WO2015160781A1 - Portal authentication - Google Patents

Portal authentication Download PDF

Info

Publication number
WO2015160781A1
WO2015160781A1 PCT/US2015/025712 US2015025712W WO2015160781A1 WO 2015160781 A1 WO2015160781 A1 WO 2015160781A1 US 2015025712 W US2015025712 W US 2015025712W WO 2015160781 A1 WO2015160781 A1 WO 2015160781A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
authentication
portal
client terminal
application
Prior art date
Application number
PCT/US2015/025712
Other languages
French (fr)
Inventor
Chao XIU
Original Assignee
Alibaba Group Holding Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Limited filed Critical Alibaba Group Holding Limited
Priority to KR1020167027874A priority Critical patent/KR102154384B1/en
Priority to JP2016561013A priority patent/JP6552519B2/en
Priority to EP15780018.6A priority patent/EP3132370A4/en
Publication of WO2015160781A1 publication Critical patent/WO2015160781A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Definitions

  • the present disclosure relates to the field of Internet technology, and in particular, to an application client terminal and an application server.
  • WLAN Wireless Local Area Network
  • HaidilaoTM restaurant or StarbucksTM generally provide wireless access service for users.
  • HaidilaoTM or StarbucksTM needs to construct and manage its own wireless network, such as deploying a wireless network that includes a wireless access point (AP) and a wireless access controller (AC).
  • AP wireless access point
  • AC wireless access controller
  • the merchant such as HaidilaoTM is not only an owner of the wireless network but also an administrator of the wireless network, and needs to take security and service quality of the wireless access service into consideration. From the perspective of security, user identity authentication is undoubtedly an extremely important security mechanism.
  • Wireless authentication modes such as Wi-Fi Protected Access (WPA)/WPA2 are widely applied to small-sized networks such as a home network, and an administrator of the network informs each authorized user of a secret key in a relatively safe manner.
  • WPA Wi-Fi Protected Access
  • WPA2 Wireless authentication modes
  • small-sized networks such as a home network
  • an administrator of the network informs each authorized user of a secret key in a relatively safe manner.
  • informing users of a key one by one is obviously unacceptable.
  • the mechanism described above runs at a wireless link layer, and therefore has poor compatibility.
  • portable terminals of some users are earlier models, and the wireless technology used on such portable terminals may not support authentication modes such as WPA2.
  • a portal authentication runs at a layer above the network layer, has general applicability, and is almost irrelevant to hardware of portable terminals of the user and wireless access technologies used on the portable terminals.
  • a user obtains network access permission on the basis of a standard portal authentication process as long as the user accesses a wireless network.
  • the portal authentication technology actually originates from the era of personal computer (PC) Internet, and has a technical problem for adapting to the usage characteristics of the mobile Internet.
  • a WLAN Internet access service provided by China UnicomTM is used as an example.
  • a smart phone of a user successfully connects to an AP of China UnicomTM (accesses a wireless network)
  • a wireless network connection icon 11 indicates that the smart phone has successfully connected to the wireless network.
  • the user may not refresh WeiboTM successfully.
  • the root cause of this problem is that many ordinary users take it for granted that they may access an external network (generally the Internet) after successfully connecting to the wireless network. But in fact, the users merely successfully connect to the wireless network of UnicomTM in a wireless manner. Except for some authentication- free sites (such as a Dynamic Host Configuration Protocol (DHCP) server), the users cannot access the Internet before passing a portal authentication.
  • DHCP Dynamic Host Configuration Protocol
  • the portal authentication is implemented on the basis of a browser, and many ordinary users do not know that they need to open the browser to initiate a portal authentication process because this authentication mechanism is different from the authentication mode of wireless networks in a user's homes. From another perspective, even if some users understand working principles of the portal authentication, it is still inconvenient to perform the portal authentication.
  • portable terminals of users generally have a function of automatically connecting to wireless networks to which the portable terminals have previously connected, while many smart phones will automatically turn off mobile data connections such as 3G when the smart phones successfully connect to the wireless network. Once the smart phone of the user automatically connects to the wireless network while the user does not notice this situation, the user will not initiate a portal authentication through the browser. In such a scenario, the user terminal may not access the Internet because the mobile data connection is turned off and problems will occur in many applications that need exchange data online all the time.
  • the present disclosure provides an example application client terminal that resides or is applied on a portable terminal.
  • the client includes a push processing unit, a portal agent unit, and a media access control address (MAC) synchronization unit.
  • MAC media access control address
  • the push processing unit when receiving an authentication prompt message pushed by an application server, outputs an authentication prompt option corresponding to the authentication prompt message in a message prompt bar of the portable terminal.
  • the portal agent unit initiates a portal authentication after it is determined that the authentication prompt option is selected by a user, acquires MAC address information of the present portable terminal returned by a portal server after the portal authentication is initiated.
  • the portal agent uses a user name and password that the application client terminal logs into the application server or the application server terminal as a user name and password for the portal authentication.
  • the MAC synchronization sends the MAC address information of the present portable terminal returned by the portal server to the application server.
  • the present disclosure further provides an example portal authentication method applied to a portable terminal 0 The method includes the following operations.
  • Step A when an authentication prompt message pushed by an application server is received, an authentication prompt option corresponding to the authentication prompt message is output in a message prompt bar of the portable terminal;
  • Step B the portal authentication is initiated after it is determined that the authentication prompt option is selected by a user.
  • the MAC address information of the present portable terminal returned by a portal server is acquired after the portal authentication is initiated.
  • a user name and password for the application logging into an application server is used as a user name and password for the portal authentication.
  • Step C the MAC address information of the present portable terminal returned by the portal server is sent to the application server.
  • the present disclosure further provides an example application server terminal applied to a server or that resides at the server and interacts with an application client terminal and a wireless server.
  • the wireless server manages wireless access devices in at least one wireless network.
  • the application server terminal includes a push management unit and a MAC maintenance unit.
  • the push management unit acquires MAC address information of a portable terminal carried in the message, searches for a user corresponding to the MAC address in a local user MAC table, and pushes an authentication prompt message to an application client terminal of the user if the corresponding user is found.
  • the portal authentication unit determines if a user name and password in the request belong to a registered user of the present application, and if so, determines that portal authentication of the user succeeds.
  • the MAC maintenance unit updates the user MAC table with a correspondence relationship between the MAC address information and the user.
  • the present disclosure further provides an example portal authentication service method applied to an application server to interact with a portable terminal and a wireless server.
  • the wireless server manages wireless access devices in at least one wireless network.
  • the method may include the following operations.
  • Step a when a terminal connection message sent by the wireless server is received, the MAC address information of a portable terminal carried in the message is acquired, a user corresponding to the MAC address is searched in a local user MAC table, and an authentication prompt message is pushed to the user if the corresponding user is found;
  • Step b when a portal authentication request is received, it is determined if the user name and password in the request belong to a registered user of the present application, and if so, it is determined that portal authentication of the user succeeds.
  • Step c when the MAC address information sent by the user is received, the user MAC table is updated with a correspondence relationship between the MAC address information and the user.
  • the present disclosure significantly facilitates the user's operation of using a portal authentication, and prevents, to a large degree, a problem that a user fails to access the Internet through a wireless network as the user forgets to perform a portal authentication or does not know the portal authentication mechanism to access the Internet.
  • the present disclosure adapts better to the user requirements in a mobile Internet environment.
  • FIG. 1 is a schematic diagram of a WeiboTM refreshing result when a user forgets to perform a portal authentication.
  • FIG. 2 is a schematic diagram of a typical portal authentication networking.
  • FIG. 3 is a diagram of hardware and logic structure of each node in a linkage system in an example embodiment of the present disclosure.
  • FIG. 4 is a flow chart of an example portal authentication processing according to an example embodiment of the present disclosure.
  • FIG. 5 is a flow chart of an example detailed portal authentication processing according to an example embodiment of the present disclosure.
  • a portal authentication mechanism is described at first so that those of ordinary skill in the art will understand the technical advantages of the present disclosure more clearly.
  • a portable terminal 202 such as smart phone successfully connects to a wireless network
  • an external network such as a site on the Internet
  • Step I A user uses a browser at a portable terminal 202 to access a website, for example, www.weibo.com. Since an Internet Protocol (IP) address of the site is generally not in an exception list (free of authentication) of an AC (wireless access control server or device) 204 and the IP address of the user is not in the user whitelist of the AC 204, the process turns to Step II.
  • IP Internet Protocol
  • Step II A wireless access device redirects the access of the user to a portal server 206 (which is generally integrated with the AC 204) by means of a Hypertext Transfer Protocol (HTTP) redirection, and the portal server returns a portal authentication page to the browser.
  • HTTP Hypertext Transfer Protocol
  • Step III The user enters a user name and password in the portal authentication page and submits an authentication request, and the portal server then submits the authentication request to the wireless access device.
  • Step r The AC 204 initiates a portal authentication to the authentication server 208 to verify if the user name and password entered by the user are matched with an authorized user.
  • Step V If the user portal authentication passes, the AC 204 adds the IP address of the user to the user whitelist.
  • Step VI The user accesses to any website again, and since the IP address of the user is already in the user whitelist, the access of the user will be allowed.
  • Step I to Step VI describe a typical portal authentication process, and such process is generally the same as the portal authentication on a PC.
  • the portal authentication process may be simplified.
  • the portal authentication page returned by the portal server 206 carries an application associated component (such as an AlipayTM associated component).
  • the AlipayTM associated component After being loaded in the browser, the AlipayTM associated component will perform a calling operation of AlipayTM Wallet that calls AlipayTM Wallet to a foreground of the mobile phone, and sends a notification to ask AlipayTM Wallet to perform a portal authentication on behalf of the user.
  • AlipayTM Wallet performs the portal authentication by using an AlipayTM user name and password of the user according to the notification.
  • an application server 208 (such as AlipayTM server) plays the role of the corresponding authentication server; in this manner, the user does not need to remember the user name and password for the portal authentication, and instead the user can use the AlipayTM user name and password.
  • the portable terminal 202 may connect to the AC 204 through an AP (access point) 214.
  • the user Since the application AlipayTM Wallet may keep a logged-in status regularly, the user generally does not need to open the browser, and the operation of entering the AlipayTM user name and password in the portal authentication process is not necessary. More importantly, as AlipayTM has built partnerships with many merchants, the user may use the same user name and password to implement the portal authentication when paying a visit to those merchants. Of course, if a user is not an AlipayTM user, the user may still perform the portal authentication in a conventional portal authentication mode, but this user may need to register beforehand to acquire a portal user name and password, or acquire a temporary portal user name and password through a text message or in other manners. The authentication of the portal user name and password of such user will still be carried out in the authentication server. This solution facilitates the portal authentication of AlipayTM users or registered users of similar applications. However, such implementation still fails to thoroughly solve the technical problem raised in the background.
  • the present disclosure further optimizes on the basis of the portal authentication described above.
  • the present disclosure is based on an intensive linkage between a network system and an application system.
  • the network system physically includes wireless access devices in a wireless network of a merchant and a wireless server that manages each of the wireless access devices; and the application system physically includes a portable terminal and an application server.
  • the wireless access device provides a wireless network access service for the portable terminal.
  • the wireless access device may be possessed by various merchants such as an operator or a food vendor, which is generally deployed in a physical area where the merchant provides a business service.
  • each host includes one or more processors, memories, additional non-volatile storage devices, and network interfaces.
  • a logic apparatus also referred to as a "virtual apparatus”
  • a processor on a corresponding host reads a computer program or computer-executable instructions into a memory for execution.
  • the present disclosure does not exclude other implementations, such as a programmable logic device, in addition to software implementation.
  • an entity executing each processing step in the subsequent description may be implemented by using hardware, a logic device, or the like.
  • a client or a portable terminal 302 includes one or more network interfaces 304, one or more processors or data processing unit(s) 306, and memory 308.
  • the memory 308 is an example of computer-readable media.
  • the memory 308 may store therein a plurality of modules or units including a push processing unit 310, a MAC synchronization unit 312, and a portal agent unit 314.
  • the portable terminal 302 may further include an additional non-volatile storage device 316.
  • the portable terminal 302 is connected to the network via a wireless access device 318.
  • An application server terminal 320 includes one or more network interfaces 322, one or more processor(s) or data processing unit(s) 324, and memory 326.
  • the memory 326 is an example of computer-readable media.
  • the memory 326 may store therein a plurality of modules or units including a MAC maintenance unit 328, a portal authentication unit 330, and a push management unit 332.
  • the application server terminal 320 may further include an additional non-volatile storage device 334.
  • the client terminal, the wireless access device, the wireless server, and the application server terminal coordinate with each other during the operation to perform the following operations.
  • the wireless access device reports a terminal connection message to the wireless server when it is determined that a portable terminal connects to the wireless network of the wireless access device.
  • the message carries an identifier of the wireless access device and MAC address information of the portable terminal that connects to the wireless network.
  • the wireless server sends a connection prompt message to the application server terminal.
  • the connection prompt message carries the MAC address information of the portable terminal.
  • the push management unit of the application server terminal acquires the MAC address information of the portable terminal carried in the message, and searches for a user corresponding to the MAC address in a user MAC table such as a local user MAC table. If the corresponding user is found, operations at 408 are performed. Otherwise, the current process flow is ended.
  • the push management unit of the application server terminal pushes an authentication prompt message to an application client terminal of the found user.
  • the push processing unit of the application client terminal outputs an authentication prompt option corresponding to the authentication prompt message in a message prompt bar of the portable terminal.
  • the portal agent unit of the application client terminal initiates the portal authentication, acquires the MAC address information of the portable terminal returned by the portal server after the portal authentication is initiated, and, during the portal authentication, uses a user name and password that the application client terminal uses to log into the application server terminal as a user name and password for the portal authentication.
  • the portal authentication unit of the application server terminal determines if the user name and password in the request belong to a registered user of the application, and if so, determines that the portal authentication of the user succeeds.
  • the MAC synchronization unit of the application client terminal sends the
  • the MAC maintenance unit of the application server terminal updates the user MAC table with a correspondence relationship between the MAC address information and the user.
  • the portable terminal may be a terminal device that is easy for users to carry, for example, a smart phone, a PDA, or a tablet computer.
  • a smart phone is used as an example for the description below.
  • the application client terminal of the present disclosure may be an application software running on the portable terminal, which may be any client terminal from which the user enters a user name and password to log in to the application, such as mobile phone application client terminals including AlipayTM Wallet, TaobaoTM, SinaTM WeiboTM, or Laiwang.
  • the application client terminal AlipayTM Wallet is used as an example for the description below.
  • the application server terminal is service software that runs on an application server and provides a corresponding application service for the application client terminal.
  • the AlipayTM server terminal is used as an example of the application server below.
  • the wireless access device may be a fat AP, a AC in the architecture of AC and thin AP, or other similar network devices having a wireless access function.
  • the AC is used as an example for the description below.
  • one smart phone In most cases, one smart phone generally has a unique MAC address, and therefore, one MAC address generally has a relatively stable correspondence relationship with one user using AlipayTM Wallet.
  • a corresponding user is thus determined to attempt to access the Internet through the wireless network.
  • the AlipayTM server terminal is informed of this event according to the terminal connection message sent by the wireless server.
  • the AlipayTM server terminal finds a corresponding AlipayTM user according to the MAC address information carried in the message, and in this case, it is assumed that the AlipayTM user is using the afore-mentioned smart phone that connects to the AC.
  • the AlipayTM server terminal pushes an authentication prompt message to the AlipayTM client terminal of the user.
  • AlipayTM Wallet generates an authentication prompt option according to the authentication prompt message; as long as the user selects the authentication prompt option, AlipayTM Wallet automatically performs the portal authentication on behalf of the user.
  • the user only needs to select the authentication prompt option by clicking or a similar simple operation, and the portal authentication is completed quickly.
  • the present techniques prevent, to a large degree, the problem that users forget to form the portal authentication.
  • an authentication process for a first-time access of the smart phone to the wireless network is different in certain degrees from an authentication process for a non-first-time access to the wireless network.
  • operations from 412 to 418 are performed.
  • the difference between the portal authentication processes for the first-time access and non- first- time access are just the authentication triggering manner.
  • a user visits a cooperative merchant (assuming it is merchant A) of AlipayTM for the first time.
  • the user uses his smart phone (of which the MAC address is MAC3) to find a wireless network of merchant A, and completes a connection to the wireless network.
  • the user's operation of connecting to the wireless network of merchant A will trigger operations from 402 to 406.
  • the AlipayTM server terminal searches in a local user MAC table according to MAC3, as shown in Table 1. Since it is the first time that the user uses the AlipayTM server terminal to perform a portal authentication, MAC3 does not exist in Table 1 ; at the moment, the process flow of the application server terminal is ended here.
  • the application server terminal does not know which user uses a smart phone to connect to the wireless network of merchant A, and therefore, cannot push an authentication prompt message.
  • the user connects to the wireless network of the cooperative merchant of AlipayTM for the first time, operations at 408 will not be performed, and the mobile phone of the user will not receive an authentication prompt message. In this case, the user has to trigger a portal authentication process manually.
  • Table 1
  • the process of manually triggering portal authentication by the user is the same as that in the prior art, for example, by accessing to any website that is not in an exception site list, or to put it simply, the portal authentication is triggered as long as the user accesses to the Internet by using the browser.
  • the application client terminal AlipayTM Wallet will be called by an AlipayTM associated component running on the browser.
  • the portal agent unit of AlipayTM Wallet will receive an authentication notification of the associated component.
  • the portal agent unit may check if the user is in an application logged-in status, and if the user Tony is not in the application logged-in status, an AlipayTM Wallet login interface is called to the foreground so that the user may enter an AlipayTM user name and password in the interface.
  • the AlipayTM server terminal After the user submits the user name and password, the AlipayTM server terminal performs an identity authentication to complete the application login.
  • the portal agent unit may take no account of the security mechanism of the application AlipayTM such that the application AlipayTM has its own login timeout mechanism, but this does not affect the use of the AlipayTM identity information (AlipayTM user name and password) as an alternative in the portal authentication.
  • the portal authentication may be initiated as long as the user name and password of the user are stored in the AlipayTM client terminal. After the portal authentication is initiated, the portal authentication request will finally reach the AlipayTM server terminal, and the portal authentication unit of the AlipayTM server terminal checks if the user name and password in the portal authentication request belong to a registered user of AlipayTM, and if so, may return an authentication success notification to the wireless access device. Then the wireless access device notifies the smart phone of the successful authentication.
  • an IP address that the AlipayTM server terminal uses to provide application services is generally configured in the exception site list of the AC of merchant A; in other words, each user may access the IP address through the AC to acquire application services without any limitation, no matter whether the user passes the authentication or not.
  • Step 406 there are two kinds of trigger conditions for initiating the portal authentication: one is that the authentication prompt option is selected by the user, and the other is that a notification from the associated component of the browser is received.
  • the trigger condition is the notification of the associated component of the browser.
  • operations from 402 to 418 are only partially performed, in which operations at 408 and 410 are not performed and objectives of the operations at 408 and 410 are achieved by a manual operation of the user.
  • AlipayTM Wallet in the present disclosure further performs operations at 416 and 418, which are different from the prior art.
  • the method that the AlipayTM Wallet acquires the MAC address is significantly different from that in the prior art.
  • application developers normally consider reading the MAC address from the operating system directly, and then sending the MAC address to the server terminal as the MAC address is an attribute of mobile phone hardware.
  • the WindowsTM operating system by using the WindowsTM operating system as an example, all ordinary users may acquire the MAC address of the host by using a command such as "ipconfig /all.”
  • ipconfig /all a command such as "ipconfig /all.”
  • such conventional implementation idea has imperceptible technical defects.
  • a mobile operating system provider sets many obstacles for reading a MAC address of a mobile phone.
  • the AndroidTM operating system provided by GoogleTM
  • additional conditions need to be satisfied, and to meet these additional conditions, more complicated development work needs to be done.
  • the IOSTM operating system provided by AppleTM
  • the operating system does not allow mobile phone applications to read the MAC address of the smart phone directly.
  • the present techniques acquire the MAC address of the user in a more convenient method while ensuring the information security of the user.
  • the AC naturally stores the MAC address of the smart phone as the AC needs to forward packets to the smart phone. Therefore, the AC may pass the MAC address of the smart phone to the portal server during the portal authentication, and the portal server returns the MAC address to the AlipayTM Wallet.
  • the portal server is often integrated into the AC, and therefore, it is relatively easy to pass the MAC address.
  • the present disclosure returns, to the AlipayTM Wallet, the MAC address of the mobile phone as a parameter passed by a redirected uniform resource location (URL) (a passing parameter of the redirected URL).
  • URL uniform resource location
  • the AlipayTM Wallet does not need to perform a special processing and a MAC synchronization unit thereon only needs to send the encrypted data to the application server terminal.
  • the application server terminal needs to perform the special processing.
  • the MAC maintenance unit determines if the MAC address information is encrypted data before the MAC address information is stored. If the MAC address information is not the encrypted data, the MAC maintenance unit only needs to store the correspondence relationship between the MAC address information and the user.
  • the MAC maintenance unit needs to invoke, according to a vendor identification additionally carried in the passing parameter, a corresponding decryption algorithm to decrypt the encrypted data, to acquire plaintext MAC address information, and then store the correspondence relationship between the MAC address information and the user.
  • the provider of the wireless access device has a partnership with AlipayTM, and thus the vendor identification of the device and an encryption/decryption corresponding to the identification (if necessary) are stored on the AlipayTM server terminal.
  • the linkage of the MAC address information is realized, and moreover, the security of user information is improved.
  • a process flow for the non-first-time access of the user to the wireless network of the cooperative merchant of AlipayTM Referring to FIG. 5, after the user Tony completes the first portal authentication in cooperative merchant A of AlipayTM, the AlipayTM server terminal stores the correspondence relationship between the user and the MAC address of the mobile phone of the user.
  • a portable terminal (application client terminal) 504 such as smart phone that is installed an application e.g., AlipayTM accesses to a wireless access network via a wires access device 506 (integrated with a portal server).
  • the wireless access device 506 sends a terminal connection message to a wireless server 510.
  • the wireless server 510 sends a connection prompt message to an application server 514 such as an AlipayTM server with AlipayTM server terminal.
  • the application server 514 finds a user according to MAC address information included in the connection prompt message.
  • the application server 514 pushes an authentication prompt message to the portable terminal 504.
  • the portable terminal 504 generates an authentication prompt option and displays it to a user.
  • the portal terminal 504 initiates a portal authentication with the wireless access device 506 when it is determined that the authentication prompt option is selected by the user.
  • the wireless access device 506 sends the MAC address of the portable terminal 504 returned from the portal server as a passing parameter of a redirected URL to the portable terminal 502.
  • the portable terminal 504 acquires the MAC address information from the redirected URL.
  • the portable terminal 504 submits a user name and password of the application such as AlipayTM to the wireless access device 506.
  • the wireless access device sends a portal authentication request 530 to the application server 514.
  • the application server 514 conducts an identity authentication 532.
  • the application server 514 informs the wireless access device.
  • the wireless access device 506 informs the portable terminal 504 that the authentication succeeds.
  • the portable terminal 504 sends its MAC address information to the application server 514.
  • the application server 514 saves the MAC address information and the user to a user MAC table.
  • the user Tony With the correspondence relationship and the operations from 402 to 418, it is quite convenient for the user Tony to subsequently use a wireless network in any cooperative merchant of AlipayTM. Assuming that the user Toney visits merchant B again several days later, the user Tony uses his smart phone to find the wireless network of merchant B, and completes a connection to the wireless network. As described above, the user's operation of connecting to the wireless network of merchant B triggers operations from 402 to 406.
  • the AlipayTM server terminal finds that the user using MAC3 is Tony when searching in the local user MAC table (which is Table 2 in this case), and then the application server terminal turns to 408 to push an authentication prompt message to the user.
  • the AlipayTM server terminal is in the exception site list of the AC; therefore, the mutual access between AlipayTM Wallet and the AlipayTM server terminal is unlimited, while the application AlipayTM Wallet generally keeps a connection with the AlipayTM server terminal in the background to timely transmit important data with each other. Therefore, the authentication prompt message may be pushed to AlipayTM Wallet of user Tony smoothly.
  • AlipayTM Wallet performs operations at 410 correspondingly to output an authentication prompt option in the message prompt bar (for example, at the top of the screen of the mobile phone).
  • the design of message prompt option of social applications such as WeiboTM or other similar designs (which will not be specifically described) may be used to output the option, which is not detailed herein.
  • AlipayTM Wallet may also output sound or a vibration prompt to remind the user correspondingly.
  • the user may select the authentication prompt option by performing pull-down and clicking operations.
  • AlipayTM Wallet performs operations at 412 to complete the portal authentication on behalf of the user.
  • the IP address of the user will be added to the whitelist of the AC; in this way, the user may pass the portal authentication almost without perceiving it, and access the Internet.
  • any AlipayTM user during the first-time connection to the wireless network of the cooperative merchant of AlipayTM, the user needs to manually open the browser and enter a website to trigger a portal authentication process. Afterwards, when the user goes to any cooperative merchant of AlipayTM and successfully connects to the wireless network, the user will receive an authentication prompt in a very short time, and only needs to select the authentication prompt option by performing operations such as pull-down and clicking to complete the portal authentication easily. On one hand, the user does not need to perform relatively complex operations such as opening the browser to enter a website. On the other hand, since the user acquires the authentication prompt, it prevents the user from forgetting to perform the portal authentication, which is more meaningful for those who are not familiar with the portal authentication technology.
  • the description focuses on the case in which the user uses a particular smart phone, which may generally satisfy the use demands of the majority of users.
  • the present disclosure is also applicable to the case in which the user uses multiple portable terminals. It is assumed that the user Tony uses two smart phones, in which the MAC address of mobile phone 1 is MAC 3 and the MAC address of mobile phone 2 is MAC256. If the user Tony uses the mobile phone 2 to repeat the foregoing use process, the server terminal only needs to store one unique table entry for one user; that is, the table entry of Tony is updated, and the MAC address of Tony is updated to be MAC256. If Tony uses the mobile phone 1 again, the table entry of Tony is refreshed again.
  • this table entry may be deleted according to a preset aging mechanism.
  • the third table entry in Table 3 is never updated at 418 or is not updated for more than a preset threshold of item, it may be inferred that the user no longer uses the MAC address, and thus this table entry may be deleted. If Tony uses this MAC address (for example, uses the original mobile phone) again, the present disclosure may still perform a normal processing according to the procedures described above.
  • the linkage mechanism of the present disclosure can facilitate the linkage between users and merchants.
  • an AC 602 (whose device identifier is AC 100) in FIG. 6 has a correspondence relationship with a merchant whose merchant identifier is HDL.
  • the AC 602 may be a device bought or rented by merchant HDL. That is, the AC and the merchant have a correspondence relationship on the side of the wireless server, and this correspondence is often stored in a database of the wireless server 604, as shown in Table 4.
  • the AC 602 sends a terminal connection message including the AC identification to the wireless server 604.
  • the wireless server 604 searches the merchant identification according to the AC identification.
  • the wireless server 604 sends a connection prompt message including the merchant identification to an application server 612 such as an AlipayTM server terminal.
  • the application server 612 sends an authentication prompt message that includes service information of the merchant corresponding to the merchant identification and/or a third-party application corresponding to the merchant to a portable terminal 616 such as a smart phone installed an AlipayTM client terminal.
  • the portable terminal 616 displays the server information and/or call the corresponding third-party application after the portal authentication succeeds.
  • the portable terminal 616 displays the service information and/or calls the corresponding third- party application after the portal authentication succeeds.
  • the portable terminal 616 connects with the AC 602 via an AP 618.
  • the wireless server finds the corresponding merchant identifier HDL according to the
  • AC identifier namely, AC 100, carried in the terminal connection message, adds the merchant identifier HDL to the connection prompt message, and sends it to the AlipayTM server terminal.
  • the AlipayTM server terminal stores the service information and/or a third-party application identifier corresponding to merchant HDL.
  • the AlipayTM server terminal may further include a merchant interface unit.
  • the merchant interface unit may be a web service window. After the merchant logs in by using a corresponding enterprise account, the service information and third-party application identifier configured by the merchant are sent to the merchant interface unit, and the merchant interface unit stores the service information and third-party application identifier in a merchant information table.
  • the merchant HDL may use the merchant interface unit to update the service information, such as commodity promotion information and new arrival information, in the merchant information table on the application server terminal regularly or irregularly.
  • the third-party application identifier may be an identifier of an application client terminal corresponding to the merchant HDL, such as an ordering client developed by HDL itself, or an application client terminal, such as TaobaoTM app, developed by a cooperator of HDL and applicable to HDL.
  • the push management unit of the AlipayTM server terminal searches the merchant information table (referring to the example in FIG. 5) according to the merchant identifier HDL in the connection prompt message to determine the corresponding service information and/or third-party application identifier.
  • the push management unit adds the found service information and/or third-party application identifier to the authentication prompt message, and pushes the authentication prompt message to AlipayTM Wallet.
  • the push processing unit of AlipayTM Wallet acquires the service information from the authentication prompt message and displays the service information.
  • the push processing unit may display the service information after the portal authentication is passed as the service information may include a link and the user needs to click the link to access a corresponding site. Before the portal authentication is passed, the user cannot access those sites unless they are in the whitelist of exception sites.
  • the push processing unit may further check if the smart phone has a corresponding third-party application locally. If the smart phone has the corresponding third-party application locally, the push processing unit starts the third-party application. If the smart phone does not have the corresponding third-party application locally, the push processing unit gives up, or suggests that the user download the third-party application.
  • the present techniques further display the latest service information of merchant HDL to the user so that the user may conveniently have updated latest merchant service information in time.
  • the push management unit facilitates self-service ordering of the user who is planning to dine in HDL.
  • display of such service information and calling of the third-party application make consumption activities of users in merchant HDL much easier and reduce the costs of communication between consumers and the merchant.
  • a computing device such as any server or device as described in the present disclosure may include one or more central processing units (CPU), one or more input/output interfaces, one or more network interfaces, and memory.
  • CPU central processing units
  • input/output interfaces one or more input/output interfaces
  • network interfaces one or more network interfaces
  • memory one or more network interfaces
  • the memory may include forms such as non-permanent memory, random access memory (RAM), and/or non- volatile memory such as read only memory (ROM) and flash random access memory (flash RAM) in the computer-readable media.
  • RAM random access memory
  • ROM read only memory
  • flash RAM flash random access memory
  • the memory is an example of computer-readable media.
  • the computer-readable media includes permanent and non-permanent, movable and non-movable media that may use any methods or techniques to implement information storage.
  • the information may be computer-readable instructions, data structure, software modules, or any data.
  • the example of computer storage media may include, but is not limited to, phase-change memory (PCM), static random access memory (SRAM), dynamic random access memory (DRAM), other type RAM, ROM, electrically erasable programmable read only memory (EEPROM), flash memory, internal memory, CD-ROM, DVD, optical memory, magnetic tape, magnetic disk, any other magnetic storage device, or any other non-communication media that may store information accessible by the computing device.
  • PCM phase-change memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • ROM electrically erasable programmable read only memory
  • flash memory internal memory
  • CD-ROM DVD
  • optical memory magnetic tape
  • magnetic disk any other magnetic storage device, or any other non-communication media that may store information accessible by the computing device.
  • the term “including,” “comprising,” or any variation thereof refers to non-exclusive inclusion so that a process, method, product, or device that includes a plurality of elements does not only include the plurality of elements but also any other element that is not expressly listed, or any element that is essential or inherent for such process, method, product, or device. Without more restriction, the elements defined by the phrase “including a " does not exclude that the process, method, product, or device includes another same element in addition to the elements.
  • the example embodiments may be presented in the form of a method, a system, or a computer software product.
  • the present techniques may be implemented by hardware, computer software, or a combination thereof.
  • the present techniques may be implemented as the computer software product that is in the form of one or more computer storage media (including, but is not limited to, disk, CD-ROM, or optical storage device) that include computer-executable or computer-readable instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

When a portable terminal of a user receives an authentication prompt message pushed by an application server, an authentication prompt option corresponding to the authentication prompt message is output at the portable terminal. A portal authentication is initiated after the authentication prompt option is selected by the user. MAC address information of the portable terminal returned by a portal server is acquired after the portal authentication is initiated. A user name and password for the application client terminal to log into the application server terminal is used as a user name and password for portal authentication. The MAC address information of the portable terminal returned by the portal server is sent to the application server. The present disclosure facilitates the operation of using the portal authentication, prevents the user from forgetting to perform the portal authentication, and brings convenience to those who are not familiar with the portal authentication mechanism.

Description

PORTAL AUTHENTICATION
CROSS-REFERENCE TO RELATED PATENT APPLICATION
This application claims foreign priority to Chinese Patent Application No. 201410148906.8 filed on 14 April 2014, entitled "Application Client Terminal, Server, and Corresponding Portal Verification Method," which is hereby incorporated by reference in its entirety.
TECHNICAL FIELD
The present disclosure relates to the field of Internet technology, and in particular, to an application client terminal and an application server.
BACKGROUND
With the development of upstream and downstream industries of the mobile Internet, at present mobile access has gradually become main stream for obtaining access to the Internet. Users use portable terminals such as smart phones and pads to utilize various mobile applications including online shopping applications and social applications. Even at home, a lot of users still prefer to use portable terminals to access a network. At a public place, a user may use mobile data access technologies such as 3G/4G to access the Internet. When a free wireless network access service is available at a public place where the user is located, the user usually chooses to access the Internet via Wireless Local Area Network (WLAN). Compared with mobile data access, the WLAN access generally provides a more stable and faster Internet access experience, and significantly reduces Internet access fees for the user.
Public places such as a Haidilao™ restaurant or Starbucks™ generally provide wireless access service for users. As a merchant, Haidilao™ or Starbucks™ needs to construct and manage its own wireless network, such as deploying a wireless network that includes a wireless access point (AP) and a wireless access controller (AC). In this scenario, the merchant such as Haidilao™ is not only an owner of the wireless network but also an administrator of the wireless network, and needs to take security and service quality of the wireless access service into consideration. From the perspective of security, user identity authentication is undoubtedly an extremely important security mechanism. Wireless authentication modes such as Wi-Fi Protected Access (WPA)/WPA2 are widely applied to small-sized networks such as a home network, and an administrator of the network informs each authorized user of a secret key in a relatively safe manner. In some medium-sized or large-sized networks deployed by merchants, informing users of a key one by one is obviously unacceptable. Moreover, the mechanism described above runs at a wireless link layer, and therefore has poor compatibility. For example, portable terminals of some users are earlier models, and the wireless technology used on such portable terminals may not support authentication modes such as WPA2.
A portal authentication runs at a layer above the network layer, has general applicability, and is almost irrelevant to hardware of portable terminals of the user and wireless access technologies used on the portable terminals. A user obtains network access permission on the basis of a standard portal authentication process as long as the user accesses a wireless network. However, the portal authentication technology actually originates from the era of personal computer (PC) Internet, and has a technical problem for adapting to the usage characteristics of the mobile Internet.
Referring to FIG. 1, a WLAN Internet access service provided by China Unicom™ is used as an example. After a smart phone of a user successfully connects to an AP of China Unicom™ (accesses a wireless network), on the message prompt bar on top of a screen of the smart phone of the user, a wireless network connection icon 11 indicates that the smart phone has successfully connected to the wireless network. However, at this time, the user may not refresh Weibo™ successfully. The root cause of this problem is that many ordinary users take it for granted that they may access an external network (generally the Internet) after successfully connecting to the wireless network. But in fact, the users merely successfully connect to the wireless network of Unicom™ in a wireless manner. Except for some authentication- free sites (such as a Dynamic Host Configuration Protocol (DHCP) server), the users cannot access the Internet before passing a portal authentication.
With regard to a user terminal, the portal authentication is implemented on the basis of a browser, and many ordinary users do not know that they need to open the browser to initiate a portal authentication process because this authentication mechanism is different from the authentication mode of wireless networks in a user's homes. From another perspective, even if some users understand working principles of the portal authentication, it is still inconvenient to perform the portal authentication. For example, portable terminals of users generally have a function of automatically connecting to wireless networks to which the portable terminals have previously connected, while many smart phones will automatically turn off mobile data connections such as 3G when the smart phones successfully connect to the wireless network. Once the smart phone of the user automatically connects to the wireless network while the user does not notice this situation, the user will not initiate a portal authentication through the browser. In such a scenario, the user terminal may not access the Internet because the mobile data connection is turned off and problems will occur in many applications that need exchange data online all the time.
SUMMARY
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify all key features or essential features of the claimed subject matter, nor is it intended to be used alone as an aid in determining the scope of the claimed subject matter. The term "techniques," for instance, may refer to apparatus(s), system(s), method(s) and/or computer- readable instructions as permitted by the context above and throughout the present disclosure.
The present disclosure provides an example application client terminal that resides or is applied on a portable terminal. The client includes a push processing unit, a portal agent unit, and a media access control address (MAC) synchronization unit.
The push processing unit, when receiving an authentication prompt message pushed by an application server, outputs an authentication prompt option corresponding to the authentication prompt message in a message prompt bar of the portable terminal.
The portal agent unit initiates a portal authentication after it is determined that the authentication prompt option is selected by a user, acquires MAC address information of the present portable terminal returned by a portal server after the portal authentication is initiated. The portal agent, during the portal authentication, uses a user name and password that the application client terminal logs into the application server or the application server terminal as a user name and password for the portal authentication.
The MAC synchronization sends the MAC address information of the present portable terminal returned by the portal server to the application server. The present disclosure further provides an example portal authentication method applied to a portable terminal 0 The method includes the following operations.
Step A: when an authentication prompt message pushed by an application server is received, an authentication prompt option corresponding to the authentication prompt message is output in a message prompt bar of the portable terminal;
Step B: the portal authentication is initiated after it is determined that the authentication prompt option is selected by a user. The MAC address information of the present portable terminal returned by a portal server is acquired after the portal authentication is initiated. During the portal authentication, a user name and password for the application logging into an application server is used as a user name and password for the portal authentication.
Step C: the MAC address information of the present portable terminal returned by the portal server is sent to the application server.
The present disclosure further provides an example application server terminal applied to a server or that resides at the server and interacts with an application client terminal and a wireless server. The wireless server manages wireless access devices in at least one wireless network. The application server terminal includes a push management unit and a MAC maintenance unit.
When a terminal connection message sent by the wireless server is received, the push management unit acquires MAC address information of a portable terminal carried in the message, searches for a user corresponding to the MAC address in a local user MAC table, and pushes an authentication prompt message to an application client terminal of the user if the corresponding user is found.
When a portal authentication request is received, the portal authentication unit determines if a user name and password in the request belong to a registered user of the present application, and if so, determines that portal authentication of the user succeeds.
When the MAC address information sent by the application client terminal of the user is received, the MAC maintenance unit updates the user MAC table with a correspondence relationship between the MAC address information and the user.
The present disclosure further provides an example portal authentication service method applied to an application server to interact with a portable terminal and a wireless server. The wireless server manages wireless access devices in at least one wireless network. The method may include the following operations.
Step a: when a terminal connection message sent by the wireless server is received, the MAC address information of a portable terminal carried in the message is acquired, a user corresponding to the MAC address is searched in a local user MAC table, and an authentication prompt message is pushed to the user if the corresponding user is found;
Step b: when a portal authentication request is received, it is determined if the user name and password in the request belong to a registered user of the present application, and if so, it is determined that portal authentication of the user succeeds.
Step c: when the MAC address information sent by the user is received, the user MAC table is updated with a correspondence relationship between the MAC address information and the user.
Compared with the conventional techniques, the present disclosure significantly facilitates the user's operation of using a portal authentication, and prevents, to a large degree, a problem that a user fails to access the Internet through a wireless network as the user forgets to perform a portal authentication or does not know the portal authentication mechanism to access the Internet. The present disclosure adapts better to the user requirements in a mobile Internet environment.
BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a Weibo™ refreshing result when a user forgets to perform a portal authentication.
FIG. 2 is a schematic diagram of a typical portal authentication networking.
FIG. 3 is a diagram of hardware and logic structure of each node in a linkage system in an example embodiment of the present disclosure.
FIG. 4 is a flow chart of an example portal authentication processing according to an example embodiment of the present disclosure;
FIG. 5 is a flow chart of an example detailed portal authentication processing according to an example embodiment of the present disclosure.
FIG. 6 is a schematic diagram of an example convenient linkage process for a merchant and a user according to an example embodiment of the present disclosure. DETAILED DESCRIPTION
Prior to the introduction of the example embodiments of the present disclosure, a portal authentication mechanism is described at first so that those of ordinary skill in the art will understand the technical advantages of the present disclosure more clearly. Referring to a networking example shown in FIG. 2, in this networking environment, after a portable terminal 202 such as smart phone successfully connects to a wireless network, a user accesses an external network (such as a site on the Internet) to trigger a portal authentication. The portal authentication process may be briefly described as follows:
Step I: A user uses a browser at a portable terminal 202 to access a website, for example, www.weibo.com. Since an Internet Protocol (IP) address of the site is generally not in an exception list (free of authentication) of an AC (wireless access control server or device) 204 and the IP address of the user is not in the user whitelist of the AC 204, the process turns to Step II.
Step II: A wireless access device redirects the access of the user to a portal server 206 (which is generally integrated with the AC 204) by means of a Hypertext Transfer Protocol (HTTP) redirection, and the portal server returns a portal authentication page to the browser.
Step III: The user enters a user name and password in the portal authentication page and submits an authentication request, and the portal server then submits the authentication request to the wireless access device.
Step r : The AC 204 initiates a portal authentication to the authentication server 208 to verify if the user name and password entered by the user are matched with an authorized user.
Step V: If the user portal authentication passes, the AC 204 adds the IP address of the user to the user whitelist.
Step VI: The user accesses to any website again, and since the IP address of the user is already in the user whitelist, the access of the user will be allowed.
Step I to Step VI describe a typical portal authentication process, and such process is generally the same as the portal authentication on a PC. To adapt to the requirements of the mobile Internet and bring convenience to users, in a more optimized solution, on the basis of a linkage between a wireless access device (such as the AC 204 described above) and an application server 208, the portal authentication process may be simplified. In Step II, the portal authentication page returned by the portal server 206 carries an application associated component (such as an Alipay™ associated component). After being loaded in the browser, the Alipay™ associated component will perform a calling operation of Alipay™ Wallet that calls Alipay™ Wallet to a foreground of the mobile phone, and sends a notification to ask Alipay™ Wallet to perform a portal authentication on behalf of the user. Assuming that the user has already logged into Alipay™ Wallet at the moment, Alipay™ Wallet performs the portal authentication by using an Alipay™ user name and password of the user according to the notification. In Step IV, since Alipay™ user name and password are used, in this case, an application server 208 (such as Alipay™ server) plays the role of the corresponding authentication server; in this manner, the user does not need to remember the user name and password for the portal authentication, and instead the user can use the Alipay™ user name and password. There may be one or more other wireless server(s) 210 that provides wireless service with the authentication server 212 and the application server 208. The portable terminal 202 may connect to the AC 204 through an AP (access point) 214.
Since the application Alipay™ Wallet may keep a logged-in status regularly, the user generally does not need to open the browser, and the operation of entering the Alipay™ user name and password in the portal authentication process is not necessary. More importantly, as Alipay™ has built partnerships with many merchants, the user may use the same user name and password to implement the portal authentication when paying a visit to those merchants. Of course, if a user is not an Alipay™ user, the user may still perform the portal authentication in a conventional portal authentication mode, but this user may need to register beforehand to acquire a portal user name and password, or acquire a temporary portal user name and password through a text message or in other manners. The authentication of the portal user name and password of such user will still be carried out in the authentication server. This solution facilitates the portal authentication of Alipay™ users or registered users of similar applications. However, such implementation still fails to thoroughly solve the technical problem raised in the background.
Continuing to refer to FIG. 2, the present disclosure further optimizes on the basis of the portal authentication described above. In an example embodiment, the present disclosure is based on an intensive linkage between a network system and an application system. The network system physically includes wireless access devices in a wireless network of a merchant and a wireless server that manages each of the wireless access devices; and the application system physically includes a portable terminal and an application server. The wireless access device provides a wireless network access service for the portable terminal. The wireless access device may be possessed by various merchants such as an operator or a food vendor, which is generally deployed in a physical area where the merchant provides a business service.
Referring to FIG. 3, to help depict the present disclosure, hardware architectures of the hosts such as the server and portable terminal are simplified and abstracted. At a hardware layer, each host includes one or more processors, memories, additional non-volatile storage devices, and network interfaces. From the perspective of a service layer, both the application client terminal and the application server terminal in FIG. 3 may be construed as a logic apparatus (also referred to as a "virtual apparatus") formed in the following manner: a processor on a corresponding host reads a computer program or computer-executable instructions into a memory for execution. Of course, the present disclosure does not exclude other implementations, such as a programmable logic device, in addition to software implementation. In other words, an entity executing each processing step in the subsequent description may be implemented by using hardware, a logic device, or the like.
In the example embodiment as shown in FIG. 3, a client or a portable terminal 302 includes one or more network interfaces 304, one or more processors or data processing unit(s) 306, and memory 308. The memory 308 is an example of computer-readable media. The memory 308 may store therein a plurality of modules or units including a push processing unit 310, a MAC synchronization unit 312, and a portal agent unit 314. The portable terminal 302 may further include an additional non-volatile storage device 316. The portable terminal 302 is connected to the network via a wireless access device 318.
An application server terminal 320 includes one or more network interfaces 322, one or more processor(s) or data processing unit(s) 324, and memory 326. The memory 326 is an example of computer-readable media. The memory 326 may store therein a plurality of modules or units including a MAC maintenance unit 328, a portal authentication unit 330, and a push management unit 332. The application server terminal 320 may further include an additional non-volatile storage device 334.
Referring to FIG. 4, the client terminal, the wireless access device, the wireless server, and the application server terminal coordinate with each other during the operation to perform the following operations. At 402, the wireless access device reports a terminal connection message to the wireless server when it is determined that a portable terminal connects to the wireless network of the wireless access device. The message carries an identifier of the wireless access device and MAC address information of the portable terminal that connects to the wireless network.
At 404, after the terminal connection message is received, the wireless server sends a connection prompt message to the application server terminal. The connection prompt message carries the MAC address information of the portable terminal.
At 406, when the terminal connection message sent by the wireless server is received, the push management unit of the application server terminal acquires the MAC address information of the portable terminal carried in the message, and searches for a user corresponding to the MAC address in a user MAC table such as a local user MAC table. If the corresponding user is found, operations at 408 are performed. Otherwise, the current process flow is ended.
At 408, the push management unit of the application server terminal pushes an authentication prompt message to an application client terminal of the found user.
At 410, when the authentication prompt message pushed by the application server terminal is received, the push processing unit of the application client terminal outputs an authentication prompt option corresponding to the authentication prompt message in a message prompt bar of the portable terminal.
At 412, after it is determined that the authentication prompt option is selected by the user or after the notification from an associated component of a browser is received, the portal agent unit of the application client terminal initiates the portal authentication, acquires the MAC address information of the portable terminal returned by the portal server after the portal authentication is initiated, and, during the portal authentication, uses a user name and password that the application client terminal uses to log into the application server terminal as a user name and password for the portal authentication.
At 414, when the portal authentication request is received, the portal authentication unit of the application server terminal determines if the user name and password in the request belong to a registered user of the application, and if so, determines that the portal authentication of the user succeeds. At 416, the MAC synchronization unit of the application client terminal sends the
MAC address information of the portable terminal returned by the portal server to the application server terminal.
At 418, after the MAC address information sent by the application client terminal is received, the MAC maintenance unit of the application server terminal updates the user MAC table with a correspondence relationship between the MAC address information and the user.
In the present disclosure, the portable terminal may be a terminal device that is easy for users to carry, for example, a smart phone, a PDA, or a tablet computer. A smart phone is used as an example for the description below. The application client terminal of the present disclosure may be an application software running on the portable terminal, which may be any client terminal from which the user enters a user name and password to log in to the application, such as mobile phone application client terminals including Alipay™ Wallet, Taobao™, Sina™ Weibo™, or Laiwang. The application client terminal Alipay™ Wallet is used as an example for the description below. The application server terminal is service software that runs on an application server and provides a corresponding application service for the application client terminal. The Alipay™ server terminal is used as an example of the application server below. The wireless access device may be a fat AP, a AC in the architecture of AC and thin AP, or other similar network devices having a wireless access function. The AC is used as an example for the description below.
In most cases, one smart phone generally has a unique MAC address, and therefore, one MAC address generally has a relatively stable correspondence relationship with one user using Alipay™ Wallet. When the smart phone connects to a wireless network managed by a certain AC, a corresponding user is thus determined to attempt to access the Internet through the wireless network. In this case, by the linkage mechanism at 404, the Alipay™ server terminal is informed of this event according to the terminal connection message sent by the wireless server. Correspondingly, the Alipay™ server terminal finds a corresponding Alipay™ user according to the MAC address information carried in the message, and in this case, it is assumed that the Alipay™ user is using the afore-mentioned smart phone that connects to the AC. Based on this assumption, the Alipay™ server terminal pushes an authentication prompt message to the Alipay™ client terminal of the user. Alipay™ Wallet generates an authentication prompt option according to the authentication prompt message; as long as the user selects the authentication prompt option, Alipay™ Wallet automatically performs the portal authentication on behalf of the user. During the entire process, the user only needs to select the authentication prompt option by clicking or a similar simple operation, and the portal authentication is completed quickly. Moreover, the present techniques prevent, to a large degree, the problem that users forget to form the portal authentication. The following introduces the advantages of the present disclosure in detail by using a specific implementation.
In the present disclosure, an authentication process for a first-time access of the smart phone to the wireless network is different in certain degrees from an authentication process for a non-first-time access to the wireless network. However, no matter whether it is a first- time access or a non- first-time access, operations from 412 to 418 are performed. In fact, the difference between the portal authentication processes for the first-time access and non- first- time access are just the authentication triggering manner.
1) A process flow when a user connects to a wireless network of a cooperative merchant of Alipay™ for the first time:
It is assumed that a user (Tony) visits a cooperative merchant (assuming it is merchant A) of Alipay™ for the first time. The user uses his smart phone (of which the MAC address is MAC3) to find a wireless network of merchant A, and completes a connection to the wireless network. The user's operation of connecting to the wireless network of merchant A will trigger operations from 402 to 406. At 406, the Alipay™ server terminal searches in a local user MAC table according to MAC3, as shown in Table 1. Since it is the first time that the user uses the Alipay™ server terminal to perform a portal authentication, MAC3 does not exist in Table 1 ; at the moment, the process flow of the application server terminal is ended here. The application server terminal does not know which user uses a smart phone to connect to the wireless network of merchant A, and therefore, cannot push an authentication prompt message. In other words, when the user connects to the wireless network of the cooperative merchant of Alipay™ for the first time, operations at 408 will not be performed, and the mobile phone of the user will not receive an authentication prompt message. In this case, the user has to trigger a portal authentication process manually. Table 1
Figure imgf000014_0001
The process of manually triggering portal authentication by the user is the same as that in the prior art, for example, by accessing to any website that is not in an exception site list, or to put it simply, the portal authentication is triggered as long as the user accesses to the Internet by using the browser. As described above, in this process, the application client terminal Alipay™ Wallet will be called by an Alipay™ associated component running on the browser. Correspondingly, the portal agent unit of Alipay™ Wallet will receive an authentication notification of the associated component.
For example, before the portal authentication is initiated, the portal agent unit may check if the user is in an application logged-in status, and if the user Tony is not in the application logged-in status, an Alipay™ Wallet login interface is called to the foreground so that the user may enter an Alipay™ user name and password in the interface. After the user submits the user name and password, the Alipay™ server terminal performs an identity authentication to complete the application login. Of course, such process is not mandatory, because the portal agent unit may take no account of the security mechanism of the application Alipay™ such that the application Alipay™ has its own login timeout mechanism, but this does not affect the use of the Alipay™ identity information (Alipay™ user name and password) as an alternative in the portal authentication. The portal authentication may be initiated as long as the user name and password of the user are stored in the Alipay™ client terminal. After the portal authentication is initiated, the portal authentication request will finally reach the Alipay™ server terminal, and the portal authentication unit of the Alipay™ server terminal checks if the user name and password in the portal authentication request belong to a registered user of Alipay™, and if so, may return an authentication success notification to the wireless access device. Then the wireless access device notifies the smart phone of the successful authentication. It may be noted here that an IP address that the Alipay™ server terminal uses to provide application services is generally configured in the exception site list of the AC of merchant A; in other words, each user may access the IP address through the AC to acquire application services without any limitation, no matter whether the user passes the authentication or not.
In Step 406, there are two kinds of trigger conditions for initiating the portal authentication: one is that the authentication prompt option is selected by the user, and the other is that a notification from the associated component of the browser is received. When the user connects to the wireless network of the cooperative merchant of Alipay™ for the first time, the trigger condition is the notification of the associated component of the browser. In other words, when the user connects to the wireless network for the first time, operations from 402 to 418 are only partially performed, in which operations at 408 and 410 are not performed and objectives of the operations at 408 and 410 are achieved by a manual operation of the user. In addition to the initiation of the portal authentication at 412, Alipay™ Wallet in the present disclosure further performs operations at 416 and 418, which are different from the prior art.
At 416, the method that the Alipay™ Wallet acquires the MAC address is significantly different from that in the prior art. According to a conventional design idea, application developers normally consider reading the MAC address from the operating system directly, and then sending the MAC address to the server terminal as the MAC address is an attribute of mobile phone hardware. In a conventional PC Internet environment, by using the Windows™ operating system as an example, all ordinary users may acquire the MAC address of the host by using a command such as "ipconfig /all." However, in the mobile Internet environment, such conventional implementation idea has imperceptible technical defects.
First of all, due to concerns over various factors such as information security of users, a mobile operating system provider sets many obstacles for reading a MAC address of a mobile phone. For example, in the Android™ operating system provided by Google™, although applications are allowed to read the MAC address of the smart phone, additional conditions need to be satisfied, and to meet these additional conditions, more complicated development work needs to be done. In the IOS™ operating system provided by Apple™, currently the operating system does not allow mobile phone applications to read the MAC address of the smart phone directly. In order to read the MAC address, such restriction needs to be bypassed, which means there are more complicated development works, and even if the system restriction is bypassed to read the MAC address indirectly, the security of the mobile phone application may be questioned in the IOS™ App store, which is difficult to implement. That is, although it is technically feasible to read the MAC address from the smart phone according to the conventional techniques, the implementation effect is poor.
The present techniques acquire the MAC address of the user in a more convenient method while ensuring the information security of the user. After the smart phone connects to the AC, the AC naturally stores the MAC address of the smart phone as the AC needs to forward packets to the smart phone. Therefore, the AC may pass the MAC address of the smart phone to the portal server during the portal authentication, and the portal server returns the MAC address to the Alipay™ Wallet. In many popular solutions, the portal server is often integrated into the AC, and therefore, it is relatively easy to pass the MAC address. In an example implementation, the present disclosure returns, to the Alipay™ Wallet, the MAC address of the mobile phone as a parameter passed by a redirected uniform resource location (URL) (a passing parameter of the redirected URL). An example of the redirected URL sent by the portal server is shown as follows:
www.portalabc. com/ default. asp?id=50-E5 -49-BB-3F-BE
www.portalabc.com/default.asp represents the URL of the portal authentication page, and www.portalabc.com/default.asp is followed by a variable passing parameter. When the parameter is the MAC address, the parameter has no substantial meaning to the portal authentication process. But by using this process, the present disclosure uses the MAC address of the smart phone of user Tony as the passing parameter of the URL, thereby returning the MAC address to Alipay™ Wallet. In this case, Alipay™ Wallet parses the URL to acquire the MAC address 50-E5-49-BB-3F-BE (MAC3), and then notifies the Alipay™ server terminal of MAC3. In an example embodiment, the Alipay™ server terminal may be notified after the portal authentication succeeds. After MAC3 is received, the Alipay™ server terminal stores a correspondence relationship between the user and the MAC address of the smart phone used by the user accordingly. Table 1 is updated to be Table 2 correspondingly. Table 2
Figure imgf000017_0001
Considering that some wireless access devices may encrypt the MAC address into an encrypted character string out of concerns over information security of the user, and return the encrypted character string to the smart phone as the MAC address information, in this case, the Alipay™ Wallet does not need to perform a special processing and a MAC synchronization unit thereon only needs to send the encrypted data to the application server terminal. However, the application server terminal needs to perform the special processing. At 418, the MAC maintenance unit determines if the MAC address information is encrypted data before the MAC address information is stored. If the MAC address information is not the encrypted data, the MAC maintenance unit only needs to store the correspondence relationship between the MAC address information and the user. If the MAC address information is the encrypted data, the MAC maintenance unit needs to invoke, according to a vendor identification additionally carried in the passing parameter, a corresponding decryption algorithm to decrypt the encrypted data, to acquire plaintext MAC address information, and then store the correspondence relationship between the MAC address information and the user. Generally, the provider of the wireless access device has a partnership with Alipay™, and thus the vendor identification of the device and an encryption/decryption corresponding to the identification (if necessary) are stored on the Alipay™ server terminal. By sharing the same encryption/decryption algorithm on both sides, the linkage of the MAC address information is realized, and moreover, the security of user information is improved.
2) A process flow for the non- first-time access of the user to the wireless network of the cooperative merchant of Alipay™: Referring to FIG. 5, after the user Tony completes the first portal authentication in cooperative merchant A of Alipay™, the Alipay™ server terminal stores the correspondence relationship between the user and the MAC address of the mobile phone of the user.
In FIG. 5, at 502, a portable terminal (application client terminal) 504 such as smart phone that is installed an application e.g., Alipay™ accesses to a wireless access network via a wires access device 506 (integrated with a portal server). At 508, the wireless access device 506 sends a terminal connection message to a wireless server 510. At 512, the wireless server 510 sends a connection prompt message to an application server 514 such as an Alipay™ server with Alipay™ server terminal. At 516, the application server 514 finds a user according to MAC address information included in the connection prompt message. At 518, the application server 514 pushes an authentication prompt message to the portable terminal 504. At 520, the portable terminal 504 generates an authentication prompt option and displays it to a user. At 522, the portal terminal 504 initiates a portal authentication with the wireless access device 506 when it is determined that the authentication prompt option is selected by the user. At 524 the wireless access device 506 sends the MAC address of the portable terminal 504 returned from the portal server as a passing parameter of a redirected URL to the portable terminal 502. At 526, the portable terminal 504 acquires the MAC address information from the redirected URL. At 528, the portable terminal 504 submits a user name and password of the application such as Alipay™ to the wireless access device 506. At 530, the wireless access device sends a portal authentication request 530 to the application server 514. At 532, the application server 514 conducts an identity authentication 532. At 534, if the identity authentication succeeds, the application server 514 informs the wireless access device. At 536, the wireless access device 506 informs the portable terminal 504 that the authentication succeeds. At 538, the portable terminal 504 sends its MAC address information to the application server 514. At 540, the application server 514 saves the MAC address information and the user to a user MAC table.
With the correspondence relationship and the operations from 402 to 418, it is quite convenient for the user Tony to subsequently use a wireless network in any cooperative merchant of Alipay™. Assuming that the user Toney visits merchant B again several days later, the user Tony uses his smart phone to find the wireless network of merchant B, and completes a connection to the wireless network. As described above, the user's operation of connecting to the wireless network of merchant B triggers operations from 402 to 406. The Alipay™ server terminal finds that the user using MAC3 is Tony when searching in the local user MAC table (which is Table 2 in this case), and then the application server terminal turns to 408 to push an authentication prompt message to the user.
As described above, the Alipay™ server terminal is in the exception site list of the AC; therefore, the mutual access between Alipay™ Wallet and the Alipay™ server terminal is unlimited, while the application Alipay™ Wallet generally keeps a connection with the Alipay™ server terminal in the background to timely transmit important data with each other. Therefore, the authentication prompt message may be pushed to Alipay™ Wallet of user Tony smoothly. After the message is received, Alipay™ Wallet performs operations at 410 correspondingly to output an authentication prompt option in the message prompt bar (for example, at the top of the screen of the mobile phone). The design of message prompt option of social applications such as Weibo™ or other similar designs (which will not be specifically described) may be used to output the option, which is not detailed herein.
In order to achieve a better prompt effect, Alipay™ Wallet may also output sound or a vibration prompt to remind the user correspondingly. After the user finds the authentication prompt option in the message prompt bar of the mobile phone, the user may select the authentication prompt option by performing pull-down and clicking operations. Once the authentication prompt option is selected, Alipay™ Wallet performs operations at 412 to complete the portal authentication on behalf of the user. After the authentication succeeds, the IP address of the user will be added to the whitelist of the AC; in this way, the user may pass the portal authentication almost without perceiving it, and access the Internet.
As shown, for any Alipay™ user, during the first-time connection to the wireless network of the cooperative merchant of Alipay™, the user needs to manually open the browser and enter a website to trigger a portal authentication process. Afterwards, when the user goes to any cooperative merchant of Alipay™ and successfully connects to the wireless network, the user will receive an authentication prompt in a very short time, and only needs to select the authentication prompt option by performing operations such as pull-down and clicking to complete the portal authentication easily. On one hand, the user does not need to perform relatively complex operations such as opening the browser to enter a website. On the other hand, since the user acquires the authentication prompt, it prevents the user from forgetting to perform the portal authentication, which is more meaningful for those who are not familiar with the portal authentication technology. In the foregoing implementation, the description focuses on the case in which the user uses a particular smart phone, which may generally satisfy the use demands of the majority of users. The present disclosure is also applicable to the case in which the user uses multiple portable terminals. It is assumed that the user Tony uses two smart phones, in which the MAC address of mobile phone 1 is MAC 3 and the MAC address of mobile phone 2 is MAC256. If the user Tony uses the mobile phone 2 to repeat the foregoing use process, the server terminal only needs to store one unique table entry for one user; that is, the table entry of Tony is updated, and the MAC address of Tony is updated to be MAC256. If Tony uses the mobile phone 1 again, the table entry of Tony is refreshed again. In addition, if Tony no longer uses the Alipay™ Wallet, it means that the table entry where MAC3 is located has not been updated in a long time. Thus, this table entry may be deleted according to a preset aging mechanism. In other words, if the third table entry in Table 3 is never updated at 418 or is not updated for more than a preset threshold of item, it may be inferred that the user no longer uses the MAC address, and thus this table entry may be deleted. If Tony uses this MAC address (for example, uses the original mobile phone) again, the present disclosure may still perform a normal processing according to the procedures described above.
Table 3
Figure imgf000020_0001
On the basis of the foregoing implementation, the linkage mechanism of the present disclosure can facilitate the linkage between users and merchants. Referring to FIG. 6, it is assumed that an AC 602 (whose device identifier is AC 100) in FIG. 6 has a correspondence relationship with a merchant whose merchant identifier is HDL. The AC 602 may be a device bought or rented by merchant HDL. That is, the AC and the merchant have a correspondence relationship on the side of the wireless server, and this correspondence is often stored in a database of the wireless server 604, as shown in Table 4. Table 4
Figure imgf000021_0001
At 606, the AC 602 sends a terminal connection message including the AC identification to the wireless server 604. At 608, the wireless server 604 searches the merchant identification according to the AC identification. At 610, the wireless server 604 sends a connection prompt message including the merchant identification to an application server 612 such as an Alipay™ server terminal. At 614, the application server 612 sends an authentication prompt message that includes service information of the merchant corresponding to the merchant identification and/or a third-party application corresponding to the merchant to a portable terminal 616 such as a smart phone installed an Alipay™ client terminal. At 618, the portable terminal 616 displays the server information and/or call the corresponding third-party application after the portal authentication succeeds. At 618, the portable terminal 616 displays the service information and/or calls the corresponding third- party application after the portal authentication succeeds. The portable terminal 616 connects with the AC 602 via an AP 618.
The wireless server finds the corresponding merchant identifier HDL according to the
AC identifier, namely, AC 100, carried in the terminal connection message, adds the merchant identifier HDL to the connection prompt message, and sends it to the Alipay™ server terminal. The Alipay™ server terminal stores the service information and/or a third-party application identifier corresponding to merchant HDL. In terms of implementation, the Alipay™ server terminal may further include a merchant interface unit. The merchant interface unit may be a web service window. After the merchant logs in by using a corresponding enterprise account, the service information and third-party application identifier configured by the merchant are sent to the merchant interface unit, and the merchant interface unit stores the service information and third-party application identifier in a merchant information table. The merchant HDL may use the merchant interface unit to update the service information, such as commodity promotion information and new arrival information, in the merchant information table on the application server terminal regularly or irregularly. The third-party application identifier may be an identifier of an application client terminal corresponding to the merchant HDL, such as an ordering client developed by HDL itself, or an application client terminal, such as Taobao™ app, developed by a cooperator of HDL and applicable to HDL.
The push management unit of the Alipay™ server terminal searches the merchant information table (referring to the example in FIG. 5) according to the merchant identifier HDL in the connection prompt message to determine the corresponding service information and/or third-party application identifier. The push management unit adds the found service information and/or third-party application identifier to the authentication prompt message, and pushes the authentication prompt message to Alipay™ Wallet. After Alipay™ Wallet receives the authentication prompt message, the push processing unit of Alipay™ Wallet acquires the service information from the authentication prompt message and displays the service information. In an example embodiment, the push processing unit may display the service information after the portal authentication is passed as the service information may include a link and the user needs to click the link to access a corresponding site. Before the portal authentication is passed, the user cannot access those sites unless they are in the whitelist of exception sites.
If the authentication prompt message further carries a third-party application identifier, the push processing unit may further check if the smart phone has a corresponding third-party application locally. If the smart phone has the corresponding third-party application locally, the push processing unit starts the third-party application. If the smart phone does not have the corresponding third-party application locally, the push processing unit gives up, or suggests that the user download the third-party application. Referring to Table 5 below, during the process that the user connects to the wireless network of the merchant HDL, in addition to assisting the user to complete the authentication promptly, the present techniques further display the latest service information of merchant HDL to the user so that the user may conveniently have updated latest merchant service information in time. In addition, assuming that HDL is a food vendor and develops an ordering client terminal "HDL ordering," by invoking the application client terminal after the authentication succeeds, the push management unit facilitates self-service ordering of the user who is planning to dine in HDL. There is no doubt that display of such service information and calling of the third-party application make consumption activities of users in merchant HDL much easier and reduce the costs of communication between consumers and the merchant.
Table 5
Figure imgf000023_0001
In a standard configuration, a computing device, such as any server or device as described in the present disclosure may include one or more central processing units (CPU), one or more input/output interfaces, one or more network interfaces, and memory.
The memory may include forms such as non-permanent memory, random access memory (RAM), and/or non- volatile memory such as read only memory (ROM) and flash random access memory (flash RAM) in the computer-readable media. The memory is an example of computer-readable media.
The computer-readable media includes permanent and non-permanent, movable and non-movable media that may use any methods or techniques to implement information storage. The information may be computer-readable instructions, data structure, software modules, or any data. The example of computer storage media may include, but is not limited to, phase-change memory (PCM), static random access memory (SRAM), dynamic random access memory (DRAM), other type RAM, ROM, electrically erasable programmable read only memory (EEPROM), flash memory, internal memory, CD-ROM, DVD, optical memory, magnetic tape, magnetic disk, any other magnetic storage device, or any other non-communication media that may store information accessible by the computing device. As defined herein, the computer-readable media does not include transitory media such as a modulated data signal and a carrier wave.
It should be noted that the term "including," "comprising," or any variation thereof refers to non-exclusive inclusion so that a process, method, product, or device that includes a plurality of elements does not only include the plurality of elements but also any other element that is not expressly listed, or any element that is essential or inherent for such process, method, product, or device. Without more restriction, the elements defined by the phrase "including a ..." does not exclude that the process, method, product, or device includes another same element in addition to the elements.
One of ordinary skill in the art would understand that the example embodiments may be presented in the form of a method, a system, or a computer software product. Thus, the present techniques may be implemented by hardware, computer software, or a combination thereof. In addition, the present techniques may be implemented as the computer software product that is in the form of one or more computer storage media (including, but is not limited to, disk, CD-ROM, or optical storage device) that include computer-executable or computer-readable instructions.
The above description describes the example embodiments of the present disclosure, which should not be used to limit the present disclosure. One of ordinary skill in the art may make any revisions or variations to the present techniques. Any change, equivalent replacement, or improvement without departing the spirit and scope of the present techniques shall still fall under the scope of the claims of the present disclosure.

Claims

CLAIMS What is claimed is:
1. An application client terminal comprising:
a portal agent unit that:
obtains a media access control (MAC) address of the application client terminal or a portable terminal on which the application client terminal resides; and uses a user name and password that the application client terminal logs into an application server terminal as a user name and password for a portal authentication.
2. The application client terminal of claim 1, wherein the portal agent unit further obtains the MAC address information by acquiring MAC address information from a redirected uniform resource locator (URL) returned by a portal server, the MAC address information being a parameter passed by the redirected URL.
3. The application client terminal of claim 1, wherein the portal authentication is sent by an application associated component of a browser.
4. The application client terminal of claim 1, wherein the portal agent unit further: checks whether the application client terminal is logged into by a user prior to starting the portal authentication;
initiates the portal authentication in response to determining that the application client terminal is logged in; and
presents a log-in interface to request the user to log into the application client terminal in response to determining that the application client terminal is not logged in.
5. The application client terminal of claim 1, further comprising:
a push processing unit that outputs an authentication prompt option corresponding to an authentication prompt message in a message prompt bar of the portable terminal.
6. The application client terminal of claim 5, wherein:
the authentication prompt message includes a third-party application identifier; and the push processing unit further starts a corresponding third-party application according to the third-party application identifier after the portal authentication succeeds.
7. The application client terminal of claim 6, wherein the third-party application corresponds to a merchant associated with a wireless network to which the application client terminal connects.
8. The application client terminal of claim 5, wherein:
the authentication prompt message includes service information corresponding to a merchant; and
the push processing unit further displays the service information after the portal authentication succeeds.
9. The application client terminal of claim 5, wherein the portal agent unit initiates the portal authentication after determining that the authentication prompt option is selected by a user.
10. The application client terminal of claim 1, further comprising a MAC synchronization unit that sends the MAC address information to the application server terminal.
11. A portal authentication method comprising:
obtaining a media access control (MAC) address of an application client terminal or a portable terminal on which the application client terminal resides; and
using a user name and password that the application client terminal logs into an application server terminal as a user name and password for a portal authentication.
12. The portal authentication method of claim 11, wherein the obtaining the MAC address includes acquiring MAC address information from a redirected uniform resource locator (URL) returned by a portal server, the MAC address information being a parameter passed by the redirected URL.
13. The portal authentication method of claim 11, wherein the portal authentication is sent by an application associated component of a browser.
14. The portal authentication method of claim 11 , further comprising:
checking whether the application client terminal is logged into by a user prior to starting the portal authentication;
initiating the portal authentication in response to determining that the application client terminal is logged in; and
presenting a log-in interface to request the user to log into the application client terminal in response to determining that the application client terminal is not logged in.
15. The portal authentication method of claim 14, further comprising:
outputting an authentication prompt option corresponding to an authentication prompt message in a message prompt bar of the portable terminal when receiving the authentication prompt message pushed by the application server terminal, the authentication prompt message including a third-party application identifier, the third-party application corresponding to a merchant associated with a wireless network to which the application client terminal connects; and
starting a corresponding third-party application according to the third-party application identifier after the portal authentication succeeds.
16. The portal authentication method of claim 11 , further comprising:
receiving an authentication prompt message includes service information corresponding to a merchant; and
displaying the service information after the portal authentication succeeds.
17. A portal authentication service method comprising:
acquiring MAC address information of a portable terminal carried in a terminal connection message; searching for a user corresponding to the MAC address in a user MAC table;
pushing an authentication prompt message to the portable terminal after the user is found;
determining whether a user name and password of the user for logging into an application included in an portal authentication request belongs to a registered user; and
determining that a portal authentication succeeds in response to determining that the user name and password of the user for logging into the portal authentication request belongs to the registered user.
18. The portal authentication service method of claim 17, further comprising updating the user MAC table with a correspondence relationship between the MAC address information and the registered user.
19. The portal authentication service method of claim 17, wherein:
the terminal connection message includes a merchant identifier corresponding to a wireless access device to which the portable connects.
20. The portal authentication method of claim 19, further comprising:
searching for corresponding service information in a local merchant information table according to the merchant identifier, and
sending the service information in the authentication prompt message to the user.
PCT/US2015/025712 2014-04-14 2015-04-14 Portal authentication WO2015160781A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
KR1020167027874A KR102154384B1 (en) 2014-04-14 2015-04-14 Portal authentication
JP2016561013A JP6552519B2 (en) 2014-04-14 2015-04-14 Portal authentication
EP15780018.6A EP3132370A4 (en) 2014-04-14 2015-04-14 Portal authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410148906.8 2014-04-14
CN201410148906.8A CN104980412B (en) 2014-04-14 2014-04-14 A kind of applications client, server-side and corresponding portal authentication method

Publications (1)

Publication Number Publication Date
WO2015160781A1 true WO2015160781A1 (en) 2015-10-22

Family

ID=54266055

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/025712 WO2015160781A1 (en) 2014-04-14 2015-04-14 Portal authentication

Country Status (8)

Country Link
US (1) US10122704B2 (en)
EP (1) EP3132370A4 (en)
JP (2) JP6552519B2 (en)
KR (1) KR102154384B1 (en)
CN (2) CN104980412B (en)
HK (1) HK1213379A1 (en)
TW (1) TWI684153B (en)
WO (1) WO2015160781A1 (en)

Families Citing this family (137)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8677377B2 (en) 2005-09-08 2014-03-18 Apple Inc. Method and apparatus for building an intelligent automated assistant
US9318108B2 (en) 2010-01-18 2016-04-19 Apple Inc. Intelligent automated assistant
US8977255B2 (en) 2007-04-03 2015-03-10 Apple Inc. Method and system for operating a multi-function portable electronic device using voice-activation
US10002189B2 (en) 2007-12-20 2018-06-19 Apple Inc. Method and apparatus for searching using an active ontology
US8676904B2 (en) 2008-10-02 2014-03-18 Apple Inc. Electronic devices with voice command and contextual data processing capabilities
US10706373B2 (en) 2011-06-03 2020-07-07 Apple Inc. Performing actions associated with task items that represent tasks to perform
US10276170B2 (en) 2010-01-18 2019-04-30 Apple Inc. Intelligent automated assistant
US8682667B2 (en) 2010-02-25 2014-03-25 Apple Inc. User profiling for selecting user specific voice input processing information
US9262612B2 (en) 2011-03-21 2016-02-16 Apple Inc. Device access using voice authentication
US10057736B2 (en) 2011-06-03 2018-08-21 Apple Inc. Active transport based notifications
US10134385B2 (en) 2012-03-02 2018-11-20 Apple Inc. Systems and methods for name pronunciation
US10417037B2 (en) 2012-05-15 2019-09-17 Apple Inc. Systems and methods for integrating third party services with a digital assistant
KR20240132105A (en) 2013-02-07 2024-09-02 애플 인크. Voice trigger for a digital assistant
US10652394B2 (en) 2013-03-14 2020-05-12 Apple Inc. System and method for processing voicemail
US10748529B1 (en) 2013-03-15 2020-08-18 Apple Inc. Voice activated device for use with a voice-based digital assistant
WO2014197335A1 (en) 2013-06-08 2014-12-11 Apple Inc. Interpreting and acting upon commands that involve sharing information with remote devices
US10176167B2 (en) 2013-06-09 2019-01-08 Apple Inc. System and method for inferring user intent from speech inputs
KR101772152B1 (en) 2013-06-09 2017-08-28 애플 인크. Device, method, and graphical user interface for enabling conversation persistence across two or more instances of a digital assistant
DE112014003653B4 (en) 2013-08-06 2024-04-18 Apple Inc. Automatically activate intelligent responses based on activities from remote devices
US10296160B2 (en) 2013-12-06 2019-05-21 Apple Inc. Method for extracting salient dialog usage from live data
CN110797019B (en) 2014-05-30 2023-08-29 苹果公司 Multi-command single speech input method
US9715875B2 (en) 2014-05-30 2017-07-25 Apple Inc. Reducing the need for manual start/end-pointing and trigger phrases
US9430463B2 (en) 2014-05-30 2016-08-30 Apple Inc. Exemplar-based natural language processing
US9633004B2 (en) 2014-05-30 2017-04-25 Apple Inc. Better resolution when referencing to concepts
US10170123B2 (en) 2014-05-30 2019-01-01 Apple Inc. Intelligent assistant for home automation
US9338493B2 (en) 2014-06-30 2016-05-10 Apple Inc. Intelligent automated assistant for TV user interactions
US10127911B2 (en) 2014-09-30 2018-11-13 Apple Inc. Speaker identification and unsupervised speaker adaptation techniques
US10074360B2 (en) 2014-09-30 2018-09-11 Apple Inc. Providing an indication of the suitability of speech recognition
US9668121B2 (en) 2014-09-30 2017-05-30 Apple Inc. Social reminders
US10152299B2 (en) 2015-03-06 2018-12-11 Apple Inc. Reducing response latency of intelligent automated assistants
US9721566B2 (en) 2015-03-08 2017-08-01 Apple Inc. Competing devices responding to voice triggers
US9886953B2 (en) 2015-03-08 2018-02-06 Apple Inc. Virtual assistant activation
US10460227B2 (en) 2015-05-15 2019-10-29 Apple Inc. Virtual assistant in a communication session
US10083688B2 (en) 2015-05-27 2018-09-25 Apple Inc. Device voice control for selecting a displayed affordance
US10200824B2 (en) 2015-05-27 2019-02-05 Apple Inc. Systems and methods for proactively identifying and surfacing relevant content on a touch-sensitive device
US9578173B2 (en) * 2015-06-05 2017-02-21 Apple Inc. Virtual assistant aided communication with 3rd party service in a communication session
US20160378747A1 (en) 2015-06-29 2016-12-29 Apple Inc. Virtual assistant for media playback
US10740384B2 (en) 2015-09-08 2020-08-11 Apple Inc. Intelligent automated assistant for media search and playback
US10331312B2 (en) 2015-09-08 2019-06-25 Apple Inc. Intelligent automated assistant in a media environment
US10671428B2 (en) 2015-09-08 2020-06-02 Apple Inc. Distributed personal assistant
US10747498B2 (en) 2015-09-08 2020-08-18 Apple Inc. Zero latency digital assistant
US11587559B2 (en) 2015-09-30 2023-02-21 Apple Inc. Intelligent device identification
CN105245540B (en) * 2015-10-27 2019-06-14 深圳市宏电技术股份有限公司 Offline WIFI hot spot authentication method and Verification System based on IOS terminal
US10691473B2 (en) 2015-11-06 2020-06-23 Apple Inc. Intelligent automated assistant in a messaging environment
US10956666B2 (en) 2015-11-09 2021-03-23 Apple Inc. Unconventional virtual assistant interactions
US10049668B2 (en) 2015-12-02 2018-08-14 Apple Inc. Applying neural network language models to weighted finite state transducers for automatic speech recognition
CN105516124A (en) * 2015-12-03 2016-04-20 深圳市华讯方舟科技有限公司 Portal authentication method, portal server and terminal
US10223066B2 (en) 2015-12-23 2019-03-05 Apple Inc. Proactive assistance based on dialog communication between devices
CN105391625A (en) * 2015-12-25 2016-03-09 成都云晖航空科技股份有限公司 Safe operation method of aerial Internet social platform
CN105610689A (en) * 2015-12-25 2016-05-25 成都云晖航空科技股份有限公司 Aerial internet social contact system
CN105610690A (en) * 2015-12-25 2016-05-25 成都云晖航空科技股份有限公司 Method for constructing aerial internet social contact platform
CN105610821A (en) * 2015-12-26 2016-05-25 小米科技有限责任公司 Security verification method and apparatuses
CN106921636B (en) * 2015-12-28 2020-05-08 华为技术有限公司 Identity authentication method and device
CN105530638B (en) * 2016-01-12 2018-12-21 杭州敦崇科技股份有限公司 A kind of free WIFI Verification System shared based on circle of friends
CN105530612A (en) * 2016-01-26 2016-04-27 山东康威通信技术股份有限公司 WIFI authentication method using mobile terminal to access outdoor device and system
CN105871851B (en) * 2016-03-31 2018-11-30 广州中国科学院计算机网络信息中心 Based on SaaS identity identifying method
CN107332803A (en) * 2016-04-29 2017-11-07 北京北信源软件股份有限公司 A kind of admittance control method and system based on end host safe condition
CN106028283A (en) * 2016-05-26 2016-10-12 上海网数信息科技有限公司 Method and system for analyzing user offline behaviors through wireless network data
US11227589B2 (en) 2016-06-06 2022-01-18 Apple Inc. Intelligent list reading
US10049663B2 (en) 2016-06-08 2018-08-14 Apple, Inc. Intelligent automated assistant for media exploration
US10586535B2 (en) 2016-06-10 2020-03-10 Apple Inc. Intelligent digital assistant in a multi-tasking environment
DK179415B1 (en) 2016-06-11 2018-06-14 Apple Inc Intelligent device arbitration and control
DK201670540A1 (en) 2016-06-11 2018-01-08 Apple Inc Application integration with a digital assistant
JP6104439B1 (en) * 2016-08-08 2017-03-29 株式会社Isao Authentication system, method, program, and recording medium recording the program
CN106304073A (en) * 2016-08-30 2017-01-04 福建富士通信息软件有限公司 A kind of authentication management method and system of WIFI Portal
US10474753B2 (en) 2016-09-07 2019-11-12 Apple Inc. Language identification using recurrent neural networks
US10043516B2 (en) 2016-09-23 2018-08-07 Apple Inc. Intelligent automated assistant
CN107872445B (en) * 2016-09-28 2021-01-29 华为技术有限公司 Access authentication method, device and authentication system
US11204787B2 (en) 2017-01-09 2021-12-21 Apple Inc. Application integration with a digital assistant
US10880332B2 (en) * 2017-04-24 2020-12-29 Unisys Corporation Enterprise security management tool
CN106973063B (en) * 2017-04-27 2020-03-06 新华三技术有限公司 Network authentication method and device
DK201770383A1 (en) 2017-05-09 2018-12-14 Apple Inc. User interface for correcting recognition errors
US10417266B2 (en) 2017-05-09 2019-09-17 Apple Inc. Context-aware ranking of intelligent response suggestions
DK180048B1 (en) 2017-05-11 2020-02-04 Apple Inc. MAINTAINING THE DATA PROTECTION OF PERSONAL INFORMATION
US10726832B2 (en) 2017-05-11 2020-07-28 Apple Inc. Maintaining privacy of personal information
US10395654B2 (en) 2017-05-11 2019-08-27 Apple Inc. Text normalization based on a data-driven learning network
DK201770428A1 (en) 2017-05-12 2019-02-18 Apple Inc. Low-latency intelligent automated assistant
US11301477B2 (en) 2017-05-12 2022-04-12 Apple Inc. Feedback analysis of a digital assistant
DK179496B1 (en) 2017-05-12 2019-01-15 Apple Inc. USER-SPECIFIC Acoustic Models
DK179745B1 (en) 2017-05-12 2019-05-01 Apple Inc. SYNCHRONIZATION AND TASK DELEGATION OF A DIGITAL ASSISTANT
DK201770411A1 (en) 2017-05-15 2018-12-20 Apple Inc. Multi-modal interfaces
US10311144B2 (en) 2017-05-16 2019-06-04 Apple Inc. Emoji word sense disambiguation
DK179549B1 (en) 2017-05-16 2019-02-12 Apple Inc. Far-field extension for digital assistant services
US20180336892A1 (en) 2017-05-16 2018-11-22 Apple Inc. Detecting a trigger of a digital assistant
US20180336275A1 (en) 2017-05-16 2018-11-22 Apple Inc. Intelligent automated assistant for media exploration
US10403278B2 (en) 2017-05-16 2019-09-03 Apple Inc. Methods and systems for phonetic matching in digital assistant services
CN109640374B (en) * 2017-10-09 2021-07-06 腾讯科技(深圳)有限公司 Wireless network access method, wireless network processing device, storage medium and computer equipment
US11496462B2 (en) * 2017-11-29 2022-11-08 Jpmorgan Chase Bank, N.A. Secure multifactor authentication with push authentication
CN109922109B (en) * 2017-12-13 2022-06-21 阿里巴巴集团控股有限公司 Service providing method, system and equipment
CN110061956A (en) * 2018-01-19 2019-07-26 北京盛世光明软件股份有限公司 A kind of processing method and system improving user's online experience
US10733375B2 (en) 2018-01-31 2020-08-04 Apple Inc. Knowledge-based framework for improving natural language understanding
US10789959B2 (en) 2018-03-02 2020-09-29 Apple Inc. Training speaker recognition models for digital assistants
US10592604B2 (en) 2018-03-12 2020-03-17 Apple Inc. Inverse text normalization for automatic speech recognition
KR102414927B1 (en) * 2018-03-21 2022-06-30 삼성전자 주식회사 Method and apparatus for authenticating a device using wireless local area network service
US10818288B2 (en) 2018-03-26 2020-10-27 Apple Inc. Natural assistant interaction
US10909331B2 (en) 2018-03-30 2021-02-02 Apple Inc. Implicit identification of translation payload with neural machine translation
CN110401951B (en) * 2018-04-25 2022-10-18 华为技术有限公司 Method, device and system for authenticating terminal in wireless local area network
US10928918B2 (en) 2018-05-07 2021-02-23 Apple Inc. Raise to speak
US11145294B2 (en) 2018-05-07 2021-10-12 Apple Inc. Intelligent automated assistant for delivering content from user experiences
US10984780B2 (en) 2018-05-21 2021-04-20 Apple Inc. Global semantic word embeddings using bi-directional recurrent neural networks
US10892996B2 (en) 2018-06-01 2021-01-12 Apple Inc. Variable latency device coordination
DK179822B1 (en) 2018-06-01 2019-07-12 Apple Inc. Voice interaction at a primary device to access call functionality of a companion device
US11386266B2 (en) 2018-06-01 2022-07-12 Apple Inc. Text correction
DK201870355A1 (en) 2018-06-01 2019-12-16 Apple Inc. Virtual assistant operation in multi-device environments
DK180639B1 (en) 2018-06-01 2021-11-04 Apple Inc DISABILITY OF ATTENTION-ATTENTIVE VIRTUAL ASSISTANT
US11076039B2 (en) 2018-06-03 2021-07-27 Apple Inc. Accelerated task performance
CN108833608B (en) * 2018-06-12 2021-04-27 北斗天地股份有限公司 Method for dynamically determining and changing server through password
CN110831003B (en) * 2018-08-13 2023-10-13 广东亿迅科技有限公司 Authentication method and system based on WLAN flexible access network
US11010561B2 (en) 2018-09-27 2021-05-18 Apple Inc. Sentiment prediction from textual data
US10839159B2 (en) 2018-09-28 2020-11-17 Apple Inc. Named entity normalization in a spoken dialog system
US11462215B2 (en) 2018-09-28 2022-10-04 Apple Inc. Multi-modal inputs for voice commands
US11170166B2 (en) 2018-09-28 2021-11-09 Apple Inc. Neural typographical error modeling via generative adversarial networks
US11475898B2 (en) 2018-10-26 2022-10-18 Apple Inc. Low-latency multi-speaker speech recognition
US11638059B2 (en) 2019-01-04 2023-04-25 Apple Inc. Content playback on multiple devices
US11348573B2 (en) 2019-03-18 2022-05-31 Apple Inc. Multimodality in digital assistant systems
CN109862043B (en) * 2019-03-28 2022-03-22 新华三技术有限公司 Terminal authentication method and device
DK201970509A1 (en) 2019-05-06 2021-01-15 Apple Inc Spoken notifications
US11307752B2 (en) 2019-05-06 2022-04-19 Apple Inc. User configurable task triggers
US11475884B2 (en) 2019-05-06 2022-10-18 Apple Inc. Reducing digital assistant latency when a language is incorrectly determined
US11423908B2 (en) 2019-05-06 2022-08-23 Apple Inc. Interpreting spoken requests
US11140099B2 (en) 2019-05-21 2021-10-05 Apple Inc. Providing message response suggestions
US11496600B2 (en) 2019-05-31 2022-11-08 Apple Inc. Remote execution of machine-learned models
DK180129B1 (en) 2019-05-31 2020-06-02 Apple Inc. User activity shortcut suggestions
US11289073B2 (en) 2019-05-31 2022-03-29 Apple Inc. Device text to speech
DK201970511A1 (en) 2019-05-31 2021-02-15 Apple Inc Voice identification in digital assistant systems
US11227599B2 (en) 2019-06-01 2022-01-18 Apple Inc. Methods and user interfaces for voice-based control of electronic devices
US11360641B2 (en) 2019-06-01 2022-06-14 Apple Inc. Increasing the relevance of new available information
US10873571B1 (en) * 2019-07-18 2020-12-22 Capital One Services, Llc Techniques to pre-authenticate a user identity for an electronic account
WO2021056255A1 (en) 2019-09-25 2021-04-01 Apple Inc. Text detection using global geometry estimators
US11038934B1 (en) 2020-05-11 2021-06-15 Apple Inc. Digital assistant hardware abstraction
US11061543B1 (en) 2020-05-11 2021-07-13 Apple Inc. Providing relevant data items based on context
US11755276B2 (en) 2020-05-12 2023-09-12 Apple Inc. Reducing description length based on confidence
US11438375B2 (en) * 2020-06-02 2022-09-06 Saudi Arabian Oil Company Method and system for preventing medium access control (MAC) spoofing attacks in a communication network
CN113965554B (en) * 2020-07-02 2023-06-23 北京神州数码云科信息技术有限公司 Method for acquiring wireless internet terminal information based on MQTT protocol
US11490204B2 (en) 2020-07-20 2022-11-01 Apple Inc. Multi-device audio adjustment coordination
US11438683B2 (en) 2020-07-21 2022-09-06 Apple Inc. User identification using headphones
CN112788579A (en) * 2020-12-31 2021-05-11 厦门亿联网络技术股份有限公司 Method and device for quickly pairing dual-mode Bluetooth equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100223654A1 (en) * 2003-09-04 2010-09-02 Brocade Communications Systems, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US20120030737A1 (en) * 1998-12-08 2012-02-02 Nomadix, Inc. System and method for authorizing a portable communication device
US20130163583A1 (en) * 2011-12-26 2013-06-27 Jaya MEGHANI Systems and methods for communication setup via reconciliation of internet protocol addresses
US20130340046A1 (en) * 2012-06-18 2013-12-19 Wistron Corporation Wireless network client-authentication system and wireless network connection method thereof

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2243319T3 (en) * 1999-10-22 2005-12-01 Nomadix, Inc. SYSTEM AND PROCEDURE TO REDIRECT USERS WHO TRY TO ACCESS A NETWORK DESTINATION.
JP3865658B2 (en) * 2002-06-04 2007-01-10 株式会社国際電気通信基礎技術研究所 Wireless communication terminal and wireless ad hoc network using the same
JP2004207820A (en) * 2002-12-24 2004-07-22 Sony Corp Communication system, communication method, base station apparatus, communications program, and recording medium
JP2004355073A (en) * 2003-05-27 2004-12-16 Nippon Telegr & Teleph Corp <Ntt> Network authentication, batch authentication method for single sign-on, and system therefor
JP2007179133A (en) * 2005-12-27 2007-07-12 Buffalo Inc Information service system using wireless lan
JP2007293868A (en) * 2007-05-01 2007-11-08 Buffalo Inc Download system using wireless lan and information service system
US8613044B2 (en) * 2007-06-22 2013-12-17 4Dk Technologies, Inc. Delegating or transferring of access to resources between multiple devices
US7992197B2 (en) 2007-10-29 2011-08-02 Yahoo! Inc. Mobile authentication framework
US8261322B2 (en) 2008-06-19 2012-09-04 Microsoft Corporation Home networking web-based service portal
JP5582544B2 (en) * 2008-08-29 2014-09-03 エヌイーシー ヨーロッパ リミテッド System for providing a user with network access to a service provider via a network provider and its operating method
KR101044125B1 (en) * 2009-02-27 2011-06-24 주식회사 케이티 Method for User Terminal Authentication of Interface Server and Interface Server and User Terminal thereof
US8775514B2 (en) * 2009-06-11 2014-07-08 Verizon Patent And Licensing Inc. System and method for providing instant communication based customer support services using voice recognition
KR100992573B1 (en) 2010-03-26 2010-11-05 주식회사 아이그로브 Authentication method and system using mobile terminal
CN102238543A (en) * 2010-04-27 2011-11-09 杭州华三通信技术有限公司 Wireless Portal authentication method and access controller
TWI451742B (en) * 2011-04-14 2014-09-01 Chunghwa Telecom Co Ltd Secure login method
GB201109311D0 (en) 2011-06-03 2011-07-20 Avimir Ip Ltd Method and computer program for providing authentication to control access to a computer system
KR101243713B1 (en) * 2011-07-08 2013-03-13 이광민 Wireless lan access point and method for accessing wireless lan
CN102244866B (en) * 2011-08-18 2016-01-20 杭州华三通信技术有限公司 Gate verification method and access controller
KR101439534B1 (en) * 2011-09-16 2014-09-12 주식회사 케이티 Web Redirect Authentication Method and Apparatus of WiFi Roaming Based on AC-AP Association
CN103079201B (en) * 2011-10-26 2015-06-03 中兴通讯股份有限公司 Fast authentication method, access controller (AC) and system for wireless local area network
US8769626B2 (en) 2011-11-29 2014-07-01 Cisco Technology, Inc. Web authentication support for proxy mobile IP
WO2013089604A1 (en) 2011-12-16 2013-06-20 Telefonaktiebolaget L M Ericsson (Publ) A method and a network node for connecting a user device to a wireless local area network
US20130283050A1 (en) 2012-04-23 2013-10-24 Anil Gupta Wireless client authentication and assignment
US9161219B2 (en) 2012-06-22 2015-10-13 Guest Tek Interactive Entertainment Ltd. Authorizing secured wireless access at hotspot having open wireless network and secure wireless network
US10263916B2 (en) 2012-12-03 2019-04-16 Hewlett Packard Enterprise Development Lp System and method for message handling in a network device
CN102984173B (en) * 2012-12-13 2017-02-22 迈普通信技术股份有限公司 Network access control method and system
US9374369B2 (en) * 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
CN103401884B (en) * 2013-08-16 2017-07-28 深信服网络科技(深圳)有限公司 Public wireless environment online authentication method and system based on wechat
CN103501495A (en) * 2013-10-16 2014-01-08 苏州汉明科技有限公司 Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication
CN103596177A (en) * 2013-11-19 2014-02-19 上海众人网络安全技术有限公司 Method for making mobile terminal get access to public WiFi in one-key mode
CN103647856B (en) * 2013-12-23 2017-09-08 成都西加云杉科技有限公司 APP obtains the method and system of the MAC Address of local terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120030737A1 (en) * 1998-12-08 2012-02-02 Nomadix, Inc. System and method for authorizing a portable communication device
US20100223654A1 (en) * 2003-09-04 2010-09-02 Brocade Communications Systems, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US20130163583A1 (en) * 2011-12-26 2013-06-27 Jaya MEGHANI Systems and methods for communication setup via reconciliation of internet protocol addresses
US20130340046A1 (en) * 2012-06-18 2013-12-19 Wistron Corporation Wireless network client-authentication system and wireless network connection method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3132370A4 *

Also Published As

Publication number Publication date
JP2017514220A (en) 2017-06-01
US10122704B2 (en) 2018-11-06
EP3132370A4 (en) 2017-10-25
CN104980412A (en) 2015-10-14
TW201539342A (en) 2015-10-16
KR20160144374A (en) 2016-12-16
EP3132370A1 (en) 2017-02-22
CN104980412B (en) 2018-07-13
TWI684153B (en) 2020-02-01
JP2019204519A (en) 2019-11-28
JP6552519B2 (en) 2019-07-31
KR102154384B1 (en) 2020-09-10
US20150295915A1 (en) 2015-10-15
JP6668544B2 (en) 2020-03-18
HK1213379A1 (en) 2016-06-30
CN108551675B (en) 2022-04-15
CN108551675A (en) 2018-09-18

Similar Documents

Publication Publication Date Title
JP6668544B2 (en) Portal authentication
JP6259032B2 (en) Managing wireless network login password sharing
JP6397956B2 (en) Provision of mobile device management functions
US9882916B2 (en) Method for verifying sensitive operations, terminal device, server, and verification system
US9998473B2 (en) WiFi access management system and methods of operation thereof
WO2018041078A1 (en) Method, system, proxy server, and computer storage medium for authentication
KR101696612B1 (en) User authentication management
WO2018000834A1 (en) Wifi hotspot information modification method and device
TWI761385B (en) Device configuration method, device, and system
US20140109172A1 (en) Providing Virtualized Private Network Tunnels
EP3364629A1 (en) Providing virtualized private network tunnels
US20140109174A1 (en) Providing Virtualized Private Network Tunnels
US20140297824A1 (en) Providing an enterprise application store
US20110319056A1 (en) Remote access to a mobile device
WO2017024842A1 (en) Internet access authentication method, client, computer storage medium
US10805780B1 (en) Mobile phone differentiated user set-up
US8739259B1 (en) Multilayer wireless mobile communication device authentication
Blumenberg WiFi Gate Guard: A Captive Portal Implementation for Home Networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15780018

Country of ref document: EP

Kind code of ref document: A1

REEP Request for entry into the european phase

Ref document number: 2015780018

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015780018

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2016561013

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 20167027874

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE