WO2017181407A1 - Network authentication method, client, terminal device and platform - Google Patents

Network authentication method, client, terminal device and platform Download PDF

Info

Publication number
WO2017181407A1
WO2017181407A1 PCT/CN2016/079997 CN2016079997W WO2017181407A1 WO 2017181407 A1 WO2017181407 A1 WO 2017181407A1 CN 2016079997 W CN2016079997 W CN 2016079997W WO 2017181407 A1 WO2017181407 A1 WO 2017181407A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
authentication feature
authentication
platform
password
Prior art date
Application number
PCT/CN2016/079997
Other languages
French (fr)
Chinese (zh)
Inventor
陈曦
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201680024607.0A priority Critical patent/CN107534859B/en
Priority to PCT/CN2016/079997 priority patent/WO2017181407A1/en
Publication of WO2017181407A1 publication Critical patent/WO2017181407A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the receiving module is further configured to: receive, by the AC, a message indicating that the authentication is passed; the sending The module is further configured to: send the authentication feature to the platform.
  • the second terminal device sends a second query request, and requests to obtain the authentication feature of the available AP
  • the platform sends the received authentication feature of the AP to the second terminal device.
  • the receiver 30 is further configured to: receive, by the AC, a message that indicates that the authentication is passed;

Abstract

A network authentication method, a client, a terminal device and a platform. The method comprises: a terminal device sending a query request to a platform when an available access point (AP) is scanned, wherein the query request is used for requesting the acquisition of an authentication feature of the AP, and the authentication feature comprises the name and a URL of an AC; the terminal device receiving a query result sent by the platform; if the query result comprises the authentication feature, the terminal device acquiring a user name and a password, wherein the user name and the password are authentication parameters used by the AC when authenticating the terminal device; and the terminal device sending the user name and the password to the AC according to the authentication feature.

Description

一种网络认证方法、客户端、终端设备及平台Network authentication method, client, terminal device and platform 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种网络认证方法、客户端、终端设备及平台。The present invention relates to the field of communications technologies, and in particular, to a network authentication method, a client, a terminal device, and a platform.
背景技术Background technique
当前,无线局域网(英文:Wireless Local Area Network;简称:WLAN)发展迅速,应用广泛。Currently, wireless local area network (English: Wireless Local Area Network; WLAN) is developing rapidly and widely used.
用户通过搜索可用的服务集标识(英文:Service Set Identifier,简称:SSID)连接到WLAN网络。在连接到网络后,终端设备通过动态主机配置协议(英文:Dynamic Host Configuration Protocol,简称:DHCP)由宽带接入服务器(英文:Broadband Access Server,简称:BAS)向DHCP服务器请求网络协议(英文:Internet Protocol,简称:IP)地址。在获取到IP地址之后,终端设备可以通过浏览器访问网页。BAS为用户基于端口号、IP地址构造对应的表项信息,添加用户访问控制列表(英文:Access Control List,简称:ACL)服务策略,策略例如为:让用户只能访问门户(portal)服务器、一些内部服务器、个别外部服务器,如域名系统(英文:Domain Name System,简称:DNS)。进一步,BAS还将用户访问其它地址的请求强制重定向到强制网站认证服务器进行访问。表现的结果就是用户连接上网络但不认证的情况下,只能访问指定的页面。目前运营商WLAN接入点(英文:Access Point,简称:AP)非常多,但认证方式大多是使用门户网站(Web Portal)的认证方式。The user connects to the WLAN network by searching for an available service set identifier (English: Service Set Identifier, SSID for short). After connecting to the network, the terminal device requests the network protocol from the broadband server (English: Broadband Access Server, BAS for short) through the Dynamic Host Configuration Protocol (English: Dynamic Host Configuration Protocol, DHCP). Internet Protocol, referred to as: IP) address. After obtaining the IP address, the terminal device can access the webpage through the browser. The BAS is configured to add a user access control list (English: Access Control List, ACL) service policy based on the port number and the IP address. The policy is as follows: the user can only access the portal server. Some internal servers, individual external servers, such as the Domain Name System (English: Domain Name System, referred to as: DNS). Further, the BAS also redirects the user's request to access other addresses to the mandatory website authentication server for access. The result of the performance is that the user can only access the specified page if the user is connected to the network but not authenticated. Currently, there are many WLAN access points (English: Access Point, AP for short), but most of the authentication methods use the authentication method of the portal (Web Portal).
门户网站的认证方式的主要过程如下:用户进行一次任意地址的网络访问,BAS重定向到门户网站的认证页面。终端设备通过解析该认证页面,获得该AP的鉴权特征。该鉴权特征包括接入控制器(英文:Access Controller,简称:AC)的名称以及统一资源定位符(英文:Uniform Resource Locator,简称,URL)。然后在该页面中,用户可以输入账号和口令,并单击“登录” 按钮,也可以不输入账号和口令,直接单击“登录”按钮。“登录”按钮启动门户服务器上的程序,该程序将用户信息(例如IP地址、账号和口令)发送给AC。AC利用用户信息进行认证。如果通过认证,则返回认证成功结果给终端设备。BAS修改该用户的ACL,使得用户可以访问外部因特网或特定的网络。The main process of the portal authentication method is as follows: The user performs a network access of an arbitrary address, and the BAS redirects to the authentication page of the portal. The terminal device obtains the authentication feature of the AP by parsing the authentication page. The authentication feature includes the name of an access controller (English: Access Controller, AC for short) and a uniform resource locator (English: Uniform Resource Locator, abbreviated as URL). Then on this page, the user can enter the account number and password and click "login" Button, you can also click the "Login" button without entering the account and password. The "Login" button launches a program on the portal server that sends user information (such as IP address, account number, and password) to the AC. The AC uses user information for authentication. If the authentication is passed, the successful authentication result is returned to the terminal device. The BAS modifies the user's ACL so that the user can access the external Internet or a specific network.
在上述门户网站认证方式中,需要进行重定向至门户网站的认证页面,并且解析该认证页面得到AP的鉴权特征,所以整个认证过程耗时较长。In the above portal authentication method, an authentication page redirected to the portal is required, and the authentication page is parsed to obtain an authentication feature of the AP, so the entire authentication process takes a long time.
发明内容Summary of the invention
本发明实施例提供一种网络认证方法、客户端、终端设备及平台,用以解决现有技术中存在的网络认证过程比较耗时的技术问题。The embodiment of the invention provides a network authentication method, a client, a terminal device and a platform, which are used to solve the technical problem that the network authentication process existing in the prior art is time-consuming.
第一方面,本发明实施例提供一种网络认证方法,包括:In a first aspect, an embodiment of the present invention provides a network authentication method, including:
终端设备在扫描到可用的接入点AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;所述终端设备接收所述平台发送的查询结果;若所述查询结果包括所述鉴权特征,所述终端设备获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;所述终端设备根据所述鉴权特征将所述用户名和所述密码发送给所述AC。When the terminal device scans the available access point AP, the terminal device sends a query request to the platform, where the query request is used to request an authentication feature of the AP, where the authentication feature includes the name of the access controller AC. And the uniform resource locator URL; the terminal device receives the query result sent by the platform; if the query result includes the authentication feature, the terminal device acquires a user name and a password; the user name and the password are The authentication parameter used by the AC to authenticate the terminal device; the terminal device sends the username and the password to the AC according to the authentication feature.
本发明实施例中的网络认证方法,通过直接向平台请求鉴权所需的鉴权特征,而不需要像现有技术中,必须先由终端设备访问任意地址,然后由AP强制重定向至门户网站的页面,再通过解析该页面获得鉴权所需的鉴权特征,所以本发明实施例中的方法中,认证流程更简洁,所以大大的缩短了认证时间,所以用户等待的时间变短,提高了用户的体验度。The network authentication method in the embodiment of the present invention, by directly requesting the authentication feature required for authentication from the platform, does not need to access any address by the terminal device as in the prior art, and then the AP is forcibly redirected to the portal. The page of the website is obtained by analyzing the page to obtain the authentication features required for the authentication. Therefore, in the method in the embodiment of the present invention, the authentication process is more concise, so the authentication time is greatly shortened, so the waiting time of the user becomes shorter. Improve the user experience.
结合第一方面,在第一方面的第一种可能的实现方式中,所述方法还包括:In conjunction with the first aspect, in a first possible implementation of the first aspect, the method further includes:
若所述查询结果表示未查询到所述鉴权特征,所述终端设备访问任意网络地址;所述终端设备接收门户网站的页面;所述终端设备通过解析所述页 面,获得所述鉴权特征;所述终端设备获取所述用户名和所述密码;所述终端设备根据所述鉴权特征将所述用户名和所述密码发送给所述AC。如此可以保证在平台没有存储AP的鉴权特征时,终端设备能够通过本实施例中的方式获得鉴权特征。If the query result indicates that the authentication feature is not queried, the terminal device accesses an arbitrary network address; the terminal device receives a page of the portal website; and the terminal device parses the page by parsing And obtaining, by the terminal device, the user name and the password; and the terminal device sends the user name and the password to the AC according to the authentication feature. In this way, when the platform does not store the authentication feature of the AP, the terminal device can obtain the authentication feature in the manner in this embodiment.
结合第一方面的第一种可能的实现,在第一方面的第二种可能的实现方式中,所述方法还包括:所述终端设备接收所述AC发送的表征认证通过的消息;所述终端设备将所述鉴权特征发送给所述平台。在本实施例中,终端设备上报AP的鉴权特征,平台进行记录,便于后续其它终端设备请求所述AP的鉴权特征时,平台能够将鉴权特征发送给其它终端设备,以加快其它终端设备的认证速度。With reference to the first possible implementation of the first aspect, in a second possible implementation manner of the first aspect, the method further includes: receiving, by the terminal device, a message that is sent by the AC to indicate that the authentication is passed; The terminal device transmits the authentication feature to the platform. In this embodiment, the terminal device reports the authentication feature of the AP, and the platform performs recording, so that when the other terminal device requests the authentication feature of the AP, the platform can send the authentication feature to other terminal devices to speed up other terminals. The authentication speed of the device.
结合第一方面或第一方面的第一种可能的实现方式或第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,所述终端设备获取用户名和密码,包括:所述终端设备获取预先配置的所述用户名和所述密码。In conjunction with the first aspect, or the first possible implementation of the first aspect, or the second possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the terminal device acquires a user name and The password includes: the terminal device acquires the pre-configured username and the password.
第二方面,本发明实施例提供一种网络认证方法,包括:In a second aspect, an embodiment of the present invention provides a network authentication method, including:
平台接收第一终端设备发送的第一查询请求,所述第一查询请求用于请求获取接入点AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;所述平台查询所述AP的鉴权特征;若未查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送表征未查询到所述鉴权特征的查询结果;所述平台接收所述第一终端设备发送的所述AP的鉴权特征;所述平台记录所述AP和所述AP的鉴权特征之间的对应关系。The platform receives the first query request sent by the first terminal device, where the first query request is used to request to obtain an authentication feature of the access point AP, where the authentication feature includes the name of the access controller AC and the unified resource. a locator URL; the platform queries an authentication feature of the AP; if the authentication feature of the AP is not queried, the platform sends a query indicating that the authentication feature is not queried to the first terminal device The platform receives the authentication feature of the AP sent by the first terminal device; the platform records the correspondence between the AP and the authentication feature of the AP.
结合第二方面,在第二方面的第一种可能的实现方式中,所述方法还包括:若查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送包括所述鉴权特征的查询结果。With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes: if the authentication feature of the AP is queried, the platform sends the information to the first terminal device, including The result of the query of the authentication feature.
结合第二方面,在第二方面的第二种可能的实现方式中,在所述平台接收所述第一终端设备发送的所述AP的鉴权特征之后,所述方法还包括:With reference to the second aspect, in a second possible implementation manner of the second aspect, after the receiving, by the platform, the authentication feature of the AP that is sent by the first terminal device, the method further includes:
所述平台接收第二终端设备发送的第二查询请求,所述第二查询请求用 于请求获取所述AP的鉴权特征;所述平台将接收到的所述AP的鉴权特征发送给所述第二终端设备。Receiving, by the platform, a second query request sent by the second terminal device, where the second query request is And obtaining the authentication feature of the AP, where the platform sends the received authentication feature of the AP to the second terminal device.
第三方面,本发明实施例提供一种终端设备,包括:In a third aspect, an embodiment of the present invention provides a terminal device, including:
无线通信模块,用于扫描可用的接入点AP;发送器,用于在所述无线通信模块扫描到可用的AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;接收器,用于接收所述平台发送的查询结果;处理器,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;所述发送器还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。a wireless communication module, configured to scan an available access point AP, and a transmitter, configured to send a query request to the platform when the wireless communication module scans an available AP, where the query request is used to request to acquire the AP An authentication feature, wherein the authentication feature includes a name of the access controller AC and a uniform resource locator URL; a receiver, configured to receive a query result sent by the platform; and a processor, configured to: if the query result Including the authentication feature, the user name and the password are obtained; the user name and the password are authentication parameters used by the AC to authenticate the terminal device; the sender is further configured to: according to the authentication feature Sending the username and the password to the AC.
结合第三方面,在第三方面的第一种可能的实现方式中,所述处理器还用于:若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;所述接收器还用于:接收门户网站的页面;所述处理器还用于:通过解析所述页面,获得所述鉴权特征;以及获取所述用户名和所述密码;所述发送器还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。With reference to the third aspect, in a first possible implementation manner of the third aspect, the processor is further configured to: if the query result indicates that the authentication feature is not queried, accessing an arbitrary network address; The processor is further configured to: receive a page of the portal; the processor is further configured to: obtain the authentication feature by parsing the page; and obtain the username and the password; the transmitter is further configured to: Sending the username and the password to the AC according to the authentication feature.
结合第三方面的第一种可能的实现,在第三方面的第二种可能的实现方式中,所述接收器还用于:接收所述AC发送的表征认证通过的消息;所述发送器还用于:将所述鉴权特征发送给所述平台。In conjunction with the first possible implementation of the third aspect, in a second possible implementation of the third aspect, the receiver is further configured to: receive, by the AC, a message indicating that the authentication is passed; the transmitter Also used to: send the authentication feature to the platform.
结合第三方面或第三方面的第一种可能的实现方式或第三方面的第二种可能的实现方式,在第三方面的第三种可能的实现方式中,所述处理器用于获取预先配置的所述用户名和所述密码。With reference to the third aspect, or the first possible implementation manner of the third aspect, or the second possible implementation manner of the third aspect, in a third possible implementation manner of the third aspect, The configured username and password.
第四方面,本发明实施例提供一种平台,包括:In a fourth aspect, an embodiment of the present invention provides a platform, including:
接收器,用于接收第一终端设备发送的第一查询请求,所述第一查询请求用于请求获取接入点AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;处理器,用于平台查询所述AP的鉴权特征;发送器,用于若未查询到所述AP的鉴权特征,向所述第一终端设备发送表征未查询到所述鉴权特征的查询结果;所述接收器还用于接收所述第一 终端设备发送的所述AP的鉴权特征;所述处理器还用于记录所述AP和所述AP的鉴权特征之间的对应关系。a receiver, configured to receive a first query request sent by the first terminal device, where the first query request is used to request to acquire an authentication feature of the access point AP, where the authentication feature includes an access controller AC a name and a uniform resource locator URL; the processor is configured to: the platform queries the authentication feature of the AP; and the sender is configured to send the identifier to the first terminal device if the authentication feature of the AP is not queried Querying a query result of the authentication feature; the receiver is further configured to receive the first An authentication feature of the AP sent by the terminal device; the processor is further configured to record a correspondence between the AP and an authentication feature of the AP.
结合第四方面,在第四方面的第一种可能的实现方式中,所述发送器还用于:若查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送包括所述鉴权特征的查询结果。With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the transmitter is further configured to: if the authentication feature of the AP is queried, the platform sends the information to the first terminal device, including The result of the query of the authentication feature.
结合第四方面,在第四方面的第二种可能的实现方式中,所述接收器还用于:在接收所述第一终端设备发送的所述AP的鉴权特征之后,接收第二终端设备发送的第二查询请求,所述第二查询请求用于请求获取所述AP的鉴权特征;所述发送器还用于:将接收到的所述AP的鉴权特征发送给所述第二终端设备。With reference to the fourth aspect, in a second possible implementation manner of the fourth aspect, the receiver is further configured to: after receiving the authentication feature of the AP sent by the first terminal device, receive the second terminal a second query request sent by the device, where the second query request is used to request an authentication feature of the AP, and the sender is further configured to: send the received authentication feature of the AP to the first Two terminal devices.
第五方面,本发明实施例提供一种客户端,包括:In a fifth aspect, an embodiment of the present invention provides a client, including:
发送模块,用于在终端设备扫描到可用的接入点AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;所述终端设备为运行所述客户端的设备;接收模块,用于接收所述平台发送的查询结果;获取模块,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;所述发送模块还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。a sending module, configured to send a query request to the platform when the terminal device scans the available access point AP, where the query request is used to request an authentication feature of the AP, where the authentication feature includes access The name of the controller AC and the uniform resource locator URL; the terminal device is a device that runs the client; the receiving module is configured to receive a query result sent by the platform; and the acquiring module is configured to: if the query result includes the Defining a user name and a password; the user name and the password are authentication parameters used by the AC to authenticate the terminal device; the sending module is further configured to: according to the authentication feature The username and the password are sent to the AC.
结合第五方面,在第五方面的第一种可能的实现方式中,所述客户端还包括访问模块和解析模块,所述访问模块用于若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;所述接收模块还用于接收门户网站的页面;所述解析模块用于通过解析所述页面,获得所述鉴权特征;所述获取模块还用于:获取所述用户名和所述密码;所述发送模块还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the client further includes an access module and a parsing module, where the access module is configured to: if the query result indicates that the authentication is not queried Feature, accessing an arbitrary network address; the receiving module is further configured to receive a page of the portal website; the parsing module is configured to obtain the authentication feature by parsing the page; the obtaining module is further configured to: acquire the The user name and the password; the sending module is further configured to: send the username and the password to the AC according to the authentication feature.
结合第五方面的第一种可能的实现方式,在第五方面的第二种可能的实现方式中,所述接收模块还用于:接收所述AC发送的表征认证通过的消息;所述发送模块还用于:将所述鉴权特征发送给所述平台。 With reference to the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, the receiving module is further configured to: receive, by the AC, a message indicating that the authentication is passed; the sending The module is further configured to: send the authentication feature to the platform.
结合第五方面或第五方面的第一种可能的实现方式或第五方面的第二种可能的实现方式,在第五方面的第三种可能的实现方式中,所述获取模块用于预先配置的所述用户名和所述密码。With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, or the second possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the acquiring module is used in advance The configured username and password.
第六方面,本发明实施例提供一种终端设备,包括:In a sixth aspect, an embodiment of the present invention provides a terminal device, including:
无线通信模块,用于扫描可用的接入点AP;如第五方面或第五方面的第一种可能的实现方式或第五方面的第二种可能的实现方式或第五方面的第三种可能的实现方式中所述的客户端。a wireless communication module for scanning an available access point AP; a first possible implementation of the fifth or fifth aspect or a second possible implementation of the fifth aspect or a third of the fifth aspect The client described in the possible implementation.
附图说明DRAWINGS
图1为本发明实施例提供的一种网络系统的结构图;FIG. 1 is a structural diagram of a network system according to an embodiment of the present invention;
图2为本发明实施例提供的一种终端设备侧的网络认证方法的流程图;2 is a flowchart of a network authentication method on a terminal device side according to an embodiment of the present invention;
图3为本发明实施例提供的一种平台侧的网络认证方法的流程图;FIG. 3 is a flowchart of a platform-side network authentication method according to an embodiment of the present invention;
图4为本发明实施例提供的一种网络认证的具体实例的示意图;FIG. 4 is a schematic diagram of a specific example of network authentication according to an embodiment of the present disclosure;
图5为本发明实施例提供的一种客户端的功能框图;FIG. 5 is a functional block diagram of a client according to an embodiment of the present invention;
图6为本发明实施例提供的一种终端设备的结构图;FIG. 6 is a structural diagram of a terminal device according to an embodiment of the present disclosure;
图7为本发明实施例提供的一种平台的结构图。FIG. 7 is a structural diagram of a platform according to an embodiment of the present invention.
具体实施方式detailed description
本发明实施例提供一种网络认证方法、客户端、终端设备及平台,用以解决现有技术中存在的网络认证过程比较耗时的技术问题。The embodiment of the invention provides a network authentication method, a client, a terminal device and a platform, which are used to solve the technical problem that the network authentication process existing in the prior art is time-consuming.
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行描述。The technical solutions in the embodiments of the present invention will be described below in conjunction with the accompanying drawings in the embodiments of the present invention.
本文中结合终端设备、无线局域网接入点、接入控制器和/或平台来描述各种方面。Various aspects are described herein in connection with a terminal device, a wireless local area network access point, an access controller, and/or a platform.
本文中提到的终端设备,可以是无线终端设备也可以是有线终端设备,无线终端设备可以是指向用户提供语音和/或其他业务数据连通性的设备,具 有无线连接功能的手持式设备、或连接到无线调制解调器的其它处理设备。无线终端设备可以经无线接入网(英文:Radio Access Network;简称:RAN)与一个或多个核心网进行通信,无线终端设备可以是移动终端,如移动电话(或称为“蜂窝”电话)和具有移动终端的计算机,例如,可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置,它们与无线接入网交换语言和/或数据。例如,个人通信业务(英文:Personal Communication Service;简称:PCS)电话、无绳电话、会话发起协议(英文:Session Initiation Protocol;简称:SIP)话机、无线本地环路(英文:Wireless Local Loop;简称:WLL)站、个人数字助理(英文:Personal Digital Assistant;简称:PDA)等设备。无线终端设备也可以称为系统、订户单元(Subscriber Unit)、订户站(Subscriber Station),移动站(Mobile Station)、移动台(Mobile)、远程站(Remote Station)、远程终端(Remote Terminal)、接入终端(Access Terminal)、用户终端(User Terminal)、用户代理(User Agent)、用户设备(User Device or User Equipment)。The terminal device mentioned in this document may be a wireless terminal device or a wired terminal device, and the wireless terminal device may be a device that provides voice and/or other service data connectivity to the user. Handheld devices with wireless connectivity or other processing devices connected to a wireless modem. The wireless terminal device can communicate with one or more core networks via a radio access network (English: Radio Access Network; RAN), and the wireless terminal device can be a mobile terminal, such as a mobile phone (or "cellular" phone). And a computer having a mobile terminal, for example, can be a portable, pocket, handheld, computer built-in or in-vehicle mobile device that exchanges language and/or data with the wireless access network. For example, personal communication service (English: Personal Communication Service; PCS) telephone, cordless telephone, session initiation protocol (English: Session Initiation Protocol; SIP) telephone, wireless local loop (English: Wireless Local Loop; referred to as: WLL) Station, Personal Digital Assistant (English: Personal Digital Assistant; PDA for short). The wireless terminal device may also be referred to as a system, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, or a remote terminal. Access Terminal, User Terminal, User Agent, User Device or User Equipment.
本文中的无线局域网接入点,是独立的采用无线局域网(英文:Wireless Local Area Network;简称:WLAN)技术的接入点。The wireless local area network access point in this paper is an independent access point using wireless local area network (English: Wireless Local Area Network; WLAN) technology.
本文中的接入控制器,为AP的控制器,属于核心网侧的网元。The access controller in this document is the controller of the AP and belongs to the network element on the core network side.
本文中的平台,可以是在现有网络中新增的物理设备,也可以是一个功能模块,集成在现有网络中的物理设备上,本发明并不限定。The platform in this document may be a physical device added to an existing network, or may be a functional module integrated on a physical device in an existing network, and the present invention is not limited thereto.
可选的,平台可以包括用于存储数据(例如下文中的鉴权特征)的服务器以及接口模块,接口模块用于与终端设备进行交互,例如接收终端设备的请求,并查询鉴权特征并将鉴权特征发送给终端设备,或者是接收终端设备上报的鉴权特征并存储在服务器中。Optionally, the platform may include a server for storing data (for example, an authentication feature hereinafter) and an interface module for interacting with the terminal device, for example, receiving a request of the terminal device, and querying the authentication feature and The authentication feature is sent to the terminal device, or the authentication feature reported by the terminal device is received and stored in the server.
本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。The term "and/or" in this context is merely an association describing the associated object, indicating that there may be three relationships, for example, A and / or B, which may indicate that A exists separately, and both A and B exist, respectively. B these three situations. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
本发明实施例提供一种网络认证方法,该方法可以应用于网络系统中。 请参考图1所示,为本发明实施例提供的一种简化的网络系统图。该网络系统包括终端设备、平台和AC。终端设备例如为智能手机、平板电脑、智能电视等。终端设备与平台之间进行鉴权特征的获取交互。终端设备与AC之间进行认证交互。The embodiment of the invention provides a network authentication method, which can be applied to a network system. Please refer to FIG. 1 , which is a simplified network system diagram provided by an embodiment of the present invention. The network system includes a terminal device, a platform, and an AC. The terminal device is, for example, a smartphone, a tablet, a smart TV, or the like. The acquisition and interaction of the authentication feature between the terminal device and the platform. The terminal device and the AC perform authentication interaction.
请参考图2所示,为本实施例中终端设备侧的网络认证方法的流程图。该方法包括以下内容:Please refer to FIG. 2, which is a flowchart of a network authentication method on the terminal device side in this embodiment. The method includes the following:
步骤101:终端设备在扫描到可用的AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;Step 101: The terminal device sends a query request to the platform when scanning the available AP, the query request is used to request to obtain an authentication feature of the AP, where the authentication feature includes the name of the access controller AC. And a uniform resource locator URL;
步骤102:终端设备接收所述平台发送的查询结果;Step 102: The terminal device receives the query result sent by the platform.
步骤103:若所述查询结果包括所述鉴权特征,所述终端设备获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;Step 103: If the query result includes the authentication feature, the terminal device acquires a user name and a password; the user name and the password are authentication parameters used by the AC to authenticate the terminal device;
步骤104:终端设备根据所述鉴权特征将所述用户名和所述密码发送给所述AC。Step 104: The terminal device sends the username and the password to the AC according to the authentication feature.
在步骤101中,例如终端设备通过搜索可用的SSID,搜索到一个信号强度最强的AP,此时可以触发步骤101,步骤101中所述的可用的AP,即为该信号强度最强的AP。在实际运用中,也可以是终端设备通过搜索可用的SSID,然后在终端设备的显示屏上显示一个可用的AP的列表,用户可以根据信号强度或者其它因素点选其中一个AP,此时终端设备会执行步骤101,步骤101中所述的可用的AP即为用户选中的AP。In step 101, for example, the terminal device searches for an AP with the strongest signal strength by searching for the available SSID. At this time, step 101 can be triggered. The available AP described in step 101 is the AP with the strongest signal strength. . In actual use, the terminal device may also search for an available SSID, and then display a list of available APs on the display screen of the terminal device, and the user may select one of the APs according to the signal strength or other factors, and the terminal device at this time. Step 101 is performed, and the available APs described in step 101 are APs selected by the user.
其中,鉴权特征包括AC的名称和URL。AC为AP的接入控制器。因为能对该AP进行鉴权的主体是AP的AC,所以终端设备需要获取到该AC的名称和URL,以使能够将步骤103中的用户名和密码发送给该AP对应的AC,AC再根据用户名和密码进行认证。The authentication feature includes the name and URL of the AC. The AC is the access controller of the AP. Because the subject that can authenticate the AP is the AC of the AP, the terminal device needs to obtain the name and URL of the AC, so that the username and password in step 103 can be sent to the AC corresponding to the AP, and the AC Username and password are authenticated.
可选的,鉴权特征还包括AC的IP地址和/或AC的SSID。当然,在实际运用中,鉴权特征还可以包括其它特征参数,例如动作类型(actiontype)、媒 体接入控制(英文:Media Access Control;简称:MAC)地址、登录会话标识(logonsessid)、用户代理标识(uaid),本发明不作具体限定。当终端设备通过步骤101将查询请求之后,平台侧的执行流程如图3所示,该方法包括:Optionally, the authentication feature further includes an IP address of the AC and/or an SSID of the AC. Of course, in practical applications, the authentication feature may also include other feature parameters, such as action type and media. The physical access control (English: Media Access Control; MAC address), the login session identifier (logonsessid), and the user agent identifier (uaid) are not specifically limited in the present invention. After the terminal device sends the query request through step 101, the execution flow of the platform side is as shown in FIG. 3, and the method includes:
步骤201:平台接收第一终端设备发送的第一查询请求;第一查询请求用于请求获取所述AP的鉴权特征;与步骤101对应;Step 201: The platform receives the first query request sent by the first terminal device, where the first query request is used to request the authentication feature of the AP; corresponding to step 101;
步骤202:平台查询所述AP的鉴权特征;Step 202: The platform queries an authentication feature of the AP.
步骤203:若未查询到所述AP的鉴权特征,平台向第一终端设备发送表征未查询到所述鉴权特征的查询结果;Step 203: If the authentication feature of the AP is not queried, the platform sends a query result indicating that the authentication feature is not queried to the first terminal device.
步骤204:平台接收第一终端设备发送的所述AP的鉴权特征;Step 204: The platform receives an authentication feature of the AP sent by the first terminal device.
步骤205:平台记录所述AP和所述AP的鉴权特征之间的对应关系。Step 205: The platform records a correspondence between the AP and an authentication feature of the AP.
可选的,若查询到所述AP的鉴权特征,所述平台向第一终端设备发送包括所述鉴权特征的查询结果。Optionally, if the authentication feature of the AP is queried, the platform sends a query result including the authentication feature to the first terminal device.
其中,在步骤202中,平台可以通过查询AP和鉴权特征的对应关系,获得所述AP的鉴权特征。举例来说,平台上存储有AP的标识(ID)和鉴权特征的对应关系表。查询请求中包含AP的ID,所以当平台接收到查询请求时,就利用AP的ID在前述对应关系表中进行匹配,进而可以查询到所述AP对应的鉴权特征。In step 202, the platform may obtain the authentication feature of the AP by querying the correspondence between the AP and the authentication feature. For example, a correspondence table between an identifier (ID) of an AP and an authentication feature is stored on the platform. The query request includes the ID of the AP, so when the platform receives the query request, the AP uses the ID of the AP to match in the foregoing correspondence table, and the authentication feature corresponding to the AP can be queried.
在得到查询结果后,平台向第一终端设备发送查询结果。在查询到AP的鉴权特征时,就在查询结果中携带AP的鉴权特征。After obtaining the query result, the platform sends the query result to the first terminal device. When the authentication feature of the AP is queried, the authentication feature of the AP is carried in the query result.
若未查询到AP的鉴权特征,执行步骤203,即向第一终端设备表征未查询到AP的鉴权特征的查询结果。If the authentication feature of the AP is not queried, step 203 is performed to indicate to the first terminal device that the query result of the authentication feature of the AP is not queried.
对应的,终端设备会接收到平台发送的查询结果。若查询结果包括鉴权特征,执行步骤103,即终端设备获取用户名和密码。在实际应用中,用户名和密码可以是预先设置的,例如用户预先进行设置,也可以是由平台预先分发给终端设备的。当然,用户名和密码也可以是由用户输入的。Correspondingly, the terminal device receives the query result sent by the platform. If the query result includes the authentication feature, go to step 103, that is, the terminal device obtains the username and password. In practical applications, the user name and password may be preset, for example, the user may set it in advance, or may be pre-distributed to the terminal device by the platform. Of course, the username and password can also be entered by the user.
接下来执行步骤104,即根据鉴权特征将用户名和密码发送给AC。AC在接收到终端设备发送的用户名和密码后,对用户名和密码进行验证,如果 验证成功,还可以给终端设备发送认证通过的消息。此时,终端设备可以通过所述可用的AP访问外部网络或特定网络。Next, step 104 is performed, that is, the username and password are sent to the AC according to the authentication feature. After receiving the username and password sent by the terminal device, the AC verifies the username and password. If the verification is successful, the terminal device can also send a message that the authentication is passed. At this time, the terminal device can access the external network or the specific network through the available AP.
需要说明的是,当鉴权特征中还包括如上述描述的或其它特征参数时,如果这些特征参数也是鉴权需要的,例如logonsessid,那么步骤104表达的含义也包括将鉴权特征中需要发送给AC的特征参数也发送给AC,AC根据这些特征参数进行鉴权,并根据用户名和密码进行认证。It should be noted that, when the authentication feature further includes the foregoing or other feature parameters, if the feature parameters are also required for authentication, such as logonsessid, the meaning expressed in step 104 also includes the need to send the authentication feature. The characteristic parameters of the AC are also sent to the AC, and the AC performs authentication according to these characteristic parameters, and performs authentication according to the user name and password.
由上面描述可以看出,本发明实施例中的网络认证方法,通过直接向平台请求鉴权所需的鉴权特征,而不需要像现有技术中,必须先由终端设备访问任意地址,然后由AP强制重定向至门户网站的页面,再通过解析该页面获得鉴权所需的鉴权特征,所以本发明实施例中的方法中,认证流程更简洁,所以大大的缩短了认证时间,所以用户等待的时间变短,提高了用户的体验度。As can be seen from the above description, the network authentication method in the embodiment of the present invention does not need to access an arbitrary address by the terminal device, and then needs to access an arbitrary address by the terminal device, as in the prior art, and then The AP is forcibly redirected to the page of the portal, and the authentication feature required for the authentication is obtained by parsing the page. Therefore, in the method in the embodiment of the present invention, the authentication process is more concise, so the authentication time is greatly shortened. The user waits for a shorter time, which improves the user experience.
可选的,在用户名和密码为预先设置的情况下,终端设备在获取到用户名和密码后,则直接触发执行步骤104。Optionally, in the case that the username and the password are preset, the terminal device directly triggers the execution of step 104 after obtaining the username and password.
可选的,在用户名和密码为用户输入的情况下,在用户点击“登录”按钮之后,终端设备触发执行步骤104。Optionally, in the case that the username and password are input by the user, after the user clicks the “login” button, the terminal device triggers execution of step 104.
请继续参考图2所示,该方法还包括:Please continue to refer to Figure 2, the method further includes:
步骤105:若查询结果表示未查询到鉴权特征,终端设备访问任意网络地址;Step 105: If the query result indicates that the authentication feature is not queried, the terminal device accesses any network address.
步骤106:终端设备接收门户网站的页面;Step 106: The terminal device receives a page of the portal website.
步骤107:终端设备通过解析所述页面,获得鉴权特征;Step 107: The terminal device obtains an authentication feature by parsing the page.
步骤108:终端设备获取用户名和密码;然后执行步骤104。Step 108: The terminal device acquires the username and password; then, step 104 is performed.
其中,在步骤105中,具体可以是终端设备直接触发任意网络地址的访问,例如直接在历史访问记录中随机选择一个网络地址进行访问,也可以是访问预设任意网络地址。在实际运用中,也可以是由用户输入网络地址或者点击任意一个网络地址的链接,此时触发电子设备执行步骤105。In step 105, the terminal device may directly trigger the access of any network address, for example, randomly selecting a network address for access in the historical access record, or accessing the preset arbitrary network address. In actual use, the user may input a network address or click a link of any one of the network addresses, and the triggering electronic device performs step 105.
AP在检测到终端设备访问网络地址时,就将该访问的地址重定向为门户 网站的地址,所以门户网站的服务器就会向终端设备发送门户网站的页面。对应的,终端设备执行步骤106,即接收门户网站的页面。此处的接收可理解为接收门户网站的数据,并呈现门户网站的数据对应的页面。When the AP detects that the terminal device accesses the network address, the AP redirects the accessed address to the portal. The address of the website, so the server of the portal will send the page of the portal to the terminal device. Correspondingly, the terminal device performs step 106, that is, receives a page of the portal website. The reception here can be understood as receiving the data of the portal and presenting the page corresponding to the data of the portal.
接下来执行步骤107,即终端设备解析该页面,以获得鉴权特征。举例来说,终端设备对该页面进行文本解析,然后在文本中查找包含了鉴权特征的字段,例如查找登录表单(loginForm),然后再查找无线局域网的接入控制器的名称(wlanacname)字段,并获得wlanacname值。Next, step 107 is performed, that is, the terminal device parses the page to obtain an authentication feature. For example, the terminal device performs text parsing on the page, and then searches the text for a field containing the authentication feature, such as a login form (loginForm), and then searches for the name (wlanacname) field of the access controller of the WLAN. And get the wlanacname value.
在获得鉴权特征之后,接下来执行步骤108。步骤108的情况与步骤103的情况相同,所以在此不再赘述。在步骤108之后,接下来执行步骤104。After the authentication feature is obtained, step 108 is next performed. The case of step 108 is the same as that of step 103, and therefore will not be described herein. After step 108, step 104 is next performed.
接下来AC对用户名和密码进行认证,在认证通过后,终端设备即可访问外部网络或特定网络。Next, the AC authenticates the username and password. After the authentication is passed, the terminal device can access the external network or a specific network.
可选的,该方法还包括:终端设备接收所述AC发送的表征认证通过的消息;终端设备将所述鉴权特征发送给平台,以便于平台记录所述AP的鉴权特征。举例来说,终端设备根据解析出来的鉴权特征认证通过了,就说明该鉴权特征是正确的,有效的,那么终端设备就将解析出来的鉴权特征发送给平台。相应的,平台执行步骤204和步骤205,即接收第一终端设备发送的AP的鉴权特征,并记录所述可用的AP和其鉴权特征之间的对应关系。如此一来,当该终端设备再次请求该可用的AP的鉴权特征时,或者再有其它终端设备,例如第二终端设备发送第二查询请求,请求获取该可用的AP的鉴权特征时,平台将接收到的AP的鉴权特征发送给第二终端设备。Optionally, the method further includes: receiving, by the terminal device, a message that is sent by the AC to indicate that the authentication is passed; the terminal device sends the authentication feature to the platform, so that the platform records the authentication feature of the AP. For example, if the terminal device passes the authentication according to the parsed authentication feature, it indicates that the authentication feature is correct and valid, and the terminal device sends the parsed authentication feature to the platform. Correspondingly, the platform performs step 204 and step 205, that is, receiving an authentication feature of the AP sent by the first terminal device, and recording a correspondence between the available AP and its authentication feature. In this way, when the terminal device requests the authentication feature of the available AP again, or another terminal device, for example, the second terminal device sends a second query request, and requests to obtain the authentication feature of the available AP, The platform sends the received authentication feature of the AP to the second terminal device.
可选的,当鉴权特征是从平台处获取的,并且验证失败之后,可以再执行步骤105至步骤104的流程,并且在认证成功之后,也可以将重新获取到的鉴权特征上报给平台,以便于平台对原有的鉴权特征进行更新。Optionally, after the authentication feature is obtained from the platform, and the verification fails, the process of step 105 to step 104 may be performed, and after the authentication succeeds, the re-acquired authentication feature may also be reported to the platform. In order to facilitate the platform to update the original authentication features.
因此,在实际运用中,平台上存储的AP和其鉴权特征的对应关系的来源之一即为各终端设备上报的。Therefore, in actual use, one of the sources of the correspondence between the AP stored on the platform and its authentication feature is reported by each terminal device.
需要说明的是,平台上存储的AP的鉴权特征的来源还可以有其它实施方式,例如是网络系统预先配置好的,例如在新增一个AP时,就将AP的鉴权 特征通知给平台,平台进行记录。It should be noted that the source of the authentication feature of the AP stored on the platform may also have other implementation manners, for example, the network system is pre-configured, for example, when an AP is added, the AP is authenticated. The feature is notified to the platform and the platform is recorded.
接下来将描述一个具体的实例,来说明本发明实施例中网络认证方法的具体实施过程。请参考图4所示,首先终端设备1发现可用的AP,该AP的ID例如为00:08:3A:3D:4C。然后终端设备1向平台发送请求,以请求该AP的鉴权特征,在查询请求中可以携带该AP的ID。接下来平台查询该AP的鉴权特征,发现当前并没有记录该AP的鉴权特征,所以就向终端设备1发送表征未查询到鉴权特征的查询结果。终端设备在接收到该查询结果时,就访问任意网络地址,例如http://www.baidu.com。AP强制重定向该访问为访问门户网站,并且返回门户网站的页面给终端设备1。终端设备1解析该页面,获得鉴权特征,举例来说,解析的结果为:AC的名称为1300.0010.100.00,AC的URL为https://221.176.1.140:8090/wlan/eclient.do。可选的,还可以解析出该AC的IP地址和SSID,例如IP地址为117.130.248.254,SSID为CMCC。然后终端设备1获取用户名和密码,例如该用户名和密码为平台分发的。接下来终端设备1将用户名和密码发送给该AP对应的AC。AC对用户名和密码进行认证,在认证通过时,向终端设备1发送认证通过消息。终端设备1在接收到认证通过消息之后,说明该鉴权特征是正确的并且有效的,所以就向平台上报该AP的鉴权特征。举例来说,终端设备1向平台上报AP的鉴权特征的内容例如为表一所示。A specific example will be described next to explain the specific implementation process of the network authentication method in the embodiment of the present invention. Referring to FIG. 4, first, the terminal device 1 discovers an available AP, and the ID of the AP is, for example, 00:08:3A:3D:4C. The terminal device 1 then sends a request to the platform to request the authentication feature of the AP, and the ID of the AP may be carried in the query request. Then, the platform queries the authentication feature of the AP, and finds that the authentication feature of the AP is not currently recorded, so the query result indicating that the authentication feature is not queried is sent to the terminal device 1. When the terminal device receives the result of the query, it accesses any network address, such as http://www.baidu.com. The AP forcibly redirects the access to access the portal and returns the page of the portal to the terminal device 1. The terminal device 1 parses the page and obtains an authentication feature. For example, the result of the parsing is: the name of the AC is 1300.0010.100.00, and the URL of the AC is https://221.176.1.140:8090/wlan/eclient.do. Optionally, the IP address and SSID of the AC may also be parsed, for example, the IP address is 117.130.248.254, and the SSID is CMCC. The terminal device 1 then obtains a username and password, for example, the username and password are distributed for the platform. Next, the terminal device 1 transmits the username and password to the AC corresponding to the AP. The AC authenticates the username and password, and sends an authentication pass message to the terminal device 1 when the authentication is passed. After receiving the authentication pass message, the terminal device 1 indicates that the authentication feature is correct and valid, so the authentication feature of the AP is reported to the platform. For example, the content of the authentication feature of the AP that the terminal device 1 reports to the platform is as shown in Table 1.
Figure PCTCN2016079997-appb-000001
Figure PCTCN2016079997-appb-000001
表一Table I
其中,用户IP即为终端设备1的IP地址。The user IP is the IP address of the terminal device 1.
平台在接收到终端设备1上报的AP的鉴权特征之后,记录该AP的鉴权特征,记录的形式例如也如表一所示。 After receiving the authentication feature of the AP reported by the terminal device 1, the platform records the authentication feature of the AP. The format of the record is also shown in Table 1, for example.
之后,终端设备2也发现了该AP可用,所以也向平台发送查询请求,以请求该AP的鉴权特征,查询请求中例如包括该AP的ID。类似的,平台进行查询,例如用该AP的ID进行查询。因为之前终端设备已上报过该AP的鉴权特征,并且平台也进行了记录,所以此次查询,就会查询到该AP的鉴权特征。然后平台将查询到的鉴权特征返回给终端设备2。接下来终端设备2就获取并发送用户名和密码给AC。AC对用户名和密码进行认证,并在认证通过时,发送认证通过消息给终端设备2。After that, the terminal device 2 also finds that the AP is available, so the query request is also sent to the platform to request the authentication feature of the AP, and the query request includes, for example, the ID of the AP. Similarly, the platform performs a query, such as querying with the ID of the AP. Because the terminal device has reported the authentication feature of the AP and the platform has also recorded, the query will query the authentication feature of the AP. The platform then returns the queried authentication features to the terminal device 2. Next, the terminal device 2 acquires and sends a username and password to the AC. The AC authenticates the username and password, and sends an authentication pass message to the terminal device 2 when the authentication is passed.
由此可见,对于终端设备2而言,直接就可以从平台获取到所需的鉴权特征,所以不需要再像终端设备1那样,要先进行任意网络地址的访问,并解析门户网站的页面才能获取到所需的鉴权特征,所以终端设备2的认证速度就会较快,减少了用户等待的时间,提高了用户体验度。进一步,随着该方法的实施时间的推移,会有越来越多的AP的鉴权特征记录在平台上,所以可以缩短越来越多的终端设备的认证过程。It can be seen that, for the terminal device 2, the required authentication feature can be obtained directly from the platform, so that it is not necessary to access any network address first, and parse the page of the portal website like the terminal device 1 In order to obtain the required authentication features, the authentication speed of the terminal device 2 is faster, which reduces the waiting time of the user and improves the user experience. Further, as the implementation time of the method changes, more and more AP authentication features are recorded on the platform, so that more and more terminal device authentication processes can be shortened.
在实际运用中,图2中所示的网络认证方法可以通过客户端实现,客户端可以运行在终端设备上,和平台形成客户端-服务器的工作模式。请参考图5所示,该客户端包括:发送模块301,用于在终端设备扫描到可用的AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括AC的名称以及URL;接收模块302,用于接收所述平台发送的查询结果;获取模块303,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;发送模块301还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。In practical use, the network authentication method shown in FIG. 2 can be implemented by a client, the client can run on the terminal device, and the platform forms a client-server working mode. Referring to FIG. 5, the client includes: a sending module 301, configured to send a query request to the platform when the terminal device scans an available AP, where the query request is used to request to obtain an authentication feature of the AP; The authentication feature includes the name of the AC and the URL; the receiving module 302 is configured to receive the query result sent by the platform; and the obtaining module 303 is configured to obtain the username and the username if the query result includes the authentication feature a password; the user name and the password are authentication parameters used by the AC to authenticate the terminal device; the sending module 301 is further configured to: send the user name and the password to the user according to the authentication feature Said AC.
可选的,客户端还包括访问模块304和解析模块305,访问模块304用于若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;接收模块302还用于接收门户网站的页面;解析模块305用于通过解析所述页面,获得所述鉴权特征;获取模块303还用于:获取所述用户名和所述密码;发送模块301还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。 Optionally, the client further includes an access module 304 and a parsing module 305, where the access module 304 is configured to access any network address if the query result indicates that the authentication feature is not queried; and the receiving module 302 is further configured to receive the portal website. The parsing module 305 is configured to obtain the authentication feature by parsing the page; the obtaining module 303 is further configured to: obtain the username and the password; and the sending module 301 is further configured to: according to the authentication feature Sending the username and the password to the AC.
可选的,接收模块302还用于:接收所述AC发送的表征认证通过的消息;Optionally, the receiving module 302 is further configured to: receive, by the AC, a message that indicates that the authentication is passed;
发送模块301还用于:将所述鉴权特征发送给所述平台。The sending module 301 is further configured to: send the authentication feature to the platform.
可选的,获取模块303用于获取预先配置的所述用户名和所述密码。Optionally, the obtaining module 303 is configured to obtain the pre-configured username and the password.
前述图2实施例中的网络认证方法中的各种变化方式和具体实例同样适用于本实施例的客户端,通过前述对网络认证方法的详细描述,本领域技术人员可以清楚的知道本实施例中客户端的实施方法,所以为了说明书的简洁,在此不再详述。The various changes and specific examples in the network authentication method in the foregoing embodiment of FIG. 2 are also applicable to the client in this embodiment. The foregoing description of the network authentication method can be clearly known to those skilled in the art. The implementation method of the client, so for the sake of brevity of the description, it will not be described in detail here.
本发明实施例还提供一种终端设备,该终端设备包括:无线通信模块,用于扫描可用的AP;如图5及其实施例描述的客户端。The embodiment of the present invention further provides a terminal device, where the terminal device includes: a wireless communication module, configured to scan an available AP; and the client as described in FIG. 5 and its embodiments.
基于同一发明构思,本发明实施例还提供一种终端设备,例如智能手机、平板电脑、桌上电脑。请参考图6所示,该终端设备包括:处理器10、发送器20、接收器30、存储器40和无线通信模块50。存储器40、发送器20和接收器30和处理器10可以通过总线进行连接。当然,在实际运用中,存储器40、发送器20和接收器30和处理器10之间可以不是总线结构,而可以是其它结构,例如星型结构,本申请不作具体限定。Based on the same inventive concept, an embodiment of the present invention further provides a terminal device, such as a smart phone, a tablet computer, and a desktop computer. Referring to FIG. 6, the terminal device includes a processor 10, a transmitter 20, a receiver 30, a memory 40, and a wireless communication module 50. The memory 40, the transmitter 20 and the receiver 30 and the processor 10 can be connected via a bus. Of course, in the actual application, the memory 40, the transmitter 20, and the receiver 30 and the processor 10 may not be a bus structure, but may be other structures, such as a star structure, which is not specifically limited herein.
可选的,处理器10具体可以是中央处理器、特定应用集成电路(英文:Application Specific Integrated Circuit,简称:ASIC),可以是一个或多个用于控制程序执行的集成电路,可以是使用现场可编程门阵列(英文:Field Programmable Gate Array,简称:FPGA)开发的硬件电路,可以是基带处理器。Optionally, the processor 10 may be a central processing unit, an application specific integrated circuit (ASIC), and may be one or more integrated circuits for controlling program execution, and may be used on site. A hardware circuit developed by a Field Programmable Gate Array (FPGA) can be a baseband processor.
可选的,处理器10可以包括至少一个处理核心。Alternatively, processor 10 may include at least one processing core.
可选的,存储器40可以包括只读存储器(英文:Read Only Memory,简称:ROM)、随机存取存储器(英文:Random Access Memory,简称:RAM)和磁盘存储器。存储器40用于存储处理器10运行时所需的数据。存储器40的数量为一个或多个。Optionally, the memory 40 may include a read only memory (English: Read Only Memory, ROM for short), a random access memory (English: Random Access Memory, RAM for short), and a disk storage. The memory 40 is used to store data required by the processor 10 to operate. The number of memories 40 is one or more.
可选的,发送器20和接收器30在物理上可以相互独立也可以集成在一起。 Alternatively, the transmitter 20 and the receiver 30 may be physically independent of each other or integrated.
可选的,无线通信模块50为WLAN无线通信模块,用于扫描可用的AP以及接入AP,进而可以通过WLAN进行通信。Optionally, the wireless communication module 50 is a WLAN wireless communication module, configured to scan available APs and access APs, and thus can communicate through the WLAN.
可选的,终端设备还包括显示屏,用于显示终端设备中的数据,便于用户操作终端设备。Optionally, the terminal device further includes a display screen for displaying data in the terminal device, so that the user can operate the terminal device.
具体的,发送器20用于在无线通信模块50扫描到可用的AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括AC的名称以及URL;接收器30,用于接收所述平台发送的查询结果;处理器10,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;发送器20还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。Specifically, the sender 20 is configured to send a query request to the platform when the wireless communication module 50 scans an available AP, where the query request is used to request an authentication feature of the AP, where the authentication feature includes The name of the AC and the URL; the receiver 30 is configured to receive the query result sent by the platform; the processor 10 is configured to obtain a user name and a password if the query result includes the authentication feature; the user name and the The password is an authentication parameter used by the AC to authenticate the terminal device. The sender 20 is further configured to: send the username and the password to the AC according to the authentication feature.
可选的,处理器10还用于:若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;Optionally, the processor 10 is further configured to: if the query result indicates that the authentication feature is not queried, accessing any network address;
接收器30还用于:接收门户网站的页面;The receiver 30 is further configured to: receive a page of the portal website;
处理器10还用于:通过解析所述页面,获得所述鉴权特征;以及获取所述用户名和所述密码;The processor 10 is further configured to: obtain the authentication feature by parsing the page; and obtain the username and the password;
发送器20还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The transmitter 20 is further configured to: send the username and the password to the AC according to the authentication feature.
可选的,接收器30还用于:接收所述AC发送的表征认证通过的消息;Optionally, the receiver 30 is further configured to: receive, by the AC, a message that indicates that the authentication is passed;
发送器20还用于:将所述鉴权特征发送给所述平台。The transmitter 20 is further configured to: send the authentication feature to the platform.
可选的,处理器10用于获取预先配置的所述用户名和所述密码。Optionally, the processor 10 is configured to obtain the pre-configured username and the password.
前述图2实施例中的网络认证方法中的各种变化方式和具体实例同样适用于本实施例的终端设备,通过前述对网络认证方法的详细描述,本领域技术人员可以清楚的知道本实施例中终端设备的实施方法,所以为了说明书的简洁,在此不再详述。The various changes and specific examples in the foregoing network authentication method in the embodiment of FIG. 2 are also applicable to the terminal device in this embodiment. Through the foregoing detailed description of the network authentication method, those skilled in the art can clearly understand the present embodiment. The implementation method of the terminal device is so detailed for the sake of brevity of the description.
基于同一发明构思,本发明实施例还提供一种平台,例如服务器。请参考图7所示,该服务器包括:处理器60、发送器80、接收器70和存储器90。 与图6中的终端设备不同的是,本实施例中的平台可以不包括无线通信模块,而其余元器件和图6中的终端设备的命名相同的元器件类似,所以相同的部分将不再赘述,下面将描述本实施例中平台的各元件器不同于图6的终端设备的部分。Based on the same inventive concept, an embodiment of the present invention further provides a platform, such as a server. Referring to FIG. 7, the server includes a processor 60, a transmitter 80, a receiver 70, and a memory 90. Different from the terminal device in FIG. 6, the platform in this embodiment may not include the wireless communication module, and the remaining components are similar to the components named in the terminal device in FIG. 6, so the same portion will no longer be used. To be described, portions of the components of the platform in this embodiment which are different from those of the terminal device of FIG. 6 will be described below.
具体的,接收器70,用于接收第一终端设备发送的第一查询请求,所述查询请求用于请求获取AP的鉴权特征;其中,所述鉴权特征包括AC的名称以及URL;处理器60,用于平台查询所述AP的鉴权特征;发送器80,用于若未查询到所述AP的鉴权特征,向第一终端设备发送表征未查询到所述鉴权特征的查询结果;接收器70还用于接收第一终端设备发送的所述AP的鉴权特征;处理器60还用于记录所述AP和所述AP的鉴权特征之间的对应关系。举例来说,处理器60将该对应关系记录在存储器90上。Specifically, the receiver 70 is configured to receive a first query request sent by the first terminal device, where the query request is used to request an authentication feature of the AP, where the authentication feature includes an AC name and a URL; The device 60 is configured to query, by the platform, the authentication feature of the AP, and the sender 80 is configured to send, to the first terminal device, a query indicating that the authentication feature is not queried, if the authentication feature of the AP is not queried The result is that the receiver 70 is further configured to receive an authentication feature of the AP sent by the first terminal device; the processor 60 is further configured to record a correspondence between the AP and an authentication feature of the AP. For example, processor 60 records the correspondence on memory 90.
可选的,发送器80还用于:若查询到所述AP的鉴权特征,所述平台向第一终端设备发送包括所述鉴权特征的查询结果。Optionally, the sender 80 is further configured to: if the authentication feature of the AP is queried, the platform sends a query result including the authentication feature to the first terminal device.
可选的,接收器70还用于:在接收第一终端设备发送的所述AP的鉴权特征之后,接收第二终端设备发送的第二查询请求,第二查询请求用于请求获取所述AP的鉴权特征;发送器80还用于:将接收到的所述AP的鉴权特征发送给第二终端设备。Optionally, the receiver 70 is further configured to: after receiving the authentication feature of the AP sent by the first terminal device, receive a second query request sent by the second terminal device, where the second query request is used to request to obtain the The authentication feature of the AP is further configured to: send the received authentication feature of the AP to the second terminal device.
前述图3实施例中的网络认证方法中的各种变化方式和具体实例同样适用于本实施例的平台,通过前述对网络认证方法的详细描述,本领域技术人员可以清楚的知道本实施例中平台的实施方法,所以为了说明书的简洁,在此不再详述。The various changes and specific examples in the network authentication method in the foregoing embodiment of FIG. 3 are also applicable to the platform in this embodiment. The foregoing detailed description of the network authentication method can be clearly known to those skilled in the art. The implementation method of the platform, so for the sake of brevity of the description, it will not be described in detail here.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产 品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is directed to a method, apparatus (system), and computer program according to an embodiment of the present invention. The flow chart and/or block diagram of the product is described. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (19)

  1. 一种网络认证方法,其特征在于,包括:A network authentication method, comprising:
    终端设备在扫描到可用的接入点AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;When the terminal device scans the available access point AP, the terminal device sends a query request to the platform, where the query request is used to request an authentication feature of the AP, where the authentication feature includes the name of the access controller AC. And a uniform resource locator URL;
    所述终端设备接收所述平台发送的查询结果;Receiving, by the terminal device, a query result sent by the platform;
    若所述查询结果包括所述鉴权特征,所述终端设备获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;If the query result includes the authentication feature, the terminal device acquires a user name and a password; the user name and the password are authentication parameters used by the AC to authenticate the terminal device;
    所述终端设备根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The terminal device sends the username and the password to the AC according to the authentication feature.
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 wherein the method further comprises:
    若所述查询结果表示未查询到所述鉴权特征,所述终端设备访问任意网络地址;If the query result indicates that the authentication feature is not queried, the terminal device accesses any network address;
    所述终端设备接收门户网站的页面;Receiving, by the terminal device, a page of a portal website;
    所述终端设备通过解析所述页面,获得所述鉴权特征;The terminal device obtains the authentication feature by parsing the page;
    所述终端设备获取所述用户名和所述密码;The terminal device acquires the username and the password;
    所述终端设备根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The terminal device sends the username and the password to the AC according to the authentication feature.
  3. 如权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    所述终端设备接收所述AC发送的表征认证通过的消息;Receiving, by the terminal device, a message that is sent by the AC to indicate that the authentication is passed;
    所述终端设备将所述鉴权特征发送给所述平台。The terminal device sends the authentication feature to the platform.
  4. 如权利要求1-3任一项所述的方法,其特征在于,所述终端设备获取用户名和密码,包括:The method according to any one of claims 1-3, wherein the terminal device acquires a username and password, including:
    所述终端设备获取预先配置的所述用户名和所述密码。The terminal device acquires the pre-configured username and the password.
  5. 一种网络认证方法,其特征在于,包括: A network authentication method, comprising:
    平台接收第一终端设备发送的第一查询请求,所述第一查询请求用于请求获取接入点AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;The platform receives the first query request sent by the first terminal device, where the first query request is used to request to obtain an authentication feature of the access point AP, where the authentication feature includes the name of the access controller AC and the unified resource. Locator URL;
    所述平台查询所述AP的鉴权特征;The platform queries an authentication feature of the AP;
    若未查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送表征未查询到所述鉴权特征的查询结果;If the authentication feature of the AP is not queried, the platform sends a query result indicating that the authentication feature is not queried to the first terminal device;
    所述平台接收所述第一终端设备发送的所述AP的鉴权特征;Receiving, by the platform, an authentication feature of the AP sent by the first terminal device;
    所述平台记录所述AP和所述AP的鉴权特征之间的对应关系。The platform records a correspondence between the AP and an authentication feature of the AP.
  6. 如权利要求5所述的方法,其特征在于,所述方法还包括:The method of claim 5, wherein the method further comprises:
    若查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送包括所述鉴权特征的查询结果。If the authentication feature of the AP is queried, the platform sends a query result including the authentication feature to the first terminal device.
  7. 如权利要求5所述的方法,其特征在于,在所述平台接收所述第一终端设备发送的所述AP的鉴权特征之后,所述方法还包括:The method of claim 5, wherein after the platform receives the authentication feature of the AP sent by the first terminal device, the method further includes:
    所述平台接收第二终端设备发送的第二查询请求,所述第二查询请求用于请求获取所述AP的鉴权特征;Receiving, by the platform, a second query request sent by the second terminal device, where the second query request is used to request to acquire an authentication feature of the AP;
    所述平台将接收到的所述AP的鉴权特征发送给所述第二终端设备。The platform sends the received authentication feature of the AP to the second terminal device.
  8. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    无线通信模块,用于扫描可用的接入点AP;a wireless communication module, configured to scan an available access point AP;
    发送器,用于在所述无线通信模块扫描到可用的AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;a transmitter, configured to send a query request to the platform when the wireless communication module scans an available AP, where the query request is used to request an authentication feature of the AP; wherein the authentication feature includes access The name of the controller AC and the Uniform Resource Locator URL;
    接收器,用于接收所述平台发送的查询结果;a receiver, configured to receive a query result sent by the platform;
    处理器,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;a processor, configured to acquire a user name and a password if the query result includes the authentication feature; the user name and the password are authentication parameters used by the AC to authenticate the terminal device;
    所述发送器还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。 The transmitter is further configured to: send the username and the password to the AC according to the authentication feature.
  9. 如权利要求8所述的终端设备,其特征在于,所述处理器还用于:若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;The terminal device according to claim 8, wherein the processor is further configured to: if the query result indicates that the authentication feature is not queried, accessing an arbitrary network address;
    所述接收器还用于:接收门户网站的页面;The receiver is further configured to: receive a page of a portal website;
    所述处理器还用于:通过解析所述页面,获得所述鉴权特征;以及获取所述用户名和所述密码;The processor is further configured to: obtain the authentication feature by parsing the page; and obtain the username and the password;
    所述发送器还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The transmitter is further configured to: send the username and the password to the AC according to the authentication feature.
  10. 如权利要求9所述的终端设备,其特征在于,所述接收器还用于:接收所述AC发送的表征认证通过的消息;The terminal device according to claim 9, wherein the receiver is further configured to: receive, by the AC, a message indicating that the authentication is passed;
    所述发送器还用于:将所述鉴权特征发送给所述平台。The transmitter is further configured to: send the authentication feature to the platform.
  11. 如权利要求8-10任一项所述的终端设备,其特征在于,所述处理器用于获取预先配置的所述用户名和所述密码。The terminal device according to any one of claims 8 to 10, wherein the processor is configured to acquire the pre-configured user name and the password.
  12. 一种平台,其特征在于,包括:A platform, comprising:
    接收器,用于接收第一终端设备发送的第一查询请求,所述第一查询请求用于请求获取接入点AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;a receiver, configured to receive a first query request sent by the first terminal device, where the first query request is used to request to acquire an authentication feature of the access point AP, where the authentication feature includes an access controller AC Name and Uniform Resource Locator URL;
    处理器,用于查询所述AP的鉴权特征;a processor, configured to query an authentication feature of the AP;
    发送器,用于若未查询到所述AP的鉴权特征,向所述第一终端设备发送表征未查询到所述鉴权特征的查询结果;a sender, configured to send, to the first terminal device, a query result that does not query the authentication feature, if the authentication feature of the AP is not queried;
    所述接收器还用于接收所述第一终端设备发送的所述AP的鉴权特征;The receiver is further configured to receive an authentication feature of the AP sent by the first terminal device;
    所述处理器还用于记录所述AP和所述AP的鉴权特征之间的对应关系。The processor is further configured to record a correspondence between the AP and an authentication feature of the AP.
  13. 如权利要求12所述的平台,其特征在于,所述发送器还用于:若查询到所述AP的鉴权特征,所述平台向所述第一终端设备发送包括所述鉴权特征的查询结果。The platform according to claim 12, wherein the transmitter is further configured to: if the authentication feature of the AP is queried, the platform sends the authentication function including the authentication feature to the first terminal device search result.
  14. 如权利要求12所述的平台,其特征在于,所述接收器还用于:在接收所述第一终端设备发送的所述AP的鉴权特征之后,接收第二终端设备发送的第二查询请求,所述第二查询请求用于请求获取所述AP的鉴权特征; The platform according to claim 12, wherein the receiver is further configured to: after receiving the authentication feature of the AP sent by the first terminal device, receive a second query sent by the second terminal device Requesting, the second query request is used to request to acquire an authentication feature of the AP;
    所述发送器还用于:将接收到的所述AP的鉴权特征发送给所述第二终端设备。The transmitter is further configured to: send the received authentication feature of the AP to the second terminal device.
  15. 一种客户端,其特征在于,包括:A client, comprising:
    发送模块,用于在终端设备扫描到可用的接入点AP时,向平台发送查询请求,所述查询请求用于请求获取所述AP的鉴权特征;其中,所述鉴权特征包括接入控制器AC的名称以及统一资源定位符URL;所述终端设备为运行所述客户端的设备;a sending module, configured to send a query request to the platform when the terminal device scans the available access point AP, where the query request is used to request an authentication feature of the AP, where the authentication feature includes access a name of the controller AC and a uniform resource locator URL; the terminal device is a device running the client;
    接收模块,用于接收所述平台发送的查询结果;a receiving module, configured to receive a query result sent by the platform;
    获取模块,用于若所述查询结果包括所述鉴权特征,获取用户名和密码;所述用户名和所述密码为所述AC对所述终端设备进行认证时使用的认证参数;An obtaining module, configured to obtain a user name and a password if the query result includes the authentication feature; the user name and the password are authentication parameters used by the AC to authenticate the terminal device;
    所述发送模块还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The sending module is further configured to: send the username and the password to the AC according to the authentication feature.
  16. 如权利要求15所述的客户端,其特征在于,所述客户端还包括访问模块和解析模块,The client according to claim 15, wherein the client further comprises an access module and a parsing module.
    所述访问模块用于若所述查询结果表示未查询到所述鉴权特征,访问任意网络地址;The access module is configured to access any network address if the query result indicates that the authentication feature is not queried;
    所述接收模块还用于接收门户网站的页面;The receiving module is further configured to receive a page of a portal website;
    所述解析模块用于通过解析所述页面,获得所述鉴权特征;The parsing module is configured to obtain the authentication feature by parsing the page;
    所述获取模块还用于:获取所述用户名和所述密码;The obtaining module is further configured to: obtain the username and the password;
    所述发送模块还用于:根据所述鉴权特征将所述用户名和所述密码发送给所述AC。The sending module is further configured to: send the username and the password to the AC according to the authentication feature.
  17. 如权利要求16所述的客户端,其特征在于,所述接收模块还用于:接收所述AC发送的表征认证通过的消息;The client according to claim 16, wherein the receiving module is further configured to: receive a message sent by the AC to indicate that the authentication is passed;
    所述发送模块还用于:将所述鉴权特征发送给所述平台。The sending module is further configured to: send the authentication feature to the platform.
  18. 如权利要求15-17任一项所述的客户端,其特征在于,所述获取模块用于预先配置的所述用户名和所述密码。 The client according to any one of claims 15-17, wherein the obtaining module is configured to pre-configure the username and the password.
  19. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    无线通信模块,用于扫描可用的接入点AP;a wireless communication module, configured to scan an available access point AP;
    如权利要求15-18任一项所述的客户端。 A client as claimed in any of claims 15-18.
PCT/CN2016/079997 2016-04-22 2016-04-22 Network authentication method, client, terminal device and platform WO2017181407A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680024607.0A CN107534859B (en) 2016-04-22 2016-04-22 Network authentication method, client, terminal equipment and platform
PCT/CN2016/079997 WO2017181407A1 (en) 2016-04-22 2016-04-22 Network authentication method, client, terminal device and platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/079997 WO2017181407A1 (en) 2016-04-22 2016-04-22 Network authentication method, client, terminal device and platform

Publications (1)

Publication Number Publication Date
WO2017181407A1 true WO2017181407A1 (en) 2017-10-26

Family

ID=60115478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/079997 WO2017181407A1 (en) 2016-04-22 2016-04-22 Network authentication method, client, terminal device and platform

Country Status (2)

Country Link
CN (1) CN107534859B (en)
WO (1) WO2017181407A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109085413A (en) * 2018-07-25 2018-12-25 重庆骞纳马科技有限公司 A kind of non-contact type high voltage switchgear safety detecting system and its control method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108430092A (en) 2018-01-30 2018-08-21 上海连尚网络科技有限公司 Obtain, provide method, equipment and the medium of wireless access point access information
CN112261168A (en) * 2020-09-30 2021-01-22 厦门市美亚柏科信息股份有限公司 Multi-IP port user information searching method, terminal equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120311150A1 (en) * 2011-06-01 2012-12-06 Yannick Koehler Indication of url prerequiste to network communication
CN103634794A (en) * 2013-10-30 2014-03-12 邦讯技术股份有限公司 WLAN (Wireless Local Area Network) terminal identification recognition method by integrating Portal
CN105072617A (en) * 2015-07-24 2015-11-18 江苏省公用信息有限公司 Authentication method based on WIFI access

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103501495A (en) * 2013-10-16 2014-01-08 苏州汉明科技有限公司 Perception-free WLAN (Wireless Local Area Network) authentication method fusing Portal/Web authentication and MAC (Media Access Control) authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120311150A1 (en) * 2011-06-01 2012-12-06 Yannick Koehler Indication of url prerequiste to network communication
CN103634794A (en) * 2013-10-30 2014-03-12 邦讯技术股份有限公司 WLAN (Wireless Local Area Network) terminal identification recognition method by integrating Portal
CN105072617A (en) * 2015-07-24 2015-11-18 江苏省公用信息有限公司 Authentication method based on WIFI access

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109085413A (en) * 2018-07-25 2018-12-25 重庆骞纳马科技有限公司 A kind of non-contact type high voltage switchgear safety detecting system and its control method

Also Published As

Publication number Publication date
CN107534859A (en) 2018-01-02
CN107534859B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
CN109309657B (en) Unauthorized access point detection system and method, user terminal used for same, and computer program
US9560617B2 (en) Wireless network access method and apparatus, terminal, and server
JP6726426B2 (en) Login-free method and device between terminals
AU2012239202B2 (en) Wireless local area network authentication method and mobile terminal
CN108551675B (en) Application client, server and corresponding Portal authentication method
US11201861B2 (en) Server for providing a token
US9357017B2 (en) Method and apparatus for automatic service discovery and connectivity
WO2017024842A1 (en) Internet access authentication method, client, computer storage medium
WO2013131472A1 (en) Message processing method, device and system
EP2908477A1 (en) Remote access method and device
WO2015000320A1 (en) Mobile terminal cross-browser login method and device
WO2020228038A1 (en) Domain name processing method, apparatus, electronic device, and storage medium
WO2017080333A1 (en) Online authentication method, authentication server and authentication system therein
CN110505188B (en) Terminal authentication method, related equipment and authentication system
CN112839331A (en) User information authentication method for wireless local area network Portal authentication escape
WO2017181407A1 (en) Network authentication method, client, terminal device and platform
CN109495362B (en) Access authentication method and device
WO2017088294A1 (en) Method and device for establishing wireless connection
CN105790944A (en) Wechat-based network authentication method and device
CN106954214B (en) Electronic device and control method thereof
KR20130123149A (en) Method for data network access authentication and an electronic device thereof
WO2013174319A2 (en) Access authentication method and device for wireless local area network
US20160234685A1 (en) Methods and Devices for Processing Identification Information
CN113207123B (en) Wireless network access method and device based on browser, storage medium and terminal
KR100886763B1 (en) The system and method for connecting web site

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16898994

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16898994

Country of ref document: EP

Kind code of ref document: A1