WO2014166270A1 - Méthode d'authentification de demande, point d'accès, station de service, et système de communication - Google Patents

Méthode d'authentification de demande, point d'accès, station de service, et système de communication Download PDF

Info

Publication number
WO2014166270A1
WO2014166270A1 PCT/CN2013/088715 CN2013088715W WO2014166270A1 WO 2014166270 A1 WO2014166270 A1 WO 2014166270A1 CN 2013088715 W CN2013088715 W CN 2013088715W WO 2014166270 A1 WO2014166270 A1 WO 2014166270A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
access point
site
authentication
request information
Prior art date
Application number
PCT/CN2013/088715
Other languages
English (en)
Chinese (zh)
Inventor
杨浔
陶源
赵牧
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014166270A1 publication Critical patent/WO2014166270A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • Embodiments of the present invention relate to a wireless communication technology, and in particular, to a request authentication method, apparatus, and system. Background technique
  • the basic service set includes an access point (AP) and at least one station (Station, STA), when the site includes a functional service site such as a projector or a printer, and the service site Once the associated authentication relationship with the access point has been established, services can be provided to other sites through the access point.
  • AP access point
  • STA station
  • AP access point
  • STA station
  • the site includes a functional service site such as a projector or a printer
  • the access point can select a service site for the site from which it can provide services from its associated service site. Since the access point can only select the service site from the associated service site for the site that needs to be serviced, in order to ensure that the site can obtain the service in time, each service site needs to maintain an association authentication relationship with the access point.
  • a first aspect of the embodiments of the present invention provides a method for requesting authentication, including:
  • the access point receives the service requirement information, where the service requirement information carries a service identifier, where the service identifier is identifier information of a service required by the site that needs to be served;
  • the access point selects a target service site that can provide a service corresponding to the service identifier; and performs authentication between the access point and the target service site.
  • performing authentication between the access point and the target service site includes: The access point sends the service request information to the target service site, where the service request information carries the service identifier, where the service request information is used by the target service site to determine whether the service identifier is provided. The ability of the corresponding service;
  • the access point sends, according to the service request success information, authentication request information to the target service station, where the authentication request information is used for authentication between the target service site and the access point.
  • performing authentication between the access point and the target service site includes:
  • the authentication between the access point and the target service site includes:
  • the access point sends the service request information to the target service site, where the service request information carries the service identifier, where the service request information is used by the target service site to determine whether the service identifier is provided.
  • the ability of the corresponding service
  • the access point receives the authentication request information sent by the target service site within a preset time, the access point performs authentication with the target service site, and the authentication request information is used by the target service site according to the The service request information is sent to the access point after having the capability to provide the service corresponding to the service identifier.
  • the method further includes:
  • the access point If the access point does not receive the authentication request information sent by the target service station within the preset time, the access point resends the service request information to the target service station.
  • the access point selecting, by the access point, the target service site that can provide the service corresponding to the service identifier includes: Incoming point selection can provide the service corresponding to the service identifier, and is in working time The service site within the segment acts as the target service site.
  • a second aspect of the embodiments of the present invention provides a method for requesting authentication, including:
  • the service station receives the service request information sent by the access point, where the service request information carries the capability of the service corresponding to the service identifier, where the service identifier is the service demand information sent by the access point from the site that needs to be served. Obtained in
  • a third aspect of the embodiments of the present invention provides a method for requesting authentication, including:
  • the service station receives the authentication request information that is sent by the access point and carries the service identifier, where the service identifier is obtained by the access point from the service requirement information sent by the site that needs to be served; After the service identifier determines the capability of providing the service corresponding to the service identifier, the service identifier is authenticated according to the authentication request information and the access point.
  • a fourth aspect of the embodiments of the present invention provides a method for requesting authentication, including:
  • the service station receives the service request information sent by the access point, where the service request information carries the capability of the service corresponding to the service identifier, where the service identifier is the service demand information sent by the access point from the site that needs to be served. Obtained in
  • the service station After the service station determines, according to the service request information, the capability of providing the service corresponding to the service identifier, the service station sends the authentication request information to the access point, where the authentication request information is used for the service site and the service site. Authenticate between access points.
  • a fifth aspect of the embodiments of the present invention provides an access point, including:
  • a receiving unit configured to receive service requirement information, where the service requirement information carries a service identifier, where the service identifier is identifier information of a service required by a station that needs to be served;
  • a selection unit configured to select a target service site that can provide a service corresponding to the service identifier
  • an authentication unit configured to perform authentication with the target service site.
  • the authentication unit is also used to:
  • the service request success information is sent to the target service site for authentication request information, where the authentication request information is used for authentication between the target service site and the access point.
  • the authentication unit is further configured to:
  • the authentication request information carrying the service identifier is sent to the target service site, and the capability of the service is subsequently authenticated with the access point.
  • the authentication unit is further configured to:
  • the service request information carries the service identifier
  • the service request information is used by the target service site to determine whether the service has the capability of providing the service identifier
  • the ability to provide a service corresponding to the service identifier is then sent to the access point.
  • the authenticating unit is further configured to:
  • the service request information is resent to the target service station.
  • the selecting unit is further configured to:
  • a service site that can provide the service corresponding to the service identifier and is in a valid working period is selected as the target service site.
  • a sixth aspect of the embodiments of the present invention provides a service site, including: a receiving unit, configured to receive service request information sent by the access point, where the service request information carries a service identifier, where the service request information is used by the service station to determine whether the service corresponding to the service identifier is provided Capability, the service identifier is obtained by the access point from service demand information sent by a site that needs to be served;
  • a sending unit configured to return, according to the service request information, the service request success information to the access point after determining the capability of providing the service corresponding to the service identifier
  • An authentication unit configured to receive, by the access point, authentication request information sent to the service site according to the service request success information, where the authentication request information is used between the service site and the access point Certify.
  • a seventh aspect of the embodiments of the present invention provides a service site, including:
  • a receiving unit configured to receive, by the access point, the authentication request information that carries the service identifier, where the service identifier is obtained by the access point from the service requirement information sent by the site that needs to be served;
  • an authentication unit configured to perform authentication according to the service request identifier and the access point according to the service identifier, after the capability of providing the service corresponding to the service identifier is determined.
  • An eighth aspect of the embodiments of the present invention provides a service site, including:
  • a receiving unit configured to receive service request information sent by the access point, where the service request information carries a service identifier, where the service request information is used by the service station to determine whether the service corresponding to the service identifier is provided Capability, the service identifier is obtained by the access point from service demand information sent by a site that needs to be served;
  • An authentication unit configured to send, according to the service request information, an ability to provide a service corresponding to the service identifier, to send, to the access point, authentication request information, where the authentication request information is used by the service site and the The access points are authenticated.
  • a ninth aspect of the embodiments of the present invention provides a communication system, including the foregoing site to be served, the foregoing access point, and the service site; the site to be served, the access point, and the Communication connection between service sites.
  • the request authentication method, device, and system provided by the embodiment of the present invention receive the service demand information by the access point, and select a target service site that can provide the service corresponding to the service identifier according to the service identifier carried in the service requirement information, and further, the target service site Authenticate between service sites. Since the access point can actively request an association authentication relationship with the service site, the service site no longer needs to be maintained.
  • the association authentication relationship with the access point the service site can cancel the association authentication relationship with the access point after the service is provided, and release the network resources accordingly, thereby improving the utilization of the network resources; Since the service site can only associate with one access point and the service requirements of the site at the same time, establishing or disassociating the authentication relationship with different access points improves the utilization and flexibility of the service site.
  • FIG. 1 is a flowchart of a method for requesting authentication according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another method for requesting authentication according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of still another method for requesting authentication according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of still another method for requesting authentication according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an access point according to an embodiment of the present invention.
  • FIG. 5b is a schematic structural diagram of another access point according to an embodiment of the present disclosure.
  • 6a is a schematic structural diagram of a service site according to an embodiment of the present invention.
  • 6b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • FIG. 7a is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • FIG. 7b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of another service site according to an embodiment of the present disclosure.
  • FIG. 8b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a communication system according to an embodiment of the present invention. detailed description
  • the method for initiating the request authentication by the access point to the service site is introduced in the embodiments of the present invention.
  • the access point can initiate an action of establishing an association authentication relationship with the service site, so the service site no longer needs to remain with the access point. Associate the authentication relationship, after the service is provided, the association relationship with the access point can be canceled, and the network resources are released accordingly, thereby improving Utilization of network resources.
  • the site described in the embodiments of the present invention is a site that needs to use a service, and the service site is a site capable of providing a service.
  • the service site serves the site through the access point.
  • the service site can be a functional device such as a printer or projector.
  • FIG. 1 is a flowchart of a method for requesting authentication according to an embodiment of the present invention. As shown in FIG. 1, the method includes:
  • Step 101 The access point receives the service requirement information.
  • the service requirement information carries a service identifier, and the service identifier is identifier information of a service required by a site that needs to be served.
  • a site when a site needs to use a service, it can send service demand information to the access point.
  • the service requirement information carries the service identifier of the service that the site needs to use.
  • the access point can know which service the site needs to use through the service identifier.
  • the access point can learn the services that each service station can provide through information exchange with each service station connected to the communication; or the service station broadcasts the service broadcast that it can provide to the access point that it can communicate with. Therefore, the access point can learn the services that each service node can provide, and store the information in the access point in the form of the correspondence between the identifier of the service site and the service identifier. The access point is informed by the correspondence that which access service can be provided indirectly by the access point and which service site or services can be provided by the service site.
  • the station can learn information that the access point can provide indirectly by interacting with the access point; or, the access point broadcasts the service that it can provide indirectly to each site within its coverage. Therefore, the service identifier carried in the service requirement information sent by the site to the access point is the identifier information of the service that the access point can provide.
  • the station can communicate with a plurality of access points, the station can first determine which access point or services can provide the required services according to the above method, and then send the service demand information to the access point capable of providing the service.
  • the site may carry the service identifier in the service request information, the authentication request, the association request, or other information that the access point interacts with.
  • Step 102 The access point selects a target service site that can provide a service corresponding to the service identifier. Specifically, the access point searches for the correspondence between the stored service identifier and the identifier of the service site according to the service identifier in the service requirement information. If the access point finds one or more service sites corresponding to the service identifier in the correspondence, the one or more service sites may be respectively used as the target service site.
  • target service site may be one or more, and each target service site is one of the service sites, and is called a "target service site" in order to explicitly represent the object that communicates with the access point.
  • the site knows in advance the service that the access point can provide indirectly. If the site does not know in advance the service that the access point can provide indirectly, the access point may not find the target corresponding to the service identifier. Good service site.
  • the access point if it cannot find the target service site, it can communicate with the site to make the site aware that it cannot provide the service to the site indirectly.
  • Step 103 Perform authentication between the access point and the target service site.
  • the access point and the target service site perform the request for authentication, the following three processes may be implemented, and the specific method for requesting the authentication may use an implementation similar to that in the prior art.
  • the first type is that the service request information is sent by the access point to the target service station, and the service request information carries the service identifier obtained from the service requirement information; the target service station determines whether the service identifier is provided according to the service identifier. Identifying the capability of the corresponding service, if yes, returning the service request success information to the access point, and if not, returning the service request failure information to the access point; if the access point receives the service request success information, Sending the authentication request information to the target service site, and performing the authentication process between the two through the communication interaction between the access point and the target service site; if the access point receives the service request failure information, the subsequent authentication is not required to be initiated. Process.
  • the second method is: sending, by the access point, the authentication request information to the target service site, where the authentication request information carries the service identifier obtained from the service requirement information; after receiving the authentication request information, the target service site uses the The service identifier determines whether it has the ability to improve the service corresponding to the service identifier; if the target service site has the capability of providing the service corresponding to the service identifier, the authentication process between the two is performed through communication interaction with the access point. If the target service site does not have the capability to provide the service corresponding to the service identifier, the information for characterizing the failure is fed back to the access point.
  • the third type is that the service request information is sent by the access point to the target service station, and the service request information carries the service identifier obtained from the service requirement information; the target service station determines whether the service identifier is provided according to the service identifier. The ability to identify the corresponding service, and if so, to the connection The ingress returns the service request success information, and if not, returns the service request failure information to the access point; if the target service station returns the service request success information to the access point, it will continue to send the authentication request information to the access point. Through the communication interaction between the access point and the target service site, the authentication process between the two is performed; if the target service site returns the service request failure information to the access point, the subsequent authentication process is not required to be initiated.
  • an association authentication relationship can be established between the access point and the target service site. Moreover, during the association of the associated authentication relationship, both the access point and the target service site maintain an associated authentication relationship between the two.
  • the request authentication method provided by the embodiment of the present invention receives the service demand information by the access point, and selects a target service site that can provide the service corresponding to the service identifier according to the service identifier carried in the service requirement information, and further, between the target service site and the target service site. Certify. Since the access point can actively request an association authentication relationship with the service site, the service site no longer needs to maintain the association authentication relationship with the access point, and the service site can cancel the connection with the access point after providing the service. Associate the authentication relationship, and release the network resources accordingly, thereby improving the utilization of the network resources.
  • the The method can enable the service station to establish or de-associate the authentication relationship with different access points according to the service requirements of the access point and the site, thereby improving the utilization and flexibility of the service site.
  • FIG. 2 is a flowchart of another method for requesting authentication according to an embodiment of the present invention. As shown in FIG. 2, the method includes:
  • Step 201 The access point receives the service requirement information.
  • Step 202 The access point selects a target service site that can provide a service corresponding to the service identifier. For details, refer to the implementation manner described in step 102.
  • the access point selects a service site that can provide the service corresponding to the service identifier and is in a valid working period as the target service site.
  • each service station can work normally during which time period.
  • the access point queries one or more service sites that can provide the service corresponding to the service identifier After that, it is further determined whether the current time is within the effective working period of these service stations.
  • the access point queries for a service site that is capable of providing the service corresponding to the service identifier and is within the valid working period, it is used as the target service site.
  • the access point queries that there is no service site that can provide the service corresponding to the service identifier and is in the valid working period, but queries the service site that can provide the service corresponding to the service identifier, then the part can provide the service.
  • the site serves as the target service site; or the service site that is capable of providing the service but is not currently in a valid working period, and waits until its effective working time comes, and then uses it as the target service site.
  • the target site cannot be determined.
  • Step 203 The access point sends the service request information to the target service site.
  • the service request information carries the service identifier, and the service request information is specific.
  • the access point may send the service request information to each target service site in the following manner. .
  • the first is that after the access point sends the service request information to a target service site, it will wait to receive the reply from the target service site; if the access point receives the reply from the target service site, it can continue to serve other targets.
  • the station sends the service request information; if the access point does not receive the reply of the target service station after the waiting time exceeds a certain time, the service request information is continuously sent to other target service stations.
  • the second is that after the access point sends the service request information to a target service site, it can continue to send the service request information to other target service stations without waiting for the reply.
  • the third type is that the access point can use the multicast method to send the service request information to each target service station.
  • the access point may stop sending the service request information to other target service stations after receiving a reply from the target service station.
  • the access point may also send the service request information to all target service sites, and select a service site as a final target according to certain screening conditions from one or more target service sites that receive the reply within a certain period of time. Service site.
  • the above screening conditions may be service requirements of a site that needs to be served, for example Service type, time and price, etc.; can also communicate with the target service site and the access point, such as channel conditions, busyness, communication quality, support rate, etc. These parameters are available at the access point and target service. Obtained in the interaction of the site.
  • Step 204 The access point receives the service request success information sent by the target service station.
  • the service request success information is generated by the target service station according to the service request information, and is determined to have the capability of providing the service corresponding to the service identifier.
  • the target service station after receiving the service request information sent by the access point, the target service station needs to determine whether it has the capability of providing the service corresponding to the service identifier according to the service identifier in the service request information.
  • the ability to determine whether the service is provided includes the following aspects: whether the service item is available on the target service site; whether the target service site currently has an associated authentication relationship with other access points; whether the target service site is currently in the Normal working conditions, etc.
  • the judgment criteria are used to measure whether the target service site is capable of providing corresponding services, and can be set as needed.
  • the target service station determines that it has the capability of providing the service corresponding to the service identifier, returns the service request success information to the access point; if the target service site determines that it does not have the capability to provide the service corresponding to the service identifier , the service request failure information is returned to the access point.
  • Step 205 The access point sends the authentication request information to the target service site according to the service request success information.
  • the authentication request information is used for authentication between the target service site and the access point.
  • the access point if the access point receives the service request success information returned by the target service site, the access point sends the authentication request information to the target service site.
  • the purpose of the authentication request information is to authenticate between the target service site and the access point.
  • the method for authenticating between the target service site and the access point may use an implementation similar to that in the prior art.
  • FIG. 3 is a flowchart of still another method for requesting authentication according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
  • Step 301 The access point receives the service requirement information.
  • Step 302 The access point selects a target service site that can provide a service corresponding to the service identifier. For details, refer to the implementation manners described in step 102 or 202.
  • Step 303 The access point sends, to the target service site, authentication request information that carries the service identifier.
  • the authentication request information is used for the target service station to perform authentication with the access point after determining the capability of providing the service corresponding to the service identifier.
  • the access point may directly send the authentication request information to the target service site, and carry the service identifier in the authentication request information.
  • the target service station may determine whether it is capable of providing the service according to the service identifier therein. For the implementation of determining whether the service capability is available, refer to the related content described in step 204.
  • the access point sends the authentication request information. For details, see the method for sending the service request information in step 203.
  • the target service site determines that it has the capability to provide the service, it performs authentication between the two through communication interaction with the access point; if the target service site determines that it does not have the service provided Capability, no authentication between the two.
  • the purpose of the authentication request information is to authenticate between the target service site and the access point.
  • the method for authenticating between the target service site and the access point may use an implementation similar to that in the prior art.
  • FIG. 4 is a flowchart of still another method for requesting authentication according to an embodiment of the present invention. As shown in FIG. 4, the method includes:
  • Step 401 The access point receives the service requirement information.
  • Step 402 The access point selects a target service site that can provide a service corresponding to the service identifier. For details, refer to the implementation described in step 102 or 202.
  • Step 403 The access point sends the service request information to the target service station.
  • the service request information carries the service identifier, and the service request information is specific. For details, refer to the implementation manner described in step 203.
  • Step 404 The service station determines, according to the service request information, that the device has the capability of providing the service corresponding to the service identifier, and sends the authentication request information to the access point.
  • the authentication request information is used for authentication with the service site. Specifically, after receiving the service request information sent by the access point, the target service station needs to determine whether it has the capability of providing the service corresponding to the service identifier according to the service identifier in the service request information.
  • the ability to determine whether the service is provided includes the following aspects: whether the service item is available on the target service site; whether the target service site currently has an associated authentication relationship with other access points; whether the target service site is currently in the Normal working conditions, etc.
  • the judgment criteria are used to measure whether the target service site is capable of providing corresponding services, and can be set as needed.
  • the target service station determines that it has the capability of providing the service corresponding to the service identifier, it returns service request success information to the access point, and sends the authentication request information to the access point. If the target service site determines that it does not have the capability to provide the service corresponding to the service identifier, the service request failure information is returned to the access point, and the authentication request information is not sent to the access point.
  • Step 405 If the access point receives the authentication request information sent by the target service station within a preset time, the access point performs authentication with the target service station.
  • the access point is pre-set with a length of time to represent the maximum time that the access point can wait to receive the authentication request information after sending the service request information to the target service station.
  • the access point determines whether the authentication request information sent by the target service station is received within the preset time.
  • the access point receives the authentication request information within a preset time, the authentication process between the two is performed through communication interaction with the target service site.
  • the purpose of the authentication request information is to authenticate between the target service site and the access point.
  • the method for authenticating between the target service site and the access point may use an implementation similar to that in the prior art.
  • the service request information may be resent to the target service site; or may not be resent. Or send the service request information to other target service sites.
  • FIG. 5a is a schematic structural diagram of an access point according to an embodiment of the present invention. As shown in FIG. 5a, the access point includes: a receiving unit 11, a selecting unit 12, and an authenticating unit 13.
  • the receiving unit 11 is configured to receive service requirement information, where the service requirement information carries a service identifier, where the service identifier is identifier information of a service required by a site that needs to be served;
  • the selecting unit 12 is configured to select a target service site that can provide a service corresponding to the service identifier;
  • the authentication unit 13 is configured to perform authentication with the target service site.
  • the authentication unit 13 is further configured to:
  • the service request success information is sent to the target service site for authentication request information, where the authentication request information is used for authentication between the target service site and the access point.
  • the authentication unit 13 is further configured to:
  • the authentication unit 13 is further configured to:
  • the service request information carries the service identifier
  • the service request information is used by the target service site to determine whether the service has the capability of providing the service identifier
  • the ability to provide a service corresponding to the service identifier is then sent to the access point.
  • the authentication unit 13 is further configured to:
  • the service request information is resent to the target service station.
  • selecting unit 12 is further configured to:
  • a service site that can provide the service corresponding to the service identifier and is in a valid working period is selected as the target service site.
  • FIG. 5b is a schematic structural diagram of another access point according to an embodiment of the present invention.
  • the access point includes: a processor 21, a memory 22, a bus 23, and a communication interface 24.
  • the processor 21, the memory 22 and the communication interface 24 are connected by a bus 23 and communicate with each other.
  • the processor 21 may be a single core or multi-core central processing unit (Central Processing Unit, The CPU), either an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the memory 22 can be a high speed RAM memory or a non-volatile memory, and at least one disk can be stored.
  • the memory 22 is used to store the program 221.
  • the program 221 may include program code, where the program code includes computer operation instructions.
  • the communication interface 24 is configured to receive service requirement information, where the service requirement information carries a service identifier, and the service identifier is identifier information of a service required by a site that needs to be served.
  • the processor 21 runs the program 221 to execute:
  • the method for requesting authentication by the access point provided by the embodiment of the present invention can refer to the operation steps described in the foregoing method embodiment.
  • the access point provided by the embodiment of the present invention receives the service requirement information, and selects a target service site that can provide a service corresponding to the service identifier according to the service identifier carried in the service requirement information, and then performs authentication with the target service site. Since the access point can actively request an association authentication relationship with the service site, the service site no longer needs to maintain the association authentication relationship with the access point, and the service site can cancel the connection with the access point after providing the service. Associate the authentication relationship, and release the network resources accordingly, thereby improving the utilization of the network resources.
  • the The method can enable the service station to establish or de-associate the authentication relationship with different access points according to the service requirements of the access point and the site, thereby improving the utilization and flexibility of the service site.
  • FIG. 6 is a schematic structural diagram of a service site according to an embodiment of the present invention.
  • the service site includes: a receiving unit 31, a sending unit 32, and an authentication unit 33.
  • the receiving unit 31 is configured to receive service request information sent by the access point, where the service request information carries a service identifier, where the service request information is used by the service station to determine whether the service corresponding to the service identifier is provided. Capability, the service identifier is obtained by the access point from service demand information sent by a site that needs to be served;
  • the sending unit 32 is configured to: after determining, according to the service request information, the capability of providing the service corresponding to the service identifier, return service request success information to the access point;
  • the authentication unit 33 is configured to receive authentication request information sent by the access point to the service site according to the service request success information, where the authentication request information is used for authentication with the service site.
  • FIG. 6b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • the service site includes: a processor 41, a memory 42, a bus 43, and a communication interface 44.
  • the processor 41, the memory 42 and the communication interface 44 are connected by a bus 43 and communicate with each other.
  • the processor 41 may be a single core or multi-core central processing unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more integrated systems configured to implement the embodiments of the present invention. Circuit.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the memory 42 can be a high speed RAM memory or a nonvolatile memory.
  • At least one disk is stored in the program.
  • the memory 42 is used to store the program 421.
  • the program 421 may include program code, where the program code includes computer operation instructions.
  • the communication interface 44 is configured to receive the service request information sent by the access point, where the service request information carries a service identifier, where the service request information is used by the service station to determine whether the service corresponding to the service identifier is provided. Capability, the service identifier is obtained by the access point from service demand information sent by a site that needs to be served.
  • the processor 41 runs the program 421 to execute:
  • the service request success information Determining, after determining the capability of providing the service corresponding to the service identifier, the service request success information to the access point according to the service request information; receiving the access point according to the service request success information, to the Authentication request information sent by the service site, where the authentication request information is used for authentication between the service site and the access point.
  • the method for receiving the request authentication by the service site provided by the embodiment of the present invention may refer to the operation steps described in the foregoing method embodiment.
  • the service station receives the service request information sent by the access point, and after determining the capability of providing the service corresponding to the service identifier according to the service request information, the service request is successfully returned to the access point.
  • the service site can cancel the association authentication relationship with the access point after providing the service, and release the network resources accordingly, thereby improving the utilization of network resources; in addition, since the service site is only at the same time
  • the method can be associated with an access point, and the method in the embodiment of the present invention can enable the service station to establish or cancel the association relationship with different access points according to the service requirements of the access point and the site, thereby improving the authentication relationship. Service site utilization and flexibility.
  • FIG. 7a is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • the service site includes: a receiving unit 51 and an authentication unit 52.
  • the receiving unit 51 is configured to receive, by the access point, the authentication request information that carries the service identifier, where the service identifier is obtained by the access point from the service requirement information sent by the site that needs to be served;
  • the authentication unit 52 is configured to perform authentication according to the authentication request information and the access point after determining, according to the service identifier, the capability of providing the service corresponding to the service identifier.
  • FIG. 7b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • the service site includes: a processor 61, a memory 62, a bus 63, and a communication interface 64.
  • the processor 61, the memory 62 and the communication interface 64 are connected by a bus 63 and communicate with each other.
  • the processor 61 may be a single core or multi-core central processing unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more integrated systems configured to implement the embodiments of the present invention. Circuit.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the memory 62 can be a high speed RAM memory or a non-volatile memory, and at least one disk can be stored.
  • the memory 62 is used to store the program 621.
  • the program 421 may include program code, where the program code includes computer operation instructions.
  • the communication interface 64 is configured to receive the authentication request information that is sent by the access point and carries the service identifier, where the service identifier is obtained by the access point from the service requirement information sent by the site that needs to be served.
  • the processor 61 runs the program 621 to execute:
  • the method for receiving the request for authentication by the service site provided by the embodiment of the present invention can be referred to the operation steps described in the foregoing method embodiment.
  • the service station provided by the embodiment of the present invention receives the authentication request information that is sent by the access point and carries the service identifier, and after determining the capability of providing the service corresponding to the service identifier according to the service identifier, according to the authentication request information, The authentication is performed between the access points. Because the access point can actively request to establish an association authentication relationship with the service site, the service site no longer needs to maintain the association authentication relationship with the access point.
  • the service site can be provided.
  • the association relationship between the access point and the access point is cancelled, and the network resources are released accordingly, thereby improving the utilization of the network resources.
  • the service station can only be associated with one access point at the same time. The service requirements of the site, establishing or disassociating authentication relationships with different access points, improve the utilization and flexibility of the service site.
  • FIG. 8 is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • the service site includes: a receiving unit 71 and an authentication unit 72.
  • the receiving unit 71 is configured to receive service request information sent by the access point, where the service request information carries a service identifier, where the service request information is used by the service site to determine whether the service corresponding to the service identifier is provided. Capability, the service identifier is obtained by the access point from service demand information sent by a site that needs to be served;
  • the authentication unit 72 is configured to: after determining, according to the service request information, the capability of providing the service corresponding to the service identifier, send the authentication request information to the access point, where the authentication request information is used for the service site Authenticate between.
  • FIG. 8b is a schematic structural diagram of another service site according to an embodiment of the present invention.
  • the service site includes: a processor 81, a memory 82, a bus 83, and a communication interface 84.
  • the processor 81, the memory 82, and the communication interface 84 are connected by a bus 83 and communicate with each other.
  • the processor 81 may be a single core or multi-core central processing unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more integrated systems configured to implement the embodiments of the present invention. Circuit.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the memory 82 may be a high speed RAM memory or a non-volatile memory, and at least one of the disks may be stored.
  • the memory 82 is used to store the program 821.
  • the program 821 may include program code, where the program code includes computer operation instructions.
  • the communication interface 84 is configured to receive service request information sent by the access point, where the service request information is Carrying a service identifier, where the service request information is used by the service site to determine whether it has the capability of providing a service corresponding to the service identifier, where the service identifier is sent by the access point from a site that needs to be served. Obtained in the service demand information.
  • the processor 81 runs the program 821 to execute:
  • the method for receiving the request authentication by the service site provided by the embodiment of the present invention may refer to the operation steps described in the foregoing method embodiment.
  • the service station receives the service request information sent by the access point, and after determining the capability of providing the service corresponding to the service identifier, according to the service request information, sending the authentication request information to the access point.
  • the authentication request information is used for authentication between the service site and the access point; since the access point can actively request to establish an association authentication relationship with the service site, the service site no longer needs to be maintained and accessed at all times.
  • the association authentication relationship between the points, the service site can cancel the association authentication relationship with the access point after the service is provided, and release the network resources accordingly, thereby improving the utilization of the network resources;
  • the site can only associate with one access point at the same time, and the method in the embodiment of the present invention can enable the service station to establish or de-associate with different access points according to the service requirements of the access point and the site.
  • the authentication relationship improves the utilization and flexibility of the service site.
  • FIG. 9 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system includes a site 1 to be served, an access point 2 as shown in FIG. 5a or 5b, and a service site 3.
  • the service site 3 can be as shown in FIG. 6a or 6b, as shown in FIG. 7a or 7b, and can also be as shown in FIG. 8a or 8b.
  • the method for implementing the request for authentication in the communication system provided by the embodiment of the present invention may be referred to the operation steps described in the foregoing method embodiments.
  • the aforementioned program can be stored in a computer readable storage medium.
  • the program when executed, performs the steps including the foregoing method embodiments; and the foregoing storage medium includes: ROM, RAM, disk or optical disk, and the like, which can store program codes. Medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne une méthode d'authentification de demande, un point d'accès, une station de service et un système de communication. La méthode d'authentification de demande comprend les étapes suivantes : recevoir, par le point d'accès, des informations de demande de service (101) comprenant un identifiant de service en tant qu'informations d'identification du service souhaité par une station à desservir ; sélectionner, par le point d'accès, une station de service cible qui est capable de fournir le service correspondant à l'identifiant de service (102) ; le point d'accès effectuant l'authentification avec la station de service cible (103). Comme le point d'accès peut demander activement d'établir une relation d'authentification de corrélation avec la station de service, la station de service n'a plus besoin de maintenir constamment la relation d'authentification de corrélation avec le point d'accès. La station de service peut annuler la relation d'authentification de corrélation avec le point d'accès après la fourniture du service, et par conséquent libérer cette partie des ressources de réseau, de façon à améliorer le taux d'utilisation des ressources de réseau. De plus, la station de service peut établir ou annuler la relation d'authentification de corrélation avec le point d'accès en fonction de la demande de service du point d'accès et de la station, et le taux d'utilisation et la flexibilité de la station de service peuvent ainsi être améliorés.
PCT/CN2013/088715 2013-04-09 2013-12-06 Méthode d'authentification de demande, point d'accès, station de service, et système de communication WO2014166270A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310120656.2A CN104105094B (zh) 2013-04-09 2013-04-09 请求认证方法、装置及系统
CN201310120656.2 2013-04-09

Publications (1)

Publication Number Publication Date
WO2014166270A1 true WO2014166270A1 (fr) 2014-10-16

Family

ID=51672830

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/088715 WO2014166270A1 (fr) 2013-04-09 2013-12-06 Méthode d'authentification de demande, point d'accès, station de service, et système de communication

Country Status (2)

Country Link
CN (1) CN104105094B (fr)
WO (1) WO2014166270A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3565182B1 (fr) * 2017-01-25 2021-03-03 Huawei Technologies Co., Ltd. Procédé de gestion de découpage de réseau en tranches, et unité de gestion et système
EP3576479A4 (fr) * 2017-02-27 2020-03-04 Huawei Technologies Co., Ltd. Procédé de gestion ainsi qu'unité et système de gestion

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852474A (zh) * 2005-12-20 2006-10-25 华为技术有限公司 一种实现小区多媒体广播业务的方法及系统
CN101277234A (zh) * 2007-03-28 2008-10-01 华为技术有限公司 一种家庭网络及登录方法
CN101753478A (zh) * 2008-12-05 2010-06-23 中国移动通信集团公司 一种分布式电子邮件系统及其服务方法
CN101800817A (zh) * 2009-02-09 2010-08-11 中兴通讯股份有限公司 业务服务实现方法、装置、系统及业务网络

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588580A (zh) * 2009-06-30 2009-11-25 华为技术有限公司 一种用户接入控制方法、家庭基站网关及系统
WO2012054210A1 (fr) * 2010-10-20 2012-04-26 Marvell World Trade Ltd. Recherche de pré-association

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852474A (zh) * 2005-12-20 2006-10-25 华为技术有限公司 一种实现小区多媒体广播业务的方法及系统
CN101277234A (zh) * 2007-03-28 2008-10-01 华为技术有限公司 一种家庭网络及登录方法
CN101753478A (zh) * 2008-12-05 2010-06-23 中国移动通信集团公司 一种分布式电子邮件系统及其服务方法
CN101800817A (zh) * 2009-02-09 2010-08-11 中兴通讯股份有限公司 业务服务实现方法、装置、系统及业务网络

Also Published As

Publication number Publication date
CN104105094B (zh) 2017-08-18
CN104105094A (zh) 2014-10-15

Similar Documents

Publication Publication Date Title
US10069557B2 (en) Communication method and device
CN104104516B (zh) 一种Portal认证方法和设备
CN103746812B (zh) 一种接入认证方法及系统
US11212226B2 (en) Data processing method and apparatus, and device
US9894599B2 (en) Method and apparatus for WLAN initial link setup
JP6671527B2 (ja) 端末デバイスが別の端末デバイスを発見するための方法および装置
US8914867B2 (en) Method and apparatus for redirecting data traffic
TWI415501B (zh) 無線網路系統及其無線閘道器
CN102547701A (zh) 认证方法、无线接入点和认证服务器
US9596209B2 (en) Causing client device to request a new internet protocol address based on a link local address
WO2012000271A1 (fr) Procédé d'accès à un terminal et réseau de communication sans fil
US10517126B2 (en) Communication management and wireless roaming support
US9634917B2 (en) Method and system for detecting use of wrong internet protocol address
CN113612861B (zh) 远程访问方法、系统及计算机可读存储介质
WO2014166270A1 (fr) Méthode d'authentification de demande, point d'accès, station de service, et système de communication
WO2018049655A1 (fr) Procédé, appareil, et système de mise en réseau de dispositifs
WO2016180128A1 (fr) Système de commande à distance, procédé et appareil pour terminal en grappe
CN107995125B (zh) 一种流量调度方法及装置
CN114257634B (zh) 服务器发现方法、装置和存储介质
CN115767635A (zh) 一种通信隧道建立方法及装置
WO2015135278A1 (fr) Procédé et système d'authentification, entité fonctionnelle prose et ue
CN103929504A (zh) 无线局域网络与固网交互中分配用户地址的方法及系统
WO2015062038A1 (fr) Procédé, appareil et système de demande d'association
CN107580325B (zh) Wds连接方法、无线接入点及终端设备
WO2018023213A1 (fr) Procédé de connexion à un réseau et dispositif associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13881787

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13881787

Country of ref document: EP

Kind code of ref document: A1