CN105530687B - A kind of wireless network access controlling method and access device - Google Patents
A kind of wireless network access controlling method and access device Download PDFInfo
- Publication number
- CN105530687B CN105530687B CN201610078502.5A CN201610078502A CN105530687B CN 105530687 B CN105530687 B CN 105530687B CN 201610078502 A CN201610078502 A CN 201610078502A CN 105530687 B CN105530687 B CN 105530687B
- Authority
- CN
- China
- Prior art keywords
- user terminal
- access
- access device
- message
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000005540 biological transmission Effects 0.000 claims abstract description 49
- 230000004044 response Effects 0.000 claims abstract description 48
- 230000000694 effects Effects 0.000 abstract description 8
- 238000004891 communication Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000011161 development Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of wireless network access controlling method and access device, it is related to field of communication technology, is accessed for distributing split point for the user terminal of request access access device, can significantly improve shunting effect, the efficiency of transmission for improving wireless network, mitigates the load of wireless network.It include: that access device receives the access request that user terminal is sent, and sends response message to user terminal according to access request;The authentication information that user terminal is sent is received, and authentication information is sent to authenticating device, so that authenticating device judges whether authentication information is correct;Receive authenticating device transmission is proved to be successful message.If access device receives at least two and is proved to be successful message, split point is set for the user terminal, so that the user terminal accesses network by access device for the split point of its setting;At least two, which are proved to be successful message, indicates that at least two user terminal requests access network by the access device.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of wireless network access controlling methods and access device.
Background technique
Wireless network has many advantages, such as mobility, portability and instantaneity, is increasingly frequently applied for many places.
Meanwhile with the development of wireless access technology, the increase and user data transmission of higher message transmission rate, number of users
The raising of rate all proposes requirements at the higher level to the network element performance of core network.
Currently, multiple user terminals can request to access the same access device, network is accessed by the access device.It causes
The load of wireless network is larger, drastically influences the development and raising of the transmission rate of wireless network.
Summary of the invention
The embodiment of the present invention provides a kind of wireless network access controlling method and access device, for access device to be accessed
User terminal distribution split point is accessed, and can significantly be improved shunting effect, be improved the efficiency of transmission of wireless network, mitigate
The load of wireless network.
In order to achieve the above objectives, technical solution used in the embodiment of the present invention is,
In a first aspect, disclosing a kind of wireless network access controlling method, comprising:
Access device receives the access request that user terminal is sent, and is sent out according to the access request to the user terminal
Response message is sent, the response message indicates that the user terminal provides the authentication information of itself;
The access device receives the authentication information that the user terminal is sent, and the authentication information is sent to certification
Equipment, so that the authenticating device judges whether the authentication information is correct;
What the access device received that the authenticating device sends is proved to be successful message;It is described to be proved to be successful message instruction institute
The authentication information for stating user terminal is correct;
If the access device is proved to be successful message described in receiving at least two, it is arranged for the user terminal and shunts
Point, so that the user terminal accesses network by the access device for the split point of its setting;The split point is can
For the access device that the access device shunts, it is proved to be successful message described in described at least two and indicates at least two users
Terminal request accesses network by the access device.
With reference to first aspect, in the first possible implementation of the first aspect, described to be set for the user terminal
Split point is set, is specifically included so that the user terminal accesses network by the split point:
The access device obtains the gateway address of the user terminal;
Split point is arranged according to the gateway address of the user terminal for the user terminal in the access device;
The gateway address for the split point being arranged for the user terminal is sent to the user terminal by the access device,
So that the user terminal accesses network by the split point.
With reference to first aspect, in the second possible implementation of the first aspect, the authentication information includes user
Name, the public key of access pin and the user terminal.
The possible implementation of second with reference to first aspect, in the third possible implementation of first aspect
In, the message that is proved to be successful is the response message that the user terminal is generated according to the challenge message of the authenticating device;
What the access device received that the authenticating device sends is proved to be successful before message, the method also includes:
The access device receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is the certification
The public key of user terminal described in equipment utilization obtains inquiry message encryption;
The cryptographic challenge message is transmitted to the user terminal by the access device;
The access device receives the response message from the user terminal of the authenticating device forwarding;The response
Message is the user terminal cryptographic challenge message is decrypted with the private key of itself obtain challenge message after according to the matter
Ask what message generated;
With reference to first aspect, in a fourth possible implementation of the first aspect, if the access device only receives
To message is proved to be successful described in one, the access device then opens wireless network access authority, allows the user terminal logical
Cross the access device access network.
The 4th kind of possible implementation with reference to first aspect, in the 5th kind of possible implementation of first aspect
In, the access device then opens wireless network access authority, and the user terminal is allowed to access net by the access device
After network, the method also includes:
The access device establishes the control channel between the user terminal;
The access device receives the initial session key that the authenticating device is sent;
The access device generates current sessions key according to the initial session key, and with the initial session key
The current sessions key is encrypted and obtains session ciphertext;
The session ciphertext is sent to the user terminal by the access device, so that the user terminal is to the meeting
It talks about ciphertext decryption and obtains the current sessions key;
The access device establishes the session channel between the user terminal.
Second aspect discloses a kind of access device, comprising:
Receiving unit, for receiving the access request of user terminal transmission;
Transmission unit is responded for being sent according to the received access request of the receiving unit to the user terminal
Message, the response message indicate that the user terminal provides the authentication information of itself;
The receiving unit is also used to, and receives the authentication information that the user terminal is sent;
The transmission unit is used for, and the authentication information is sent to authenticating device, so that the authenticating device judges institute
Whether correct state authentication information;
The receiving unit is also used to, and receive the authenticating device transmission is proved to be successful message;Described be proved to be successful disappears
Breath indicates that the authentication information of the user terminal is correct;
Setting unit, if for the receiving unit receive at least two described in be proved to be successful message, for the use
Split point is arranged in family terminal, so that the user terminal accesses network by the access device for the split point of its setting;
The split point be can for the access device shunt access device, be proved to be successful described in described at least two message indicate to
Few two user terminal requests access network by the access device.
In conjunction with second aspect, in the first possible implementation of the second aspect, the setting unit is specifically used for,
Obtain the gateway address of the user terminal;According to the gateway address of the user terminal, shunted for user terminal setting
Point;
The transmission unit is also used to, and the gateway address for the split point being arranged for the user terminal is sent to the use
Family terminal, so that the user terminal accesses network by the split point.
In conjunction with second aspect, in a second possible implementation of the second aspect, the authentication information includes user
Name, the public key of access pin and the user terminal.
In conjunction with second of possible implementation of second aspect, in the third possible implementation of second aspect
In, the message that is proved to be successful is the response message that the user terminal is generated according to the challenge message of the authenticating device,
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is
The authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and the response sent from the user terminal for receiving the authenticating device forwarding disappears
Breath;The response message is after the user terminal decrypts acquisition challenge message to the cryptographic challenge message with the private key of itself
It is generated according to the challenge message.
It further include access unit in the fourth possible implementation of the second aspect in conjunction with second aspect,
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open nothing
Gauze network access authority allows the user terminal to access network by the access device.
In conjunction with the 4th kind of possible implementation of second aspect, in the 5th kind of possible implementation of second aspect
In, it further include establishing unit, encryption unit,
The unit of establishing is used for, and in the open wireless network access authority of the access unit, allows the user terminal
After accessing network by the access device, the control channel between the user terminal is established;
The receiving unit is also used to, and receives the initial session key that the authenticating device is sent;
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit
Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext;
The transmission unit is also used to, and the session ciphertext is sent to the user terminal, so as to the user terminal
The current sessions key is obtained to session ciphertext decryption;
The unit of establishing is also used to, and establishes the session channel between the user terminal.
Wireless network access controlling method and access device provided in an embodiment of the present invention, access device receive user terminal
The access request of transmission, and indicate that the user terminal provides the authentication information of itself;Access device receives user terminal and sends
Authentication information, and the authentication information is sent to authenticating device, so that the authenticating device judges that the authentication information is
It is no correct.If the authentication information of user terminal is proved to be successful, access device is the user terminal setting split point, so that
The user terminal accesses network by the split point;Or, user terminal is then allowed to access network by the access device.
Currently, the load and transmission cost of core network are bigger, the development and raising of the transmission rate of wireless network are drastically influenced.
And method provided by the invention is when at least two user terminal requests access network by same access device, can be user
Split point is arranged to access network by split point in terminal, by shunting effect, mitigates the access load of access device, improves nothing
The efficiency of transmission of gauze network mitigates the load of wireless network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the architecture diagram of network access system provided in an embodiment of the present invention;
Fig. 2 is the flow diagram for the wireless network access controlling method that the embodiment of the present invention 1 provides;
Fig. 3 is the split point setting schematic diagram that the embodiment of the present invention 1 provides;
Fig. 4 is another flow diagram for the wireless network access controlling method that the embodiment of the present invention 1 provides;
Fig. 5 is the structural block diagram for the access device that the embodiment of the present invention 2 provides;
Fig. 6 is the structural block diagram for the access device that the embodiment of the present invention 3 provides.
Specific embodiment
The principle of the invention lies in: in wireless network access procedure, request can be accessed to the user of certain access device
In terminal distribution to the split point of the access device, so that user terminal accesses network by split point.It in this way can be significant
Shunting effect is improved, the efficiency of transmission of wireless network is improved, mitigates the load of wireless network.
As shown in Figure 1, being the architecture diagram of network access system, including user terminal, access device and authenticating device.Net
Network provides the medium of communication link between this three, can be wired, wireless communication link or fiber optic cables etc..
Wherein, user terminal can be mobile phone, pad (tablet computer) etc..When needing to access network, sent out to access device
Send authentication information.Authentication information mentioned here can be, the password or key that authentication protocol needs.
Access device: the equipment for being responsible for access network can be the service of the Local wireless networks such as interchanger, router
Terminal.For example, the main effect of access device is: in verification process, receiving the authentication information that client terminal is sent.With
Authenticating device communication, to carry out RADIUS (Remote Authentication Dial In User Service, remote user
Dialing authentication service) message interaction process, to be verified to authentication information, completion user authentication.After certification passes through, allow
User accesses internet.Authenticating device can be safety certificate management server.
In wireless network access, access device can receive the access request of multiple user terminals, and request passes through the access
Equipment accesses network.The load that will lead to the access device is larger, drastically influences the development of the transmission rate of wireless network
With raising.
Embodiment 1:
The embodiment of the present invention provides a kind of wireless network access controlling method, is applied to network access system, such as Fig. 2 institute
Show, the described method comprises the following steps:
101, access device receives the access request that user terminal is sent.
In the specific implementation, sending access request, examination to access device when user terminal is intended to access network by access device
Figure obtains the id information of access device.
102, access device sends response message to user terminal.
Specifically, access device sends response message to the user terminal according to the access request that user terminal is sent,
The response message indicates that the user terminal provides the authentication information of itself.It is exemplary, it is connect described in the access device acquisition
Enter the identification information for the user terminal that request carries, and then response message is sent to user terminal according to the identification information.
103, receiving device receives the authentication information that user terminal is sent.
Specifically, the authentication information can be the id information of user terminal, wherein the id information packet of the user terminal
Include the public key of username and password and the user terminal that access network needs.
104, the authentication information is sent to authenticating device by access device.
Furthermore it is possible to be the encrypted authentication information that access device sends user terminal, encrypted information is sent to
Authenticating device, authenticating device receive encrypted information and decrypt the authentication information for obtaining user terminal to it.
105, the authenticating device judges whether the authentication information is correct.
Specifically, first verify that whether the username and password for including in authentication information is correct.Secondly, being demonstrate,proved in local authentication
The public key of the client terminal is obtained in bibliography record, and judges that the public key of the client terminal obtained and the access device are sent out
Whether the public key for the client terminal for including in the authentication information sent is identical.
If the username and password for including in authentication information is correct, and the public key of the client terminal obtained connects with described
The public key for entering the client terminal for including in the authentication information of equipment transmission is identical, it is determined that the authentication information is correct
, i.e., the described user terminal has passed through certification.
If the public key of the client terminal of the username bad or password bad or acquisition that include in authentication information
The public key for the client terminal for including in the authentication information sent with the access device is not identical, it is determined that the certification letter
Breath be it is wrong, i.e., the described user terminal is not over verifying.
In addition, carrying out step 106 if the authentication information is correct.
106, authenticating device is proved to be successful message to access device transmission.
107, what access device received that the authenticating device sends is proved to be successful message.
Wherein, the message that is proved to be successful indicates that the authentication information of the user terminal is correct.
If 108, access device receive at least two described in be proved to be successful message, for the user terminal be arranged shunt
Then split point is arranged for the user terminal in point.
Split point is set for user terminal, so that the user terminal is the shunting of its setting by the access device
Point access network.In addition, being proved to be successful message described in described at least two indicates that at least two user terminal requests pass through
The access device accesses network, that is to say, that the access heavier loads of access device can mitigate access by shunting and set
Standby load.
The split point is the access device that can be shunted for the access device.The access device can be predetermined
Split point, be also possible to receive at least two described in be proved to be successful message after, be dynamically determined split point.The split point
It is to be reported from access controller to the access device.Specifically, as shown in figure 3, access controller is each access in advance
Equipment is provided with multiple split points, wherein each split point corresponds to an access device, and the gateway address of each split point is not
Together.When access device needs to shunt, access controller can relevant information with reference to user terminal and the access device
Relevant information, according to preset Diffluence Algorithm in advance for determining suitable point in multiple split points of access device setting
Flow point.And the gateway address of split point is sent to the access device.
The access device receives the gateway address for the shunting address that the access controller is sent, and by the net of split point
It closes address and is sent to user terminal, so that the user terminal accesses network by the split point.
In a preferred embodiment of the invention, the message that is proved to be successful is the user terminal according to the authenticating device
Challenge message generate response message.
The access device receives the message that is proved to be successful of the authenticating device transmission, and permission user terminal is connect by described
Enter equipment access network to specifically include: the public key of the authenticating device user terminal obtains cryptographic challenge to message encryption is addressed inquires to
Message, and the cryptographic challenge message is sent to access device.Wherein, challenge message is for inquiring to the user terminal
The password of private key, the password are used to protect the access to private key.
The access device receives the cryptographic challenge message that the authenticating device is sent, and the cryptographic challenge message is turned
Issue the user terminal.
The user terminal receives the cryptographic challenge message, and is decrypted with the private key of itself to the cryptographic challenge message
Obtain challenge message.According to the response message that the challenge message generates, the response message is sent to authenticating device.This
In, response message carries the private key cryptographic that user terminal is keyed in.In the specific implementation, if user terminal can with itself private key at
Function decrypts the cryptographic challenge message received, then shows that the authentication information of user terminal is correct, can access network, and then will be private
The password of key carries to be sent to authenticating device in the response message.
The authenticating device receives the response message that the user terminal is sent, and the response message is transmitted to described
Access device.
In addition, if the access device only receive one described in be proved to be successful message, allow user terminal to pass through described
Access device accesses network.That is the access light load of access device, without being shunted.
It should be noted that for a user terminal being proved to be successful (i.e. the user terminal provide authentication information be
Correctly) or the user terminal is allowed to pass through access device (access device for the receiving user terminal access request) access
Network or the user terminal is allowed to access network by the split point of the access device, needed current according to access device
Loading condition is determined.The access request of more than two user terminals is received, then can mitigate access device by setting split point
Load.
If if execute the step access device only receive one described in be proved to be successful message, allow user terminal to pass through
After the access device access network, the access device can also continue to interact with user terminal and authenticating device, pass through
The modes such as control channel, setting key are established, network insertion is particularly limited as a series of verifying contents, improves device network
The reliability and safety of access.Specifically, as shown in figure 4, wireless network access method provided by the invention includes:
201, access device receives the access request that user terminal is sent.
202, access device sends response message to user terminal.
203, receiving device receives the authentication information that user terminal is sent.
204, the authentication information is sent to authenticating device by access device.
205, the authenticating device judges whether the authentication information is correct.
In addition, carrying out step 106 if the authentication information is correct.
206, the public key of the authenticating device user terminal obtains cryptographic challenge message to message encryption is addressed inquires to.
207, the cryptographic challenge message is sent to access device by authenticating device.
208, the access device receives the cryptographic challenge message that the authenticating device is sent, and the cryptographic challenge is disappeared
Breath is transmitted to the user terminal.
209, the user terminal receives the cryptographic challenge message, and with the private key of itself to the cryptographic challenge message
Decryption obtains challenge message.The response message generated according to the challenge message.
210, the response message is sent to authenticating device by user terminal.
211, authenticating device receives the response message that the user terminal is sent, and the response message is transmitted to described
Access device.
212, the access device receives the response message, then opens wireless network access authority, allow the use
Family accessing terminal to network.
213, the access device establishes the control channel between the user terminal.
Specifically, the access gateway hand shaking of user terminal and access device, establishes control channel.It is controlled in the foundation
During channel, communicating pair (i.e. user terminal and access device) exchange agreement version, encryption algorithm type information, if
Control channel is successfully established, then exchanges parameters for authentication by control channel.If control channel establishes failure, return is shaken hands unsuccessfully
Mistake, user terminal reconnection or is exited.Later, it is used for the session key of data encryption by control channel exchange, establishes data
Channel.
214, session key is sent respectively to access device and mobile terminal by authenticating device.
215, after access device generates current sessions key, the current sessions key is encrypted with the session key and is generated
Session ciphertext.
216, access device sends the session ciphertext to user terminal.
217, user terminal receives the session ciphertext, and decrypts the session ciphertext and obtain current sessions key.
Specifically, the session key that user terminal step 213 receives obtains current meeting to session ciphertext decryption
Talk about key.
218, access device establishes the session channel between user terminal.
Wherein, the session channel can be data channel.Since user terminal and access device are using identical
Session key (the i.e. described current sessions key), therefore session channel between the two can be established.
It should be noted that if user terminal accesses network by the access device, then put after receiving response message
Open network.It is accessed if it is by split point, access device only receives response message in that above-mentioned steps 212, can't open
Wireless network access authority allows the accessing user terminal to network.Also step 213-218 would not be carried out.In addition, user is whole
End will re-start access request process, access request be sent to the corresponding access device of split point, to access network.Specifically
Access process can be identical as step 201-218, and access device therein is only substituted for the corresponding access device of split point,
This will not be repeated here.
Wireless network access controlling method provided in an embodiment of the present invention, access device receive the access that user terminal is sent
Request, and indicate that the user terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent,
And the authentication information is sent to authenticating device, so that the authenticating device judges whether the authentication information is correct.If with
The authentication information of family terminal is proved to be successful, and access device is then the user terminal setting split point, so that the user is whole
Network is accessed by the split point in end;Or, user terminal is then allowed to access network by the access device.Currently, core
The load and transmission cost of network are bigger, drastically influence the development and raising of the transmission rate of wireless network.And it is of the invention
The method of offer can significantly improve shunting effect, improve the efficiency of transmission of wireless network, mitigate the load of wireless network.
Embodiment 2:
The embodiment of the present invention provides a kind of access device, as shown in figure 5, the access device include: receiving unit 301,
Transmission unit 302 and setting unit 303.
Receiving unit 301, for receiving the access request of user terminal transmission.
Transmission unit 302, for being sent out according to the received access request of the receiving unit 301 to the user terminal
Response message is sent, the response message indicates that the user terminal provides the authentication information of itself.
The receiving unit 301 is also used to, and receives the authentication information that the user terminal is sent.
The transmission unit 302 is used for, and the authentication information is sent to authenticating device, so as to authenticating device judgement
Whether the authentication information is correct.
The receiving unit 301 is also used to, and receive the authenticating device transmission is proved to be successful message;It is described to be proved to be successful
Message indicates that the authentication information of the user terminal is correct.
Setting unit 303, if for the receiving unit receive at least two described in be proved to be successful message, be described
Split point is arranged in user terminal, so that the user terminal accesses net by the access device for the split point of its setting
Network;The split point is the access device that can be shunted for the access device, is proved to be successful message described in described at least two and refers to
Show that at least two user terminal requests access network by the access device.
The setting unit 303 is specifically used for, and obtains the gateway address of the user terminal;According to the user terminal
Split point is arranged for the user terminal in gateway address.
The transmission unit 302 is also used to, and the gateway address for the split point being arranged for the user terminal is sent to institute
User terminal is stated, so that the user terminal accesses network by the split point.
It should be noted that the authentication information includes user name, the public key of access pin and the user terminal.
The message that is proved to be successful is that the user terminal disappears according to the response that the challenge message of the authenticating device generates
Breath.
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is
The authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and the response sent from the user terminal for receiving the authenticating device forwarding disappears
Breath;The response message is after the user terminal decrypts acquisition challenge message to the cryptographic challenge message with the private key of itself
It is generated according to the challenge message.
The access device further includes access unit.
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open nothing
Gauze network access authority allows the user terminal to access network by the access device.
The access device further includes establishing unit, encryption unit.
The unit of establishing is used for, and establishes the control channel between the user terminal.
The receiving unit 301 is also used to, and in the open wireless network access authority of the access unit, allows the user
After terminal accesses network by the access device, the initial session key that the authenticating device is sent is received.
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit
Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext.
The transmission unit 302 is also used to, and the session ciphertext is sent to the user terminal, so that the user is whole
End obtains the current sessions key to session ciphertext decryption.
The unit of establishing is also used to, and establishes the session channel between the user terminal.
It should be noted that receiving unit in the present embodiment can be the receiver of access device, transmission unit can be with
For the transmitter of access device;Alternatively, it is also possible to which receiving unit and transmission unit to be integrated to the receipts for constituting access device
Hair machine.Setting unit, access unit can be the processor individually set up, and also can integrate some processing in access device
It is realized in device, in addition it is also possible to which the form of program code is stored in the memory of client terminal, by some of client terminal
Processor calls and executes the function of the above encryption unit.Processor described here can be a central processing unit
(Central Processing Unit, CPU) or specific integrated circuit (Application Specific
Integrated Circuit, ASIC).
Access device provided in an embodiment of the present invention receives the access request that user terminal is sent, and indicates the user
Terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent, and the authentication information is sent out
Authenticating device is given, so that the authenticating device judges whether the authentication information is correct.If the authentication information of user terminal is tested
It demonstrate,proves successfully, access device is then the user terminal setting split point, so that the user terminal is connect by the split point
Enter network;Or, user terminal is then allowed to access network by the access device.Currently, the load of core network and transmission at
This is bigger, drastically influences the development and raising of the transmission rate of wireless network.And access device provided by the invention can
It is significant to improve shunting effect, the efficiency of transmission of wireless network is improved, the load of wireless network is mitigated.
Embodiment 3:
The embodiment of the present invention provides a kind of access device, as shown in fig. 6, the access device includes: processor 401, is
System bus 402, transceiver 403 and memory 404.
Wherein, processor 401 can for central processing unit (English: central processing unit, abbreviation:
CPU)。
Memory 404 is transferred to the processor 401, processor 401 for storing program code, and by the program code
Following instructions are executed according to program code.Memory 404 may include volatile memory (English: volatile memory),
Such as random access memory (English: random-access memory, abbreviation: RAM);Memory 404 also may include non-
Volatile memory (English: non-volatile memory), such as read-only memory (English: read-only memory,
Abbreviation: ROM), flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or
Solid state hard disk (English: solid-state drive, abbreviation: SSD).Memory 404 can also include the memory of mentioned kind
Combination.It is connected between processor 401, memory 404 and transceiver 403 by system bus 402 and completes mutual lead to
Letter.
Transceiver 403 can be by optical transceiver, electric transceiver, wireless transceiver or any combination thereof realization.For example, light is received
Hair device can be Small Form-Factor Pluggable (English: small form-factor pluggable transceiver, abbreviation: SFP)
Transceiver (English: transceiver), enhancing Small Form-Factor Pluggable (English: enhanced small form-factor
Pluggable, abbreviation: SFP+) transceiver or 10 gigabit Small Form-Factor Pluggables (English: 10Gigabit small form-
Factor pluggable, abbreviation: XFP) transceiver.Electric transceiver can be Ethernet (English: Ethernet) network interface
Controller (English: network interface controller, abbreviation: NIC).Wireless transceiver can be wireless network and connect
Mouth controller (English: wireless network interface controller, abbreviation: WNIC).
Transceiver 403, for receiving the access request of user terminal transmission.The access request is to described based on the received
User terminal sends response message, and the response message indicates that the user terminal provides the authentication information of itself.
The transceiver 403 is also used to, and receives the authentication information that the user terminal is sent;
The transceiver 403 is used for, and the authentication information is sent to authenticating device, so that the authenticating device judges institute
Whether correct state authentication information.
Processor 401, if message is proved to be successful for receive that the authenticating device sends, for the user terminal
Split point is set, so that the user terminal accesses network by the split point;It is described to be proved to be successful described in message instruction
The authentication information of user terminal is correct, and the split point is predetermined the access device that can be shunted for the access device.
Or, allowing user terminal to pass through the access if receive that the authenticating device sends is proved to be successful message
Equipment accesses network.
The processor 401 is specifically used for, and obtains the gateway address of the split point.
The processor 401 is also used to, and the gateway address of the split point is sent to a user terminal, with toilet
It states user terminal and network is accessed by the split point.
It should be noted that the authentication information includes user name, the public key of access pin and the user terminal.
The message that is proved to be successful is that the user terminal disappears according to the response that the challenge message of the authenticating device generates
Breath.
The processor 401 is specifically used for, and receives the cryptographic challenge message that the authenticating device is sent, the challenge message
It is that the authenticating device is obtained using the public key of the user terminal to message encryption is addressed inquires to.The cryptographic challenge message is turned
Issue the user terminal;Receive the response message of the authenticating device forwarding sent from the user terminal;Open nothing
Gauze network access authority, allows the accessing user terminal to network.The response message is private of the user terminal with itself
Key to the cryptographic challenge message decrypt obtain challenge message after according to the challenge message generate.
Processor 401 is also used to, and receives the initial session key that the authenticating device is sent
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit
Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext.
The transceiver 403 is also used to, and the session ciphertext is sent to the user terminal, so as to the user terminal
The current sessions key is obtained to session ciphertext decryption.
The processor 401 is also used to, and establishes the session channel between the user terminal.
Access device provided in an embodiment of the present invention receives the access request that user terminal is sent, and indicates the user
Terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent, and the authentication information is sent out
Authenticating device is given, so that the authenticating device judges whether the authentication information is correct.If the authentication information of user terminal is tested
It demonstrate,proves successfully, access device is then the user terminal setting split point, so that the user terminal is connect by the split point
Enter network;Or, user terminal is then allowed to access network by the access device.Currently, the load of core network and transmission at
This is bigger, drastically influences the development and raising of the transmission rate of wireless network.And access device provided by the invention can
It is significant to improve shunting effect, the efficiency of transmission of wireless network is improved, the load of wireless network is mitigated.
Claims (12)
1. a kind of wireless network access controlling method characterized by comprising
Access device receives the access request that user terminal is sent, and is sent and rung to the user terminal according to the access request
Message is answered, the response message indicates that the user terminal provides the authentication information of itself;
The access device receives the authentication information that the user terminal is sent, and the authentication information is sent to certification and is set
It is standby, so that the authenticating device judges whether the authentication information is correct;
What the access device received that the authenticating device sends is proved to be successful message;The message that is proved to be successful indicates the use
The authentication information of family terminal is correct;
If the access device is proved to be successful message described in receiving at least two, split point is set for the user terminal,
So that the user terminal accesses network by the access device for the split point of its setting;The split point be can be institute
The access device for stating access device shunting is proved to be successful message and indicates at least two user terminals described in described at least two
Request accesses network by the access device.
2. the method according to claim 1, wherein it is described for the user terminal be arranged split point so that
The user terminal accesses network by the split point and specifically includes:
The access device obtains the gateway address of the user terminal, so that access controller is according to the user terminal
Gateway address is determined as the split point of the user terminal setting;
The access device receives the gateway address for the split point that the access controller is sent;
The gateway address of the split point is sent to the user terminal by the access device, so that the user terminal passes through
The split point accesses network.
3. the method according to claim 1, wherein the authentication information includes user name, access pin and
The public key of the user terminal.
4. according to the method described in claim 3, it is characterized in that, the message that is proved to be successful is the user terminal according to institute
State the response message that the challenge message of authenticating device generates;
What the access device received that the authenticating device sends is proved to be successful before message, the method also includes:
The access device receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is the authenticating device
Inquiry message encryption is obtained using the public key of the user terminal;
The cryptographic challenge message is transmitted to the user terminal by the access device;
The access device receives the response message from the user terminal of the authenticating device forwarding;The response message
It is that the user terminal is disappeared to after cryptographic challenge message decryption acquisition challenge message according to the inquiry with the private key of itself
What breath generated.
5. the method according to claim 1, wherein if the access device only receive one it is described verifying at
Function message, the access device then open wireless network access authority, the user terminal are allowed to connect by the access device
Enter network.
6. according to the method described in claim 5, it is characterized in that, the access device then open wireless network access authority,
After allowing the user terminal to access network by the access device, the method also includes:
The access device establishes the control channel between the user terminal;
The access device receives the initial session key that the authenticating device is sent;
The access device generates current sessions key according to the initial session key, and with the initial session key to institute
It states the encryption of current sessions key and obtains session ciphertext;
The session ciphertext is sent to the user terminal by the access device, so that the user terminal is close to the session
Text decryption obtains the current sessions key;
The access device establishes the session channel between the user terminal.
7. a kind of access device characterized by comprising
Receiving unit, for receiving the access request of user terminal transmission;
Transmission unit disappears for sending response to the user terminal according to the received access request of the receiving unit
Breath, the response message indicate that the user terminal provides the authentication information of itself;
The receiving unit is also used to, and receives the authentication information that the user terminal is sent;
The transmission unit is used for, and the authentication information is sent to authenticating device, to recognize described in authenticating device judgement
Whether correct demonstrate,prove information;
The receiving unit is also used to, and receive the authenticating device transmission is proved to be successful message;The message that is proved to be successful refers to
Show that the authentication information of the user terminal is correct;
Setting unit, if for the receiving unit receive at least two described in be proved to be successful message, it is whole for the user
End setting split point, so that the user terminal accesses network by the access device for the split point of its setting;It is described
Split point is the access device that can be shunted for the access device, and message instruction at least two is proved to be successful described in described at least two
A user terminal requests access network by the access device.
8. access device according to claim 7, which is characterized in that
The setting unit is specifically used for, and obtains the gateway address of the user terminal, so that access controller is according to
The gateway address of user terminal is determined as the split point of the user terminal setting;
The receiving unit is also used to, and receives the gateway location for the split point that the access controller is sent;
The transmission unit is also used to, and the gateway address of the split point is sent to the user terminal, so as to the user
Terminal accesses network by the split point.
9. access device according to claim 7, which is characterized in that the authentication information includes user name, access pin
And the public key of the user terminal.
10. access device according to claim 9, which is characterized in that the message that is proved to be successful is the user terminal
According to the challenge message of the authenticating device generate response message,
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, the challenge message is described
Authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and receives the response message of the authenticating device forwarding sent from the user terminal;
The response message is the user terminal cryptographic challenge message is decrypted with the private key of itself obtain challenge message after root
It is generated according to the challenge message.
11. access device according to claim 7, which is characterized in that it further include access unit,
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open wireless network
Network access authority allows the user terminal to access network by the access device.
12. access device according to claim 11, which is characterized in that it further include establishing unit, encryption unit,
The unit of establishing is used for, and in the open wireless network access authority of the access unit, the user terminal is allowed to pass through
After the access device access network, the control channel between the user terminal is established;
The receiving unit is also used to, and receives the initial session key that the authenticating device is sent;
The encryption unit is used for, and generates current sessions key according to the received initial session key of the receiving unit,
And the current sessions key is encrypted with the initial session key and obtains session ciphertext;
The transmission unit is also used to, and the session ciphertext is sent to the user terminal, so that the user terminal is to institute
It states the decryption of session ciphertext and obtains the current sessions key;
The unit of establishing is also used to, and establishes the session channel between the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610078502.5A CN105530687B (en) | 2016-02-04 | 2016-02-04 | A kind of wireless network access controlling method and access device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610078502.5A CN105530687B (en) | 2016-02-04 | 2016-02-04 | A kind of wireless network access controlling method and access device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105530687A CN105530687A (en) | 2016-04-27 |
CN105530687B true CN105530687B (en) | 2019-04-26 |
Family
ID=55772584
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610078502.5A Active CN105530687B (en) | 2016-02-04 | 2016-02-04 | A kind of wireless network access controlling method and access device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105530687B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106792667B (en) * | 2016-12-23 | 2020-12-18 | 北京光年无限科技有限公司 | Network access authentication method for robot and robot |
CN111404666B (en) * | 2019-01-02 | 2024-07-05 | 中国移动通信有限公司研究院 | Key generation method, terminal equipment and network equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101047942A (en) * | 2006-06-20 | 2007-10-03 | 华为技术有限公司 | Load bridging method and device |
CN105050081A (en) * | 2015-08-19 | 2015-11-11 | 腾讯科技(深圳)有限公司 | Method, device and system for connecting network access device to wireless network access point |
CN105262597A (en) * | 2015-11-30 | 2016-01-20 | 中国联合网络通信集团有限公司 | Network access authentication method, client terminal, access device and authentication device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102917406B (en) * | 2012-08-02 | 2016-04-06 | 华为技术有限公司 | Data traffic shunt method and equipment |
-
2016
- 2016-02-04 CN CN201610078502.5A patent/CN105530687B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101047942A (en) * | 2006-06-20 | 2007-10-03 | 华为技术有限公司 | Load bridging method and device |
CN105050081A (en) * | 2015-08-19 | 2015-11-11 | 腾讯科技(深圳)有限公司 | Method, device and system for connecting network access device to wireless network access point |
CN105262597A (en) * | 2015-11-30 | 2016-01-20 | 中国联合网络通信集团有限公司 | Network access authentication method, client terminal, access device and authentication device |
Also Published As
Publication number | Publication date |
---|---|
CN105530687A (en) | 2016-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105262597B (en) | Network access verifying method, client terminal, access device and authenticating device | |
EP2705642B1 (en) | System and method for providing access credentials | |
US9344417B2 (en) | Authentication method and system | |
US11736304B2 (en) | Secure authentication of remote equipment | |
US20170201382A1 (en) | Secure Endpoint Devices | |
US10277586B1 (en) | Mobile authentication with URL-redirect | |
CN112203271B (en) | Communication connection method, device and system | |
CN106169952B (en) | A kind of authentication method that internet Key Management Protocol is negotiated again and device | |
KR20070019704A (en) | Method and system for controlling the access authorization for a user in a local administrative domain when said user connects to an IP network | |
CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
CN109218263A (en) | A kind of control method and device | |
JP6997886B2 (en) | Non-3GPP device access to core network | |
JP2007068161A (en) | Distributed authentication function | |
JP2023162296A (en) | Non-3GPP device access to core network | |
CN105722072A (en) | Business authorization method, device, system and router | |
WO2009082950A1 (en) | Key distribution method, device and system | |
JP2016536678A (en) | Network management security authentication method, apparatus, system, and computer storage medium | |
CN105530687B (en) | A kind of wireless network access controlling method and access device | |
CN114513829A (en) | Network access method, device, core network, server and terminal | |
CN110138765A (en) | Data processing method and device | |
CN106549911A (en) | A kind of terminal access method and device | |
CN114301967B (en) | Control method, device and equipment for narrowband Internet of things | |
KR101451163B1 (en) | System and method for access authentication for wireless network | |
CN113169953A (en) | Method and apparatus for authenticating a device or user | |
CN114531225A (en) | End-to-end communication encryption method, device, storage medium and terminal equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |