CN105450616A - Terminal authentication method, trusted determination gateway, authentication server and system - Google Patents
Terminal authentication method, trusted determination gateway, authentication server and system Download PDFInfo
- Publication number
- CN105450616A CN105450616A CN201410490241.9A CN201410490241A CN105450616A CN 105450616 A CN105450616 A CN 105450616A CN 201410490241 A CN201410490241 A CN 201410490241A CN 105450616 A CN105450616 A CN 105450616A
- Authority
- CN
- China
- Prior art keywords
- trusted
- terminal
- gateway
- radio reception
- reception device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a terminal authentication method, a trusted determination gateway, an authentication server and a system. The terminal authentication method comprises the steps that: the trusted determination gateway receives a request of using wireless network service; and the trusted determination gateway judges whether the terminal is in an authenticated state, if so, then sending a usage allowed message to a wireless access terminal, and if not, authenticating the terminal and sending a usage allowed message or a usage not-allowed message to a wireless access terminal according to the authentication result. The terminal authentication method, the trusted determination gateway, the authentication server and the system achieve the sharing of identity authentication information between a plurality of trusted APs, solve the problem of repeated authentication when the terminal is connected between the plurality of trusted APs, have better suitability and extensibility, can be applied to operation of wireless AP at public service occasions, and are conductive to enhancing service consistency perception, user experience and the like of terminal users through the barrier-free connection between the plurality of trusted APs.
Description
Technical field
The present invention relates to technical field of communication network, particularly relate to a kind of authentication method of terminal, trusted judges gateway, certificate server and system.
Background technology
Wireless WIFI access is applied more and more widely because its good access convenience and SM obtain, especially at Public place as the area applications such as fast food restaurant, coffee-house, hotel, market, shopping mall, colleges and universities, scenic spot get more and more.In these regions, customer mobile terminal can obtain network access capacity conveniently by WIFI access, and WIFI ISP also can promote corporate image and product, lifting brand recognition by providing WIFI access service to reach, improving service level and strengthening the objects such as client's viscosity.For realizing the objects such as network access security, network trace, enterprise's promotion, user accesses WIFI to be needed to carry out certification to identity.The process of certification is exactly the process using the checking of the user identity of wireless access service and retain subscriber identity information.
At present, realize WiFi access identity authentication mode and mainly contain three kinds: the first is the authentication mode adopting the password formulas such as WEP or WPA, this mode has been proved to be shortage fail safe and the user of service and supplier need to manage loaded down with trivial details password.The authentication mode that the second realizes based on 802.1x framework, this mode solves the safety issue of authentication preferably, but need the client of special 802.1x and implement more complicated, the key dynamically updated brings larger administrative burden also to the user of service and supplier, therefore, the large corporation that this mode mostly is some security requirements very high adopted.The third is the mode of sing on web Portal/Web certification, compare that mode one is more safe and effective, user interactivity is better, compare mode two dispose implement and maintenance management all easier (without the need to softwares such as special clients, user side only needs to install browser), also can realize the additional functions such as advertisement pushing, user management neatly simultaneously.Therefore, apply widely, especially at the Public place such as food and drink, cosmetology etc. based on the WIFI identification authentication mode acquisition of WEBPortal at present.
At present, the access permission service of user under single AP is mainly realized based on the WIFI authentication of WEBPortal.Along with user increases or merchant service place popularization (as chain), the situation that businessman disposes multiple AP increases gradually, and user on this businessman AP by after certification, when another place (as another floor or chain) moving to businessman as this user needs to be linked into other AP that this businessman disposes, even if in the authenticating user identification term of validity, also need to re-start certification to user identity, such user just needs again to input the authentication information such as account number and identifying code, poor to the service-aware of user, brand consistency is also bad.
Summary of the invention
In view of this, the technical problem that the present invention will solve is to provide a kind of authentication method of terminal, judges that gateway carries out certification to terminal, repeat certification when terminal can be avoided to switch between multiple AP by trusted.
An authentication method for terminal, comprising: trusted judges that gateway receives the request of use any wireless network services that radio reception device forwards, that sent by terminal; Described trusted judges that gateway judges described terminal whether as verified status, if so, then send to described radio reception device and allow to use message, if not, then certification is carried out to described terminal, and allow to use or do not allow to use message to described radio reception device transmission according to authentication result.
According to one embodiment of present invention, further, when judging there is described terminal in trusted device list, described trusted judges that gateway determines that described terminal is as verified status; Described trusted judgement gateway receives the authentication result that described certificate server returns, when described authentication result be described terminal be registered or authenticated user time, then described trusted judges that described terminal joins in described trusted device list by gateway, and sends permission use message to described radio reception device.
According to one embodiment of present invention, further, described terminal sends the request using wireless network to described radio reception device; When described radio reception device judges described terminal not in network service permission to use queue, described request is sent to described trusted and judges gateway; When described trusted judges that gateway judges described terminal not in described trusted device list, described request is sent to certificate server, and the described request returned by described certificate server and random TOKEN code are sent to described wireless access server; Described radio reception device delays described request, and sends described random TOKEN code requests verification to described trusted gateway; Described trusted judges that described random TOKEN code is sent to described certificate server requests verification by gateway, when receive described certificate server send be proved to be successful message, described terminal is joined in described trusted device list, and sends permission use message to described radio reception device; Described radio reception device allows to use message described terminal to be inserted in described network service permission to use queue according to this.
According to one embodiment of present invention, further, described terminal sends the request using any wireless network services to another radio reception device; When another radio reception device described judges described terminal not in network service permission to use queue, described request is sent to described trusted and judges gateway; Described trusted judges trusted device list described in gateway consults, when judging that described terminal is in verified status, then sends to another radio reception device described and allows to use message; Another radio reception device described allows to use message described terminal to be inserted in network service permission to use queue according to this.
According to one embodiment of present invention, further, described certificate server receives the described request that described trusted judges gateway transmission; Described certificate server sends user's registration page to described terminal, and obtains user's registration information from described user's registration page that described terminal is submitted to, and described user's registration information comprises: account number or cell-phone number, identifying code or short message verification code at any time; Described certificate server generates the unique described random TOKEN code bound with described user's registration information, and described request and described random TOKEN code are sent to described trusted judge gateway; Described certificate server, according to receiving described random TOKEN code and described user's registration information, judges this user whether as registered or authenticated user, and the result is turned back to described trusted and judge gateway.
The technical problem that the present invention will solve is to provide a kind of trusted and judges gateway, repeats certification when terminal can be avoided to switch between multiple AP.
A kind of trusted judges gateway, comprising: request reception unit, for receiving the request of use any wireless network services that radio reception device forwards, that sent by terminal; Certification identifying unit, for judging whether described terminal is verified status, if, then send to described radio reception device and allow to use message, if not, then certification is carried out to described terminal, and allow to use or do not allow to use message to described radio reception device transmission according to authentication result.
According to one embodiment of present invention, further, described certification identifying unit, also for when judging there is described terminal in trusted device list, then determines that described terminal is verified status; Receive the authentication result that described certificate server returns, when described authentication result be described terminal be registered or authenticated user time, then described trusted judges that described terminal joins in described trusted device list by gateway, and sends permission use message to described radio reception device.
According to one embodiment of present invention, further, described certification identifying unit, also for when judging described terminal not in described trusted device list, described request is sent to certificate server, and the described request returned by described certificate server and random TOKEN code are sent to described wireless access server; The described random TOKEN code received from described radio reception device is sent to described certificate server requests verification, when receive described certificate server send be proved to be successful message time, described terminal is joined in described trusted device list, and sends permission use message to described radio reception device; Wherein, described radio reception device allows to use message described terminal to be inserted in described network service permission to use queue according to this.
According to one embodiment of present invention, further, described request receiving element, also for receiving the request of the use any wireless network services that another radio reception device sends, described terminal sends; Described certification identifying unit, also for inquiring about described trusted device list, when judging that described terminal is in verified status, then sends to another radio reception device described and allows to use message; Wherein, another radio reception device described allows to use message described terminal to be inserted in network service permission to use queue according to this.
The technical problem that the present invention will solve is to provide a kind of certificate server, judges that certification is carried out in the terminal access request that gateway sends to trusted.
A kind of certificate server, comprising: receive authentication request unit, judges for receiving trusted the request that gateway sends; Wherein, described request is the request of use any wireless network services that radio reception device forwards, that sent by terminal; Log-on message acquiring unit, for sending user's registration page to described terminal, and obtain user's registration information from described user's registration page that described terminal is submitted to, described user's registration information comprises: account number or cell-phone number, identifying code or short message verification code at any time; Authentication unit, for generating the unique described random TOKEN code bound with described user's registration information, and is sent to described trusted by described request and described random TOKEN code and judges gateway; According to the described random TOKEN code received and described user's registration information, judge this user whether as registered or authenticated user, and the result is turned back to described trusted and judge gateway.
A kind of Radio Network System, comprising: multiple radio reception device, trusted as above judge gateway and certificate server as above.
Authentication method, the trusted of terminal of the present invention judge gateway, certificate server and system, realize sharing of the authentication information of terminal between multiple trusted AP, solve the problem that terminal repeats certification when connecting between the AP of multiple trusted, not only support that single AP also can support the authentication of the mobile terminal under multiple AP.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of an embodiment of authentication method according to terminal of the present invention;
Fig. 2 is the flow chart of the terminal certification first of an embodiment of authentication method according to terminal of the present invention;
Fig. 3 is the flow chart of the terminal certification again of an embodiment of authentication method according to terminal of the present invention;
Fig. 4 is the structural representation of the embodiment judging gateway according to trusted of the present invention;
Fig. 5 is the structural representation of an embodiment according to certificate server of the present invention;
Fig. 6 is the structural representation of an embodiment according to Radio Network System of the present invention.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention is wherein described.Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.Below in conjunction with each figure and embodiment, many-sided description is carried out to technical scheme of the present invention.
Fig. 1 is the flow chart of an embodiment of authentication method according to terminal of the present invention, as shown in Figure 1:
Step 101, trusted judges that gateway receives the request of use any wireless network services that radio reception device forwards, that sent by terminal.
Step 102, trusted judges that gateway judges terminal whether as verified status.
Step 103, if so, then sends to radio reception device and allows to use message, if not, then carry out certification to terminal, and allow to use or do not allow to use message to radio reception device transmission according to authentication result.
Radio reception device can be wireless router etc., provides access service as wireless access point AP to terminal.Terminal can be mobile terminal, notebook computer, IPad etc., and radio reception device and terminal can adopt the mode such as WIFI, bluetooth to communicate.
When judging there is this terminal in trusted device list, trusted judges that gateway determines that this terminal is as verified status.Trusted judges that gateway receives the authentication result that certificate server returns, when authentication result be terminal be registered or authenticated user time, then trusted judges that terminal joins in trusted device list by gateway, and sends to radio reception device and allow to use message.Trusted device list can be preserved, be maintained in trusted judges in gateway.
The authentication method of terminal of the present invention, mobile terminal can be realized switch between multiple WAP (wireless access point) and remove re-authentication from, gateway and built-in trusted device list thereof is judged based on increasing trusted in original WebPortal Verification System, realize can directly using WIFI serve when being switched to other trusted AP without the need to certification again to the portable set in the certification term of validity, solve the problem repeating certification when mobile terminal switches between multiple trusted AP, avoid unnecessary user interactive, improve the perception of user's service experience.
In one embodiment, terminal sends the request using wireless network to radio reception device, when radio reception device judges terminal not in network service permission to use queue, request is sent to trusted and judges gateway.When trusted judges that gateway judges terminal not in trusted device list, request is sent to certificate server, and the request returned by certificate server and random TOKEN code are sent to wireless access server.Respective network service permission to use queue can be safeguarded in each radio reception device.
Radio reception device delays request, and sends random TOKEN code requests verification to trusted gateway.Trusted judge gateway random TOKEN code is sent to certificate server requests verification, when receive certificate server send be proved to be successful message, terminal is joined in trusted device list, and to radio reception device send allow use message.Radio reception device allows to use message terminal to be inserted in network service permission to use queue according to this.
Certificate server receives trusted and judges the request that gateway sends, certificate server sends user's registration page to terminal, and user's registration information is obtained from user's registration page that terminal is submitted to, user's registration information comprises: account number or cell-phone number, identifying code or short message verification code etc. at any time.
Certificate server generates the unique TOKEN code at random bind with user's registration information, and request and random TOKEN code are sent to trusted judge gateway.Certificate server is according to receiving random TOKEN code and user's registration information, user's registration information corresponding is with it found according to random TOKEN code, judge this user whether as registered or authenticated user according to user's registration information, and the result is turned back to trusted and judge gateway.
Fig. 2 is the flow chart of the terminal certification first of an embodiment of authentication method according to terminal of the present invention, as shown in Figure 2:
Step 201: mobile terminal MD asks to use any wireless network services by radio reception device AP.
Step 202: when AP inquires about MD not in the permission to use queue of this AP network service, is redirected to trusted by user's request and judges gateway CAG.
Step 203: when CAG inquiry MD is not in verified status queue and trusted device list, then this request is redirected to certificate server AS.
Step 204:AS is with the request of user's registration page response MD, user is in this registration page typing customer identity registration information, as the short message verification code of account number/cell-phone number+identifying code/at any time etc., and submit to AS, AS generates unique random TOKEN code in AS and also itself and user's registration information is bound mutually.
User asks the TOKEN code of related generation to be redirected to CAG by step 205:AS, and user's request+TOKEN code is redirected to AP by CAG.
Step 206:AP delays the request of MD Web vector graphic, and asks TOKEN information to CAG requests verification with user.
Step 207:CAG with TOKEN information to AS requests verification MD identity legitimacy.
The TOKEN information of preserving in it and the TOKEN information received are compared and carry out user rs authentication by step 208:AS, when confirming have this user to exist, inform that CAGMD authentication is passed through.
Step 209:CAG informs that AP allows MD to use network service, and upgrades the MD of the certification list in the trusted AP table preserved in it.
MD equipment is listed in its network service permission to use queue by step 210:AP.
Step 211:MD uses network service by AP.
In one embodiment, terminal sends the request using any wireless network services to another radio reception device.When another radio reception device judges terminal not in network service permission to use queue, request is sent to trusted and judges gateway, trusted judges the list of gateway consults trusted device, when judging that terminal is in verified status, then sends to another radio reception device and allows to use message; Another radio reception device allows to use message terminal to be inserted in network service permission to use queue according to this.
Fig. 3 is the flow chart of the terminal certification again of an embodiment of authentication method according to terminal of the present invention, as shown in Figure 3:
Step 301: mobile terminal MD uses any wireless network services to another wireless access point AP request in trusted group.
Step 302: another AP in trusted group inquires about MD not in this AP network service permission to use queue, is redirected to trusted by user's request and judges gateway CAG.
Step 303:CAG inquires about MD equipment in trusted AP list of devices and trusted device list and is in verified status, then send to AP and allow MD to use any wireless network services request.
MD equipment is listed in its network service permission to use queue by step 304:AP.
Step 305:MD is by the direct access network service of another AP of trusted group.
Achieve sharing of the authentication information of terminal between multiple trusted AP, do not need to repeat certification when connecting between the AP of multiple trusted.
As shown in Figure 4, the invention provides a kind of trusted and judge gateway 4, comprising: request reception unit 41 and certification identifying unit 42.Request reception unit 41 receives the request of use any wireless network services that radio reception device forwards, that sent by terminal.Certification identifying unit 42 judges whether terminal is verified status, if so, then send to radio reception device and allow to use message, if not, then certification is carried out to terminal, and allow to use or do not allow to use message to radio reception device transmission according to authentication result.
In one embodiment, when judging there is terminal in trusted device list, then certification identifying unit 42 determines that terminal is verified status; Receive the authentication result that certificate server returns, when authentication result be terminal be registered or authenticated user time, then terminal joins in trusted device list by certification identifying unit 42, and sends to radio reception device and allow to use message.
Trusted judges that gateway is by pre-configured trusted device list, can adjust the scope of trusted neatly, facilitate system to expand as required, not change original system function and initial authentication flow process, is easy to dispose and implements.
In one embodiment, when judging terminal not in trusted device list, request is sent to certificate server by certification identifying unit 42, and the request returned by certificate server and random TOKEN code are sent to wireless access server.The random TOKEN code received from radio reception device is sent to certificate server requests verification by certification identifying unit 42, when receive certificate server send be proved to be successful message time, terminal is joined in trusted device list, and send permission use message to radio reception device.Radio reception device allows to use message terminal to be inserted in network service permission to use queue according to this.
Request reception unit 41 receives the request of use any wireless network services that another radio reception device sends, terminal transmission.Certification identifying unit 42 inquires about trusted device list, when judging that terminal is in verified status, then sends to another radio reception device and allows to use message.Another radio reception device allows to use message terminal to be inserted in network service permission to use queue according to this.
As shown in Figure 5, the invention provides a kind of certificate server 5, comprise and receive authentication request unit 51, log-on message acquiring unit 52 and authentication unit 53.Receive authentication request unit 51 and receive the request that trusted judges gateway transmission; Wherein, the request of use any wireless network services that forward for radio reception device, that sent by terminal is asked.
Log-on message acquiring unit 52 sends user registration page to terminal, and obtains user's registration information from user's registration page that terminal is submitted to, and user's registration information comprises: account number or cell-phone number, identifying code or short message verification code at any time.Authentication unit 53 generates the unique TOKEN code at random bind with user's registration information, and request and random TOKEN code are sent to trusted judge gateway.According to the random TOKEN code received and user's registration information, judge this user whether as registered or authenticated user, and the result is turned back to trusted and judge gateway.
As shown in Figure 6, the invention provides a kind of Radio Network System, comprising: trusted as above judges gateway and certificate server as above.Specifically comprise: multiple radio reception device AP62,63,64, trusted judges gateway CAG65 and certificate server AS66.Mobile terminal 61 is user radio network insertion terminal.Radio reception device 62,63,64, for the access control of user network service request and request forward equipment, arranges needs according to business game, can set by region or is one group of trusted radio reception device by several radio reception devices belonging to businessman.
Trusted judges that gateway 65 defines one or more groups trusted AP by business game and shows or trusted device list, preserve and upgrade the authentication state of mobile terminal on multiple trusted AP, judge the authentication state of mobile terminal on multiple trusted AP, forward WAP (wireless access point) authentication request etc.
Certificate server 66 accepts trusted and judges gateway customer registration and checking request, and result is returned.As then returned one group of random TOKEN string etc. during user registration success, this string is carried into WAP (wireless access point) when again being logged in by user, gateway requests subscriber authentication is judged with this TOKEN to trusted by WAP (wireless access point), trusted judges that gateway is again to certificate server requests verification, then returns the information such as " validated " conditional code after being verified.
Authentication method, the trusted of terminal of the present invention judge gateway, certificate server and system, sing on web certification, trusted judge that gateway and trusted AP show, realize sharing of the authentication information of terminal between multiple trusted AP, solution be the problem that portable set repeats certification when connecting between the AP of multiple trusted.Not only support that single AP also can support the authentication of the mobile terminal under multiple AP, therefore there is better suitability and extensibility.
The authentication method of terminal of the present invention, trusted judge that the main advantage of gateway, certificate server and system is:
1, not only can realize the authentication of mobile terminal under single AP, the authentication of mobile terminal under multiple trusted AP can also be realized;
2, show based on pre-configured trusted AP, can flexible expansion system capability;
3, the systemic-function of original sing on web Portal certification and flow process constant, be easy to dispose and implement.
The authentication method of terminal of the present invention, trusted judge that gateway, certificate server and system are mainly used in the operation of Public place wireless aps, by the accessible connection between multiple trusted AP, contribute to strengthening End-user services consistency perception and Consumer's Experience etc.
Method and system of the present invention may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method and system of the present invention.Said sequence for the step of method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Claims (11)
1. an authentication method for terminal, is characterized in that, comprising:
Trusted judges that gateway receives the request of use any wireless network services that radio reception device forwards, that sent by terminal;
Described trusted judges that gateway judges described terminal whether as verified status, if so, then send to described radio reception device and allow to use message, if not, then certification is carried out to described terminal, and allow to use or do not allow to use message to described radio reception device transmission according to authentication result.
2. the method for claim 1, is characterized in that:
When judging there is described terminal in trusted device list, described trusted judges that gateway determines that described terminal is as verified status;
Described trusted judgement gateway receives the authentication result that described certificate server returns, when described authentication result be described terminal be registered or authenticated user time, then described trusted judges that described terminal joins in described trusted device list by gateway, and sends permission use message to described radio reception device.
3. method as claimed in claim 2, is characterized in that:
Described terminal sends the request using wireless network to described radio reception device;
When described radio reception device judges described terminal not in network service permission to use queue, described request is sent to described trusted and judges gateway;
When described trusted judges that gateway judges described terminal not in described trusted device list, described request is sent to certificate server, and the described request returned by described certificate server and random TOKEN code are sent to described wireless access server;
Described radio reception device delays described request, and sends described random TOKEN code requests verification to described trusted gateway;
Described trusted judges that described random TOKEN code is sent to described certificate server requests verification by gateway, when receive described certificate server send be proved to be successful message, described terminal is joined in described trusted device list, and sends permission use message to described radio reception device;
Described radio reception device allows to use message described terminal to be inserted in described network service permission to use queue according to this.
4. method as claimed in claim 3, is characterized in that:
Described terminal sends the request using any wireless network services to another radio reception device;
When another radio reception device described judges described terminal not in network service permission to use queue, described request is sent to described trusted and judges gateway;
Described trusted judges trusted device list described in gateway consults, when judging that described terminal is in verified status, then sends to another radio reception device described and allows to use message;
Another radio reception device described allows to use message described terminal to be inserted in network service permission to use queue according to this.
5. the method as described in claim 3 or 4, is characterized in that:
Described certificate server receives described trusted and judges the described request that gateway sends;
Described certificate server sends user's registration page to described terminal, and obtains user's registration information from described user's registration page that described terminal is submitted to, and described user's registration information comprises: account number or cell-phone number, identifying code or short message verification code at any time;
Described certificate server generates the unique described random TOKEN code bound with described user's registration information, and described request and described random TOKEN code are sent to described trusted judge gateway;
Described certificate server, according to receiving described random TOKEN code and described user's registration information, judges this user whether as registered or authenticated user, and the result is turned back to described trusted and judge gateway.
6. trusted judges a gateway, it is characterized in that, comprising:
Request reception unit, for receiving the request of use any wireless network services that radio reception device forwards, that sent by terminal;
Certification identifying unit, for judging whether described terminal is verified status, if, then send to described radio reception device and allow to use message, if not, then certification is carried out to described terminal, and allow to use or do not allow to use message to described radio reception device transmission according to authentication result.
7. gateway as claimed in claim 6, is characterized in that:
Described certification identifying unit, also for when judging there is described terminal in trusted device list, then determines that described terminal is verified status; Receive the authentication result that described certificate server returns, when described authentication result be described terminal be registered or authenticated user time, then described terminal is joined in described trusted device list, and sends to described radio reception device and allow to use message.
8. gateway as claimed in claim 7, is characterized in that:
Described certification identifying unit, also for when judging described terminal not in described trusted device list, is sent to certificate server by described request, and the described request returned by described certificate server and random TOKEN code are sent to described wireless access server; The described random TOKEN code received from described radio reception device is sent to described certificate server requests verification, when receive described certificate server send be proved to be successful message time, described terminal is joined in described trusted device list, and sends permission use message to described radio reception device;
Wherein, described radio reception device allows to use message described terminal to be inserted in described network service permission to use queue according to this.
9. gateway as claimed in claim 8, is characterized in that:
Described request receiving element, also for receiving the request of the use any wireless network services that another radio reception device sends, described terminal sends;
Described certification identifying unit, also for inquiring about described trusted device list, when judging that described terminal is in verified status, then sends to another radio reception device described and allows to use message;
Wherein, another radio reception device described allows to use message described terminal to be inserted in network service permission to use queue according to this.
10. a certificate server, is characterized in that, comprising:
Receiving authentication request unit, judging for receiving trusted the request that gateway sends; Wherein, described request is the request of use any wireless network services that radio reception device forwards, that sent by terminal;
Log-on message acquiring unit, for sending user's registration page to described terminal, and obtain user's registration information from described user's registration page that described terminal is submitted to, described user's registration information comprises: account number or cell-phone number, identifying code or short message verification code at any time;
Authentication unit, for generating the unique described random TOKEN code bound with described user's registration information, and is sent to described trusted by described request and described random TOKEN code and judges gateway; According to the described random TOKEN code received and described user's registration information, judge this user whether as registered or authenticated user, and the result is turned back to described trusted and judge gateway.
11. 1 kinds of Radio Network Systems, is characterized in that, comprising:
Multiple radio reception device, trusted as described in claim 8 or 9 any one judge gateway and certificate server as claimed in claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410490241.9A CN105450616B (en) | 2014-09-23 | 2014-09-23 | A kind of authentication method of terminal, accredited judgement gateway, certificate server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410490241.9A CN105450616B (en) | 2014-09-23 | 2014-09-23 | A kind of authentication method of terminal, accredited judgement gateway, certificate server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105450616A true CN105450616A (en) | 2016-03-30 |
| CN105450616B CN105450616B (en) | 2019-07-12 |
Family
ID=55560396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410490241.9A Active CN105450616B (en) | 2014-09-23 | 2014-09-23 | A kind of authentication method of terminal, accredited judgement gateway, certificate server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105450616B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107454046A (en) * | 2016-05-31 | 2017-12-08 | 深圳市信锐网科技术有限公司 | The authentication method and device of striding equipment |
| CN107733707A (en) * | 2017-10-12 | 2018-02-23 | 江苏鸿信系统集成有限公司 | The multi-platform cut-in method of standard WIFI agreements |
| CN109151821A (en) * | 2018-08-24 | 2019-01-04 | 新华三技术有限公司 | A kind of message processing method and device |
| CN111107106A (en) * | 2019-12-31 | 2020-05-05 | 奇安信科技集团股份有限公司 | Authentication method, authentication system, firewall device and storage medium |
| CN111819875A (en) * | 2018-03-12 | 2020-10-23 | 赛普拉斯半导体公司 | Device, system and method for connecting and authenticating a local device to a public gateway device |
| CN112242996A (en) * | 2020-09-28 | 2021-01-19 | 成都长虹网络科技有限责任公司 | Intelligent gateway control method and device and readable storage medium |
| CN113286300A (en) * | 2021-05-17 | 2021-08-20 | 中国联合网络通信集团有限公司 | Block chain-based network fragment authentication method, system, network element and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN102196434A (en) * | 2010-03-10 | 2011-09-21 | 中国移动通信集团公司 | Authentication method and system for wireless local area network terminal |
| CN103067348A (en) * | 2011-10-20 | 2013-04-24 | 安美世纪(北京)科技有限公司 | Hotel public network wired/wireless unified authentication roaming method |
| CN103826226A (en) * | 2014-02-20 | 2014-05-28 | 深信服网络科技(深圳)有限公司 | Method and device for controlling wireless internet access |
| CN103974251A (en) * | 2013-02-06 | 2014-08-06 | 异术科技股份有限公司 | Method for automatically authenticating identities for wireless network access |
-
2014
- 2014-09-23 CN CN201410490241.9A patent/CN105450616B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN102196434A (en) * | 2010-03-10 | 2011-09-21 | 中国移动通信集团公司 | Authentication method and system for wireless local area network terminal |
| CN103067348A (en) * | 2011-10-20 | 2013-04-24 | 安美世纪(北京)科技有限公司 | Hotel public network wired/wireless unified authentication roaming method |
| CN103974251A (en) * | 2013-02-06 | 2014-08-06 | 异术科技股份有限公司 | Method for automatically authenticating identities for wireless network access |
| CN103826226A (en) * | 2014-02-20 | 2014-05-28 | 深信服网络科技(深圳)有限公司 | Method and device for controlling wireless internet access |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107454046A (en) * | 2016-05-31 | 2017-12-08 | 深圳市信锐网科技术有限公司 | The authentication method and device of striding equipment |
| CN107454046B (en) * | 2016-05-31 | 2021-01-19 | 深圳市信锐网科技术有限公司 | Cross-device authentication method and device |
| CN107733707A (en) * | 2017-10-12 | 2018-02-23 | 江苏鸿信系统集成有限公司 | The multi-platform cut-in method of standard WIFI agreements |
| CN111819875A (en) * | 2018-03-12 | 2020-10-23 | 赛普拉斯半导体公司 | Device, system and method for connecting and authenticating a local device to a public gateway device |
| US11153754B2 (en) | 2018-03-12 | 2021-10-19 | Cypress Semiconductor Corporation | Devices, systems and methods for connecting and authenticating local devices to common gateway device |
| CN111819875B (en) * | 2018-03-12 | 2022-04-15 | 赛普拉斯半导体公司 | Device, system and method for connecting and authenticating a local device to a public gateway device |
| CN109151821A (en) * | 2018-08-24 | 2019-01-04 | 新华三技术有限公司 | A kind of message processing method and device |
| CN111107106A (en) * | 2019-12-31 | 2020-05-05 | 奇安信科技集团股份有限公司 | Authentication method, authentication system, firewall device and storage medium |
| CN112242996A (en) * | 2020-09-28 | 2021-01-19 | 成都长虹网络科技有限责任公司 | Intelligent gateway control method and device and readable storage medium |
| CN113286300A (en) * | 2021-05-17 | 2021-08-20 | 中国联合网络通信集团有限公司 | Block chain-based network fragment authentication method, system, network element and storage medium |
| CN113286300B (en) * | 2021-05-17 | 2023-01-17 | 中国联合网络通信集团有限公司 | Block chain-based network fragment authentication method, system, network element and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105450616B (en) | 2019-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105450616A (en) | Terminal authentication method, trusted determination gateway, authentication server and system | |
| US10531297B2 (en) | Authentication method and server, and computer storage medium | |
| CN103746812B (en) | A kind of access authentication method and system | |
| CN107404485B (en) | Self-verification cloud connection method and system thereof | |
| CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
| TWI525447B (en) | Dynamic account creation with secured hotspot network | |
| US9654970B2 (en) | Method and device for web redirect authentication in WiFi roaming based on AC and AP interworking | |
| US20170161721A1 (en) | Method and system for opening account based on euicc | |
| KR101611773B1 (en) | Methods, apparatuses and computer program products for identity management in a multi-network system | |
| CN101262500B (en) | Method, access controller and WEB authentication server for pushing login page | |
| US9246872B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| US20140188676A1 (en) | Automated configuration for network appliances | |
| CN107517189B (en) | Method and equipment for WLAN user access authentication and configuration information issuing | |
| WO2006097041A1 (en) | A general authentication former and a method for implementing the authentication | |
| JP2005519501A (en) | System, method and apparatus for single sign-on service | |
| CN102916946B (en) | Connection control method and system | |
| US20190149532A1 (en) | Multi-option authentication portal implementation in a network environment | |
| CN104104516A (en) | Portal authentication method and device | |
| CN109429272A (en) | Shunt method and relevant device under a kind of roaming scence | |
| CN103370955A (en) | Seamless WI-FI subscription remediation | |
| CN108737585A (en) | The distribution method and device of IP address | |
| CN111194035B (en) | Network connection method, device and storage medium | |
| CN105162802A (en) | Portal authentication method and Portal authentication server | |
| KR20130001655A (en) | Apparatus and method for providing service to different service terminal | |
| CN106572465B (en) | A kind of wireless connection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |