CN111225376A - Authentication method, system, wireless access point AP and computer readable storage medium - Google Patents

Authentication method, system, wireless access point AP and computer readable storage medium Download PDF

Info

Publication number
CN111225376A
CN111225376A CN201811412489.8A CN201811412489A CN111225376A CN 111225376 A CN111225376 A CN 111225376A CN 201811412489 A CN201811412489 A CN 201811412489A CN 111225376 A CN111225376 A CN 111225376A
Authority
CN
China
Prior art keywords
sta
authentication
authenticated
address
portal server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811412489.8A
Other languages
Chinese (zh)
Inventor
高波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201811412489.8A priority Critical patent/CN111225376A/en
Publication of CN111225376A publication Critical patent/CN111225376A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The disclosure relates to an authentication method, an authentication system, a wireless Access Point (AP) and a computer readable storage medium, and relates to the technical field of wireless communication. The method comprises the following steps: the wireless access point AP responds to a message sent by a station STA for the first time and judges whether the STA needs to be authenticated or not according to an STA table entry corresponding to the STA; under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment; the AP sends the redirection message to the STA so that the STA can access the Portal server and be authenticated through the authentication point equipment. The technical scheme of the system and the method can improve the processing efficiency of the system, reduce the network pressure and further improve the user experience.

Description

Authentication method, system, wireless access point AP and computer readable storage medium
Technical Field
The present disclosure relates to the field of wireless communication technologies, and in particular, to an authentication method, an authentication system, an AP (access point, wireless access point), and a computer-readable storage medium.
Background
Currently, operators basically adopt a centralized control AC (wireless Access point Controller) and an AP architecture. For WLAN (Wireless Local Area network) users, the network access can be performed only after the authentication is passed, and it is ensured that the legitimate users can access the WLAN network.
In the related art, the WLAN network mainly adopts a centralized Authentication mode, the AC is responsible for unified Authentication of WLAN users, and meanwhile, the AC is responsible for a function of user redirection, and an AAA (Authentication, Authorization, Accounting) system feeds back information of user Authentication success to the AC, so that the AC opens user rights and allows users to surf the internet.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the above-described related art: the functions of authentication, management and the like of a WLAN user or a broadband user are undertaken by the AC, which causes an excessive AC pressure, and since the AC is generally developed based on a switch architecture and the device performance is weak, the processing efficiency of the system is affected and the user experience is reduced.
In view of this, the present disclosure provides an authentication technical solution, which can improve system processing efficiency, reduce network pressure, and improve user experience.
According to some embodiments of the present disclosure, there is provided an authentication method including: the method comprises the steps that an AP (access point) responds to a received message sent by an STA (Station) for the first time, and whether the STA needs to be authenticated is judged according to an STA table item corresponding to the STA; under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of a Portal (Portal) server and an address of authentication point equipment; and the AP sends the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
In some embodiments, the STA table entry is generated according to the following steps: in the process that the STA associates with the AP, the AP acquires relevant information of the STA from the STA; the AP establishes the STA table item according to the related information; the AP acquires information whether the STA passes the authentication from the authentication point equipment under the condition of judging that the STA needs the authentication; under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry; in the event that the STA has been authenticated, marking the STA authenticated in the STA entry.
In some embodiments, the AP sends the relevant information of the STA to the authentication point device, so that the authentication point device queries the STA attribute according to the relevant information to determine whether the STA has been authenticated; and the AP receives a query result returned by the authentication point equipment.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, the access request including the address of the authentication point device so that the Portal server authenticates the STA on the AAA system through the authentication point device.
In some embodiments, the authentication method further comprises: and the AP marks that the STA is not authenticated or deletes the STA table entry in response to receiving the offline information of the STA forwarded by the authentication point equipment.
In some embodiments, the logoff information is sent by the STA to the Portal server, and then sent by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, the authentication method further includes: and the AP responds to the STA passing the authentication, marks the STA authenticated in the STA table entry and opens corresponding authority for the STA.
In some embodiments, the authentication method further comprises: and forwarding the message by the AP under the condition that the STA does not need to be authenticated.
In some embodiments, the redirection packet further includes one or more of a media access control MAC address of the AP, an internet protocol IP address, a serial number of the AP, and an SSID associated with the STA; the STA table entry further comprises a forwarding mode and one or more items of the MAC address, the IP address, the operating system information and the associated SSID of the STA, which are acquired in the process of associating the STA with the AP.
According to further embodiments of the present disclosure, there is provided an AP including: the judging unit is used for responding to a received message sent by an STA for the first time and judging whether the STA needs to be authenticated according to an STA table entry corresponding to the STA; the processing unit is used for generating a redirection message under the condition that the STA needs to be authenticated, wherein the redirection message comprises the address of a Portal server and the address of authentication point equipment; and the sending unit is used for sending the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
In some embodiments, the AP further comprises: a receiving unit, configured to acquire relevant information of the STA from the STA in a process of associating with the STA; the processing unit establishes the STA table entry according to the relevant information; the receiving unit acquires whether the STA passes the authentication from the authentication point equipment under the condition that the judging unit judges that the STA needs the authentication; under the condition that the STA is not authenticated, the processing unit marks that the STA is not authenticated in the STA table entry; in a case that the STA has been authenticated, the processing unit marks in the STA entry that the STA is authenticated.
In some embodiments, the sending unit sends the relevant information of the STA to the authentication point device in response to the STA associating with the AP, so that the authentication point device queries STA attributes according to the relevant information to determine whether the STA has been authenticated; the receiving unit 54 receives the query result returned by the authentication point device.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, including the address of the authentication point device in the access request for the Portal server to authenticate the STA on the AAA system through the authentication point device.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is not authenticated or deletes the STA entry in response to receiving the offline information of the STA forwarded by the authentication point device.
In some embodiments, the logoff information is sent by the STA to the Portal server and then by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, in response to the STA being authenticated, processing unit 52 marks in the STA entry that the STA is authenticated and opens corresponding permissions for the STA.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure;
fig. 2 illustrates a signaling diagram of some embodiments of the STA entry generation method of the present disclosure;
fig. 3 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure;
fig. 4 shows a signaling diagram of further embodiments of the authentication method of the present disclosure;
fig. 5 illustrates a block diagram of some embodiments of an AP of the present disclosure;
fig. 6 illustrates a block diagram of some embodiments of an authentication system of the present disclosure;
fig. 7 shows a block diagram of further embodiments of an AP of the present disclosure;
fig. 8 illustrates a block diagram of still further embodiments of an AP of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The inventor of the present disclosure finds that, in the related art, when an AC is connected to a service gateway BRAS (Broadband remote access Server) or is deployed in a core network of a metropolitan area network, a large number of HTTP (HyperText Transfer Protocol) messages that are first sent by an STA or redirection messages that are sent by the AC to the STA may cause stress on the network.
Based on the above considerations, the present invention can be implemented by the following embodiments, which can solve the problem of stress on the network when the AC is responsible for redirection.
Fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure.
As shown in fig. 1, the method includes: step 110, judging whether the STA needs to be authenticated; step 120, generating a redirection packet; and step 130, sending the redirection message.
In step 110, in response to receiving the first message sent by the STA, the AP determines whether to authenticate the STA according to the STA entry corresponding to the STA. For example, the message sent by the STA for the first time may be an HTTP request sent by the STA to open a web page for the first time.
In some embodiments, when the STA associates with the AP, the AP may obtain relevant information of the STA, such as a MAC address, an IP address, operating system information, and an associated SSID, of the STA from the STA, and establish an STA entry according to the relevant information.
The AP may also determine whether the STA needs to perform authentication during the association process. For example, there are two types of SSIDs set on the AP, one requiring authentication for the corresponding STA, and the other not requiring authentication for the corresponding STA. Therefore, the AP can determine whether the STA needs authentication from the SSID associated with the STA.
And for the SSID which is associated with the STA and needs to be authenticated, the AP queries whether the STA is authenticated from the AC, and if the STA is not authenticated, the AP generates a redirection message and sends the redirection message to the STA. For example, when the AP determines that the STA needs authentication, the AP transmits the STA related information to an authentication point device (e.g., AC). And the authentication point equipment inquires the attribute of the STA according to the related information and determines whether the STA passes the authentication. And the AP receives the query result returned by the authentication point equipment.
Under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry; in case the STA has been authenticated, the STA is noted in the STA table entry as authenticated.
The STA table entry established by the AP includes the relevant information of the STA and whether the STA needs authentication. That is, the AP establishes a mapping relationship between the SSID of the STA and whether authentication is required, and the STA table entry of each STA may constitute a service mapping table stored in the AP, so as to search for whether authentication is required by the STA.
In some embodiments, the STA table entry may be generated by the embodiment in fig. 2.
Fig. 2 illustrates a signaling diagram of some embodiments of the STA entry generation method of the present disclosure.
As shown in fig. 2, in event 210, the user opens the WLAN network card through the STA, and the STA performs air interface association with the nearby AP.
In event 220, after the STA associates with the AP, the AP determines that the STA needs authentication, and the AP reports the relevant information of the STA to the AC. For example, the related information may include one or more of a MAC address of the STA, an operating system, an associated SSID, and at least one of a MAC address and a sequence number of the AP.
In event 230, the AC may query the associated STA attributes via the STA's SSID to determine whether the STA requiring authentication has been authenticated. For example, the AC may also store an STA entry corresponding to each STA, where the STA entry stores corresponding STA attributes.
At event 240, the AC sends a feedback message to the AP. The feedback message indicates whether the STA has been authenticated.
In event 250, after receiving the feedback message from the AC, the AP establishes a corresponding STA entry for the STA. The STA table entry may include one or more items of relevant information such as MAC address, IP address, operating system information, SSID, etc. of the STA, and may further include a forwarding manner. Then, the STA may perform DHCP (Dynamic Host Configuration Protocol) interaction with the AC, and obtain other operations such as a relevant address.
In some embodiments, in the case where it is determined by the STA entry that the STA needs authentication, the process may continue through other steps in fig. 1.
In step 120, the AP generates a redirection packet including the address of the Portal server and the address of the authentication point device in case authentication of the STA is required. In some embodiments, the AP forwards the message without authenticating the STA.
In some embodiments, the address of the authentication point device (AC) in the redirect message is used for the STA to send an access request to the Portal server, including the address of the AC in the access request for the Portal server to authenticate the STA on the AAA system through the AC. The redirection message may also include one or more of a MAC address, an IP address, and a sequence number of the AP.
In some embodiments, the AP marks that the STA is authenticated in the STA entry and opens corresponding rights for the STA in response to the STA passing the authentication.
In some embodiments, the STA may be authenticated by the embodiment in fig. 3.
Fig. 3 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure.
As shown in fig. 3, in event 310, the STA opens the web page for the first time to send an HTTP message, and after receiving the HTTP message, the AP queries the STA entry corresponding to the STA to determine whether the STA needs authentication.
At event 320, the AP determines that the STA needs authentication, and generates and sends a redirection message to the STA. At event 330, the STA sends an access request to the Portal server based on the Portal server address in the received redirect message. For example, the access request may include an address of the AC, a MAC address of the AP, an SSID of the AP, a MAC address of the STA, and the like.
At event 340, the Portal server generates a Portal authentication page based on the information such as the AP's MAC address and SSID in the access request sent by the STA.
At event 350, the Portal server sends a Portal authentication page to the STA.
At event 360, the user may generate authentication information by other means such as the STA filling in a user account number, a password, or filling in a received verification code via a short message in the authentication page, and send the authentication information to the Portal server (e.g., by the STA clicking an authentication button).
At event 370, the Portal server extracts the authentication information and sends the authentication information to the authentication point device AC.
In event 380, the AC sends the user's authentication information to the AAA for authentication.
In event 390, the AC sends the authentication result fed back by the AAA to the AP associated with the STA.
At event 392, the AC sends the authentication result to the Portal server.
At event 394, the Portal server receives the authentication result and then sends the page with the successful authentication to the STA.
At event 396, after receiving the authentication result, the AP updates the STA entry for the STA to indicate that the STA is authenticated and opens the STA's permission to allow the STA to access the public network.
In some embodiments, in response to receiving the offline information of the STA forwarded by the AC, the AP marks that the STA is not authenticated in the STA entry, so that the STA is authenticated when going online next time, thereby improving security. The logoff information is sent by the STA to the Portal server and then sent by the Portal server to the AC, so that the AC marks the STA as unauthenticated. This may be achieved, for example, by the embodiment of fig. 4.
Fig. 4 shows a signaling diagram of further embodiments of the authentication method of the present disclosure.
As shown in fig. 4, based on the embodiments described above, at event 410, the STA sends a logoff request to the Portal server. For example, when the user needs to go offline, the offline button is actively clicked.
At event 420, the Portal server, upon receiving the logoff request, sends the logoff request to the AC.
In event 430, the AC sends an offline request to the AAA system so that the AAA system stops accounting. And the AC updates the STA table entry of the STA stored in the AC and marks the STA as unauthenticated so as to authenticate the STA when the STA goes online next time.
In event 440, the AC sends the offline information to the AP.
In event 450, the AP updates the STA entry for the STA stored in the AP, marking the STA as unauthenticated or deleting the STA entry, so that the STA can be authenticated the next time it comes online. For example, the next time the STA's message is received again, it needs to be redirected again for authentication.
At event 460, the AP returns acknowledgement feedback to the AC.
At event 470, the AC sends a user offline confirmation to the Portal server.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Fig. 5 illustrates a block diagram of some embodiments of an AP of the present disclosure.
As shown in fig. 5, the AP 5 includes a judgment unit 51, a processing unit 52, and a transmission unit 53.
The determining unit 51 determines whether to authenticate the STA according to the STA entry corresponding to the STA in response to receiving the message sent by the STA for the first time.
The processing unit 52 generates a redirection packet including the address of the Portal server and the address of the authentication point device in case authentication of the STA is required.
The sending unit 53 sends the redirection packet to the STA so that the STA accesses the Portal server and authenticates with the authentication point device.
In some embodiments, the AP 5 further includes a receiving unit 54, configured to acquire relevant information of the STA from the STA in the process of associating with the STA. The processing unit 52 establishes the STA table entry according to the relevant information. In the case where the determination unit 51 determines that the STA needs authentication, the reception unit 54 acquires from the authentication point device whether the STA has been authenticated. In the event that the STA is not authenticated, the processing unit 52 notes in the STA entry that the STA requires authentication. In the case that the STA has been authenticated, the processing unit 52 notes in the STA entry that the STA does not require authentication.
In some embodiments, the transmitting unit 53 transmits the relevant information of the STA to the authentication point device in response to the STA associating with the AP, so that the authentication point device queries the STA attribute according to the relevant information to determine whether the STA has been authenticated. The receiving unit 54 receives the query result returned by the authentication point device.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, including the address of the authentication point device in the access request for the Portal server to authenticate the STA on the AAA system through the authentication point device.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is not authenticated or deletes the STA entry in response to receiving the offline information of the STA forwarded by the authentication point device.
In some embodiments, the logoff information is sent by the STA to the Portal server and then by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is authenticated and opens corresponding rights for the STA in response to the STA being authenticated.
In some embodiments, the sending unit 53 forwards the message without authenticating the STA.
In some embodiments, the redirection message further includes one or more of a MAC address of the AP, an IP address, a serial number of the AP, and an SSID associated with the STA. The STA table entry further includes a forwarding mode, and one or more items of an MAC address, an IP address, operating system information, and an associated SSID of the STA acquired in the process of associating the STA with the AP.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Fig. 6 illustrates a block diagram of some embodiments of the authentication system of the present disclosure.
As shown in fig. 6, the authentication system 6 includes: an AP 61 for executing the authentication method in any one of the above embodiments; a Portal server 62 and an authentication point device 63.
Fig. 7 illustrates a block diagram of further embodiments of an AP of the present disclosure.
As shown in fig. 7, the AP 7 of this embodiment includes: a memory 71 and a processor 72 coupled to the memory 71, the processor 72 being configured to perform an authentication method in any of the embodiments of the present disclosure based on instructions stored in the memory 71.
The memory 71 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 8 illustrates a block diagram of still further embodiments of an AP of the present disclosure.
As shown in fig. 8, the AP 8 of this embodiment includes: a memory 810 and a processor 820 coupled to the memory 810, the processor 820 being configured to perform the authentication method of any of the preceding embodiments based on instructions stored in the memory 810.
Memory 810 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), and other programs.
The AP 8 may also include an input-output interface 830, a network interface 840, a storage interface 850, and the like. These interfaces 830, 840, 850 and between the memory 810 and the processor 820 may be connected, for example, by a bus 860. The input/output interface 830 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 840 provides a connection interface for various networking devices. The storage interface 850 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, an authentication method, an authentication system, an AP, and a computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (21)

1. An authentication method, comprising:
the method comprises the steps that a wireless Access Point (AP) responds to a received message sent by a Station (STA) for the first time, and whether the STA needs to be authenticated is judged according to an STA table entry corresponding to the STA;
under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment;
and the AP sends the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
2. The authentication method of claim 1, wherein the STA table entry is generated according to the following steps:
in the process that the STA is associated with the AP, the AP acquires relevant information of the STA from the STA;
the AP establishes the STA table item according to the related information;
the AP acquires information whether the STA passes the authentication from the authentication point equipment under the condition of judging that the STA needs the authentication;
under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry;
in the event that the STA has been authenticated, marking the STA authenticated in the STA entry.
3. The authentication method of claim 2, wherein the obtaining information from the authentication point device whether the STA has been authenticated comprises:
the AP sends the relevant information of the STA to the authentication point equipment, so that the authentication point equipment queries the STA attribute according to the relevant information to determine whether the STA passes authentication;
and the AP receives a query result returned by the authentication point equipment.
4. The authentication method of claim 1,
the address of the authentication point device in the redirection message is used for the STA to send an access request to the Portal server, wherein the access request comprises the address of the authentication point device, so that the Portal server can authenticate the STA on an authentication, authorization and accounting (AAA) system through the authentication point device.
5. The authentication method of any one of claims 1-4, further comprising:
and the AP marks that the STA is not authenticated or deletes the STA table entry in response to receiving the offline information of the STA forwarded by the authentication point equipment.
6. The authentication method of claim 5, wherein
The offline information is sent to the Portal server by the STA, and then sent to the authentication point equipment by the Portal server, so that the authentication point equipment marks the STA as unauthenticated or deletes the STA table entry.
7. The authentication method of any one of claims 1-4, further comprising:
and the AP responds to the STA passing the authentication, marks the STA authenticated in the STA table entry and opens corresponding authority for the STA.
8. The authentication method of any one of claims 1-4, further comprising:
and forwarding the message by the AP under the condition that the STA does not need to be authenticated.
9. The authentication method according to any one of claims 1 to 4,
the redirection message also comprises one or more items of a Media Access Control (MAC) address of the AP, an Internet Protocol (IP) address, a serial number of the AP and an SSID (service set identifier) associated with the STA;
the STA table entry further comprises a forwarding mode of the STA and one or more items of an MAC address, an IP address, operating system information and an associated SSID of the STA, wherein the items are acquired in the process of associating the STA with the AP.
10. A wireless access point, AP, comprising:
the judging unit is used for responding to a message sent by a station STA for the first time and judging whether the STA needs to be authenticated according to an STA table entry corresponding to the STA;
the processing unit is used for generating a redirection message under the condition that the STA needs to be authenticated, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment;
and the sending unit is used for sending the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
11. The AP of claim 10, further comprising:
a receiving unit, configured to acquire relevant information of the STA from the STA in a process of associating with the STA;
wherein the content of the first and second substances,
the processing unit establishes the STA table item according to the related information;
the receiving unit acquires whether the STA passes the authentication from the authentication point equipment under the condition that the judging unit judges that the STA needs the authentication;
under the condition that the STA is not authenticated, the processing unit marks that the STA is not authenticated in the STA table entry;
in a case that the STA has been authenticated, the processing unit marks in the STA entry that the STA is authenticated.
12. The AP of claim 11, wherein,
the sending unit responds to the association between the STA and the AP, and sends the relevant information of the STA to the authentication point equipment, so that the authentication point equipment queries the STA attribute according to the relevant information to determine whether the STA passes the authentication;
and the receiving unit receives the query result returned by the authentication point equipment.
13. The AP of claim 10, wherein,
the address of the authentication point device in the redirection message is used for the STA to send an access request to the Portal server, wherein the access request comprises the address of the authentication point device, so that the Portal server can authenticate the STA on an authentication, authorization and accounting (AAA) system through the authentication point device.
14. The AP of any one of claims 10-13,
the processing unit is configured to mark, in response to receiving the offline information of the STA forwarded by the authentication point device, that the STA is not authenticated or delete the STA entry in the STA entry.
15. The AP of claim 14, wherein
The offline information is sent to the Portal server by the STA, and then sent to the authentication point equipment by the Portal server, so that the authentication point equipment marks the STA as unauthenticated or deletes the STA table entry.
16. The AP of any one of claims 10-13,
and the processing unit responds to the STA passing the authentication, marks the STA passing the authentication in the STA table entry and opens corresponding authority for the STA.
17. The AP of any one of claims 10-13,
and the sending unit forwards the message under the condition that the STA does not need to be authenticated.
18. The AP of any one of claims 10-13,
the redirection message also comprises one or more items of a Media Access Control (MAC) address of the AP, an Internet Protocol (IP) address, a serial number of the AP and an SSID (service set identifier) associated with the STA;
the STA table entry further comprises a forwarding mode and one or more items of the MAC address, the IP address, the operating system information and the associated SSID of the STA, which are acquired in the process of associating the STA with the AP.
19. An authentication system comprising:
a wireless access point AP for performing the authentication method of any one of claims 1-9;
an ingress Portal server; and
and authenticating the point device.
20. A wireless access point, AP, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the authentication method of any of claims 1-9 based on instructions stored in the memory device.
21. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the authentication method of any one of claims 1-9.
CN201811412489.8A 2018-11-26 2018-11-26 Authentication method, system, wireless access point AP and computer readable storage medium Pending CN111225376A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811412489.8A CN111225376A (en) 2018-11-26 2018-11-26 Authentication method, system, wireless access point AP and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811412489.8A CN111225376A (en) 2018-11-26 2018-11-26 Authentication method, system, wireless access point AP and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN111225376A true CN111225376A (en) 2020-06-02

Family

ID=70830696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811412489.8A Pending CN111225376A (en) 2018-11-26 2018-11-26 Authentication method, system, wireless access point AP and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111225376A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794596A (en) * 2021-09-15 2021-12-14 河南省信息咨询设计研究有限公司 Network reconstruction method based on metropolitan area network

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621802A (en) * 2009-08-13 2010-01-06 杭州华三通信技术有限公司 Method, system and device for authenticating portal in wireless network
CN102487506A (en) * 2009-10-21 2012-06-06 中国电信股份有限公司 Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol
CN103139750A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Processing system, processing method, identification server and access controller for user logoff
CN104811439A (en) * 2015-03-30 2015-07-29 杭州华三通信技术有限公司 Portal authentication method and device
JP2015156639A (en) * 2014-01-17 2015-08-27 株式会社ナビック Relay device, radio communication system and radio communication method
CN105376739A (en) * 2015-12-04 2016-03-02 上海斐讯数据通信技术有限公司 Network authentication method and system
CN105592458A (en) * 2014-10-22 2016-05-18 中国电信股份有限公司 Authentication method and system for service of wireless local area network, and server
CN106332083A (en) * 2016-08-24 2017-01-11 上海斐讯数据通信技术有限公司 TCP connection method and device and intranet authentication method and system
CN106559405A (en) * 2015-09-30 2017-04-05 华为技术有限公司 A kind of portal authentication method and equipment
US20170290076A1 (en) * 2014-12-31 2017-10-05 Huawei Technologies Co., Ltd. Method for Establishing Communication Connection between Station and Access Point, Access Point, and Station
CN107517189A (en) * 2016-06-17 2017-12-26 中兴通讯股份有限公司 Method, the equipment that a kind of WLAN user access authentication and configuration information issue
CN107864508A (en) * 2017-12-26 2018-03-30 杭州迪普科技股份有限公司 A kind of pre-synchronization method and device of radio roaming authentication state
CN108494627A (en) * 2018-03-23 2018-09-04 四川斐讯信息技术有限公司 Portal pressure testing systems and method based on cloud AC

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621802A (en) * 2009-08-13 2010-01-06 杭州华三通信技术有限公司 Method, system and device for authenticating portal in wireless network
CN102487506A (en) * 2009-10-21 2012-06-06 中国电信股份有限公司 Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol
CN103139750A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Processing system, processing method, identification server and access controller for user logoff
JP2015156639A (en) * 2014-01-17 2015-08-27 株式会社ナビック Relay device, radio communication system and radio communication method
CN105592458A (en) * 2014-10-22 2016-05-18 中国电信股份有限公司 Authentication method and system for service of wireless local area network, and server
US20170290076A1 (en) * 2014-12-31 2017-10-05 Huawei Technologies Co., Ltd. Method for Establishing Communication Connection between Station and Access Point, Access Point, and Station
CN104811439A (en) * 2015-03-30 2015-07-29 杭州华三通信技术有限公司 Portal authentication method and device
CN106559405A (en) * 2015-09-30 2017-04-05 华为技术有限公司 A kind of portal authentication method and equipment
WO2017092501A1 (en) * 2015-12-04 2017-06-08 上海斐讯数据通信技术有限公司 Method and system for network certification
CN105376739A (en) * 2015-12-04 2016-03-02 上海斐讯数据通信技术有限公司 Network authentication method and system
CN107517189A (en) * 2016-06-17 2017-12-26 中兴通讯股份有限公司 Method, the equipment that a kind of WLAN user access authentication and configuration information issue
CN106332083A (en) * 2016-08-24 2017-01-11 上海斐讯数据通信技术有限公司 TCP connection method and device and intranet authentication method and system
CN107864508A (en) * 2017-12-26 2018-03-30 杭州迪普科技股份有限公司 A kind of pre-synchronization method and device of radio roaming authentication state
CN108494627A (en) * 2018-03-23 2018-09-04 四川斐讯信息技术有限公司 Portal pressure testing systems and method based on cloud AC

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794596A (en) * 2021-09-15 2021-12-14 河南省信息咨询设计研究有限公司 Network reconstruction method based on metropolitan area network
CN113794596B (en) * 2021-09-15 2024-03-19 河南省信息咨询设计研究有限公司 Network reconstruction method based on metropolitan area network

Similar Documents

Publication Publication Date Title
CN110800331B (en) Network verification method, related equipment and system
US11831629B2 (en) Server for providing a token
EP2432265A1 (en) Method and apparatus for sending a key on a wireless local area network
CN104811462B (en) A kind of access gateway reorientation method and access gateway
DK2924944T3 (en) Presence authentication
WO2015101125A1 (en) Network access control method and device
US9549318B2 (en) System and method for delayed device registration on a network
CN107086979B (en) User terminal verification login method and device
CN107864475B (en) WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password
CN105915550B (en) A kind of Portal/Radius authentication method based on SDN
CN103329091A (en) Cross access login controller
WO2018058982A1 (en) Control information pushing method and pushing device, intelligent router and server
JP2016523416A (en) Account login method, device and system
US9270652B2 (en) Wireless communication authentication
WO2017177691A1 (en) Portal authentication method and system
CN110401951B (en) Method, device and system for authenticating terminal in wireless local area network
US10951616B2 (en) Proximity-based device authentication
JP7135206B2 (en) access authentication
CN110839050B (en) Method, system and wireless access point for detecting user offline
CN105915557B (en) Network authentication method, access control method and network access equipment
CN112423299B (en) Method and system for wireless access based on identity authentication
CN111225376A (en) Authentication method, system, wireless access point AP and computer readable storage medium
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
CN111182512B (en) Terminal connection method, device, terminal and computer readable storage medium
CN106412904B (en) Method and system for preventing counterfeit user authentication authority

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200602