CN106559785A - Authentication method, equipment and system and access device and terminal - Google Patents
Authentication method, equipment and system and access device and terminal Download PDFInfo
- Publication number
- CN106559785A CN106559785A CN201510639360.0A CN201510639360A CN106559785A CN 106559785 A CN106559785 A CN 106559785A CN 201510639360 A CN201510639360 A CN 201510639360A CN 106559785 A CN106559785 A CN 106559785A
- Authority
- CN
- China
- Prior art keywords
- access device
- access
- information
- device identification
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
The invention discloses a kind of authentication method, equipment and system and access device and terminal.Authentication method therein includes:Authenticating device receives the access request certification request that send of the access device in response to terminal, and the certification request includes encrypting user totem information and access device identification;Authenticating device is decrypted to encryption user totem information and obtains ID, and the map information between ID and access device identification of the access device identification in the ID and the certification request that decryption is obtained with record carries out matching certification;Authenticating device is responded to access device return authentication according to the result of matching certification, so that access device conducts interviews to terminal control according to authentication response.So as to improve the safety of wireless network access.
Description
Technical field
The present invention relates to mobile internet technical field, more particularly to portable set wireless
Conduct interviews in communication network the technology of control.
Background technology
WiFi (Wireless Fidelity, Wireless Fidelity) access because of its good access convenience and
SM is applied more and more widely, especially Public place such as fast food restaurant,
The regions such as coffee-house, hotel, market, shopping mall, colleges and universities, scenic spot apply more and more, at this
A little regions, customer mobile terminal can be accessed conveniently by WiFi and obtain network access capacity,
And WiFi ISPs can also by provide WiFi access services reach popularization corporate image and
Product, lifted brand recognition, improve service level and strengthen the purposes such as client's viscosity.
The convenience that this WiFi services are used also exactly creates convenience for illegal attacker,
Which passes through erection illegal wireless access point allows unwitting user access network to steal user's online account
The privacy user profile such as number password, bring very big hidden danger to the information security of user.Therefore, have
It is necessary to improve the safety that WiFi is accessed.
The content of the invention
An embodiment of the present invention technical problem to be solved is:How the peace of WiFi access is lifted
Quan Xing.
A kind of one side according to embodiments of the present invention, there is provided authentication method, including:Certification
Equipment receives the access request certification request that send of the access device in response to terminal, certification request
Including encryption user totem information and access device identification;Authenticating device is to encrypting ID letter
Breath is decrypted and obtains ID, and in the ID and certification request that decryption is obtained
Map information between access device identification and the ID and access device identification of record is carried out
Matching certification;Authenticating device is responded to access device return authentication according to the result of matching certification,
So that access device conducts interviews to terminal control according to authentication response.
In one embodiment, authenticating device is set up ID using following methods and is set with access
Map information between standby mark:The logging request that authenticating device receiving terminal sends, logging in please
Ask including encryption user totem information and access device identification;Authenticating device is to encrypting ID
Information is decrypted and obtains ID, and the ID that decryption is obtained is believed with user's registration
Breath is verified, the access device identification in logging request is carried out with access device log-on message
Checking;Authenticating device is returned to terminal according to the result of ID and access device identification
Login response, and in the case where ID and access device identification are proved to be successful, record is used
Family identifies and the map information between access device identification.
In one embodiment, BSSID (Basic of the access device identification for access device
Service SetIdentification, basic service set identification), wherein, an access device can
With multiple BSSID.
In one embodiment, ID is ID (Identification, identity),
Wherein, an ID can be bound with multiple terminal MAC address.
A kind of other side according to embodiments of the present invention, there is provided authentication method, including:
Access device sends certification request, certification request to authenticating device in response to the access request of terminal
Including encryption user totem information and access device identification, so that authenticating device will decrypt what is obtained
Access device identification in ID and certification request is set with access with the ID of record
Map information between standby mark carries out matching certification, and returns phase according to the result of matching certification
The authentication response answered;Access device receives the authentication response that authenticating device is returned, and according to certification
Respond the control that conducts interviews to terminal.
A kind of other side according to embodiments of the present invention, there is provided authentication method, including:
Terminal sends logging request to authenticating device, and logging request includes encrypting user totem information and connects
Enter device identification, so that authenticating device is entered the ID for obtaining is decrypted with user's registration information
Row checking, and the access device identification in logging request is tested with access device log-on message
Card, and corresponding login response is returned according to the result of ID and access device identification;
Terminal receives the login response that authenticating device is returned, and representing if logged on response allows to log in, eventually
Hold to access device transmission access request and accessed.
A kind of another aspect according to embodiments of the present invention, there is provided authenticating device, including:
Information receiving unit, for receiving the access request certification that send of the access device in response to terminal
Request, certification request include encrypting user totem information and access device identification;Information decryption is single
Unit, is decrypted to encryption user totem information for authenticating device and obtains ID;Matching
Authentication ' unit, for the access device identification in the ID and certification request that obtain will be decrypted
And the map information between the ID and access device identification of record carries out matching certification;Letter
Breath transmitting element, for being responded to access device return authentication according to the result of matching certification, with
Just access device conducts interviews to terminal control according to authentication response.
In one embodiment, authenticating device also includes authentication unit, information memory cell, letter
Breath receiving unit is additionally operable to the logging request of receiving terminal transmission, and logging request includes encrypting user
Identification information and access device identification;Information decrypting unit is additionally operable to encrypting user totem information
It is decrypted and obtains ID;Authentication unit is for will the ID that obtains of decryption and user
Log-on message is verified, by the access device identification in logging request and access device registration letter
Breath is verified;Information transmitting unit is additionally operable to testing according to ID and access device identification
Card result returns login response to terminal;Information memory cell is for setting in ID and access
In the case of standby identity verification is successful, the mapping between ID and access device identification is recorded
Information.
A kind of another aspect according to embodiments of the present invention, there is provided access device, including:
Information transmitting unit, sends certification request to authenticating device for the access request in response to terminal,
Certification request includes encrypting user totem information and access device identification, so that authenticating device will be solved
Access device identification in the close ID and certification request for obtaining and the ID for recording
Map information between access device identification carries out matching certification, and according to the knot of matching certification
Fruit returns corresponding authentication response;Information receiving unit, for receiving recognizing for authenticating device return
Card response, and terminal is conducted interviews control according to authentication response.
In terms of another according to embodiments of the present invention, there is provided a kind of terminal, including:Information
Transmitting element, for sending logging request to authenticating device, logging request includes encrypting user's mark
Knowledge information and access device identification, so that authenticating device will decrypt the ID and user that obtain
Log-on message is verified, and the access device identification in logging request is registered with access device
Information is verified, and is returned according to the result of ID and access device identification corresponding
Login response;Information receiving unit, for receiving the login response of authenticating device return;Connect
Enter unit, for when login response represents that permission is logged in, access request being sent to access device
Accessed.
It is in terms of another according to embodiments of the present invention, there is provided a kind of Verification System including upper
The authenticating device stated, above-mentioned access device.Further, also including above-mentioned terminal.
The present invention at least has advantages below:
By by ID and access device identification and pre-build the two between mapping relations
Matching certification is carried out, the safety of wireless network access can be improved.
By detailed description referring to the drawings to exemplary embodiment of the invention, the present invention
Further feature and its advantage will be made apparent from.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will
Accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it is clear that
Ground, drawings in the following description are only some embodiments of the present invention, for the common skill in this area
For art personnel, without having to pay creative labor, can be being obtained according to these accompanying drawings
Obtain other accompanying drawings.
Fig. 1 illustrates the schematic flow sheet of one embodiment of authentication method of the present invention.
Fig. 2 illustrates the schematic flow sheet of another embodiment of authentication method of the present invention.
Fig. 3 illustrates the structural representation of one embodiment of authenticating device of the present invention.
Fig. 4 illustrates the structural representation of another embodiment of authenticating device of the present invention
Fig. 5 illustrates the structural representation of one embodiment of access device of the present invention.
Fig. 6 illustrates the structural representation of one embodiment of terminal of the present invention.
Fig. 7 illustrates the structural representation of one embodiment of present inventive verification system.
Fig. 8 illustrates the structural representation of one embodiment of present inventive verification system.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention
It is clearly and completely described, it is clear that described embodiment is only that a present invention part is real
Apply example, rather than the embodiment of whole.Description reality at least one exemplary embodiment below
It is merely illustrative on border, never as to the present invention and its application or any restriction for using.
Based on the embodiment in the present invention, those of ordinary skill in the art are not before creative work is made
The every other embodiment for being obtained is put, the scope of protection of the invention is belonged to.
The authentication method of one embodiment of the invention is described below with reference to Fig. 1.
Fig. 1 is the schematic flow sheet of one embodiment of authentication method of the present invention.As shown in figure 1,
The method of the embodiment includes:
Step S102, user terminal detect certain wireless network, when being intended to access the wireless network,
Access request is sent to access device.The wireless network for example includes WiFi network.
Step S104, access device are sent to authenticating device in response to the access request of terminal
Certification request, certification request include encrypting user totem information and access device identification.
Wherein, it can be that token, digital signature etc. can identify user to encrypt user totem information
Identity and take the information of encryption measures.In the present invention, the numeral label of ID are chosen
Used as encryption user totem information, then it can be ID to decrypt the ID for obtaining to name.
One ID can be bound with multiple terminal MAC address, so that multiple terminals can be with
Using same ID access network.
Wherein, access device identification is, for example, that IP address, MAC Address etc. can be identified for that access
The information of equipment.In the present invention, choose the basic service set identification (BSSID) of access device
Used as access device identification, an access device can have multiple BSSID, different
WiFi network can have different BSSID, so as to difference belonging to realizing same access device connects
Enter the independent certification of network.
Step S106, after authenticating device receives the certification request that access device sends, to adding
Close user totem information is decrypted, and obtains ID.
Step S108, connecing in ID and certification request that decryption is obtained by authenticating device
Enter device identification, and the map information between the ID and access device identification of record is carried out
Matching certification.That is, authenticating device needs to check the ID and access device which is recorded
In credible map information between mark, if there is the ID that obtains of decryption and certification please
Map information between the access device identification asked, if existing, matching certification passes through, no
Then, if not existing, matching certification does not pass through.
Step S110, authenticating device return corresponding according to the result of matching certification to access device
Authentication response.If matching certification passes through, can be with return authentication success response, if matching is recognized
Card does not pass through, then can be with return authentication failure response.
Step S112, access device conduct interviews to terminal according to the authentication response for receiving
Control.If authentication response is certification success, access device is let pass, it is allowed to which terminal is accessed;
If authentication response is authentification failure, access device forbids terminal to access.
After this certification success, without the need for certification again when terminal is surfed the Net again, when simplifying online
Identifying procedure.
Such scheme, by by between ID and access device identification and the two for pre-building
Mapping relations carry out matching certification, effectively can prevent such as go fishing AP (Access Point,
Accessed node) etc. the unsafe factor that brings, so as to improve the safety of wireless network access.
In the present invention, the map information between ID and access device identification can pass through
The mode of certification is set up, and describes the situation with reference to Fig. 2.
The authentication method of another embodiment of the present invention is described below with reference to Fig. 2.
Fig. 2 is the schematic flow sheet of another embodiment of authentication method of the present invention.As shown in Fig. 2
Before stating step S102~S112 on the implementation, ID and access device identification can be carried out
Login authentication.Specifically include following steps:
Step S200, terminal access authenticating equipment carry out user's registration, authenticating device distribution or note
Record ID, and encryption user totem information is returned, terminal is received and records authenticating device and returns
The encryption user totem information for returning.Service provider's access registrar equipment carries out access device registration, carries
Hand over access device identification (such as BSSID), service set (SSID), password, service provider
ID etc..
Step S202, terminal send logging request to authenticating device, and the logging request is carried and added
Close user totem information and access device identification.
Step S204, after authenticating device receives the logging request that terminal sends, uses to encryption
Family identification information is decrypted, and obtains ID.
Step S206, connecing in ID and logging request that authenticating device inspection decryption is obtained
Enter whether device identification all passes through registration.That is, whether the ID that decryption is obtained is at the beginning of terminal
Access device identification in registration, and logging request was carried out during secondary access registrar equipment whether
Through the registration of service provider.If ID and access device identification are all already registered for,
It is verified, otherwise, if ID or access device identification were not registered, verifies not
Pass through.
Step S208, authenticating device are returned to access device according to the result of logging request
Corresponding login response.If being verified, returning allows login response, if checking does not pass through,
Then return and forbid login response.
Step S210, terminal receive the login response that authenticating device is returned, if logged on response table
Show that permission is logged in, then authenticating device is set up and recorded between ID and access device identification
Map information, and triggering terminal sends access request to access device.
Login authentication is carried out to ID and access device identification, can with above-described embodiment in
Map information matching certification between ID and access device identification combines and constitutes dual
Authentication mechanism, causes access safety to be further improved by way of double authentication.
Additionally, the access device identification that existing authentication techniques are adopted is the MAC of access device
(Media Access Control, media access control) address.Same access device can only
The unique MAC Address of correspondence, can but correspond to multiple different SSID (Service
SetIdentification, service set).In existing authentication techniques, the difference of access device
SSID is associated with the unique MAC Address of the equipment, can cause to access different SSID
The information provided during certification is identical, thus information is prepared and identifying procedure is also identical.For example,
The SSID of three WiFi networks corresponding for a certain access device is respectively SSID1, SSID2
And SSID3, if being connect as access device identification in the MAC Address using access device
Enter certification, the access authentication information all same of three WiFi networks can be caused, for example, access three
Individual WiFi network needs identical password, is unfavorable for the authentication management of different SSID.
In the present invention, the login authentication process for either ID and access device identification being carried out,
Or what the map information between ID and access device identification was carried out matches verification process,
The BSSID of access device can be adopted to be authenticated as device identification.Connect due to same
Enter equipment and there are multiple BSSID, each BSSID corresponds to a SSID, access device
Different SSID different from equipment BSSID is associated, therefore different SSID accesses are recognized
The information provided during card is different, thus information is prepared and identifying procedure is also different.For example, it is right
SSID1, SSID2 and SSID3 are respectively in corresponding three SSID of a certain access device,
Access authentication is carried out as access device identification using the BSSID of access device, it is possible to achieve eventually
Terminating needs password 1, access SSID2 to need password 2, access SSID3 to be not required to into SSID1
The functions such as password are wanted, and equipment are convenient to for the management of different SSID.
Additionally, the ID that existing authentication techniques are adopted is the MAC Address of terminal.By
All it is associated with the unique MAC Address of the terminal in identifying procedure, when user changes terminal,
The MAC Address of terminal is changed therewith, needs to re-start access authentication.
In the present invention, the login authentication for either ID and access device identification being carried out
What the map information between process, or ID and access device identification was carried out matches certification
Process, can carry out access authentication as ID using ID.Due to certification stream
Journey is all associated with ID, and when user changes terminal, ID does not have altered, no
Need to re-start access authentication, provide users with the convenient, improve Consumer's Experience.Meanwhile,
Same ID can be associated with the MAC Address of multiple terminals, such as in family life
In scene, multiple kinsfolks can be accessed using the different terminals that identical ID is associated
WiFi is surfed the Net.
Additionally, in existing access authentication procedure, terminal is initiated session every time and will be accessed
Certification, even certification are successfully accessed equipment and terminal are let pass, when terminal carries out data transmit-receive every time
There is still a need for token is carried through inspection, therefore verification process is relatively cumbersome.
And in the present invention, access authentication procedure is directed between ID and access device identification
Map information is carried out, after certification success end access device is let pass, no longer to end within a period of time
Each data transmit-receive at end is authenticated inspection, so as to simplify certification stream of the access device to terminal
Journey.
The authenticating device of one embodiment of the invention is described below with reference to Fig. 3.
Fig. 3 illustrates the structural representation of one embodiment of authenticating device of the present invention.Such as Fig. 3 institutes
Show, the authenticating device 30 that the present invention is provided includes information receiving unit 302, information decrypting unit
304th, authentication ' unit 306, and information transmitting unit 308 are matched.Wherein, information receives single
Unit 302 is used to receive the access request certification request that send of the access device in response to terminal, letter
Breath decryption unit 304 is decrypted to encryption user totem information for authenticating device and obtains user
Mark, matches authentication ' unit 306 for decrypting in the ID and certification request that obtain
Map information between access device identification and the ID and access device identification of record is carried out
Matching certification, information transmitting unit 308 for according to matching certification result return to access device
Authentication response is returned, so that access device conducts interviews to terminal control according to authentication response.
The authenticating device of another embodiment of the present invention is described below with reference to Fig. 4.
Fig. 4 illustrates the structural representation of another embodiment of authenticating device of the present invention.Such as Fig. 3
Shown, based on above-described embodiment, another kind of authenticating device 30 that the present invention is provided also includes testing
Card unit 410, information memory cell 412.Wherein, information receiving unit 302 is additionally operable to connect
Receive the logging request that terminal sends;Information decrypting unit 304 is additionally operable to encrypting ID letter
Breath is decrypted and obtains ID, and authentication unit 410 is for the ID that obtains decryption
Verified with user's registration information, and the access device identification in logging request and access are set
Standby log-on message is verified;Information transmitting unit 308 is additionally operable to according to ID and access
The result of device identification returns login response to terminal;Information memory cell 412 for
In the case that ID and access device identification are proved to be successful, record ID and access set
Map information between standby mark.
The access device of one embodiment of the invention is described below with reference to Fig. 5.
Fig. 5 illustrates the structural representation of one embodiment of access device of the present invention.Such as Fig. 5 institutes
Show, the access device 50 that the present invention is provided includes that information transmitting unit 502 and information are received
Unit 504, wherein, information transmitting unit 502 in response to the access request of terminal to recognizing
Card equipment sends certification request, and certification request includes encrypting user totem information and access device mark
Know, so that authenticating device will decrypt the access device mark in the ID and certification request that obtain
Know and the map information between the ID and access device identification of record carry out matching certification,
And corresponding authentication response is returned according to the result of matching certification;Information receiving unit 504 is used for
The authentication response that authenticating device is returned is received, and terminal is conducted interviews control according to authentication response.
The terminal of one embodiment of the invention is described below with reference to Fig. 6.
Fig. 6 illustrates the structural representation of one embodiment of terminal of the present invention.As shown in figure 5,
The terminal 60 that the present invention is provided includes information transmitting unit 602 and information receiving unit 604.
Wherein, information transmitting unit 602 is for authenticating device transmission logging request, logging request bag
Encryption user totem information and access device identification are included, so that authenticating device will decrypt the use for obtaining
Family mark verified with user's registration information, and by the access device identification in logging request and
Access device log-on message verified, and according to the checking of ID and access device identification
As a result return corresponding login response;Information receiving unit 604 is used to receive authenticating device return
Login response;Access unit 606 for login response represent permission log in when, to access
Equipment sends access request and is accessed.
The Verification System of one embodiment of the invention is described below with reference to Fig. 7.
Fig. 7 illustrates the structural representation of one embodiment of present inventive verification system.Such as Fig. 7
Shown, the Verification System 70 that the present invention is provided includes above-mentioned authenticating device 30, access device
50。
The Verification System of another embodiment of the present invention is described below with reference to Fig. 8.
Fig. 8 illustrates the structural representation of an another embodiment of present inventive verification system.Such as Fig. 8
Shown, the Verification System 80 that the present invention is provided includes above-mentioned authenticating device 30, access device
50 and terminal 60.
Additionally, the method according to the invention is also implemented as a kind of computer program, should
Computer program includes computer-readable medium, is stored with the computer-readable medium
For performing the computer program of the above-mentioned functions limited in the method for the present invention.Art technology
Personnel will also understand is that, the various illustrative logical blocks with reference to described by disclosure herein, mould
Block, circuit and algorithm steps may be implemented as the group of electronic hardware, computer software or both
Close.
Presently preferred embodiments of the present invention is the foregoing is only, it is not to limit the present invention, all at this
Within the spirit and principle of invention, any modification, equivalent substitution and improvements made etc. all should be wrapped
It is contained within protection scope of the present invention.
Claims (18)
1. a kind of authentication method, including:
Authenticating device receives the access request certification request that send of the access device in response to terminal,
The certification request includes encrypting user totem information and access device identification;
Authenticating device is decrypted to encryption user totem information and obtains ID, and will decryption
Access device identification in the ID and the certification request that obtain and the user's mark for recording
Knowledge carries out matching certification with the map information between access device identification;
Authenticating device is responded to access device return authentication according to the result of matching certification, to connect
Enter equipment to conduct interviews terminal control according to authentication response.
2. authentication method according to claim 1, it is characterised in that authenticating device is adopted
The map information that following methods are set up between ID and access device identification:
The logging request that authenticating device receiving terminal sends, the logging request include encrypting user
Identification information and access device identification;
Authenticating device is decrypted to encryption user totem information and obtains ID, and will decryption
The ID for obtaining is verified with user's registration information, by the access in the logging request
Device identification is verified with access device log-on message;
Authenticating device is returned to terminal according to the result of ID and access device identification and is stepped on
Record response, and in the case where ID and access device identification are proved to be successful, record user
Map information between mark and access device identification.
3. authentication method according to claim 1 and 2, it is characterised in that the access
Basic service set identification BSSID of the device identification for access device, wherein, an access device
There can be multiple BSSID.
4. authentication method according to claim 1 and 2, it is characterised in that the user
ID is designated, wherein, an ID can be bound with multiple terminal MAC address.
5. a kind of authentication method, including:
Access device sends certification request to authenticating device in response to the access request of terminal, described
Certification request includes encrypting user totem information and access device identification, so that authenticating device will be solved
Access device identification in the close ID for obtaining and the certification request and the user for recording
Mark carries out matching certification with the map information between access device identification, and according to matching certification
Result return corresponding authentication response;
Access device receives the authentication response that authenticating device is returned, and according to authentication response to terminal
Conduct interviews control.
6. authentication method according to claim 5, it is characterised in that
BSSID of the access device identification for access device, wherein, an access device can
With multiple BSSID;
ID is ID, wherein, an ID can be with multiple terminals MAC ground
Bind location.
7. a kind of authentication method, including:
Terminal sends logging request to authenticating device, and the logging request includes encrypting ID
Information and access device identification, will decrypt the ID for obtaining so as to authenticating device and note with user
Volume information is verified, and the access device identification in the logging request is noted with access device
Volume information is verified, and returns phase according to the result of ID and access device identification
The login response answered;
Terminal receives the login response that authenticating device is returned, and representing if logged on response allows to log in,
Terminal sends access request to access device and is accessed.
8. authentication method according to claim 5, it is characterised in that
BSSID of the access device identification for access device, wherein, an access device can
With multiple BSSID;
ID is ID, wherein, an ID can be with multiple terminals MAC ground
Bind location.
9. a kind of authenticating device, including:
Information receiving unit, sends in response to the access request of terminal for receiving access device
Certification request, the certification request include encrypting user totem information and access device identification;
Information decrypting unit, is decrypted to encryption user totem information for authenticating device and obtains
ID;
Matching authentication ' unit, for decrypting in the ID and the certification request that obtain
Map information between access device identification and the ID and access device identification of record enters
Row matching certification;
Information transmitting unit, for being rung to access device return authentication according to the result of matching certification
Should, so that access device conducts interviews to terminal control according to authentication response.
10. authenticating device according to claim 9, it is characterised in that the certification sets
It is standby also to include authentication unit, information memory cell;
Described information receiving unit is additionally operable to the logging request of receiving terminal transmission, and the login please
Ask including encryption user totem information and access device identification;
Described information decryption unit is additionally operable to be decrypted encryption user totem information and obtains user
Mark;
The authentication unit, for the ID that decryption is obtained is carried out with user's registration information
Checking, and the access device identification in the logging request is carried out with access device log-on message
Checking;
Described information transmitting element is additionally operable to be tied according to the checking of ID and access device identification
Fruit returns login response to terminal;
Described information memory element, for what is be proved to be successful in ID and access device identification
In the case of, record the map information between ID and access device identification.
11. authenticating devices according to claim 9 or 10, it is characterised in that described to connect
Enter the BSSID that device identification is access device, wherein, access device can have multiple
BSSID。
12. authenticating devices according to claim 9 or 10, it is characterised in that the use
Family is designated ID, wherein, an ID can be bound with multiple terminal MAC address.
A kind of 13. access devices, including:
Information transmitting unit, sends certification to authenticating device for the access request in response to terminal
Request, the certification request include encrypting user totem information and access device identification, to recognize
Card equipment by the access device identification decrypted in the ID and the certification request that obtain with
Map information between the ID of record and access device identification carries out matching certification, and root
Corresponding authentication response is returned according to the result of matching certification;
Information receiving unit, for receiving the authentication response of authenticating device return, and according to certification
Respond the control that conducts interviews to terminal.
14. access devices according to claim 13, it is characterised in that
BSSID of the access device identification for access device, wherein, an access device can
With multiple BSSID;
ID is ID, wherein, an ID can be with multiple terminals MAC ground
Bind location.
A kind of 15. terminals, including:
Information transmitting unit, for sending logging request, the logging request bag to authenticating device
Encryption user totem information and access device identification are included, so that authenticating device will decrypt the use for obtaining
Family mark verified with user's registration information, and by the access device mark in the logging request
Knowledge verified with access device log-on message, and according to ID and access device identification
The result returns corresponding login response;
Information receiving unit, for receiving the login response of authenticating device return;
Access unit, for when login response represents that permission is logged in, sending to access device and connecing
Enter request to be accessed.
16. terminals according to claim 15, it is characterised in that
BSSID of the access device identification for access device, wherein, an access device can
With multiple BSSID;
ID is ID, wherein, an ID can be with multiple terminals MAC ground
Bind location.
A kind of 17. Verification Systems, including the authenticating device described in any one of claim 9-12 and
Access device described in claim 13 or 14.
18. Verification Systems according to claim 17, also including claim 15 or 16
Described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510639360.0A CN106559785B (en) | 2015-09-30 | 2015-09-30 | Authentication method, device and system, access device and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510639360.0A CN106559785B (en) | 2015-09-30 | 2015-09-30 | Authentication method, device and system, access device and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106559785A true CN106559785A (en) | 2017-04-05 |
| CN106559785B CN106559785B (en) | 2020-02-14 |
Family
ID=58417260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510639360.0A Active CN106559785B (en) | 2015-09-30 | 2015-09-30 | Authentication method, device and system, access device and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106559785B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181759A (en) * | 2017-07-05 | 2017-09-19 | 杭州迪普科技股份有限公司 | The authentication method and device of a kind of user equipment |
| CN110198539A (en) * | 2019-01-02 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of authentication method and its device, equipment and storage medium |
| CN110401668A (en) * | 2019-07-31 | 2019-11-01 | 中科创达(重庆)汽车科技有限公司 | The determination method and device of vehicle device commissioning device access right |
| CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
| CN112073414A (en) * | 2020-09-08 | 2020-12-11 | 国网电子商务有限公司 | Industrial Internet equipment secure access method and related device |
| CN114186282A (en) * | 2020-09-15 | 2022-03-15 | 中移互联网有限公司 | Block chain deposit certificate system and method and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540757A (en) * | 2008-03-19 | 2009-09-23 | 北京艾科网信科技有限公司 | Method and system for identifying network and identification equipment |
| US20120066753A1 (en) * | 2009-03-09 | 2012-03-15 | Jian Pan | Authentication method, authentication apparatus and authentication system |
| CN103873454A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Authentication method and equipment |
| CN104506510A (en) * | 2014-12-15 | 2015-04-08 | 百度在线网络技术(北京)有限公司 | Method and device for equipment authentication and authentication service system |
| CN104901940A (en) * | 2015-01-13 | 2015-09-09 | 易兴旺 | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication |
-
2015
- 2015-09-30 CN CN201510639360.0A patent/CN106559785B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540757A (en) * | 2008-03-19 | 2009-09-23 | 北京艾科网信科技有限公司 | Method and system for identifying network and identification equipment |
| US20120066753A1 (en) * | 2009-03-09 | 2012-03-15 | Jian Pan | Authentication method, authentication apparatus and authentication system |
| CN103873454A (en) * | 2012-12-18 | 2014-06-18 | 中国移动通信集团山东有限公司 | Authentication method and equipment |
| CN104506510A (en) * | 2014-12-15 | 2015-04-08 | 百度在线网络技术(北京)有限公司 | Method and device for equipment authentication and authentication service system |
| CN104901940A (en) * | 2015-01-13 | 2015-09-09 | 易兴旺 | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181759A (en) * | 2017-07-05 | 2017-09-19 | 杭州迪普科技股份有限公司 | The authentication method and device of a kind of user equipment |
| CN110198539A (en) * | 2019-01-02 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of authentication method and its device, equipment and storage medium |
| CN110401668A (en) * | 2019-07-31 | 2019-11-01 | 中科创达(重庆)汽车科技有限公司 | The determination method and device of vehicle device commissioning device access right |
| CN110401668B (en) * | 2019-07-31 | 2021-10-15 | 中科创达(重庆)汽车科技有限公司 | Method and device for determining use permission of vehicle-mounted debugging equipment |
| CN110602130A (en) * | 2019-09-24 | 2019-12-20 | 中盈优创资讯科技有限公司 | Terminal authentication system and method, equipment terminal and authentication server |
| CN112073414A (en) * | 2020-09-08 | 2020-12-11 | 国网电子商务有限公司 | Industrial Internet equipment secure access method and related device |
| CN114186282A (en) * | 2020-09-15 | 2022-03-15 | 中移互联网有限公司 | Block chain deposit certificate system and method and electronic equipment |
| CN114186282B (en) * | 2020-09-15 | 2023-09-19 | 中移互联网有限公司 | Block chain certification system, method and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106559785B (en) | 2020-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104519020B (en) | Manage method, server and the system of wireless network login password sharing function | |
| CN104184713B (en) | Terminal identification method, machine identifier register method and corresponding system, equipment | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| CN105493453B (en) | It is a kind of to realize the method, apparatus and system remotely accessed | |
| CN107040922A (en) | Wireless network connecting method, apparatus and system | |
| CN104158824B (en) | Genuine cyber identification authentication method and system | |
| US9444801B2 (en) | Method, device and system for verifying communication sessions | |
| US20130024915A1 (en) | Systems and Methods for Authenticating Users Accessing Unsecured WiFi Access Points | |
| CN108512862A (en) | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques | |
| CN108009825A (en) | A kind of identity management system and method based on block chain technology | |
| CN104994118A (en) | WiFi authentication system and method based on dynamic password | |
| CN101986598B (en) | Authentication method, server and system | |
| CN104883367B (en) | A kind of method, system and applications client that auxiliary verification logs in | |
| CN108055253A (en) | A kind of software login validation method, apparatus and system | |
| CN104247485B (en) | Network application function authorization in Generic Bootstrapping Architecture | |
| WO2017076216A1 (en) | Server, mobile terminal, and internet real name authentication system and method | |
| CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
| CN106304264B (en) | Wireless network access method and device | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN103067407B (en) | The authentication method and device of accessing user terminal to network | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| WO2010123385A1 (en) | Identifying and tracking users in network communications | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| CN106161475A (en) | The implementation method of subscription authentication and device | |
| CN105722072A (en) | Business authorization method, device, system and router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |