CN104486326B - Using the authentication method of wechat access network identification - Google Patents

Abstract

It is a kind of without territory restriction, the authentication method of use wechat access network identification that is practical and facilitating user access network.Including mobile radio communication second terminal equipment and linking Internet end equipment, data identification module is set at internet access facility end；The data identification module carries out intercepting judgement and HTTP data in the data flow is delivered into authentication module by data forwarding module therein to the data flow of all access networks, and other data are delivered to the webserver.User completes Certificate Authority by wechat access network, accesses network.Bug is provided for marketing side simultaneously and easily push means, increase the usage experience of client.Present invention meeting tight association user's WeChat accounts, strengthen popularization means, it has verification process simple, user-friendly；Loiter network behavior is avoided, all is all effective client at netter family；By the advertisement navigation patterns of user, the advantages of collection pushes away promotion useful information.

Description

Using the authentication method of wechat access network identification

Technical field

It is more particularly to a kind of that access is recognized using wechat the present invention relates to a kind of method of mobile intelligent terminal access network The authentication method of network.

Background technology

Mobile Internet is to combine both mobile communication and internet, is integrally formed.It is mobile in recent years Communication and internet turn into that the world today is with fastest developing speed, market potential is maximum, prospect most tempting two big business, their growth Speed is all that any forecaster is unanticipated, so mobile Internet is it is contemplated that what kind of economic mythology will be created.

With mobile Internet develop and smart mobile phone continuous popularization, wechat promote be the age of Internet economy enterprise face Marketing model innovation, be accompanied by a kind of fiery thermogenetic network marketing mode of wechat, the limit of distance is not present in wechat After system, user's registration wechat, a kind of contact can be formed with " friend " around equally registered, user subscribes to the letter needed for oneself Breath, businessman promotes the point-to-point marketing mode of the product of oneself by providing the information that user needs.

Wechat (English name：Wechat it is) that released on January 21st, 2011 one of Tencent provides for intelligent terminal The free application program of instant messaging service, wechat is supported quickly to send out by network across common carrier, spanning operation system platform Free (a small amount of network traffics need to be consumed) voice SMS, video, picture and word is sent, it is also possible to use passing through shared stream The data of media content and location-based social plug-in unit " shaking ", " drift bottle ", " circle of friends ", " public platform ", " voice Notepad " waits service plug.

Because software is free in itself, using any function all without collection of charges, the online produced during using wechat Traffic fee is than less expensive, while user can carry out word by wechat and good friend, voice, and picture etc. is more abundant in form Mode is linked up, and is liked by users so that away from its release only more than 400 days on March in 2012 29 number of users just 100,000,000 are breached, hereafter, the wechat open platform that wechat is successively released, wechat public platform has further promoted number of users Rapid growth, finally, on September 17th, 2012, wechat number of users break through 200,000,000 people, from 0 to break through 200,000,000 users, distance release only With 14 months.The behind of substantial amounts of wechat user is huge market, and wechat also turns into numerous businessmans and enterprise The aggregation of potential customers, and the number of users of wechat is also in constantly riseing, it is contemplated that and in the near future, wechat User group can increasingly grow, more and more grand, and the potential customers of such vast number, which enterprise is not aroused in interest for it

Connection of mobile terminal into network, generally there is following several network access authentication methods in the prior art：

1) the most frequently used is wireless encryption：User's input password ability access network is required, such as WIFI passwords, LAN are close Code etc.；

2) MAC Address is limited：It is required that when the MAC Address of user is particular address just net can be accessed by wireless router Network；

3) page certification：It is required that behind User logs in website, specific username and password is inputted on homepage could be true It is positive to access network；

4) SMS certification：It is required that after user access network, being obtained by phone number after specific cryptosystem, Cai Nengzhen It is positive to access network.

Above-mentioned method more or less exists following not enough：

1) for the above method 1) for, it is necessary to password to be advertised to the user of network to be accessed, especially new user's meeting Inquiry password again and again is how many, therefore, says very inconvenient from the angle promoted and used.

2) for the above method 2) for, it can not use in public places.The characteristics of public place is the mobility of user It is larger, it is impossible to accomplish user once to add MAC Address, delete the MAC Address when leaving again, it is therefore, right Convenience is also poor for user.

3) for the above method 3) for, its with method 1) deficiency, said very not from the angle promoted and used It is convenient.

4) for the above method 4) for, its problem is that the user of network-termination device to be accessed needs to pay extra SMS expense.

The content of the invention

The technical problem to be solved in the present invention is to provide one kind without territory restriction, practical and facilitate user access network Use wechat access network identification authentication method.

In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is：

The present invention use wechat access network identification authentication method, including mobile radio communication second terminal equipment and mutually The access end equipment of networking, the access end equipment in internet sets data identification module；The data identification module is to all The data flow for accessing the network carries out intercepting judgement and by data forwarding module therein by the HTTP data in the data flow Authentication module is delivered to, other data are delivered to the webserver；The data identification module to the data flow according to the following steps Intercept and judge：

1) feature extraction is carried out for all message flows of the data flow；

2) type of identification data stream is carried out further according to data characteristics and behavioural characteristic；

3) the wechat data for belonging to the unverified network user to receiving, it is allowed to which it is uploaded to by the access end equipment Upper level Internet, intercepts the specific prompting page of HTTP data execution for being related to the unverified network user, is related to its its No thoroughfare that the access end equipment uploads to upper level Internet for his data；

4) total data for belonging to the network user by certification to receiving, it is allowed to which it is set by the incoming end It is standby to upload to upper level Internet；

5) HTTP request of the network user to be certified is redirected to the specific page, under page prompts, it is desirable to pay close attention to The wechat of the network user opens network；

6) network user to be certified obtains the use authentication url of network, opens network after clicking on the authentication url, the net Network user will normally access network.

It is described to be characterized as BASE, FTS, HTTP, Expect, DNS, DPI and PLC feature.

After the HTTP request of the network user to be certified is redirected to the specific page, the prompting for of the page " carries Show+advertisement ", it points out flow as follows：

1) the prompting page for being arranged at the access end equipment is accessed；

2) IP, MAC or router address that CGI obtains the access end equipment are sent；

3) page ad is clicked on；

4) IP, the MAC or router address information for taking acquisition enter net background server access target URL.

The identifying procedure for clicking on authentication url is as follows：

1) certification page for being arranged at the access end equipment is obtained；

2) certification request CGI is sent；

If 3) show " failure ", certification request CGI is resend；

If 4) point out " success ", IP, MAC or router address information of the access end equipment can be obtained；

5) IP, MAC or router address information described in actively taking enter net background server access relevant advertisements URL。

Compared with prior art, conveniently it is based on there is provided one kind instant invention overcomes deficiency of the prior art The network authentication scheme of wechat, user can complete Certificate Authority by wechat access network, access network.It is simultaneously marketing Side easily pushes means there is provided bug, increases the usage experience of client, strengthens ease for use, improves promotion effect.The present invention The incoming end equipment scheme of internet based on WeChat accounts certification, based on WeChat accounts, promotes wechat internet sales service. Present invention meeting tight association user's WeChat accounts, strengthen popularization means, it has verification process simple, user-friendly；Keep away Exempt from loiter network behavior, all is all effective client at netter family；By the advertisement navigation patterns of user, collection, which pushes away promotion, to be had The advantages of information.

Brief description of the drawings

Fig. 1 is data forwarding module processing data schematic diagram in the method for the present invention.

Fig. 2 is data forwarding module prompting flow chart in the method for the present invention.

Fig. 3 is device authentication flow chart in the method for the present invention.

Embodiment

Below in conjunction with accompanying drawing, the invention will be further described.

1st, wechat is recognized

Equipment (the access end equipment for referring to internet) (has a class report of identical essential characteristic for all message flows Text, such as with identical source purpose IP, source destination interface, the message of protocol type) carry out the extraction of feature.

The feature includes following part：

BASE features：That is essential characteristic, comprising basic agreement, ip ports, direction, Bao Xu, length etc..

FTS features：That is key characteristics.Some canonical can be used in the position of some offsets (L7 load) in statement message Expression formula is matched.

HTTP features:Application based on http protocol relatively many and message has fixed form.We can use HTTP common word domain is described as feature using regular expression.It is worth mentioning that the seq words that we introduce ourselves Domain, it represents the ordinal characteristics in word domain in feature.

Expect features：And expect connection features.A detection or broadcast packet are sent first, and the message characteristic is brighter It is aobvious.Data message source port below use before the port that is used of message.Based on this brass tacks, we can be with An expectation is done after that detection or broadcast packet is recognized.

DNS features：Due to needing the Hash type that is directed to of circulation to carry out Hash calculation in the identification process of application, and There are some ltsh chain tables long, such as DGET, therefore introduce DNS features to accelerate identification to apply.General principle is such：Know Other framework sets up a dns database, and domain name and IP have a corresponding relation, when a new connection enters identification framework By IP with regard to corresponding domain name can be found, and then with regard to that application can be positioned.

DPI features：Deep message feature.The universal method of one section of sensitive content is extracted in description, and content can represent length, account Family etc.；Also (long whether match can be checked and wrapped as feature if content representation length as non-feature as feature.

PLC features：Message length feature.The length statistics feature (average value of some bags；Maximum；Packet-by-packet length Deng).

Based on the above method, we can build data identification module and identify the related data of wechat.

2nd, data flow is distinguished with redirecting

As shown in figure 1, equipment uses following method processing wechat data and other data：

Increase data identification module in repeating process, (i.e. described BASE, FTP and HTTP is special according to data characteristics Levy) and behavioural characteristic (i.e. described EXPECT, DNS, DPI and PLC feature) come identification data stream type (i.e. various applications The data of data, such as wechat, the data of microblogging, sudden peal of thunder data and QQ data).

Pair also the not no user of certification, lets off wechat data, intercepts HTTP data and perform the specific prompting page, abandon it His data.

HTTP data can point out flow after processing for realizing.

To by the user of certification, letting off whole data.

3rd, click on certification and password is obtained

The HTTP request of user is redirected to after the specific page, and the effect of generation is that user can be appreciated that a prompting (prompting+advertisement), it is desirable to which the wechat for paying close attention to the network user opens network.

By paying close attention to the wechat of the network user, the network user will be obtained after the use authentication url of network, clickthrough, Network opening, the network user will normally access network.

4th, flow is pointed out

As shown in Fig. 2 the prompting flow that equipment shows is as follows：

1) user's request accesses network (HTTP request)；

2) judge user's request data address whether in white list；

3) data address of user's request is in white list, it is allowed to user accesses data；

4) data of user's request are redirected not in white list using 302, and guiding user accesses the prompting page；

5) the prompting page is showed.The prompting page is when being presented in user terminal, obtains the MAC of equipment, the information such as IP；

6) user can click on the advertisement in the prompting page, take the MAC, IP message reference advertisements URL, it is possible to provide have of correlation The statistical information of effect.

5th, identifying procedure

As shown in figure 3, the identifying procedure that equipment shows is as follows：

1) user clicks on the authentication button in the prompting page, asks certification；

2) equipment receives request and sends certification page to user terminal；

3) certification page is showed.When certification page is presented in user terminal, the information, hair such as automatic collection related MAC, IP Send real certification request；

4) authentication result is waited, certification success then opens network, points out certification success；

5) authentication result is waited, authentification failure then points out body failure；

6) no matter result success or failure, certification page takes the IP of user automatically, and the information such as MAC actively accesses advertisement URL。

Claims (4)

1. a kind of authentication method of use wechat access network identification, including mobile radio communication second terminal equipment and internet Access end equipment, it is characterised in that：Access end equipment in internet sets data identification module；The data identification module pair All data flows for accessing the networks carry out intercepting judgements and by data forwarding module therein by the HTTP in the data flow Data deliver to authentication module, and other data are delivered to the webserver；The data identification module is to the data flow by following Step, which is intercepted, to be judged：

1) feature extraction is carried out for all message flows of the data flow；

2) type of identification data stream is carried out further according to data characteristics and behavioural characteristic；

3) the wechat data for belonging to the unverified network user to receiving, it is allowed to which it is uploaded to upper one by the access end equipment Level Internet, intercepts the specific prompting page of HTTP data execution for being related to the unverified network user, is related to its other numbers According to no thoroughfare, the access end equipment uploads to upper level Internet；

4) total data for belonging to the network user by certification to receiving, it is allowed to which it passes through in the access end equipment Pass to upper level Internet；

5) HTTP request of the network user to be certified is redirected to the specific page, under page prompts, it is desirable to pay close attention to the net The wechat of network user opens network；

6) network user to be certified obtains the use authentication url of network, and network is opened after clicking on the authentication url, and the network is used Family will normally access network.

2. authentication method according to claim 1, it is characterised in that：It is described be characterized as BASE, FTS, HTTP, Expect, DNS, DPI and PLC feature.

3. authentication method according to claim 1, it is characterised in that：When the HTTP request of the network user to be certified is weighed It is directed to after the specific page, the page prompts for " prompting+advertisement ", it points out flow as follows：

1) the prompting page for being arranged at the access end equipment is accessed；

2) IP, MAC or router address that CGI obtains the access end equipment are sent；

3) page ad is clicked on；

4) IP, the MAC or router address information for taking acquisition enter net background server access target URL.

4. authentication method according to claim 1, it is characterised in that：The identifying procedure for clicking on authentication url is as follows：

1) certification page for being arranged at the access end equipment is obtained；

2) certification request CGI is sent；

If 3) show " failure ", certification request CGI is resend；

If 4) point out " success ", IP, MAC or router address information of the access end equipment can be obtained；

5) IP, MAC or router address information described in actively taking enter net background server access relevant advertisements URL.