CN103052063B - A kind of method of accessing WLAN, system, wireless sharing equipment and terminal - Google Patents

A kind of method of accessing WLAN, system, wireless sharing equipment and terminal Download PDF

Info

Publication number
CN103052063B
CN103052063B CN201110306766.9A CN201110306766A CN103052063B CN 103052063 B CN103052063 B CN 103052063B CN 201110306766 A CN201110306766 A CN 201110306766A CN 103052063 B CN103052063 B CN 103052063B
Authority
CN
China
Prior art keywords
terminal
authentication
local area
area network
request message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110306766.9A
Other languages
Chinese (zh)
Other versions
CN103052063A (en
Inventor
黄薇
常辉
路晓明
郭毅峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201110306766.9A priority Critical patent/CN103052063B/en
Publication of CN103052063A publication Critical patent/CN103052063A/en
Application granted granted Critical
Publication of CN103052063B publication Critical patent/CN103052063B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention program discloses a kind of method of accessing WLAN, system, wireless sharing equipment and terminal, main contents comprise: wireless sharing equipment is to each terminal broadcast outer logo and internal indicator, from the mark received, a mark is selected to be carried at access request message by terminal, make wireless sharing equipment determine to carry in access request message be outer logo time, certificate server by outside carries out certification to described terminal, determine to carry in access request message be internal indicator time, the local log-on message stored is utilized to carry out certification to this terminal, no matter be external authentication process or internal authentication process, if certification is passed through, then allow terminal accessing WLAN, otherwise, refusal terminal accessing WLAN, so just make to support that the terminal of inside and outside arbitrary authentication mode all can be accessed by WLAN (wireless local area network), when ensureing wireless LAN safety, improve the utilization rate of WLAN (wireless local area network) resource.

Description

Method, system, wireless sharing equipment and terminal for accessing wireless local area network
Technical Field
The present invention relates to the field of wireless communications, and in particular, to a method, a system, a wireless sharing device, and a terminal for accessing a wireless local area network.
Background
The existing network data transmission modes include two types, one is a wired transmission mode using an optical cable and an optical fiber, and the other is a wireless transmission mode using a wireless router. The existing common wireless local area network is a network based on a wireless transmission mode, and the wireless local area network takes wireless signals as a data transmission medium, so that compared with the traditional wired medium network, the access is more convenient, the networking is more flexible and more open, and a plurality of terminals are more easily accessed to realize the sharing of the network.
The construction of the wireless local area network can be divided into two forms, one is the wireless local area network which is constructed by an operator and is opened to all legal terminals, and the other is a private wireless local area network which is constructed by terminals.
The wireless local area network constructed by the operator can perform identity authentication on the terminal requesting to access the wireless local area network through an Authentication Server (AS) at the network side, allow the terminal passing the authentication to access the wireless local area network, execute a corresponding access control strategy and perform statistics on the access time and the use flow of the terminal. At this time, the schematic structural diagram of the wireless lan is AS shown in fig. 1, where a terminal accesses an Access Controller (AC) through an Access Point (AP), the AC redirects the terminal to a Portal page, the terminal inputs authentication information into a dialog window provided by the Portal page, and then the AS authenticates the input authentication information, and after the AS authenticates the identity of the terminal, the AC is notified to allow the terminal to Access the wireless lan, otherwise, the terminal is not allowed to Access the wireless lan.
The private wireless local area network constructed by the terminal is a small local area network which is self-constructed by the terminal by using wireless equipment and is used by the terminal, for example, the terminal can construct a private home wireless local area network by using a wireless router, and when the terminal is accessed into the private home wireless local area network, the following three access modes can be provided:
the first access mode is as follows: the wireless router is set to be in an open form (namely, a password is not set for the wireless router), and the access authority is opened for all the terminals, namely, all the terminals are allowed to access the private wireless local area network, so that the sharing of the wireless local area network is realized.
The second access mode is as follows: and setting a password for the wireless router, allowing only the terminal authenticated by the password to access the wireless local area network, and limiting the terminal not authenticated by the password to access the wireless local area network. For example, a password is notified to a specified user, and the user is allowed to access the wireless local area network through the used terminal.
As shown in fig. 2, when the terminal requests access to the wireless lan, the terminal provides a password to the access point, and when the access point authenticates the password, the terminal is allowed to access the wireless lan.
The third access mode is as follows: similar to the wireless local area network constructed by the operator, all terminals requesting to access the wireless local area network are authenticated through the authentication server at the network side, and the terminals passing the authentication are allowed to access the wireless local area network.
The three access modes for the private wireless local area network have the following defects respectively:
aiming at a first access mode: because the wireless router opens the authority of accessing the wireless local area network to all terminals, although the wireless access resources can be shared to the maximum extent, the equipment and data in the wireless local area network are in an unprotected state due to the fact that the terminals do not have authentication operation when accessing the wireless local area network, and the security risk of being attacked by illegal terminals and stealing data exists; in addition, when the number of terminals accessing the wireless lan is too large, the system resource occupation of the wireless lan may be too high, the load of the wireless router is too large, and even the terminals of the user constructing the wireless lan may not have enough network resources available.
Aiming at the second access mode: because only the terminal which acquires the password is allowed to access the wireless local area network, other terminals are not allowed to share the wireless local area network, the utilization rate of wireless local area network resources is low; in addition, if the user who knows the password reveals the password to others at will, the security of the terminal accessing the wireless lan and the data in the wireless lan may be affected.
For the third access mode: because the terminal needs to perform authentication interaction with the authentication server on the network side, the authentication process of the terminal accessing the wireless local area network is lengthened, and the efficiency of accessing the wireless local area network by the self-owned terminal of the wireless local area network is low.
Disclosure of Invention
The embodiment of the invention provides a method, a system, a wireless sharing device and a terminal for accessing a wireless local area network, which are used for solving the problems of low utilization rate of wireless local area network resources and low security of the wireless local area network.
A method of accessing a wireless local area network, the method comprising:
broadcasting an external identifier and an internal identifier;
receiving an access request message from a terminal, authenticating the terminal through an authentication server when an external identifier is carried in the access request message, and authenticating the terminal by using locally stored login information when an internal identifier is carried in the access request message;
and when the authentication is passed, allowing the terminal to access the wireless local area network, otherwise, refusing the terminal to access the wireless local area network.
A method of accessing a wireless local area network, the method comprising:
receiving the broadcast external identification and internal identification;
selecting one of the identifiers, carrying the selected identifier in an access request message and sending the access request message;
if the selected external identifier is used, the wireless local area network is accessed when the authentication server passes the authentication, and if the selected internal identifier is used, the wireless local area network is accessed when the authentication passes according to the login information.
A wireless sharing device comprising a broadcasting module, a receiving module, an authentication module, and an access module, wherein:
the broadcasting module is used for broadcasting the external identification and the internal identification;
the terminal comprises a receiving module, an authentication module and a sending module, wherein the receiving module is used for receiving an access request message from the terminal and sending the access request message to the authentication module, and the access request message carries an external identifier or an internal identifier;
the authentication module is used for authenticating the terminal through an authentication server when the access request message carries an external identifier, and authenticating the terminal by using locally stored login information when the access request message carries an internal identifier;
and the access module is used for allowing the terminal to access the wireless local area network when the authentication is passed, and otherwise, refusing the terminal to access the wireless local area network.
A terminal, the terminal comprising:
the receiving module is used for receiving the broadcast external identification and the broadcast internal identification;
the sending module is used for selecting an identifier from the identifiers received by the receiving module, carrying the selected identifier in the access request message and sending the access request message;
and the access module is used for accessing the wireless local area network when the authentication server passes the authentication if the external identifier is selected by the sending module, and accessing the wireless local area network when the authentication server passes the authentication according to the login information if the internal identifier is selected.
An access wireless local area network system comprising a terminal and a wireless sharing device, wherein:
the terminal is used for receiving the external identifier and the internal identifier broadcasted by the wireless sharing equipment, selecting one identifier to be carried in the access request message and sending the selected identifier to the wireless sharing equipment;
the wireless sharing device is used for authenticating the terminal through an authentication server when the received access request message carries an external identifier, authenticating the terminal by using locally stored login information when the access request message carries an internal identifier, and allowing the terminal to access a wireless local area network when the authentication is passed, otherwise, refusing the terminal to access the wireless local area network.
The invention has the following beneficial effects:
the scheme of the embodiment of the invention authenticates the terminal (namely, an external authentication process) through an external authentication server by determining that the terminal accessed to the wireless local area network carries the selected external identifier in the access request message, authenticates the terminal (namely, an internal authentication process) by using locally stored login information when determining that the terminal carries the internal identifier in the access request message, and allows the terminal to be accessed to the wireless local area network if the terminal passes the authentication process regardless of the external authentication process or the internal authentication process, otherwise, refuses the terminal to be accessed to the wireless local area network, so that the terminal supporting any internal and external authentication mode can be accessed to the wireless local area network, and the utilization rate of wireless local area network resources is improved under the condition of ensuring the security of the wireless local area network.
Drawings
Fig. 1 is a schematic structural diagram of a wireless local area network constructed by an operator in the prior art;
fig. 2 is a schematic structural diagram of a terminal accessing a wireless local area network through a password manner in the prior art;
fig. 3 is a flowchart of a method for accessing a wireless local area network according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for accessing a wireless local area network according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of a wireless sharing device according to a third embodiment;
fig. 6 is a schematic structural diagram of a terminal in the fourth embodiment;
fig. 7 is a schematic structural diagram of an access wlan system according to a fifth embodiment of the present invention.
Detailed Description
In order to achieve the object of the present invention, embodiments of the present invention provide a method, a system, a wireless sharing device and a terminal for accessing a wireless local area network, where the wireless sharing device broadcasts an external identifier and an internal identifier to each terminal, and the terminal selects one identifier from the received external identifier and internal identifier to be carried in an access request message, so that the wireless sharing device can authenticate the terminal through an external authentication server (i.e., an external authentication process) when determining that the external identifier is carried in the access request message, and can authenticate a login password provided by the terminal locally (i.e., an internal authentication process) when determining that the internal identifier is carried in the access request message, and whether the external authentication process or the internal authentication process is performed, if the authentication is passed, the terminal is allowed to access the wireless local area network, otherwise, the terminal is denied to access the wireless local area network, the scheme of the invention can support two authentication modes, namely an internal authentication mode and an external authentication mode, so that the terminal supporting any one of the internal authentication mode and the external authentication mode can access the wireless local area network, and the utilization rate of wireless local area network resources is improved under the condition of ensuring the safety of the wireless local area network.
It should be noted that the external identifier and the internal identifier related in each embodiment of the present invention belong to one identifier information, and the terminal selects an internal identifier or an external identifier in an initiated access request message to indicate an authentication mode when the terminal accesses the wireless lan.
The terminal selects the internal identifier for internal authentication, and does not necessarily indicate that the terminal is an internal terminal of the wireless local area network, and similarly, the terminal selects the external identifier for external authentication, and does not indicate that the terminal is an external terminal of the wireless local area network, and whether the terminal is an internal terminal or an external terminal of the wireless local area network can be indicated by actual attribute information of the terminal.
The embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The first embodiment is as follows:
fig. 3 is a flowchart of a method for accessing a wireless local area network according to an embodiment of the present invention. The method specifically comprises the following steps:
step 100: each terminal is registered in the authentication server in advance, and the wireless sharing device is configured.
When configuring the wireless sharing device, it is necessary to record login information used when performing an internal authentication process for the terminal in the wireless sharing device, for example, if the internal authentication process is to authenticate a login password of the terminal, the login password may be recorded in the wireless sharing device.
Preferably, if the login information used by different terminals for internal authentication is different, the corresponding relationship between the terminal identifier of the terminal capable of internal authentication and the login information used by the terminal corresponding to the terminal identifier for internal authentication may be recorded in the wireless sharing device.
Preferably, the terminal capable of internal authentication may be regarded as an internal terminal of the wireless lan, and therefore, the attribute information of the terminal in which the terminal identifier is recorded in the wireless sharing device is an internal terminal.
When each terminal is registered in the authentication server, it is necessary to store registration information of the terminal in the authentication server, the registration information being used for authenticating the terminal when external authentication is performed.
Preferably, when each terminal is registered in the authentication server, the terminal identifier of the terminal and the corresponding relationship between the terminal identifier and the registration information of the terminal corresponding to the terminal identifier may also be stored in the authentication server.
Preferably, when each terminal is registered in the authentication server, the authentication server may further store information on whether the terminal is bound to the wireless sharing device, and if the binding relationship between the terminal and the wireless sharing device is stored in the authentication server, the authentication server may determine that the terminal is an internal terminal of the wireless local area network, that is, may determine that the attribute information of the terminal is an internal terminal.
Since the same terminal can be both the internal terminal and the external terminal, the terminal can be registered in the authentication server regardless of whether the terminal is the internal terminal or the external terminal.
It should be noted that, the step 100 is not necessary to execute the scheme of the present embodiment, and the subsequent access procedure may be executed to the terminal after the step 100 is executed.
Step 101: the wireless sharing device broadcasts at least one external identity and at least one internal identity.
It should be noted that the wireless sharing device may broadcast signaling of multiple systems in real time or periodically, where the signaling carries external identifiers and internal identifiers of corresponding systems, so that terminals of multiple systems in a signal coverage area can correctly receive the external identifiers and the internal identifiers.
Step 102: the terminal selects one of the external identifier and the internal identifier received in a broadcast manner, and initiates an access request message.
The access request message carries an external identifier or an external identifier selected by the terminal.
Preferably, the access request message may also carry a terminal identifier of a terminal that initiates the access request message.
Step 103: the wireless sharing device receives an access request message from a terminal.
Step 104: the wireless sharing device determines whether the access request message carries an external identifier or an internal identifier, and if the access request message carries an external identifier, the wireless sharing device executes the external authentication process of step 105; if the access request message carries an internal identifier, the internal authentication process of step 107 is executed.
Step 105: and the wireless sharing equipment routes the access request message to an authentication server and instructs the authentication server to authenticate the terminal.
Step 106: and the authentication server authenticates the terminal by using the locally stored registration information according to the received access request message, returns an authentication result to the wireless sharing equipment and then jumps to the step 108.
The specific implementation manner of the step is as follows:
the authentication server determines a terminal identifier from the access request message, determines registration information of a terminal initiating the access request message from a corresponding relation between the locally stored terminal identifier and the registration information, judges the legality of the terminal by using the registration information, and determines that the terminal is an illegal terminal and does not pass authentication if the legality of the terminal is not judged; and if the terminal passes the validity judgment, determining that the terminal is a valid terminal, and passing the authentication.
Step 107: and the wireless sharing equipment authenticates the terminal by using the locally stored login information.
Preferably, if the login information is a login password, in this step 107, the wireless sharing device may perform a password authentication process on the terminal by using the locally stored login password.
For the case that the login information is a login password, specific implementation manners of this step may include, but are not limited to, the following two:
the first mode is as follows: the terminal carries a login password in the access request message, the wireless sharing device reads the login password carried in the access request message, and the wireless sharing device authenticates the login password carried in the access request message by using the locally stored login password.
Preferably, if the login password carried in the access request message is sent in the clear text, the wireless sharing device may compare the login password in the access request message with a locally stored login password, and if the comparison result matches, determine that the authentication on the terminal passes, otherwise, determine that the authentication on the terminal does not pass.
The second mode is as follows: the wireless sharing equipment can indicate the terminal to report the login password through a dialog box and other modes, and the login password reported by the terminal is authenticated by using the locally stored login password.
Preferably, if the terminal reports the login password to the wireless sharing device in a plaintext form, the wireless sharing device may authenticate the reported login password and the locally stored login password, and if the comparison result matches, it is determined that the authentication on the terminal passes, otherwise, it is determined that the authentication on the terminal does not pass.
It should be noted that, in the solution of this step 107, if the wireless sharing device terminal does not pass the authentication after performing the internal authentication, and if the login password reported by the terminal passes the authentication, the wireless sharing device may perform the following three methods:
the first method comprises the following steps: the wireless sharing device performs step 108 as an authentication result indicating that the authentication of the terminal is not passed.
The second method comprises the following steps: and the wireless sharing device determines that the internal authentication process of the terminal does not pass, redirects the access request message of the terminal to the authentication server and requires the terminal to re-execute the external authentication process of the step 105 and the step 106.
The third way of doing: and if the wireless sharing device determines that the internal authentication process of the terminal does not pass, the wireless sharing device informs the terminal to reselect the external identifier, and executes the external authentication process from the step 102 to the step 106 by using the reselected external identifier.
Step 108: and the wireless sharing equipment allows the terminal to access the wireless local area network when determining that the authentication of the terminal passes, and refuses the terminal to access the wireless local area network if not.
The specific implementation manner of the step is as follows:
when the wireless sharing equipment determines that the authentication of the terminal passes, the access request message can be routed to a network element inside the wireless local area network, so that the terminal can access the wireless local area network, and when the wireless sharing equipment determines that the authentication of the terminal does not pass, the access rejection message can be sent to the terminal, so that the terminal cannot access the wireless local area network.
It should be noted that, when the terminal selects one identifier from the received external identifier and internal identifier in step 102, there may be the following four cases:
when the actual attribute information is an internal terminal, selecting an internal identifier;
when the actual attribute information is an internal terminal, selecting an external identifier;
when the actual attribute information is an external terminal, selecting an external identifier;
and when the actual attribute information is the external terminal, selecting the internal identifier.
For the above four cases, after performing step 103 to step 108, there may be the following four access cases:
when the actual attribute information is an internal terminal and an internal identifier is selected, accessing the wireless local area network through an internal authentication mode when the authentication is passed;
when the actual attribute information is an internal terminal and an external identifier is selected, accessing the wireless local area network in an external authentication mode when the authentication of the authentication server is passed;
when the actual attribute information is an external terminal and an external identifier is selected, accessing the wireless local area network in an external authentication mode when the authentication of the authentication server is passed;
when the actual attribute information is the external terminal and the internal identifier is selected, the wireless local area network is allowed to be accessed through an internal authentication mode if the external terminal passes authentication, otherwise, the external terminal can be redirected to the AS to perform an external authentication process, or the external terminal is informed to perform the external authentication process after the external identifier is reselected.
According to the scheme of the embodiment, the wireless sharing equipment determines an external authentication mode according to the external identifier carried in the access request message initiated by the terminal and determines an internal authentication mode according to the internal identifier carried in the access request message initiated by the terminal, and authenticates the authentication, so that the terminal passing through any one of the internal authentication mode and the external authentication mode can access the wireless local area network. Compared with the first full-open network mode in the prior art, the method reduces the security risk of equipment and data in the private wireless local area network; compared with the second password informing mode in the prior art, the sharing efficiency of the wireless local area network is improved; compared with the third unified network side authentication mode in the prior art, the efficiency of accessing the internal terminal to the wireless local area network is ensured. Therefore, through different authentication modes of the terminal accessing the wireless local area network, the security of the wireless local area network is ensured, and the problem of low utilization rate of the wireless local area network is solved.
Example two:
fig. 4 is a flowchart of a method for accessing a wireless local area network according to a second embodiment of the present invention. The second embodiment describes the first embodiment in detail, taking the case that the actual attribute information is the internal terminal but the external identifier is selected as an example, specifically including the following steps:
step 201: the wireless sharing device broadcasts at least one external identity and at least one internal identity.
Step 202: the terminal selects the external identifier received in a broadcast mode, and the external identifier is carried in the initiated access request message.
Preferably, the access request message may further carry a terminal identifier.
Step 203: and the wireless sharing equipment allocates an external IP section address to the terminal when the access request message carries the external identifier.
In the scheme of this step, the wireless sharing device may allocate addresses of different IP segments to the terminal that initiates the access request message according to the difference of the identifiers carried in the access request message, allocate an external IP segment address to the terminal if the access request message carries an external identifier, and allocate an internal IP segment address to the terminal if the access request message carries an internal identifier.
The wireless sharing equipment can predefine a legal IP section address and divide the IP section address into an external IP section address and an internal IP section address, and after a terminal initiates an access request message, one IP section address can be selected from the external IP section address and the internal IP section address to be allocated to the terminal according to an external identifier or an internal identifier carried in the access request message. Because the IP section addresses allocated to the terminal are legal addresses, the legality of the terminal address can be ensured when the subsequent terminal accesses the authentication server to perform external authentication.
For example: at initialization, the wireless sharing device stores the addresses of a number of different IP segments, such as 192.168.1.*And 192.168.2.*The wireless sharing device will have 192.168.1 IP addresses for these two different segments.*The IP address of the segment is set to the outer IP segment address 192.168.2.*The IP address of the segment is set to the internal IP segment address. In this step, after receiving the access request message carrying the external identifier, it may be 192.168.1.*And selecting an idle IP address in the segment to be distributed to the terminal.
Step 204: and the wireless sharing equipment routes the access request message to an authentication server according to the external identifier carried in the received access request message.
Step 205: and the authentication server authenticates the terminal by using locally stored registration information according to the received access request message.
In this step, the authentication server authenticates the terminal in the same manner as in step 106 in the first embodiment.
Step 206: the authentication server determines the attribute information of the terminal according to whether or not binding information between the terminal and the wireless sharing device is stored.
When the terminal is registered in the authentication server, if the terminal is an internal terminal of a wireless local area network, the terminal and the wireless sharing device in the wireless local area network have a binding relationship, and the binding relationship is stored in the authentication server in the form of binding information.
In this step 206, the authentication server may search, from the local binding information, whether the terminal sending the access request message has binding information with the wireless sharing device, and if yes, it indicates that the attribute information of the terminal is an internal terminal of the wireless lan, that is, an internal terminal of the wireless lan selects an external identifier, and executes an external authentication procedure; otherwise, the attribute information indicating the terminal is an external terminal of the wireless lan, that is, an external identifier is selected by an external terminal of the current wireless lan, and an external authentication procedure is performed.
Step 207: and the wireless sharing equipment receives the authentication result sent by the authentication server and the attribute information of the terminal.
In the second embodiment, the wireless sharing device may receive the authentication result sent by the authentication server first, and then receive the attribute information of the terminal sent by the authentication server, or may receive both the authentication result and the attribute information of the terminal.
Step 208: if the authentication result is that the terminal does not pass, rejecting the terminal to access the wireless local area network, and ending; if the authentication result is yes, the wireless sharing device assigns the priority of data transmission to the terminal, and performs step 209.
The following two methods are used to assign priorities to terminals:
the first way of assigning priorities: when the attribute information is an internal terminal, the terminal is assigned a higher priority than when the attribute information is an external terminal.
The second way of assigning priorities: the priority of the terminal which allocates the internal IP field address is higher than the priority of the terminal which allocates the external IP field address.
The purpose of the above two ways of assigning priorities is: since the service of the terminal with high priority can be preferentially executed, as long as the service of the internal terminal can be always preferentially executed, the problem that the service of the internal terminal cannot be normally executed due to the excessive number of the accessed terminals can be avoided. The two priority distribution modes are executed according to the principle that the priority of the internal terminal is higher than that of the external terminal, wherein in the first distribution mode, the terminal can be accurately determined to be the internal terminal or the external terminal according to the attribute information, and in the second distribution mode, the terminal can be determined to be the internal terminal or the external terminal to a certain extent according to the distributed IP section address.
Step 209: and the wireless sharing equipment allocates network bandwidth for the terminal.
The following two ways of allocating network bandwidth to a terminal are available:
the first way to allocate network bandwidth is: when the attribute information is an internal terminal, the network bandwidth allocated to the terminal is larger than the network bandwidth allocated when the attribute information is an external terminal.
The second way of allocating network bandwidth is: the network bandwidth of the terminal allocated with the internal IP section address is larger than the network bandwidth of the terminal allocated with the external IP section address.
The purpose of the above two ways of allocating network bandwidth is: when the terminal executes the service, the internal terminal needs to allocate more network bandwidth to ensure that the service of the internal terminal can be executed with enough bandwidth, so the two ways of allocating the network bandwidth are executed according to the principle that the network bandwidth allocated by the internal terminal is greater than the network bandwidth of the external terminal.
It should be noted that the execution sequence of step 208 and step 209 may not be fixed, such as the restrictive step 209 is executed to execute step 208, or step 208 and step 209 are executed simultaneously.
Step 210: and the wireless sharing equipment indicates the terminal to access the wireless local area network.
In this step, after the terminal accesses the wireless local area network, the service may be executed in the wireless local area network according to the priorities and the network bandwidths allocated in step 208 and step 209.
Step 211: the wireless sharing equipment allows the terminal to perform information interaction with part of terminals which are accessed into the wireless local area network together.
In this step, in order to ensure network security in the wlan, the terminals accessing the wlan are not allowed to perform any information interaction, but the internal terminals and the internal terminals are allowed to perform information interaction.
Preferably, the information interaction between the internal terminal and the information interaction between the external terminal and the external terminal can be simultaneously allowed.
Specifically, for example, the step 211 may be executed in the following two ways, that is, by allowing information interaction between the internal terminal and the internal terminal, and information interaction between the external terminal and the external terminal at the same time:
the first interaction mode is as follows: the wireless sharing equipment allows the terminals which are accessed to the wireless local area network together to carry out information interaction among the terminals with the same attribute information.
The second interaction mode is as follows: the wireless sharing equipment allows the terminals which are accessed to the wireless local area network together to carry out information interaction among the terminals with the same IP field address. It should be noted that the terminals with the same IP segment address are not necessarily terminals with the same attribute information, for example, when both an internal terminal and an external terminal select an external identifier to access the wireless lan, the addresses allocated by the internal terminal and the external terminal are the same IP segment address, and this way of distinguishing the external terminal and the internal terminal by the IP segment address cannot be completely and accurately distinguished, but because the scheme is simple to implement and can be distinguished to some extent, it can also be applied in this embodiment.
In addition, in the second embodiment, when the terminal passes the external authentication or the internal authentication, the terminal accesses the wireless local area network, and the wireless sharing device may perform statistics on the access duration and the generated flow of the terminal in the wireless local area network.
By the scheme of the embodiment, the terminal accessed to the wireless local area network is managed by the data transmission priority, the network bandwidth and the data information, so that the use effect of the internal terminal accessed to the wireless local area network is ensured, and the equipment and data safety of the wireless local area network is enhanced. In addition, according to the scheme of the embodiment, the registration information of the terminal is searched on the authentication server so as to modify the attribute information of the terminal, so that the priority and the network bandwidth of data transmission of the terminal are controlled more accurately, the fusion of two authentication modes of the terminal is realized, and the switching between the access modes is more flexible.
Example three:
fig. 5 is a schematic structural diagram of a wireless sharing device according to a third embodiment. The wireless sharing device includes: a broadcasting module 11, a receiving module 12, an authentication module 13 and an access module 14.
A broadcasting module 11 for broadcasting the external identifier and the internal identifier; a receiving module 12, configured to receive an access request message from a terminal, and send the access request message to an authentication module 13, where the access request message carries an external identifier or an internal identifier; an authentication module 13, configured to authenticate the terminal through an authentication server when the access request message carries an external identifier, and authenticate the terminal by using locally stored login information when the access request message carries an internal identifier; and the access module 14 is configured to allow the terminal to access the wireless local area network when the authentication is passed, and otherwise, deny the terminal from accessing the wireless local area network.
Specifically, the authentication module 13 includes an external authentication sub-module 15 and an internal authentication sub-module 16, wherein:
an external authentication submodule 15, configured to route the access request message to an authentication server, instruct the authentication server to determine validity of the terminal according to stored registration information, and if the validity determination is not passed, the authentication is not passed; if the validity judgment is passed, the authentication is passed.
Preferably, the authentication server may determine the registration information of the terminal that sends the access request message according to a correspondence between the locally stored terminal identifier and the registration information, and further perform an external authentication process.
And the internal authentication sub-module 16 is configured to authenticate the terminal by using a locally stored login password according to the login password provided by the terminal when the access request message carries an internal identifier and the login information is the login password.
When the login information is a login password, the internal authentication sub-module 16 is specifically configured to compare the login password carried in the request message with a locally stored login password, and if the comparison result matches, determine that the authentication passes, otherwise, determine that the authentication does not pass; or, the terminal is instructed to report the login password, the reported login password is compared with the locally stored login password, if the comparison result is matched, the authentication is determined to be passed, and if not, the authentication is determined not to be passed.
The internal authentication sub-module 16 is further configured to trigger the external authentication sub-module 15 to redirect an access request message of the terminal to an authentication server when the terminal is authenticated by using locally stored login information, and authenticate the terminal through the authentication server; or, the terminal is informed to reselect the external identifier, and the access request message is reinitiated by using the selected external identifier.
The external authentication sub-module 15 is further configured to receive attribute information sent by the authentication server and indicating that the terminal is an internal terminal or an external terminal of the wireless local area network, where the attribute information is determined by the authentication server according to a locally stored binding relationship between the terminal and the wireless sharing device.
Preferably, the wireless sharing device further comprises a priority allocation module 17 and a network bandwidth control module 18, wherein:
a priority allocation module 17, configured to allocate a priority for data transmission to the terminal according to the attribute information received by the external authentication sub-module, where the priority allocated when the terminal is an internal terminal of a wireless local area network is higher than the priority allocated when the terminal is an external terminal of the wireless local area network.
And a network bandwidth control module 18, configured to allocate a network bandwidth to the terminal according to the received attribute information, where the network bandwidth allocated when the terminal is an internal terminal of a wireless local area network is greater than the network bandwidth allocated when the terminal is an external terminal of the wireless local area network.
The wireless sharing device further comprises an address assignment module 19, wherein: an address allocating module 19, configured to allocate an external IP segment address to the terminal if the access request message received by the receiving module 12 carries an external identifier, and allocate an internal IP segment address to the terminal if the access request message received by the receiving module 12 carries an internal identifier.
The priority allocation module 17 is further configured to allocate a priority for data transmission to the terminal according to the address allocated to the terminal, where the priority of the terminal that allocates the internal IP segment address is higher than the priority of the terminal that allocates the external IP segment address;
the network bandwidth control module 18 is further configured to allocate a network bandwidth to the terminal according to the address allocated to the terminal, where the network bandwidth of the terminal allocated with the internal IP segment address is greater than the network bandwidth of the terminal allocated with the external IP segment address.
The wireless sharing device further includes a data information management module 20, wherein: the data information management module 20 is configured to, after the terminal accesses the wireless local area network, allow the terminal to interact with terminals having the same attribute information in other access wireless local area networks according to the received attribute information of the terminal.
The data information management module 20 is further configured to allow the terminal to interact with terminals having the same IP segment address in other access wireless local area networks according to the address allocated to the terminal after the terminal accesses the wireless local area network.
Preferably, the wireless sharing device further comprises: a statistics module 21, wherein: the statistical module 21 is configured to access the wireless local area network after the terminal passes the external authentication or the internal authentication, and perform statistics on access duration and a generated flow of the terminal in the wireless local area network.
Example four:
as shown in fig. 6, which is a schematic structural diagram of a terminal in the fourth embodiment, the terminal includes a receiving module 22, a sending module 23, and an accessing module 24, where:
the receiving module 22 is configured to receive the broadcasted external identifier and the broadcasted internal identifier.
The sending module 23 is configured to select an identifier from the identifiers received by the receiving module 22, carry the selected identifier in the access request message, and send the access request message.
The access module 24 is configured to access the wireless lan when the authentication server passes the authentication if the external identifier is selected by the sending module 23, and access the wireless lan when the authentication passes according to the login information if the internal identifier is selected.
Example five:
as shown in fig. 7, it is a schematic structural diagram of a system accessing a wireless local area network in the fifth embodiment, where the system includes a terminal 25 and a wireless sharing device 26, where:
the terminal 25 is configured to receive the external identifier and the internal identifier broadcast by the wireless sharing device, select one of the identifiers to be carried in the access request message, and send the selected identifier to the wireless sharing device 26;
the wireless sharing device 26 is configured to authenticate the terminal through the authentication server when the received access request message carries an external identifier, authenticate the terminal by using locally stored login information when the access request message carries an internal identifier, allow the terminal to access the wireless local area network when the authentication is passed, and deny the terminal from accessing the wireless local area network if the authentication is passed.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (21)

1. A method for accessing a wireless local area network, the method comprising:
broadcasting an external identifier and an internal identifier;
receiving an access request message from a terminal, authenticating the terminal through an authentication server when an external identifier is carried in the access request message, and authenticating the terminal by using locally stored login information when an internal identifier is carried in the access request message;
when the authentication is passed, allowing the terminal to access the wireless local area network, otherwise, refusing the terminal to access the wireless local area network;
when the terminal authentication is not passed by using the locally stored login information, the method further comprises:
redirecting an access request message of a terminal to an authentication server, and authenticating the terminal through the authentication server; or
And informing the terminal to reselect the external identifier and reinitiating the access request message by using the selected external identifier.
2. The method of claim 1, wherein authenticating the terminal through an authentication server specifically comprises:
routing the access request message to an authentication server, indicating the authentication server to judge the legality of the terminal according to the stored registration information, and if the legality of the terminal does not pass the legality judgment, not passing the authentication; if the validity judgment is passed, the authentication is passed;
when the login information is a login password, authenticating the terminal by using locally stored login information, specifically comprising:
and according to the login password provided by the terminal, the terminal is authenticated by using the locally stored login password.
3. The method of claim 2, wherein authenticating the terminal using the locally stored login password comprises:
comparing the login password carried in the request message with a locally stored login password, if the comparison result is matched, determining that the authentication is passed, otherwise, determining that the authentication is not passed;
or,
and indicating the terminal to report the login password, comparing the reported login password with the locally stored login password, if the comparison result is matched, determining that the authentication is passed, and otherwise, determining that the authentication is not passed.
4. The method of claim 2, wherein after the authentication server authenticates the terminal and before the terminal accesses the wireless local area network, the method further comprises:
and receiving attribute information which is sent by the authentication server and indicates that the terminal is an internal terminal or an external terminal of the wireless local area network, wherein the attribute information is determined by the authentication server according to the binding relationship between the locally stored terminal and the wireless sharing equipment.
5. The method of claim 4, wherein after receiving the attribute information sent by the authentication server and before the terminal accesses the wireless local area network, the method further comprises:
distributing priority and network bandwidth to the terminal according to the received attribute information;
wherein: the priority level allocated when the terminal is an internal terminal of the wireless local area network is higher than the priority level allocated when the terminal is an external terminal of the wireless local area network, and the network bandwidth allocated when the terminal is an internal terminal of the wireless local area network is larger than the network bandwidth allocated when the terminal is an external terminal of the wireless local area network.
6. The method of claim 1, wherein after receiving the access request message from the terminal and before authenticating the terminal, the method further comprises:
if the access request message carries an external identifier, allocating an external IP section address to the terminal;
and if the access request message carries an internal identifier, allocating an internal IP section address to the terminal.
7. The method of claim 6, wherein after authentication is passed and before the terminal accesses a wireless local area network, the method further comprises:
allocating a priority and a network bandwidth to the terminal according to the address allocated to the terminal;
wherein: the priority of the terminal which allocates the internal IP section address is higher than that of the terminal which allocates the external IP section address, and the network bandwidth of the terminal which allocates the internal IP section address is larger than that of the terminal which allocates the external IP section address.
8. The method of claim 4 or 5, wherein the method further comprises:
and after the terminal accesses the wireless local area network, allowing the terminal to interact with other terminals accessed into the wireless local area network and having the same attribute information according to the received attribute information of the terminal.
9. The method of claim 6 or 7, wherein the method further comprises:
and after the terminal accesses the wireless local area network, allowing the terminal to interact with other terminals accessing the wireless local area network and having the same IP section address according to the address allocated to the terminal.
10. A method for accessing a wireless local area network, the method comprising:
receiving the broadcast external identification and internal identification;
selecting one of the identifiers, carrying the selected identifier in an access request message and sending the access request message;
if the selected external identifier is the external identifier, the wireless local area network is accessed when the authentication server passes the authentication, and if the selected internal identifier is the internal identifier, the wireless local area network is accessed when the authentication passes according to the login information;
when the authentication is not passed according to the login information, the method further comprises:
redirecting the access request message to an authentication server, and authenticating through the authentication server; or
Reselecting the external identifier and reinitiating the access request message using the selected external identifier.
11. A wireless sharing device, comprising a broadcasting module, a receiving module, an authentication module, and an access module, wherein:
the broadcasting module is used for broadcasting the external identification and the internal identification;
the terminal comprises a receiving module, an authentication module and a sending module, wherein the receiving module is used for receiving an access request message from the terminal and sending the access request message to the authentication module, and the access request message carries an external identifier or an internal identifier;
the authentication module is used for authenticating the terminal through an authentication server when the access request message carries an external identifier, and authenticating the terminal by using locally stored login information when the access request message carries an internal identifier;
the access module is used for allowing the terminal to access the wireless local area network when the authentication is passed, and otherwise, refusing the terminal to access the wireless local area network;
the authentication module further comprises an external authentication submodule and an internal authentication submodule, wherein:
the internal authentication submodule is used for triggering the external authentication submodule to redirect an access request message of the terminal to an authentication server when the terminal is not authenticated by using locally stored login information, and the terminal is authenticated by the authentication server; or, the terminal is informed to reselect the external identifier, and the access request message is reinitiated by using the selected external identifier.
12. The wireless sharing device of claim 11,
the external authentication submodule is used for routing the access request message to an authentication server when the access request message carries an external identifier, indicating the authentication server to judge the legality of the terminal according to the stored registration information, and if the legitimacy is not judged, the authentication is not passed; if the validity judgment is passed, the authentication is passed;
and the internal authentication sub-module is used for authenticating the terminal by using the locally stored login password according to the login password provided by the terminal when the access request message carries the internal identifier and the login information is the login password.
13. The wireless sharing device of claim 12,
the internal authentication submodule is specifically configured to compare the login password carried in the request message with a locally stored login password, and if the comparison result matches, determine that the authentication is passed, otherwise, determine that the authentication is not passed; or, the terminal is instructed to report the login password, the reported login password is compared with the locally stored login password, if the comparison result is matched, the authentication is determined to be passed, and if not, the authentication is determined not to be passed.
14. The wireless sharing device of claim 12,
the external authentication sub-module is further configured to receive attribute information sent by the authentication server and indicating that the terminal is an internal terminal or an external terminal of the wireless local area network, where the attribute information is determined by the authentication server according to a locally stored binding relationship between the terminal and the wireless sharing device.
15. The wireless sharing device of claim 14, wherein the wireless sharing device further comprises:
the priority distribution module is used for distributing the priority of data transmission to the terminal according to the attribute information received by the external authentication submodule, wherein the priority distributed when the terminal is an internal terminal of a wireless local area network is higher than the priority distributed when the terminal is an external terminal of the wireless local area network;
and the network bandwidth control module is used for allocating network bandwidth to the terminal according to the received attribute information, wherein the network bandwidth allocated when the terminal is an internal terminal of the wireless local area network is greater than the network bandwidth allocated when the terminal is an external terminal of the wireless local area network.
16. The wireless sharing device of claim 11, wherein the wireless sharing device further comprises:
and the address allocation module is used for allocating an external IP section address to the terminal if the external identifier is carried in the access request message received by the receiving module, and allocating an internal IP section address to the terminal if the internal identifier is carried in the access request message received by the receiving module.
17. The wireless sharing device of claim 16, wherein the wireless sharing device further comprises:
the priority distribution module is used for distributing the priority of data transmission to the terminal according to the address distributed to the terminal, wherein the priority of the terminal distributed with the internal IP section address is higher than the priority of the terminal distributed with the external IP section address;
and the network bandwidth control module is used for allocating network bandwidth to the terminal according to the address allocated to the terminal, wherein the network bandwidth of the terminal allocated with the internal IP section address is larger than the network bandwidth of the terminal allocated with the external IP section address.
18. The wireless sharing device of claim 14 or 15, wherein the wireless sharing device further comprises:
and the data information management module is used for allowing the terminal to interact with other terminals accessed to the wireless local area network and having the same attribute information according to the received attribute information of the terminal after the terminal is accessed to the wireless local area network.
19. The wireless sharing device of claim 16 or 17, wherein the wireless sharing device further comprises:
and the data information management module is used for allowing the terminal to interact with other terminals accessed to the wireless local area network and having the same IP section address according to the address allocated to the terminal after the terminal is accessed to the wireless local area network.
20. A terminal, characterized in that the terminal comprises:
the receiving module is used for receiving the broadcast external identification and the broadcast internal identification;
the sending module is used for selecting an identifier from the identifiers received by the receiving module, carrying the selected identifier in the access request message and sending the access request message;
the access module is used for accessing the wireless local area network when the authentication server passes the authentication if the sending module selects the external identifier, and accessing the wireless local area network when the authentication server passes the authentication according to the login information if the sending module selects the internal identifier;
when the authentication is not passed according to the login information, the access request message is redirected to an authentication server, and the authentication is carried out through the authentication server; or
Reselecting the external identifier and reinitiating the access request message using the selected external identifier.
21. An access wireless local area network system, comprising a terminal and a wireless sharing device, wherein:
the terminal is used for receiving the external identifier and the internal identifier broadcasted by the wireless sharing equipment, selecting one identifier to be carried in the access request message and sending the selected identifier to the wireless sharing equipment;
the wireless sharing device is used for authenticating the terminal through an authentication server when the received access request message carries an external identifier, authenticating the terminal by using locally stored login information when the access request message carries an internal identifier, and allowing the terminal to access a wireless local area network when the authentication is passed, or rejecting the terminal to access the wireless local area network;
when the terminal authentication is not passed by using the locally stored login information, redirecting the access request message of the terminal to an authentication server, and authenticating the terminal through the authentication server; or
And informing the terminal to reselect the external identifier and reinitiating the access request message by using the selected external identifier.
CN201110306766.9A 2011-10-11 2011-10-11 A kind of method of accessing WLAN, system, wireless sharing equipment and terminal Active CN103052063B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110306766.9A CN103052063B (en) 2011-10-11 2011-10-11 A kind of method of accessing WLAN, system, wireless sharing equipment and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110306766.9A CN103052063B (en) 2011-10-11 2011-10-11 A kind of method of accessing WLAN, system, wireless sharing equipment and terminal

Publications (2)

Publication Number Publication Date
CN103052063A CN103052063A (en) 2013-04-17
CN103052063B true CN103052063B (en) 2015-10-07

Family

ID=48064536

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110306766.9A Active CN103052063B (en) 2011-10-11 2011-10-11 A kind of method of accessing WLAN, system, wireless sharing equipment and terminal

Country Status (1)

Country Link
CN (1) CN103052063B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301890B (en) * 2013-07-19 2018-04-24 富泰华工业(深圳)有限公司 Wireless Internet access flow Compliance control method and system
CN104581988A (en) * 2013-10-29 2015-04-29 中兴通讯股份有限公司 Resource sharing processing method, device and terminal
CN110460992A (en) * 2014-07-08 2019-11-15 华为技术有限公司 A kind of method, terminal and the system of shared WLAN
CN105472611B (en) * 2015-12-03 2019-11-29 上海斐讯数据通信技术有限公司 Wireless terminal access authentication method and system in a kind of WLAN
CN105847234B (en) * 2016-03-11 2018-11-20 中国联合网络通信集团有限公司 Suspicious terminal access method for early warning, gateway management platform and gateway
CN106792241A (en) * 2016-12-26 2017-05-31 上海今尚数码科技有限公司 A kind of WIFI controls many Samsung VR glasses to play panorama system and method
CN111200622B (en) * 2018-11-16 2022-04-08 腾讯科技(深圳)有限公司 Resource transmission method and device and storage medium
CN109788484A (en) * 2019-03-28 2019-05-21 维沃移动通信有限公司 A kind of WiFi information sharing method, WiFi connection method and terminal
CN112752251B (en) * 2019-10-29 2022-05-06 中国移动通信有限公司研究院 Method and device for allocating UE identifiers and computer readable storage medium
CN113923660B (en) * 2021-10-09 2023-08-29 中国联合网络通信集团有限公司 Authentication method, equipment and storage medium for terminal to access local area network
CN115134157A (en) * 2022-06-29 2022-09-30 上海众人智能科技有限公司 Dynamic right-confirming authentication method based on data security access

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1668005A (en) * 2005-02-21 2005-09-14 西安西电捷通无线网络通信有限公司 An access authentication method suitable for wired and wireless network
CN1889465A (en) * 2006-07-25 2007-01-03 杭州华为三康技术有限公司 Switch-in control equipment, Switch-in control system and switch-in control method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9172686B2 (en) * 2007-09-28 2015-10-27 Alcatel Lucent Facilitating heterogeneous authentication for allowing network access

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1668005A (en) * 2005-02-21 2005-09-14 西安西电捷通无线网络通信有限公司 An access authentication method suitable for wired and wireless network
CN1889465A (en) * 2006-07-25 2007-01-03 杭州华为三康技术有限公司 Switch-in control equipment, Switch-in control system and switch-in control method

Also Published As

Publication number Publication date
CN103052063A (en) 2013-04-17

Similar Documents

Publication Publication Date Title
CN103052063B (en) A kind of method of accessing WLAN, system, wireless sharing equipment and terminal
US20220078179A1 (en) Zero sign-on authentication
US20220141755A1 (en) Wireless Gateway Supporting Public and Private Networks
KR101962156B1 (en) Authorization processing method and apparatus
CN104468574B (en) A kind of method, system and device of virtual machine dynamic access IP address
KR20170119296A (en) Method and apparatus for communicating based on network slicing
ITTO20070853A1 (en) AUTHENTICATION METHOD FOR USERS BELONGING TO DIFFERENT ORGANIZATIONS WITHOUT DUPLICATION OF CREDENTIALS
CN105359554A (en) Secure discovery for proximity based service communication
KR100953595B1 (en) Management system for quality of service in home network
US20180139095A1 (en) Method of creating and deleting vwlan dynamically in a fixed access network sharing environment
CN102594939B (en) Secondary address allocation method and device
CN105592180B (en) A kind of method and apparatus of Portal certification
CN113411286A (en) Access processing method and device based on 5G technology, electronic equipment and storage medium
CN114257439B (en) Service scheduling method, AAA server and service supporting system
CN101997931A (en) Position information acquiring method and equipment
CN102480403B (en) Method for providing virtual private network service, device and system
CN102215597A (en) Access policy management method and device
CN116566764A (en) Configuration method and device for accessing virtual private network
CN115361685A (en) End-to-end roaming authentication method and system
CN106254495B (en) Redirection method and device
CN108076009B (en) Resource sharing method, device and system
CN108306807B (en) Account opening management method and device
KR101156479B1 (en) System and method for assigning IP address based on user authentication
CN115767635A (en) Communication tunnel establishment method and device
KR20090096985A (en) Method and system for controlling internet connection link

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant