CN104486326B - Using the authentication method of wechat access network identification - Google Patents
Using the authentication method of wechat access network identification Download PDFInfo
- Publication number
- CN104486326B CN104486326B CN201410758204.1A CN201410758204A CN104486326B CN 104486326 B CN104486326 B CN 104486326B CN 201410758204 A CN201410758204 A CN 201410758204A CN 104486326 B CN104486326 B CN 104486326B
- Authority
- CN
- China
- Prior art keywords
- data
- network
- user
- end equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0277—Online advertisement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/52—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
It is a kind of without territory restriction, the authentication method of use wechat access network identification that is practical and facilitating user access network.Including mobile radio communication second terminal equipment and linking Internet end equipment, data identification module is set at internet access facility end;The data identification module carries out intercepting judgement and HTTP data in the data flow is delivered into authentication module by data forwarding module therein to the data flow of all access networks, and other data are delivered to the webserver.User completes Certificate Authority by wechat access network, accesses network.Bug is provided for marketing side simultaneously and easily push means, increase the usage experience of client.Present invention meeting tight association user's WeChat accounts, strengthen popularization means, it has verification process simple, user-friendly;Loiter network behavior is avoided, all is all effective client at netter family;By the advertisement navigation patterns of user, the advantages of collection pushes away promotion useful information.
Description
Technical field
It is more particularly to a kind of that access is recognized using wechat the present invention relates to a kind of method of mobile intelligent terminal access network
The authentication method of network.
Background technology
Mobile Internet is to combine both mobile communication and internet, is integrally formed.It is mobile in recent years
Communication and internet turn into that the world today is with fastest developing speed, market potential is maximum, prospect most tempting two big business, their growth
Speed is all that any forecaster is unanticipated, so mobile Internet is it is contemplated that what kind of economic mythology will be created.
With mobile Internet develop and smart mobile phone continuous popularization, wechat promote be the age of Internet economy enterprise face
Marketing model innovation, be accompanied by a kind of fiery thermogenetic network marketing mode of wechat, the limit of distance is not present in wechat
After system, user's registration wechat, a kind of contact can be formed with " friend " around equally registered, user subscribes to the letter needed for oneself
Breath, businessman promotes the point-to-point marketing mode of the product of oneself by providing the information that user needs.
Wechat (English name:Wechat it is) that released on January 21st, 2011 one of Tencent provides for intelligent terminal
The free application program of instant messaging service, wechat is supported quickly to send out by network across common carrier, spanning operation system platform
Free (a small amount of network traffics need to be consumed) voice SMS, video, picture and word is sent, it is also possible to use passing through shared stream
The data of media content and location-based social plug-in unit " shaking ", " drift bottle ", " circle of friends ", " public platform ", " voice
Notepad " waits service plug.
Because software is free in itself, using any function all without collection of charges, the online produced during using wechat
Traffic fee is than less expensive, while user can carry out word by wechat and good friend, voice, and picture etc. is more abundant in form
Mode is linked up, and is liked by users so that away from its release only more than 400 days on March in 2012 29 number of users just
100,000,000 are breached, hereafter, the wechat open platform that wechat is successively released, wechat public platform has further promoted number of users
Rapid growth, finally, on September 17th, 2012, wechat number of users break through 200,000,000 people, from 0 to break through 200,000,000 users, distance release only
With 14 months.The behind of substantial amounts of wechat user is huge market, and wechat also turns into numerous businessmans and enterprise
The aggregation of potential customers, and the number of users of wechat is also in constantly riseing, it is contemplated that and in the near future, wechat
User group can increasingly grow, more and more grand, and the potential customers of such vast number, which enterprise is not aroused in interest for it
Connection of mobile terminal into network, generally there is following several network access authentication methods in the prior art:
1) the most frequently used is wireless encryption:User's input password ability access network is required, such as WIFI passwords, LAN are close
Code etc.;
2) MAC Address is limited:It is required that when the MAC Address of user is particular address just net can be accessed by wireless router
Network;
3) page certification:It is required that behind User logs in website, specific username and password is inputted on homepage could be true
It is positive to access network;
4) SMS certification:It is required that after user access network, being obtained by phone number after specific cryptosystem, Cai Nengzhen
It is positive to access network.
Above-mentioned method more or less exists following not enough:
1) for the above method 1) for, it is necessary to password to be advertised to the user of network to be accessed, especially new user's meeting
Inquiry password again and again is how many, therefore, says very inconvenient from the angle promoted and used.
2) for the above method 2) for, it can not use in public places.The characteristics of public place is the mobility of user
It is larger, it is impossible to accomplish user once to add MAC Address, delete the MAC Address when leaving again, it is therefore, right
Convenience is also poor for user.
3) for the above method 3) for, its with method 1) deficiency, said very not from the angle promoted and used
It is convenient.
4) for the above method 4) for, its problem is that the user of network-termination device to be accessed needs to pay extra
SMS expense.
The content of the invention
The technical problem to be solved in the present invention is to provide one kind without territory restriction, practical and facilitate user access network
Use wechat access network identification authentication method.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
The present invention use wechat access network identification authentication method, including mobile radio communication second terminal equipment and mutually
The access end equipment of networking, the access end equipment in internet sets data identification module;The data identification module is to all
The data flow for accessing the network carries out intercepting judgement and by data forwarding module therein by the HTTP data in the data flow
Authentication module is delivered to, other data are delivered to the webserver;The data identification module to the data flow according to the following steps
Intercept and judge:
1) feature extraction is carried out for all message flows of the data flow;
2) type of identification data stream is carried out further according to data characteristics and behavioural characteristic;
3) the wechat data for belonging to the unverified network user to receiving, it is allowed to which it is uploaded to by the access end equipment
Upper level Internet, intercepts the specific prompting page of HTTP data execution for being related to the unverified network user, is related to its its
No thoroughfare that the access end equipment uploads to upper level Internet for his data;
4) total data for belonging to the network user by certification to receiving, it is allowed to which it is set by the incoming end
It is standby to upload to upper level Internet;
5) HTTP request of the network user to be certified is redirected to the specific page, under page prompts, it is desirable to pay close attention to
The wechat of the network user opens network;
6) network user to be certified obtains the use authentication url of network, opens network after clicking on the authentication url, the net
Network user will normally access network.
It is described to be characterized as BASE, FTS, HTTP, Expect, DNS, DPI and PLC feature.
After the HTTP request of the network user to be certified is redirected to the specific page, the prompting for of the page " carries
Show+advertisement ", it points out flow as follows:
1) the prompting page for being arranged at the access end equipment is accessed;
2) IP, MAC or router address that CGI obtains the access end equipment are sent;
3) page ad is clicked on;
4) IP, the MAC or router address information for taking acquisition enter net background server access target URL.
The identifying procedure for clicking on authentication url is as follows:
1) certification page for being arranged at the access end equipment is obtained;
2) certification request CGI is sent;
If 3) show " failure ", certification request CGI is resend;
If 4) point out " success ", IP, MAC or router address information of the access end equipment can be obtained;
5) IP, MAC or router address information described in actively taking enter net background server access relevant advertisements
URL。
Compared with prior art, conveniently it is based on there is provided one kind instant invention overcomes deficiency of the prior art
The network authentication scheme of wechat, user can complete Certificate Authority by wechat access network, access network.It is simultaneously marketing
Side easily pushes means there is provided bug, increases the usage experience of client, strengthens ease for use, improves promotion effect.The present invention
The incoming end equipment scheme of internet based on WeChat accounts certification, based on WeChat accounts, promotes wechat internet sales service.
Present invention meeting tight association user's WeChat accounts, strengthen popularization means, it has verification process simple, user-friendly;Keep away
Exempt from loiter network behavior, all is all effective client at netter family;By the advertisement navigation patterns of user, collection, which pushes away promotion, to be had
The advantages of information.
Brief description of the drawings
Fig. 1 is data forwarding module processing data schematic diagram in the method for the present invention.
Fig. 2 is data forwarding module prompting flow chart in the method for the present invention.
Fig. 3 is device authentication flow chart in the method for the present invention.
Embodiment
Below in conjunction with accompanying drawing, the invention will be further described.
1st, wechat is recognized
Equipment (the access end equipment for referring to internet) (has a class report of identical essential characteristic for all message flows
Text, such as with identical source purpose IP, source destination interface, the message of protocol type) carry out the extraction of feature.
The feature includes following part:
BASE features:That is essential characteristic, comprising basic agreement, ip ports, direction, Bao Xu, length etc..
FTS features:That is key characteristics.Some canonical can be used in the position of some offsets (L7 load) in statement message
Expression formula is matched.
HTTP features:Application based on http protocol relatively many and message has fixed form.We can use
HTTP common word domain is described as feature using regular expression.It is worth mentioning that the seq words that we introduce ourselves
Domain, it represents the ordinal characteristics in word domain in feature.
Expect features:And expect connection features.A detection or broadcast packet are sent first, and the message characteristic is brighter
It is aobvious.Data message source port below use before the port that is used of message.Based on this brass tacks, we can be with
An expectation is done after that detection or broadcast packet is recognized.
DNS features:Due to needing the Hash type that is directed to of circulation to carry out Hash calculation in the identification process of application, and
There are some ltsh chain tables long, such as DGET, therefore introduce DNS features to accelerate identification to apply.General principle is such:Know
Other framework sets up a dns database, and domain name and IP have a corresponding relation, when a new connection enters identification framework
By IP with regard to corresponding domain name can be found, and then with regard to that application can be positioned.
DPI features:Deep message feature.The universal method of one section of sensitive content is extracted in description, and content can represent length, account
Family etc.;Also (long whether match can be checked and wrapped as feature if content representation length as non-feature as feature.
PLC features:Message length feature.The length statistics feature (average value of some bags;Maximum;Packet-by-packet length
Deng).
Based on the above method, we can build data identification module and identify the related data of wechat.
2nd, data flow is distinguished with redirecting
As shown in figure 1, equipment uses following method processing wechat data and other data:
Increase data identification module in repeating process, (i.e. described BASE, FTP and HTTP is special according to data characteristics
Levy) and behavioural characteristic (i.e. described EXPECT, DNS, DPI and PLC feature) come identification data stream type (i.e. various applications
The data of data, such as wechat, the data of microblogging, sudden peal of thunder data and QQ data).
Pair also the not no user of certification, lets off wechat data, intercepts HTTP data and perform the specific prompting page, abandon it
His data.
HTTP data can point out flow after processing for realizing.
To by the user of certification, letting off whole data.
3rd, click on certification and password is obtained
The HTTP request of user is redirected to after the specific page, and the effect of generation is that user can be appreciated that a prompting
(prompting+advertisement), it is desirable to which the wechat for paying close attention to the network user opens network.
By paying close attention to the wechat of the network user, the network user will be obtained after the use authentication url of network, clickthrough,
Network opening, the network user will normally access network.
4th, flow is pointed out
As shown in Fig. 2 the prompting flow that equipment shows is as follows:
1) user's request accesses network (HTTP request);
2) judge user's request data address whether in white list;
3) data address of user's request is in white list, it is allowed to user accesses data;
4) data of user's request are redirected not in white list using 302, and guiding user accesses the prompting page;
5) the prompting page is showed.The prompting page is when being presented in user terminal, obtains the MAC of equipment, the information such as IP;
6) user can click on the advertisement in the prompting page, take the MAC, IP message reference advertisements URL, it is possible to provide have of correlation
The statistical information of effect.
5th, identifying procedure
As shown in figure 3, the identifying procedure that equipment shows is as follows:
1) user clicks on the authentication button in the prompting page, asks certification;
2) equipment receives request and sends certification page to user terminal;
3) certification page is showed.When certification page is presented in user terminal, the information, hair such as automatic collection related MAC, IP
Send real certification request;
4) authentication result is waited, certification success then opens network, points out certification success;
5) authentication result is waited, authentification failure then points out body failure;
6) no matter result success or failure, certification page takes the IP of user automatically, and the information such as MAC actively accesses advertisement
URL。
Claims (4)
1. a kind of authentication method of use wechat access network identification, including mobile radio communication second terminal equipment and internet
Access end equipment, it is characterised in that:Access end equipment in internet sets data identification module;The data identification module pair
All data flows for accessing the networks carry out intercepting judgements and by data forwarding module therein by the HTTP in the data flow
Data deliver to authentication module, and other data are delivered to the webserver;The data identification module is to the data flow by following
Step, which is intercepted, to be judged:
1) feature extraction is carried out for all message flows of the data flow;
2) type of identification data stream is carried out further according to data characteristics and behavioural characteristic;
3) the wechat data for belonging to the unverified network user to receiving, it is allowed to which it is uploaded to upper one by the access end equipment
Level Internet, intercepts the specific prompting page of HTTP data execution for being related to the unverified network user, is related to its other numbers
According to no thoroughfare, the access end equipment uploads to upper level Internet;
4) total data for belonging to the network user by certification to receiving, it is allowed to which it passes through in the access end equipment
Pass to upper level Internet;
5) HTTP request of the network user to be certified is redirected to the specific page, under page prompts, it is desirable to pay close attention to the net
The wechat of network user opens network;
6) network user to be certified obtains the use authentication url of network, and network is opened after clicking on the authentication url, and the network is used
Family will normally access network.
2. authentication method according to claim 1, it is characterised in that:It is described be characterized as BASE, FTS, HTTP, Expect,
DNS, DPI and PLC feature.
3. authentication method according to claim 1, it is characterised in that:When the HTTP request of the network user to be certified is weighed
It is directed to after the specific page, the page prompts for " prompting+advertisement ", it points out flow as follows:
1) the prompting page for being arranged at the access end equipment is accessed;
2) IP, MAC or router address that CGI obtains the access end equipment are sent;
3) page ad is clicked on;
4) IP, the MAC or router address information for taking acquisition enter net background server access target URL.
4. authentication method according to claim 1, it is characterised in that:The identifying procedure for clicking on authentication url is as follows:
1) certification page for being arranged at the access end equipment is obtained;
2) certification request CGI is sent;
If 3) show " failure ", certification request CGI is resend;
If 4) point out " success ", IP, MAC or router address information of the access end equipment can be obtained;
5) IP, MAC or router address information described in actively taking enter net background server access relevant advertisements URL.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410758204.1A CN104486326B (en) | 2014-12-11 | 2014-12-11 | Using the authentication method of wechat access network identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410758204.1A CN104486326B (en) | 2014-12-11 | 2014-12-11 | Using the authentication method of wechat access network identification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104486326A CN104486326A (en) | 2015-04-01 |
CN104486326B true CN104486326B (en) | 2017-08-11 |
Family
ID=52760830
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410758204.1A Active CN104486326B (en) | 2014-12-11 | 2014-12-11 | Using the authentication method of wechat access network identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104486326B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105049413A (en) * | 2015-06-02 | 2015-11-11 | 杭州敦崇科技股份有限公司 | Authentication method for free wireless Internet access |
CN106331785A (en) * | 2015-07-02 | 2017-01-11 | 天脉聚源(北京)科技有限公司 | Method and system for shaking TV function link EPG by WeChat |
CN105357188B (en) * | 2015-10-10 | 2018-10-12 | 努比亚技术有限公司 | A kind of method that realizing WIFI connections, server and mobile terminal |
CN105530638B (en) * | 2016-01-12 | 2018-12-21 | 杭州敦崇科技股份有限公司 | A kind of free WIFI Verification System shared based on circle of friends |
CN106850401A (en) * | 2017-01-11 | 2017-06-13 | 上海斐讯数据通信技术有限公司 | A kind of wireless authentication device, system and its authentication method |
CN114095473A (en) * | 2020-07-31 | 2022-02-25 | 中国电信股份有限公司 | Network service processing method, device and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201846351U (en) * | 2010-09-15 | 2011-05-25 | 傲普托通讯技术有限公司 | Multi-access technical home gateway |
CN102845085A (en) * | 2010-03-05 | 2012-12-26 | 高通股份有限公司 | Method and apparatus to control visited network access for devices |
CN104158808A (en) * | 2014-08-19 | 2014-11-19 | 杭州华三通信技术有限公司 | Portal authentication method based on APP application and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101505519B1 (en) * | 2007-10-16 | 2015-03-25 | 삼성전자 주식회사 | Apparatus and method for providing contents |
-
2014
- 2014-12-11 CN CN201410758204.1A patent/CN104486326B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102845085A (en) * | 2010-03-05 | 2012-12-26 | 高通股份有限公司 | Method and apparatus to control visited network access for devices |
CN201846351U (en) * | 2010-09-15 | 2011-05-25 | 傲普托通讯技术有限公司 | Multi-access technical home gateway |
CN104158808A (en) * | 2014-08-19 | 2014-11-19 | 杭州华三通信技术有限公司 | Portal authentication method based on APP application and device |
Also Published As
Publication number | Publication date |
---|---|
CN104486326A (en) | 2015-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104486326B (en) | Using the authentication method of wechat access network identification | |
US9210229B2 (en) | System and method for generating personalized short links and monitoring activity | |
US20150341965A1 (en) | Hotspot network access system and method | |
US9501777B1 (en) | Systems and methods for MAC address tracking for a mobile device | |
US20100313009A1 (en) | System and method to enable tracking of consumer behavior and activity | |
US10984452B2 (en) | User/group servicing based on deep network analysis | |
JP2010515977A (en) | Network processing and information processing system and method using persistence / anonymous identifier | |
WO2009158681A1 (en) | Implementing consumer choice in a targeted message delivery system | |
CN103401884A (en) | Authentication method and system for public wireless environment Internet access based on micro message | |
CN102638448A (en) | Method for judging phishing websites based on non-content analysis | |
CN105530638B (en) | A kind of free WIFI Verification System shared based on circle of friends | |
CN104320780A (en) | Authentication sharing method and module for wireless routers inside local area network | |
CN106453617A (en) | Information pushing method and information pushing platform | |
CN101217567A (en) | A webpage push method, system and device | |
CN105812460A (en) | Mobile Internet message push technology for enterprise customers | |
CN104717079A (en) | Network flow data processing method and device | |
CN201590901U (en) | Mobile phone advertisement release and delivery system | |
CN105391615B (en) | Instant messaging method, device and system based on business requirements | |
WO2013117156A1 (en) | System and method for wifi terminal user to conduct social intercourse through identification code | |
KR20170024603A (en) | Method for Processing Conversational Message on Mobile Environment | |
CN102333125A (en) | Access-identifier-based network application realization method for integrated network | |
KR101902116B1 (en) | System and method for providing service of co-marketing using information joint between business manager | |
CN111224918A (en) | Real-time networking security control platform and access authentication method | |
KR20170140804A (en) | Method for Processing Conversational Message on Mobile Environment | |
KR101013292B1 (en) | System and Method for Providing Search Advertisement and Recording Medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |