CN107040928B - Illegal WIFI detection method, terminal, aaa server and system - Google Patents

Illegal WIFI detection method, terminal, aaa server and system Download PDF

Info

Publication number
CN107040928B
CN107040928B CN201710440047.3A CN201710440047A CN107040928B CN 107040928 B CN107040928 B CN 107040928B CN 201710440047 A CN201710440047 A CN 201710440047A CN 107040928 B CN107040928 B CN 107040928B
Authority
CN
China
Prior art keywords
authentication
terminal
authentication result
message
aaa server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710440047.3A
Other languages
Chinese (zh)
Other versions
CN107040928A (en
Inventor
付正平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201710440047.3A priority Critical patent/CN107040928B/en
Publication of CN107040928A publication Critical patent/CN107040928A/en
Application granted granted Critical
Publication of CN107040928B publication Critical patent/CN107040928B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This application discloses a kind of illegal WIFI detection method, terminal, aaa server and systems, are related to the communications field, for realizing the detection to illegal WIFI hot spot.Illegal WIFI detection method includes: certification of the terminal by WIFI to aaa server completion on wireless system, and authentication record table is generated on aaa server, includes the authentication result of terminal in authentication record table;Terminal sends authentication challenge message to aaa server in an encrypted form by WIFI;Aaa server receives the authentication challenge message for carrying out self terminal;Aaa server inquires the authentication result of terminal according to authentication challenge message and authentication record table, and generates authentication result message according to authentication result;Aaa server sends authentication result message to terminal in an encrypted form;Terminal is according to whether receive authentication result message, alternatively, judging whether WIFI is legal according to the authentication result in authentication result message.The embodiment of the present application is detected applied to illegal WIFI.

Description

Illegal WIFI detection method, terminal, aaa server and system
Technical field
This application involves the communications fields more particularly to a kind of illegal wireless fidelity (Wireless Fidelity, WIFI) to examine Survey method, terminal and verifying, authorization, book keeping operation (Authentication, Authorization, Accounting, AAA) service Device and system.
Background technique
As wireless network is universal, WIFI hot spot signal is ubiquitous, and user is not aware that it when connecting WIFI hot spot It is whether legal.Once being connected to illegal WIFI hot spot, then network security can not ensure, it is possible to cause economic loss.At present still No complete security system ensures the legitimacy of terminal access WIFI hot spot, it is still necessary to artificial judgement, or by application program It itself goes to ensure data safety.It is directed to wireless access legitimacy in the prior art, judges to connect by the uniqueness of certificate The legitimacy of WIFI hot spot, but certificate cannot be used widely in terminal side application operating complexity.
Summary of the invention
Embodiments herein provides a kind of illegal WIFI detection method, terminal, aaa server and system, for realizing Detection to illegal WIFI hot spot.
In order to achieve the above objectives, embodiments herein adopts the following technical scheme that
In a first aspect, a kind of illegal WIFI detection method is provided, this method comprises:
Terminal completes the certification on wireless system to verifying, authorization and accounting aaa server by Wireless Fidelity WIFI, And authentication record table is generated on the aaa server, it include the authentication result of the terminal in the authentication record table;
The terminal sends authentication challenge message to the aaa server in an encrypted form by the WIFI;
The aaa server receives the authentication challenge message from the terminal;
The aaa server inquires recognizing for the terminal according to the authentication challenge message and the authentication record table Card is as a result, and generate authentication result message according to the authentication result;
The aaa server sends the authentication result message to the terminal in an encrypted form;
The terminal is according to whether receive the authentication result message, alternatively, according to recognizing in the authentication result message Card is as a result, judge whether the WIFI is legal.
Second aspect provides a kind of terminal, which includes:
Authentication unit, for being completed to verifying, authorization and accounting aaa server in wireless system by Wireless Fidelity WIFI On certification, and generate authentication record table on the aaa server, include the certification of the terminal in the authentication record table As a result;
Transmission unit, for sending authentication challenge message, institute to the aaa server in an encrypted form by the WIFI State the authentication result that authentication challenge message inquires the terminal for the aaa server according to the authentication record table, and root Authentication result message is generated according to the authentication result;
Receiving unit, for receiving the authentication result message;
Judging unit, for whether receiving the authentication result message according to the receiving unit, alternatively, being recognized according to described The authentication result in result message is demonstrate,proved, judges whether the WIFI is legal.
The third aspect provides a kind of aaa server, which includes:
Authentication unit completes the certification on wireless system by Wireless Fidelity WIFI for terminal, and generates certification note Table is recorded, includes the authentication result of the terminal in the authentication record table;
Receiving unit, for receiving the authentication challenge message in an encrypted form from the terminal;
Query unit, for inquiring recognizing for the terminal according to the authentication challenge message and the authentication record table Card is as a result, and generate authentication result message according to the authentication result;
Transmission unit, for sending the authentication result message, the authentication result report to the terminal in an encrypted form Text judges whether the WIFI is legal for the terminal.
Illegal WIFI detection method, terminal, aaa server and the system that embodiments herein provides, are existed by terminal Aaa server carries out generating authentication record table after authenticating successfully on aaa server, and then terminal is recognized to aaa server transmission Query message is demonstrate,proved, by aaa server according to authentication challenge message and authentication record table, inquires the authentication result of terminal, and will Authentication result feeds back to terminal by authentication result message, by terminal according to whether receiving authentication result message, alternatively, according to recognizing The authentication result in result message is demonstrate,proved, to judge whether WIFI is legal.A kind of mode whether detection WIFI is legal is provided, it is real The detection to illegal WIFI hot spot is showed.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described.
Fig. 1 is the structural schematic diagram for the illegal WIFI detection system that embodiments herein provides;
Fig. 2 is a kind of flow diagram for illegal WIFI detection method that embodiments herein provides;
Fig. 3 is the flow diagram for the illegal WIFI detection method of another kind that embodiments herein provides;
Fig. 4 is the flow diagram for another illegal WIFI detection method that embodiments herein provides;
Fig. 5 is the structural schematic diagram for the terminal that embodiments herein provides;
Fig. 6 is the structural schematic diagram for the aaa server that embodiments herein provides.
Specific embodiment
With reference to the accompanying drawing, embodiments herein is described.
It referring to fig. 1, is a kind of illegal WIFI detection system provided by the embodiments of the present application, which includes: end Hold (Station, STA) 11, access point (Access Point, AP) 12, access controller (Access Controller, AC) 13 and aaa server 14.Terminal 11 includes that mobile phone, plate, computer etc. can pass through the equipment of WIFI connection network;AP 12,AC 13 are mainly used for constructing wireless network linear system system;Aaa server 14 is used to provide authentication service for 11 incoming wireless signal of terminal, raw At authentication record list item, while the access authentication state for inquiring terminal.
Embodiment 1,
The embodiment of the present application provides a kind of illegal WIFI detection method, is applied to above system, referring to fig. 2, This method comprises:
S101, terminal complete the certification on wireless system to aaa server by WIFI, and raw on aaa server It include the authentication result of terminal at authentication record table, in authentication record table.
Authentication record table include the account of terminal, the address media access control (Media Access Control, MAC), The information such as Internet protocol (Internet Protocol, IP) address, authenticated time, authentication result.
S102, terminal send authentication challenge message to aaa server in an encrypted form by the WIFI.
Authentication challenge message mainly includes the wireless link parameter of terminal, wireless link parameter include terminal MAC Address, IP address, the current time stamp of terminal (this three is also referred to as triplet information).
Terminal, which is encrypted used algorithm to authentication challenge message, can be rivest, shamir, adelman, be also possible to symmetrical Encryption Algorithm, such as triple DES (TDEA, Triple Data Encryption Standard) algorithm.
In the embodiment of the present invention, the opportunity that terminal initiates authentication challenge message can be with are as follows: be wirelessly connected and authenticate completion with Triggering sends authentication challenge message afterwards;It is also possible to triggering when terminal needs to apply using certain (when such as Internetbank APP is opened), It is not especially limited.
S103, aaa server receive the authentication challenge message for carrying out self terminal.
It should be noted that authentication challenge message is had sent in terminal, if aaa server does not receive authentication challenge report Wen Ze may determine that the WIFI is illegal.Aaa server is using the Encryption Algorithm as terminal, by encrypted authentication challenge Message decryption is that the authentication challenge message of plaintext judges that the WIFI is illegal if can not decrypt, alternatively, judging the terminal For abnormal terminals, the message is abandoned.
S104, aaa server inquire the authentication result of terminal, and root according to authentication challenge message and authentication record table Authentication result message is generated according to authentication result.
Specifically, referring to fig. 3, which includes:
S1041, aaa server inquire authentication record table according to authentication challenge message according to the following conditions and obtain matched recognizing Record sheet is demonstrate,proved, and obtains authentication result therein:
First, the IP address and MAC Address of terminal are accurate matching, it is necessary to be corresponded, in authentication authorization and accounting query message MAC Address is equal to the MAC Address in authentication record table, also, the IP address in authentication challenge message is equal in authentication record table IP address.
Second, timestamp information must satisfy: authenticated time < current time stamp < (authenticated time+online hours).
In the present embodiment, authenticated time is the time value that terminal is authenticated by aaa server;Online hours are that terminal exists After authenticating on aaa server, aaa server starts timing, until the current time for receiving query message, that is, receive and look into Ask the time value of the online certification of time value-of message.
The authentication result that inquiry obtains the terminal includes three kinds of situations: no authentication record has authentication record but certification knot Fruit is failure, there is authentication record and authentication result is success.
For no authentication record, illustrates that the terminal is not authenticated in wireless system, return without result (no result).
For having authentication record but authentication result for failure, illustrate although the terminal is connected to the wireless system but unverified Success returns to failure (fail).
For have authentication record and authentication result be successfully, illustrate the terminal be connected to the wireless system and authenticate at Function returns to successfully (success).
S105, aaa server send authentication result message to terminal in an encrypted form.
Authentication result message may include the account of terminal, MAC Address, IP address, authentication state (no result, Fail, success) etc. information.Aaa server can be using the Encryption Algorithm identical or different with parsing authentication challenge message.
S106, terminal are according to whether receive authentication result message, alternatively, according to the authentication result in authentication result message, Judge whether WIFI is legal.
Specifically, referring to fig. 4, which includes:
If S1061, terminal do not receive authentication result message, judge that WIFI is illegal.
If S1062, terminal receive but can not decrypted authentication result message, judge that WIFI is illegal.
If terminal receives and the success of decrypted authentication result message, the authentication result of the terminal is obtained, then is tied according to certification The legitimacy of the WIFI of fruit judgement connection, is divided into following three kinds of situations:
S1063, authentication result are no result (no result), illustrate that the terminal is not recognized in the connection of correct wireless system Card, may send aaa server for authentication challenge message by go-between, then judge that WIFI is illegal.
S1064, authentication result are failure (fail), illustrate that the terminal is connected to correct wireless system but authentification failure , aaa server may have been sent by authentication challenge message by go-between, then judge that WIFI is illegal.
S1065, authentication result be successfully (success), illustrate the terminal be connected to correct wireless system and certification at Function then judges that the WIFI is legal.
Illegal WIFI detection method provided by the embodiments of the present application, through terminal after aaa server authenticate successfully Authentication record table is generated on aaa server, then terminal sends authentication challenge message to aaa server, by aaa server root According to authentication challenge message and authentication record table, the authentication result of terminal is inquired, and authentication result is passed through into authentication result message Terminal is fed back to, by terminal according to whether receiving authentication result message, alternatively, according to the authentication result in authentication result message, To judge whether WIFI is legal.A kind of mode whether detection WIFI is legal is provided, the inspection to illegal WIFI hot spot is realized It surveys.
Embodiment 2,
The embodiment of the present application provides a kind of terminal 11, is applied to the above method, referring to fig. 5, which includes:
Authentication unit 1101, for being completed to verifying, authorization and accounting aaa server wireless by Wireless Fidelity WIFI Certification in system, and authentication record table is generated on aaa server, it include the authentication result of terminal in authentication record table.
Transmission unit 1102, for sending authentication challenge message to aaa server in an encrypted form by WIFI, certification is looked into The authentication result that message inquires terminal for aaa server according to authentication record table is ask, and certification knot is generated according to authentication result Fruit message.
Receiving unit 1103, for receiving authentication result message.
Judging unit 1104, for whether receiving authentication result message according to receiving unit 1103, alternatively, being tied according to certification Authentication result in fruit message judges whether WIFI is legal.
In a kind of possible design, judging unit 1104 is specifically used for: if terminal does not receive authentication result message, Alternatively, terminal can not decrypted authentication result message, alternatively, authentication result instruction terminal not wireless system authenticate, alternatively, certification As a result instruction terminal then judges that WIFI is illegal in wireless system authentification failure;If authentication result instruction terminal is in wireless system It authenticates successfully, then judges that WIFI is legal.
Since the terminal in the embodiment of the present application can be applied to the above method, it can be obtained technical effect See also above method embodiment, details are not described herein for the embodiment of the present application.
It should be noted that authentication unit, judging unit can be the processor individually set up, it also can integrate and controlling It is realized in some processor of device, in addition it is also possible to be stored in the form of program code in the memory of controller, by controlling Some processor of device processed calls and executes the above authentication unit, the function of judging unit.Processor described here can be with It is central processing unit (Central Processing Unit, CPU) or specific integrated circuit (Application Specific Integrated Circuit, ASIC), or be arranged to implement the one or more of the embodiment of the present application Integrated circuit.
Embodiment 3,
The embodiment of the present application provides a kind of aaa server 14, is applied to the above method, referring to fig. 6, the terminal Include:
Authentication unit 1401 completes the certification on wireless system by Wireless Fidelity WIFI for terminal, and generates and recognize Record sheet is demonstrate,proved, includes the authentication result of terminal in authentication record table.
Receiving unit 1402, for receiving the authentication challenge message in an encrypted form for carrying out self terminal.
Query unit 1403, for inquiring the authentication result of terminal according to authentication challenge message and authentication record table, and Authentication result message is generated according to authentication result.
Transmission unit 1404, for sending authentication result message to terminal in an encrypted form, authentication result message is for eventually End judges whether WIFI is legal.
In a kind of possible design, authentication record table includes the account of terminal, MAC address, interconnection FidonetFido IP address, authenticated time, authentication result;Authentication challenge message includes the MAC Address of terminal, IP address, current time Stamp.
Query unit 1403 obtains specifically for inquiring authentication record table according to authentication challenge message according to the following conditions The authentication record table matched, and obtain authentication result therein:
MAC Address in authentication challenge message is equal to the MAC Address in authentication record table, also, in authentication challenge message IP address be equal to the IP address in authentication record table, also, authenticated time < current time stamp < (when authenticated time+online It is long).
Further include judging unit 1405 in a kind of possible design, if for aaa server can not decrypted authentication look into Message is ask, then judges that WIFI is illegal.
Since the aaa server in the embodiment of the present application can be applied to the above method, it can be obtained technology Effect is see also above method embodiment, and details are not described herein for the embodiment of the present application.
It, can also be with it should be noted that authentication unit, query unit, judging unit can be the processor individually set up It is integrated in some processor of controller and realizes, in addition it is also possible to be stored in depositing for controller in the form of program code In reservoir, the above authentication unit, query unit, the function of judging unit are called by some processor of controller and executed. Processor described here can be a CPU or ASIC, or be arranged to implement one of the embodiment of the present application Or multiple integrated circuits.
It should be understood that magnitude of the sequence numbers of the above procedures are not meant to execute suitable in the various embodiments of the application Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present application Process constitutes any restriction.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed Scope of the present application.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method, it can be with It realizes by another way.For example, apparatus embodiments described above are merely indicative, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of equipment or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When being realized using software program, can entirely or partly realize in the form of a computer program product.The computer Program product includes one or more computer instructions.On computers load and execute computer program instructions when, all or It partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated meter Calculation machine, computer network or other programmable devices.The computer instruction can store in computer readable storage medium In, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the computer Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center Word user line (Digital Subscriber Line, DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another A web-site, computer, server or data center are transmitted.The computer readable storage medium can be computer Any usable medium that can be accessed either includes the numbers such as one or more server, data centers that medium can be used to integrate According to storage equipment.The usable medium can be magnetic medium (for example, floppy disk, hard disk, tape), optical medium (for example, DVD), Or semiconductor medium (such as solid state hard disk (Solid State Disk, SSD)) etc..
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain Lid is within the scope of protection of this application.Therefore, the protection scope of the application should be based on the protection scope of the described claims.

Claims (10)

1. a kind of illegal wireless fidelity WIFI detection method characterized by comprising
Certification of the terminal by Wireless Fidelity WIFI to verifying, the completion of authorization and accounting aaa server on wireless system, and Authentication record table is generated on the aaa server, includes the authentication result of the terminal in the authentication record table;
The terminal sends authentication challenge message to the aaa server in an encrypted form by the WIFI;
The aaa server receives the authentication challenge message from the terminal;
The aaa server inquires the certification knot of the terminal according to the authentication challenge message and the authentication record table Fruit, and authentication result message is generated according to the authentication result;
The aaa server sends the authentication result message to the terminal in an encrypted form;
The terminal is according to whether receive the authentication result message, alternatively, according to the certification knot in the authentication result message Fruit judges whether the WIFI is legal.
2. the method according to claim 1, wherein the terminal is according to whether receive the authentication result report Text, alternatively, judging whether the WIFI is legal according to the authentication result in the authentication result message, comprising:
If the terminal does not receive the authentication result message,
Alternatively, the terminal can not decrypt the authentication result message,
Alternatively, the authentication result indicates that the terminal is not authenticated in wireless system,
Alternatively, the authentication result indicates that the terminal in wireless system authentification failure, then judges that the WIFI is illegal;
If the authentication result indicates that the terminal authenticates successfully in wireless system, judge that the WIFI is legal.
3. the method according to claim 1, wherein the authentication record table includes the account of the terminal, matchmaker Body access control MAC addresses, internet protocol address, authenticated time, authentication result;The authentication challenge message includes described The MAC Address of terminal, IP address, current time stamp;
The aaa server inquires the certification knot of the terminal according to the authentication challenge message and the authentication record table Fruit, comprising:
The aaa server inquires authentication record table according to the authentication challenge message according to the following conditions and obtains matched certification Record sheet, and obtain authentication result therein:
MAC Address in the authentication challenge message is equal to the MAC Address in the authentication record table, also, the certification is looked into Ask the IP address that the IP address in message is equal in the authentication record table, also, the authenticated time < current time stamp < (authenticated time+online hours).
4. the method according to claim 1, wherein the method also includes:
If the aaa server can not decrypt the authentication challenge message, judge that the WIFI is illegal.
5. a kind of terminal characterized by comprising
Authentication unit, for being completed on wireless system by Wireless Fidelity WIFI to verifying, authorization and accounting aaa server Certification, and authentication record table is generated on the aaa server, it include the certification knot of the terminal in the authentication record table Fruit;
Transmission unit, it is described to recognize for sending authentication challenge message to the aaa server in an encrypted form by the WIFI Card query message inquires the authentication result of the terminal for the aaa server according to the authentication record table, and according to institute It states authentication result and generates authentication result message;
Receiving unit, for receiving the authentication result message;
Judging unit, for whether receiving the authentication result message according to the receiving unit, alternatively, being tied according to the certification Authentication result in fruit message judges whether the WIFI is legal.
6. terminal according to claim 5, which is characterized in that the judging unit is specifically used for:
If the terminal does not receive the authentication result message,
Alternatively, the terminal can not decrypt the authentication result message,
Alternatively, the authentication result indicates that the terminal is not authenticated in wireless system,
Alternatively, the authentication result indicates that the terminal in wireless system authentification failure, then judges that the WIFI is illegal;
If the authentication result indicates that the terminal authenticates successfully in wireless system, judge that the WIFI is legal.
7. a kind of verifying, authorization and accounting aaa server characterized by comprising
Authentication unit completes the certification on wireless system by Wireless Fidelity WIFI for terminal, and generates authentication record table, It include the authentication result of the terminal in the authentication record table;
Receiving unit, for receiving the authentication challenge message in an encrypted form from the terminal;
Query unit, for inquiring the certification knot of the terminal according to the authentication challenge message and the authentication record table Fruit, and authentication result message is generated according to the authentication result;
Transmission unit, for sending the authentication result message to the terminal in an encrypted form, the authentication result message is used Judge whether the WIFI is legal in the terminal.
8. aaa server according to claim 7, which is characterized in that the authentication record table includes the account of the terminal Number, MAC address, internet protocol address, authenticated time, authentication result;The authentication challenge message packet Include MAC Address, the IP address, current time stamp of the terminal;
The query unit obtains specifically for inquiring authentication record table according to the authentication challenge message according to the following conditions The authentication record table matched, and obtain authentication result therein:
MAC Address in the authentication challenge message is equal to the MAC Address in the authentication record table, also, the certification is looked into Ask the IP address that the IP address in message is equal in the authentication record table, also, the authenticated time < current time stamp < (authenticated time+online hours).
9. aaa server according to claim 7, which is characterized in that further include judging unit, if being used for the AAA Server can not decrypt the authentication challenge message, then judge that the WIFI is illegal.
10. a kind of illegal WIFI detection system, which is characterized in that including terminal such as described in claim 5 or 6 and such as right It is required that the described in any item verifyings of 7-9, authorization and accounting aaa server.
CN201710440047.3A 2017-06-12 2017-06-12 Illegal WIFI detection method, terminal, aaa server and system Active CN107040928B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710440047.3A CN107040928B (en) 2017-06-12 2017-06-12 Illegal WIFI detection method, terminal, aaa server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710440047.3A CN107040928B (en) 2017-06-12 2017-06-12 Illegal WIFI detection method, terminal, aaa server and system

Publications (2)

Publication Number Publication Date
CN107040928A CN107040928A (en) 2017-08-11
CN107040928B true CN107040928B (en) 2019-08-09

Family

ID=59541181

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710440047.3A Active CN107040928B (en) 2017-06-12 2017-06-12 Illegal WIFI detection method, terminal, aaa server and system

Country Status (1)

Country Link
CN (1) CN107040928B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641949B (en) * 2019-03-01 2022-05-31 华为技术有限公司 Method for updating authentication result and communication device
CN114553502B (en) * 2022-01-29 2024-03-29 联想开天科技有限公司 Network authentication method and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8238942B2 (en) * 2007-11-21 2012-08-07 Trapeze Networks, Inc. Wireless station location detection
JP2012203660A (en) * 2011-03-25 2012-10-22 Brother Ind Ltd Information provision server
CN106330828A (en) * 2015-06-25 2017-01-11 联芯科技有限公司 Method for network secure access, terminal device and authentication server
CN106559783A (en) * 2015-09-29 2017-04-05 华为技术有限公司 A kind of authentication method to WIFI network, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8238942B2 (en) * 2007-11-21 2012-08-07 Trapeze Networks, Inc. Wireless station location detection
JP2012203660A (en) * 2011-03-25 2012-10-22 Brother Ind Ltd Information provision server
CN106330828A (en) * 2015-06-25 2017-01-11 联芯科技有限公司 Method for network secure access, terminal device and authentication server
CN106559783A (en) * 2015-09-29 2017-04-05 华为技术有限公司 A kind of authentication method to WIFI network, device and system

Also Published As

Publication number Publication date
CN107040928A (en) 2017-08-11

Similar Documents

Publication Publication Date Title
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
CN106708489B (en) Debugging method and system of equipment
CN104185176B (en) A kind of long-range initial method of Internet of Things virtual user identification module card and system
CN105119939B (en) The cut-in method and device, providing method and device and system of wireless network
EP2590356B1 (en) Method, device and system for authenticating gateway, node and server
CN101964791B (en) Communication authenticating system and method of client and WEB application
CN103595718B (en) A kind of POS terminal Activiation method, system, service platform and POS terminal
CN106464498B (en) Method for authenticating a first electronic entity by a second electronic entity and electronic entity
US20050188219A1 (en) Method and a system for communication between a terminal and at least one communication equipment
EP3157195B1 (en) Communication protocol testing method, and tested device and testing platform thereof
CN111131416A (en) Business service providing method and device, storage medium and electronic device
US20130311783A1 (en) Mobile radio device-operated authentication system using asymmetric encryption
CN108243176A (en) Data transmission method and device
CN102638468A (en) Method, sending end, receiving end and system for protecting information transmission safety
CN113613227B (en) Data transmission method and device of Bluetooth equipment, storage medium and electronic device
KR101835640B1 (en) Method for authentication of communication connecting, gateway apparatus thereof, and communication system thereof
CN105376059A (en) Method and system for performing application signature based on electronic key
CN106899584A (en) Management method and its device that a kind of hardware device is accessed
CN101296136B (en) Method and system for information distribution of server information, and management device
CN104243452B (en) A kind of cloud computing access control method and system
CN109729000B (en) Instant messaging method and device
US10972912B1 (en) Dynamic establishment of trust between locally connected devices
CN108352982B (en) Communication device, communication method, and recording medium
CN107040928B (en) Illegal WIFI detection method, terminal, aaa server and system
CN109302425A (en) Identity identifying method and terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan

Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041 16 Hing Hing Road, Chengdu high tech Development Zone, Sichuan, China 16

Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 610041 nine Xing Xing Road 16, hi tech Zone, Sichuan, Chengdu

Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan

Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder