CN105142146B - Authentication method, device and system for WIFI hotspot access - Google Patents

Authentication method, device and system for WIFI hotspot access Download PDF

Info

Publication number
CN105142146B
CN105142146B CN201510616757.8A CN201510616757A CN105142146B CN 105142146 B CN105142146 B CN 105142146B CN 201510616757 A CN201510616757 A CN 201510616757A CN 105142146 B CN105142146 B CN 105142146B
Authority
CN
China
Prior art keywords
authentication
user
authentication request
request
current user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510616757.8A
Other languages
Chinese (zh)
Other versions
CN105142146A (en
Inventor
乐毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taizhou Jiji Intellectual Property Operation Co.,Ltd.
Original Assignee
Taizhou Jiji Intellectual Property Operation Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taizhou Jiji Intellectual Property Operation Co ltd filed Critical Taizhou Jiji Intellectual Property Operation Co ltd
Priority to CN201510616757.8A priority Critical patent/CN105142146B/en
Publication of CN105142146A publication Critical patent/CN105142146A/en
Application granted granted Critical
Publication of CN105142146B publication Critical patent/CN105142146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

The invention discloses an authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests; if the result is abnormal, the authentication request of the user is not passed through S30; and S40, generating a WIFI authentication code according to the authentication request of the user when the WIFI authentication code is not abnormal. The invention introduces a safety detection mechanism aiming at multiple frequent short message authentication requests, thereby solving the authentication safety problem of WIFI hotspot access.

Description

Authentication method, device and system for WIFI hotspot access
Technical Field
The invention relates to the field of wireless communication, in particular to a method, a device and a system for authenticating WIFI hotspot access.
Background
The method has the advantages that wireless coverage is more and more at present, mobile terminal equipment such as mobile phones is more and more used, internet surfing is achieved through WiFi (wireless fidelity) to become a current mainstream mode, short message authentication is one of the common modes of wireless Portal authentication, certain security loopholes exist, in one case, when a user inputs a mobile phone number to click to obtain a short message authentication code, the short message authentication code is not received within 60 seconds, a Portal page can be refreshed repeatedly, and the short message authentication code can be obtained repeatedly after being submitted for multiple times.
The prior art can limit the resubmission within 60 seconds through the local cookie of the browser, but the method using some local cookies of the browser fails, the loophole can be utilized by hackers, and large-scale short message authentication requests are sent, so that the server is abnormal, and the short message limit is exhausted quickly.
Disclosure of Invention
The invention aims to provide a WIFI hotspot access authentication method, device and system, which improve the safety of WIFI internet access.
The technical scheme provided by the invention is as follows:
the invention discloses an authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests; if the result is abnormal, the authentication request of the user is not passed through S30; when the S40 does not belong to the abnormality, the authentication request by the user is passed.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s23 judging whether the current user 'S authentication request is abnormal according to the current user' S authentication request times; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s231, when the number of times of the authentication request of the user is greater than the preset first number of times, judging that the current authentication request of the current user is abnormal and does not pass the current authentication request of the current user, and executing the step S30; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s2311, when the number of times of the authentication request of the user is greater than the preset first number of times and less than the preset second number of times, determining that the current authentication request of the user is abnormal, adding the terminal where the current user is located to a blacklist of a second preset time, and not receiving the authentication request of the user within the second preset time, and performing step S30; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s2312, when the number of times of the authentication request of the user is greater than the preset second number of times, judging that the authentication request of the current user is abnormal, adding the terminal where the current user is located into a permanent blacklist, and executing the step S30 without receiving the authentication request of the user; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention also discloses another authentication method for WIFI hotspot access, which comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s231, when the number of times of the authentication request of the user is greater than the preset first number of times, judging that the current authentication request of the current user is abnormal and does not pass the current authentication request of the current user, and executing the step S30; s2321, when the authentication request times of the user is less than or equal to a preset first time, the latest authentication request of the current user in the history request record is searched; s2322 judges whether the status flag bit of the latest authentication request is in an accepting state; if yes, executing step S2323; otherwise, executing step S401; s2323 compares whether a difference between the request timestamp of the current authentication request of the current user and the request timestamp of the latest authentication request is smaller than a preset difference; if yes, go to step S301; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
The invention discloses an authentication device for WIFI hotspot access, which comprises an AC server: the AC server includes: the receiving module is used for receiving an authentication request which is sent by a user and carries identification information; the abnormity judgment module is used for counting the times of the authentication request of the current user according to the identification information and judging whether the authentication request of the current user is abnormal or not according to the times of the authentication request; and the execution module is used for not passing the authentication request of the user when the authentication request of the current user is abnormal, and is also used for passing the authentication request of the user when the authentication request of the current user is not abnormal.
The invention also discloses another authentication device for WIFI hotspot access, and the authentication device comprises the AC server: the AC server includes: the receiving module is used for receiving an authentication request which is sent by a user and carries identification information; the abnormity judgment module is used for counting the times of the authentication request of the current user according to the identification information and judging whether the authentication request of the current user is abnormal or not according to the times of the authentication request; the execution module is used for not passing the authentication request of the user when the authentication request of the current user is abnormal and also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; and the authentication code generation module is used for generating an authentication code for accessing the WIFI hotspot when the execution module passes the authentication request of the current user.
Further preferably, the identification information includes a mobile phone number of the user, a request timestamp, and a terminal MAC address.
The invention discloses an authentication device for WIFI hotspot access, which comprises an AC server: the AC server includes: the receiving module is used for receiving an authentication request which is sent by a user and carries identification information; the abnormity judgment module is used for counting the times of the authentication request of the current user according to the identification information and judging whether the authentication request of the current user is abnormal or not according to the times of the authentication request; the execution module is used for not passing the authentication request of the user when the authentication request of the current user is abnormal and also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; the authentication code generation module is used for generating an authentication code for accessing the WIFI hotspot when the execution module passes the authentication request of the current user; the recording module is used for recording all authentication requests of a user within first preset time; the authentication request comprises identification information of a user and a request timestamp; the identification module is used for adding a state flag bit to the authentication request to identify that the authentication request is in an accepting state or a rejecting state; and the generating module is used for generating a history request record according to all the authentication requests.
The invention discloses an authentication device for WIFI hotspot access, which comprises an AC server: the AC server includes: the receiving module is used for receiving an authentication request which is sent by a user and carries identification information; the searching module is used for searching whether the historical request record has the authentication request of the current user according to the identification information; the statistical module is used for counting the authentication request times of the current user when the authentication request of the current user exists in the history request record; the judging module is used for judging whether the authentication request of the current user is abnormal or not according to the authentication request times of the current user; the execution module is used for not passing the authentication request of the user when the authentication request of the current user is abnormal and also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; the authentication code generation module is used for generating an authentication code for accessing the WIFI hotspot when the execution module passes the authentication request of the current user; the recording module is used for recording all authentication requests of a user within first preset time; the authentication request comprises identification information of a user and a request timestamp; the identification module is used for adding a state flag bit to the authentication request to identify that the authentication request is in an accepting state or a rejecting state; and the generating module is used for generating a history request record according to all the authentication requests.
The invention also discloses an authentication system for WIFI hotspot access, which comprises the device, a terminal and a short message gateway; the terminal is used for generating an authentication request according to the identification information input by the user and sending the authentication request to the AC server; the AC server is used for judging whether the authentication request is abnormal or not, passing the authentication request when the authentication request is judged to be abnormal, generating an authentication code for WIFI hotspot access according to the authentication request and sending the authentication code to a short message gateway; the short message gateway forwards the authentication code to a terminal; and the terminal receives the authentication code and is connected with the WIFI hotspot through the authentication code.
Compared with the prior art, the method and the system have the advantages that the AC server is utilized to carry out anomaly detection, whether the behavior submitted by the user meets the requirement or not is judged, namely the same mobile phone number is refused to repeatedly submit the application short message authentication code within 60 seconds, whether the application short message authentication code enters a blacklist or not is determined according to the repeated submission frequency, and the user terminal equipment is directly kicked out when the situation is serious.
Drawings
The foregoing features, technical features, advantages and embodiments of one or more embodiments of the present invention are explained in detail below with reference to the accompanying drawings.
Fig. 1 is a main flowchart of an authentication method for WIFI hotspot access according to the present invention;
fig. 2 is a complete flowchart of an authentication method for WIFI hotspot access according to the present invention;
fig. 3 is a schematic diagram of a main component structure of an authentication device for WIFI hotspot access according to the present invention;
fig. 4 is a schematic diagram of a complete composition structure of an authentication device for WIFI hotspot access according to the present invention;
fig. 5 is a schematic structural diagram of a configuration of an authentication system for WIFI hotspot access according to the present invention;
fig. 6 is a partial flowchart of an authentication system for WIFI hotspot access according to the present invention.
The reference numbers illustrate:
100, an authentication device for WIFI hotspot access, 1, a receiving module, 2, an abnormality judging module, 21, a searching module, 22, a counting module, 23, a judging module, 3, an executing module, 4, an authentication code generating module, 5, a recording module, 6, an identification module, 7, a history request record generating module;
200. and the terminal 300 is a short message gateway.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
When a user selects the SSID of one AP through a terminal and connects to a WiFi network after association, the AP (Access Point) pops up a Portal page through a user browser, a mobile phone number is required to be input for using short message authentication, the user inputs the mobile phone number, the authentication code is prompted to be obtained through clicking, and the WIFI hotspot is accessed after the authentication is successfully obtained through inputting the authentication code. Short message authentication usually encounters repeated authentication or hacking, thereby causing security problems.
Fig. 1 is a main flowchart of an authentication method for WIFI hotspot access according to the present invention. As shown in fig. 1, an authentication method for WIFI hotspot access includes: s10, receiving an authentication request carrying identification information sent by a user; s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests; if the result is abnormal, the authentication request of the user is not passed through S30; when the S40 does not belong to the abnormality, the authentication request by the user is passed. .
Specifically, in this embodiment, the identification information includes, but is not limited to, a mobile phone number of the user. The authentication request provided by the user is firstly detected by the AC server, the AC server judges whether the authentication request is abnormal or not, when the authentication request meets the requirement, the authentication request is forwarded to the short message gateway, and the short message gateway generates an authentication code according to the received authentication request so that the user can access the WIFI hotspot.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
Specifically, in this embodiment, the first preset time is set to 30 minutes, and may be set to other times according to actual situations, which is not limited specifically. After receiving the authentication request of the user, the AC server records the authentication request list of the user (using the mobile phone number keyword) in the last 30 minutes as required, the field contents include the STA MAC address, the AP SN, the mobile phone number and the request timestamp, and adds a Flag bit field Flag to identify whether the state of the request is accepted or rejected, and the specific table fields are shown in table 1.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s23 judging whether the current user 'S authentication request is abnormal according to the current user' S authentication request times; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
Specifically, in this embodiment, the AC server searches whether there is the same record in the history request record by using the mobile phone number of the user as a keyword, and if the history request record is empty, the user is considered as a first request, and through the authentication request, the record Flag is accepted, and through the authentication request, the short message gateway receives the authentication request, generates an authentication code according to the authentication request, and sends the authentication code to the user, and the user inputs the received authentication code and can immediately access the WIFI hotspot. If the request record of the same user is found in the history request record, the AC server counts the number of times of the user request in the last 30 minutes, wherein the number of times of the user request comprises two states of a receiving state Flag (Accept) and a rejecting state Flag (Deny). And judging whether the request is abnormal or not according to the number of the requests of the user in the last 30 minutes.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s231, when the number of times of the authentication request of the user is greater than the preset first number of times, judging that the current authentication request of the current user is abnormal and does not pass the current authentication request of the current user, and executing the step S30; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
Specifically, in this embodiment, the preset first number of times is 10, that is, when the number of times of the authentication request of the user is greater than 10 times, it is determined that the current authentication request of the user is abnormal and does not pass the current authentication request of the user.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s2311, when the number of times of the authentication request of the user is greater than the preset first number of times and less than the preset second number of times, determining that the current authentication request of the user is abnormal, adding the terminal where the current user is located to a blacklist of a second preset time, and not receiving the authentication request of the user within the second preset time, and performing step S30; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user. .
Specifically, in this embodiment, the preset first number is 10, and the second number is 1000, that is, when the number of times of the authentication request of the user is greater than 10 and less than 1000, it is determined that the current authentication request of the current user is abnormal, the current authentication request of the current user is not passed, the AP device associated with the current user is searched through the AP SN, the user is immediately kicked away through the AP, the terminal MAC is added to the AP blacklist of all the second preset times in the network area, and the wireless association request of the user is no longer received. In this embodiment, the second preset time is set to 24 hours, that is, the authentication request of the user is no longer accepted within 24 hours.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s2312, when the number of times of the authentication request of the user is greater than the preset second number of times, judging that the authentication request of the current user is abnormal, adding the terminal where the current user is located into a permanent blacklist, and executing the step S30 without receiving the authentication request of the user; s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
Specifically, in this embodiment, the preset first number is 10, the second number is 1000, and the authentication request is sent more than 1000 times at the same time in a short time, so that the user is considered to have a hacking behavior, the AP SN is used to search for the AP device associated with the user, the AP is used to immediately kick off the user, and the terminal MAC is added to all the permanent AP blacklists in the network area, and the wireless association request of the user is not received.
The embodiment is improved to obtain another authentication method for WIFI hotspot access, and the authentication method comprises the following steps: s10, receiving an authentication request carrying identification information sent by a user; s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401; s22, counting the authentication request times of the current user according to the history request record; s230, judging whether the authentication request times of the current user is less than or equal to a preset first time; s231, when the number of times of the authentication request of the user is greater than the preset first number of times, judging that the current authentication request of the current user is abnormal and does not pass the current authentication request of the current user, and executing the step S30; s2321, when the authentication request times of the user is less than or equal to a preset first time, the latest authentication request of the current user in the history request record is searched; s2322 judges whether the status flag bit of the latest authentication request is in an accepting state; if yes, executing step S2323; otherwise, executing step S401; s2323 compares whether a difference between the request timestamp of the current authentication request of the current user and the request timestamp of the latest authentication request is smaller than a preset difference; if yes, go to step S301; otherwise, executing step S401; s30, if the authentication request is abnormal, recording all authentication requests of the user within a first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests; not passing the authentication request of the user; when the S40 does not belong to the abnormity, recording all authentication requests of the user within a first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests, and passing the authentication requests of the user.
Specifically, in this embodiment, the preset first number is 10.
The AC server searches whether the same record exists in the history request record by using the mobile phone number of the user as a keyword, and if the same record exists, the AC server counts the number of times of the user request in the last 30 minutes (the 30 minutes is the first preset time), wherein the number of times of the user request comprises two states of Flag ═ Accept and Deny.
If the number of request times N is 10, searching the latest authentication request in the history request record through the mobile phone number, judging whether the Flag bit is Flag is Accept, if not, considering the user as the first request, and passing the authentication request; if one authentication request record is found, the time stamps of two authentication requests are compared.
If the timestamp difference of the two authentication requests is smaller than or equal to the preset difference, (in this embodiment, the preset difference is set to 60 seconds), the authentication request is ignored, the authentication request is recorded in the history request record, and the status Flag of the authentication request is set to Deny.
If the difference value of the timestamps of the two authentication requests is more than 60 seconds, the authentication request is passed, an authentication code is generated according to the authentication request, and the authentication code is sent to the user through the short message gateway; meanwhile, the authentication request is recorded in the history request record, and the status Flag of the authentication request is set to Accept.
According to the invention, the AC server is used for carrying out abnormity detection on the user authentication request frequency, whether the behavior submitted by the user meets the requirement is judged, namely, the same mobile phone number is refused to repeatedly submit the application short message authentication code within the specified time, whether the application short message authentication code enters a blacklist is determined according to the repeated submission frequency, and the user terminal equipment is directly kicked out in case of serious conditions, so that the system safety is ensured, and wireless resources and economic resources are saved.
Fig. 2 is a complete flowchart of an authentication method for WIFI hotspot access according to the present invention. The working process of the invention is described in detail in connection with the complete flow chart.
S10 receives the authentication request sent by the user.
S21, searching the history record, and judging whether the authentication request of the current user exists; if yes, go to step S22; otherwise, step S401 is executed.
S22 counts the number of authentication requests of the current user.
S230 determining whether the number of times of the authentication request is less than or equal to a preset first number of times, if so, performing step S2321; otherwise, steps S2311 and S2312 are performed.
S2311, if the number of times of the authentication request from the user is greater than the first number and less than the second number, adding the terminal where the current user is located to the AP blacklist for the second preset time, and performing step S30.
S2312, if the number of times of the authentication request of the user is greater than the preset second number of times, adding the terminal where the current user is located to the permanent AP blacklist, and performing step S30.
S2321 searches for the last authentication request of the current user in the history request record.
S2322 determines whether the status flag of the latest authentication request is in an accepted status, if so, step S2323 is executed, otherwise, step S401 is executed.
S2323 determines whether a difference between the request timestamp of the current authentication request of the current user and the request timestamp of the latest authentication request is smaller than a preset difference, if so, executes step S301, otherwise, executes step S401.
S301, recording an authentication request, and marking a status flag bit of the authentication request as a rejection status; a history request record is generated.
S30 ignores the authentication request.
S401, recording an authentication request, and marking a status flag bit of the authentication request as a rejection status; a history request record is generated.
And S40, generating a WIFI authentication code for accessing the WIFI hotspot at the same time according to the authentication request of the current user, and sending the WIFI authentication code to the user.
It should be noted that, step S2311 and step S2312 in fig. 2 may also go directly to step S301, that is, record the authentication request of the user this time before ignoring the authentication request, and identify the status flag of the authentication request as reject.
Fig. 3 is a schematic diagram illustrating a configuration of an authentication device for WIFI hotspot access according to the present invention, and as shown in fig. 3, an authentication device 100 for WIFI hotspot access, using the above method, includes: the AC server includes: the receiving module 1 is used for receiving an authentication request which is sent by a user and carries identification information; an anomaly determination module 232, configured to count the authentication request times of the current user according to the identification information, and determine whether the authentication request of the current user is abnormal according to the authentication request times; the execution module 3 is configured to not pass the authentication request of the user when the authentication request of the current user is abnormal, and is further configured to pass the authentication request of the user when the authentication request of the current user is not abnormal.
The above embodiment is improved to obtain another authentication apparatus 100 for WIFI hotspot access, and using the above method, the authentication apparatus includes: the AC server includes: the receiving module 1 is used for receiving an authentication request which is sent by a user and carries identification information; an anomaly determination module 232, configured to count the authentication request times of the current user according to the identification information, and determine whether the authentication request of the current user is abnormal according to the authentication request times; the execution module 3 is used for not passing the authentication request of the user when the authentication request of the current user is abnormal, and is also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; and the authentication code generating module 4 is configured to generate an authentication code for accessing the WIFI hotspot when the executing module 3 passes the authentication request of the current user.
The above embodiment is improved to obtain another authentication apparatus 100 for WIFI hotspot access, and using the above method, the authentication apparatus includes: the AC server includes: the receiving module 1 is used for receiving an authentication request which is sent by a user and carries identification information; an anomaly determination module 232, configured to count the authentication request times of the current user according to the identification information, and determine whether the authentication request of the current user is abnormal according to the authentication request times; the execution module 3 is used for not passing the authentication request of the user when the authentication request of the current user is abnormal, and is also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; the authentication code generation module 4 is configured to generate an authentication code for accessing the WIFI hotspot when the execution module 3 passes the current authentication request of the current user; the recording module 5 is used for recording all authentication requests of a user within a first preset time; the authentication request comprises identification information of a user and a request timestamp; an identification module 6, configured to add a status flag bit to the authentication request to identify that the authentication request is in an accept or reject status; and a history request record generating module 7, configured to generate a history request record according to all the authentication requests.
The above embodiment is improved to obtain another authentication apparatus 100 for WIFI hotspot access, and using the above method, the authentication apparatus includes: the AC server includes: the receiving module 1 is used for receiving an authentication request which is sent by a user and carries identification information; the searching module 21 is configured to search whether an authentication request of a current user exists in a history request record according to the identification information; a counting module 22, configured to count the number of times of authentication requests of the current user when the history request record includes the authentication request of the current user; the judging module 23 is configured to judge whether the current authentication request of the current user is abnormal according to the number of times of the authentication request of the current user; the execution module 3 is used for not passing the authentication request of the user when the authentication request of the current user is abnormal, and is also used for passing the authentication request of the user when the authentication request of the current user is not abnormal; the authentication code generation module 4 is configured to generate an authentication code for accessing the WIFI hotspot when the execution module 3 passes the current authentication request of the current user; the recording module 5 is used for recording all authentication requests of a user within a first preset time; the authentication request comprises identification information of a user and a request timestamp; an identification module 6, configured to add a status flag bit to the authentication request to identify that the authentication request is in an accept or reject status; and the generating module is used for generating a history request record according to all the authentication requests.
Fig. 5 is a block diagram of an authentication system for WIFI hotspot access according to the present invention, as shown in fig. 5, including the above devices, further including a terminal 200 and a short message gateway 300; the terminal 200 is configured to generate an authentication request according to the identification information input by the user and send the authentication request to the AC server; the AC server is used for judging whether the authentication request is abnormal or not, passing the authentication request when the authentication request is judged to be abnormal, generating an authentication code for WIFI hotspot access according to the authentication request, and sending the authentication code to the short message gateway 300; the short message gateway 300 forwards the authentication code to the terminal 200; and the terminal 200 receives the authentication code and is connected with the WIFI hotspot through the authentication code.
Fig. 6 is a partial flowchart of an authentication system for WIFI hotspot access according to the present invention.
S60 the user connects to the AP.
S70 judging whether the user is in the blacklist; if yes, go to step S90 to reject the authentication request; otherwise, step S80 is executed.
S80 provides the authentication page to the user, and generates an authentication request based on the identification information of the user.
S10 receives the authentication request sent by the user.
It should be noted that the above embodiments can be freely combined as necessary. The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A WIFI hotspot access authentication method is characterized by comprising the following steps:
s10, receiving an authentication request which is sent by a user and carries identification information, wherein the identification information comprises a terminal MAC address of the user;
s20, counting the authentication request times of the current user according to the identification information; judging whether the current authentication request of the user is abnormal or not according to the times of the authentication requests;
if the S30 is abnormal, the authentication request of the user is not passed and the record is carried out;
s40, when the WIFI authentication code does not belong to the abnormity, the WIFI authentication code is generated by recording the authentication request of the user;
the authentication method further comprises the step that the user receives the WIFI authentication code and is connected with a WIFI hotspot through the WIFI authentication code;
wherein step S20 includes: when the authentication request times of the user are larger than a preset first time and smaller than a preset second time, judging that the authentication request of the current user is abnormal, adding a terminal where the current user is located into a second preset time blacklist, and not receiving the authentication request of the user within second preset time; and when the authentication request times of the user is greater than the preset second times, judging that the authentication request of the current user is abnormal, adding the terminal MAC address corresponding to the current user into a permanent blacklist, and not receiving the authentication request of the user.
2. The method of authenticating WIFI hotspot access of claim 1, wherein steps S30, S40 are preceded by steps S301, S401:
s301, recording all authentication requests of a user within first preset time; identifying the status flag bit of the authentication request as a rejection status; generating a history request record according to all the authentication requests;
s401, recording all authentication requests of a user in first preset time; marking the authentication request adding state flag bit as an accepting state; and generating a history request record according to all the authentication requests.
3. The WIFI hotspot access authentication method of claim 2, wherein the step S20 specifically includes:
s21, according to the identification information, searching whether the history request record has the authentication request of the current user; if yes, executing the next step; otherwise, executing S401;
s22, counting the authentication request times of the current user according to the history request record;
s23 judging whether the current user 'S authentication request is abnormal according to the current user' S authentication request times; if yes, the authentication request of the user is not passed; otherwise, step S401 is executed.
4. The method for authenticating WIFI hotspot access of claim 3, wherein step S23 includes:
s230, judging whether the authentication request times of the current user is less than or equal to a preset first time;
s231, when the number of times of the authentication request of the user is greater than the preset first number of times, judging that the current authentication request of the current user is abnormal and does not pass the current authentication request of the current user, and executing the step S30;
s232, when the times of the authentication requests of the user are less than or equal to a preset first time, continuously judging whether the authentication request of the current user is abnormal; if yes, the authentication request of the user is not passed; otherwise, step S401 is executed.
5. The method of claim 4, wherein step S232 includes the steps of:
s2321, when the authentication request times of the user is less than or equal to a preset first time, the latest authentication request of the current user in the history request record is searched;
s2322 judges whether the status flag bit of the latest authentication request is in an accepting state; if yes, executing step S2323; otherwise, executing step S401;
s2323 compares whether a difference between the request timestamp of the current authentication request of the current user and the request timestamp of the latest authentication request is smaller than a preset difference; if yes, go to step S301; otherwise, step S401 is executed.
6. The method of claim 1, wherein the identification information includes a user's phone number and a request timestamp.
7. An authentication device for WIFI hotspot access, applied to the authentication method of any one of claims 1 to 6, comprising the AC server:
the AC server includes:
the receiving module is used for receiving an authentication request which is sent by a user and carries identification information;
the abnormity judgment module is used for counting the times of the authentication request of the current user according to the identification information, judging whether the authentication request of the current user is abnormal or not according to the times of the authentication request and recording;
the execution module is used for not passing the authentication request of the user when the authentication request of the current user is abnormal, and is also used for passing the authentication request of the user and recording when the authentication request of the current user is not abnormal; and
the authentication code generation module is used for generating an authentication code for accessing the WIFI hotspot when the execution module passes the authentication request of the current user;
the user receives an authentication code for accessing the WIFI hotspot and is connected with the WIFI hotspot through the authentication code.
8. The apparatus of claim 7, further comprising:
the recording module is used for recording all authentication requests of a user within first preset time; the authentication request comprises identification information of a user and a request timestamp;
the identification module is used for adding a state flag bit to the authentication request to identify that the authentication request is in an accepting state or a rejecting state;
and the history request record generating module is used for generating a history request record according to all the authentication requests.
9. The apparatus for authenticating WIFI hotspot access of claim 8, wherein the anomaly determination module comprises:
the searching module is used for searching whether the historical request record has the authentication request of the current user according to the identification information;
the statistical module is used for counting the authentication request times of the current user when the authentication request of the current user exists in the history request record;
and the judging module is used for judging whether the authentication request of the current user is abnormal or not according to the authentication request times of the current user.
10. An authentication system for WIFI hotspot access, which is characterized by comprising the authentication device of any one of claims 7 to 9, a terminal and a short message gateway;
the terminal is used for generating an authentication request according to the identification information input by the user and sending the authentication request to the AC server;
the AC server is used for judging whether the authentication request is abnormal or not, passing through the authentication request and recording when the authentication request is judged to be abnormal, generating an authentication code for WIFI hotspot access according to the authentication request and sending the authentication code to a short message gateway;
the short message gateway forwards the authentication code to a terminal;
and the terminal receives the authentication code and is connected with the WIFI hotspot through the authentication code.
CN201510616757.8A 2015-09-24 2015-09-24 Authentication method, device and system for WIFI hotspot access Active CN105142146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510616757.8A CN105142146B (en) 2015-09-24 2015-09-24 Authentication method, device and system for WIFI hotspot access

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510616757.8A CN105142146B (en) 2015-09-24 2015-09-24 Authentication method, device and system for WIFI hotspot access
PCT/CN2016/097741 WO2017050108A1 (en) 2015-09-24 2016-08-31 Authentication method, apparatus and system for accessing wifi hotspot

Publications (2)

Publication Number Publication Date
CN105142146A CN105142146A (en) 2015-12-09
CN105142146B true CN105142146B (en) 2021-01-08

Family

ID=54727324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510616757.8A Active CN105142146B (en) 2015-09-24 2015-09-24 Authentication method, device and system for WIFI hotspot access

Country Status (2)

Country Link
CN (1) CN105142146B (en)
WO (1) WO2017050108A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105142146B (en) * 2015-09-24 2021-01-08 台州市吉吉知识产权运营有限公司 Authentication method, device and system for WIFI hotspot access
CN105848149B (en) * 2016-05-13 2020-03-20 上海斐讯数据通信技术有限公司 Security authentication method for wireless local area network
CN106060030A (en) * 2016-05-28 2016-10-26 张维秀 Wireless hotspot connection verification method and mobile terminal
CN106507328A (en) * 2016-12-22 2017-03-15 上海市共进通信技术有限公司 The charge management method of wireless networking and system
CN107360574A (en) * 2017-06-16 2017-11-17 上海斐讯数据通信技术有限公司 A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP
CN107659983A (en) * 2017-10-12 2018-02-02 上海斐讯数据通信技术有限公司 A kind of user can not connect the processing method and processing device of wireless aps
CN112566121A (en) * 2020-12-09 2021-03-26 北京深思数盾科技股份有限公司 Method for preventing attack, server, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1523923A (en) * 2003-02-17 2004-08-25 中国移动通信集团公司 Safety authentication method of mobile terminal user identity
WO2012146202A1 (en) * 2011-04-29 2012-11-01 华为技术有限公司 Method and system for establishing radio resource control connection
CN102843379A (en) * 2012-09-13 2012-12-26 浙江金大科技有限公司 Certification network orienting to multiple access modes
CN103476143A (en) * 2012-06-07 2013-12-25 中国移动通信集团公司 Method, device and system for IP resource releasing of WLAN

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100388684C (en) * 2005-01-26 2008-05-14 华为技术有限公司 Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network
CN101141259A (en) * 2007-10-22 2008-03-12 杭州华三通信技术有限公司 Method and device of access point equipment for preventing error access
CN101645817A (en) * 2008-08-05 2010-02-10 中兴通讯股份有限公司 Wireless network access system and method thereof for preventing illegal user from malicious access
US20140233443A1 (en) * 2013-02-20 2014-08-21 Qualcomm Incorporated Link verification in a wireless network
CN105228145A (en) * 2014-06-24 2016-01-06 中兴通讯股份有限公司 The method for authenticating of wireless access and device
CN105142146B (en) * 2015-09-24 2021-01-08 台州市吉吉知识产权运营有限公司 Authentication method, device and system for WIFI hotspot access

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1523923A (en) * 2003-02-17 2004-08-25 中国移动通信集团公司 Safety authentication method of mobile terminal user identity
WO2012146202A1 (en) * 2011-04-29 2012-11-01 华为技术有限公司 Method and system for establishing radio resource control connection
CN103476143A (en) * 2012-06-07 2013-12-25 中国移动通信集团公司 Method, device and system for IP resource releasing of WLAN
CN102843379A (en) * 2012-09-13 2012-12-26 浙江金大科技有限公司 Certification network orienting to multiple access modes

Also Published As

Publication number Publication date
CN105142146A (en) 2015-12-09
WO2017050108A1 (en) 2017-03-30

Similar Documents

Publication Publication Date Title
CN105142146B (en) Authentication method, device and system for WIFI hotspot access
EP2939454B1 (en) System and method for correlating network information with subscriber information in a mobile network environment
US20150229669A1 (en) Method and device for detecting distributed denial of service attack
US9166965B2 (en) Method and system for automated user authentication for a priority communication session
EP3072334B1 (en) Method, system and apparatus for automatically connecting to wlan
EP3319293A1 (en) Cross-terminal login-free method and device
US20150281239A1 (en) Provision of access privileges to a user
US20050166053A1 (en) Method and system for associating a signature with a mobile device
US20140105119A1 (en) System and method for correlating security events with subscriber information in a mobile network environment
US20130298197A1 (en) Device-based authentication for secure online access
US20140082728A1 (en) Dongle device for wireless intrusion prevention
CN104954386A (en) Network anti-hijacking methods and device
US20140344573A1 (en) Decrypting Files for Data Leakage Protection in an Enterprise Network
US20210029086A1 (en) Method and system for intrusion detection and prevention
EP2874367B1 (en) Call authentication method, device, and system
EP2931000B1 (en) Wireless communication apparatus, wireless communication method, and wireless communication program
US9882852B2 (en) Techniques for escalating temporary messaging bans
CN108092970B (en) Wireless network maintenance method and equipment, storage medium and terminal thereof
CN106803830B (en) Method, device and system for identifying internet access terminal and User Identity Module (UIM) card
US20170118229A1 (en) Detecting malicious applications
CN108111346B (en) Method and device for determining frequent item set in alarm correlation analysis and storage medium
CN107634969B (en) Data interaction method and device
JP2013069016A (en) Information leakage prevention device and limitation information generation device
EP3577875B1 (en) Method for enhanced detection of a user equipment type.
CN107743114B (en) Network access method, device and system

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201030

Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province

Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd.

Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666

Applicant before: Phicomm (Shanghai) Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant