CN110620751B - WIFI routing terminal, access gateway, authentication method and authentication system thereof - Google Patents
WIFI routing terminal, access gateway, authentication method and authentication system thereof Download PDFInfo
- Publication number
- CN110620751B CN110620751B CN201810634969.2A CN201810634969A CN110620751B CN 110620751 B CN110620751 B CN 110620751B CN 201810634969 A CN201810634969 A CN 201810634969A CN 110620751 B CN110620751 B CN 110620751B
- Authority
- CN
- China
- Prior art keywords
- wifi routing
- routing terminal
- random number
- access gateway
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The embodiment of the invention relates to the field of wireless communication, and discloses a WIFI routing terminal, an access gateway, an authentication method and an authentication system thereof. The authentication method of the WIFI routing terminal is applied to an access gateway, and comprises the following steps: the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance; receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal; authenticating the WIFI routing terminal according to the pre-stored PPPoE information; and if the authentication is successful, an IP address is allocated to the WIFI routing terminal. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Description
Technical Field
The invention relates to the field of wireless communication, in particular to a WIFI (wireless fidelity) routing terminal, an access gateway, an authentication method and an authentication system thereof.
Background
At present, in a WIFI distribution system of a community, a factory, a school, and the like, a DHCP (dynamic host configuration protocol) is basically adopted for allocating an IP address to a WIFI routing terminal (AP access point), then a user starts to surf the internet by connecting to the WIFI, and the access authority of the user is controlled by an authentication server. The access network of the WIFI routing terminal is mainly equipment of a WIFI distributor, and the equipment of the WIFI distributor is not authenticated. Due to lack of authentication, the technical problem of counterfeit AP cannot be guaranteed, namely, any AP accessed on the network can be used by anyone. Meanwhile, the key device access gateway and the switching system in the network do not perform identity authentication on other devices, which may cause the AP to access the wrong access gateway and switching system, resulting in the risk of leakage of data of the key user.
In the prior art, an access account of each AP is usually stored in an access gateway, but the access account of the current AP is generally input manually, which easily causes a problem of wasting manpower and is low in efficiency.
In the process of implementing the embodiment of the invention, the inventor finds that the related technology has at least the following problems: at present, a WIFI routing terminal and an access gateway cannot be verified in a bidirectional verification mode, and the data safety of the WIFI routing terminal and a user cannot be guaranteed.
Disclosure of Invention
The embodiment of the invention aims to provide a WIFI routing terminal, an access gateway, an authentication method and an authentication system thereof, and solves the technical problems that the WIFI routing terminal and the access gateway cannot be verified in a bidirectional verification mode at present, and the data safety of the WIFI routing terminal and a user cannot be ensured.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
in a first aspect, an embodiment of the present invention provides an authentication method for a WIFI routing terminal, which is applied to an access gateway, and the method includes:
the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance;
receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal;
authenticating the WIFI routing terminal according to the pre-stored PPPoE information;
and if the authentication is successful, an IP address is allocated to the WIFI routing terminal.
In some embodiments, the PPPoE information includes a dial-up account and a dial-up password, and the generating PPPoE information according to the MAC address of the WIFI routing terminal includes:
the access gateway is provided with a super key, and a dialing account and a dialing password of the WIFI routing terminal are automatically generated through the super key and in combination with the MAC address of the WIFI routing terminal.
In some embodiments, the method further comprises:
and generating a bidirectional secret key by combining the super secret key and the MAC address of the WIFI routing terminal.
In some embodiments, the authenticating the WIFI routing terminal includes:
receiving a first random number sent by a WIFI routing terminal;
encrypting the first random number and generating a first random number ciphertext;
and sending the bidirectional secret key, the first random number cipher text and the second random number to the WIFI routing terminal.
In some embodiments, the method further comprises:
receiving a second random number ciphertext sent by the WIFI routing terminal;
decrypting the second random number cipher text by the bidirectional key;
and if the decrypted data is the same as the second random number, confirming that the WIFI routing terminal is a legal terminal.
In a second aspect, an embodiment of the present invention provides an access gateway, including:
at least one first processor; and the number of the first and second groups,
a first memory communicatively coupled to the at least one first processor; wherein the content of the first and second substances,
the first memory stores instructions executable by the at least one first processor to enable the at least one first processor to perform the method described above.
In a third aspect, an embodiment of the present invention provides an authentication method for an access gateway, where the authentication method is applied to a WIFI routing terminal, where the WIFI routing terminal is connected to the access gateway, and the method includes:
receiving a bidirectional key, a first random number ciphertext and a second random number sent by the access gateway;
decrypting the first random number cipher text by the bidirectional key;
and if the decrypted data is the same as the first random number, determining that the access gateway is a legal gateway.
In some embodiments, the method further comprises:
and if the decrypted data is different from the first random number, generating a new random number through random delay, and re-verifying the access gateway.
In some embodiments, the method further comprises:
and the new random number after the random time delay is larger than the first random number.
In a fourth aspect, an embodiment of the present invention provides a WIFI routing terminal, including:
at least one second processor; and the number of the first and second groups,
a second memory communicatively coupled to the at least one second processor; wherein the content of the first and second substances,
the second memory stores instructions executable by the at least one second processor to enable the at least one second processor to perform the method described above.
In a fifth aspect, an embodiment of the present invention provides an authentication system, where the system includes:
the access gateway is used for connecting with a network of an operator;
the multi-stage switching system is connected with the access gateway and is used for providing a plurality of connecting ports, and each connecting port is connected with a WIFI routing terminal;
the authentication server is connected with the multistage exchange system and is used for authenticating the mobile terminal of the user;
the WIFI router terminal is used for being wirelessly connected with a mobile terminal of a user.
The embodiment of the invention has the beneficial effects that: different from the prior art, the authentication method for the WIFI routing terminal provided by the embodiment of the present invention is applied to an access gateway, and the method includes: the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance; receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal; authenticating the WIFI routing terminal according to the pre-stored PPPoE information; and if the authentication is successful, an IP address is allocated to the WIFI routing terminal. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings which correspond to and are not to be construed as limiting the embodiments, in which elements having the same reference numeral designations represent like elements throughout, and in which the drawings are not to be construed as limiting in scale unless otherwise specified.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 2 is a schematic flowchart of an authentication method for a WIFI routing terminal according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an access gateway according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating an authentication method of an access gateway according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a WIFI routing terminal provided in an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In addition, the technical features involved in the respective embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
In the embodiment of the present invention, the WIFI routing terminal may be a routing device such as an access router, an enterprise-level router, or a broadband router, the access gateway may be a broadband access gateway, or a wireless access gateway, and the mobile terminal may be an electronic device capable of connecting to WIFI, such as a smart phone, a Personal Digital Assistant (PDA), a tablet computer, or a smart watch.
Example 1
Referring to fig. 1, fig. 1 is a schematic diagram of an application scenario according to an embodiment of the present invention;
as shown in fig. 1, an access gateway is connected to a multi-stage switching system, the multi-stage switching system is connected to an authentication server, the multi-stage switching system is further connected to a plurality of WIFI routing terminals, and the WIFI routing terminals are used for connecting mobile terminals of users. The access gateway is used for being connected with a network inlet of a telecommunication operator, a mobile terminal of a user is accessed to WIFI of a WIFI routing terminal, the authentication server is used for authenticating the mobile terminal, the WIFI routing terminal obtains an IP address from the access gateway through a Dynamic Host Configuration Protocol (DHCP), the mobile terminal of the user obtains the IP address from the WIFI routing terminal or the access gateway, and the access network authority of the user is determined by the authentication server. Usually, the entry of the network access authority issued to the WIFI routing terminal by the telecom operator is a dialing account and a dialing password of PPPoE.
Referring to fig. 2, fig. 2 is a schematic flowchart illustrating an authentication method of a WIFI routing terminal according to an embodiment of the present invention;
as shown in fig. 2, the method is applied to an access gateway, such as a broadband access gateway, and includes:
step S21: the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance;
the WIFI routing terminal is connected with an access gateway, the access gateway is a media access gateway of voice/fax services based on IP, high-efficiency and high-quality voice services are provided, and a VoIP solution is provided for operators, enterprises, communities, residential users and the like. The WIFI routing terminal is an AP (access point) or a router, acquires PPPoE information in a dialing mode, and the PPPoE information comprises a dialing account and a dialing password. Specifically, the access gateway includes a database, and the database is configured to store PPPoE information of WIFI routing terminals, each WIFI routing terminal corresponds to a unique MAC address, and each WIFI routing terminal corresponds to unique PPPoE information, and associates the MAC address of the WIFI routing terminal with the PPPoE information of the WIFI routing terminal, that is, a dialing account and a dialing password of the WIFI routing terminal correspond to the MAC address of the WIFI routing terminal, and stores the information through the database. The method and the device have the advantages that the PPPoE information of the WIFI routing terminal is stored in the database of the access gateway in advance, and whether the WIFI routing terminal is a legal WIFI routing terminal or not can be determined according to the PPPoE information of the database of the access gateway.
Step S22: receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal;
the PPPoE information comprises a dialing account and a dialing password, and the PPPoE information is generated according to the MAC address of the WIFI routing terminal and comprises the following steps:
the access gateway is provided with a super key, and a dialing account and a dialing password of the WIFI routing terminal are automatically generated through the super key and in combination with the MAC address of the WIFI routing terminal. For example: setting a super key supercode, storing the super key supercode in a database of the access gateway, and acquiring a dialing account number and a dialing password of the WIFI routing terminal according to the super key and an MAC address of the WIFI routing terminal through an AES (Advanced Encryption Standard, AES). For example, the dialed account number of PPPoE = AES128 (super, AP MAC, "account"), and the dialed password of PPPoE = AES128 (super, AP MAC, "password").
Step S23: authenticating the WIFI routing terminal according to the pre-stored PPPoE information;
specifically, PPPoE information of all WIFI routing terminals is stored through a database of the access gateway, when the WIFI routing terminals make a dialing request to the access gateway, the access gateway calculates the PPPoE information of the WIFI routing terminals through an AES encryption algorithm according to MAC addresses of the WIFI routing terminals, and authenticates the WIFI routing terminals by comparing the calculated PPPoE information with the PPPoE information pre-stored in the database, so that the legality of the WIFI routing terminals is determined. And if the dialing account number of the WIFI routing terminal calculated through the AES encryption algorithm is consistent with the dialing account number of the WIFI routing terminal stored in the database of the access gateway, and the dialing password of the WIFI routing terminal calculated through the AES encryption algorithm is consistent with the dialing password of the WIFI routing terminal stored in the database of the access gateway, determining that the WIFI routing terminal is a legal WIFI routing terminal.
Step S24: if the authentication is successful, an IP address is allocated to the WIFI routing terminal;
specifically, if the dialing account number of the WIFI routing terminal calculated through the AES encryption algorithm is identical to the dialing account number of the WIFI routing terminal stored in the database of the access gateway, and the dialing password of the WIFI routing terminal calculated through the AES encryption algorithm is identical to the dialing password of the WIFI routing terminal stored in the database of the access gateway, the authentication is successful, it is determined that the WIFI routing terminal is a legal WIFI routing terminal, and at this time, the access gateway may allocate an IP address to the WIFI routing terminal. If the dialing account of the WIFI routing terminal calculated through the AES encryption algorithm is inconsistent with the dialing account of the WIFI routing terminal stored in the database of the access gateway, or the dialing password of the WIFI routing terminal calculated through the AES encryption algorithm is inconsistent with the dialing password of the WIFI routing terminal stored in the database of the access gateway, authentication fails, and secondary verification can be performed on the WIFI routing terminal at this moment. Specifically, the dialing account and the dialing password of the WIFI routing terminal calculated through the AES encryption algorithm are compared with the dialing account and the dialing password of the WIFI routing terminal stored in the database again.
In some embodiments, the method further comprises: and generating a bidirectional secret key by combining the super secret key and the MAC address of the WIFI routing terminal. Specifically, the bidirectional secret key is calculated by using a Secure Hash Algorithm (SHA) in combination with the MAC address of the WIFI routing terminal. For example: the bidirectional key dKey = SHA (supercode, AP MAC, "Worldcup"). And authenticating the WIFI routing terminal through the super secret key.
Specifically, a first random number sent by a WIFI routing terminal is received; encrypting the first random number and generating a first random number ciphertext; and sending the bidirectional secret key, the first random number cipher text and the second random number to the WIFI routing terminal. And after receiving the second random number, the WIFI routing terminal encrypts the second random number to obtain a second random number ciphertext and sends the second random number ciphertext to the access gateway.
The access gateway receives a second random number ciphertext sent by the WIFI routing terminal; decrypting the second random number cipher text by the bidirectional key; and if the decrypted data is the same as the second random number, confirming that the WIFI routing terminal is a legal terminal. And if the decrypted data are different from the second random number, confirming that the WIFI routing terminal is an illegal terminal.
It is understood that the method further comprises: and if the decrypted data are different from the second random number, generating a new random number through random time delay, and re-verifying the WIFI routing terminal. Specifically, by generating a new random number, the new random number after the random delay is greater than the second random number. For example: the random delay time can be 30s, a fourth random number is generated through the access gateway, the fourth random number is sent to the WIFI routing terminal through the access gateway, the numerical value of the fourth random number is larger than that of the second random number, after the WIFI routing terminal receives the fourth random number, the fourth random number is encrypted to generate a fourth random number ciphertext, the WIFI routing terminal sends the fourth random number ciphertext to the access gateway, the access gateway decrypts the fourth random number ciphertext through the bidirectional secret key, if the decrypted data is the same as the fourth random number, the WIFI routing terminal is determined to be a legal terminal, and if the decrypted data is different from the fourth random number, the WIFI routing terminal is determined to be an illegal terminal.
Through the bidirectional secret key, the access gateway and the WIFI routing terminal can be verified at the same time, bidirectional verification is facilitated, and data safety of the WIFI routing terminal and a user is guaranteed.
In the embodiment of the present invention, an authentication method for a WIFI routing terminal is provided, which is applied to an access gateway, and the method includes: the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance; receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal; authenticating the WIFI routing terminal according to the pre-stored PPPoE information; and if the authentication is successful, an IP address is allocated to the WIFI routing terminal. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Example 2
Referring to fig. 3, fig. 3 is a schematic structural diagram of an access gateway according to an embodiment of the present invention; the access gateway may be a broadband access gateway, a wireless access gateway, or other devices.
As shown in fig. 3, the access gateway 10 includes one or more first processors 101 and a first memory 102. In fig. 3, a first processor 101 is taken as an example.
The first processor 101 and the first memory 102 may be connected by a bus or other means, and fig. 3 illustrates an example of a connection by a bus.
The first memory 102, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The first processor 101 executes various functional applications and data processing of the authentication method of the WIFI routing terminal by running the nonvolatile software program, instructions and modules stored in the first memory 102, that is, the functions of the various modules and units of the above method embodiment, the authentication method of the WIFI routing terminal and the above device embodiment are implemented.
The first memory 102 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the first memory 102 may optionally include a memory remotely located from the first processor 101, and these remote memories may be connected to the first processor 101 through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The modules are stored in the first memory 102, and when executed by the one or more first processors 101, perform the authentication method of the WIFI routing terminal in any of the above-described method embodiments, for example, perform the above-described steps illustrated in fig. 2.
The access gateway 10 of the embodiment of the present invention exists in various forms, and in executing the above-described steps shown in fig. 2, the access gateway 10 includes but is not limited to: a broadband access gateway and a wireless access gateway.
Embodiments of the present invention further provide a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more processors, for example, one first processor 101 in fig. 3, so that the one or more processors may execute the authentication method of the WIFI routing terminal in any of the above-described method embodiments, for example, execute the above-described steps shown in fig. 2.
In an embodiment of the present invention, an access gateway is provided, including: at least one first processor; and a first memory communicatively coupled to the at least one first processor; the first memory stores instructions executable by the at least one first processor, and the instructions are executed by the at least one first processor to enable the at least one first processor to execute the authentication method of the WIFI routing terminal. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Example 3
Referring to fig. 4, fig. 4 is a schematic flowchart illustrating an authentication method of an access gateway according to an embodiment of the present invention; the authentication method of the access gateway is applied to the WIFI routing terminal, and the WIFI routing terminal can be an access router, an enterprise-level router, a broadband router and other routing equipment.
As shown in fig. 4, the method for authenticating an access gateway includes:
step S41: receiving a bidirectional key, a first random number ciphertext and a second random number sent by the access gateway;
the access gateway generates a bidirectional key through an SHA algorithm, the access gateway sends the bidirectional key, a first random number ciphertext and a second random number to the WIFI routing terminal, specifically, the first random number ciphertext is a ciphertext obtained by encrypting a first random number, the first random number is generated by the WIFI routing terminal and sent to the access gateway by the WIFI routing terminal, the access gateway encrypts the first random number after receiving the first random number, generates the first random number ciphertext and sends the first random number ciphertext to the WIFI routing terminal, the WIFI routing terminal decrypts the first random number ciphertext according to the bidirectional key sent by the access gateway, if the data obtained by decryption is consistent with the first random number, the access gateway is determined to be a legal gateway, and if the data obtained by decryption is inconsistent with the first random number, the access gateway is determined to be an illegal gateway.
Step S42: decrypting the first random number cipher text by the bidirectional key;
and the WIFI routing terminal decrypts the first random number ciphertext through the bidirectional secret key and obtains decrypted data.
Step S43: and if the decrypted data is the same as the first random number, determining that the access gateway is a legal gateway.
And the WIFI routing terminal decrypts the first random number cipher text through the bidirectional secret key, and if decrypted data are the same as the first random number, the access gateway is determined to be a legal gateway.
Wherein the method further comprises: and if the decrypted data is different from the first random number, generating a new random number through random delay, and re-verifying the access gateway. Specifically, by generating a new random number, the new random number after the random delay is larger than the first random number. For example: the random delay time may be 30s, a third random number is generated by the WIFI routing terminal, the WIFI routing terminal sends the third random number to the access gateway, the value of the third random number is greater than that of the first random number, the access gateway encrypts the third random number after receiving the third random number, generates a third random number cipher text and sends the third random number cipher text to the WIFI routing terminal, the WIFI routing terminal decrypts the third random number cipher text by using the bidirectional key after receiving the third random number cipher text, and if the decrypted data is the same as the third random number, the access gateway is determined to be a legal gateway. And if the decrypted data is different from the third random number, determining that the access gateway is an illegal gateway.
Through the bidirectional secret key, the access gateway and the WIFI routing terminal can be verified at the same time, bidirectional verification is facilitated, and data safety of the WIFI routing terminal and a user is guaranteed.
In an embodiment of the present invention, an authentication method for an access gateway is provided, where the method includes: receiving a bidirectional key, a first random number ciphertext and a second random number sent by the access gateway; decrypting the first random number cipher text by the bidirectional key; and if the decrypted data is the same as the first random number, determining that the access gateway is a legal gateway. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Example 4
Referring to fig. 5, fig. 5 is a schematic structural diagram of a WIFI routing terminal according to an embodiment of the present invention;
as shown in fig. 5, the WIFI routing terminal 40 includes one or more second processors 401 and a second memory 402. In fig. 5, one second processor 401 is taken as an example.
The second processor 401 and the second memory 402 may be connected by a bus or other means, and the bus connection is taken as an example in fig. 5.
The secondary memory 402, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The second processor 401 executes various functional applications and data processing of the authentication method of the access gateway by running the nonvolatile software program, instructions and modules stored in the second memory 402, that is, functions of the various modules and units of the above method embodiment, the authentication method of the access gateway, and the above apparatus embodiment are implemented.
The second memory 402 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the second memory 402 may optionally include a memory remotely located from the second processor 401, and these remote memories may be connected to the second processor 401 through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The modules are stored in the second memory 402 and when executed by the one or more second processors 401, perform the method of authentication of an access gateway in any of the above-described method embodiments, e.g. performing the various steps illustrated in fig. 4 described above.
The WIFI routing terminal 40 of the embodiment of the present invention exists in various forms, and when the above-described steps shown in fig. 4 are executed, the WIFI routing terminal 40 includes but is not limited to:
(1) And accessing the router. The access router connects small business customers within a home or ISP. Access routers have begun to support virtual private network protocols such as PPTP and IPSec, in addition to providing SLIP or PPP connections. These protocols are to be able to run on each port. Technologies such as ADSL will soon increase the available bandwidth at each home, which will further burden the access routers. Due to these trends, access routers will in the future support many heterogeneous and high-speed ports and be able to run multiple protocols on each port while still avoiding the switched telephone network.
(2) An enterprise level router. Enterprise or campus level routers connect many end systems with the main goal of achieving as many end point interconnections as possible in as inexpensive a way as possible and further requiring support for different quality of service. Many existing enterprise networks are ethernet segments connected by hubs or bridges. Although these devices are inexpensive, easy to install, and do not require configuration, they do not support service levels. In contrast, a network in which a router participates can divide a machine into a plurality of collision domains, and thus can control the size of one network. In addition, the router supports a certain class of service, at least allowing for classification into multiple priority levels. But the router is expensive to manufacture per port and requires a significant amount of configuration work before it can be used. Thus, enterprise routers have been defeated by whether they offer a large number of ports and have a low cost per port, are easily configured, and support QoS. Enterprise level routers are also required to efficiently support broadcast and multicast. Enterprise networks also handle various LAN technologies historically left behind, supporting multiple protocols including IP, IPX, and Vine. They also support firewalls, packet filtering, and a host of administrative and security policies and VLANs.
(3) And the backbone level router. And the backbone level router realizes the interconnection of the enterprise level network. The requirements for it are speed and reliability, while the cost is of secondary importance. Hardware reliability can be achieved using techniques used in the telephone switching network, such as hot standby, dual power, dual data paths, etc. These techniques are more or less standard for all backbone routers. The main performance bottleneck of backbone IP routers is the time it takes to find a route in the forwarding table. When a packet is received, an input port looks up the destination address of the packet in a forwarding table to determine its destination port, which tends to increase the cost of route lookup when the packet is shorter or when the packet is destined for many destination ports. Therefore, the efficiency of route searching can be improved by putting some frequently-accessed destination ports into the cache. There is a bottleneck problem with route lookup, whether it is an input buffered or output buffered router. In addition to the performance bottleneck problem, the stability of routers is also a problem that is often overlooked.
(4) An ethernet router. Of the three major technologies used in the core internet in the future, optical fiber and DWDM are well established and ready to use. Without routers corresponding to the original bandwidth provided by existing fiber and DWDM technologies, the new network infrastructure would not be able to achieve substantial performance improvements, and therefore the development of high performance backbone switches/routers (ethernet routers) has become an urgent requirement. The gigabit router technology is now mainly in the development and experimentation phase.
(5) A multi-WAN router. The double WAN routers are provided with 2 physical WAN ports for accessing the external network, so that the internal network computer can simultaneously use 2 external network access lines through the load balancing function of the double WAN routers, and the network bandwidth is greatly improved. The current dual-WAN router mainly has the application advantages of 'bandwidth convergence' and 'one network and two wires', which cannot be achieved by the traditional single-WAN router.
Embodiments of the present invention also provide a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, which are executed by one or more processors, for example, one second processor 401 in fig. 5, and enable the one or more processors to perform the method for authenticating an access gateway in any of the above-described method embodiments, for example, perform the above-described steps shown in fig. 4.
In an embodiment of the present invention, a WIFI routing terminal is provided, which includes: at least one second processor; and a second memory communicatively coupled to the at least one second processor; wherein the second memory stores instructions executable by the at least one second processor, the instructions being executable by the at least one second processor to enable the at least one second processor to perform the above-mentioned method of authentication of an access gateway. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
Example 5
Referring to fig. 6, fig. 6 is a schematic structural diagram of an authentication system according to an embodiment of the present invention;
as shown in fig. 6, the authentication system 100 includes: the system comprises an access gateway 10, a multi-stage switching system 20, an authentication server 30, a WIFI routing terminal 40 and a mobile terminal 50. The access gateway 10 is connected to a multi-stage switching system 20, the multi-stage switching system 20 is connected to the authentication server 30, the multi-stage switching system 20 is further connected to a plurality of WIFI routing terminals 40, and the WIFI routing terminals 40 are used for connecting to a mobile terminal 50.
Wherein, the access gateway 10 is used for interfacing with a network entrance of a telecommunication operator;
the multi-stage switching system 20 is connected to the access gateway 10, and configured to provide a plurality of connection ports, where each connection port corresponds to a WIFI routing terminal.
The authentication server 30 is connected to the multi-stage switching system 20, and is configured to authenticate a mobile terminal 50 of a user.
The WIFI routing terminal 40 is connected to the multistage switching system 20, and is configured to acquire the IP address sent by the access gateway 10. Specifically, the IP address sent by the access gateway 10 is transmitted to the WIFI routing terminal 40 through the multi-stage switching system 20.
The mobile terminal 50 is configured to connect to the WIFI routing terminal 40, and obtain an IP address through the WIFI routing terminal 40 or the access gateway 10. And, the access network authority of the mobile terminal 50 is determined by the authentication server 30. The mobile terminal 50 includes but is not limited to:
(1) A mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such electronic devices include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) The mobile personal computer equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such electronic devices include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play video content, and generally also have mobile internet access features. This kind of equipment includes: video players, handheld game consoles, and intelligent toys and portable car navigation devices.
(4) And other electronic equipment with a video playing function and an internet surfing function.
In an embodiment of the present invention, there is provided an authentication system including: the access gateway is used for connecting a network of an operator, the multi-stage switching system is connected with the access gateway and used for providing a plurality of connecting ports, each connecting port is connected with one WIFI routing terminal, and the authentication server is connected with the multi-stage switching system and used for authenticating the mobile terminal. And the WIFI routing terminal is used for providing an IP address for the mobile terminal. Through the mode, the embodiment of the invention can ensure the data security of the WIFI routing terminal and the user.
The above-described embodiments of the apparatus or device are only schematic, where the unit modules described as separate parts may or may not be physically separate, and the parts displayed as module units may or may not be physical units, may be located in one place, or may be distributed on multiple network module units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the technical solutions mentioned above may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the method according to each embodiment or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and these modifications or substitutions do not depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. An authentication method of a WIFI routing terminal is applied to an access gateway, and is characterized by comprising the following steps:
the method comprises the steps that PPPoE information of a WIFI routing terminal is stored in advance;
receiving a dialing application of a WIFI routing terminal, and generating PPPoE information according to an MAC address of the WIFI routing terminal, wherein the PPPoE information comprises a dialing account and a dialing password;
according to the pre-stored PPPoE information, authenticating the WIFI routing terminal;
if the authentication is successful, an IP address is allocated to the WIFI routing terminal;
the generating of the PPPoE information according to the MAC address of the WIFI routing terminal includes:
the access gateway is provided with a super key, and a dialing account and a dialing password of the WIFI routing terminal are automatically generated through the super key and in combination with the MAC address of the WIFI routing terminal.
2. The method of claim 1, further comprising:
and generating a bidirectional secret key by combining the super secret key and the MAC address of the WIFI routing terminal.
3. The method of claim 2, wherein the authenticating the WIFI routing terminal comprises:
receiving a first random number sent by a WIFI routing terminal;
encrypting the first random number and generating a first random number ciphertext;
and sending the bidirectional secret key, the first random number cipher text and the second random number to the WIFI routing terminal.
4. The method of claim 3, further comprising:
receiving a second random number ciphertext sent by the WIFI routing terminal;
decrypting the second random number cipher text by the bidirectional key;
and if the decrypted data is the same as the second random number, confirming that the WIFI routing terminal is a legal terminal.
5. An access gateway, comprising:
at least one first processor; and (c) a second step of,
a first memory communicatively coupled to the at least one first processor; wherein the content of the first and second substances,
the first memory stores instructions executable by the at least one first processor to enable the at least one first processor to perform the method of any one of claims 1-4.
6. An authentication method of an access gateway, which is applied to a WIFI routing terminal, wherein the WIFI routing terminal is connected with the access gateway according to claim 5, and the method comprises the following steps:
receiving a bidirectional key, a first random number ciphertext and a second random number sent by the access gateway;
decrypting the first random number cipher text by the bidirectional key;
and if the decrypted data is the same as the first random number, determining that the access gateway is a legal gateway.
7. The method of claim 6, further comprising:
and if the decrypted data is different from the first random number, generating a new random number through random delay, and re-verifying the access gateway.
8. The method of claim 7, further comprising:
and the new random number after the random time delay is larger than the first random number.
9. The utility model provides a WIFI route terminal which characterized in that includes:
at least one second processor; and the number of the first and second groups,
a second memory communicatively coupled to the at least one second processor; wherein the content of the first and second substances,
the second memory stores instructions executable by the at least one second processor to enable the at least one second processor to perform the method of any one of claims 6-8.
10. An authentication system, the system comprising:
an access gateway as claimed in claim 5, for connecting to an operator's network;
the multi-stage switching system is connected with the access gateway and is used for providing a plurality of connecting ports, and each connecting port is connected with a WIFI routing terminal;
the authentication server is connected with the multistage exchange system and is used for authenticating the mobile terminal of the user;
at least one WIFI routing terminal according to claim 9 for wirelessly connecting a mobile terminal of a user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810634969.2A CN110620751B (en) | 2018-06-20 | 2018-06-20 | WIFI routing terminal, access gateway, authentication method and authentication system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810634969.2A CN110620751B (en) | 2018-06-20 | 2018-06-20 | WIFI routing terminal, access gateway, authentication method and authentication system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110620751A CN110620751A (en) | 2019-12-27 |
| CN110620751B true CN110620751B (en) | 2022-11-25 |
Family
ID=68920351
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810634969.2A Active CN110620751B (en) | 2018-06-20 | 2018-06-20 | WIFI routing terminal, access gateway, authentication method and authentication system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110620751B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711471A (en) * | 2020-06-12 | 2020-09-25 | 江苏集能易新能源技术有限公司 | Method for realizing power line carrier communication ad hoc network |
| CN114205292A (en) * | 2021-12-10 | 2022-03-18 | 百度在线网络技术(北京)有限公司 | Router dialing configuration method and device, router, management end and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491026A (en) * | 2013-09-17 | 2014-01-01 | 中国联合网络通信集团有限公司 | Routing terminal network access method, device and system |
| WO2016192608A2 (en) * | 2015-06-04 | 2016-12-08 | 华为技术有限公司 | Authentication method, authentication system and associated device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262368B (en) * | 2008-03-17 | 2012-03-28 | 中兴通讯股份有限公司 | Method and device for connection and configuration in home gateway routing mode |
| CN105323757B (en) * | 2014-06-27 | 2020-09-15 | 中兴通讯股份有限公司 | Anti-network-rubbing wireless routing equipment and method |
| CN105451219B (en) * | 2015-12-30 | 2018-10-09 | 迈普通信技术股份有限公司 | Data integration method and device |
-
2018
- 2018-06-20 CN CN201810634969.2A patent/CN110620751B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491026A (en) * | 2013-09-17 | 2014-01-01 | 中国联合网络通信集团有限公司 | Routing terminal network access method, device and system |
| WO2016192608A2 (en) * | 2015-06-04 | 2016-12-08 | 华为技术有限公司 | Authentication method, authentication system and associated device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110620751A (en) | 2019-12-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11728999B2 (en) | Secure router authentication | |
| US8532115B2 (en) | Negotiated secure fast table lookups for protocols with bidirectional identifiers | |
| US20060117174A1 (en) | Method of auto-configuration and auto-prioritizing for wireless security domain | |
| US20160352731A1 (en) | Network access control at controller | |
| WO2009152749A1 (en) | A binding authentication method, system and apparatus | |
| KR101640209B1 (en) | Apparatus and method for supporting portable mobile VPN service | |
| WO2014117525A1 (en) | Method and device for handling authentication of static user terminal | |
| JP5536628B2 (en) | Wireless LAN connection method, wireless LAN client, and wireless LAN access point | |
| EP3672160B1 (en) | Internet of things connectivity device and method | |
| WO2018113591A1 (en) | Scheduling method, system, controller and computer storage medium | |
| US20150249639A1 (en) | Method and devices for registering a client to a server | |
| CN109495594B (en) | Data transmission method, PNF SDN controller, VNF SDN controller and system | |
| WO2011110028A1 (en) | Load sharing method, system and access server | |
| CN102231725A (en) | Method, equipment and system for authenticating dynamic host configuration protocol message | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| CN110620751B (en) | WIFI routing terminal, access gateway, authentication method and authentication system thereof | |
| US9118588B2 (en) | Virtual console-port management | |
| US8688836B2 (en) | Limiting resources consumed by rejected subscriber end stations | |
| CN112437355B (en) | Method and system for realizing three-layer multicast | |
| CN115278373B (en) | Internet television networking method and system | |
| Shaofeng et al. | Design and Implementation of an Enhanced VPN Isolation Gateway | |
| WO2012116633A1 (en) | Authentication method based on dhcp, dhcp server and client | |
| US7817607B1 (en) | Private mobile IP connection in a shared-pool environment | |
| JP4169534B2 (en) | Mobile communication service system | |
| CN105515797B (en) | Park area network user authentication charging method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |