line after service request, and, before releasing IP addresses, described method also comprises:
Described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the 4th state.
10. method as claimed in claim 9, is characterized in that, after releasing IP addresses, described method also comprises:
Described WLAN business state information corresponding to communication identifier carried that roll off the production line in service request is updated to the second state.
11. described method as arbitrary as claim 8~10, is characterized in that, described first terminal and the second terminal refer to same terminal or two terminals.
12. a certificate server, is characterized in that, described certificate server comprises:
Information storage module, for the corresponding relation between storing communication sign, terminal iidentification and business state information and three;
The first message response module, while for the WLAN receiving the first terminal initiation, reaching the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save in information storage module, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state;
The second message response module, for when receiving authentication request, when the business state information that the terminal iidentification that indicating services server A C carries in described authentication request is corresponding is the first state, is that the second terminal distribution is for accessing the IP address of wlan network.
13. certificate server as claimed in claim 12, is characterized in that,
Described information storage module, the communication identifier and the terminal iidentification that specifically for receiving accounting server BOSS, send, set up and preserve described communication identifier, terminal iidentification and be the corresponding relation between the business state information of described WLAN traffic assignments, described communication identifier and terminal iidentification are to carry in the WLAN service fulfillment request that receives of BOSS.
14. certificate server as claimed in claim 12, is characterized in that, described certificate server also comprises:
The 3rd message response module, while for the WLAN receiving the first terminal initiation, rolling off the production line service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save in information storage module, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries, indication AC is released to the IP address of the second terminal distribution that definite terminal iidentification is corresponding.
15. described certificate server as arbitrary as claim 12~14, is characterized in that,
Described first terminal and the second terminal refer to same terminal or two terminals.
16. a WLAN Operational Visit system is characterized in that described system comprises first terminal, the second terminal, server, wherein:
First terminal, for the service request of reaching the standard grade to server initiation WLAN;
The second terminal, for initiating the request of WLAN Operational Visit to server;
Server, while for the WLAN receiving the first terminal initiation, reaching the standard grade service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state, and when receiving the authentication request of the terminal iidentification that carries the second terminal, determine the business state information that described terminal iidentification is corresponding, when described business state information is the first state, be that the second terminal distribution is for accessing the IP address of wlan network.
17. system as claimed in claim 16, is characterized in that,
Described first terminal, also for the service request that rolls off the production line to server initiation WLAN;
Described server, while also for the WLAN receiving the first terminal initiation, rolling off the production line service request, according to the corresponding relation between communication identifier, terminal iidentification and the business state information three of pre-save, determine terminal iidentification corresponding to communication identifier that described WLAN rolls off the production line in service request and carries, be released to the IP address of the second terminal distribution that definite described terminal iidentification is corresponding.
18. system as claimed in claim 17, is characterized in that, described server comprises certificate server and service server AC, wherein:
Certificate server, while for the WLAN receiving the first terminal initiation, reaching the standard grade service request, described WLAN business state information corresponding to communication identifier carried of reaching the standard grade in service request is updated to the first state, when receiving the authentication request of AC transmission, the business state information that described terminal iidentification is corresponding sends to AC, and, when the WLAN that receives the first terminal initiation rolls off the production line service request, definite terminal iidentification is sent to AC;
Described AC, for when the described business state information received is the first state, be the second terminal distribution for accessing the IP address of wlan network, and, when receiving the terminal iidentification of certificate server transmission, be released to the IP address of the second terminal distribution that this terminal iidentification is corresponding.
19. system as claimed in claim 18, is characterized in that, described system also comprises:
Accounting server BOSS, the communication identifier and the terminal iidentification that for definite WLAN service fulfillment request received, carry, and communication identifier and the terminal iidentification determined are sent to certificate server;
Described certificate server, the communication identifier and the terminal iidentification that also for receiving BOSS, send, set up and preserve described communication identifier, terminal iidentification and be the corresponding relation between the business state information of described WLAN traffic assignments.
20. described system as arbitrary as claim 16~19, is characterized in that, described first terminal and the second terminal refer to same terminal or two terminals.
CN201010282525.0A 2010-09-14 2010-09-14 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN) Active CN102404738B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010282525.0A CN102404738B (en) 2010-09-14 2010-09-14 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010282525.0A CN102404738B (en) 2010-09-14 2010-09-14 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)

Publications (2)

Publication Number Publication Date
CN102404738A CN102404738A (en) 2012-04-04
CN102404738B true CN102404738B (en) 2014-01-08

Family

ID=45886419

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010282525.0A Active CN102404738B (en) 2010-09-14 2010-09-14 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)

Country Status (1)

Country Link
CN (1) CN102404738B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103249115B (en) * 2013-05-07 2015-12-02 中国联合网络通信集团有限公司 Tactics configuring method and device
CN103501495A (en) * 2013-10-16 2014-01-08 苏州汉明科技有限公司 Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication
CN108337677B (en) * 2017-01-19 2020-10-09 阿里巴巴集团控股有限公司 Network authentication method and device
CN110149669B (en) 2018-02-13 2022-02-11 华为技术有限公司 Method for controlling terminal to use wireless network and related equipment
CN112954694B (en) * 2019-11-26 2023-05-05 上海华为技术有限公司 Subscription information processing method, device and equipment
CN115277827A (en) * 2022-07-26 2022-11-01 中国电信股份有限公司 Cloud resource configuration method, system, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487705A (en) * 2002-09-30 2004-04-07 ��Ϊ�������޹�˾ Active user's off-line processing method while intercommunicating radio LAN and mobile communication system
CN1691653A (en) * 2004-04-16 2005-11-02 美国博通公司 Method and system for providing registration, authentication and access via broadband access gateway
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
EP1871128B1 (en) * 2006-06-20 2008-10-22 Alcatel Lucent A method for a handover procedure of a mobile terminal, a base station and a network therefor
CN101416548A (en) * 2006-04-20 2009-04-22 高通股份有限公司 Wireless handoffs between multiple networks
CN101547444A (en) * 2009-03-11 2009-09-30 西安西电捷通无线网络通信有限公司 Method for providing special access process to different terminals in WLAN

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487705A (en) * 2002-09-30 2004-04-07 ��Ϊ�������޹�˾ Active user's off-line processing method while intercommunicating radio LAN and mobile communication system
CN1691653A (en) * 2004-04-16 2005-11-02 美国博通公司 Method and system for providing registration, authentication and access via broadband access gateway
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN101416548A (en) * 2006-04-20 2009-04-22 高通股份有限公司 Wireless handoffs between multiple networks
EP1871128B1 (en) * 2006-06-20 2008-10-22 Alcatel Lucent A method for a handover procedure of a mobile terminal, a base station and a network therefor
CN101547444A (en) * 2009-03-11 2009-09-30 西安西电捷通无线网络通信有限公司 Method for providing special access process to different terminals in WLAN

Also Published As

Publication number Publication date
CN102404738A (en) 2012-04-04

Similar Documents

Publication Publication Date Title
CN102404738B (en) Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)
CN107623908B (en) Card issuing method and user identification module card
CN105916134A (en) METHOD AND APPARATUS FOR SELECTING BOOTSTRAP Esims
CN103945330B (en) Virtual private cloud platform, virtual private cloud safety access method and system
CN104157029A (en) Access control system, mobile terminal based control method thereof and mobile terminal
CN110784836A (en) System and method for realizing broadband communication of personal mobile terminal on airplane
RU2601834C2 (en) Method of application distribution, terminal and server
CN109565639A (en) The activity-triggered of portable wireless network is supplied
CN106211131A (en) The management method of virtual SIM card, managing device, server and terminal
CN108040329A (en) The loading of eSIM modules and its subscription data and its management method
KR101316686B1 (en) Card terminal, method for offline payment used card terminal
JP2019036091A (en) Vehicle security system and vehicle security method
CN106899972B (en) Vehicle registration method, vehicle charging method, device and system
CN102907067A (en) Cloud platform business delivery method and cloud platform
CN107769978A (en) Management method, system, router and the server that a kind of terminal device networks
CN106856585A (en) Set up the method and device of short-distance wireless passage
CN106211129B (en) A kind of method, system and platform for opening card in the air
US20230244800A1 (en) Method and system for securely providing vehicle services data to a vehicle
CN105392137A (en) Household WIFI embezzlement preventing method, wireless router and terminal equipment
CN108306882A (en) A kind of method and the network equipment of terminal access business
CN105592443A (en) Over-the-air-technology-based display updating method and system for terminal title, and equipment
CN101835138A (en) Provisioning system, relative device and charging system of data card service
CN105634771A (en) User side device and network side device in communication system, and wireless communication method
CN111050323B (en) Terminal switching method, device and system
CN106657067A (en) Smart secret key control system of mobile security network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant