WO2014201766A1 - Emergency communication method, mobile terminal, authentication server and wireless access point - Google Patents

Emergency communication method, mobile terminal, authentication server and wireless access point Download PDF

Info

Publication number
WO2014201766A1
WO2014201766A1 PCT/CN2013/082324 CN2013082324W WO2014201766A1 WO 2014201766 A1 WO2014201766 A1 WO 2014201766A1 CN 2013082324 W CN2013082324 W CN 2013082324W WO 2014201766 A1 WO2014201766 A1 WO 2014201766A1
Authority
WO
WIPO (PCT)
Prior art keywords
emergency communication
user
access point
message
wireless access
Prior art date
Application number
PCT/CN2013/082324
Other languages
French (fr)
Chinese (zh)
Inventor
张正阳
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014201766A1 publication Critical patent/WO2014201766A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/50Connection management for emergency connections

Definitions

  • the present invention relates to emergency communication technologies, and in particular to an emergency communication method, a mobile terminal, an authentication server, and a wireless access point. Background technique
  • WiFi wireless local area networks
  • WLANs wireless local area networks
  • Patent Application No. CN200310112944.X "An 802. lx Authentication Method” and Patent No. CN200810147953.5, "Chinese Patent Application “Safe Access Method Based on Extended 802.1x Authentication System” .
  • the Chinese patent application No. CN200310112944.X has the following deficiencies:
  • the purpose of the patent is to meet the authentication requirements of multiple users under the same port, and to meet the diverse needs and resources of enterprises and group users.
  • the Chinese patent application No. CN200810147953.5 has the following deficiencies:
  • the patent is to extend the EAPOL protocol and increase the security access mark, so that the authentication requester, that is, the end user accesses the device through the Layer 2 access device securely and trustedly, the purpose is to improve The security considerations of the access user, that is, the authenticity of the edge device accessing the network is ensured without changing the traditional access authentication mode. It is also impossible to achieve rapid public authentication through the wireless LAN in an emergency and to securely use network resources. Summary of the invention
  • the present invention discloses an emergency communication method, a mobile terminal, an authentication server, and a wireless access point, which can quickly authenticate through a wireless local area network in an emergency and securely use network resources.
  • the emergency communication method disclosed by the present invention includes:
  • the user terminal UE sends an emergency communication request to the wireless access point AP;
  • the AP After receiving the emergency communication request sent by the UE, the AP sends a response requesting the user name information to the UE;
  • the UE After receiving the response packet sent by the AP, the UE sends an emergency communication message including the user name information to the authentication server AS through the AP;
  • the AS After the AS notifies the AP to open the access port for the user, the AS includes:
  • the AP limits the target address of the emergency communication user connection to be within a preset IP address or a web address range.
  • the AS receives the emergency communication message, and determines whether the received emergency communication message is an emergency communication frame, and if not, initiates identity authentication to the UE.
  • the mobile terminal disclosed by the present invention includes:
  • the emergency communication request module is configured to: send an emergency communication request to the wireless access point AP; the emergency communication message sending module is configured to: after receiving the response message of the requesting user name information sent by the wireless access point AP, The AP sends an emergency communication message including the user name information to the authentication server AS.
  • the wireless access point disclosed by the present invention includes:
  • the emergency communication request receiving module is configured to: after receiving the emergency communication request sent by the user terminal UE, send a response requesting the user name information to the UE;
  • the emergency communication message forwarding module is configured to: receive an emergency communication message sent by the UE and including the user name information, and forward the message to the authentication server AS;
  • the access port open module is configured to: when the AS determines that the emergency communication message sent by the UE is an emergency communication frame, open an access port for the user according to the instruction of the AS.
  • the wireless access point further includes:
  • the access restriction module is configured to: after opening the access port for the user, restrict the destination address of the emergency communication user connection to be within a preset IP address or URL range.
  • the authentication server disclosed by the present invention includes:
  • the emergency communication message receiving module is configured to: receive an emergency communication message that is sent by the UE and includes the user name information;
  • the emergency communication frame determining module is configured to: determine whether the received emergency communication message is an emergency communication frame, and if yes, set the user name as an emergency communication user, and notify the AP to open an access port for the user.
  • the authentication server further includes:
  • the identity authentication module is configured to: initiate identity authentication to the user terminal UE; the emergency communication frame determination module is further configured to: notify the identity authentication module to the user terminal UE when determining that the received emergency communication message is not an emergency communication frame Initiate identity authentication.
  • Figure 1 is a TCP/WLAN based emergency communication method using the IEEE 802.1x recommended client/server architecture
  • 2 is an EAP protocol packet data structure transmitted between a client STA and a wireless access point AP;
  • FIG. 3 is a flow chart of an emergency communication method based on a WiFi wireless local area network according to an embodiment of the present invention
  • FIG. 4 is a structural block diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of a wireless access point according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of an authentication server in accordance with an embodiment of the present invention. Preferred embodiment of the invention
  • An emergency communication access authentication method based on WiFi wireless local area network is proposed in the embodiment of the present invention.
  • the method is based on an access control mechanism defined by IEEE 802. lx, and an "emergency communication" is added by extending EAPOL and EAP standard protocol authentication messages.
  • the startup message and frame type enable fast and secure access to the WLAN for emergency and timely communication in an emergency.
  • the method for emergency communication based on WiFi wireless local area network uses a client/server architecture recommended by IEEE 802.1x, which includes three entities, namely, a client STA, a wireless access point AP. And the authentication server AS, their respective roles are as follows:
  • the client STA is a terminal requesting access to network resources, thereby initiating an authentication request.
  • Wireless Access Point AP also known as the Authenticator, functions as a “transparent pass” during the authentication process.
  • the authentication server AS is an entity that provides authentication services for the authenticator. The authentication and authorization functions are usually implemented by the RADIUS server.
  • the IEEE 802.lx authentication system uses the EAP protocol (Extensible Authentication Protocol) to exchange emergency communication messages between the client STA and the authentication server AS.
  • the EAP protocol packet is directly encapsulated in the WLAN environment by using the EAPOL (EAP Over LAN) encapsulation format between the client STA and the AP.
  • EAP protocol packets are encapsulated in EAPOR (EAP Over RADIUS) between the wireless access point AP and the authentication server AS.
  • the format is contained in the RADIUS (Remote Authentication Dial In User Service) protocol.
  • the working mechanism of the IEEE 802. lx is:
  • the client STA initiates an authentication request, and the corresponding username/password or digital certificate is transmitted to the authentication server AS for authentication through the wireless access point AP.
  • the authentication server AS After the user passes the authentication, the authentication server AS The authentication result and related information are transmitted to the wireless access point AP, and the wireless access point AP determines the authorized/unauthorized status of the controlled port according to the indication (accept or reject) of the authentication server AS.
  • the embodiment of the present invention complies with the client/server architecture recommended by IEEE 802.1x and is compatible with the access authentication process specified in the original protocol. Based on the original protocol, a new message definition is added to the fields in the EAP message and the EAPOL message to ensure the implementation of the emergency communication authentication access procedure described in the present invention.
  • Added field definitions include:
  • the Emergency Start message is added to ensure that the client side initiates the emergency communication authentication, and the system side raises its priority and sets a special emergency channel for it.
  • Emergency used to transmit emergency communication messages between the client STA, the wireless access point AP, and the authentication server AS during the authentication process.
  • the EAP protocol packet transmitted between the client STA and the wireless access point AP is based on the EAPOL protocol defined by 802. lx, and the EAP protocol packet is encapsulated in the EAPOL protocol, and the EAPOL message format is used.
  • the individual fields are defined as follows:
  • PAE Ethernet Type Indicates the protocol type of the Port Access Entity (PAE).
  • the protocol type assigned by 802. lx is 0x888E.
  • Protocol Version Indicates the protocol version number supported by the sender of the EAPOL frame.
  • EAP-Packet (value 00), an emergency communication message frame, used to carry emergency communication messages;
  • EAPOL-Key value is 03
  • key information frame ⁇ EAPOL-EmergencyStart (value FF) for emergency communication authentication initiation frames.
  • the present invention specifically defines new frame types.
  • Length indicates the length of the data, which is the length of the "Packet Body" field. If it is 0, it means there is no data field behind it.
  • Packet Body The packet entity. Different frame types correspond to different data formats. When the frame type is EAP-Packet ( 00 ), this field encapsulates the standard EAP format data packet.
  • the EAP fields are defined as follows:
  • ⁇ Code Indicates the type of EAP packet. There are four types of original definitions: Request Request, Response Response, Success Success, Failure Failure. In order to ensure the implementation of emergency communication, a new EAP packet type definition, Emergency Communication Emergency, is used to transmit emergency communication emergency communication messages between the client STA, the wireless access point AP and the authentication server AS.
  • ⁇ Identifier An identifier that assists in the request/response message.
  • ⁇ Length The length of the EAP packet, including the full length of the Code, Identifier, Length, and Data.
  • this embodiment discloses an emergency communication method based on a WiFi wireless local area network.
  • the detailed authentication method is as follows:
  • Step 1 The client STA sends an emergency communication request initiation message (EAPOL-EmergencyStart) to the wireless access point AP to start the emergency authentication process.
  • EAPOL-EmergencyStart an emergency communication request initiation message
  • Step 2 The wireless access point sends a response message (EAPOL_EAP_Request) to the client STA requesting the username information.
  • EAPOL_EAP_Request a response message
  • Step 3 The client STA responds to an emergency communication response message (EAPOL EAP Emergency) including the user name and the like to the wireless access point AP;
  • EAPOL EAP Emergency an emergency communication response message including the user name and the like to the wireless access point AP;
  • Step 4 The AP sends the data frame to the authentication server AS after being processed by the RADIUS protocol packet (RADIUS EAP Emergency).
  • Step 5 The authentication server AS determines the type of the received EAP frame. If it is an emergency communication frame, The user name is set as the emergency communication user, and the wireless access point AP is notified to open the control port, and the wireless access point AP sends an authentication success message (EAPOL_EAP_Success) to the client STA, and the authentication ends; otherwise, according to 802.1x
  • the standard process performs user authentication.
  • Step 6 After the authentication succeeds, the authentication server AS sends a session key to the wireless access point AP, and starts the session according to the key client STA.
  • Step 7 The session starts, the client STA initiates a session connection request, and the wireless access point AP restricts the target address of the connection to the client within the range of the preset IP address or the URL for the client marked as “emergency communication user”.
  • this embodiment discloses a mobile terminal, including:
  • An emergency communication requesting module configured to send an emergency communication request to the wireless access point AP
  • an emergency communication message sending module configured to: after receiving the response message of the requesting user name information sent by the wireless access point AP, The authentication server AS sends an emergency communication message containing the user name information.
  • this embodiment discloses a wireless access point, including:
  • the emergency communication request receiving module is configured to: after receiving the emergency communication request sent by the user terminal UE, send a response message requesting the user name information to the UE;
  • the emergency communication message forwarding module is configured to receive the emergency communication message that is sent by the UE and includes the user name information, and forwards the message to the authentication server AS;
  • the access port open module is configured to: when the AS determines that the emergency communication sent by the UE is an emergency communication frame, open an access port for the user according to the indication of the AS.
  • the access restriction module is configured to limit the target address of the emergency communication user connection to be within a preset IP address or a web address range after the access port is opened for the user.
  • this embodiment discloses an authentication server, including:
  • An emergency communication message receiving module configured to receive an emergency communication message that is sent by the UE and includes user name information
  • the emergency communication frame determining module is configured to determine whether the received emergency communication message is an emergency communication frame, and if yes, set the user name as an emergency communication user, and notify the AP to open an access port for the user, if not, Informing the identity authentication module to initiate identity authentication to the user terminal UE;
  • An identity authentication module is configured to initiate identity authentication to the user terminal UE.
  • WLANs were mainly used for personal, home and enterprise applications, and there were some shortcomings in public services and emergency communications.
  • the present invention effectively compensates for the above drawbacks and opens up an emergency channel from existing WiFi networks, so that users in need can obtain the required information assistance at any time and any place.
  • the second advantage of the embodiment of the invention lies in security.
  • the embodiment of the present invention provides maximum protection for the privacy and ownership of the wireless network hotspot owner, provides an emergency channel for the random access user, and also prevents malicious and abuse of emergency channel resources by limiting the target access address.
  • the third advantage of the embodiment of the present invention lies in compatibility.
  • the embodiments of the present invention are compatible with the existing technical standards and the air interface and the frame format requirements to the greatest extent, and do not change the existing WLAN access authentication mode, and only need to upgrade the existing equipment to implement the emergency communication function. .

Abstract

An emergency communication method comprises: user terminal (UE) transmitting to a wireless access point (AP) a request for emergency communication; after receiving the request for emergency communication transmitted by the UE, the AP transmitting to the UE a response message for requesting a user name information; after receiving the response message transmitted by the AP, the UE transmitting to the authentication server (AS) an emergency communication message containing the user name information through the AP; and the AS receiving the emergency communication message and judging whether the received emergency communication message is an emergency communication frame or not, and if so, setting the user name as an emergency communication user and notifying that the AP is an open access port for the user. Further disclosed are a mobile terminal, an authentication server and a wireless access point. The embodiment of the present invention remedies the abovementioned defects effectively, and opens up an emergency channel in the existing WiFi network in order to help users in need acquire the desired information at any time and any place.

Description

一种应急通信方法、 移动终端、 认证服务器和无线接入点  Emergency communication method, mobile terminal, authentication server and wireless access point
技术领域 Technical field
本发明涉及应急通讯技术,具体地,涉及一种应急通信方法、移动终端、 认证服务器和无线接入点。 背景技术  The present invention relates to emergency communication technologies, and in particular to an emergency communication method, a mobile terminal, an authentication server, and a wireless access point. Background technique
随着 WiFi 网络的日益普及, WiFi 已经成为无线局域网络 (WLAN)的代 名词, 它提供了一种让人们随时随地无线高速接入网络的技术方式,凭借方 便灵活的组网方式、 比蜂窝网络更快的传输速率和在世界范围内是无需任何 电信运营执照的免费频段, WiFi在各种终端上应用越来越广泛, 成为包括手 机、 平板电脑在内移动终端的基本功能, 用户可以在 WiFi覆盖区域内实现 浏览网页、 接听和拨打电话等业务。  With the increasing popularity of WiFi networks, WiFi has become synonymous with wireless local area networks (WLANs). It provides a technical way for people to access wireless networks at any time and anywhere. With convenient and flexible networking, it is more convenient than cellular networks. Fast transmission rate and free frequency band without any telecom operation license worldwide, WiFi is more and more widely used in various terminals, and it becomes a basic function of mobile terminals including mobile phones and tablets, and users can cover in WiFi. Realize services such as browsing the web, answering and making calls in the area.
一般情况下 , 接入 WiFi网络需要通过 WiFi热点的鉴权认证 , 保证网络 使用的安全性和合法性; 在紧急情况下, 尤其在灾难 /医疗 /事故现场等突发 事件发生时, 迫切需要提供一种基于 WiFi无线局域网络的应急通信和紧急 救助的手段和方法。  In general, access to the WiFi network requires authentication through the WiFi hotspot to ensure the security and legitimacy of the network. In an emergency, especially in the event of an emergency such as a disaster/medical/accident site, it is urgent to provide A method and method for emergency communication and emergency rescue based on WiFi wireless local area network.
相关的专利文献包括: 专利申请号为 CN200310112944.X的中国专利申 请 "一种 802. lx认证方法" 和专利号 CN200810147953.5为的中国专利申请 "基于扩展 802.1x认证系统的安全接入方法" 。  Related patent documents include: Chinese Patent Application No. CN200310112944.X, "An 802. lx Authentication Method" and Patent No. CN200810147953.5, "Chinese Patent Application "Safe Access Method Based on Extended 802.1x Authentication System" .
第 CN200310112944.X号中国专利申请存在以下不足: 该专利目的在于 针对同一端口下接多个用户的认证需求,满足企业和集团用户的多样性需求, 络资源。  The Chinese patent application No. CN200310112944.X has the following deficiencies: The purpose of the patent is to meet the authentication requirements of multiple users under the same port, and to meet the diverse needs and resources of enterprises and group users.
第 CN200810147953.5号中国专利申请存在以下不足: 该专利是通过扩 展 EAPOL协议, 增加安全接入标记, 实现认证请求者即终端用户通过二层 接入设备安全可信接入网络, 其目的在于提升接入用户的安全性考虑, 即在 不改变传统接入认证方式的情况下,保证了接入网络的边缘设备的真实可信, 同样无法实现面向公众在紧急情况下快速通过无线局域网的认证并且安全使 用网络资源。 发明内容 The Chinese patent application No. CN200810147953.5 has the following deficiencies: The patent is to extend the EAPOL protocol and increase the security access mark, so that the authentication requester, that is, the end user accesses the device through the Layer 2 access device securely and trustedly, the purpose is to improve The security considerations of the access user, that is, the authenticity of the edge device accessing the network is ensured without changing the traditional access authentication mode. It is also impossible to achieve rapid public authentication through the wireless LAN in an emergency and to securely use network resources. Summary of the invention
为了解决上述技术问题, 本发明公开了一种应急通信方法、 移动终端、 认证服务器和无线接入点, 能够实现在紧急情况下快速通过无线局域网的认 证并且安全使用网络资源。  In order to solve the above technical problem, the present invention discloses an emergency communication method, a mobile terminal, an authentication server, and a wireless access point, which can quickly authenticate through a wireless local area network in an emergency and securely use network resources.
本发明公开的应急通信方法, 包括:  The emergency communication method disclosed by the present invention includes:
用户终端 UE向无线接入点 AP发送紧急通信请求;  The user terminal UE sends an emergency communication request to the wireless access point AP;
所述 AP接收到所述 UE发送的紧急通信请求后,向所述 UE发送一个请 求用户名信息的响应 4艮文;  After receiving the emergency communication request sent by the UE, the AP sends a response requesting the user name information to the UE;
所述 UE接收到所述 AP发送的响应报文后,通过所述 AP向认证服务器 AS发送包含所述用户名信息的紧急通信报文;  After receiving the response packet sent by the AP, the UE sends an emergency communication message including the user name information to the authentication server AS through the AP;
所述 AS接收所述紧急通信报文, 并判断接收的紧急通信报文是否为紧 急通信帧, 若是, 则将所述用户名设置为紧急通信用户, 并通知所述 AP为 该用户开放访问端口。  Receiving, by the AS, the emergency communication message, and determining whether the received emergency communication message is an emergency communication frame, and if yes, setting the user name as an emergency communication user, and notifying the AP to open an access port for the user .
较佳地,  Preferably,
所述 AS通知所述 AP为该用户开放访问端口之后, 包括:  After the AS notifies the AP to open the access port for the user, the AS includes:
所述 AP限制所述紧急通信用户连接的目标地址在预设的 IP地址或网址 范围内。  The AP limits the target address of the emergency communication user connection to be within a preset IP address or a web address range.
较佳地, 所述 AS接收所述紧急通信报文, 并判断接收的紧急通信报文 是否为紧急通信帧, 若否, 则向所述 UE发起身份认证。  Preferably, the AS receives the emergency communication message, and determines whether the received emergency communication message is an emergency communication frame, and if not, initiates identity authentication to the UE.
本发明公开的移动终端, 包括:  The mobile terminal disclosed by the present invention includes:
紧急通信请求模块, 设置为: 向无线接入点 AP发送紧急通信请求; 紧急通信报文发送模块, 设置为: 在收到无线接入点 AP发送的请求用 户名信息的响应报文后, 通过所述 AP向认证服务器 AS发送包含所述用户 名信息的紧急通信 文。 本发明公开的无线接入点, 包括: The emergency communication request module is configured to: send an emergency communication request to the wireless access point AP; the emergency communication message sending module is configured to: after receiving the response message of the requesting user name information sent by the wireless access point AP, The AP sends an emergency communication message including the user name information to the authentication server AS. The wireless access point disclosed by the present invention includes:
紧急通信请求接收模块, 设置为: 接收到用户终端 UE发送的紧急通信 请求后, 向所述 UE发送一个请求用户名信息的响应 ^艮文;  The emergency communication request receiving module is configured to: after receiving the emergency communication request sent by the user terminal UE, send a response requesting the user name information to the UE;
紧急通信报文转发模块, 设置为: 接收所述 UE发送的包含用户名信息 的紧急通信报文, 并转发给认证服务器 AS;  The emergency communication message forwarding module is configured to: receive an emergency communication message sent by the UE and including the user name information, and forward the message to the authentication server AS;
访问端口开放模块, 设置为: 在所述 AS判断所述 UE发送的紧急通信 报文为紧急通信帧时, 按照所述 AS的指示为该用户开放访问端口。  The access port open module is configured to: when the AS determines that the emergency communication message sent by the UE is an emergency communication frame, open an access port for the user according to the instruction of the AS.
较佳地,  Preferably,
所述无线接入点还包括:  The wireless access point further includes:
访问限制模块, 设置为: 在为该用户开放访问端口后, 限制所述紧急通 信用户连接的目标地址在预设的 IP地址或网址范围内。  The access restriction module is configured to: after opening the access port for the user, restrict the destination address of the emergency communication user connection to be within a preset IP address or URL range.
本发明公开的认证服务器, 包括:  The authentication server disclosed by the present invention includes:
紧急通信报文接收模块, 设置为: 接收 UE发送的包含用户名信息的紧 急通信报文;  The emergency communication message receiving module is configured to: receive an emergency communication message that is sent by the UE and includes the user name information;
紧急通信帧判断模块, 设置为: 判断接收的紧急通信报文是否为紧急通 信帧, 若是, 则将所述用户名设置为紧急通信用户, 并通知所述 AP为该用 户开放访问端口。  The emergency communication frame determining module is configured to: determine whether the received emergency communication message is an emergency communication frame, and if yes, set the user name as an emergency communication user, and notify the AP to open an access port for the user.
较佳地,  Preferably,
所述认证服务器还包括:  The authentication server further includes:
身份认证模块, 设置为: 向用户终端 UE发起身份认证; 所述紧急通信帧判断模块还设置为: 在判断接收的紧急通信报文不是紧 急通信帧时, 通知所述身份认证模块向用户终端 UE发起身份认证。  The identity authentication module is configured to: initiate identity authentication to the user terminal UE; the emergency communication frame determination module is further configured to: notify the identity authentication module to the user terminal UE when determining that the received emergency communication message is not an emergency communication frame Initiate identity authentication.
附图概述 BRIEF abstract
图 1为基于 WiFi无线局域网络的应急通信方法釆用 IEEE 802.1x建议的 客户 /服务器体系结构; 图 2为客户端 STA和无线接入点 AP之间传送的 EAP协议 4艮文数据包 结构; Figure 1 is a TCP/WLAN based emergency communication method using the IEEE 802.1x recommended client/server architecture; 2 is an EAP protocol packet data structure transmitted between a client STA and a wireless access point AP;
图 3为根据本发明实施例中基于 WiFi无线局域网络的应急通信方法流 程图;  3 is a flow chart of an emergency communication method based on a WiFi wireless local area network according to an embodiment of the present invention;
图 4为根据本发明实施例中移动终端的结构框图;  4 is a structural block diagram of a mobile terminal according to an embodiment of the present invention;
图 5为根据本发明实施例中无线接入点的结构框图;  FIG. 5 is a structural block diagram of a wireless access point according to an embodiment of the present invention; FIG.
图 6为根据本发明实施例中认证服务器的结构框图。 本发明的较佳实施方式  6 is a structural block diagram of an authentication server in accordance with an embodiment of the present invention. Preferred embodiment of the invention
本发明实施例提出的一种基于 WiFi无线局域网络的应急通信接入认证 方法, 该方法基于 IEEE 802. lx定义的访问控制机制, 通过扩展 EAPOL和 EAP标准协议认证报文, 增加 "紧急通信" 启动消息和帧类型, 实现了在紧 急情况下快速安全接入无线局域网络进行紧急救助和及时通信。  An emergency communication access authentication method based on WiFi wireless local area network is proposed in the embodiment of the present invention. The method is based on an access control mechanism defined by IEEE 802. lx, and an "emergency communication" is added by extending EAPOL and EAP standard protocol authentication messages. The startup message and frame type enable fast and secure access to the WLAN for emergency and timely communication in an emergency.
下面结合附图对本发明基于 WiFi无线局域网络的应急通信方法进行说 明。  The emergency communication method based on the WiFi wireless local area network of the present invention will be described below with reference to the accompanying drawings.
如图 1所示, 本发明实施例提出的基于 WiFi无线局域网络的应急通信 方法釆用 IEEE 802.1x建议的客户 /服务器体系结构, 它包括三个实体, 即客 户端 STA, 无线接入点 AP和认证服务器 AS, 各自的作用如下:  As shown in FIG. 1 , the method for emergency communication based on WiFi wireless local area network proposed by the embodiment of the present invention uses a client/server architecture recommended by IEEE 802.1x, which includes three entities, namely, a client STA, a wireless access point AP. And the authentication server AS, their respective roles are as follows:
* 客户端 STA, 作为认证请求的申请者, 是一个请求访问网络资源的 终端, 由此发起认证请求。  * The client STA, as the applicant for the authentication request, is a terminal requesting access to network resources, thereby initiating an authentication request.
• 无线接入点 AP,也称作认证者,在认证过程中起到 "透传"的功能。 • 认证服务器 AS, 是为认证者提供认证服务的实体, 通常由 RADIUS 服务器来实现认证和授权功能。  • Wireless Access Point AP, also known as the Authenticator, functions as a “transparent pass” during the authentication process. • The authentication server AS is an entity that provides authentication services for the authenticator. The authentication and authorization functions are usually implemented by the RADIUS server.
IEEE 802. lx认证系统釆用 EAP协议( Extensive Authentication Protocol, 可扩展认证协议),在客户端 STA和认证服务器 AS之间交换紧急通信报文。 其中,在客户端 STA和无线接入点 AP之间, EAP协议报文使用 EAPOL( EAP Over LAN )封装格式, 直接承载在 WLAN环境中。 在无线接入点 AP和认 证服务器 AS之间, EAP协议报文使用 EAPOR ( EAP Over RADIUS )封装 格式, 载于 RADIUS ( Remote Authentication Dial In User Service, 远程用 户拨号认证系统)协议中。 The IEEE 802.lx authentication system uses the EAP protocol (Extensible Authentication Protocol) to exchange emergency communication messages between the client STA and the authentication server AS. The EAP protocol packet is directly encapsulated in the WLAN environment by using the EAPOL (EAP Over LAN) encapsulation format between the client STA and the AP. EAP protocol packets are encapsulated in EAPOR (EAP Over RADIUS) between the wireless access point AP and the authentication server AS. The format is contained in the RADIUS (Remote Authentication Dial In User Service) protocol.
IEEE 802. lx的工作机理是: 客户端 STA发起认证请求, 通过无线接入 点 AP把对应的用户名 /密码或数字证书传递给认证服务器 AS鉴权认证, 当 用户通过认证后, 认证服务器 AS会把认证结果及相关信息传递给无线接入 点 AP, 无线接入点 AP会根据认证服务器 AS的指示(接受或拒绝)决定受 控端口的授权 /非授权状态。  The working mechanism of the IEEE 802. lx is: The client STA initiates an authentication request, and the corresponding username/password or digital certificate is transmitted to the authentication server AS for authentication through the wireless access point AP. After the user passes the authentication, the authentication server AS The authentication result and related information are transmitted to the wireless access point AP, and the wireless access point AP determines the authorized/unauthorized status of the controlled port according to the indication (accept or reject) of the authentication server AS.
本发明实施例遵循 IEEE 802.1x建议的客户 /服务器体系结构, 兼容原协 议规定的接入认证流程。 在原有协议基础上, 针对 EAP报文以及 EAPOL报 文中的字段增加了新的消息定义, 确保实现本发明所述的紧急通信认证接入 流程。 增加的字段定义包括:  The embodiment of the present invention complies with the client/server architecture recommended by IEEE 802.1x and is compatible with the access authentication process specified in the original protocol. Based on the original protocol, a new message definition is added to the fields in the EAP message and the EAPOL message to ensure the implementation of the emergency communication authentication access procedure described in the present invention. Added field definitions include:
1 )在 EAPOL报文中的 Type字段增加了 Emergency Start消息, 确保客 户端 STA发起应急通信认证后, 系统侧提升其优先级, 为其设置专门应急通 道。  1) In the Type field of the EAPOL packet, the Emergency Start message is added to ensure that the client side initiates the emergency communication authentication, and the system side raises its priority and sets a special emergency channel for it.
2 )在 EAP报文中的 Code字段增加一种新的 EAP包类型——紧急通信 2) Add a new EAP packet type in the Code field in the EAP message - emergency communication
Emergency, 用于在认证过程中客户端 STA、 无线接入点 AP和认证服务器 AS三者之间传递紧急通信报文。 Emergency, used to transmit emergency communication messages between the client STA, the wireless access point AP, and the authentication server AS during the authentication process.
如图 2所示, 在客户端 STA和无线接入点 AP之间传送的 EAP协议报 文数据包是基于 802. lx定义的 EAPOL协议,在 EAPOL协议内部封装了 EAP 协议数据包, EAPOL消息格式的各个字段定义如下:  As shown in FIG. 2, the EAP protocol packet transmitted between the client STA and the wireless access point AP is based on the EAPOL protocol defined by 802. lx, and the EAP protocol packet is encapsulated in the EAPOL protocol, and the EAPOL message format is used. The individual fields are defined as follows:
• PAE Ethernet Type: 表示端口访问实体 ( Port Access Entity, PAE ) 的协议类型, 802. lx分配的协议类型为 0x888E。  • PAE Ethernet Type: Indicates the protocol type of the Port Access Entity (PAE). The protocol type assigned by 802. lx is 0x888E.
• Protocol Version: 表示 EAPOL帧的发送方所支持的协议版本号。 • Protocol Version: Indicates the protocol version number supported by the sender of the EAPOL frame.
• Type: 帧类型 • Type: frame type
■ EAP-Packet (值为 00 ) , 紧急通信报文帧, 用于承载紧急通信报 文;  ■ EAP-Packet (value 00), an emergency communication message frame, used to carry emergency communication messages;
■ EAPOL-Start (值为 01 ) , 认证发起帧;  ■ EAPOL-Start (value 01), authentication initiation frame;
■ EAPOL-Logoff (值为 02 ) , 退出请求帧;  ■ EAPOL-Logoff (value 02), exit request frame;
■ EAPOL-Key (值为 03 ) , 密钥信息帧; ■ EAPOL-EmergencyStart (值为 FF ) , 用于应急通信认证发起帧, 本发明专门定义新的帧类型。 ■ EAPOL-Key (value is 03), key information frame; ■ EAPOL-EmergencyStart (value FF) for emergency communication authentication initiation frames. The present invention specifically defines new frame types.
• Length: 表示数据长度, 也就是后面 "Packet Body" 字段的长度, 如 果为 0, 表示没有后面的数据域。  • Length: indicates the length of the data, which is the length of the "Packet Body" field. If it is 0, it means there is no data field behind it.
· Packet Body: 数据包实体。 不同的帧类型对应着不同的数据格式, 当帧类型为 EAP-Packet ( 00 ) 时, 本字段内部封装了标准 EAP格式 的数据包, EAP各字段定义如下:  · Packet Body: The packet entity. Different frame types correspond to different data formats. When the frame type is EAP-Packet ( 00 ), this field encapsulates the standard EAP format data packet. The EAP fields are defined as follows:
■ Code: 指明 EAP包的类型, 原定义一共有四种: 请求 Request, 响应 Response, 成功 Success, 失败 Failure。 为了确保应急通信 的实现,增加一种新的 EAP包类型定义——紧急通信 Emergency, 用于在客户端 STA、 无线接入点 AP和认证服务器 AS三者之间 传递紧急通信紧急通信报文。  ■ Code: Indicates the type of EAP packet. There are four types of original definitions: Request Request, Response Response, Success Success, Failure Failure. In order to ensure the implementation of emergency communication, a new EAP packet type definition, Emergency Communication Emergency, is used to transmit emergency communication emergency communication messages between the client STA, the wireless access point AP and the authentication server AS.
■ Identifier: 辅助进行请求 /响应消息的标识符。  ■ Identifier: An identifier that assists in the request/response message.
■ Length: EAP 包的长度, 包括 Code, Identifier, Length和 Data 的全部内容长度。  ■ Length: The length of the EAP packet, including the full length of the Code, Identifier, Length, and Data.
■ Data: EAP数据信息, 内容格式由 Code决定。 实施例一  ■ Data: EAP data information, the content format is determined by Code. Embodiment 1
如图 3所示, 本实施例公开了一种基于 WiFi无线局域网络的应急通信 方法, 详细认证方法流程如下:  As shown in FIG. 3, this embodiment discloses an emergency communication method based on a WiFi wireless local area network. The detailed authentication method is as follows:
步骤 1 : 客户端 STA 向无线接入点 AP发送紧急通信请求发起报文 ( EAPOL-EmergencyStart ) , 启动紧急认证过程;  Step 1: The client STA sends an emergency communication request initiation message (EAPOL-EmergencyStart) to the wireless access point AP to start the emergency authentication process.
步骤 2: 无线接入点 AP向客户端 STA发送一个请求用户名信息的响应 报文 (EAPOL—EAP— Request);  Step 2: The wireless access point sends a response message (EAPOL_EAP_Request) to the client STA requesting the username information.
步骤 3: 客户端 STA回应一个包括自身用户名等信息的紧急通信响应报 文 ((EAPOL EAP Emergency)给无线接入点 AP;  Step 3: The client STA responds to an emergency communication response message (EAPOL EAP Emergency) including the user name and the like to the wireless access point AP;
步骤 4: AP 将该数据帧经过 RADIUS 协议封包处理后 ( RADIUS EAP Emergency )送给认证服务器 AS处理;  Step 4: The AP sends the data frame to the authentication server AS after being processed by the RADIUS protocol packet (RADIUS EAP Emergency).
步骤 5: 认证服务器 AS判断接收的 EAP帧类型, 如果为紧急通信帧, 则将该用户名设置为紧急通信用户, 并通知无线接入点 AP打开控制端口, 无线接入点 AP发送认证成功消息 ( EAPOL—EAP— Success )给客户端 STA, 认证结束; 否则按照 802.1x标准流程进行用户身份认证。 Step 5: The authentication server AS determines the type of the received EAP frame. If it is an emergency communication frame, The user name is set as the emergency communication user, and the wireless access point AP is notified to open the control port, and the wireless access point AP sends an authentication success message (EAPOL_EAP_Success) to the client STA, and the authentication ends; otherwise, according to 802.1x The standard process performs user authentication.
步骤 6: 认证成功后, 认证服务器 AS向无线接入点 AP发送会话密钥, 根据此密钥客户端 STA开始会话。  Step 6: After the authentication succeeds, the authentication server AS sends a session key to the wireless access point AP, and starts the session according to the key client STA.
步骤 7: 会话开始, 客户端 STA发起会话连接申请, 无线接入点 AP对 于标志为 "紧急通信用户" 的客户端, 限制其连接的目标地址在预设的 IP地 址或网址的范围内。  Step 7: The session starts, the client STA initiates a session connection request, and the wireless access point AP restricts the target address of the connection to the client within the range of the preset IP address or the URL for the client marked as “emergency communication user”.
实施例二 Embodiment 2
如图 4所示, 本实施例公开了一种移动终端, 包括:  As shown in FIG. 4, this embodiment discloses a mobile terminal, including:
紧急通信请求模块, 用于向无线接入点 AP发送紧急通信请求; 紧急通信报文发送模块, 用于在收到无线接入点 AP发送的请求用户名 信息的响应报文后, 通过 AP向认证服务器 AS发送包含用户名信息的紧急 通信 ^艮文。  An emergency communication requesting module, configured to send an emergency communication request to the wireless access point AP, and an emergency communication message sending module, configured to: after receiving the response message of the requesting user name information sent by the wireless access point AP, The authentication server AS sends an emergency communication message containing the user name information.
实施例三 Embodiment 3
如图 5所示, 本实施例公开了一种无线接入点, 包括:  As shown in FIG. 5, this embodiment discloses a wireless access point, including:
紧急通信请求接收模块, 用于接收到用户终端 UE发送的紧急通信请求 后, 向所述 UE发送一个请求用户名信息的响应 文;  The emergency communication request receiving module is configured to: after receiving the emergency communication request sent by the user terminal UE, send a response message requesting the user name information to the UE;
紧急通信报文转发模块, 用于接收所述 UE发送的包含用户名信息的紧 急通信报文, 并转发给认证服务器 AS;  The emergency communication message forwarding module is configured to receive the emergency communication message that is sent by the UE and includes the user name information, and forwards the message to the authentication server AS;
访问端口开放模块, 用于在所述 AS判断所述 UE发送的紧急通信 "^文 为紧急通信帧时, 按照所述 AS的指示为该用户开放访问端口。  The access port open module is configured to: when the AS determines that the emergency communication sent by the UE is an emergency communication frame, open an access port for the user according to the indication of the AS.
访问限制模块, 用于在为该用户开放访问端口后, 限制所述紧急通信用 户连接的目标地址在预设的 IP地址或网址范围内。 实施例四 The access restriction module is configured to limit the target address of the emergency communication user connection to be within a preset IP address or a web address range after the access port is opened for the user. Embodiment 4
如图 6所示, 本实施例公开了一种认证服务器, 包括:  As shown in FIG. 6, this embodiment discloses an authentication server, including:
紧急通信报文接收模块, 用于接收 UE发送的包含用户名信息的紧急通 信报文;  An emergency communication message receiving module, configured to receive an emergency communication message that is sent by the UE and includes user name information;
紧急通信帧判断模块,用于判断接收的紧急通信报文是否为紧急通信帧 , 若是, 则将所述用户名设置为紧急通信用户, 并通知所述 AP为该用户开放 访问端口, 若否, 则通知身份认证模块向用户终端 UE发起身份认证;  The emergency communication frame determining module is configured to determine whether the received emergency communication message is an emergency communication frame, and if yes, set the user name as an emergency communication user, and notify the AP to open an access port for the user, if not, Informing the identity authentication module to initiate identity authentication to the user terminal UE;
身份认证模块, 用于向用户终端 UE发起身份认证。  An identity authentication module is configured to initiate identity authentication to the user terminal UE.
需要说明的是, 本发明还可有其他多种实施例, 在不背离本发明精神及 和变形, 但这些相应的改变和变形都应属于本发明所附的权利要求的保护范 围。  It is to be understood that the invention may be embodied in other forms and modifications without departing from the spirit and scope of the invention.
工业实用性 Industrial applicability
本发明实施例的有益效果为:  The beneficial effects of the embodiments of the present invention are:
本发明实施例的优点之一在于可实现性。 无线局域网在设计之初主要面 向个人、 家庭和企业应用, 在公众服务和应急通信方面的考虑有所欠缺。 本 发明有效地弥补了上述缺陷, 从现有 WiFi 网络中开辟了一条紧急通道, 方 便有需要的用户在任何时间任何地点获得所需要的信息救助。  One of the advantages of embodiments of the present invention is achievability. At the beginning of the design, WLANs were mainly used for personal, home and enterprise applications, and there were some shortcomings in public services and emergency communications. The present invention effectively compensates for the above drawbacks and opens up an emergency channel from existing WiFi networks, so that users in need can obtain the required information assistance at any time and any place.
本发明实施例的优点之二在于安全性。 本发明实施例最大限度保护无线 网络热点所有者的个人隐私和所有权的同时, 为随机接入用户提供了紧急通 道, 也通过限制目标接入地址防止恶意和滥用紧急通道资源。  The second advantage of the embodiment of the invention lies in security. The embodiment of the present invention provides maximum protection for the privacy and ownership of the wireless network hotspot owner, provides an emergency channel for the random access user, and also prevents malicious and abuse of emergency channel resources by limiting the target access address.
本发明实施例的优点之三在于兼容性。 本发明实施例最大限度兼容了现 有的技术标准和空中接口以及帧格式要求, 不改变现有的无线局域网络接入 鉴权方式, 只需要对现有设备进行软件升级就可以实现应急通信功能。  The third advantage of the embodiment of the present invention lies in compatibility. The embodiments of the present invention are compatible with the existing technical standards and the air interface and the frame format requirements to the greatest extent, and do not change the existing WLAN access authentication mode, and only need to upgrade the existing equipment to implement the emergency communication function. .

Claims

权 利 要 求 书 claims
1、 一种应急通信方法, 包括: 1. An emergency communication method, including:
用户终端 UE向无线接入点 AP发送紧急通信请求; The user terminal UE sends an emergency communication request to the wireless access point AP;
所述 AP接收到所述 UE发送的紧急通信请求后,向所述 UE发送一个请 求用户名信息的响应 4艮文; After receiving the emergency communication request sent by the UE, the AP sends a response message requesting user name information to the UE;
所述 UE接收到所述 AP发送的响应报文后,通过所述 AP向认证服务器 AS发送包含所述用户名信息的紧急通信报文; After receiving the response message sent by the AP, the UE sends an emergency communication message containing the user name information to the authentication server AS through the AP;
所述 AS接收所述紧急通信报文, 并判断接收的紧急通信报文是否为紧 急通信帧, 若是, 则将所述用户名设置为紧急通信用户, 并通知所述 AP为 该用户开放访问端口。 The AS receives the emergency communication message and determines whether the received emergency communication message is an emergency communication frame. If so, sets the user name as an emergency communication user and notifies the AP to open an access port for the user. .
2、 如权利要求 1所述的方法, 其中, 2. The method of claim 1, wherein,
所述 AS通知所述 AP为该用户开放访问端口之后, 包括: After the AS notifies the AP to open an access port for the user, it includes:
所述 AP限制所述紧急通信用户连接的目标地址在预设的 IP地址或网址 范围内。 The AP limits the target address of the emergency communication user connection to be within a preset IP address or website range.
3、 如权利要求 1所述的方法, 其中, 3. The method of claim 1, wherein,
所述 AS接收所述紧急通信报文, 并判断接收的紧急通信报文是否为紧 急通信帧, 若否, 则向所述 UE发起身份认证。 The AS receives the emergency communication message and determines whether the received emergency communication message is an emergency communication frame. If not, initiates identity authentication to the UE.
4、 一种移动终端, 包括: 4. A mobile terminal, including:
紧急通信请求模块, 设置为: 向无线接入点 AP发送紧急通信请求; 紧急通信报文发送模块, 设置为: 在收到无线接入点 AP发送的请求用 户名信息的响应报文后, 通过所述 AP向认证服务器 AS发送包含所述用户 名信息的紧急通信 文。 The emergency communication request module is set to: send an emergency communication request to the wireless access point AP; the emergency communication message sending module is set to: after receiving a response message requesting user name information sent by the wireless access point AP, through The AP sends an emergency communication message containing the user name information to the authentication server AS.
5、 一种无线接入点, 包括: 5. A wireless access point, including:
紧急通信请求接收模块, 设置为: 接收到用户终端 UE发送的紧急通信 请求后, 向所述 UE发送一个请求用户名信息的响应 ^艮文; The emergency communication request receiving module is configured to: after receiving the emergency communication request sent by the user terminal UE, send a response message requesting user name information to the UE;
紧急通信报文转发模块, 设置为: 接收所述 UE发送的包含用户名信息 的紧急通信报文, 并转发给认证服务器 AS; 访问端口开放模块, 设置为: 在所述 AS判断所述 UE发送的紧急通信 报文为紧急通信帧时, 按照所述 AS的指示为该用户开放访问端口。 The emergency communication message forwarding module is configured to: receive the emergency communication message containing user name information sent by the UE, and forward it to the authentication server AS; The access port opening module is configured to: when the AS determines that the emergency communication message sent by the UE is an emergency communication frame, open the access port to the user according to the instruction of the AS.
6、 如权利要求 5所述的无线接入点, 其中, 6. The wireless access point as claimed in claim 5, wherein,
所述无线接入点还包括: The wireless access point also includes:
访问限制模块, 设置为: 在为该用户开放访问端口后, 限制所述紧急通 信用户连接的目标地址在预设的 IP地址或网址范围内。 The access restriction module is set to: after opening the access port for the user, restrict the target address connected by the emergency communication user to a preset IP address or website range.
7、 一种认证服务器, 包括: 7. An authentication server, including:
紧急通信报文接收模块, 设置为: 接收 UE发送的包含用户名信息的紧 急通信报文; The emergency communication message receiving module is configured to: receive the emergency communication message containing user name information sent by the UE;
紧急通信帧判断模块, 设置为: 判断接收的紧急通信报文是否为紧急通 信帧, 若是, 则将所述用户名设置为紧急通信用户, 并通知所述 AP为该用 户开放访问端口。 The emergency communication frame judgment module is configured to: judge whether the received emergency communication message is an emergency communication frame, and if so, set the user name as an emergency communication user, and notify the AP to open an access port for the user.
8、 如权利要求 7所述的认证服务器, 其中, 8. The authentication server as claimed in claim 7, wherein,
所述认证服务器还包括: The authentication server also includes:
身份认证模块, 设置为: 向用户终端 UE发起身份认证; The identity authentication module is set to: initiate identity authentication to the user terminal UE;
所述紧急通信帧判断模块还设置为: 在判断接收的紧急通信报文不是紧 急通信帧时, 通知所述身份认证模块向用户终端 UE发起身份认证。 The emergency communication frame judgment module is also configured to: when judging that the received emergency communication message is not an emergency communication frame, notify the identity authentication module to initiate identity authentication to the user terminal UE.
PCT/CN2013/082324 2013-06-20 2013-08-27 Emergency communication method, mobile terminal, authentication server and wireless access point WO2014201766A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310246982.8A CN104244210A (en) 2013-06-20 2013-06-20 Emergency communication method, mobile terminal, authentication server and wireless access point
CN201310246982.8 2013-06-20

Publications (1)

Publication Number Publication Date
WO2014201766A1 true WO2014201766A1 (en) 2014-12-24

Family

ID=52103860

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/082324 WO2014201766A1 (en) 2013-06-20 2013-08-27 Emergency communication method, mobile terminal, authentication server and wireless access point

Country Status (2)

Country Link
CN (1) CN104244210A (en)
WO (1) WO2014201766A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105263099B (en) * 2015-08-28 2018-10-12 小米科技有限责任公司 The method and apparatus for sending location information
US10257684B2 (en) 2015-12-09 2019-04-09 Huawei Technologies Co., Ltd. System and methods for critical communication
CN106550319B (en) * 2015-12-11 2020-10-30 南方科技大学 Wi-Fi authentication method and system
CN108809903B (en) * 2017-05-02 2021-08-10 中国移动通信有限公司研究院 Authentication method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527897A (en) * 2009-03-25 2009-09-09 曾杰 Emergency communication method of wireless cell phone and wireless local area network and communication device
US20110201300A1 (en) * 2010-02-18 2011-08-18 Samuel Ornstein Emergency contact information device and method
CN102244851A (en) * 2011-06-27 2011-11-16 南京邮电大学 Emergency radio communication method based on public telephone network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006216994A (en) * 2005-01-07 2006-08-17 Oki Electric Ind Co Ltd Emergency call system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527897A (en) * 2009-03-25 2009-09-09 曾杰 Emergency communication method of wireless cell phone and wireless local area network and communication device
US20110201300A1 (en) * 2010-02-18 2011-08-18 Samuel Ornstein Emergency contact information device and method
CN102244851A (en) * 2011-06-27 2011-11-16 南京邮电大学 Emergency radio communication method based on public telephone network

Also Published As

Publication number Publication date
CN104244210A (en) 2014-12-24

Similar Documents

Publication Publication Date Title
EP1767025B1 (en) Method for establishing an emergency connection in a local wireless network
JP4913209B2 (en) Method for providing emergency access to a WLAN to a guest terminal
EP2383931B1 (en) Network security hypertext transfer protocol negotiation method and correlated devices
WO2019017837A1 (en) Network security management method and apparatus
WO2006000151A1 (en) A method for managing the local terminal equipment to access the network
US20070143613A1 (en) Prioritized network access for wireless access networks
US8611859B2 (en) System and method for providing secure network access in fixed mobile converged telecommunications networks
WO2008131689A1 (en) Method and system for realizing an emergency communication service and corresponding apparatuses thereof
TW201127100A (en) Femtocell access control
TW201123824A (en) Method and apparatus for supporting an emergency call in a wireless metropolitan area network
WO2006002601A1 (en) A method for wireless lan users set-up session connection
JP2011244493A (en) Supporting emergency calls on wireless local area network
JPWO2007097101A1 (en) Wireless access system and wireless access method
WO2009135445A1 (en) Roaming authentication method based on wapi
WO2009012675A1 (en) Access network gateway, terminal, method and system for setting up a data connection
WO2011127774A1 (en) Method and apparatus for controlling mode for user terminal to access internet
KR20120017079A (en) Access control method for tri-element peer authentication credible network connection structure
WO2014201766A1 (en) Emergency communication method, mobile terminal, authentication server and wireless access point
WO2008064583A1 (en) A method for processing call and a service control device and a call processing system
US20080184332A1 (en) Method and device for dual authentication of a networking device and a supplicant device
US9060028B1 (en) Method and apparatus for rejecting untrusted network
KR20050109685A (en) Method and system for user authentication based on extensible authentication protocol coexisting with device authentication in portable internet system
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
WO2010124569A1 (en) Method and system for user access control
WO2009103227A1 (en) Method, device and system for sending initial configuration message to access point device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13887488

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13887488

Country of ref document: EP

Kind code of ref document: A1