CN105530687B - A kind of wireless network access controlling method and access device - Google Patents

A kind of wireless network access controlling method and access device Download PDF

Info

Publication number
CN105530687B
CN105530687B CN201610078502.5A CN201610078502A CN105530687B CN 105530687 B CN105530687 B CN 105530687B CN 201610078502 A CN201610078502 A CN 201610078502A CN 105530687 B CN105530687 B CN 105530687B
Authority
CN
China
Prior art keywords
user terminal
access
access device
message
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610078502.5A
Other languages
Chinese (zh)
Other versions
CN105530687A (en
Inventor
熊微
徐雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201610078502.5A priority Critical patent/CN105530687B/en
Publication of CN105530687A publication Critical patent/CN105530687A/en
Application granted granted Critical
Publication of CN105530687B publication Critical patent/CN105530687B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of wireless network access controlling method and access device, it is related to field of communication technology, is accessed for distributing split point for the user terminal of request access access device, can significantly improve shunting effect, the efficiency of transmission for improving wireless network, mitigates the load of wireless network.It include: that access device receives the access request that user terminal is sent, and sends response message to user terminal according to access request;The authentication information that user terminal is sent is received, and authentication information is sent to authenticating device, so that authenticating device judges whether authentication information is correct;Receive authenticating device transmission is proved to be successful message.If access device receives at least two and is proved to be successful message, split point is set for the user terminal, so that the user terminal accesses network by access device for the split point of its setting;At least two, which are proved to be successful message, indicates that at least two user terminal requests access network by the access device.

Description

A kind of wireless network access controlling method and access device
Technical field
The present invention relates to field of communication technology more particularly to a kind of wireless network access controlling methods and access device.
Background technique
Wireless network has many advantages, such as mobility, portability and instantaneity, is increasingly frequently applied for many places. Meanwhile with the development of wireless access technology, the increase and user data transmission of higher message transmission rate, number of users The raising of rate all proposes requirements at the higher level to the network element performance of core network.
Currently, multiple user terminals can request to access the same access device, network is accessed by the access device.It causes The load of wireless network is larger, drastically influences the development and raising of the transmission rate of wireless network.
Summary of the invention
The embodiment of the present invention provides a kind of wireless network access controlling method and access device, for access device to be accessed User terminal distribution split point is accessed, and can significantly be improved shunting effect, be improved the efficiency of transmission of wireless network, mitigate The load of wireless network.
In order to achieve the above objectives, technical solution used in the embodiment of the present invention is,
In a first aspect, disclosing a kind of wireless network access controlling method, comprising:
Access device receives the access request that user terminal is sent, and is sent out according to the access request to the user terminal Response message is sent, the response message indicates that the user terminal provides the authentication information of itself;
The access device receives the authentication information that the user terminal is sent, and the authentication information is sent to certification Equipment, so that the authenticating device judges whether the authentication information is correct;
What the access device received that the authenticating device sends is proved to be successful message;It is described to be proved to be successful message instruction institute The authentication information for stating user terminal is correct;
If the access device is proved to be successful message described in receiving at least two, it is arranged for the user terminal and shunts Point, so that the user terminal accesses network by the access device for the split point of its setting;The split point is can For the access device that the access device shunts, it is proved to be successful message described in described at least two and indicates at least two users Terminal request accesses network by the access device.
With reference to first aspect, in the first possible implementation of the first aspect, described to be set for the user terminal Split point is set, is specifically included so that the user terminal accesses network by the split point:
The access device obtains the gateway address of the user terminal;
Split point is arranged according to the gateway address of the user terminal for the user terminal in the access device;
The gateway address for the split point being arranged for the user terminal is sent to the user terminal by the access device, So that the user terminal accesses network by the split point.
With reference to first aspect, in the second possible implementation of the first aspect, the authentication information includes user Name, the public key of access pin and the user terminal.
The possible implementation of second with reference to first aspect, in the third possible implementation of first aspect In, the message that is proved to be successful is the response message that the user terminal is generated according to the challenge message of the authenticating device;
What the access device received that the authenticating device sends is proved to be successful before message, the method also includes:
The access device receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is the certification The public key of user terminal described in equipment utilization obtains inquiry message encryption;
The cryptographic challenge message is transmitted to the user terminal by the access device;
The access device receives the response message from the user terminal of the authenticating device forwarding;The response Message is the user terminal cryptographic challenge message is decrypted with the private key of itself obtain challenge message after according to the matter Ask what message generated;
With reference to first aspect, in a fourth possible implementation of the first aspect, if the access device only receives To message is proved to be successful described in one, the access device then opens wireless network access authority, allows the user terminal logical Cross the access device access network.
The 4th kind of possible implementation with reference to first aspect, in the 5th kind of possible implementation of first aspect In, the access device then opens wireless network access authority, and the user terminal is allowed to access net by the access device After network, the method also includes:
The access device establishes the control channel between the user terminal;
The access device receives the initial session key that the authenticating device is sent;
The access device generates current sessions key according to the initial session key, and with the initial session key The current sessions key is encrypted and obtains session ciphertext;
The session ciphertext is sent to the user terminal by the access device, so that the user terminal is to the meeting It talks about ciphertext decryption and obtains the current sessions key;
The access device establishes the session channel between the user terminal.
Second aspect discloses a kind of access device, comprising:
Receiving unit, for receiving the access request of user terminal transmission;
Transmission unit is responded for being sent according to the received access request of the receiving unit to the user terminal Message, the response message indicate that the user terminal provides the authentication information of itself;
The receiving unit is also used to, and receives the authentication information that the user terminal is sent;
The transmission unit is used for, and the authentication information is sent to authenticating device, so that the authenticating device judges institute Whether correct state authentication information;
The receiving unit is also used to, and receive the authenticating device transmission is proved to be successful message;Described be proved to be successful disappears Breath indicates that the authentication information of the user terminal is correct;
Setting unit, if for the receiving unit receive at least two described in be proved to be successful message, for the use Split point is arranged in family terminal, so that the user terminal accesses network by the access device for the split point of its setting; The split point be can for the access device shunt access device, be proved to be successful described in described at least two message indicate to Few two user terminal requests access network by the access device.
In conjunction with second aspect, in the first possible implementation of the second aspect, the setting unit is specifically used for, Obtain the gateway address of the user terminal;According to the gateway address of the user terminal, shunted for user terminal setting Point;
The transmission unit is also used to, and the gateway address for the split point being arranged for the user terminal is sent to the use Family terminal, so that the user terminal accesses network by the split point.
In conjunction with second aspect, in a second possible implementation of the second aspect, the authentication information includes user Name, the public key of access pin and the user terminal.
In conjunction with second of possible implementation of second aspect, in the third possible implementation of second aspect In, the message that is proved to be successful is the response message that the user terminal is generated according to the challenge message of the authenticating device,
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is The authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and the response sent from the user terminal for receiving the authenticating device forwarding disappears Breath;The response message is after the user terminal decrypts acquisition challenge message to the cryptographic challenge message with the private key of itself It is generated according to the challenge message.
It further include access unit in the fourth possible implementation of the second aspect in conjunction with second aspect,
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open nothing Gauze network access authority allows the user terminal to access network by the access device.
In conjunction with the 4th kind of possible implementation of second aspect, in the 5th kind of possible implementation of second aspect In, it further include establishing unit, encryption unit,
The unit of establishing is used for, and in the open wireless network access authority of the access unit, allows the user terminal After accessing network by the access device, the control channel between the user terminal is established;
The receiving unit is also used to, and receives the initial session key that the authenticating device is sent;
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext;
The transmission unit is also used to, and the session ciphertext is sent to the user terminal, so as to the user terminal The current sessions key is obtained to session ciphertext decryption;
The unit of establishing is also used to, and establishes the session channel between the user terminal.
Wireless network access controlling method and access device provided in an embodiment of the present invention, access device receive user terminal The access request of transmission, and indicate that the user terminal provides the authentication information of itself;Access device receives user terminal and sends Authentication information, and the authentication information is sent to authenticating device, so that the authenticating device judges that the authentication information is It is no correct.If the authentication information of user terminal is proved to be successful, access device is the user terminal setting split point, so that The user terminal accesses network by the split point;Or, user terminal is then allowed to access network by the access device. Currently, the load and transmission cost of core network are bigger, the development and raising of the transmission rate of wireless network are drastically influenced. And method provided by the invention is when at least two user terminal requests access network by same access device, can be user Split point is arranged to access network by split point in terminal, by shunting effect, mitigates the access load of access device, improves nothing The efficiency of transmission of gauze network mitigates the load of wireless network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the architecture diagram of network access system provided in an embodiment of the present invention;
Fig. 2 is the flow diagram for the wireless network access controlling method that the embodiment of the present invention 1 provides;
Fig. 3 is the split point setting schematic diagram that the embodiment of the present invention 1 provides;
Fig. 4 is another flow diagram for the wireless network access controlling method that the embodiment of the present invention 1 provides;
Fig. 5 is the structural block diagram for the access device that the embodiment of the present invention 2 provides;
Fig. 6 is the structural block diagram for the access device that the embodiment of the present invention 3 provides.
Specific embodiment
The principle of the invention lies in: in wireless network access procedure, request can be accessed to the user of certain access device In terminal distribution to the split point of the access device, so that user terminal accesses network by split point.It in this way can be significant Shunting effect is improved, the efficiency of transmission of wireless network is improved, mitigates the load of wireless network.
As shown in Figure 1, being the architecture diagram of network access system, including user terminal, access device and authenticating device.Net Network provides the medium of communication link between this three, can be wired, wireless communication link or fiber optic cables etc..
Wherein, user terminal can be mobile phone, pad (tablet computer) etc..When needing to access network, sent out to access device Send authentication information.Authentication information mentioned here can be, the password or key that authentication protocol needs.
Access device: the equipment for being responsible for access network can be the service of the Local wireless networks such as interchanger, router Terminal.For example, the main effect of access device is: in verification process, receiving the authentication information that client terminal is sent.With Authenticating device communication, to carry out RADIUS (Remote Authentication Dial In User Service, remote user Dialing authentication service) message interaction process, to be verified to authentication information, completion user authentication.After certification passes through, allow User accesses internet.Authenticating device can be safety certificate management server.
In wireless network access, access device can receive the access request of multiple user terminals, and request passes through the access Equipment accesses network.The load that will lead to the access device is larger, drastically influences the development of the transmission rate of wireless network With raising.
Embodiment 1:
The embodiment of the present invention provides a kind of wireless network access controlling method, is applied to network access system, such as Fig. 2 institute Show, the described method comprises the following steps:
101, access device receives the access request that user terminal is sent.
In the specific implementation, sending access request, examination to access device when user terminal is intended to access network by access device Figure obtains the id information of access device.
102, access device sends response message to user terminal.
Specifically, access device sends response message to the user terminal according to the access request that user terminal is sent, The response message indicates that the user terminal provides the authentication information of itself.It is exemplary, it is connect described in the access device acquisition Enter the identification information for the user terminal that request carries, and then response message is sent to user terminal according to the identification information.
103, receiving device receives the authentication information that user terminal is sent.
Specifically, the authentication information can be the id information of user terminal, wherein the id information packet of the user terminal Include the public key of username and password and the user terminal that access network needs.
104, the authentication information is sent to authenticating device by access device.
Furthermore it is possible to be the encrypted authentication information that access device sends user terminal, encrypted information is sent to Authenticating device, authenticating device receive encrypted information and decrypt the authentication information for obtaining user terminal to it.
105, the authenticating device judges whether the authentication information is correct.
Specifically, first verify that whether the username and password for including in authentication information is correct.Secondly, being demonstrate,proved in local authentication The public key of the client terminal is obtained in bibliography record, and judges that the public key of the client terminal obtained and the access device are sent out Whether the public key for the client terminal for including in the authentication information sent is identical.
If the username and password for including in authentication information is correct, and the public key of the client terminal obtained connects with described The public key for entering the client terminal for including in the authentication information of equipment transmission is identical, it is determined that the authentication information is correct , i.e., the described user terminal has passed through certification.
If the public key of the client terminal of the username bad or password bad or acquisition that include in authentication information The public key for the client terminal for including in the authentication information sent with the access device is not identical, it is determined that the certification letter Breath be it is wrong, i.e., the described user terminal is not over verifying.
In addition, carrying out step 106 if the authentication information is correct.
106, authenticating device is proved to be successful message to access device transmission.
107, what access device received that the authenticating device sends is proved to be successful message.
Wherein, the message that is proved to be successful indicates that the authentication information of the user terminal is correct.
If 108, access device receive at least two described in be proved to be successful message, for the user terminal be arranged shunt Then split point is arranged for the user terminal in point.
Split point is set for user terminal, so that the user terminal is the shunting of its setting by the access device Point access network.In addition, being proved to be successful message described in described at least two indicates that at least two user terminal requests pass through The access device accesses network, that is to say, that the access heavier loads of access device can mitigate access by shunting and set Standby load.
The split point is the access device that can be shunted for the access device.The access device can be predetermined Split point, be also possible to receive at least two described in be proved to be successful message after, be dynamically determined split point.The split point It is to be reported from access controller to the access device.Specifically, as shown in figure 3, access controller is each access in advance Equipment is provided with multiple split points, wherein each split point corresponds to an access device, and the gateway address of each split point is not Together.When access device needs to shunt, access controller can relevant information with reference to user terminal and the access device Relevant information, according to preset Diffluence Algorithm in advance for determining suitable point in multiple split points of access device setting Flow point.And the gateway address of split point is sent to the access device.
The access device receives the gateway address for the shunting address that the access controller is sent, and by the net of split point It closes address and is sent to user terminal, so that the user terminal accesses network by the split point.
In a preferred embodiment of the invention, the message that is proved to be successful is the user terminal according to the authenticating device Challenge message generate response message.
The access device receives the message that is proved to be successful of the authenticating device transmission, and permission user terminal is connect by described Enter equipment access network to specifically include: the public key of the authenticating device user terminal obtains cryptographic challenge to message encryption is addressed inquires to Message, and the cryptographic challenge message is sent to access device.Wherein, challenge message is for inquiring to the user terminal The password of private key, the password are used to protect the access to private key.
The access device receives the cryptographic challenge message that the authenticating device is sent, and the cryptographic challenge message is turned Issue the user terminal.
The user terminal receives the cryptographic challenge message, and is decrypted with the private key of itself to the cryptographic challenge message Obtain challenge message.According to the response message that the challenge message generates, the response message is sent to authenticating device.This In, response message carries the private key cryptographic that user terminal is keyed in.In the specific implementation, if user terminal can with itself private key at Function decrypts the cryptographic challenge message received, then shows that the authentication information of user terminal is correct, can access network, and then will be private The password of key carries to be sent to authenticating device in the response message.
The authenticating device receives the response message that the user terminal is sent, and the response message is transmitted to described Access device.
In addition, if the access device only receive one described in be proved to be successful message, allow user terminal to pass through described Access device accesses network.That is the access light load of access device, without being shunted.
It should be noted that for a user terminal being proved to be successful (i.e. the user terminal provide authentication information be Correctly) or the user terminal is allowed to pass through access device (access device for the receiving user terminal access request) access Network or the user terminal is allowed to access network by the split point of the access device, needed current according to access device Loading condition is determined.The access request of more than two user terminals is received, then can mitigate access device by setting split point Load.
If if execute the step access device only receive one described in be proved to be successful message, allow user terminal to pass through After the access device access network, the access device can also continue to interact with user terminal and authenticating device, pass through The modes such as control channel, setting key are established, network insertion is particularly limited as a series of verifying contents, improves device network The reliability and safety of access.Specifically, as shown in figure 4, wireless network access method provided by the invention includes:
201, access device receives the access request that user terminal is sent.
202, access device sends response message to user terminal.
203, receiving device receives the authentication information that user terminal is sent.
204, the authentication information is sent to authenticating device by access device.
205, the authenticating device judges whether the authentication information is correct.
In addition, carrying out step 106 if the authentication information is correct.
206, the public key of the authenticating device user terminal obtains cryptographic challenge message to message encryption is addressed inquires to.
207, the cryptographic challenge message is sent to access device by authenticating device.
208, the access device receives the cryptographic challenge message that the authenticating device is sent, and the cryptographic challenge is disappeared Breath is transmitted to the user terminal.
209, the user terminal receives the cryptographic challenge message, and with the private key of itself to the cryptographic challenge message Decryption obtains challenge message.The response message generated according to the challenge message.
210, the response message is sent to authenticating device by user terminal.
211, authenticating device receives the response message that the user terminal is sent, and the response message is transmitted to described Access device.
212, the access device receives the response message, then opens wireless network access authority, allow the use Family accessing terminal to network.
213, the access device establishes the control channel between the user terminal.
Specifically, the access gateway hand shaking of user terminal and access device, establishes control channel.It is controlled in the foundation During channel, communicating pair (i.e. user terminal and access device) exchange agreement version, encryption algorithm type information, if Control channel is successfully established, then exchanges parameters for authentication by control channel.If control channel establishes failure, return is shaken hands unsuccessfully Mistake, user terminal reconnection or is exited.Later, it is used for the session key of data encryption by control channel exchange, establishes data Channel.
214, session key is sent respectively to access device and mobile terminal by authenticating device.
215, after access device generates current sessions key, the current sessions key is encrypted with the session key and is generated Session ciphertext.
216, access device sends the session ciphertext to user terminal.
217, user terminal receives the session ciphertext, and decrypts the session ciphertext and obtain current sessions key.
Specifically, the session key that user terminal step 213 receives obtains current meeting to session ciphertext decryption Talk about key.
218, access device establishes the session channel between user terminal.
Wherein, the session channel can be data channel.Since user terminal and access device are using identical Session key (the i.e. described current sessions key), therefore session channel between the two can be established.
It should be noted that if user terminal accesses network by the access device, then put after receiving response message Open network.It is accessed if it is by split point, access device only receives response message in that above-mentioned steps 212, can't open Wireless network access authority allows the accessing user terminal to network.Also step 213-218 would not be carried out.In addition, user is whole End will re-start access request process, access request be sent to the corresponding access device of split point, to access network.Specifically Access process can be identical as step 201-218, and access device therein is only substituted for the corresponding access device of split point, This will not be repeated here.
Wireless network access controlling method provided in an embodiment of the present invention, access device receive the access that user terminal is sent Request, and indicate that the user terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent, And the authentication information is sent to authenticating device, so that the authenticating device judges whether the authentication information is correct.If with The authentication information of family terminal is proved to be successful, and access device is then the user terminal setting split point, so that the user is whole Network is accessed by the split point in end;Or, user terminal is then allowed to access network by the access device.Currently, core The load and transmission cost of network are bigger, drastically influence the development and raising of the transmission rate of wireless network.And it is of the invention The method of offer can significantly improve shunting effect, improve the efficiency of transmission of wireless network, mitigate the load of wireless network.
Embodiment 2:
The embodiment of the present invention provides a kind of access device, as shown in figure 5, the access device include: receiving unit 301, Transmission unit 302 and setting unit 303.
Receiving unit 301, for receiving the access request of user terminal transmission.
Transmission unit 302, for being sent out according to the received access request of the receiving unit 301 to the user terminal Response message is sent, the response message indicates that the user terminal provides the authentication information of itself.
The receiving unit 301 is also used to, and receives the authentication information that the user terminal is sent.
The transmission unit 302 is used for, and the authentication information is sent to authenticating device, so as to authenticating device judgement Whether the authentication information is correct.
The receiving unit 301 is also used to, and receive the authenticating device transmission is proved to be successful message;It is described to be proved to be successful Message indicates that the authentication information of the user terminal is correct.
Setting unit 303, if for the receiving unit receive at least two described in be proved to be successful message, be described Split point is arranged in user terminal, so that the user terminal accesses net by the access device for the split point of its setting Network;The split point is the access device that can be shunted for the access device, is proved to be successful message described in described at least two and refers to Show that at least two user terminal requests access network by the access device.
The setting unit 303 is specifically used for, and obtains the gateway address of the user terminal;According to the user terminal Split point is arranged for the user terminal in gateway address.
The transmission unit 302 is also used to, and the gateway address for the split point being arranged for the user terminal is sent to institute User terminal is stated, so that the user terminal accesses network by the split point.
It should be noted that the authentication information includes user name, the public key of access pin and the user terminal.
The message that is proved to be successful is that the user terminal disappears according to the response that the challenge message of the authenticating device generates Breath.
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is The authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and the response sent from the user terminal for receiving the authenticating device forwarding disappears Breath;The response message is after the user terminal decrypts acquisition challenge message to the cryptographic challenge message with the private key of itself It is generated according to the challenge message.
The access device further includes access unit.
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open nothing Gauze network access authority allows the user terminal to access network by the access device.
The access device further includes establishing unit, encryption unit.
The unit of establishing is used for, and establishes the control channel between the user terminal.
The receiving unit 301 is also used to, and in the open wireless network access authority of the access unit, allows the user After terminal accesses network by the access device, the initial session key that the authenticating device is sent is received.
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext.
The transmission unit 302 is also used to, and the session ciphertext is sent to the user terminal, so that the user is whole End obtains the current sessions key to session ciphertext decryption.
The unit of establishing is also used to, and establishes the session channel between the user terminal.
It should be noted that receiving unit in the present embodiment can be the receiver of access device, transmission unit can be with For the transmitter of access device;Alternatively, it is also possible to which receiving unit and transmission unit to be integrated to the receipts for constituting access device Hair machine.Setting unit, access unit can be the processor individually set up, and also can integrate some processing in access device It is realized in device, in addition it is also possible to which the form of program code is stored in the memory of client terminal, by some of client terminal Processor calls and executes the function of the above encryption unit.Processor described here can be a central processing unit (Central Processing Unit, CPU) or specific integrated circuit (Application Specific Integrated Circuit, ASIC).
Access device provided in an embodiment of the present invention receives the access request that user terminal is sent, and indicates the user Terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent, and the authentication information is sent out Authenticating device is given, so that the authenticating device judges whether the authentication information is correct.If the authentication information of user terminal is tested It demonstrate,proves successfully, access device is then the user terminal setting split point, so that the user terminal is connect by the split point Enter network;Or, user terminal is then allowed to access network by the access device.Currently, the load of core network and transmission at This is bigger, drastically influences the development and raising of the transmission rate of wireless network.And access device provided by the invention can It is significant to improve shunting effect, the efficiency of transmission of wireless network is improved, the load of wireless network is mitigated.
Embodiment 3:
The embodiment of the present invention provides a kind of access device, as shown in fig. 6, the access device includes: processor 401, is System bus 402, transceiver 403 and memory 404.
Wherein, processor 401 can for central processing unit (English: central processing unit, abbreviation: CPU)。
Memory 404 is transferred to the processor 401, processor 401 for storing program code, and by the program code Following instructions are executed according to program code.Memory 404 may include volatile memory (English: volatile memory), Such as random access memory (English: random-access memory, abbreviation: RAM);Memory 404 also may include non- Volatile memory (English: non-volatile memory), such as read-only memory (English: read-only memory, Abbreviation: ROM), flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or Solid state hard disk (English: solid-state drive, abbreviation: SSD).Memory 404 can also include the memory of mentioned kind Combination.It is connected between processor 401, memory 404 and transceiver 403 by system bus 402 and completes mutual lead to Letter.
Transceiver 403 can be by optical transceiver, electric transceiver, wireless transceiver or any combination thereof realization.For example, light is received Hair device can be Small Form-Factor Pluggable (English: small form-factor pluggable transceiver, abbreviation: SFP) Transceiver (English: transceiver), enhancing Small Form-Factor Pluggable (English: enhanced small form-factor Pluggable, abbreviation: SFP+) transceiver or 10 gigabit Small Form-Factor Pluggables (English: 10Gigabit small form- Factor pluggable, abbreviation: XFP) transceiver.Electric transceiver can be Ethernet (English: Ethernet) network interface Controller (English: network interface controller, abbreviation: NIC).Wireless transceiver can be wireless network and connect Mouth controller (English: wireless network interface controller, abbreviation: WNIC).
Transceiver 403, for receiving the access request of user terminal transmission.The access request is to described based on the received User terminal sends response message, and the response message indicates that the user terminal provides the authentication information of itself.
The transceiver 403 is also used to, and receives the authentication information that the user terminal is sent;
The transceiver 403 is used for, and the authentication information is sent to authenticating device, so that the authenticating device judges institute Whether correct state authentication information.
Processor 401, if message is proved to be successful for receive that the authenticating device sends, for the user terminal Split point is set, so that the user terminal accesses network by the split point;It is described to be proved to be successful described in message instruction The authentication information of user terminal is correct, and the split point is predetermined the access device that can be shunted for the access device.
Or, allowing user terminal to pass through the access if receive that the authenticating device sends is proved to be successful message Equipment accesses network.
The processor 401 is specifically used for, and obtains the gateway address of the split point.
The processor 401 is also used to, and the gateway address of the split point is sent to a user terminal, with toilet It states user terminal and network is accessed by the split point.
It should be noted that the authentication information includes user name, the public key of access pin and the user terminal.
The message that is proved to be successful is that the user terminal disappears according to the response that the challenge message of the authenticating device generates Breath.
The processor 401 is specifically used for, and receives the cryptographic challenge message that the authenticating device is sent, the challenge message It is that the authenticating device is obtained using the public key of the user terminal to message encryption is addressed inquires to.The cryptographic challenge message is turned Issue the user terminal;Receive the response message of the authenticating device forwarding sent from the user terminal;Open nothing Gauze network access authority, allows the accessing user terminal to network.The response message is private of the user terminal with itself Key to the cryptographic challenge message decrypt obtain challenge message after according to the challenge message generate.
Processor 401 is also used to, and receives the initial session key that the authenticating device is sent
The encryption unit is used for, and it is close to generate current sessions according to the received initial session key of the receiving unit Key, and the current sessions key is encrypted with the initial session key and obtains session ciphertext.
The transceiver 403 is also used to, and the session ciphertext is sent to the user terminal, so as to the user terminal The current sessions key is obtained to session ciphertext decryption.
The processor 401 is also used to, and establishes the session channel between the user terminal.
Access device provided in an embodiment of the present invention receives the access request that user terminal is sent, and indicates the user Terminal provides the authentication information of itself;Access device receives the authentication information that user terminal is sent, and the authentication information is sent out Authenticating device is given, so that the authenticating device judges whether the authentication information is correct.If the authentication information of user terminal is tested It demonstrate,proves successfully, access device is then the user terminal setting split point, so that the user terminal is connect by the split point Enter network;Or, user terminal is then allowed to access network by the access device.Currently, the load of core network and transmission at This is bigger, drastically influences the development and raising of the transmission rate of wireless network.And access device provided by the invention can It is significant to improve shunting effect, the efficiency of transmission of wireless network is improved, the load of wireless network is mitigated.

Claims (12)

1. a kind of wireless network access controlling method characterized by comprising
Access device receives the access request that user terminal is sent, and is sent and rung to the user terminal according to the access request Message is answered, the response message indicates that the user terminal provides the authentication information of itself;
The access device receives the authentication information that the user terminal is sent, and the authentication information is sent to certification and is set It is standby, so that the authenticating device judges whether the authentication information is correct;
What the access device received that the authenticating device sends is proved to be successful message;The message that is proved to be successful indicates the use The authentication information of family terminal is correct;
If the access device is proved to be successful message described in receiving at least two, split point is set for the user terminal, So that the user terminal accesses network by the access device for the split point of its setting;The split point be can be institute The access device for stating access device shunting is proved to be successful message and indicates at least two user terminals described in described at least two Request accesses network by the access device.
2. the method according to claim 1, wherein it is described for the user terminal be arranged split point so that The user terminal accesses network by the split point and specifically includes:
The access device obtains the gateway address of the user terminal, so that access controller is according to the user terminal Gateway address is determined as the split point of the user terminal setting;
The access device receives the gateway address for the split point that the access controller is sent;
The gateway address of the split point is sent to the user terminal by the access device, so that the user terminal passes through The split point accesses network.
3. the method according to claim 1, wherein the authentication information includes user name, access pin and The public key of the user terminal.
4. according to the method described in claim 3, it is characterized in that, the message that is proved to be successful is the user terminal according to institute State the response message that the challenge message of authenticating device generates;
What the access device received that the authenticating device sends is proved to be successful before message, the method also includes:
The access device receives the cryptographic challenge message that the authenticating device is sent, and the challenge message is the authenticating device Inquiry message encryption is obtained using the public key of the user terminal;
The cryptographic challenge message is transmitted to the user terminal by the access device;
The access device receives the response message from the user terminal of the authenticating device forwarding;The response message It is that the user terminal is disappeared to after cryptographic challenge message decryption acquisition challenge message according to the inquiry with the private key of itself What breath generated.
5. the method according to claim 1, wherein if the access device only receive one it is described verifying at Function message, the access device then open wireless network access authority, the user terminal are allowed to connect by the access device Enter network.
6. according to the method described in claim 5, it is characterized in that, the access device then open wireless network access authority, After allowing the user terminal to access network by the access device, the method also includes:
The access device establishes the control channel between the user terminal;
The access device receives the initial session key that the authenticating device is sent;
The access device generates current sessions key according to the initial session key, and with the initial session key to institute It states the encryption of current sessions key and obtains session ciphertext;
The session ciphertext is sent to the user terminal by the access device, so that the user terminal is close to the session Text decryption obtains the current sessions key;
The access device establishes the session channel between the user terminal.
7. a kind of access device characterized by comprising
Receiving unit, for receiving the access request of user terminal transmission;
Transmission unit disappears for sending response to the user terminal according to the received access request of the receiving unit Breath, the response message indicate that the user terminal provides the authentication information of itself;
The receiving unit is also used to, and receives the authentication information that the user terminal is sent;
The transmission unit is used for, and the authentication information is sent to authenticating device, to recognize described in authenticating device judgement Whether correct demonstrate,prove information;
The receiving unit is also used to, and receive the authenticating device transmission is proved to be successful message;The message that is proved to be successful refers to Show that the authentication information of the user terminal is correct;
Setting unit, if for the receiving unit receive at least two described in be proved to be successful message, it is whole for the user End setting split point, so that the user terminal accesses network by the access device for the split point of its setting;It is described Split point is the access device that can be shunted for the access device, and message instruction at least two is proved to be successful described in described at least two A user terminal requests access network by the access device.
8. access device according to claim 7, which is characterized in that
The setting unit is specifically used for, and obtains the gateway address of the user terminal, so that access controller is according to The gateway address of user terminal is determined as the split point of the user terminal setting;
The receiving unit is also used to, and receives the gateway location for the split point that the access controller is sent;
The transmission unit is also used to, and the gateway address of the split point is sent to the user terminal, so as to the user Terminal accesses network by the split point.
9. access device according to claim 7, which is characterized in that the authentication information includes user name, access pin And the public key of the user terminal.
10. access device according to claim 9, which is characterized in that the message that is proved to be successful is the user terminal According to the challenge message of the authenticating device generate response message,
The receiving unit is also used to, and receives the cryptographic challenge message that the authenticating device is sent, the challenge message is described Authenticating device obtains inquiry message encryption using the public key of the user terminal;
The transmission unit is also used to, and the cryptographic challenge message is transmitted to the user terminal;
The receiving unit is also used to, and receives the response message of the authenticating device forwarding sent from the user terminal; The response message is the user terminal cryptographic challenge message is decrypted with the private key of itself obtain challenge message after root It is generated according to the challenge message.
11. access device according to claim 7, which is characterized in that it further include access unit,
The access unit is used for, if the receiving unit only receive one described in be proved to be successful message, open wireless network Network access authority allows the user terminal to access network by the access device.
12. access device according to claim 11, which is characterized in that it further include establishing unit, encryption unit,
The unit of establishing is used for, and in the open wireless network access authority of the access unit, the user terminal is allowed to pass through After the access device access network, the control channel between the user terminal is established;
The receiving unit is also used to, and receives the initial session key that the authenticating device is sent;
The encryption unit is used for, and generates current sessions key according to the received initial session key of the receiving unit, And the current sessions key is encrypted with the initial session key and obtains session ciphertext;
The transmission unit is also used to, and the session ciphertext is sent to the user terminal, so that the user terminal is to institute It states the decryption of session ciphertext and obtains the current sessions key;
The unit of establishing is also used to, and establishes the session channel between the user terminal.
CN201610078502.5A 2016-02-04 2016-02-04 A kind of wireless network access controlling method and access device Active CN105530687B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610078502.5A CN105530687B (en) 2016-02-04 2016-02-04 A kind of wireless network access controlling method and access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610078502.5A CN105530687B (en) 2016-02-04 2016-02-04 A kind of wireless network access controlling method and access device

Publications (2)

Publication Number Publication Date
CN105530687A CN105530687A (en) 2016-04-27
CN105530687B true CN105530687B (en) 2019-04-26

Family

ID=55772584

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610078502.5A Active CN105530687B (en) 2016-02-04 2016-02-04 A kind of wireless network access controlling method and access device

Country Status (1)

Country Link
CN (1) CN105530687B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106792667B (en) * 2016-12-23 2020-12-18 北京光年无限科技有限公司 Network access authentication method for robot and robot
CN111404666B (en) * 2019-01-02 2024-07-05 中国移动通信有限公司研究院 Key generation method, terminal equipment and network equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047942A (en) * 2006-06-20 2007-10-03 华为技术有限公司 Load bridging method and device
CN105050081A (en) * 2015-08-19 2015-11-11 腾讯科技(深圳)有限公司 Method, device and system for connecting network access device to wireless network access point
CN105262597A (en) * 2015-11-30 2016-01-20 中国联合网络通信集团有限公司 Network access authentication method, client terminal, access device and authentication device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102917406B (en) * 2012-08-02 2016-04-06 华为技术有限公司 Data traffic shunt method and equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047942A (en) * 2006-06-20 2007-10-03 华为技术有限公司 Load bridging method and device
CN105050081A (en) * 2015-08-19 2015-11-11 腾讯科技(深圳)有限公司 Method, device and system for connecting network access device to wireless network access point
CN105262597A (en) * 2015-11-30 2016-01-20 中国联合网络通信集团有限公司 Network access authentication method, client terminal, access device and authentication device

Also Published As

Publication number Publication date
CN105530687A (en) 2016-04-27

Similar Documents

Publication Publication Date Title
CN105262597B (en) Network access verifying method, client terminal, access device and authenticating device
EP2705642B1 (en) System and method for providing access credentials
US9344417B2 (en) Authentication method and system
US11736304B2 (en) Secure authentication of remote equipment
US20170201382A1 (en) Secure Endpoint Devices
US10277586B1 (en) Mobile authentication with URL-redirect
CN112203271B (en) Communication connection method, device and system
CN106169952B (en) A kind of authentication method that internet Key Management Protocol is negotiated again and device
KR20070019704A (en) Method and system for controlling the access authorization for a user in a local administrative domain when said user connects to an IP network
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
CN109218263A (en) A kind of control method and device
JP6997886B2 (en) Non-3GPP device access to core network
JP2007068161A (en) Distributed authentication function
JP2023162296A (en) Non-3GPP device access to core network
CN105722072A (en) Business authorization method, device, system and router
WO2009082950A1 (en) Key distribution method, device and system
JP2016536678A (en) Network management security authentication method, apparatus, system, and computer storage medium
CN105530687B (en) A kind of wireless network access controlling method and access device
CN114513829A (en) Network access method, device, core network, server and terminal
CN110138765A (en) Data processing method and device
CN106549911A (en) A kind of terminal access method and device
CN114301967B (en) Control method, device and equipment for narrowband Internet of things
KR101451163B1 (en) System and method for access authentication for wireless network
CN113169953A (en) Method and apparatus for authenticating a device or user
CN114531225A (en) End-to-end communication encryption method, device, storage medium and terminal equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant