CN102843682B - Access point authorizing method, device and system - Google Patents

Access point authorizing method, device and system Download PDF

Info

Publication number
CN102843682B
CN102843682B CN201210298090.8A CN201210298090A CN102843682B CN 102843682 B CN102843682 B CN 102843682B CN 201210298090 A CN201210298090 A CN 201210298090A CN 102843682 B CN102843682 B CN 102843682B
Authority
CN
China
Prior art keywords
mac address
user terminal
ssid
certification
access point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210298090.8A
Other languages
Chinese (zh)
Other versions
CN102843682A (en
Inventor
陈蛟
安岗
高一维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201210298090.8A priority Critical patent/CN102843682B/en
Publication of CN102843682A publication Critical patent/CN102843682A/en
Application granted granted Critical
Publication of CN102843682B publication Critical patent/CN102843682B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an access point authorizing method, device and system. The access point authorizing method comprises the following steps of: receiving an authorization request message sent by a communication service platform, wherein the authorization request message comprises an SSID (Service Set Identifier) and an MAC (Media Access Control) address of an access point (AP) to be accessed of a user terminal; determining whether the MAC address of the AP is a legal MAC address resource corresponding to the SSID; if yes, returning an authorization passing response message to the communication service platform to ensure that the communication service platform sends the authorization passing response message to the user terminal. According to the invention, the user terminal authorizes an authorization request of legality of the AP to be accessed, which is initiated by the communication service platform, and an authorization passing result is returned to the user terminal through the communication service platform, therefore the guarantee is provided for accessing the safety AP to the user terminal.

Description

Access point authentication method, Apparatus and system
Technical field
The present invention relates to the communication technology, particularly relate to a kind of access point authentication method, Apparatus and system.
Background technology
WLAN (Wireless Local Area Networks is called for short WLAN) is the important technology of wireless broadband Internet access, and current multiple operator both provides the business service of WLAN.Along with operator is to the promotion of WLAN business, WLAN access point (the AccessPoint at increasing regional deployment, be called for short AP), the service set (Service SetIdentifier is called for short SSID) its operator provided by the AP in this region carries out open broadcast, after user terminal finds this SSID, if confirm this SSID of access, then associate with the AP of this SSID, namely user terminal is linked on this AP, can carry out the network application business of being correlated with.
But user terminal does not have verifiability for the SSID of AP, therefore, if own WLAN AP is arranged to the same or analogous SSID name with operator by lawless person, as " ChinaUnicom ", " CMCC " etc., and user terminal judges by means of only SSID and accesses wlan network, be then easy to be induced and be linked in the AP of camouflage, therefore, the fail safe of user terminal is difficult to ensure, may be under attack and cause the paralysis of loss of data or terminal system.
Summary of the invention
The object of the present invention is to provide a kind of access point authentication method, Apparatus and system, to solve problems of the prior art.
First aspect of the present invention is to provide a kind of access point authentication method, comprising:
The authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
Whether the MAC Address determining described AP is the legal MAC Address resource corresponding with described SSID;
If legal, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message.
Second aspect of the present invention is to provide a kind of access point authentication method, comprising:
Receive the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of described user terminal access point AP to be accessed;
Described authentication request message is sent to the carrier server corresponding with described SSID;
If certification is passed through, then receive the certification that described carrier server returns and pass through response message;
Described certification is sent to described user terminal by response message.
3rd aspect of the present invention is to provide a kind of access point authentication method, comprising:
Send authentication request message to communication service platform, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
If certification is passed through, then receive the certification that described communication service platform returns and pass through response message.
4th aspect of the present invention is to provide a kind of access point authentication device, comprising:
First receiver module, for the authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
First determination module, for determining whether the MAC Address of described AP is the legal MAC Address resource corresponding with described SSID;
First sending module, if determine that the MAC Address of described AP is legal for described first determination module, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message.
5th aspect of the present invention is to provide a kind of communication service platform, comprising:
3rd receiver module, for receiving the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of described user terminal access point AP to be accessed;
Second sending module, for sending described authentication request message to the carrier server corresponding with described SSID;
4th receiver module, response message is passed through in the certification returned for receiving described carrier server;
3rd sending module, for sending to described user terminal by described certification by response message.
6th aspect of the present invention is to provide a kind of user terminal, comprising:
4th sending module, for sending authentication request message to communication service platform, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
5th receiver module, response message is passed through in the certification returned for receiving described communication service platform.
7th aspect of the present invention is to provide a kind of access point authentication system, comprises above-mentioned access point authentication device, above-mentioned communication service platform and above-mentioned user terminal.
The beneficial effect of employing the invention described above technical scheme is: the access point authentication device in the present embodiment can receive the authentication request message of the legitimacy of the SSID to AP to be accessed that user terminal is initiated by communication service platform, the MAC Address corresponding to the SSID of AP to be accessed in authentication request message and described SSID according to the MAC Address that SSID and described SSID in the AP resources bank that operator presets is corresponding is verified, thus determine the legitimacy of the SSID of user terminal AP to be accessed, and result certification passed through is back to user terminal by communication service platform, thus provide foundation for the AP of user terminal access security.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of access point authentication embodiment of the method one of the present invention;
Fig. 2 is the flow chart of access point authentication embodiment of the method two of the present invention;
Fig. 3 is the flow chart of access point authentication embodiment of the method three of the present invention;
Fig. 4 is the flow chart of access point authentication embodiment of the method four of the present invention;
Fig. 5 is the structural representation of access point authentication device embodiment one of the present invention;
Fig. 6 is the structural representation of access point authentication device embodiment two of the present invention;
Fig. 7 is the structural representation of communication service platform of the present invention;
Fig. 8 is the structural representation of user terminal embodiment one of the present invention;
Fig. 9 is the structural representation of user terminal embodiment two of the present invention;
Figure 10 is the structural representation of access point authentication system of the present invention.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Because the WLAN access way of each operator is similar, broadcasted by the AP in a certain region, its broadcasted content generally includes the MAC Address of SSID and AP of this region AP, user terminal finds the SSID of broadcast and after user confirms to associate the AP of certain SSID, can apply the to be accessed AP of technical scheme of the present invention to association and carry out certification.
Fig. 1 is the flow chart of access point authentication embodiment of the method one of the present invention, and as shown in Figure 1, described access point authentication method can comprise the steps:
Step 101, the authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
It should be noted that, the executive agent of the present embodiment can be access point authentication device, and it can be deployed in carrier server end, also can dispose separately and be communicated with access point by Networks and Communications business platform.Be deployed as separately example with described access point authentication device to be below described, in the present embodiment, described communication service platform can be any one in short message service platform, MMS platform and electronic mail service platform.
After user terminal finds the SSID of AP broadcast and user confirms to associate the AP of certain SSID, namely authentication request message to AP to be accessed is sent by communication service platform to described access point authentication device, described authentication request message is used for verifying the SSID of AP to be accessed, particularly, described authentication request message comprises SSID and the MAC Address of user terminal AP broadcast to be accessed.
Step 102, determines whether the MAC Address of described AP is the legal MAC Address resource corresponding with described SSID;
After access point authentication device receives the above-mentioned authentication request message that communication service platform sends, determine whether the MAC Address of described AP is the legal MAC Address resource corresponding with the MAC Address of described SSID according to the SSID of user terminal described in authentication request message AP to be accessed and MAC Address.Such as, if access point authentication device inquires the SSID of the AP to be accessed of user terminal in authentication request message and the MAC Address corresponding with described SSID in the AP resources bank preset, then can determine that the MAC Address of the AP that user terminal is to be accessed is the legal MAC Address resource corresponding with described SSID, namely the SSID of AP to be accessed is legal; Otherwise can determine that the MAC Address of the AP that user terminal is to be accessed is not legal MAC Address resource, namely the SSID of AP to be accessed is illegal.
Step 103, if legal, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message.
When the MAC Address of access point authentication device determination user terminal AP to be accessed is corresponding with described SSID legal MAC Address resource, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message.
In the present embodiment, access point authentication device can receive the authentication request message of the legitimacy of the SSID to AP to be accessed that user terminal is initiated by communication service platform, the MAC Address corresponding to the SSID of AP to be accessed in authentication request message and described SSID according to the MAC Address that SSID and described SSID in the AP resources bank that operator presets is corresponding is verified, thus determine the legitimacy of the SSID of user terminal AP to be accessed, and result certification passed through is back to user terminal by communication service platform, thus provide foundation for the AP of user terminal access security.
Further, when the MAC Address of access point authentication device determination user terminal AP to be accessed is not corresponding with described SSID legal MAC Address resource, then can not pass through response message to described communication service platform return authentication, to make described communication service platform that described certification is not sent to described user terminal by response message, and then described user terminal is not disconnected and the associating of described AP to be accessed by response message according to described certification.
In the present embodiment, the authentication request of the legitimacy of the SSID to AP to be accessed that access point authentication device is initiated by communication service platform according to user terminal carries out certification, and unsanctioned for certification result is back to user terminal by communication service platform, and then user terminal can not disconnected and the associating of AP to be accessed by response message according to certification, therefore, for user terminal can access security AP and provide guarantee.
Fig. 2 is the flow chart of access point authentication embodiment of the method two of the present invention, and as shown in Figure 2, described access point authentication method can comprise the steps:
Step 201, receives the resource associations message that access point AP sends, the MAC Address of user terminal that described resource associations message comprises the SSID of described AP and the MAC Address corresponding with described SSID and associates with described AP;
It should be noted that, the executive agent of the present embodiment can be access point authentication device, and it can be deployed in carrier server end, also can dispose separately and be communicated with access point by Networks and Communications business platform.Be deployed in carrier server end for described access point authentication device section to be below described.
In the present embodiment, after user terminal finds the SSID of broadcast and user confirms to associate the AP of certain SSID, if this associated AP belongs to the AP resource of operator, then there is certain communication protocol or communication interface between this associated AP and access point authentication device of operator, therefore this associated AP can send resource associations message to access point authentication device, particularly, the MAC Address of user terminal that can comprise the SSID of this associated AP and the MAC Address corresponding with described SSID in described resource associations message and associate with described AP.
Step 202, if there is the SSID of AP described in described resource associations message and the MAC Address corresponding with described SSID in the AP resources bank preset, then saves as resource associations verification table by described resource associations message;
In the present embodiment, access point authentication device is according to the resource associations message received, and the data calling carrier server end are verified, if the SSID in the AP resources bank that in described resource associations message, the SSID of AP and the MAC Address corresponding with described SSID and described operator preset and MAC Address corresponding, then the SSID of AP in described resource associations message and the MAC Address corresponding with described SSID and the MAC Address of user terminal that associates with described AP are stored in resource associations verification table.
Step 203, the authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed;
It should be noted that, communication service platform described in the present embodiment can be any one in short message service platform, MMS platform and electronic mail service platform.In the present embodiment, after user terminal finds the SSID of broadcast and user confirms to associate the AP of certain SSID, namely authentication request message to AP to be accessed is sent by communication service platform to described access point authentication device, particularly, SSID and the MAC Address of the MAC Address of user terminal and the AP broadcast to be accessed of described user terminal can be comprised in described authentication request message.
Step 204, inquires about in described resource associations verification table according to the SSID of the MAC Address of user terminal described in described authentication request message and described user terminal AP to be accessed and MAC Address;
Access point authentication device is inquired about in described resource associations verification table according to the SSID of the MAC Address of user terminal in the authentication request message received from communication service platform and described user terminal AP to be accessed and MAC Address, judges that whether the SSID of the AP that the MAC Address of user terminal in described authentication request message is to be accessed with described user terminal is identical with a certain resource associations message stored in described resource associations verification table with MAC Address.
Step 205, judges that whether the SSID of the AP that the MAC Address of user terminal in described authentication request message is to be accessed with described user terminal is identical with a certain resource associations message of preserving in described resource associations verification table with MAC Address;
In the present embodiment, if the SSID of the AP that the MAC Address of user terminal is to be accessed with described user terminal is identical with a certain resource associations message of preserving in described resource associations verification table with MAC Address in described authentication request message, then can determine that the MAC Address of AP in described authentication request message is the MAC Address resource of the legal SSID corresponding with the MAC Address of described user terminal, then perform step 206; Otherwise perform step 207.
Step 206, passes through response message to described communication service platform return authentication;
When the MAC Address of the AP to be accessed of user terminal in access point authentication device determination authentication request message is the MAC Address resource of the legal SSID corresponding with the MAC Address of described user terminal, then to described communication service platform return authentication by response message, to make described communication service platform, described certification can be sent to described user terminal by response message.
Step 207, does not pass through response message to described communication service platform return authentication.
In this enforcement, when the MAC Address of the AP to be accessed of user terminal in access point authentication device determination authentication request message is not the MAC Address resource of the legal SSID corresponding with the MAC Address of described user terminal, then can not pass through response message to communication service platform return authentication, to make described communication service platform that described certification is not sent to described user terminal by response message, and then user terminal can not disconnected and the associating of described AP to be accessed by response message according to described certification.
In the present embodiment, the resource associations message that access point authentication device can send according to AP to be accessed and generate resource associations verification table, when after the authentication request message to AP to be accessed receiving user terminal initiation, according to resource associations verification table, certification is carried out to AP to be accessed by the SSID of the MAC Address of user terminal in authentication request message and described user terminal AP to be accessed and the MAC Address corresponding with described SSID, thus prevent user terminal to be linked in the AP of forgery.Particularly, after user terminal A associates the SSID of a certain AP, suppose that this associated AP belongs to the AP resource of operator, therefore this is then sent resource associations message to access point authentication device by the AP that user terminal A associates, comprise the SSID of this associated AP and the MAC Address of the MAC Address corresponding with described SSID and user terminal A, after above-mentioned steps 202, the SSID of this associated AP and the MAC Address of the MAC Address corresponding with described SSID and user terminal A are stored in resource associations verification table, after the certification of above-mentioned steps 203 to 206, user terminal A can receive certification and pass through response message.If now user terminal B is associated with the SSID identical with the AP that user terminal A associates, suppose that AP that user terminal B associates belongs to the AP of forgery, and this forgery AP has the SSID identical with the AP associated by user terminal A and MAC Address, but owing to there is no communication interface between this forgery AP and the access point authentication device of operator, therefore, this forgery AP cannot send resource associations message to access point authentication device, user terminal B then still can by the authentication request message of communication service platform initiation to AP to be accessed, comprise the MAC Address of user terminal B and the SSID of user terminal B AP to be accessed and the MAC Address corresponding with described SSID, access point authentication device is through step 204, 205 certification time, although store SSID and the MAC Address corresponding with described SSID (information for the legal AP resource that user terminal A associates) of this associated AP in resource associations verification table, but, but the SSID of the to be accessed AP corresponding with the MAC Address of user terminal B and the MAC Address corresponding with described SSID can not be inquired in resource associations verification table, therefore perform step 207 and do not pass through response message to user terminal B return authentication, illegal AP may be belonged to the AP that reminding subscriber terminal B is to be accessed, user terminal B can not disconnected and the associating of rogue AP by response message according to certification.
Therefore, the present embodiment initiates authentication request message to AP to be accessed by user terminal by communication service platform, and in authentication request message, carry the MAC Address of user terminal, thus prevent user terminal to be linked in the AP forging SSID and MAC Address, thus enable user terminal get information about the legitimacy of AP to be accessed, provide guarantee for the AP of user terminal access security.
Fig. 3 is the flow chart of access point authentication embodiment of the method three of the present invention, and as shown in Figure 3, described access point authentication method can comprise the steps:
Step 301, receive the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of described user terminal access point AP to be accessed;
Step 302, sends described authentication request message to the carrier server corresponding with described SSID;
Step 303, receives the certification that described carrier server returns and passes through response message;
Step 304, sends to described user terminal by described certification by response message.
It should be noted that, the executive agent of the present embodiment can be communication service platform, and particularly, communication service platform can be any one in short message service platform, MMS platform and electronic mail service platform.In the present embodiment, be described for short message service platform, after user terminal finds the SSID of AP broadcast and user confirms to associate the AP of certain SSID, then for this association AP to be accessed to short message service platform send authentication request message, described authentication request message comprise carry in the broadcasted content of user terminal AP to be accessed SSID and MAC Address.
In the present embodiment, short message service platform receives the above-mentioned authentication request message that user terminal sends, and send this authentication request message to the carrier server that SSID in authentication request message is corresponding, to make the access point authentication device of carrier server end, certification is carried out to the SSID of AP in authentication request message and the MAC Address corresponding with described SSID, and receive carrier server certification by after the certification that returns to short message service platform by response message, the described certification received is sent to described user terminal by response message by short message service platform.
In the present embodiment, by using the transmission medium of short message service platform as authentication message between user terminal and carrier server, user terminal is made directly not carry out the transmission of authentication information with AP to be accessed, therefore, ensure that the privacy information of user terminal such as user terminal number is not leaked, is also simultaneously the AP of user terminal access security and provide foundation.
Further, if access point authentication device does not inquire the SSID of the AP to be accessed of user terminal in authentication request message and the MAC Address corresponding with described SSID in the AP resources bank preset, then certification is not passed through, now carrier server does not pass through response message to short message service platform return authentication, the certification received is not sent to described user terminal by response message by short message service platform, is not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
In the present embodiment, by using the transmission medium of short message service platform as authentication message between user terminal and carrier server, user terminal is made directly not carry out the transmission of authentication information with AP to be accessed, therefore, ensure that the privacy information of user terminal such as user terminal number is not leaked, simultaneously for user terminal can access security AP and provide guarantee.
Further, the MAC Address of described user terminal can also be carried in the authentication request message that the user terminal that described communication service platform receives sends, certification can be carried out according to the MAC Address of user terminal to the SSID of AP to be accessed and MAC Address to make access point authentication device.
Fig. 4 is the flow chart of access point authentication embodiment of the method four of the present invention, and as shown in Figure 4, described access point authentication method can comprise the steps:
Step 401, send authentication request message to communication service platform, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
Step 402, receives the certification that described communication service platform returns and passes through response message.
It should be noted that, the executive agent of the present embodiment can be user terminal, and particularly, user terminal can be the terminal equipments for surfing the net such as mobile phone, notebook computer or PDA.Described communication service platform can be any one in short message service platform, MMS platform and electronic mail service platform.
In the present embodiment, after user terminal finds the SSID of AP broadcast and user confirms to associate the AP of certain SSID, AP to be accessed then for this association sends authentication request message to communication service platform, described authentication request message comprises the SSID and MAC Address that carry in the broadcasted content of user terminal AP to be accessed, to make communication service platform, described authentication request message is sent to the carrier server that SSID in authentication request message is corresponding, thus make operator can carry out certification to AP to be accessed, and after certification is passed through, response message is passed through in the certification that received communication business platform returns.
In the present embodiment, user terminal can by the communication service platform initiatively authentication request of initiation to AP to be accessed, and after certification is passed through, can the certification that returns of received communication business platform by response message, thus provide foundation for the AP of user terminal access security.
Further, user terminal is after sending authentication request message to communication service platform, timer events can also be started and carry out timing, in described timer events, be provided with certain timing duration, as timing duration can be set to 60 seconds, 100 seconds according to actual conditions.In the present embodiment, whether described user terminal is the legal MAC Address resource corresponding with described SSID according to the MAC Address whether receiving certification that described communication service platform returns and to be determined by response message AP to be accessed in described certain timing duration.Particularly, when the timing duration arranged in timer events is 100 seconds, if user terminal received certification that communication service platform returns by response message in 100 seconds, then determine that the SSID of described AP to be accessed and the MAC Address corresponding with SSID are the legal MAC Address resources corresponding with described SSID; If user terminal did not also receive certification that communication service platform returns by response message after 100 seconds, then represent that the identity of described AP to be accessed cannot be verified or the SSID of described AP to be accessed and the MAC Address corresponding with SSID are not the legal MAC Address resources corresponding with described SSID.
Further, user terminal can also carry the MAC Address of user terminal in the authentication request message sent to communication service platform, can carry out certification to make access point authentication device according to the MAC Address of user terminal to the SSID of AP to be accessed and MAC Address.
In the present embodiment, user terminal finds the SSID of AP broadcast and after user confirms to associate the AP of certain SSID, technical scheme of the present invention initiatively initiates the AP legitimacy to be accessed to association authentication request by communication service platform can be applied, and received certification by communication service platform and pass through response message; Can also according to timer events, and know the information such as the identity of AP to be accessed cannot be verified or AP to be accessed is illegal, thus enable user terminal get information about the legitimacy of AP to be accessed, avoiding user to be linked into the AP of camouflage operator SSID, is the AP of user terminal access security and provide effective foundation.
Further, in yet another embodiment of the present invention, when to the certification of AP to be accessed not by time, user terminal can also the certification that returns of received communication business platform not by response message, and according to described certification associating not by response message disconnection and described AP to be accessed.Or described user terminal does not also receive certification that communication service platform returns by response message when timing duration reaches, then also can disconnect and the associating of described AP to be accessed.
In the present embodiment, user terminal can by the communication service platform initiatively authentication request of initiation to AP to be accessed, and received certification by communication service platform and do not pass through response message by response message or certification, can also do not disconnected by response message and the associating of AP to be accessed according to certification, thus enable user terminal get information about the legitimacy of AP to be accessed, avoiding user to be linked into the AP of camouflage operator SSID, is the AP of user terminal access security and provide guarantee.
Fig. 5 is the structural representation of access point authentication device embodiment one of the present invention, and as shown in Figure 5, described access point authentication device can comprise:
First receiver module 501, for the authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
First determination module 502, for determining whether the MAC Address of described AP is the legal MAC Address resource corresponding with described SSID;
First sending module 503, if determine that the MAC Address of described AP is legal for described first determination module 502, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message.
Further, if described first determination module 502 determines that the MAC Address of described AP is illegal, then the first sending module 503 is concrete also for not passing through response message to described communication service platform return authentication, to make described communication service platform that described certification is not sent to described user terminal by response message, do not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
In the present embodiment, described communication service platform comprises: any one in short message service platform, MMS platform and electronic mail service platform.
The access point authentication device of the present embodiment may be used for the technical scheme performing embodiment of the method shown in Fig. 1, and it realizes principle and technique effect is similar, repeats no more herein.
Fig. 6 is the structural representation of access point authentication device embodiment two of the present invention, and as shown in Figure 6, the present embodiment is on the basis of the apparatus structure of access point authentication shown in Fig. 5, and further, described access point authentication device can also comprise:
Second receiver module 504, for receiving the resource associations message that access point AP sends, the MAC Address of user terminal that described resource associations message comprises the SSID of described AP and the MAC Address corresponding with described SSID and associates with described AP;
Memory module 505, if for there is the SSID of AP in described resource associations message and the MAC Address corresponding with described SSID in described default AP resources bank, then save as resource associations verification table by described resource associations message;
Described first receiver module 501 specifically can also be used for the authentication request message that received communication business platform sends, and described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and user terminal access point AP to be accessed;
Further, described first determination module 502 specifically can comprise:
Query unit 601, for inquiring about in described resource associations verification table according to the SSID of the MAC Address of user terminal described in described authentication request message and described user terminal AP to be accessed and MAC Address;
Legal resource determining unit 602, if identical with a certain resource associations message of preserving in described resource associations verification table with MAC Address for the SSID of the AP to be accessed with described user terminal of the MAC Address of user terminal in described authentication request message, then determine that the MAC Address of AP in described authentication request message is the legal MAC Address resource corresponding with described SSID.
The access point authentication device of the present embodiment may be used for the technical scheme performing embodiment of the method shown in Fig. 2, and it realizes principle and technique effect is similar, repeats no more herein.
Fig. 7 is the structural representation of communication service platform of the present invention, and as shown in Figure 7, described communication service platform can comprise:
3rd receiver module 701, for receiving the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of described user terminal access point AP to be accessed;
Second sending module 702, for sending described authentication request message to the carrier server corresponding with described SSID;
4th receiver module 703, after passing through, receives the certification that described carrier server returns and passes through response message for certification;
3rd sending module 704, for sending to described user terminal by described certification by response message.
Further, described 4th receiver module 703, specifically can also be used for the certification that certification do not return by then receiving described carrier server and not pass through response message;
Described 3rd sending module 704, specifically can also be used for described certification not send to described user terminal by response message, is not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
The communication service platform of the present embodiment may be used for the technical scheme performing embodiment of the method shown in Fig. 3, and it realizes principle and technique effect is similar, repeats no more herein.
Fig. 8 is the structural representation of user terminal embodiment one of the present invention, and as shown in Figure 8, described user terminal can comprise:
4th sending module 801, for sending authentication request message to communication service platform, described authentication request message comprises SSID and the MAC Address of user terminal access point AP to be accessed;
5th receiver module 802, response message is passed through in the certification returned for receiving described communication service platform.
In the present embodiment, described communication service platform comprises: any one in short message service platform, MMS platform and electronic mail service platform.
Further, described 5th receiver module 802 can also be used for receiving the certification that described communication service platform returns and not pass through response message.
Preferably, described user terminal is also comprised and disconnects access module 803, for not disconnected and the associating of described AP to be accessed by response message according to described certification.
The user terminal of the present embodiment may be used for the technical scheme performing embodiment of the method shown in Fig. 4, and it realizes principle and technique effect is similar, repeats no more herein.
Further, as shown in Figure 9, described user terminal can also comprise:
Timing module 901, starts timer events for described 4th sending module 801 and carries out timing, be provided with certain timing duration in described timer events after communication service platform transmission authentication request message;
Second determination module 902, for judging whether described 5th receiver module 802 is received certification that described communication service platform returns and to be determined by response message whether the MAC Address of AP to be accessed is the legal MAC Address resource corresponding with described SSID in described certain timing duration;
Determination module 903, if receive described certification by response message for described 5th receiver module 802 in described certain timing duration, then determines that the MAC Address of AP to be accessed is the legal MAC Address resource corresponding with described SSID.
Further, described determination module 903, if described 5th receiver module 802 can also be used for do not receive described certification by response message in described certain timing duration, then determine that the MAC Address of AP to be accessed is not the legal MAC Address resource corresponding with described SSID; Described disconnection access module 803, when specifically can also be used for determining that the MAC Address of AP to be accessed is not legal MAC Address according to described determination module 903, disconnection associates with described AP's to be accessed.
The user terminal of the present embodiment may be used for the technical scheme performing the further embodiment of method shown in Fig. 4, and it realizes principle and technique effect is similar, repeats no more herein.
Figure 10 is the structural representation of access point authentication system of the present invention, as shown in Figure 10, described access point authentication system can comprise: the user terminal 100 provided in the communication service platform 200 provided in any embodiment that the access point authentication device 300 that in the embodiment that above-mentioned Fig. 5 or Fig. 6 is corresponding, any embodiment provides, above-mentioned Fig. 7 are corresponding and any embodiment corresponding to above-mentioned Fig. 8 or Fig. 9.Wherein, the detailed description of access point authentication device 300 can see the related content in embodiment corresponding to Fig. 5 or Fig. 6, the detailed description of communication service platform 200 can see the related content in embodiment corresponding to Fig. 7, the detailed description of user terminal 100 see the related content in embodiment corresponding to Fig. 8 or Fig. 9, can repeat no more herein.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims (15)

1. an access point authentication method, is characterized in that, comprising:
The authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed;
Whether the MAC Address determining described AP is the legal MAC Address resource corresponding with described SSID; If legal, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message;
Before the authentication request message that described received communication business platform sends, also comprise:
Receive the resource associations message that access point AP sends, the MAC Address of user terminal that described resource associations message comprises the SSID of described AP and the MAC Address corresponding with described SSID and associates with described AP;
If there is the SSID of AP described in described resource associations message and the MAC Address corresponding with described SSID in the AP resources bank preset, then described resource associations message is saved as resource associations verification table;
Whether the described MAC Address determining described AP is the legal MAC Address resource corresponding with described SSID, is specially:
Inquire about in described resource associations verification table according to the SSID of the MAC Address of user terminal described in described authentication request message and described user terminal AP to be accessed and MAC Address;
If the SSID of the AP that the MAC Address of user terminal is to be accessed with described user terminal is identical with a certain resource associations message of preserving in described resource associations verification table with MAC Address in described authentication request message, then determine that the MAC Address of AP in described authentication request message is the legal MAC Address resource corresponding with described SSID.
2. method according to claim 1, is characterized in that, also comprises:
If illegal, then do not pass through response message to described communication service platform return authentication, to make described communication service platform that described certification is not sent to described user terminal by response message, and then described user terminal is not disconnected and the associating of described AP to be accessed by response message according to described certification.
3. an access point authentication method, is characterized in that, comprising:
Receive the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed;
Described authentication request message is sent to the carrier server corresponding with described SSID, to make the access point authentication device of carrier server end, certification is carried out to the SSID of AP in authentication request message and the MAC Address corresponding with described SSID, be specially, make described access point authentication device carry out certification according to the MAC Address of described user terminal to the SSID of described access point AP to be accessed and MAC Address;
If certification is passed through, then receive the certification that described carrier server returns and pass through response message;
Described certification is sent to described user terminal by response message.
4. method according to claim 3, is characterized in that, also comprises:
If certification is not passed through, then receive the certification that described carrier server returns and do not pass through response message;
Described certification is not sent to described user terminal by response message, is not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
5. an access point authentication method, is characterized in that, comprising:
Authentication request message is sent to communication service platform, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and user terminal access point AP to be accessed, described authentication request message is sent to the carrier server corresponding with described SSID to make described communication service platform, and make the access point authentication device of described carrier server end carry out certification to the SSID of AP in authentication request message and the MAC Address corresponding with described SSID, be specially, described access point authentication device is made to carry out certification according to the MAC Address of described user terminal to the SSID of described access point AP to be accessed and MAC Address,
If certification is passed through, then receive the certification that described communication service platform returns and pass through response message.
6. method according to claim 5, is characterized in that, also comprises:
If certification is not passed through, then receive the certification that described communication service platform returns and do not pass through response message;
Do not disconnected and the associating of described AP to be accessed by response message according to described certification.
7. method according to claim 5, is characterized in that, described after communication service platform transmission authentication request message, also comprises:
Start timer events and carry out timing, in described timer events, be provided with certain timing duration;
The certification that the described communication service platform of described reception returns is specially by response message:
Whether the MAC Address according to whether receiving certification that described communication service platform returns and to be determined by response message AP to be accessed in described certain timing duration is the legal MAC Address resource corresponding with described SSID;
The certification that described communication service platform returns if receive in described certain timing duration by response message, then determines that the MAC Address of AP to be accessed is the legal MAC Address resource corresponding with described SSID.
8. an access point authentication device, is characterized in that, comprising:
First receiver module, for the authentication request message that received communication business platform sends, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed;
First determination module, for determining whether the MAC Address of described AP is the legal MAC Address resource corresponding with described SSID;
First sending module, if determine that the MAC Address of described AP is legal for described first determination module, then pass through response message to described communication service platform return authentication, to make described communication service platform, described certification is sent to described user terminal by response message;
Second receiver module, for receiving the resource associations message that access point AP sends, the MAC Address of user terminal that described resource associations message comprises the SSID of described AP and the MAC Address corresponding with described SSID and associates with described AP;
Memory module, if for there is the SSID of AP in described resource associations message and the MAC Address corresponding with described SSID in default AP resources bank, then save as resource associations verification table by described resource associations message;
Described first determination module specifically comprises:
Query unit, for inquiring about in described resource associations verification table according to the SSID of the MAC Address of user terminal described in described authentication request message and described user terminal AP to be accessed and MAC Address;
Legal resource determining unit, if identical with a certain resource associations message of preserving in described resource associations verification table with MAC Address for the SSID of the AP to be accessed with described user terminal of the MAC Address of user terminal in described authentication request message, then determine that the MAC Address of AP in described authentication request message is the legal MAC Address resource corresponding with described SSID.
9. device according to claim 8, it is characterized in that, if described first determination module determines that the MAC Address of described AP is illegal, described first sending module is concrete also for not passing through response message to described communication service platform return authentication, to make described communication service platform that described certification is not sent to described user terminal by response message, do not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
10. a communication service platform, is characterized in that, comprising:
3rd receiver module, for receiving the authentication request message that user terminal sends, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed;
Second sending module, for sending described authentication request message to the carrier server corresponding with described SSID, to make the access point authentication device of carrier server end, certification is carried out to the SSID of AP in authentication request message and the MAC Address corresponding with described SSID, be specially, make described access point authentication device carry out certification according to the MAC Address of described user terminal to the SSID of described access point AP to be accessed and MAC Address;
4th receiver module, response message is passed through in the certification returned for receiving described carrier server;
3rd sending module, for sending to described user terminal by described certification by response message.
11. communication service platforms according to claim 10, is characterized in that,
Described 4th receiver module, response message is not passed through in the certification also do not returned by then receiving described carrier server for certification;
Described 3rd sending module, also for described certification is not sent to described user terminal by response message, is not disconnected and the associating of described AP to be accessed by response message according to described certification to make described user terminal.
12. 1 kinds of user terminals, is characterized in that, comprising:
4th sending module, for sending authentication request message to communication service platform, described authentication request message comprises SSID and the MAC Address of the MAC Address of user terminal and described user terminal access point AP to be accessed, described authentication request message is sent to the carrier server corresponding with described SSID to make described communication service platform, and make the access point authentication device of described carrier server end carry out certification to the SSID of AP in authentication request message and the MAC Address corresponding with described SSID, be specially, described access point authentication device is made to carry out certification according to the MAC Address of described user terminal to the SSID of described access point AP to be accessed and MAC Address, 5th receiver module, response message is passed through in the certification returned for receiving described communication service platform.
13. user terminals according to claim 12, is characterized in that,
Response message is not passed through in the certification that described 5th receiver module also returns for receiving described communication service platform;
Described user terminal also comprises disconnection access module, for not disconnected and the associating of described AP to be accessed by response message according to described certification.
14. user terminals according to claim 12, is characterized in that, also comprise:
Timing module, starts timer events for described 4th sending module and carries out timing, be provided with certain timing duration in described timer events after communication service platform transmission authentication request message;
Second determination module, for judging whether described 5th receiver module is received certification that described communication service platform returns and to be determined by response message whether the MAC Address of AP to be accessed is the legal MAC Address resource corresponding with described SSID in described certain timing duration;
Determination module, if receive described certification by response message for described 5th receiver module in described certain timing duration, then determines that the MAC Address of AP to be accessed is the legal MAC Address resource corresponding with described SSID.
15. 1 kinds of access point authentication systems, is characterized in that, comprise access point authentication device as claimed in claim 8 or 9, the communication service platform as described in claim 10 or 11 and the user terminal as described in any one of claim 12 ~ 14.
CN201210298090.8A 2012-08-20 2012-08-20 Access point authorizing method, device and system Active CN102843682B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210298090.8A CN102843682B (en) 2012-08-20 2012-08-20 Access point authorizing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210298090.8A CN102843682B (en) 2012-08-20 2012-08-20 Access point authorizing method, device and system

Publications (2)

Publication Number Publication Date
CN102843682A CN102843682A (en) 2012-12-26
CN102843682B true CN102843682B (en) 2015-03-18

Family

ID=47370682

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210298090.8A Active CN102843682B (en) 2012-08-20 2012-08-20 Access point authorizing method, device and system

Country Status (1)

Country Link
CN (1) CN102843682B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878989A (en) * 2016-12-23 2017-06-20 新华三技术有限公司 A kind of connection control method and device

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104104478B (en) * 2013-04-12 2018-07-27 中国移动通信集团公司 The sending method and device of probing response frame in a kind of WLAN
CN104378835A (en) * 2013-08-13 2015-02-25 华为终端有限公司 Reservation processing method and terminal of access network
CN104660405B (en) * 2013-11-21 2018-06-12 中国移动通信集团公司 A kind of business device authentication method and equipment
CN104703181A (en) * 2013-12-09 2015-06-10 重庆重邮信科通信技术有限公司 Access node authentication method and terminal
CN106912048B (en) * 2013-12-20 2020-06-23 北京小米移动软件有限公司 Access point information sharing method and device
CN103780430B (en) * 2014-01-20 2017-11-17 华为技术有限公司 The method and apparatus for monitoring the network equipment
CN104796894A (en) * 2014-01-22 2015-07-22 海尔集团公司 Configuration information transmission method and equipment
CN109889473B (en) * 2014-08-08 2021-11-19 创新先进技术有限公司 Method for realizing information push and third-party client
CN106162649A (en) * 2015-04-20 2016-11-23 中兴通讯股份有限公司 A kind of identify the method for WAP legitimacy, terminal and system
CN105072669B (en) * 2015-08-11 2018-09-21 华讯方舟科技有限公司 The connection control method and device of website
CN105188055B (en) * 2015-08-14 2018-06-12 中国联合网络通信集团有限公司 wireless network access method, wireless access point and server
CN106714158B (en) * 2015-08-18 2020-02-18 中国移动通信集团公司 WiFi access method and device
CN107950043B (en) * 2015-09-11 2020-07-14 华为技术有限公司 Method, terminal, service platform, access point and access point background for verifying wireless local area network access point
CN105120462B (en) * 2015-09-11 2018-10-02 中国联合网络通信集团有限公司 Method for network access and device
CN105657706A (en) * 2015-10-30 2016-06-08 东莞酷派软件技术有限公司 Access method, related device and access apparatus
CN105979511B (en) * 2016-05-04 2019-11-26 深圳市蜂联科技有限公司 A method of realizing that SD and AP is quickly connected using the encryption of SD information under the WIFI environment of onrelevant
CN106131834B (en) * 2016-06-30 2020-01-10 宇龙计算机通信科技(深圳)有限公司 Network connection method, network connection device and terminal
CN106211264B (en) * 2016-07-11 2018-07-31 九阳股份有限公司 A kind of household electrical appliances distribution method and device
CN106454847A (en) * 2016-12-21 2017-02-22 北京奇虎科技有限公司 Method and device for detecting phishing risk of public WiFi
CN106792694B (en) * 2016-12-30 2020-02-18 Oppo广东移动通信有限公司 Access authentication method and access equipment
EP3563599B1 (en) * 2016-12-30 2021-10-13 British Telecommunications Public Limited Company Automatic pairing of devices to wireless networks
CN110268733B (en) 2016-12-30 2022-05-10 英国电讯有限公司 Automatically pairing devices to a wireless network
CN106982434B (en) * 2017-03-03 2020-02-11 上海斐讯数据通信技术有限公司 Wireless local area network security access method and device
CN107294977A (en) * 2017-06-28 2017-10-24 迈普通信技术股份有限公司 The method and device of Wi Fi secure connections
CN107135506B (en) * 2017-07-03 2019-11-05 迈普通信技术股份有限公司 A kind of portal authentication method, apparatus and system
CN110248326B (en) * 2019-04-30 2022-02-25 中国联合网络通信集团有限公司 Data processing method and device
CN113225350B (en) * 2021-05-21 2022-11-29 广东电网有限责任公司 Network resource management method, device, medium and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616373A (en) * 2009-07-22 2009-12-30 宇龙计算机通信科技(深圳)有限公司 A kind of method, system, the webserver and terminal of obtaining the WAPI certificate
CN102438238A (en) * 2011-12-28 2012-05-02 武汉虹旭信息技术有限责任公司 Method for detecting illegal AP (Assembly Program) under centralized WLAN (Wireless Local Area Network) environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616373A (en) * 2009-07-22 2009-12-30 宇龙计算机通信科技(深圳)有限公司 A kind of method, system, the webserver and terminal of obtaining the WAPI certificate
CN102438238A (en) * 2011-12-28 2012-05-02 武汉虹旭信息技术有限责任公司 Method for detecting illegal AP (Assembly Program) under centralized WLAN (Wireless Local Area Network) environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878989A (en) * 2016-12-23 2017-06-20 新华三技术有限公司 A kind of connection control method and device
CN106878989B (en) * 2016-12-23 2020-08-04 新华三技术有限公司 Access control method and device

Also Published As

Publication number Publication date
CN102843682A (en) 2012-12-26

Similar Documents

Publication Publication Date Title
CN102843682B (en) Access point authorizing method, device and system
CN105682093A (en) Wireless network access method and access device, and client
CN101577908B (en) User equipment verification method, device identification register and access control system
CN104683980A (en) Antitheft security management system and method for home wireless router
CN102572830A (en) Method and customer premise equipment (CPE) for terminal access authentication
EP2237587A1 (en) Radio communication system, base station device, gateway device, and radio communication method
CN110602691A (en) Mobile communication method and device based on block chain network
CN101309272A (en) Authentication server and mobile communication terminal access controlling method of virtual private network
CN112492602B (en) 5G terminal safety access device, system and equipment
CN101686463B (en) Method for protecting ability of user terminal, device and system
US20180167813A1 (en) Processing method for terminal access to 3gpp network and apparatus
CN102421098A (en) User authentication method, device and system
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN103974248A (en) Terminal security protection method, device and system in ability open system
CN102421097A (en) User authorization method, device and system
CN107659935B (en) Authentication method, authentication server, network management system and authentication system
EP4106376A1 (en) A method and system for authenticating a base station
CN102149079B (en) Method, device and system for obtaining user identity identifier
CN105847234B (en) Suspicious terminal access method for early warning, gateway management platform and gateway
CN103281693A (en) Wireless communication authentication method, network translation equipment and terminal
CN106341374B (en) Method and device for limiting access of unlicensed user equipment to home gateway
CN106790425A (en) The method and system of information pushing
CN114095929B (en) Account security enhancement method in B-trunk system
US9525980B2 (en) Method and system for triggering terminal group
CN103731425A (en) Network wireless terminal access control method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant