CN105007579B - A kind of access authentication of WLAN method and terminal - Google Patents

A kind of access authentication of WLAN method and terminal Download PDF

Info

Publication number
CN105007579B
CN105007579B CN201410168868.2A CN201410168868A CN105007579B CN 105007579 B CN105007579 B CN 105007579B CN 201410168868 A CN201410168868 A CN 201410168868A CN 105007579 B CN105007579 B CN 105007579B
Authority
CN
China
Prior art keywords
terminal
server
authentication
certificate
wlan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410168868.2A
Other languages
Chinese (zh)
Other versions
CN105007579A (en
Inventor
王文杰
罗芸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Guangdong Co Ltd
Original Assignee
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Guangdong Co Ltd filed Critical China Mobile Group Guangdong Co Ltd
Priority to CN201410168868.2A priority Critical patent/CN105007579B/en
Publication of CN105007579A publication Critical patent/CN105007579A/en
Application granted granted Critical
Publication of CN105007579B publication Critical patent/CN105007579B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention provides a kind of access authentication of WLAN method and terminal, wherein, this method includes sending online request message to certificate server system, so that the certificate server system carries out the access authentication of WLAN based on MAC Address to the terminal according to the terminal MAC address information carried in the online request message;After the access authentication of WLAN passes through, authentication request message is sent to the certificate server system, so that the safety certificate that is used to identify terminal of the certificate server system according to the pre- first to file carried in the authentication request message, carries out terminal user identity authentication to the terminal;After terminal user identity authentication passes through, WLAN is accessed, and after terminal user identity authentication is obstructed, disconnects the connection with WLAN.Access authentication of WLAN method of the invention, which avoids terminal and only relies on MAC Address as the mark of unique identification user, has very big risk.

Description

A kind of access authentication of WLAN method and terminal
Technical field
The present invention relates to the communications fields, more particularly to a kind of access authentication of WLAN method and terminal.
Background technique
Network operator is when runing WLAN WLAN business, in order to guarantee to realize that its service is held to client with charge Promise needs to authenticate for client using the access of WLAN business.Common authentication method has based on the interface portal PORTAL Certification, based on expansible authentication protocol EAP (Extensible Authentication Protocol) protocol frame Identify that SIM card user accesses the EAP-SIM certification of Wireless LAN, based on certificate+user name password realization based on 2G user User WLAN access authentication EAP-PEAP certification, extensible protocol+hash algorithm EAP-MD5 certification etc., there are also utilize WLAN net The MAC certification etc. that the medium access control MAC Address binding of card carries out.
Portal PORTAL certification is widely used on computer terminal, and user is accustomed to manually entering password, and relatively solid Fixed position uses WLAN business.But due to there is the inconvenience of input password in mobile phone terminal, browser supports characteristic to multi-page There is the features such as fairly large number of WLAN application is not based on web browser on inconsistent, mobile phone, and mobile phone user is usually moving WLAN business is used in dynamic, is authenticated once losing connection and needing to re-enter password, is improved business using threshold, is reduced User experience, PORTAL certification cannot apply on mobile phone terminal well.
Wherein, PORTAL identifying procedure is divided into following several stages:
1, establishment stage is connected
Terminal access service set identifier SSID establishes physical connection with access control AC server.
2, the dynamic host configuration protocol DHCP stage
AC server detects that terminal does not have IP information, is the stage of terminal distribution identity ID.
3, the PORTAL stage is forced
Terminal after a connection is established, attempts access public network address, and AC server detects that user does not have network access right Limit can redirect user's request to the fixed PORTAL page.
4, the identifying procedure stage
User submits request after the PORTAL page inputs user name, password, and certification request reaches PORTAL service Device, PORTAL server triggers PORTAL identifying procedure.After authenticating successfully, PORTAL server returns to the successful log page and arrives Terminal.
5, the charging incipient stage
After remote user dials in Verification System RADIUS return charging success message to AC server, AC server hair It rises and starts accounting request to RADIUS, request starts charging.
6, the real time billing stage
For real time billing user, charging message can be converted to verifying by RADIUS, authorization, billing agreements DIAMETER disappear Breath, is transmitted to real time billing engine, is deducted fees in real time.
7, stop charging
After reaching RADIUS by the accounting request message that terminal or AC server are initiated, RADIUS stops charging.
The certification of EAP class is established in network layer data interaction and is realized, and can in order to avoid input password or an only defeated password, Automated validation when access later.But the certification of EAP class needs the support of terminal operating system, market a big chunk cell phone customer EAP class is not supported to authenticate in end.
Medium access control MAC certification is the uniqueness using cell phone client MAC Address, authenticates and carries out for PORTAL One kind exempt from the optimization that inputs password.Its principle is after terminal user is authenticated by PORTAL, by the MAC of server-side record terminal The authentication information (including user name, password) of address and corresponding certification user.Server-side is according to previous note when logging in next time The MAC corresponding relationship of record is automatically performed certification for client.The advantages of this scheme is that certification is automatically initiated using server end to drop The difficulty of low authenticated client, improves user experience.
Wherein, as shown in Figure 1, MAC identifying procedure is divided into following several stages:
1, terminal is associated with AC server, and obtains IP address.
2, terminal initiation surpasses this transfer protocol HTTP request, and the type of browser is carried in the request message head.
3, AC server increases the HTTP request message redirecting of terminal to PORTAL server, and in heading The MAC Address of terminal.
4, PORTAL server obtains the information in heading, terminal type is judged, if it is mobile phone, then to MAC Address It is verified, and is verified successfully, then continue next step process.
5, the corresponding phone number of PORTAL/MAC server inquiry MAC Address and user password, pass through PORTAL agreement Issue AC server.
6~8, user name encrypted message is issued radius server and verified by AC server, after completing verification, by Result is returned to PORTAL server by AC server, this process is consistent with PORTAL process.
If 9, be proved to be successful, PORTAL/MAC server issues reminding short message to user.
10, business operation support system BOSS receives the refusal online short message of user.
11, BOSS is issued to PORTAL server removes the request of MAC binding information.
12, BOSS issues offline request to verifying, authorization, book keeping operation aaa server.
13, AAA issues the offline request of client DM to AC server.
14, AC server logs out a particular user.
But MAC certification has several insurmountable problems
The counterfeit problem of MAC Address:
MAC Address is theoretically that each terminal is uniquely distributed, but client modifies MAC Address simultaneously by hand in actual use It is uncomplicated, if only there is very big risk in the mark by MAC Address as unique identification user.
Billing issues
Since MAC certification is the scheme optimized on the basis of PORTAL certification, that is, MAC certification and PORTAL Authentication protocol used in authenticating is completely the same, therefore the side RADIUS, which cannot be distinguished from active user, to be recognized by MAC mode Card still inputs pin mode certification by PORTAL, cannot provide differentiation rate.
Summary of the invention
The object of the present invention is to provide a kind of access authentication of WLAN method and terminal, can solve current mobile whole If terminated into WLAN only with MAC address authentication, it is easy to cause the problem of being usurped by other people.
In order to solve the above-mentioned technical problem, the embodiment of the present invention provides a kind of access authentication of WLAN method, answers For having opened the terminal based on medium access control MAC address authentication, wherein the described method includes:
Online request message is sent to certificate server system, so that the certificate server system is asked according to the online The terminal MAC address information carried in message is asked to carry out the access authentication of WLAN based on MAC Address to the terminal;
After the access authentication of WLAN passes through, transmission authentication request message to the certificate server system, So that the certificate server system is according to the pre- first to file carried in the authentication request message for identifying the peace of terminal Full certificate carries out terminal user identity authentication to the terminal;
After terminal user identity authentication passes through, WLAN is accessed, and do not pass through in terminal user identity authentication Afterwards, the connection with WLAN is disconnected.
Further, the transmission online request message is to certificate server system, so that the certificate server system The wireless office based on MAC Address is carried out to the terminal according to the terminal MAC address information carried in the online request message The step of domain net access authentication includes:
Online request message is sent to portal server, so that portal server is carried according in the online request message Terminal MAC address information, send terminal wireless LAN subscriber information to verifying, authorization, book keeping operation aaa server so that institute It states aaa server and the terminal wireless LAN subscriber received is believed according to the terminal wireless LAN subscriber information prestored Breath carries out authentication, obtains authentication as a result, and the authentication result is returned to access control AC server;Its In, the terminal wireless LAN subscriber information includes: that terminal wireless local area network account information and/or terminal wireless local area network are close Code information;
After the AC server receives the successful result of authentication, WLAN is accessed.
Further, described after the AC server receives the successful result of authentication, access WLAN Later the step of further include:
Charging request message is sent to the aaa server, so that the aaa server is according to the charging request message Middle carrying include terminal type charging distinguish information, charging is distinguished to the terminal.
Further, described after the access authentication of WLAN passes through, it sends authentication request message and recognizes to described Server system is demonstrate,proved, so that the certificate server system is used for according to the pre- first to file carried in the authentication request message Identify terminal safety certificate, to the terminal carry out terminal user identity authentication the step of include:
After the access authentication of WLAN passes through, the safety for being used to identify terminal for carrying pre- first to file is sent The authentication request message of certificate and terminal wireless local area network account information is to portal server, so that portal server is according to institute It states terminal wireless local area network account information and inquires User Status from media access control service device to wait terminal user ID After authentication state, sends the safety certificate to user identity and IDP server is provided, so that the IDP server is according in advance The terminal security certificate of storage, the legitimacy of the safety certificate received described in verification obtain check results, and send the school Result is tested to portal server, so that portal server carries out the terminal for having accessed WLAN according to the check results WLAN connection control;Wherein, the User Status is that media access control service device is being received by access control clothes It is engaged in after the successful result of authentication of device forwarding, is revised as waiting terminal user identity authentication state.
Further, the safety certificate can be applied as follows:
Send the unique sequence code of encryption generated at random comprising international mobile subscriber identity, terminal MAC address and one The information of number SID makes to Short Message Service Gateway so that the Short Message Service Gateway forwards the information to user identity to provide IDP server The IDP server be decrypted by the phone number obtained from Short Message Service Gateway and by the information of encryption after obtain International mobile subscriber identity is sent to portal server and is verified, so that portal server has opened MAC according to what is prestored The terminal phone number of certification and the mapping table of international mobile subscriber identity, to the phone number received with And international mobile subscriber identity carries out search comparison, and obtains search comparison result, and the search comparison result is sent To the IDP server, so that the IDP server indicates the international mobile subscriber identity in the search comparison result With the phone number corresponding relationship it is legal after, generate safety certificate;Wherein, the safety certificate carries MAC Address, the world The binding information of mobile identification number and phone number;
Certificate request request message is sent to the IDP server, so that the IDP server is according to the certificate request The terminal MAC address information carried in request message sends safety certificate corresponding with the terminal MAC address to the end End.
In order to solve the above-mentioned technical problem, the embodiment of the present invention also provides a kind of terminal, comprising:
First sending module, for sending online request message to certificate server system, so that the certificate server System carries out the nothing based on MAC Address to the terminal according to the terminal MAC address information carried in the online request message Line local area network access authentication;
Second sending module, for after the access authentication of WLAN passes through, sending authentication request message to institute Certificate server system is stated, so that the certificate server system is according to the pre- first to file carried in the authentication request message For identifying the safety certificate of terminal, terminal user identity authentication is carried out to the terminal;
Processing module, for accessing WLAN, and in terminal user's body after terminal user identity authentication passes through After part certification is obstructed, the connection with WLAN is disconnected.
Further, first sending module includes:
First sending submodule, for sending online request message to portal server, so that portal server is according to institute State the terminal MAC address information that carries in online request message, send terminal wireless LAN subscriber information to verifying, authorization, It keeps accounts aaa server, so that the aaa server is received according to the terminal wireless LAN subscriber information that prestores to described Terminal wireless LAN subscriber information carries out authentication, obtains authentication as a result, and returning to the authentication result Access control AC server;Wherein, the terminal wireless LAN subscriber information includes: terminal wireless local area network account information And/or terminal wireless local area network encrypted message;
Submodule is accessed, for accessing wireless local area after the AC server receives the successful result of authentication Net.
Further, the terminal further include:
Third sending module, for sending charging request message to the aaa server, so that the aaa server root According to carried in the charging request message include terminal type charging distinguish information, meter is distinguished to the terminal Take.
Further, second sending module includes:
Second sending submodule, for after the access authentication of WLAN passes through, transmission to carry pre- first to file The safety certificate for identifying terminal and terminal wireless local area network account information authentication request message to portal server, So that portal server inquires user's shape from media access control service device according to the terminal wireless local area network account information State is to send the safety certificate to user identity after waiting terminal user identity authentication state and provide IDP server, so that institute IDP server terminal security certificate according to the pre-stored data is stated, the legitimacy of the safety certificate received described in verification obtains school Test as a result, and send the check results to portal server so that portal server is according to the check results to having accessed The terminal of WLAN carries out WLAN connection control;Wherein, the User Status is media access control service device After receiving the successful result of authentication by accessing control server forwarding, it is revised as waiting terminal user identity authentication State.
Further, the terminal further include:
4th sending module, for send encryption comprising international mobile subscriber identity, terminal MAC address and one with The information for the unique sequence numbers SID that machine generates is to Short Message Service Gateway, so that the Short Message Service Gateway forwards the information to user identity IDP server is provided, so that the IDP server is by the phone number obtained from Short Message Service Gateway and by the information of encryption The international mobile subscriber identity obtained after being decrypted is sent to portal server and is verified so that portal server according to The mapping table of the terminal phone number for having opened MAC certification and international mobile subscriber identity that prestore, to receiving The phone number and international mobile subscriber identity carry out search comparison, and obtain search comparison result, and will be described It searches comparison result and is sent to the IDP server, so that the IDP server indicates the state in the search comparison result After border mobile identification number and the phone number corresponding relationship are legal, safety certificate is generated;Wherein, the safety certificate is taken Binding information with MAC Address, international mobile subscriber identity and phone number;
5th sending module, for sending certificate request request message to the IDP server, so that the IDP is serviced Device is sent corresponding with the terminal MAC address according to the terminal MAC address information carried in the certificate request request message Safety certificate is to the terminal.
Beneficial effects of the present invention are as follows:
The scheme authenticated using two steps: access authentication of WLAN method of the invention and terminal use base first In the certificate scheme of MAC Address, the scheme of terminal security certificate verification is used herein, and two schemes are combined, effectively prevented Terminal only relies on the mark easily stolen the problem of using of MAC Address as unique identification user.
Detailed description of the invention
Fig. 1 shows MAC identifying procedure figures;
Fig. 2 indicates that terminal opens the flow chart of MAC certification;
Fig. 3 indicates that terminal cancels the flow chart of MAC certification;
Fig. 4 indicates access authentication of WLAN method flow schematic diagram one of the invention;
Fig. 5 indicates access authentication of WLAN method flow schematic diagram two of the invention;
Fig. 6 indicates that terminal opens flow chart of surfing the Internet for the first time after MAC is authenticated;
The flow diagram of Fig. 7 expression terminal application safety certificate;
Fig. 8 shows terminal structure schematic diagrames one of the invention;
Fig. 9 indicates terminal structure schematic diagram two of the invention;
Figure 10 indicates terminal structure schematic diagram two of the invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, right below in conjunction with the accompanying drawings and the specific embodiments The present invention is described in detail.
If the present invention is for current mobile terminal access WLAN only with MAC address authentication, it is easy to cause The problem of being usurped by other people provides a kind of access authentication of WLAN method, applied to having opened based on medium access control The terminal of MAC address authentication, this method comprises: sending online request message to certificate server system, so that the certification takes Business device system carries out based on MAC Address the terminal according to the terminal MAC address information carried in the online request message Access authentication of WLAN;After the access authentication of WLAN passes through, sends authentication request message and recognize to described Server system is demonstrate,proved, so that the certificate server system is used for according to the pre- first to file carried in the authentication request message The safety certificate for identifying terminal carries out terminal user identity authentication to the terminal;After terminal user identity authentication passes through, connect Enter WLAN, and after terminal user identity authentication is obstructed, disconnects the connection with WLAN.It is i.e. of the invention Access authentication of WLAN method uses the scheme of two steps certification: using the certificate scheme based on MAC Address first, furthermore adopts The scheme authenticated with terminal certificate, two schemes combine, and effectively prevent terminal and only rely on MAC Address as unique identification use The mark at family easily stolen the problem of using.
Firstly, above-mentioned terminal, which is discussed in detail, in conjunction with attached drawing and specific embodiment opens the stream based on MAC address authentication Journey:
As shown in Fig. 2, the process comprises the following steps:
Step 21, terminal or client connect wireless access points AP;
Step 22, accessing control server AC server is that terminal or client distribute IP;
Step 23, terminal or the network service interface of client call portal server are initiated open-minded to portal server The request of MAC+ client rapid authentication function;
Step 24, portal server calls the network service interface initiation of business operation support system BOSS to open MAC+ visitor The request of family end rapid authentication function;
Step 25, BOSS calls verifying, authorizes, the human-computer interaction command M ML of Accounting Server AAA, services in the AAA MAC+ client rapid authentication function is opened on device;
Step 26, the aaa server saves user information;Including terminal wireless LAN subscriber account, password And/or terminal MAC address, phone number and the binding corresponding relationship of international mobile subscriber identity for opening MAC certification etc. are believed Breath.
Step 27, AAA and return open successful result to BOSS;
Step 28, BOSS return handles successful result to portal server;
Step 29, portal server saves user information, i.e. portal server notice MAC service device saves user information;
Step 30, portal server return handles successful result to terminal.
Certainly, if user is intended to using PORTAL certification or other authentication modes, when so that terminal accessing WLAN, Certainly it can cancel the above-mentioned business based on MAC address authentication, cancel process as shown in figure 3, including the following steps:
Step 31, terminal or client connect wireless access points AP;
Step 32, accessing control server AC server is that terminal or client distribute IP;
Step 33, terminal or the network service interface of client call portal server are initiated to cancel to portal server The request of MAC+ client rapid authentication function;
Step 34, portal server calls the network service interface of business operation support system BOSS to initiate to cancel MAC+ visitor The request of family end rapid authentication function;
Step 35, BOSS calls verifying, authorizes, the human-computer interaction command M ML of Accounting Server AAA, services in the AAA Cancel MAC+ client rapid authentication function on device;
Step 36, the aaa server deletes user information;Including terminal wireless LAN subscriber account, password And/or terminal MAC address, phone number and the binding corresponding relationship of international mobile subscriber identity for opening MAC certification etc. are believed Breath.
Step 37, it AAA and returns and cancels successful result to BOSS;
Step 38, BOSS, which is returned, cancels successful result to portal server;
Step 39, portal server deletes user information;I.e. portal server notice MAC service device deletes terminal wireless office The binding corresponding relationship of domain net account information and terminal MAC address.
Step 40, portal server, which returns, cancels successful result to terminal.
As shown in figure 4, in the case where having opened for terminal or client based on MAC address authentication, what user surfed the Internet for the first time Process, the process include the following steps:
Firstly, step 41, sends online request message to certificate server system, so that the certificate server system root The wireless local area based on MAC Address is carried out to the terminal according to the terminal MAC address information carried in the online request message Net access authentication;
The realization of the step 41 specifically includes step 411 as shown in Figure 5, sends online request message to portal service Device, so that portal server sends terminal wireless local according to the terminal MAC address information carried in the online request message Network users information is to verifying, authorization, book keeping operation aaa server, so that the aaa server is according to the terminal wireless local area network prestored User information carries out authentication to the terminal wireless LAN subscriber information received, obtains authentication as a result, simultaneously The authentication result is returned into access control AC server;Wherein, the terminal wireless LAN subscriber information includes: end Hold WLAN account information and/or terminal wireless local area network encrypted message;
Wherein, above-mentioned steps 411, corresponding to the step 61 in Fig. 6 to step 70, specifically:
Step 61, terminal connects wireless access points AP;
Step 62, accessing control server AC server is terminal distribution address ip;
Step 63, terminal sends online request message to AC server, in online request comprising AC server info, use The information such as family MAC Address, station address IP;
Step 64, when online request has reached flow threshold, AC server just triggers inquiry MAC Address binding information (binding information of MAC Address and terminal wireless local area network account and password), i.e. AC server send MAC Address binding information and look into Solicited message is ask to media access control service device.
Wherein, there is the access authentication based on MAC Address MAC to authenticate trigger mechanism, and AC server should be defaulted useful to institute Family flow is let pass, but after integrated flow reaches certain threshold values (such as 10K) in certain Subscriber Unit time, AC server starts to touch Send out MAC certification.The advantages of above-mentioned mechanism is to avoid WLAN association just triggering MAC certification immediately, is frequently moved to reduce terminal Dynamic, association WLAN bring RADIUS authentication load, while avoiding user that the continuous WLAN of association again is needed to recognize to initiate MAC Card.When terminal applies may cope with MAC certification because waiting MAC certification to influence service operation and experience due to completion, therefore in pilot Prolong and is verified and optimized.
After the threshold values that flow reaches the setting of AC server, AC server is to PORTAL/MAC server initiation MAC Location binding inquiry, inquiry request and response are as follows:
1.MAC binds query interface definition
MAC binding query interface belongs to an interface in PORTAL agreement.Wherein, the protocol version in PORTAL agreement Number field Ver=0x01, type of message field Type=0x30, sequence of message field SerialNo=AC server are given birth at random At value, terminal user's internet address UserIP=MAC corresponding station address IP, variable length field Attrnum=2.Attribute Including content in following table:
AAA binds central server by whether inquiring the session id (i.e. terminal MAC address) after the message request Binding, result is replied by following (Type=0x31) MAC inquiry response message.
2.MAC binds inquiry response interface
The SerialNo that wherein Ver=0x01, Type=0x31, SerialNo=0x30 message are initiated, UserIP=should The corresponding User IP of MAC, AttrNum=0.
Error coded ErrCode, which is equal to 0, indicates that the MAC has been bound.
Error coded ErrCode, which is equal to 1, indicates that the MAC is unbound.
After AAA binding central server receives 0x30 request message, the corresponding binding state of the MAC Address is inquired, if It is bound, returns to response message, Errcode is equal to 0x00, and expression has been bound, while PORTAL server should be notified to initiate Automatic PORTAL verification process;If unbound, MAC inquiry response message is returned to, ErrCode is equal to 0x01, indicates unbound.
Step 65, media access control service device is receiving the MAC Address binding information inquiry sent by AC server After request message, the request is handled, i.e., according to the mac address information carried in the request message, inquires whether MAC Address is tied up Whether fixed or terminal has opened the certification based on MAC Address, and (media access control service device is opened based on MAC in terminal After the certification of location, terminal wireless local area network account and password are prestored);
Step 66, if media access control service device inquires terminal and opened the certification based on MAC Address, nothing Whether bound by MAC Address, has returned to the result bound to AC server, the purpose done so is primarily to compatible use The situation that family is opened for the first time carries out following steps after returning to the result bound:
Step 67, the state of user is modified to wait MAC authentication state;Later
Step 68, portal server is asked after receiving the terminal online request message of AC server forwarding according to online Seek the terminal MAC address carried in message, the terminal wireless LAN subscriber information of inquiry and MAC Address binding (including end Hold WLAN account information and/or terminal wireless local area network encrypted message), and inquiring and MAC Address binding After terminal wireless LAN subscriber information, sends and carry the message identifying of the terminal wireless LAN subscriber information and service to AC Device;
Step 69, AC server forwards this message to aaa server;
Step 70, aaa server obtains terminal wireless LAN subscriber information after receiving this message, and according to pre- The terminal wireless LAN subscriber information deposited carries out authentication to the terminal wireless LAN subscriber information received, obtains Authentication is taken as a result, and the authentication result is returned to AC server.
The realization of the step 41 specifically include thes steps that as shown in Figure 5 412, receives authentication in the AC server and recognizes After demonstrate,proving successful result, WLAN is accessed.Fig. 6 is combined at this time, and step 71, AC server can forward this successful authentication result To media access control service device, so that, media access control service device modification User Status is to wait eventually in step 72 Hold (mobile phone) certification.
To sum up, step 41 (corresponds to Fig. 6 step 61 to step 70), access authentication of WLAN step is described in detail In use the certificate scheme based on MAC Address first, which automatically initiates certification using server end to reduce client The difficulty of certification, simplifies access operation, improves the rate of being successfully accessed, and shortens the time that user accesses WLAN, mentions The experience perception of client is risen.
But even if being had the above advantages using terminal access WLAN when certification based on MAC Address, still, Since MAC certification is the scheme optimized on the basis of PORTAL certification, that is, MAC certification is made with PORTAL certification Authentication protocol be it is completely the same, therefore, the side RADIUS, which cannot be distinguished from active user, to be authenticated by MAC mode, still Pin mode certification is inputted by PORTAL, differentiation rate cannot be provided.Based on the above issues, in step 312 in institute It states after AC server receives the successful result of authentication, accesses after WLAN, further include following steps:
Charging request message is sent to the aaa server, so that the aaa server is according to the charging request message Middle carrying include terminal type charging distinguish information, charging is distinguished to the terminal.
Corresponding to the step in Fig. 6, specifically:
Step 73, terminal forwards charging request message Accounting-Request to aaa server via AC server, Carrying in the charging request message includes that information is distinguished in the charging of terminal type, such as in the charging request message The NasPortType field of Accounting-Request fills in special value, and (this example uses 30, and expression terminal type is hand Machine), when distinguishing computer terminal and mobile phone terminal using WLAN, to use different charging policy, to encourage client WLAN is used by mobile phone, plays the network shunt effect of WLAN, the client of WLAN is used for mobile phone user, use is more excellent The rate of favour;
Step 74, AAA returns to charging and responds to AC server according to the accounting request received, to having quickly accessed The terminal of WLAN starts to carry out charging.
Certainly, when terminal sends certification request to server system, while going application for marking as follows Know the safety certificate of terminal, the application process of the safety certificate is as shown in fig. 7, comprises following steps:
Step 711, generating at random comprising international mobile subscriber identity, terminal MAC address and one for encryption is sent The information of unique sequence numbers SID is to Short Message Service Gateway, so that the Short Message Service Gateway forwards the information to user identity to provide IDP clothes Business device, so that the IDP server is decrypted by the phone number obtained from Short Message Service Gateway and by the information of encryption The international mobile subscriber identity obtained afterwards is sent to portal server and is verified, so that portal server is according to prestoring The terminal phone number of MAC certification and the mapping table of international mobile subscriber identity are opened, to the hand received Machine number and international mobile subscriber identity carry out search comparison, and obtain search comparison result, and the search is compared As a result it is sent to the IDP server, so that the IDP server is in the search comparison result instruction international mobile use After family identification code and the phone number corresponding relationship are legal, safety certificate is generated;Wherein, the safety certificate carries MAC The binding information of address, international mobile subscriber identity and phone number;
Above-mentioned steps 711, corresponding to the step 75 in Fig. 6 to step 81, specifically:
Step 75, contain SIM card in terminal, terminal is recognized according to terminal MAC address and having opened based on MAC Address first The international mobile subscriber identity IMSI of the terminal of card generates unique sequence numbers SID, and prepares the asymmetric of IDP certificate center and add The public-key cryptography PKI of close algorithm;
Step 76, terminal using the public-key cryptography PKI of the rivest, shamir, adelman of IDP certificate center to above-mentioned SID and Terminal MAC address, IMSI are sent to Short Message Service Gateway (can be for Short Message Service Gateway IOD) with short message mode;
Step 77, Short Message Service Gateway forwards the information of the encryption to certificate center IDP, and certificate center IDP is to above-mentioned encryption Information is decrypted, and obtains the binding corresponding relationship of the IMSI, terminal MAC address and SID, and obtain eventually from Short Message Service Gateway Hold phone number;
Step 78, the IMSI obtained after phone number and decryption is sent to portal server and carried out by certificate center IDP Verification;
Step 79, because terminal is opened based on after MAC address authentication, portal server can preserve terminal phone number with And the mapping table of IMSI can pass through this after portal server receives the phone number and IMSI of certificate center IDP transmission Table inquiry whether there is the corresponding relationship of this phone number and IMSI that receive, and inquire the legitimacy of this corresponding relationship, i.e., Whether phone number has been bound with corresponding IMSI, if portal server inquires the phone number that this is received and IMSI's Corresponding relationship, and inquire this corresponding relationship it is legal after, then carry out step 60;
Step 80, portal server returns to result that whether phone number and corresponding IMSI have bound to certificate center IDP;
Step 81, certificate center IDP generates terminal security certificate according to the result that this has bound, wherein the safety certificate Carry the binding information of terminal MAC address, IMSI and corresponding phone number.
As shown in fig. 7, the application process of the safety certificate further includes step 712, certificate request request message is sent to institute IDP server is stated, so that the IDP server is according to the terminal MAC address information carried in the certificate request request message, Safety certificate corresponding with the terminal MAC address is sent to the terminal.
Above-mentioned steps 712, corresponding to the step 82 in Fig. 6 to step 87, specifically:
Step 82, terminal sends certificate request request message to portal server;
Step 83, this message of portal server transparent transmission is to certificate center IDP;
Step 84, certificate center IDP is according to the terminal MAC address information carried in certificate request request message, generate with The corresponding safety certificate of the terminal MAC address.
Step 85, certificate center IDP returns to the safety certificate to portal server;
Step 86, this certificate is back to terminal by portal server;
Step 87, terminal is receiving this certificate and is saving.
Secondly, as shown in figure 4, the process that user surfs the Internet for the first time further includes following steps:
Step 42, after the access authentication of WLAN passes through, authentication request message is sent to the authentication service Device system, so that the certificate server system is according to the pre- first to file carried in the authentication request message for identifying end The safety certificate at end carries out terminal user identity authentication to the terminal;
Step 43, after terminal user identity authentication passes through, WLAN is accessed, and in terminal user identity authentication After obstructed, the connection with WLAN is disconnected.
Wherein, the realization of the step 42 specifically comprises the following steps:
After the access authentication of WLAN passes through, the safety for being used to identify terminal for carrying pre- first to file is sent The authentication request message of certificate and terminal wireless local area network account information is to portal server, so that portal server is according to institute It states terminal wireless local area network account information and inquires User Status from media access control service device to wait terminal user ID After authentication state, sends the safety certificate to user identity and IDP server is provided, so that the IDP server is according in advance The terminal security certificate of storage, the legitimacy of the safety certificate received described in verification obtain check results, and send the school Result is tested to portal server, so that portal server carries out the terminal for having accessed WLAN according to the check results WLAN connection control;Wherein, the User Status is that media access control service device is being received by access control clothes It is engaged in after the successful result of authentication of device forwarding, is revised as waiting terminal user identity authentication state.
Above-mentioned 42~step 43, corresponding to the step 88 in Fig. 6~step 94, specifically:
Step 88, after the access authentication of WLAN passes through, send carry pre- first to file for identifying end The authentication request message of the safety certificate at end and terminal wireless local area network account information is to portal server;
Step 89, portal server is after receiving this authentication request message, according to what is carried in the authentication request message Terminal wireless local area network account information sends the request message of inquiry user state information to media access control service device;
Step 90, media access control service device inquires User Status after receiving this request message, obtains inquiry knot Fruit, and this result is back to portal server;
Step 91-1 is that mobile phone authentication state is waited (terminal user ID to be waited to recognize in the above results instruction User Status Card state), then it is pass-through to certificate center IDP;
Step 91-2 is non-camp mobile phone authentication state in the above results instruction User Status, then returns to this result to end End, and repeat step 68;
Step 92, on the basis step 91-1, IDP server terminal security certificate according to the pre-stored data, verification is connect The legitimacy of information in the safety certificate received obtains check results;
Step 93, above-mentioned check results are returned to portal server, portal server is according to the check results to having connect The terminal for entering WLAN carries out WLAN connection control;
Step 94, after portal server receives security cerificate information valid result, back-checking successful result to end End, while control has accessed the terminal of WLAN and has continued to surf the Internet;Do not conform to if portal server receives security cerificate information After method result, while control has accessed the terminal of WLAN and has disconnected with WLAN.
Terminal process of surfing the Internet for the first time terminates.Terminal is in the process of later access WLAN, it is not necessary to carry out Shen again Please the process of certificate if terminal has been replaced and SIM card or replaced mobile phone terminal, MAC should be opened again certainly and recognized Card, and apply for terminal security certificate again.
Access authentication of WLAN method of the invention uses the scheme of two steps certification: first using based on MAC Address Certificate scheme, use the scheme of terminal security certificate verification herein, two schemes combine, effectively prevent terminal and only rely on The mark easily stolen the problem of using of MAC Address as unique identification user.For example, MAC Address is easy through software modification, this Scheme is authenticated using two steps, if user A, has opened MAC certification for the first time, in the process opened, terminal can be by short message side Formula submits data to IDP certificate center, generates safety certificate by IDP certificate center, wherein the certificate includes end as described above End MAC Address and the information such as phone number for opening MAC certification, if the counterfeit MAC Address of party A-subscriber of other users, Then the MAC certification of the first step can be by authenticating in next second step: carrying out terminal user ID to the terminal Certification, i.e., the signature authentication initiated by terminal, whether the certification is correct in addition to certification MAC Address, also: terminal wireless local area network Account information and/or terminal wireless local area network encrypted message and the sequence number SID encrypted by special algorithm, counterfeit terminal It is these no above-mentioned data, therefore certification necessarily fails, user can be kicked offline.
As shown in figure 8, the embodiment of the present invention also provides a kind of terminal, comprising:
First sending module 811, for sending online request message to certificate server system, so that the authentication service Device system carries out based on MAC Address the terminal according to the terminal MAC address information carried in the online request message Access authentication of WLAN;
Second sending module 812, for sending authentication request message extremely after the access authentication of WLAN passes through The certificate server system, so that the certificate server system is according to the pre- first to file carried in the authentication request message For identifying the safety certificate of terminal, terminal user identity authentication is carried out to the terminal;
Processing module 813 is used for after terminal user identity authentication passes through, accessing WLAN, and in terminal After family authentication is obstructed, the connection with WLAN is disconnected.
Terminal of the invention uses the scheme of two steps certification: using the certificate scheme based on MAC Address first, furthermore uses The scheme of terminal certificate certification, two schemes combine, effectively prevent terminal and only rely on MAC Address as unique identification user Mark easily stolen the problem of using.
Wherein, as shown in figure 9, the first sending module 811 includes:
First sending submodule 911, for sending online request message to portal server so that portal server according to The terminal MAC address information carried in the online request message sends terminal wireless LAN subscriber information to verifying, award Power, book keeping operation aaa server, so that the aaa server is according to the terminal wireless LAN subscriber information prestored to the reception The terminal wireless LAN subscriber information that arrives carries out authentication, obtains authentication as a result, and by the authentication result Return to access control AC server;Wherein, the terminal wireless LAN subscriber information includes: terminal wireless local area network account letter Breath and/or terminal wireless local area network encrypted message;
Submodule 912 is accessed, for accessing wireless office after the AC server receives the successful result of authentication Domain net.
Above-mentioned terminal uses the certificate scheme based on MAC Address first, which is automatically initiated using server end It authenticates to reduce the difficulty of authenticated client, simplifies access operation, improve the rate of being successfully accessed, shorten user and access wireless office The time of domain net improves the experience perception of client.
Wherein, the terminal further include:
Third sending module, for sending charging request message to the aaa server, so that the aaa server root According to carried in the charging request message include terminal type charging distinguish information, meter is distinguished to the terminal Take.Using charging is distinguished, when distinguishing computer terminal and mobile phone terminal using WLAN, to use different charging plans Slightly, to encourage client to use WLAN by mobile phone, the network shunt effect of WLAN is played, the visitor of WLAN is used for mobile phone user Family, the more preferential rate of use.
Wherein, second sending module includes:
Second sending submodule, for after the access authentication of WLAN passes through, transmission to carry pre- first to file The safety certificate for identifying terminal and terminal wireless local area network account information authentication request message to portal server, So that portal server inquires user's shape from media access control service device according to the terminal wireless local area network account information State is to send the safety certificate to user identity after waiting terminal user identity authentication state and provide IDP server, so that institute IDP server terminal security certificate according to the pre-stored data is stated, the legitimacy of the safety certificate received described in verification obtains school Test as a result, and send the check results to portal server so that portal server is according to the check results to having accessed The terminal of WLAN carries out WLAN connection control;Wherein, the User Status is media access control service device After receiving the successful result of authentication by accessing control server forwarding, it is revised as waiting terminal user identity authentication State.
Terminal further uses terminal security certificate verification, effectively prevents terminal after above-mentioned MAC identifying procedure Only rely on the mark easily stolen the problem of using of MAC Address as unique identification user.
Wherein, as shown in Figure 10, the terminal further include:
4th sending module 1011, for send encryption comprising international mobile subscriber identity, terminal MAC address and The information of the one unique sequence numbers SID generated at random is to Short Message Service Gateway, so that the Short Message Service Gateway forwards the information to user Identity provides IDP server, so that the IDP server is by the phone number obtained from Short Message Service Gateway and will be described in encryption The international mobile subscriber identity that information obtains after being decrypted is sent to portal server and is verified, so that portal server According to the mapping table of the terminal phone number for having opened MAC certification and international mobile subscriber identity that prestore, docking The phone number and international mobile subscriber identity received carries out search comparison, and obtains search comparison result, and will The search comparison result is sent to the IDP server, so that the IDP server indicates institute in the search comparison result State international mobile subscriber identity and the phone number corresponding relationship it is legal after, generate safety certificate;Wherein, the safe-conduct Book carries the binding information of MAC Address, international mobile subscriber identity and phone number;
5th sending module 1012, for sending certificate request request message to the IDP server, so that the IDP Server is sent and the terminal MAC address pair according to the terminal MAC address information carried in the certificate request request message The safety certificate answered is to the terminal.
It should be noted that the terminal is system corresponding with above method embodiment, own in above method embodiment Implementation can also reach identical technical effect suitable for the embodiment of the terminal.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (8)

1. a kind of access authentication of WLAN method, applied to having opened the end based on medium access control MAC address authentication End, which is characterized in that the described method includes:
Online request message is sent to certificate server system, so that the certificate server system disappears according to online request The terminal MAC address information carried in breath carries out the access authentication of WLAN based on MAC Address to the terminal;
After the access authentication of WLAN passes through, transmission authentication request message to the certificate server system, so that The certificate server system is according to the pre- first to file carried in the authentication request message for identifying the safe-conduct of terminal Book carries out terminal user identity authentication to the terminal;
After terminal user identity authentication passes through, WLAN is accessed, and after terminal user identity authentication is obstructed, broken Open the connection with WLAN;
Wherein, the safety certificate can be applied as follows:
Send the unique sequence numbers SID of encryption generated at random comprising international mobile subscriber identity, terminal MAC address and one Information to Short Message Service Gateway so that the Short Message Service Gateway forwards the information to user identity to provide IDP server, so that described The international shifting that IDP server obtains after being decrypted by the phone number obtained from Short Message Service Gateway and by the information of encryption Dynamic CUSTOMER ID is sent to portal server and is verified, so that portal server is recognized according to the MAC Address of having opened prestored The terminal phone number of card and the mapping table of international mobile subscriber identity, to the phone number received and International mobile subscriber identity carries out search comparison, and obtains search comparison result, and the search comparison result is sent to The IDP server so that the IDP server the search comparison result indicate the international mobile subscriber identity with After the phone number corresponding relationship is legal, safety certificate is generated;Wherein, the safety certificate carries MAC Address, international shifting The binding information of dynamic CUSTOMER ID and phone number;
Certificate request request message is sent to the IDP server, so that the IDP server is requested according to the certificate request The terminal MAC address information carried in message sends safety certificate corresponding with the terminal MAC address to the terminal.
2. access authentication of WLAN method according to claim 1, which is characterized in that the transmission online request disappears Breath is to certificate server system, so that the certificate server system is according to the terminal MAC carried in the online request message Address information carries out the step of access authentication of WLAN based on MAC Address to the terminal and includes:
Online request message is sent to portal server, so that portal server is according to the end carried in the online request message Mac address information is held, sends terminal wireless LAN subscriber information to verifying, authorization, book keeping operation aaa server, so that the AAA Server according to the terminal wireless LAN subscriber information prestored to the terminal wireless LAN subscriber information received into Row authentication obtains authentication as a result, and the authentication result is returned to access control AC server;Wherein, institute Stating terminal wireless LAN subscriber information includes: terminal wireless local area network account information and/or terminal wireless local area network message in cipher Breath;
After the AC server receives the successful result of authentication, WLAN is accessed.
3. access authentication of WLAN method according to claim 2, which is characterized in that described in the AC server After receiving the successful result of authentication, access WLAN after the step of further include:
Charging request message is sent to the aaa server, so that the aaa server is taken according in the charging request message Band include terminal type charging distinguish information, charging is distinguished to the terminal.
4. access authentication of WLAN method according to claim 2, which is characterized in that described in the wireless local area After net access authentication passes through, authentication request message is sent to the certificate server system, so that the certificate server system According to the pre- first to file carried in the authentication request message for identifying the safety certificate of terminal, the terminal is carried out eventually The step of end subscriber authentication includes:
After the access authentication of WLAN passes through, the safety certificate for being used to identify terminal for carrying pre- first to file is sent And the authentication request message of terminal wireless local area network account information is to portal server, so that portal server is according to the end End WLAN account information inquires User Status from media access control service device to wait terminal user identity authentication After state, sends the safety certificate to user identity and IDP server is provided, so that the IDP server is according to being stored in advance Terminal security certificate, the legitimacy of the safety certificate received described in verification obtains check results, and sends the verification and tie Fruit is to portal server, so that portal server carries out wirelessly the terminal for having accessed WLAN according to the check results LAN connection control;Wherein, the User Status is that media access control service device is being received by accessing control server After the successful result of the authentication of forwarding, it is revised as waiting terminal user identity authentication state.
5. a kind of terminal characterized by comprising
First sending module, for sending online request message to certificate server system, so that the certificate server system The wireless office based on MAC Address is carried out to the terminal according to the terminal MAC address information carried in the online request message Domain net access authentication;
Second sending module is recognized for after the access authentication of WLAN passes through, sending authentication request message to described Server system is demonstrate,proved, so that the certificate server system is used for according to the pre- first to file carried in the authentication request message The safety certificate for identifying terminal carries out terminal user identity authentication to the terminal;
Processing module, for accessing WLAN, and recognize in terminal user ID after terminal user identity authentication passes through Demonstrate,prove it is obstructed after, disconnect and the connection of WLAN;
4th sending module, for sending the random raw comprising international mobile subscriber identity, terminal MAC address and one of encryption At unique sequence numbers SID information to Short Message Service Gateway so that the Short Message Service Gateway forwards the information to user identity to provide IDP server, so that the IDP server is carried out by the phone number obtained from Short Message Service Gateway and by the information of encryption The international mobile subscriber identity obtained after decryption is sent to portal server and is verified, so that portal server is according to prestoring Opened MAC certification terminal phone number and international mobile subscriber identity mapping table, to the institute received It states phone number and international mobile subscriber identity carries out search comparison, and obtain search comparison result, and by the search Comparison result is sent to the IDP server, so that the IDP server is in the search comparison result instruction international shifting After dynamic CUSTOMER ID and the phone number corresponding relationship are legal, safety certificate is generated;Wherein, the safety certificate carries The binding information of MAC Address, international mobile subscriber identity and phone number;
5th sending module, for sending certificate request request message to the IDP server, so that the IDP server root According to the terminal MAC address information carried in the certificate request request message, safety corresponding with the terminal MAC address is sent Certificate is to the terminal.
6. terminal according to claim 5, which is characterized in that first sending module includes:
First sending submodule, for sending online request message to portal server, so that portal server is according on described The terminal MAC address information carried in net request message sends terminal wireless LAN subscriber information to verifying, authorization, book keeping operation Aaa server, so that the aaa server is according to the terminal wireless LAN subscriber information prestored to the terminal received Wireless local network user information carries out authentication, obtains authentication as a result, and the authentication result is returned to access Control AC server;Wherein, the terminal wireless LAN subscriber information include: terminal wireless local area network account information and/or Terminal wireless local area network encrypted message;
Submodule is accessed, for accessing WLAN after the AC server receives the successful result of authentication.
7. terminal according to claim 6, which is characterized in that the terminal further include:
Third sending module, for sending charging request message to the aaa server, so that the aaa server is according to institute State carried in charging request message include terminal type charging distinguish information, charging is distinguished to the terminal.
8. terminal according to claim 6, which is characterized in that second sending module includes:
Second sending submodule, for sending the use for carrying pre- first to file after the access authentication of WLAN passes through In the safety certificate of mark terminal and the authentication request message of terminal wireless local area network account information to portal server, so that Portal server inquires User Status from media access control service device according to the terminal wireless local area network account information After waiting terminal user identity authentication state, sends the safety certificate to user identity and IDP server is provided, so that described IDP server terminal security certificate according to the pre-stored data, the legitimacy of the safety certificate received described in verification obtain verification As a result, and send the check results to portal server so that portal server is according to the check results to having accessed nothing The terminal of line local area network carries out WLAN connection control;Wherein, the User Status is that media access control service device exists After receiving the successful result of authentication by accessing control server forwarding, it is revised as waiting terminal user identity authentication shape State.
CN201410168868.2A 2014-04-24 2014-04-24 A kind of access authentication of WLAN method and terminal Active CN105007579B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410168868.2A CN105007579B (en) 2014-04-24 2014-04-24 A kind of access authentication of WLAN method and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410168868.2A CN105007579B (en) 2014-04-24 2014-04-24 A kind of access authentication of WLAN method and terminal

Publications (2)

Publication Number Publication Date
CN105007579A CN105007579A (en) 2015-10-28
CN105007579B true CN105007579B (en) 2019-03-15

Family

ID=54380058

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410168868.2A Active CN105007579B (en) 2014-04-24 2014-04-24 A kind of access authentication of WLAN method and terminal

Country Status (1)

Country Link
CN (1) CN105007579B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450637A (en) * 2015-11-09 2016-03-30 歌尔声学股份有限公司 Single sign-on method and device for multiple application systems
CN105657746B (en) * 2016-01-05 2019-09-13 上海斐讯数据通信技术有限公司 A kind of wireless terminal fast roaming system and method based on AP syntople
CN105897724A (en) * 2016-05-05 2016-08-24 张胜利 Method for wireless terminal networking based on fat APs and method for wandering among fat APs
CN106341413A (en) * 2016-09-29 2017-01-18 上海斐讯数据通信技术有限公司 Portal authentication method and device
CN107968803B (en) * 2016-10-20 2021-06-15 中国电信股份有限公司 Remote evidence obtaining method and device for mobile terminal, mobile terminal and system
CN106604276A (en) * 2016-11-30 2017-04-26 深圳众思科技有限公司 Wireless local area network access method and wireless local area network access device
CN106850401A (en) * 2017-01-11 2017-06-13 上海斐讯数据通信技术有限公司 A kind of wireless authentication device, system and its authentication method
CN106954213A (en) * 2017-03-07 2017-07-14 上海斐讯数据通信技术有限公司 A kind of system of real name wireless authentication cut-in method and system
CN107342998A (en) * 2017-07-04 2017-11-10 四川云物益邦科技有限公司 The personal information extracting method realized by movable storage device
CN107864475B (en) * 2017-12-20 2021-05-28 中电福富信息科技有限公司 WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password
CN108337651A (en) * 2018-03-21 2018-07-27 中国铁路西安局集团有限公司 The method, apparatus of mobile terminal and the server communication in LAN
CN110324287B (en) * 2018-03-31 2020-10-23 华为技术有限公司 Access authentication method, device and server
CN109347841B (en) * 2018-10-26 2021-08-10 深圳市元征科技股份有限公司 MAC address authentication method, device, terminal, server and storage medium
CN109617895A (en) * 2018-12-27 2019-04-12 东莞见达信息技术有限公司 Access safety control method and system
CN109818936A (en) * 2018-12-29 2019-05-28 北京奇安信科技有限公司 IP address-based server info processing method and processing device
CN109561431B (en) * 2019-01-17 2021-07-27 西安电子科技大学 WLAN access control system and method based on multi-password identity authentication
CN109769249B (en) * 2019-01-30 2022-03-01 新华三技术有限公司 Authentication method, system and device
JP6833906B2 (en) * 2019-05-28 2021-02-24 Necプラットフォームズ株式会社 Wireless systems, wireless system control methods and wireless system control programs
CN110247917B (en) * 2019-06-20 2021-09-10 北京百度网讯科技有限公司 Method and apparatus for authenticating identity
CN111240867B (en) * 2020-01-21 2023-11-03 中移(杭州)信息技术有限公司 Information communication system and method
CN111953658A (en) * 2020-07-20 2020-11-17 广州灏博信息技术有限公司 Paperless intelligent conference management system and method
CN112311766B (en) * 2020-09-29 2022-04-01 新华三大数据技术有限公司 Method and device for acquiring user certificate and terminal equipment
CN113630405B (en) * 2021-07-30 2023-05-02 北京达佳互联信息技术有限公司 Network access authentication method and device, electronic equipment and storage medium
CN113612780B (en) * 2021-08-05 2023-04-07 中国电信股份有限公司 Certificate request, generation and access methods, devices, communication equipment and medium
CN114050901B (en) * 2021-09-28 2023-10-27 新华三大数据技术有限公司 Authentication method and device of terminal, electronic equipment and readable storage medium
CN115175118B (en) * 2022-07-05 2024-02-13 中国联合网络通信集团有限公司 Communication service complementary system and method based on cooperative WiFi

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN103501495A (en) * 2013-10-16 2014-01-08 苏州汉明科技有限公司 Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212297B (en) * 2006-12-28 2012-01-25 中国移动通信集团公司 WEB-based WLAN access authentication method and system
CN103079201B (en) * 2011-10-26 2015-06-03 中兴通讯股份有限公司 Fast authentication method, access controller (AC) and system for wireless local area network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1842000A (en) * 2005-03-29 2006-10-04 华为技术有限公司 Method for realizing access authentication of WLAN
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN103501495A (en) * 2013-10-16 2014-01-08 苏州汉明科技有限公司 Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication

Also Published As

Publication number Publication date
CN105007579A (en) 2015-10-28

Similar Documents

Publication Publication Date Title
CN105007579B (en) A kind of access authentication of WLAN method and terminal
US9020467B2 (en) Method of and system for extending the WISPr authentication procedure
US11743728B2 (en) Cross access login controller
US9237142B2 (en) Client and server group SSO with local openID
CN104936178B (en) Wireless power sending device, the method for signaling for the method for the access information of cordless communication network and for authorizing wireless power receiving device
US20070178885A1 (en) Two-phase SIM authentication
CN105024980B (en) A kind of online near-field payment system and method based on phone number
US20100183002A1 (en) Policy control and billing support for call transfer in a session initiation protocol (sip) network
DK2924944T3 (en) Presence authentication
CN101621801A (en) Method, system, server and terminal for authenticating wireless local area network
CN101867476A (en) 3G virtual private dialing network user safety authentication method and device thereof
WO2006125359A1 (en) A method for implementing the access domain security of an ip multimedia subsystem
WO2009074050A1 (en) A method, system and apparatus for authenticating an access point device
US7716723B1 (en) System and method for network user authentication
CN100583759C (en) Method for realizing synchronous identification between different identification control equipments
TW200814703A (en) Method and system of authenticating the identity of the client
JP6155237B2 (en) Network system and terminal registration method
WO2015100874A1 (en) Home gateway access management method and system
CN105409259B (en) Telephone service is provided by WIFI for non-cellular
CN102905258A (en) Own business authentication method and system
CN109361659A (en) A kind of authentication method and device
CN101848228B (en) Method and system for authenticating computer terminal server ISP identity by using SIM cards
JP5670926B2 (en) Wireless LAN access point terminal access control system and authorization server device
CN108271152B (en) WLAN authentication method, authentication platform and portal server
KR20170070379A (en) cryptograpic communication method and system based on USIM card of mobile device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant