CN113573311B - Terminal equipment authentication system and method thereof - Google Patents
Terminal equipment authentication system and method thereof Download PDFInfo
- Publication number
- CN113573311B CN113573311B CN202010348528.3A CN202010348528A CN113573311B CN 113573311 B CN113573311 B CN 113573311B CN 202010348528 A CN202010348528 A CN 202010348528A CN 113573311 B CN113573311 B CN 113573311B
- Authority
- CN
- China
- Prior art keywords
- account number
- terminal
- access point
- terminal device
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 235000014510 cooky Nutrition 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
A method for authenticating a terminal device, the method comprising: connecting terminal equipment with an access point or a wireless local area network controller, and outputting an authentication code, an equipment identification code and an account number from the terminal equipment to the access point or the wireless local area network controller; the access point or the wireless local area network controller judges whether the terminal equipment is positioned in a white list according to the authentication code, the equipment identification code and the account number; the authentication code is generated by the access point or the wireless local area network controller according to the account number, the password and the account validity period of the terminal user of the terminal equipment. The invention also provides a terminal equipment authentication system.
Description
Technical Field
The present invention relates to a terminal equipment authentication system and a method thereof, and more particularly, to a terminal equipment authentication system and a method thereof which are used for network scale expansion and are suitable for simultaneous authentication of a large number of users.
Background
In the existing terminal equipment authentication technology, a thin AP plus wireless lan controller authentication mode is generally used for surfing the internet, however, during a surfing peak period (for example, the time of going to work or going out of work of a factory), each terminal equipment needs to be authenticated by the wireless lan controller, so that the problems of overlong authentication flow, too slow authentication speed and increased failure rate of the wireless lan controller are encountered. In addition, although authentication through a general whitelist can optimize the above problems, the whitelist is generally based on single terminal information, such as terminal MAC, which is easily imitated, is fixed, and requires manual maintenance, thus having limitations. Therefore, how to improve the authentication efficiency of the terminal device is a problem to be solved at present.
Disclosure of Invention
In view of the above, there is a need for a terminal device authentication system and method thereof that can simplify the authentication process.
The invention provides a terminal equipment authentication method which is characterized by comprising the following steps: connecting terminal equipment with an access point or a wireless local area network controller, and outputting an authentication code, an equipment identification code and an account number from the terminal equipment to the access point or the wireless local area network controller; the access point or the wireless local area network controller judges whether the terminal equipment is positioned in a white list according to the authentication code, the equipment identification code and the account number; the authentication code is generated by the access point or the wireless local area network controller according to the account number, the password and the account validity period of the terminal user of the terminal equipment.
The invention also provides a terminal authentication system for authenticating the terminal equipment, which is characterized by comprising the terminal equipment, the access point and the wireless local area network controller. The terminal device is used for outputting an authentication code, a device identification code, an account number and a password of a terminal user. The access point is connected with the terminal equipment. The wireless local area network controller is connected with the terminal equipment through the access point. And the access point or the wireless local area network controller judges whether the terminal equipment is positioned in a white list according to the authentication code, the equipment identification code and the account number. The authentication code is generated by the access point or the wireless local area network controller according to the account number, the password and the validity period of the account number of the terminal user of the terminal device.
According to an embodiment of the present invention, when the authentication code, the device identification code, and the account number all correspond to the same user in the whitelist, the access point or the wlan controller determines that the terminal device is located in the whitelist, and when the authentication code, the device identification code, and the account number do not correspond to the same user in the whitelist, the access point or the wlan controller determines that the terminal device is not located in the whitelist.
According to another embodiment of the present invention, wherein the access point or the wlan controller requests the terminal device to output the account number and the password of the terminal user when the terminal device does not output any one of the device identification code, the authentication code and the account number; the access point or the wireless local area network controller judges whether the account number, the password and the account number validity period of the terminal user are positioned in an approval list; when the account number, the password and the account number valid period of the terminal user are located in an approval list, generating the authentication code corresponding to the terminal device, and generating the white list according to the account number, the authentication code, the device identification code and the account number valid period of the terminal user; and when the account number and the password of the terminal user are not positioned in the approval list or the account number validity period exceeds expiration, the access point or the wireless local area network controller does not provide connection permission for the terminal equipment.
According to another embodiment of the invention, wherein the access point or the wireless local area network controller removes the terminal device from the whitelist when the account validity period exceeds an expiration.
According to another embodiment of the present invention, the device identification code is at least one of a MAC address of the terminal device, a product serial number, and a Cookie generated by the terminal device, or any combination of the above.
Drawings
Fig. 1 is a block diagram of a terminal device authentication system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a terminal device authentication method according to an embodiment of the present invention.
Description of the main reference signs
Terminal equipment authentication system
Wireless local area network controller
Access point
Terminal equipment
Step flow
S201 to S207
Detailed Description
Further areas of applicability of the present systems and methods will become apparent from the detailed description provided hereinafter. It should be understood that the following detailed description and specific examples, while indicating exemplary embodiments of the terminal device authentication system and method thereof, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Fig. 1 is a block diagram of a terminal device authentication system 100 according to an embodiment of the invention. The terminal device authentication system 100 is used for authenticating whether the terminal device 130 is located in the white list, and at least includes a wireless lan controller (Wireless LAN Controller, WLC) 110 and an Access Point (AP) 120. In fig. 1, only 1 access point 120 and 1 terminal device 130 are taken as an example, but in reality, the number of access points 120 and terminal devices 130 may be determined according to the needs of the user, and the embodiment of the invention is not limited thereto. The terminal device 130 is connected to the wlan controller 110 through the access point 120, so that the access point 120 or the wlan controller 110 can authenticate the terminal device 130 according to the white list. The terminal device 130 is a portable electronic apparatus (such as a personal digital assistant, a smart phone, a tablet computer, or a combination thereof), and at least comprises an input module, a processing module, and a wireless transmission module (not shown in fig. 1). The input module can be a key or a touch screen with a display function, and the like, and is used for an end user to input an account number and a password. The processing module may be a dedicated hardware circuit or general-purpose hardware (e.g., a single processor, a multi-processor with parallel processing capability, a graphics processor, or other processor with computing capability) for executing an application program for authentication, and may output an account number and a password corresponding to the user identity and a device identification code corresponding to the terminal device 130 to the wlan controller 110 via the access point 120 via the wireless transmission module, and receive the authentication code from the access point 120 or the wlan controller 110. The authentication code is generated after the access point 120 or the wlan controller 110 authenticates the account number and the password of the end user, and the end user cannot learn and modify the authentication code, so that the end user can be prevented from forging the whitelist, and the device identification code can be at least one of the MAC address, the product serial number of the terminal device 130, the Cookie generated by the terminal device 130, or any combination thereof.
According to an embodiment of the present invention, when the terminal device 130 is connected to the access point 120 or connected to the wlan controller 110 through the access point 120, the terminal device 130 first outputs its authentication code, device identification code and account number to the access point 120 or the wlan controller 110, and the access point 120 or the wlan controller 110 determines whether the received authentication code and device identification code correspond to the same user in the whitelist. When the authentication code, the device identification code and the account number all belong to the same user in the white list, the access point 120 or the wlan controller 110 opens the internet access permission to the terminal device 130 for the user to access the internet. Otherwise, when the authentication code, the device identification code and the account number respectively belong to different users in the white list or one of the different users does not belong to any user in the white list, a request is output to the terminal device 130 to request the terminal device to input the account number and the password for authentication, the wireless local area network controller 110 judges whether the terminal device 130 passes the authentication according to the account number, the password and the validity period of the account number, if not, the terminal device 130 is forbidden to be connected to the internet, and if passing the authentication, the internet access authority is released to the terminal device 130, and the corresponding white list is established.
It should be noted that, when the end user connects to the access point 120 or the wlan controller 110 through the terminal device 130 for the first time, the terminal device 130 never receives the authentication of the access point 120 or the wlan controller 110, so the authentication code obtained after the authentication is not stored, and the access point 120 or the wlan controller 110 outputs a request to the terminal device 130 to request the end user to input the account number and the password for subsequent authentication.
After receiving the account number and the password of the user, the access point 120 or the wlan controller 110 determines whether the user is in the approval list according to the account number, the password and the account validity period. The approval list records the account number, the password and the account limited period of the user with the authority of connecting with the network. When the user is on the approval list, the access point 120 or the wlan controller 110 generates and outputs an authentication code corresponding to the user to the terminal device 130, and binds the authentication code and the device identification code corresponding to the terminal device 130 according to the account validity period, the account corresponding to the terminal user, and the account validity period. Next, if the terminal equipment authentication system 100 performs authentication through the wlan controller 110, the whitelist is stored in a storage module (not shown in fig. 1) of the wlan controller 110, so that the wlan controller 110 can perform authentication according to the authentication code and the equipment identification code of the terminal equipment 130 when the terminal equipment 130 is connected next time. Alternatively, if the terminal equipment authentication system 100 performs authentication through the access point 120, the whitelist is stored in a storage module (not shown in fig. 1) of the wlan controller 110, so that the access point 120 can perform authentication according to the authentication code and the equipment identification code of the terminal equipment 130 when the terminal equipment 130 is connected next time. The account validity period is used for the wlan controller 110 to regulate and update the whitelist, i.e. when the account validity period of the user expires, the wlan controller 110 may automatically delete the user from the whitelist or notify the terminal user to extend the account validity period.
Otherwise, when the user is not on the approval list, the wlan controller 110 outputs a request to the terminal device 130 to request the terminal user to input the account number and the password for authentication. It should be noted that the device identifier corresponding to the terminal device 130 and the account number of the user are unique, i.e. when the device identifier outputted by the terminal device 130 repeatedly corresponds to a different user, the wlan controller 110 re-authenticates the user and updates the whitelist (e.g. deletes the old device identifier).
Fig. 2 is a flowchart of a terminal device authentication method according to an embodiment of the present invention. First, in step S201, after the terminal device 130 is connected to the access point 120 or connected to the wlan controller 110 through the access point 120, the terminal device 130 outputs an authentication code, a device identification code and an account number to the access point 120. The authentication code is generated by the access point 120 or the wlan controller 110 according to the account number and the password of the end user of the terminal device 130, and the device identification code may be at least one of the MAC address, the product serial number of the terminal device 130, and the Cookie generated by the terminal device 130, or any combination thereof. In step S202, the access point 120 or the wlan controller 110 determines whether the terminal device 130 is located in the whitelist according to the received authentication code and the device identification code and the account number. When the access point 120 or the wlan controller 110 determines that the terminal user corresponding to the terminal device 130 is located in the white list according to the device identification code, step S203 is entered, where the access point 120 or the wlan controller 110 opens the authority of internet surfing to the terminal device 130, so that the user can surf the internet. Otherwise, when the terminal device 130 is not in the white list or the terminal device 130 does not output the authentication code or the account number, step S204 is performed, and the access point 120 or the wlan controller 110 requests the terminal device 130 to output the account number and the password of the terminal user, so that the access point 120 or the wlan controller 110 can authenticate the identity of the user and establish a corresponding white list. Next, step S205 is performed, where the access point 120 or the wlan controller 110 determines whether the end user is located in the approval list according to the account number, the password and the account validity period after receiving the account number and the password of the end user. When the account number and the password of the terminal user are recorded on the approval list (representing that the terminal user has the authority to connect to the internet), the process proceeds to step S206, where the access point 120 or the wlan controller 110 generates an authentication code corresponding to the terminal device 130, and establishes a whitelist according to the account number, the account validity period, the device identification code and the authentication code. Next, returning to step S203, the wlan controller 110 opens the authority to access the internet to the terminal device 130. In addition, the access point 120 or the wlan controller 110 further stores or sends the established white list to the access point 120 or the wlan controller 110 for authentication, so that when the terminal device 130 is reconnected, the authority of surfing the internet can be directly opened according to the white list, without executing the authentication procedure again. Otherwise, when the end user is not on the approval list, the process proceeds to step S207, where the access point 120 or the wlan controller 110 prohibits the end device 130 from logging into the network, and returns information that the authentication fails to the end device 130.
It should be noted that although the above-described method has been described on the basis of a flowchart using a series of steps or blocks, the present invention is not limited to the order of the steps, and some steps may be performed in a different order than others or the others may be performed simultaneously. Moreover, those of skill in the art will understand that the steps illustrated in the flowcharts are not exclusive and may include other steps of the flowcharts, or that one or more steps may be deleted without affecting the scope of the present invention.
In summary, according to the terminal device authentication system and the method thereof provided in some embodiments of the present invention, the authentication process may be accelerated by establishing the whitelist according to the account number of the terminal user, the device identification code of the terminal device, the authentication code generated by the access point or the wireless lan controller according to the account number password of the terminal user and the account validity period, and authenticating the terminal device by the device identification code, the authentication code and the account number, and the terminal user only needs to input the account number and the password in the first authentication, so that the step of inputting the account number password is reduced, thereby solving the problem that a large number of users are simultaneously authenticated to cause excessive busy of the wireless lan controller, and being beneficial to the expansion of the network scale.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention.
Claims (8)
1. A method for authenticating a terminal device, the method comprising:
connecting terminal equipment with an access point or a wireless local area network controller, and outputting an authentication code, an equipment identification code and an account number from the terminal equipment to the access point or the wireless local area network controller; and
The access point or the wireless local area network controller judges whether the terminal equipment is positioned in a white list according to the authentication code, the equipment identification code and the account number;
the authentication code is generated by the access point or the wireless local area network controller according to an account number, a password and an account validity period of a terminal user of the terminal equipment;
when the terminal equipment does not output any one of the equipment identification code, the authentication code and the account number, the access point or the wireless local area network controller requests the terminal equipment to output the account number and the password of the terminal user;
the access point or the wireless local area network controller judges whether the account number, the password and the account number validity period of the terminal user are positioned in an approval list;
when the account number, the password and the account number valid period of the terminal user are located in an approval list, generating the authentication code corresponding to the terminal device, and generating the white list according to the account number, the authentication code, the device identification code and the account number valid period of the terminal user; and
And when the account number and the password of the terminal user are not in the approval list or the account number validity period exceeds expiration, the access point or the wireless local area network controller does not provide connection permission for the terminal equipment.
2. The method of claim 1, wherein the access point or the wlan controller determines that the terminal device is in the whitelist when the authentication code, the device identification code, and the account number all correspond to the same user in the whitelist, and wherein the access point or the wlan controller determines that the terminal device is not in the whitelist when the authentication code, the device identification code, and the account number do not correspond to the same user in the whitelist.
3. The terminal device authentication method of claim 1, wherein the access point or the wireless local area network controller removes the terminal device from the whitelist when the account validity period exceeds an expiration limit.
4. The terminal device authentication method of claim 1, wherein the device identification code is at least one or any combination of a MAC address of the terminal device, a product serial number, and a Cookie generated by the terminal device.
5. A terminal device authentication system for authenticating a terminal device, the system comprising:
the terminal equipment is used for outputting an authentication code, an equipment identification code, an account number and a password of a terminal user;
an access point connected with the terminal equipment;
the wireless local area network controller is connected with the terminal equipment through the access point;
the access point or the wireless local area network controller judges whether the terminal equipment is positioned in a white list according to the authentication code, the equipment identification code and the account number; and
The authentication code is generated by the access point or the wireless local area network controller according to the account number, the password and the account validity period of the terminal user of the terminal equipment;
when the terminal equipment does not output any one of the equipment identification code, the authentication code and the account number, the access point or the wireless local area network controller requests the terminal equipment to output the account number and the password of the terminal user;
the access point or the wireless local area network controller judges whether the account number, the password and the account number validity period of the terminal user are positioned in an approval list;
when the account number, the password and the account number valid period of the terminal user are located in an approval list, generating the authentication code corresponding to the terminal device, and generating the white list according to the account number, the authentication code, the device identification code and the account number valid period of the terminal user; and
And when the account number and the password of the terminal user are not in the approval list or the account number validity period exceeds expiration, the access point or the wireless local area network controller does not provide connection permission for the terminal equipment.
6. The terminal device authentication system of claim 5, wherein the access point or the wlan controller determines that the terminal device is in the whitelist when the authentication code, the device identification code, and the account number all correspond to the same user in the whitelist, and wherein the access point or the wlan controller determines that the terminal device is not in the whitelist when the authentication code, the device identification code, and the account number do not correspond to the same user in the whitelist.
7. The terminal device authentication system of claim 5, wherein the access point or the wireless local area network controller removes the terminal device from the whitelist when the account validity period exceeds an expiration.
8. The terminal device authentication system of claim 5, wherein the device identification code is at least one of a MAC address of the terminal device, a product serial number, and a cookie generated by the terminal device, or any combination thereof.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010348528.3A CN113573311B (en) | 2020-04-28 | 2020-04-28 | Terminal equipment authentication system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010348528.3A CN113573311B (en) | 2020-04-28 | 2020-04-28 | Terminal equipment authentication system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113573311A CN113573311A (en) | 2021-10-29 |
| CN113573311B true CN113573311B (en) | 2024-04-09 |
Family
ID=78157920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010348528.3A Active CN113573311B (en) | 2020-04-28 | 2020-04-28 | Terminal equipment authentication system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113573311B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1514570A (en) * | 2002-12-19 | 2004-07-21 | �ͱ�»�ɷ�����˾ | Encrypted key setting system and method, place in point and identifying code setting system |
| CN102413466A (en) * | 2011-11-24 | 2012-04-11 | 广东高新兴通信股份有限公司 | Logging-in authentication method for cell phone |
| CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
| CN104735666A (en) * | 2015-03-20 | 2015-06-24 | 普联技术有限公司 | Wireless network authentication method and device |
| WO2016008243A1 (en) * | 2014-07-17 | 2016-01-21 | 小米科技有限责任公司 | Network connection method and apparatus |
| CN108924907A (en) * | 2018-06-22 | 2018-11-30 | 四川斐讯信息技术有限公司 | A kind of fast access method of wireless network, system and for net equipment |
-
2020
- 2020-04-28 CN CN202010348528.3A patent/CN113573311B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1514570A (en) * | 2002-12-19 | 2004-07-21 | �ͱ�»�ɷ�����˾ | Encrypted key setting system and method, place in point and identifying code setting system |
| CN102413466A (en) * | 2011-11-24 | 2012-04-11 | 广东高新兴通信股份有限公司 | Logging-in authentication method for cell phone |
| CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
| WO2016008243A1 (en) * | 2014-07-17 | 2016-01-21 | 小米科技有限责任公司 | Network connection method and apparatus |
| CN104735666A (en) * | 2015-03-20 | 2015-06-24 | 普联技术有限公司 | Wireless network authentication method and device |
| CN108924907A (en) * | 2018-06-22 | 2018-11-30 | 四川斐讯信息技术有限公司 | A kind of fast access method of wireless network, system and for net equipment |
Non-Patent Citations (3)
| Title |
|---|
| A lightweight identity-based authentication protocol;Ying Li et al.;2013 IEEE International Conference on Signal Processing, Communication and Computing (ICSPCC 2013);20131114;全文 * |
| 一种手机一键登录WiFi网络的便捷上网实现方法;苏光远等;江苏通信;20160615(03);全文 * |
| 基于嵌入式系统的免密码认证的WiFi路由器研制;王帅等;电子世界;20191231(第19期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113573311A (en) | 2021-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| CN110958118B (en) | Certificate authentication management method, device, equipment and computer readable storage medium | |
| CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
| CN107196917B (en) | Service response method and middleware thereof | |
| CN110213760B (en) | Router, mobile terminal, network connection method thereof and storage medium | |
| CN106470145B (en) | Instant messaging method and device | |
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| CN111405036A (en) | Service access method, device, related equipment and computer readable storage medium | |
| CN101902329A (en) | Method and device for single sign on | |
| CN112468409A (en) | Access control method, device, computer equipment and storage medium | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN114301617A (en) | Identity authentication method and device for multi-cloud application gateway, computer equipment and medium | |
| CN110602098B (en) | Identity authentication method, device, equipment and storage medium | |
| CN113573311B (en) | Terminal equipment authentication system and method thereof | |
| CN110798836B (en) | eSIM card terminal equipment switching method and device | |
| CN117240473A (en) | Electronic contract signing method, electronic contract signing device, electronic equipment and storage medium | |
| US10057252B1 (en) | System for secure communications | |
| CN115941217B (en) | Method for secure communication and related products | |
| CN112256760B (en) | Data prediction method and device, computer equipment and storage medium | |
| CN109450887B (en) | Data transmission method, device and system | |
| US10798077B1 (en) | Securely authenticating untrusted operating environments | |
| CN110532742B (en) | Identity authentication method, identity authentication device, secret key equipment and storage medium | |
| US11245698B2 (en) | Registration system and registration method | |
| US10447688B1 (en) | System for secure communications | |
| CN111083143A (en) | Request response method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 530033 plant B of Foxconn Nanning science and Technology Park, No. 51 Tongle Avenue, Jiangnan District, Nanning City, Guangxi Zhuang Autonomous Region Applicant after: Nanning Fulian Fugui Precision Industry Co.,Ltd. Address before: 530007 the Guangxi Zhuang Autonomous Region Nanning hi tech Zone headquarters road 18, China ASEAN enterprise headquarters three phase 5 factory building Applicant before: NANNING FUGUI PRECISION INDUSTRIAL Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |