CN111225376A - Authentication method, system, wireless access point AP and computer readable storage medium - Google Patents
Authentication method, system, wireless access point AP and computer readable storage medium Download PDFInfo
- Publication number
- CN111225376A CN111225376A CN201811412489.8A CN201811412489A CN111225376A CN 111225376 A CN111225376 A CN 111225376A CN 201811412489 A CN201811412489 A CN 201811412489A CN 111225376 A CN111225376 A CN 111225376A
- Authority
- CN
- China
- Prior art keywords
- sta
- authentication
- authenticated
- address
- portal server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012545 processing Methods 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 11
- 238000013475 authorization Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 16
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 14
- 230000011664 signaling Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000013507 mapping Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The disclosure relates to an authentication method, an authentication system, a wireless Access Point (AP) and a computer readable storage medium, and relates to the technical field of wireless communication. The method comprises the following steps: the wireless access point AP responds to a message sent by a station STA for the first time and judges whether the STA needs to be authenticated or not according to an STA table entry corresponding to the STA; under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment; the AP sends the redirection message to the STA so that the STA can access the Portal server and be authenticated through the authentication point equipment. The technical scheme of the system and the method can improve the processing efficiency of the system, reduce the network pressure and further improve the user experience.
Description
Technical Field
The present disclosure relates to the field of wireless communication technologies, and in particular, to an authentication method, an authentication system, an AP (access point, wireless access point), and a computer-readable storage medium.
Background
Currently, operators basically adopt a centralized control AC (wireless Access point Controller) and an AP architecture. For WLAN (Wireless Local Area network) users, the network access can be performed only after the authentication is passed, and it is ensured that the legitimate users can access the WLAN network.
In the related art, the WLAN network mainly adopts a centralized Authentication mode, the AC is responsible for unified Authentication of WLAN users, and meanwhile, the AC is responsible for a function of user redirection, and an AAA (Authentication, Authorization, Accounting) system feeds back information of user Authentication success to the AC, so that the AC opens user rights and allows users to surf the internet.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the above-described related art: the functions of authentication, management and the like of a WLAN user or a broadband user are undertaken by the AC, which causes an excessive AC pressure, and since the AC is generally developed based on a switch architecture and the device performance is weak, the processing efficiency of the system is affected and the user experience is reduced.
In view of this, the present disclosure provides an authentication technical solution, which can improve system processing efficiency, reduce network pressure, and improve user experience.
According to some embodiments of the present disclosure, there is provided an authentication method including: the method comprises the steps that an AP (access point) responds to a received message sent by an STA (Station) for the first time, and whether the STA needs to be authenticated is judged according to an STA table item corresponding to the STA; under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of a Portal (Portal) server and an address of authentication point equipment; and the AP sends the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
In some embodiments, the STA table entry is generated according to the following steps: in the process that the STA associates with the AP, the AP acquires relevant information of the STA from the STA; the AP establishes the STA table item according to the related information; the AP acquires information whether the STA passes the authentication from the authentication point equipment under the condition of judging that the STA needs the authentication; under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry; in the event that the STA has been authenticated, marking the STA authenticated in the STA entry.
In some embodiments, the AP sends the relevant information of the STA to the authentication point device, so that the authentication point device queries the STA attribute according to the relevant information to determine whether the STA has been authenticated; and the AP receives a query result returned by the authentication point equipment.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, the access request including the address of the authentication point device so that the Portal server authenticates the STA on the AAA system through the authentication point device.
In some embodiments, the authentication method further comprises: and the AP marks that the STA is not authenticated or deletes the STA table entry in response to receiving the offline information of the STA forwarded by the authentication point equipment.
In some embodiments, the logoff information is sent by the STA to the Portal server, and then sent by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, the authentication method further includes: and the AP responds to the STA passing the authentication, marks the STA authenticated in the STA table entry and opens corresponding authority for the STA.
In some embodiments, the authentication method further comprises: and forwarding the message by the AP under the condition that the STA does not need to be authenticated.
In some embodiments, the redirection packet further includes one or more of a media access control MAC address of the AP, an internet protocol IP address, a serial number of the AP, and an SSID associated with the STA; the STA table entry further comprises a forwarding mode and one or more items of the MAC address, the IP address, the operating system information and the associated SSID of the STA, which are acquired in the process of associating the STA with the AP.
According to further embodiments of the present disclosure, there is provided an AP including: the judging unit is used for responding to a received message sent by an STA for the first time and judging whether the STA needs to be authenticated according to an STA table entry corresponding to the STA; the processing unit is used for generating a redirection message under the condition that the STA needs to be authenticated, wherein the redirection message comprises the address of a Portal server and the address of authentication point equipment; and the sending unit is used for sending the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
In some embodiments, the AP further comprises: a receiving unit, configured to acquire relevant information of the STA from the STA in a process of associating with the STA; the processing unit establishes the STA table entry according to the relevant information; the receiving unit acquires whether the STA passes the authentication from the authentication point equipment under the condition that the judging unit judges that the STA needs the authentication; under the condition that the STA is not authenticated, the processing unit marks that the STA is not authenticated in the STA table entry; in a case that the STA has been authenticated, the processing unit marks in the STA entry that the STA is authenticated.
In some embodiments, the sending unit sends the relevant information of the STA to the authentication point device in response to the STA associating with the AP, so that the authentication point device queries STA attributes according to the relevant information to determine whether the STA has been authenticated; the receiving unit 54 receives the query result returned by the authentication point device.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, including the address of the authentication point device in the access request for the Portal server to authenticate the STA on the AAA system through the authentication point device.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is not authenticated or deletes the STA entry in response to receiving the offline information of the STA forwarded by the authentication point device.
In some embodiments, the logoff information is sent by the STA to the Portal server and then by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, in response to the STA being authenticated, processing unit 52 marks in the STA entry that the STA is authenticated and opens corresponding permissions for the STA.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure;
fig. 2 illustrates a signaling diagram of some embodiments of the STA entry generation method of the present disclosure;
fig. 3 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure;
fig. 4 shows a signaling diagram of further embodiments of the authentication method of the present disclosure;
fig. 5 illustrates a block diagram of some embodiments of an AP of the present disclosure;
fig. 6 illustrates a block diagram of some embodiments of an authentication system of the present disclosure;
fig. 7 shows a block diagram of further embodiments of an AP of the present disclosure;
fig. 8 illustrates a block diagram of still further embodiments of an AP of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The inventor of the present disclosure finds that, in the related art, when an AC is connected to a service gateway BRAS (Broadband remote access Server) or is deployed in a core network of a metropolitan area network, a large number of HTTP (HyperText Transfer Protocol) messages that are first sent by an STA or redirection messages that are sent by the AC to the STA may cause stress on the network.
Based on the above considerations, the present invention can be implemented by the following embodiments, which can solve the problem of stress on the network when the AC is responsible for redirection.
Fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure.
As shown in fig. 1, the method includes: step 110, judging whether the STA needs to be authenticated; step 120, generating a redirection packet; and step 130, sending the redirection message.
In step 110, in response to receiving the first message sent by the STA, the AP determines whether to authenticate the STA according to the STA entry corresponding to the STA. For example, the message sent by the STA for the first time may be an HTTP request sent by the STA to open a web page for the first time.
In some embodiments, when the STA associates with the AP, the AP may obtain relevant information of the STA, such as a MAC address, an IP address, operating system information, and an associated SSID, of the STA from the STA, and establish an STA entry according to the relevant information.
The AP may also determine whether the STA needs to perform authentication during the association process. For example, there are two types of SSIDs set on the AP, one requiring authentication for the corresponding STA, and the other not requiring authentication for the corresponding STA. Therefore, the AP can determine whether the STA needs authentication from the SSID associated with the STA.
And for the SSID which is associated with the STA and needs to be authenticated, the AP queries whether the STA is authenticated from the AC, and if the STA is not authenticated, the AP generates a redirection message and sends the redirection message to the STA. For example, when the AP determines that the STA needs authentication, the AP transmits the STA related information to an authentication point device (e.g., AC). And the authentication point equipment inquires the attribute of the STA according to the related information and determines whether the STA passes the authentication. And the AP receives the query result returned by the authentication point equipment.
Under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry; in case the STA has been authenticated, the STA is noted in the STA table entry as authenticated.
The STA table entry established by the AP includes the relevant information of the STA and whether the STA needs authentication. That is, the AP establishes a mapping relationship between the SSID of the STA and whether authentication is required, and the STA table entry of each STA may constitute a service mapping table stored in the AP, so as to search for whether authentication is required by the STA.
In some embodiments, the STA table entry may be generated by the embodiment in fig. 2.
Fig. 2 illustrates a signaling diagram of some embodiments of the STA entry generation method of the present disclosure.
As shown in fig. 2, in event 210, the user opens the WLAN network card through the STA, and the STA performs air interface association with the nearby AP.
In event 220, after the STA associates with the AP, the AP determines that the STA needs authentication, and the AP reports the relevant information of the STA to the AC. For example, the related information may include one or more of a MAC address of the STA, an operating system, an associated SSID, and at least one of a MAC address and a sequence number of the AP.
In event 230, the AC may query the associated STA attributes via the STA's SSID to determine whether the STA requiring authentication has been authenticated. For example, the AC may also store an STA entry corresponding to each STA, where the STA entry stores corresponding STA attributes.
At event 240, the AC sends a feedback message to the AP. The feedback message indicates whether the STA has been authenticated.
In event 250, after receiving the feedback message from the AC, the AP establishes a corresponding STA entry for the STA. The STA table entry may include one or more items of relevant information such as MAC address, IP address, operating system information, SSID, etc. of the STA, and may further include a forwarding manner. Then, the STA may perform DHCP (Dynamic Host Configuration Protocol) interaction with the AC, and obtain other operations such as a relevant address.
In some embodiments, in the case where it is determined by the STA entry that the STA needs authentication, the process may continue through other steps in fig. 1.
In step 120, the AP generates a redirection packet including the address of the Portal server and the address of the authentication point device in case authentication of the STA is required. In some embodiments, the AP forwards the message without authenticating the STA.
In some embodiments, the address of the authentication point device (AC) in the redirect message is used for the STA to send an access request to the Portal server, including the address of the AC in the access request for the Portal server to authenticate the STA on the AAA system through the AC. The redirection message may also include one or more of a MAC address, an IP address, and a sequence number of the AP.
In some embodiments, the AP marks that the STA is authenticated in the STA entry and opens corresponding rights for the STA in response to the STA passing the authentication.
In some embodiments, the STA may be authenticated by the embodiment in fig. 3.
Fig. 3 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure.
As shown in fig. 3, in event 310, the STA opens the web page for the first time to send an HTTP message, and after receiving the HTTP message, the AP queries the STA entry corresponding to the STA to determine whether the STA needs authentication.
At event 320, the AP determines that the STA needs authentication, and generates and sends a redirection message to the STA. At event 330, the STA sends an access request to the Portal server based on the Portal server address in the received redirect message. For example, the access request may include an address of the AC, a MAC address of the AP, an SSID of the AP, a MAC address of the STA, and the like.
At event 340, the Portal server generates a Portal authentication page based on the information such as the AP's MAC address and SSID in the access request sent by the STA.
At event 350, the Portal server sends a Portal authentication page to the STA.
At event 360, the user may generate authentication information by other means such as the STA filling in a user account number, a password, or filling in a received verification code via a short message in the authentication page, and send the authentication information to the Portal server (e.g., by the STA clicking an authentication button).
At event 370, the Portal server extracts the authentication information and sends the authentication information to the authentication point device AC.
In event 380, the AC sends the user's authentication information to the AAA for authentication.
In event 390, the AC sends the authentication result fed back by the AAA to the AP associated with the STA.
At event 392, the AC sends the authentication result to the Portal server.
At event 394, the Portal server receives the authentication result and then sends the page with the successful authentication to the STA.
At event 396, after receiving the authentication result, the AP updates the STA entry for the STA to indicate that the STA is authenticated and opens the STA's permission to allow the STA to access the public network.
In some embodiments, in response to receiving the offline information of the STA forwarded by the AC, the AP marks that the STA is not authenticated in the STA entry, so that the STA is authenticated when going online next time, thereby improving security. The logoff information is sent by the STA to the Portal server and then sent by the Portal server to the AC, so that the AC marks the STA as unauthenticated. This may be achieved, for example, by the embodiment of fig. 4.
Fig. 4 shows a signaling diagram of further embodiments of the authentication method of the present disclosure.
As shown in fig. 4, based on the embodiments described above, at event 410, the STA sends a logoff request to the Portal server. For example, when the user needs to go offline, the offline button is actively clicked.
At event 420, the Portal server, upon receiving the logoff request, sends the logoff request to the AC.
In event 430, the AC sends an offline request to the AAA system so that the AAA system stops accounting. And the AC updates the STA table entry of the STA stored in the AC and marks the STA as unauthenticated so as to authenticate the STA when the STA goes online next time.
In event 440, the AC sends the offline information to the AP.
In event 450, the AP updates the STA entry for the STA stored in the AP, marking the STA as unauthenticated or deleting the STA entry, so that the STA can be authenticated the next time it comes online. For example, the next time the STA's message is received again, it needs to be redirected again for authentication.
At event 460, the AP returns acknowledgement feedback to the AC.
At event 470, the AC sends a user offline confirmation to the Portal server.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Fig. 5 illustrates a block diagram of some embodiments of an AP of the present disclosure.
As shown in fig. 5, the AP 5 includes a judgment unit 51, a processing unit 52, and a transmission unit 53.
The determining unit 51 determines whether to authenticate the STA according to the STA entry corresponding to the STA in response to receiving the message sent by the STA for the first time.
The processing unit 52 generates a redirection packet including the address of the Portal server and the address of the authentication point device in case authentication of the STA is required.
The sending unit 53 sends the redirection packet to the STA so that the STA accesses the Portal server and authenticates with the authentication point device.
In some embodiments, the AP 5 further includes a receiving unit 54, configured to acquire relevant information of the STA from the STA in the process of associating with the STA. The processing unit 52 establishes the STA table entry according to the relevant information. In the case where the determination unit 51 determines that the STA needs authentication, the reception unit 54 acquires from the authentication point device whether the STA has been authenticated. In the event that the STA is not authenticated, the processing unit 52 notes in the STA entry that the STA requires authentication. In the case that the STA has been authenticated, the processing unit 52 notes in the STA entry that the STA does not require authentication.
In some embodiments, the transmitting unit 53 transmits the relevant information of the STA to the authentication point device in response to the STA associating with the AP, so that the authentication point device queries the STA attribute according to the relevant information to determine whether the STA has been authenticated. The receiving unit 54 receives the query result returned by the authentication point device.
In some embodiments, the address of the authentication point device in the redirect message is used for the STA to send an access request to the Portal server, including the address of the authentication point device in the access request for the Portal server to authenticate the STA on the AAA system through the authentication point device.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is not authenticated or deletes the STA entry in response to receiving the offline information of the STA forwarded by the authentication point device.
In some embodiments, the logoff information is sent by the STA to the Portal server and then by the Portal server to the authentication point device, so that the authentication point device marks the STA as unauthenticated or deletes the STA entry.
In some embodiments, the processing unit 52 marks in the STA entry that the STA is authenticated and opens corresponding rights for the STA in response to the STA being authenticated.
In some embodiments, the sending unit 53 forwards the message without authenticating the STA.
In some embodiments, the redirection message further includes one or more of a MAC address of the AP, an IP address, a serial number of the AP, and an SSID associated with the STA. The STA table entry further includes a forwarding mode, and one or more items of an MAC address, an IP address, operating system information, and an associated SSID of the STA acquired in the process of associating the STA with the AP.
In the above embodiment, the AP generates the redirection packet according to the established STA entry, so as to implement the redirection function of the user, and strip off part of the work originally responsible for the AC, thereby reducing the pressure of the AC, and thus improving the processing efficiency of the system and further improving the user experience.
Fig. 6 illustrates a block diagram of some embodiments of the authentication system of the present disclosure.
As shown in fig. 6, the authentication system 6 includes: an AP 61 for executing the authentication method in any one of the above embodiments; a Portal server 62 and an authentication point device 63.
Fig. 7 illustrates a block diagram of further embodiments of an AP of the present disclosure.
As shown in fig. 7, the AP 7 of this embodiment includes: a memory 71 and a processor 72 coupled to the memory 71, the processor 72 being configured to perform an authentication method in any of the embodiments of the present disclosure based on instructions stored in the memory 71.
The memory 71 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 8 illustrates a block diagram of still further embodiments of an AP of the present disclosure.
As shown in fig. 8, the AP 8 of this embodiment includes: a memory 810 and a processor 820 coupled to the memory 810, the processor 820 being configured to perform the authentication method of any of the preceding embodiments based on instructions stored in the memory 810.
The AP 8 may also include an input-output interface 830, a network interface 840, a storage interface 850, and the like. These interfaces 830, 840, 850 and between the memory 810 and the processor 820 may be connected, for example, by a bus 860. The input/output interface 830 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 840 provides a connection interface for various networking devices. The storage interface 850 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, an authentication method, an authentication system, an AP, and a computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (21)
1. An authentication method, comprising:
the method comprises the steps that a wireless Access Point (AP) responds to a received message sent by a Station (STA) for the first time, and whether the STA needs to be authenticated is judged according to an STA table entry corresponding to the STA;
under the condition that the STA needs to be authenticated, the AP generates a redirection message, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment;
and the AP sends the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
2. The authentication method of claim 1, wherein the STA table entry is generated according to the following steps:
in the process that the STA is associated with the AP, the AP acquires relevant information of the STA from the STA;
the AP establishes the STA table item according to the related information;
the AP acquires information whether the STA passes the authentication from the authentication point equipment under the condition of judging that the STA needs the authentication;
under the condition that the STA is not authenticated, marking that the STA is not authenticated in the STA table entry;
in the event that the STA has been authenticated, marking the STA authenticated in the STA entry.
3. The authentication method of claim 2, wherein the obtaining information from the authentication point device whether the STA has been authenticated comprises:
the AP sends the relevant information of the STA to the authentication point equipment, so that the authentication point equipment queries the STA attribute according to the relevant information to determine whether the STA passes authentication;
and the AP receives a query result returned by the authentication point equipment.
4. The authentication method of claim 1,
the address of the authentication point device in the redirection message is used for the STA to send an access request to the Portal server, wherein the access request comprises the address of the authentication point device, so that the Portal server can authenticate the STA on an authentication, authorization and accounting (AAA) system through the authentication point device.
5. The authentication method of any one of claims 1-4, further comprising:
and the AP marks that the STA is not authenticated or deletes the STA table entry in response to receiving the offline information of the STA forwarded by the authentication point equipment.
6. The authentication method of claim 5, wherein
The offline information is sent to the Portal server by the STA, and then sent to the authentication point equipment by the Portal server, so that the authentication point equipment marks the STA as unauthenticated or deletes the STA table entry.
7. The authentication method of any one of claims 1-4, further comprising:
and the AP responds to the STA passing the authentication, marks the STA authenticated in the STA table entry and opens corresponding authority for the STA.
8. The authentication method of any one of claims 1-4, further comprising:
and forwarding the message by the AP under the condition that the STA does not need to be authenticated.
9. The authentication method according to any one of claims 1 to 4,
the redirection message also comprises one or more items of a Media Access Control (MAC) address of the AP, an Internet Protocol (IP) address, a serial number of the AP and an SSID (service set identifier) associated with the STA;
the STA table entry further comprises a forwarding mode of the STA and one or more items of an MAC address, an IP address, operating system information and an associated SSID of the STA, wherein the items are acquired in the process of associating the STA with the AP.
10. A wireless access point, AP, comprising:
the judging unit is used for responding to a message sent by a station STA for the first time and judging whether the STA needs to be authenticated according to an STA table entry corresponding to the STA;
the processing unit is used for generating a redirection message under the condition that the STA needs to be authenticated, wherein the redirection message comprises an address of an entrance Portal server and an address of authentication point equipment;
and the sending unit is used for sending the redirection message to the STA so that the STA can access the Portal server and carry out authentication through the authentication point equipment.
11. The AP of claim 10, further comprising:
a receiving unit, configured to acquire relevant information of the STA from the STA in a process of associating with the STA;
wherein the content of the first and second substances,
the processing unit establishes the STA table item according to the related information;
the receiving unit acquires whether the STA passes the authentication from the authentication point equipment under the condition that the judging unit judges that the STA needs the authentication;
under the condition that the STA is not authenticated, the processing unit marks that the STA is not authenticated in the STA table entry;
in a case that the STA has been authenticated, the processing unit marks in the STA entry that the STA is authenticated.
12. The AP of claim 11, wherein,
the sending unit responds to the association between the STA and the AP, and sends the relevant information of the STA to the authentication point equipment, so that the authentication point equipment queries the STA attribute according to the relevant information to determine whether the STA passes the authentication;
and the receiving unit receives the query result returned by the authentication point equipment.
13. The AP of claim 10, wherein,
the address of the authentication point device in the redirection message is used for the STA to send an access request to the Portal server, wherein the access request comprises the address of the authentication point device, so that the Portal server can authenticate the STA on an authentication, authorization and accounting (AAA) system through the authentication point device.
14. The AP of any one of claims 10-13,
the processing unit is configured to mark, in response to receiving the offline information of the STA forwarded by the authentication point device, that the STA is not authenticated or delete the STA entry in the STA entry.
15. The AP of claim 14, wherein
The offline information is sent to the Portal server by the STA, and then sent to the authentication point equipment by the Portal server, so that the authentication point equipment marks the STA as unauthenticated or deletes the STA table entry.
16. The AP of any one of claims 10-13,
and the processing unit responds to the STA passing the authentication, marks the STA passing the authentication in the STA table entry and opens corresponding authority for the STA.
17. The AP of any one of claims 10-13,
and the sending unit forwards the message under the condition that the STA does not need to be authenticated.
18. The AP of any one of claims 10-13,
the redirection message also comprises one or more items of a Media Access Control (MAC) address of the AP, an Internet Protocol (IP) address, a serial number of the AP and an SSID (service set identifier) associated with the STA;
the STA table entry further comprises a forwarding mode and one or more items of the MAC address, the IP address, the operating system information and the associated SSID of the STA, which are acquired in the process of associating the STA with the AP.
19. An authentication system comprising:
a wireless access point AP for performing the authentication method of any one of claims 1-9;
an ingress Portal server; and
and authenticating the point device.
20. A wireless access point, AP, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the authentication method of any of claims 1-9 based on instructions stored in the memory device.
21. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the authentication method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811412489.8A CN111225376A (en) | 2018-11-26 | 2018-11-26 | Authentication method, system, wireless access point AP and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811412489.8A CN111225376A (en) | 2018-11-26 | 2018-11-26 | Authentication method, system, wireless access point AP and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111225376A true CN111225376A (en) | 2020-06-02 |
Family
ID=70830696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811412489.8A Pending CN111225376A (en) | 2018-11-26 | 2018-11-26 | Authentication method, system, wireless access point AP and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111225376A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794596A (en) * | 2021-09-15 | 2021-12-14 | 河南省信息咨询设计研究有限公司 | Network reconstruction method based on metropolitan area network |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102487506A (en) * | 2009-10-21 | 2012-06-06 | 中国电信股份有限公司 | Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol |
| CN103139750A (en) * | 2011-12-02 | 2013-06-05 | 中国移动通信集团上海有限公司 | Processing system, processing method, identification server and access controller for user logoff |
| CN104811439A (en) * | 2015-03-30 | 2015-07-29 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| JP2015156639A (en) * | 2014-01-17 | 2015-08-27 | 株式会社ナビック | Relay device, radio communication system and radio communication method |
| CN105376739A (en) * | 2015-12-04 | 2016-03-02 | 上海斐讯数据通信技术有限公司 | Network authentication method and system |
| CN105592458A (en) * | 2014-10-22 | 2016-05-18 | 中国电信股份有限公司 | Authentication method and system for service of wireless local area network, and server |
| CN106332083A (en) * | 2016-08-24 | 2017-01-11 | 上海斐讯数据通信技术有限公司 | TCP connection method and device and intranet authentication method and system |
| CN106559405A (en) * | 2015-09-30 | 2017-04-05 | 华为技术有限公司 | A kind of portal authentication method and equipment |
| US20170290076A1 (en) * | 2014-12-31 | 2017-10-05 | Huawei Technologies Co., Ltd. | Method for Establishing Communication Connection between Station and Access Point, Access Point, and Station |
| CN107517189A (en) * | 2016-06-17 | 2017-12-26 | 中兴通讯股份有限公司 | Method, the equipment that a kind of WLAN user access authentication and configuration information issue |
| CN107864508A (en) * | 2017-12-26 | 2018-03-30 | 杭州迪普科技股份有限公司 | A kind of pre-synchronization method and device of radio roaming authentication state |
| CN108494627A (en) * | 2018-03-23 | 2018-09-04 | 四川斐讯信息技术有限公司 | Portal pressure testing systems and method based on cloud AC |
-
2018
- 2018-11-26 CN CN201811412489.8A patent/CN111225376A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102487506A (en) * | 2009-10-21 | 2012-06-06 | 中国电信股份有限公司 | Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol |
| CN103139750A (en) * | 2011-12-02 | 2013-06-05 | 中国移动通信集团上海有限公司 | Processing system, processing method, identification server and access controller for user logoff |
| JP2015156639A (en) * | 2014-01-17 | 2015-08-27 | 株式会社ナビック | Relay device, radio communication system and radio communication method |
| CN105592458A (en) * | 2014-10-22 | 2016-05-18 | 中国电信股份有限公司 | Authentication method and system for service of wireless local area network, and server |
| US20170290076A1 (en) * | 2014-12-31 | 2017-10-05 | Huawei Technologies Co., Ltd. | Method for Establishing Communication Connection between Station and Access Point, Access Point, and Station |
| CN104811439A (en) * | 2015-03-30 | 2015-07-29 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| CN106559405A (en) * | 2015-09-30 | 2017-04-05 | 华为技术有限公司 | A kind of portal authentication method and equipment |
| WO2017092501A1 (en) * | 2015-12-04 | 2017-06-08 | 上海斐讯数据通信技术有限公司 | Method and system for network certification |
| CN105376739A (en) * | 2015-12-04 | 2016-03-02 | 上海斐讯数据通信技术有限公司 | Network authentication method and system |
| CN107517189A (en) * | 2016-06-17 | 2017-12-26 | 中兴通讯股份有限公司 | Method, the equipment that a kind of WLAN user access authentication and configuration information issue |
| CN106332083A (en) * | 2016-08-24 | 2017-01-11 | 上海斐讯数据通信技术有限公司 | TCP connection method and device and intranet authentication method and system |
| CN107864508A (en) * | 2017-12-26 | 2018-03-30 | 杭州迪普科技股份有限公司 | A kind of pre-synchronization method and device of radio roaming authentication state |
| CN108494627A (en) * | 2018-03-23 | 2018-09-04 | 四川斐讯信息技术有限公司 | Portal pressure testing systems and method based on cloud AC |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794596A (en) * | 2021-09-15 | 2021-12-14 | 河南省信息咨询设计研究有限公司 | Network reconstruction method based on metropolitan area network |
| CN113794596B (en) * | 2021-09-15 | 2024-03-19 | 河南省信息咨询设计研究有限公司 | Network reconstruction method based on metropolitan area network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110800331B (en) | Network verification method, related equipment and system | |
| US11831629B2 (en) | Server for providing a token | |
| KR101361161B1 (en) | System and method for reinforcing authentication using context information for mobile cloud | |
| US8842830B2 (en) | Method and apparatus for sending a key on a wireless local area network | |
| CN104811462B (en) | A kind of access gateway reorientation method and access gateway | |
| DK2924944T3 (en) | Presence authentication | |
| US9549318B2 (en) | System and method for delayed device registration on a network | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN103329091A (en) | Cross access login controller | |
| US9270652B2 (en) | Wireless communication authentication | |
| WO2018058982A1 (en) | Control information pushing method and pushing device, intelligent router and server | |
| JP2016523416A (en) | Account login method, device and system | |
| WO2017177691A1 (en) | Portal authentication method and system | |
| CN110401951B (en) | Method, device and system for authenticating terminal in wireless local area network | |
| US10951616B2 (en) | Proximity-based device authentication | |
| JP7135206B2 (en) | access authentication | |
| KR20100101887A (en) | Method and system for authenticating in communication system | |
| CN110839050B (en) | Method, system and wireless access point for detecting user offline | |
| CN105915557B (en) | Network authentication method, access control method and network access equipment | |
| CN112423299B (en) | Method and system for wireless access based on identity authentication | |
| CN111225376A (en) | Authentication method, system, wireless access point AP and computer readable storage medium | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN111182512B (en) | Terminal connection method, device, terminal and computer readable storage medium | |
| CN106412904B (en) | Method and system for preventing counterfeit user authentication authority | |
| CN115314895A (en) | WAPI user identification method, system and access area AS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200602 |