CN1842000A - Method for realizing access authentication of WLAN - Google Patents

Method for realizing access authentication of WLAN Download PDF

Info

Publication number
CN1842000A
CN1842000A CN 200510059708 CN200510059708A CN1842000A CN 1842000 A CN1842000 A CN 1842000A CN 200510059708 CN200510059708 CN 200510059708 CN 200510059708 A CN200510059708 A CN 200510059708A CN 1842000 A CN1842000 A CN 1842000A
Authority
CN
China
Prior art keywords
authentication
user terminal
mac address
access
point
Prior art date
Application number
CN 200510059708
Other languages
Chinese (zh)
Inventor
高江海
黎静
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN 200510059708 priority Critical patent/CN1842000A/en
Publication of CN1842000A publication Critical patent/CN1842000A/en

Links

Abstract

The invention discloses a method for achieving the switch-in and identifying to the wireless local work, which mainly comprises the following steps: A. establishing the physics connection between the use end and the identifying point; B. the identifying point captures the user end MAC address; C. doing the switch-in identifying to the user end by the MAC address of the identifying end. User can switch-in the WLAN network without user name /keywords when the MAC address is legal; it forbids the illegal MAC address to switch-in the WLAN network.

Description

实现无线局域网接入认证的方法 The method of wireless LAN access authentication

技术领域 FIELD

本发明涉及无线局域网技术领域,更具体的说,本发明涉及一种无线局域网中接入认证的方法。 The present invention relates to the field of wireless LAN technology, and more particularly, the present invention relates to a method for WLAN access authentication.

背景技术 Background technique

由于用户对无线接入速率的要求越来越高,无线局域网(WLAN,WirelessLocal Area Network)应运而生,它能在较小范围内提供高速的无线数据接入。 Since the user's requirements for increasingly high rate of wireless access, wireless local area network (WLAN, WirelessLocal Area Network) came into being, which can provide high-speed wireless data access within a smaller range. 无线局域网包括多种不同技术,目前应用较为广泛的一个技术标准是IEEE802.11b,它采用2.4GHz频段,最高数据传输速率可达11Mbps,使用该频段的还有IEEE 802.11g和蓝牙(Bluetooth)技术,其中,802.11g最高数据传输速率可达54Mbps。 Wireless LAN technologies include a variety of different, widely used at present a technique of the IEEE802.11b standard, which uses the 2.4GHz band, the maximum data transfer rate up to 11Mbps, also the use of the band IEEE 802.11g and Bluetooth (Bluetooth) Technology wherein, 802.11g maximum data transfer rate of up to 54Mbps. 其它新技术诸如IEEE 802.11a和ETSI BRAN Hiperlan2都使用5GHz频段,最高传输速率也可达到54Mbps。 Other new technologies, such as IEEE 802.11a and ETSI BRAN Hiperlan2 uses 5GHz frequency band, the maximum transfer rate up to 54Mbps.

目前对于WLAN网络的接入认证,最常用的方法是基于用户名/密码进行认证,该方案的原理是用户在需要开通WLAN业务时,在运营商的认证服务器(通常是AAA服务器)里面开设一个帐户,获取一个用户名和密码。 Currently access authentication for WLAN networks, the most commonly used method is to authenticate based on username / password, the principle of the program is that users need to open WLAN service when, in the operator's authentication server (usually AAA server) inside opened a account, obtain a user name and password. 例如一个普通的用户名:wlan@163.com;密码为:12345。 For example, a common user name: wlan@163.com; password: 12345. 在用户需要接入到WLAN网络时,需要输入自己的用户名和密码,然后由认证点AP将该用户的用户名和密码通过RADIUS认证协议传送给认证服务器,由认证服务器进行用户名和密码认证。 When the user needs to access the WLAN network, enter their username and password, then the authentication point AP transmits to the authentication server the user name and password by the RADIUS authentication protocol, user name and password for authentication by the authentication server.

具体参考图1所示,该图是现有技术基于用户名和密码进行802.1X接入认证的处理流程图,主要包括如下步骤: With particular reference to FIG. 1, which is a process flow diagram for the prior art 802.1X access authentication based on the user name and password, mainly comprising the steps of:

1.用户在接入WLAN网络之前,需要先在认证服务器(通常即AAA服务器)中进行开户,获得自己的用户名和密码,AAA和用户终端STA都保存有用户的用户名和密码。 1. The user needs to open an account on the authentication server (AAA server i.e. typically) before access to the WLAN network, to obtain his user name and password, and the user terminal STA AAA are stored the user's username and password. 该用户名假设为wlan@163.com;密码假设为12345;2.用户终端STA和认证点AP之间建立物理连接;3.用户终端STA向认证点AP发送EAPoL-Start报文,开始进行802.1x的过程;4.认证点AP向用户终端STA发送EAP-Request/Identity报文,要求用户终端STA将用户身份标识送上来;5.用户终端STA将自己的用户身份标识通过EAP-Response/Identity报文发送给认证点AP,该报文里包含了用户在AAA服务器中开户获取的用户名wlan@163.com;6.认证点AP随机产生一个16字节的随机数Challenge1;7.认证点AP向用户终端STA发送EAP-Request/MD5-Challenge报文,带上产生的随机数Challenge1;8.用户终端STA在接收到EAP-Request/MD5-Challenge报文后,解析出其中的随机数Challenge1,然后和密码一道进行加密,得到新的密码Key1后,用户终端STA向认证点AP发送EAP-Response/MD5-Challenge报文,里面带上经过加密后的密码Key1;9.认证点AP通过Radius协议的 The user name is assumed to be wlan@163.com; password is assumed to be 12345; 2. physical connection is established between the user and the authentication terminal STA point AP;. 3 transmits the user terminal STA EAPoL-Start packet to the authentication point AP, starts 802.1 x process; 4 authentication point AP sends EAP-Request / identity packet to the user terminal STA, requires the user terminal STA user identity sent to; 5. the user terminal STA will own user identity presented by the EAP-Response / identity message to the authentication point AP, the packet contains the user name of the user account in the AAA server acquired wlan@163.com;. 6 certification point AP randomly generates a 16-byte random number Challenge1;. 7 point certification AP sends EAP-Request / MD5-Challenge message to the user terminal STA, a random number generated Challenge1 tape; 8 user terminal STA after receiving the EAP-Request / MD5-Challenge packet, parses wherein the random number Challenge1 , a password, and then encrypts the new password Key1 obtained, the user terminal STA sends EAP-Response / MD5-Challenge message to the authentication point (AP), after which bring Key1 encrypted password; 9 point AP through the Radius authentication agreement Access-Request报文,向认证服务器(AAA服务器)发起认证请求;报文里含有随机数Challenge1和加密后的密码Key1;10.认证服务器在接收到AP发送过来的Access-Request报文后,解析出其中携带的随机数Challenge1和密码Key1;认证服务器利用和用户终端STA一样的方式将获得的Challenge1和自己保存的用户的密码进行加密,得到加密后的密码Key2;然后将Key1和Key2进行比较,如果一致,认证通过,认证服务器向认证点AP发送Access-Accept报文,如果不一致,认证未通过,认证服务器则向认证点AP发送Access-Reject报文; Access-Request message, initiates an authentication request to the authentication server (AAA server); the message contains the password Key1 the random number Challenge1 and encryption; 10 authentication server after receiving the AP transmitted over the Access-Request packet, parses a state in which a random number carried Challenge1 and password Key1; Challenge1 authentication server using the user terminal STA same way obtained and their stored user password encrypted, to obtain the encrypted password Key2; then Key1 and Key2 compared, If yes, the authentication, the authentication server sends the authentication point AP Access-Accept message, if not, authentication is failed, the authentication server sends Access-Reject packet to the authentication point the AP;

11.认证点AP如果接收到Access-Accept报文,则向用户终端STA发送EAP-Success报文,通知用户终端STA认证成功;如果接收到Access-Reject报文,则向用户终端STA发送EAP-Failure报文,通知用户终端STA认证失败。 11. If the received authentication point AP Access-Accept message is sent to the user terminal STA EAP-Success message, informing the user terminal STA successful authentication; if the received Access-Reject packet is sent to the user terminal STA EAP- failure message, informing the user terminal STA authentication fails.

上述现有基于用户名/密码进行接入认证的方法虽然可实现对用户的接入认证,但由于用户每次接入到WLAN网络时都需要用户输入自己的用户名/密码,操作繁琐,用户使用起来并不方便;另外,对于某些没有接口输入用户名和密码的用户终端该方法无法实现接入认证。 The above-described conventional method for performing access authentication based on username / password access authentication can be achieved while the user, but due to the WLAN access network every time the user requires the user to enter their username / password, complicated operation, the user not convenient; in addition, there is no interface for certain user name and password of the user terminal access authentication method can not be achieved.

发明内容 SUMMARY

本发明解决的技术问题是提供一种方便用户接入无线局域网的接入认证方法,以简化用户的输入操作。 The present invention solves the technical problem is to provide a user-friendly access to the wireless LAN access authentication method in order to simplify the user's input operation.

为解决上述问题,本发明实现无线局域网接入认证的方法,所述的无线局域网包括用户终端、认证点和认证服务器,包括如下步骤:A、用户终端与认证点建立物理连接;B、认证点获取用户终端的MAC地址;C、通过所述的认证点以所述的MAC地址对所述的用户终端进行接入认证。 To solve the above problems, the present invention is to realize a method of wireless LAN access authentication, the wireless local area network includes a user terminal, an authentication point and the authentication server, comprising the steps of: A, the user terminal and the authentication point physical connection is established; B, point certification obtaining a MAC address of the user terminal; C, by the authentication point to the user terminal MAC address of the access authentication.

可选的,认证点配置有各个用户终端的MAC地址,步骤C包括:认证点根据所述获取的用户终端的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过。 Alternatively, the authentication point is configured with the MAC address of each user terminal, step C comprising: authenticating the authentication point MAC address of a user terminal according to the acquired MAC address if said valid, the user terminal authentication.

可选的,认证服务器配置有用户终端的MAC地址,步骤C包括:C1、认证点向认证服务器发送包含用户终端MAC地址的接入请求消息发起接入认证;C2、认证服务器解析出所述的MAC地址并根据所述的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过,向认证点返回接入接受消息。 Alternatively, the authentication server is configured with a MAC address of the user terminal, step C comprises: C1, the authentication comprising transmitting the access point MAC address of the user terminal initiates an access authentication request message to the authentication server; C2, the authentication server according to the parsed the MAC address and MAC address of the authentication, if the MAC address valid, the user terminal authentication, returns an access accept message to the authentication point.

可选的,以一个网络服务标识SSID标识用户终端以MAC地址进行接入认证,步骤C1之前还包括:认证点根据SSID判断是否对所述的用户终端以MAC地址进行接入认证,若检测到所述的SSID,则判断为是,并在判断为是后执行步骤C1。 Alternatively, a network service identifier SSID to identify the user terminal MAC address to the access authentication, prior to step C1 further comprises: determining whether the authentication point SSID according to the user terminal MAC address to the access authentication, if it is detected the SSID, your judgment is YES, and it is determined after the step C1.

可选的,以域标识属于该域的用户终端以MAC地址进行接入认证,步骤C2之前还包括:认证服务器根据用户终端的域判断是否对所述的用户终端以MAC地址进行接入认证,若用户终端属于所述的以MAC地址进行接入认证的域,则判断为是,并在判断为是后执行步骤C2。 Alternatively, a user belonging to the domain of the domain identifier to the MAC address of the terminal access authentication, prior to the step C2 further comprises: if an authentication server to the user terminal MAC address domain access authentication is determined according to the user terminal, If the user domain MAC address of the terminal belongs to the access authentication is performed, it is determined that the determination is yes and after in step C2.

可选的,预设用户终端接入认证的用户名和密码,用户终端首次接入认证在执行步骤C1之前还包括:用户终端发起用户名和密码认证,认证通过后认证服务器获取并配置所述的用户终端的MAC地址。 Alternatively, the user terminal preset access authentication user name and password, the user terminal first access authentication before performing step C1 further comprising: a user terminal initiating user name and password authentication, the authentication server after the authentication of the user to obtain and configure MAC address of the terminal.

其中,步骤A包括:用户终端向认证点发送探测请求消息;认证点向用户终端返回探测响应消息;用户终端向认证点发送认证请求消息;认证点向用户终端返回认证响应消息;用户终端向认证点发送连接请求消息;认证点与用户终端建立物理连接,向用户终端返回连接响应消息。 Wherein Step A comprises: the user terminal sends the authentication point probe request message; authentication point returns a probe response message to the user terminal; a user terminal a request message to the authentication node sends authentication; authentication point returns an authentication response message to the user terminal; user terminal to the authentication point transmits a connection request message; authentication node and the user terminal establishes a physical connection to the user terminal returns a connection response message.

其中,所述的认证服务器是认证、授权、计费服务器与现有技术相比,本发明具有以下优点:首先,本发明基于用户终端设备的MAC地址进行接入认证,对于合法的MAC地址,用户在开机后不需要用户输入用户名/密码,就可以接入到WLAN网络,对于非法的MAC地址,则禁止该用户接入到WLAN网络中,从而可以安全方便的实现用户接入到WLAN网络;其次,本发明还解决了某些用户终端设备没有接口输入用户名/密码的情况下的WLAN网络的接入认证,如WLAN手机没有接口输入用户名/密码,在这种情况下,通过MAC地址的认证可以很好的保证用户接入到WLAN网路中。 Wherein the authentication server is an authentication, authorization and accounting server compared to the prior art, the present invention has the following advantages: First, the present invention is based on the MAC address of the access authentication of the user terminal device, the MAC address for the legal, after the user no user input start user name / password can access the WLAN network, the MAC address for the illegal, the user is blocked access to the WLAN network, which can realize safe and convenient user access to the WLAN network ; secondly, the present invention also solves the access authentication of the WLAN network interface input without the user name / password case of certain user terminal device, such as a mobile phone without WLAN interface to enter a username / password, in this case, the MAC certification addresses can guarantee a good user access to the WLAN network.

附图说明 BRIEF DESCRIPTION

图1是现有技术基于用户名和密码进行无线局域网接入认证的处理流程图;图2是本发明无线局域网接入认证方法应用的网络环境示意图;图3是本发明无线局域网接入认证方法第一实施例的处理流程图;图4是本发明无线局域网接入认证方法第二实施例的处理流程图;图5是本发明无线局域网接入认证方法第三实施例的处理流程图。 FIG. 1 is a process flow diagram for the prior art wireless LAN access authentication based on the user name and password; FIG. 2 is a schematic view of a network environment wireless LAN access authentication method of the present invention; FIG. 3 is a section according to the present invention is a wireless LAN access authentication method a process flow diagram of the embodiment; FIG. 4 is a process flowchart of the wireless LAN access authentication method of the second embodiment of the present invention; FIG. 5 is a flowchart of wireless LAN access authentication method of the third embodiment of the present invention.

具体实施方式 detailed description

本发明的核心在于基于用户终端设备的MAC地址进行接入认证,MAC地址是48位的唯一地址,在网络环境下类似设备的身份证。 The core of the present invention is based on the MAC address of the access authentication of the user terminal device, the MAC address is a unique address 48, similar to the device ID in a network environment. 一般的,MAC地址也叫物理地址、硬件地址或链路地址,由网络设备制造商生产时写在硬件内部。 General, MAC address, also known as a physical address, hardware address or link address, written in the internal hardware when manufactured by network equipment manufacturers. MAC地址在计算机里都是以48位的的二进制表示的,MAC地址的长度为48位(6个字节),通常表示为12个16进制数,每2个16进制数之间用冒号隔开,如:08:00:20:0A:8C:6D就是一个MAC地址,其中前6位16进制数08:00:20代表网络硬件制造商的编号,它由IEEE(电气与电子工程师协会)分配,而后3位16进制数0A:8C:6D代表该制造商所制造的某个网络产品(如网卡)的系列号。 Length, the MAC address of the MAC address in the computer are based on the 48-bit binary representation of 48 bits (6 bytes), usually expressed as a hexadecimal number 12, with between every two hexadecimal separated by a colon, such as: 08: 00: 20: 0A: 8C: 6D is a MAC address, which the first six hexadecimal 08:00:20 on behalf of network hardware manufacturer number, which consists of the IEEE (and Electronics Association of engineers) distribution, then three hexadecimal number 0A: 8C: 6D on behalf of the manufacturer of the product manufactured by a network (such as network cards) serial number. 只要不更改用户终端设备的MAC地址,该用户终端设备的MAC地址在世界是惟一的。 They do not change the user terminal device's MAC address, the user terminal device's MAC address is unique in the world.

参考图2,该图是本发明实现无线局域网接入认证的网络环境图。 Referring to Figure 2, a network environment which is a view of the invention of the wireless LAN access authentication. 本发明应用的WLAN包括:用户终端(Supplicant)1,LAN所连接的一端的实体(Entity),作为认证请求者向认证点(Authenticator)发起请求,对其身份的合法性进行检验;认证点2,响应用户终端1的认证请求,包括两个逻辑端口:受控端口(Controlled Port)21和不受控端口(Uncontrolled Port)22;认证服务器3,是指通过检验用户终端1发送来的身份标识,来判断该请求者是否有权使用认证点2所提供的网络服务。 WLAN applications of the present invention comprises: a user terminal (Supplicant) 1, an end of entities (Entity) LAN is connected, the authentication requestor sends a request to a certification point (the Authenticator), to test the legality of the identity; authentication point 2 response to a user authentication request to the terminal 1, comprises two logical ports: a controlled port (controlled port) 21 and the uncontrolled port (uncontrolled port) 22; authentication server 3 refers to the terminal 1 is transmitted by checking the user identity , to determine whether the requester is entitled to use the second network point of authentication services provided.

通常,要访问局域网/城域网4,首先用户终端1要向认证点2发起认证请求,不受控端口22始终处于双向连通状态,主要用来传递EAPoL协议帧,可保证用户终端1始终可以发出或接受;认证授权时,认证点2的受控端口21才被连通,用于传递网络资源和服务。 Typically, access to the LAN / MAN 4, first, the user authentication terminal point 2 1 To initiate an authentication request, uncontrolled port 22 is always in two-way communication state, mainly used to transmit EAPoL protocol frame can always guarantee the user terminal 1 or the acceptance; the authentication authorization, authentication controlled point 2 was only 21 communication port for transmitting network resources and services.

参考图3,该图是本发明实现无线局域网接入认证的第一实施例示意图。 Referring to Figure 3, which is a schematic view of a first embodiment of the present invention embodiment wireless LAN access authentication.

本实施例在WLAN网络的AP上静态配置有各个用户终端设备的MAC地址表,在用户终端和AP进行802.11b/g/a的连接时,AP会获得用户终端设备的MAC地址,此时AP去查找配置的MAC地址表,如果发现该MAC地址存在,则认为用户终端合法,认证通过,开放对用户终端的控制,允许用户终端进行后续的流程,如申请IP地址,进行上网等。 When the present embodiment on a network the WLAN AP MAC address table static configuration the respective user terminal device, connected 802.11b / g / a in the user terminal and the AP, AP will be the MAC address of the user terminal equipment, then AP configured to find the MAC address table, and if the MAC address is found to exist, the user is considered legitimate terminal, the authentication, release control of the user terminal, the user terminal allows the subsequent processes, such as for IP address for Internet access. 如果不存在,则保持对用户终端的控制;在这种情况下,用户终端如果要使用WLAN网络,可使用其他的认证方式,如基于用户名/密码的接入认证方式,这里不再赘述。 If not, then the user terminal to maintain control; in this case, if the user terminal to use the WLAN network, may use other authentication methods such as authentication based access username / password, it will not be repeated here.

具体处理流程如下:步骤s10,用户终端向认证点发送探测请求消息;步骤s11,认证点向用户终端返回探测响应消息;步骤s12,用户终端向认证点发送认证请求消息;步骤s13,认证点向用户终端返回认证响应消息; Specific process is as follows: Step s10, the user terminal sends a probe request message to an authentication node; step s11, the authentication point returns a probe response message to the user terminal; a step s12, the user terminal a request message to the authentication node sends authentication; step s13, the authentication node to the user terminal returns an authentication response message;

步骤s14,用户终端向认证点发送连接请求消息;步骤s15,认证点与用户终端建立物理连接,向用户终端返回连接响应消息;步骤s16,认证点获取用户终端的MAC地址,根据MAC地址进行认证,如果查找配置的MAC地址表发现该MAC地址存在,则认为用户合法,用户终端认证通过,可继续DHCP等后续流程,否则,认证未通过,采用其他认证方式或直接结束认证。 Step S14, the user terminal sends the authentication point of a connection request message; step S15, the authentication node and the user terminal establishes a physical connection to the user terminal returns a connection response message; step S16, the authentication point to obtain the MAC address of the user terminal, authenticates the MAC address If the MAC address lookup table configured found that the MAC address exists, the user is considered legitimate, the user terminal authentication, the subsequent process can continue as DHCP, otherwise, the authentication fails, the authentication using other authentication information or to end.

参考图4,该图是本发明实现无线局域网接入认证的第二实施例示意图。 Referring to Figure 4, which is a second embodiment of the present invention, wireless LAN access authentication FIG.

上述第一实施例中静态配置的MAC地址表是在AP上实现,在实际使用中,受AP存储容量的限制,AP上配置的数据一般较少,运营存在困难。 The above-described first embodiment statically configured MAC address table is implemented in the AP, in actual use, the storage capacity is limited by AP, the AP configuration data typically less difficult operation. 为此,本实施例配置的MAC地址表数据在认证服务器(AAA服务器)上实现,即在认证服务器(AAA服务器)上配置各个用户终端的MAC地址表,由AP上报用户终端的MAC地址给认证服务器(AAA服务器),由认证服务器(AAA服务器)进行查找比较。 For this purpose, the MAC address table data in the present embodiment is disposed on the authentication server (AAA server) to achieve, i.e., MAC address table of each user terminal on the authentication server (AAA server), reported by the AP to the user terminal MAC address authentication server (AAA server), to find the comparison by the authentication server (AAA server).

具体处理流程如下:在步骤s20-步骤s25与第一实施例步骤s10-s15相同,由用户终端STA和认证点AP建立802.11物理连接。 Specific process is as follows: s25 of the first embodiment at step s10-s15 step s20- same step, establishing authentication by the user terminal STA and AP 802.11 physical connection points.

在步骤s26,认证点AP获取用户终端STA的MAC地址,同时AP根据一定的规则判断用户是否属于MAC地址认证,例如可以根据特定的网络服务标识SSID来判断,即AP支持多个SSID,其中一个SSID用来标识以MAC地址对用户终端进行接入认证,如果属于以MAC地址进行接入认证,则AP构造RADIUS协议的Access-Request认证请求消息到认证服务器(AAA服务器),该消息中的用户名含有用户终端的MAC地址(例如其用户名的格式可以为MAC@DOMAIN)。 In step S26, the authentication point AP STA acquires the MAC address of the user terminal, according to certain rules while the AP determines whether the user belongs to the MAC address authentication, for example, may be determined according to the SSID identifies a particular network service, i.e., the SSID AP supports multiple, where a SSID used to identify the MAC address for the access authentication of the user terminal, if the MAC address belonging to the access authentication, the access-request RADIUS authentication AP configuration protocol request message to the authentication server (AAA server), the user of the message names that contain the MAC address of the user terminal (e.g., user name format may MAC @ DOMAIN).

在步骤s27,认证服务器(AAA服务器)收到用户终端的认证请求消息后,解析出用户名,根据一定的规则判断用户终端是否属于以MAC地址进行认证,例如可以根据域(DOMINA)来判断,在认证服务器里面配置DOMAIN和认证的关系,用特定的DOMAIN来表示属于该DOMAIN的用户终端都是以MAC地址进行接入认证。 After S27, the authentication server (AAA server) the user terminal receives the authentication request message in step parses out the user name, the user terminal determines whether to authenticate MAC addresses, for example, according to the domain (DOMINA) is determined according to certain rules, DOMAIN positional relationship between the authentication server and the authentication inside, with particular represented DOMAIN DOMAIN belonging to the user terminal is the MAC address for access authentication. 如果属于以MAC地址进行接入认证,则认证服务器根据该用户终端的MAC地址查找数据库,进行比较,搜寻匹配的MAC地址,判断该MAC地址是否合法。 If the MAC address belonging to the access authentication, the authentication server looks up the MAC address database of the subscriber terminal, comparing the MAC address matches the search, it is determined that the MAC address is valid. 如果查找到匹配的MAC地址,则该MAC地址合法,认证通过,允许该用户终端接入WLAN网络,向AP发送Access-Accept认证成功消息;否则,向AP发送Access-Reject认证拒绝消息。 If a match of the MAC address, the MAC address is legitimate, authentication, allowing the user terminal to access the WLAN network sends Access-Accept message to the AP authentication success; otherwise, transmitting an authentication failure Access-Reject message to the AP.

参考图5,该图是本发明实现无线局域网接入认证的第三实施例示意图。 Referring to Figure 5, which is a third embodiment of the present invention, wireless LAN access authentication FIG.

上述第二实施例中虽然将MAC地址的配置放在认证服务器(AAA服务器)中进行配置,但是在实际运营中,用户的MAC地址可能会发生改变,这时需要在认证服务器(AAA服务器)中进行增加、删除、修改的操作,增加了运营的困难。 Although the above-described second embodiment, the MAC address on the authentication server (AAA server) is configured, in actual operation, the user may change the MAC address, then the need authentication server (AAA server) add, delete, modify operation, increasing the difficulty of the operation. 为此,本实施例进一步改进,实现认证服务器(AAA服务器)可以自动学习用户终端的MAC地址。 For this reason, the present embodiment is further improved embodiment, for authentication server (AAA server) may automatically learn the user terminal's MAC address.

具体处理流程如下:首先用户到认证服务器(AAA服务器)中开设一个帐户,获取一个用户名和密码,然后开始接入认证,其接入流程步骤s30-36步如背景中现有技术1-7步中描述,这里不再赘述,在步骤s37的认证请求消息中,AP会把用户终端STA的MAC地址送给认证服务器(AAA服务器);在步骤s38,认证服务器(AAA服务器)判断用户的用户名和密码是否合法,如果合法,则认证通过,此时认证服务器(AAA服务器)会自动把用户本次认证中所携带的用户终端的MAC地址加入到自己的数据库中,并且向认证点AP发送认证成功消息Access-Accept,然后在步骤s39,认证点AP通知用户终端STA认证成功,其余后续流程和背景技术中相同,这里不再赘述。 Specific process is as follows: first the user to the authentication server (AAA server) to open an account, obtaining a user name and password, and then begins the access authentication, the access procedure as step s30-36 Step 1-7 Step Background prior art described herein omitted, the authentication request message in step s37, MAC address of AP STA sends the user terminal to the authentication server (AAA server); and a user name at step S38, the authentication server (AAA server) determines the user's password is valid, and if valid, the authentication succeeds, when the authentication server (AAA server) will automatically present the user views the MAC address carried in the authentication of the user terminal is added to its own database, and sends an authentication success to the authentication point AP message Access-Accept, then at step S39, the authentication terminal point AP STA notifies the user authentication is successful, the same subsequent procedure and the rest of the background art, will not be repeated here.

需要说明的是,本实施例中用户下次再接入到WLAN网络中时,由于此时认证服务器(AAA服务器)中已经保存有用户的MAC地址,此时的认证流程和第二实施例相同,认证服务器以MAC地址对用户终端进行接入认证,这里不再赘述。 Incidentally, when the embodiment of the present embodiment next time the user access to the WLAN network, since at this time the authentication server (AAA server) is already stored in the user MAC address, the same authentication process at this time and the second embodiment , the MAC address of the authentication server to authenticate the user for the access terminal, will not be repeated here.

另外,如果用户改变了STA,这样其MAC地址也该变了,用户在第一次接入时MAC地址认证会失败,用户可以通过用户名/密码认证成功,并且同时更新认证服务器(AAA服务器)中保存的MAC地址,下次接入时就可以通过MAC地址进行接入认证。 Further, if the user changes the STA, so that the MAC address is also changed, in the first user access MAC authentication fails, the user through a user name / password authentication is successful, the authentication server and simultaneously updated (AAA server) stored in the MAC address, access authentication can be performed by the MAC address of the next access.

以上所述仅为本发明的优选实施方式,并不构成对本发明保护范围的限定。 The above are only preferred embodiments of the present invention, not to limit the scope of the present invention. 任何在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的权利要求保护范围之内。 Any Any modifications within the spirit and principle of the present invention, equivalent substitutions and improvements should be included within the protection scope claimed in the claims of the present invention.

Claims (8)

1.一种实现无线局域网接入认证的方法,所述的无线局域网包括用户终端、认证点和认证服务器,其特征在于,包括:A、用户终端与认证点建立物理连接;B、认证点获取用户终端的MAC地址;C、通过所述的认证点以所述的MAC地址对所述的用户终端进行接入认证。 1. A method of wireless LAN access authentication, the wireless local area network includes a user terminal, an authentication point and the authentication server, characterized by comprising: A, the user terminal and the authentication point physical connection is established; B, point acquisition authentication MAC address of the user terminal; C, by the authentication point to the user terminal MAC address of the access authentication.
2.根据权利要求1所述的实现无线局域网接入认证的方法,其特征在于,认证点配置有各个用户终端的MAC地址,步骤C包括:认证点根据所述获取的用户终端的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过。 The wireless LAN access authentication method according to claim 1, wherein the authentication point is configured with the MAC address of the respective user terminals, comprising Step C: MAC address of the point of authentication according to the acquired user terminal is authentication, if the MAC address valid, the user terminal authentication.
3.根据权利要求1所述的实现无线局域网接入认证的方法,其特征在于,认证服务器配置有用户终端的MAC地址,步骤C包括:C1、认证点向认证服务器发送包含用户终端MAC地址的接入请求消息发起接入认证;C2、认证服务器解析出所述的MAC地址并根据所述的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过,向认证点返回接入接受消息。 The wireless LAN access authentication method according to claim 1, wherein the authentication server is configured with a MAC address of the user terminal, step C comprises: C1, the authentication comprising transmitting point to the user terminal MAC address authentication server the access request message to initiate an access authentication; C2, the authentication server parses the MAC address and the MAC address of the authentication, if the MAC address valid, the user terminal authentication, returns the access point to the authentication receive messages.
4.根据权利要求3所述的实现无线局域网接入认证的方法,其特征在于,以一个网络服务标识SSID标识用户终端以MAC地址进行接入认证,步骤C1之前还包括:认证点根据SSID判断是否对所述的用户终端以MAC地址进行接入认证,若检测到所述的SSID,则判断为是,并在判断为是后执行步骤C1。 4. The wireless LAN access authentication method according to claim 3, characterized in that a network service identifier SSID to identify the user terminal MAC address to the access authentication, prior to step C1 further comprises: an authentication point is determined according to SSID whether the user terminal to the MAC address of the access authentication, if the detected SSID, your judgment is YES, and it is determined after the step C1.
5.根据权利要求3所述的实现无线局域网接入认证的方法,其特征在于,以域标识属于该域的用户终端以MAC地址进行接入认证,步骤C2之前还包括:认证服务器根据用户终端的域判断是否对所述的用户终端以MAC地址进行接入认证,若用户终端属于所述的以MAC地址进行接入认证的域,则判断为是,并在判断为是后执行步骤C2。 The wireless LAN access authentication method according to claim 3, characterized in that the user belonging to the domain of the domain identifier to the MAC address of the terminal access authentication, prior to the step C2 further comprises: an authentication server according to the user terminal domain determines whether the user terminal MAC address to the access authentication, the user terminal belongs to a domain if the MAC address of the access authentication is performed, it is determined that the determination is yes and after in step C2.
6.根据权利要求3、4或5任一项所述的实现无线局域网接入认证的方法,其特征在于,预设用户终端接入认证的用户名和密码,用户终端首次接入认证在执行步骤C1之前还包括:用户终端发起用户名和密码认证,认证通过后认证服务器获取并配置所述的用户终端的MAC地址。 3, 4 or 6. The method of any one of the wireless LAN access authentication according to any one of claim 5, wherein the predetermined user terminal access authentication user name and password, the user terminal performs initial access authentication in step before C1 further comprising: a user terminal initiating user name and password authentication, after the authentication by the authentication server, and acquires the MAC address of the user terminal.
7.根据权利要求6所述的实现无线局域网接入认证的方法,其特征在于,步骤A包括:用户终端向认证点发送探测请求消息;认证点向用户终端返回探测响应消息;用户终端向认证点发送认证请求消息;认证点向用户终端返回认证响应消息;用户终端向认证点发送连接请求消息;认证点与用户终端建立物理连接,向用户终端返回连接响应消息。 The wireless LAN access authentication method implemented according to claim 6, wherein step A comprises: the user terminal transmits a probe request message to an authentication node; authentication node to the user terminal returns a probe response message; user terminal to the authentication point sending an authentication request message; point of authentication to the user terminal returns an authentication response message; user terminal transmits a connection request message to the authentication node; authentication point and the user terminal establishes a physical connection to the user terminal returns a connection response message.
8.根据权利要求7所述的实现无线局域网接入认证的方法,其特征在于,所述的认证服务器是认证、授权、计费服务器。 8. A wireless LAN access authentication method implemented according to claim 7, wherein said authentication server is an authentication, authorization and accounting server.
CN 200510059708 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN CN1842000A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510059708 CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510059708 CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Publications (1)

Publication Number Publication Date
CN1842000A true CN1842000A (en) 2006-10-04

Family

ID=37030857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510059708 CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Country Status (1)

Country Link
CN (1) CN1842000A (en)

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778385A (en) * 2009-01-14 2010-07-14 北京天昭信息通信系统开发有限责任公司 Distributed multimedia wireless gateway and central base station equipment
CN101860865A (en) * 2009-04-10 2010-10-13 中兴通讯股份有限公司 Method and device for realizing secondary access
CN101217805B (en) 2008-01-21 2011-08-10 中兴通讯股份有限公司 A wireless LAN access control method
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN102404738A (en) * 2010-09-14 2012-04-04 中国移动通信集团山东有限公司 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)
CN102547703A (en) * 2010-12-24 2012-07-04 株式会社泛泰 Mobile terminal, server, and method for providing content information
US8233456B1 (en) 2006-10-16 2012-07-31 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
CN102821439A (en) * 2012-07-18 2012-12-12 中兴通讯股份有限公司 Access method and access device of wireless network
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN102883320A (en) * 2012-09-18 2013-01-16 东莞宇龙通信科技有限公司 WiFi (Wireless Fidelity) authentication method and system thereof
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN103119974A (en) * 2010-09-24 2013-05-22 英特尔公司 System and method for maintaining privacy in a wireless network
CN103139775A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Access method of wireless local area network (WLAN), access device of WLAN and access system of WLAN
CN103260159A (en) * 2012-02-20 2013-08-21 宇龙计算机通信科技(深圳)有限公司 Identity identifying method and identity identifying system
US8619623B2 (en) 2006-08-08 2013-12-31 Marvell World Trade Ltd. Ad-hoc simple configuration
US8628420B2 (en) 2007-07-03 2014-01-14 Marvell World Trade Ltd. Location aware ad-hoc gaming
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN103765855A (en) * 2013-09-13 2014-04-30 华为终端有限公司 Processing method of wireless network equipment, wireless network equipment and processor
US8732315B2 (en) 2006-10-16 2014-05-20 Marvell International Ltd. Automatic ad-hoc network creation and coalescing using WiFi protected setup
CN104067671A (en) * 2012-01-25 2014-09-24 高通股份有限公司 Method and apparatus for automatic service discovery and connectivity
CN104349322A (en) * 2013-08-01 2015-02-11 杭州华三通信技术有限公司 Device for detecting faker in wireless local area network and method thereof
CN104394178A (en) * 2014-12-18 2015-03-04 上海市共进通信技术有限公司 System and method for realizing rapid access control on wireless local area network
CN104410988A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Wireless local area network operating state monitoring system
CN104486763A (en) * 2014-12-25 2015-04-01 北京海尔广科数字技术有限公司 Wireless access equipment and method for realizing contact type authentication
CN104796894A (en) * 2014-01-22 2015-07-22 海尔集团公司 Configuration information transmission method and equipment
CN104917775A (en) * 2015-06-17 2015-09-16 北京汇为永兴科技有限公司 Internet access method
CN105007579A (en) * 2014-04-24 2015-10-28 中国移动通信集团广东有限公司 Wireless local area network access authentication method and terminal
CN105246073A (en) * 2015-08-28 2016-01-13 深圳市信锐网科技术有限公司 Wireless network access authentication method and server
CN105391720A (en) * 2015-11-20 2016-03-09 北京那个网络科技有限公司 User terminal login method and device
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
US9308455B1 (en) 2006-10-25 2016-04-12 Marvell International Ltd. System and method for gaming in an ad-hoc network
CN105516976A (en) * 2015-11-26 2016-04-20 苏州集联微电子科技有限公司 Method for authorizing wireless equipment to access Internet without password
CN105828454A (en) * 2015-07-28 2016-08-03 维沃移动通信有限公司 Method for connecting network, device and WiFi routing equipment
CN106161147A (en) * 2015-03-31 2016-11-23 腾讯科技(深圳)有限公司 Set up the method and device that network connects
CN106534117A (en) * 2016-11-10 2017-03-22 杭州华三通信技术有限公司 Authentication method and apparatus
US9705883B2 (en) 2012-11-15 2017-07-11 Zte Corporation Communications terminal and system and rights management method
CN105208554B (en) * 2014-06-12 2019-03-05 四川长虹电器股份有限公司 A kind of method, system and equipment realizing zigbee terminal device and networking

Cited By (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9019866B2 (en) 2006-08-08 2015-04-28 Marvell World Trade Ltd. Ad-hoc simple configuration
US8619623B2 (en) 2006-08-08 2013-12-31 Marvell World Trade Ltd. Ad-hoc simple configuration
US9374785B1 (en) 2006-10-16 2016-06-21 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
US9444874B2 (en) 2006-10-16 2016-09-13 Marvell International Ltd. Automatic Ad-Hoc network creation and coalescing using WPS
US8732315B2 (en) 2006-10-16 2014-05-20 Marvell International Ltd. Automatic ad-hoc network creation and coalescing using WiFi protected setup
US8233456B1 (en) 2006-10-16 2012-07-31 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
US9308455B1 (en) 2006-10-25 2016-04-12 Marvell International Ltd. System and method for gaming in an ad-hoc network
US8628420B2 (en) 2007-07-03 2014-01-14 Marvell World Trade Ltd. Location aware ad-hoc gaming
CN101217805B (en) 2008-01-21 2011-08-10 中兴通讯股份有限公司 A wireless LAN access control method
CN101778385A (en) * 2009-01-14 2010-07-14 北京天昭信息通信系统开发有限责任公司 Distributed multimedia wireless gateway and central base station equipment
CN101860865A (en) * 2009-04-10 2010-10-13 中兴通讯股份有限公司 Method and device for realizing secondary access
CN102404738A (en) * 2010-09-14 2012-04-04 中国移动通信集团山东有限公司 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)
CN102404738B (en) * 2010-09-14 2014-01-08 中国移动通信集团山东有限公司 Method, system and authentication server for being switched in and retreating from wireless local area network (WLAN)
CN103119974B (en) * 2010-09-24 2016-08-03 英特尔公司 For safeguarding the system and method for the privacy in wireless network
CN103119974A (en) * 2010-09-24 2013-05-22 英特尔公司 System and method for maintaining privacy in a wireless network
CN102547703A (en) * 2010-12-24 2012-07-04 株式会社泛泰 Mobile terminal, server, and method for providing content information
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
WO2012171184A1 (en) * 2011-06-15 2012-12-20 华为技术有限公司 Wireless local area network authentication method based on media access control address and device thereof
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 Wlan authentication method based on MAC address and device thereof
CN102204307B (en) * 2011-06-15 2014-04-16 华为技术有限公司 WLAN authentication method based on MAC address and device thereof
CN102348209B (en) * 2011-09-23 2014-12-24 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN103139775A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Access method of wireless local area network (WLAN), access device of WLAN and access system of WLAN
CN103139775B (en) * 2011-12-02 2015-12-02 中国移动通信集团上海有限公司 A kind of WLAN cut-in method, Apparatus and system
CN104067671B (en) * 2012-01-25 2018-07-03 高通股份有限公司 For automated service discovery and the method and apparatus of connection
CN104067671A (en) * 2012-01-25 2014-09-24 高通股份有限公司 Method and apparatus for automatic service discovery and connectivity
CN103260159B (en) * 2012-02-20 2016-08-24 宇龙计算机通信科技(深圳)有限公司 Personal identification method and system
CN103260159A (en) * 2012-02-20 2013-08-21 宇龙计算机通信科技(深圳)有限公司 Identity identifying method and identity identifying system
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
CN102821439A (en) * 2012-07-18 2012-12-12 中兴通讯股份有限公司 Access method and access device of wireless network
CN103634270B (en) * 2012-08-21 2017-06-16 中国电信股份有限公司 Recognize method, system and the access point authentication server of access point legitimacy
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN102883320B (en) * 2012-09-18 2017-03-15 东莞宇龙通信科技有限公司 WiFi method for authenticating and its system
CN102883320A (en) * 2012-09-18 2013-01-16 东莞宇龙通信科技有限公司 WiFi (Wireless Fidelity) authentication method and system thereof
CN102857517B (en) * 2012-09-29 2015-12-09 华为技术有限公司 Authentication method, Broadband Remote Access Server and certificate server
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
CN103716795B (en) * 2012-10-09 2018-04-06 中兴通讯股份有限公司 A kind of wireless network safety access method, device and system
US9705883B2 (en) 2012-11-15 2017-07-11 Zte Corporation Communications terminal and system and rights management method
CN102984173B (en) * 2012-12-13 2017-02-22 迈普通信技术股份有限公司 Network access control method and system
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN104349322A (en) * 2013-08-01 2015-02-11 杭州华三通信技术有限公司 Device for detecting faker in wireless local area network and method thereof
CN104349322B (en) * 2013-08-01 2018-06-12 新华三技术有限公司 A kind of device and method that personator is detected in Wireless LAN
US9503896B2 (en) 2013-09-13 2016-11-22 Huawei Device Co., Ltd. Processing method of wireless network device, wireless network device, and processor of wireless network device
WO2015035620A1 (en) * 2013-09-13 2015-03-19 华为终端有限公司 Processing method of wireless network equipment, wireless network equipment and processor thereof
CN103765855A (en) * 2013-09-13 2014-04-30 华为终端有限公司 Processing method of wireless network equipment, wireless network equipment and processor
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN103731425B (en) * 2013-12-31 2016-08-24 迈普通信技术股份有限公司 Network wireless terminal connection control method and system
CN104796894A (en) * 2014-01-22 2015-07-22 海尔集团公司 Configuration information transmission method and equipment
CN105007579A (en) * 2014-04-24 2015-10-28 中国移动通信集团广东有限公司 Wireless local area network access authentication method and terminal
CN105007579B (en) * 2014-04-24 2019-03-15 中国移动通信集团广东有限公司 A kind of access authentication of WLAN method and terminal
CN105208554B (en) * 2014-06-12 2019-03-05 四川长虹电器股份有限公司 A kind of method, system and equipment realizing zigbee terminal device and networking
CN104410988A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Wireless local area network operating state monitoring system
CN104394178A (en) * 2014-12-18 2015-03-04 上海市共进通信技术有限公司 System and method for realizing rapid access control on wireless local area network
CN104486763A (en) * 2014-12-25 2015-04-01 北京海尔广科数字技术有限公司 Wireless access equipment and method for realizing contact type authentication
CN106161147B (en) * 2015-03-31 2019-08-06 腾讯科技(深圳)有限公司 Establish the method and device of network connection
CN106161147A (en) * 2015-03-31 2016-11-23 腾讯科技(深圳)有限公司 Set up the method and device that network connects
CN104917775A (en) * 2015-06-17 2015-09-16 北京汇为永兴科技有限公司 Internet access method
CN105828454B (en) * 2015-07-28 2019-07-26 维沃移动通信有限公司 A kind of method, apparatus connecting network and a kind of WIFI routing device
CN105828454A (en) * 2015-07-28 2016-08-03 维沃移动通信有限公司 Method for connecting network, device and WiFi routing equipment
CN105246073B (en) * 2015-08-28 2019-06-21 深圳市信锐网科技术有限公司 The access authentication method and server of wireless network
CN105246073A (en) * 2015-08-28 2016-01-13 深圳市信锐网科技术有限公司 Wireless network access authentication method and server
CN105391720A (en) * 2015-11-20 2016-03-09 北京那个网络科技有限公司 User terminal login method and device
CN105516976A (en) * 2015-11-26 2016-04-20 苏州集联微电子科技有限公司 Method for authorizing wireless equipment to access Internet without password
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
CN105450652B (en) * 2015-12-03 2018-06-15 迈普通信技术股份有限公司 A kind of authentication method, apparatus and system
CN106534117A (en) * 2016-11-10 2017-03-22 杭州华三通信技术有限公司 Authentication method and apparatus

Similar Documents

Publication Publication Date Title
Congdon et al. IEEE 802.1 X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines.
Koien et al. Security aspects of 3G-WLAN interworking
KR101054202B1 (en) Secure authentication and key management within infrastructure-based wireless multihop networks
DE102006038591B4 (en) Method and device for providing a wireless mesh network
US7339915B2 (en) Virtual LAN override in a multiple BSSID mode of operation
DE60223951T2 (en) System, apparatus and method for SIM based authentication and encryption when accessing a wireless local area network
TWI376905B (en) Key generation in a communication system
US8565131B2 (en) Communication device and communication method
EP2052487B1 (en) Method and arrangement for providing a wireless mesh network
US8787572B1 (en) Enhanced association for access points
US8272036B2 (en) Dynamic authentication in secured wireless networks
JP4801147B2 (en) Method, system, network node and computer program for delivering a certificate
US8621201B2 (en) Short authentication procedure in wireless data communications networks
CN101621801B (en) Method, system, server and terminal for authenticating wireless local area network
CN101371550B (en) Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service
US7542572B2 (en) Method for securely and automatically configuring access points
CN1663168B (en) Transitive authentication, authorization and accounting in matching between access networks
AU2003290841B2 (en) A method for fast, secure 802.11 re-association without additional authentication, accounting, and authorization infrastructure
US7594113B2 (en) Identification information protection method in WLAN inter-working
JP4613969B2 (en) Communication apparatus and communication method
CN1925679B (en) Authentication method for fast handover in a wireless local area network
US20130047218A1 (en) Wireless device authentication between different networks
US7181530B1 (en) Rogue AP detection
CN1191696C (en) Sefe access of movable terminal in radio local area network an secrete data communication method in radio link
US7082535B1 (en) System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C02 Deemed withdrawal of patent application after publication (patent law 2001)