[go: up one dir, main page]

CN104660405A - Business equipment authentication method and equipment - Google Patents

Business equipment authentication method and equipment Download PDF

Info

Publication number
CN104660405A
CN104660405A CN201310595366.3A CN201310595366A CN104660405A CN 104660405 A CN104660405 A CN 104660405A CN 201310595366 A CN201310595366 A CN 201310595366A CN 104660405 A CN104660405 A CN 104660405A
Authority
CN
China
Prior art keywords
business device
platform server
scrip
authentication
authentication request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310595366.3A
Other languages
Chinese (zh)
Other versions
CN104660405B (en
Inventor
李建坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201310595366.3A priority Critical patent/CN104660405B/en
Publication of CN104660405A publication Critical patent/CN104660405A/en
Application granted granted Critical
Publication of CN104660405B publication Critical patent/CN104660405B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a business equipment authentication method which comprises the steps that: first, a platform server generates a provisional authentication certificate according to identification of business equipment; then, the platform server indicates wireless access equipment to generate a WLAN (Wireless Local Area Network) with a wireless function by taking the provisional authentication certificate as a WiFi SSID (Wireless Fidelity Service Set Identifier) and judges whether an agent authentication request is received from a mobile terminal within a preset time threshold; and finally, the business equipment is authenticated according to a provisional certificate and account information carried in the agent authentication request. Therefore, the mobile terminal can authenticate the business equipment only by scanning the WiFi SSID, and the convenient and quick authentication of various business equipment is achieved. The invention further discloses a platform server at the same time.

Description

一种业务设备认证方法及设备A service equipment authentication method and equipment

技术领域technical field

本发明涉及通信技术领域,特别涉及一种业务设备认证方法。本发明同时还涉及一种业务设备。The invention relates to the field of communication technology, in particular to a service equipment authentication method. The invention also relates to a business device.

背景技术Background technique

随着生活水平的提高,智能家居、家庭安防、家庭健康等和人们日常生活紧密联系的家庭业务也越来越多进入到家庭中。这些业务终端需要平台交互,以访问网络资源,外界设备的进行通信,实现数据的存储、分析、和共享等。对于这些业务设备,目前常见的业务认证方法有:With the improvement of living standards, more and more home businesses that are closely related to people's daily life, such as smart home, home security, and home health, have entered the home. These service terminals need platform interaction to access network resources, communicate with external devices, and realize data storage, analysis, and sharing. For these business devices, the current common business authentication methods are:

(1)业务设备预置SIM卡进行唯一身份认证标识;(1) The service equipment is pre-installed with a SIM card for unique identity authentication;

(2)通过业务设备的Web自服务页面输入预置的帐号和密码,详细流程如图1所示;(2) Enter the preset account number and password through the Web self-service page of the business device. The detailed process is shown in Figure 1;

(3)通过移动客户端扫描业务终端上二维码的形式实现代理认证,具体地,用于家庭业务代理认证的详细流程如图2所示。(3) Proxy authentication is realized by scanning the QR code on the business terminal with the mobile client. Specifically, the detailed process for the home business proxy authentication is shown in Figure 2.

然而,无论是采取以上或是现有技术中的任何一种业务认证方法,出于成本考虑,家庭业务的终端设备都不携带类似SIM卡的账户标识,一般也不能提供用户友好的用户展示和输入界面,如屏幕、触屏、键盘等。并且,由于这些业务设备一般为非智能嵌入式设备,CPU处理和存储能力有限,提供本地Web服务较为困难,同样会增加设备成本;同时由于用户无法知晓业务设备的被动态分配IP地址,访问其本地Web服务页面,也会增加用户的使用门槛。However, regardless of the above or any of the service authentication methods in the prior art, due to cost considerations, the terminal equipment of the home service does not carry the account identification similar to the SIM card, and generally cannot provide user-friendly user display and Input interface, such as screen, touch screen, keyboard, etc. Moreover, since these business devices are generally non-intelligent embedded devices with limited CPU processing and storage capabilities, it is difficult to provide local Web services, which will also increase equipment costs; at the same time, because users cannot know the dynamically assigned IP addresses of business devices, access to their The local web service page will also increase the user's usage threshold.

发明内容Contents of the invention

针对背景技术中的技术问题,本发明提供了一种业务设备无线认证方法,应用于包括移动终端、业务设备、无线接入设备、平台服务器的系统中,所述方法包括:In view of the technical problems in the background technology, the present invention provides a wireless authentication method for business equipment, which is applied to a system including mobile terminals, business equipment, wireless access equipment, and platform servers. The method includes:

所述平台服务器接收所述业务设备发送的认证请求,所述认证请求中携带所述业务设备的标识;The platform server receives the authentication request sent by the service device, and the authentication request carries the identifier of the service device;

所述平台服务器根据所述标识生成与所述业务设备对应的临时凭证,并通知所述无线接入设备以所述临时凭证为服务集标识符SSID增设新的无线局域网络WLAN,以使所述移动终端对所述WLAN进行扫描并获取所述SSID;The platform server generates a temporary credential corresponding to the service device according to the identifier, and notifies the wireless access device to use the temporary credential as the service set identifier SSID to add a new wireless local area network WLAN, so that the The mobile terminal scans the WLAN and obtains the SSID;

所述平台服务器判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,并在收到所述代理认证请求后进一步根据所述代理认证请求中携带的临时凭证和账户信息对所述业务设备进行认证。The platform server judges whether the proxy authentication request from the mobile terminal is received within the preset time threshold, and further checks the proxy authentication request according to the temporary credentials and account information carried in the proxy authentication request after receiving the proxy authentication request. The above business equipment is authenticated.

相应的,本发明还提出了一种平台服务器,应用于包括移动终端、业务设备、无线接入设备、平台服务器的系统中,还包括:Correspondingly, the present invention also proposes a platform server, which is applied to a system including a mobile terminal, service equipment, wireless access equipment, and a platform server, and further includes:

接收模块,用于接收所述业务设备发送的认证请求,所述认证请求中携带所述业务设备的标识;A receiving module, configured to receive an authentication request sent by the service device, where the authentication request carries the identifier of the service device;

设置模块,用于根据所述标识生成与所述业务设备对应的临时凭证,并通知所述无线接入设备以所述临时凭证为服务集标识符SSID增设新的无线局域网络WLAN,以使所述移动终端对所述WLAN进行扫描并获取所述SSID;A setting module, configured to generate a temporary credential corresponding to the service device according to the identification, and notify the wireless access device to use the temporary credential as the service set identifier SSID to add a new wireless local area network WLAN, so that all The mobile terminal scans the WLAN and obtains the SSID;

认证模块,用于判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,并在收到所述代理认证请求后进一步根据所述代理认证请求中携带的临时凭证和账户信息对所述业务设备进行认证。An authentication module, configured to determine whether a proxy authentication request from a mobile terminal is received within a preset time threshold, and further verify the proxy authentication request based on the temporary credentials and account information carried in the proxy authentication request after receiving the proxy authentication request. The service equipment performs authentication.

由此可见,通过应用以上技术方案,首先由平台服务器根据业务设备的标识生成临时认证凭证,然后平台服务器指示无线接入设备将该临时认证凭证作为WiFi SSID生成具有无线功能的WLAN网络,并判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,最后根据代理认证请求中携带的临时凭证和账户信息对业务设备进行认证。从而移动终端只需要扫描到WiFiSSID即可对业务设备进行认证,实现了针对各种类型的业务设备的快速便捷认证。It can be seen that by applying the above technical solutions, the platform server first generates a temporary authentication credential according to the identification of the service device, and then the platform server instructs the wireless access device to use the temporary authentication credential as a WiFi SSID to generate a WLAN network with wireless functions, and judges Whether the proxy authentication request from the mobile terminal is received within the preset time threshold, and finally the service device is authenticated according to the temporary credentials and account information carried in the proxy authentication request. Therefore, the mobile terminal only needs to scan the WiFiSSID to authenticate the service equipment, realizing fast and convenient authentication for various types of service equipment.

附图说明Description of drawings

图1为现有技术中基于预置帐号/密码的家庭业务认证流程示意图;FIG. 1 is a schematic diagram of a home service authentication process based on a preset account number/password in the prior art;

图2为现有技术中基于二维码扫描的家庭业务代理认证流程示意图;FIG. 2 is a schematic diagram of a home business agent authentication process based on two-dimensional code scanning in the prior art;

图3为本发明提出的一种业务设备认证方法流程示意图;Fig. 3 is a schematic flow chart of a service equipment authentication method proposed by the present invention;

图4为本发明示例所提出的一种业务设备认证系统示意图;Fig. 4 is a schematic diagram of a service equipment authentication system proposed by the example of the present invention;

图5为本发明具体实施例提出的临时认证凭证颁发流程示意图;FIG. 5 is a schematic diagram of a temporary authentication credential issuance process proposed by a specific embodiment of the present invention;

图6为本发明具体实施例提出的代理认证凭证颁发流程示意图;FIG. 6 is a schematic diagram of a proxy authentication certificate issuance process proposed by a specific embodiment of the present invention;

图7为本发明提出的一种平台服务器的结构示意图。FIG. 7 is a schematic structural diagram of a platform server proposed by the present invention.

具体实施方式Detailed ways

为了解决现有技术中由于业务设备成本不高、功能有限而导致的认证困难、用户使用不便的缺陷,本发明提出了一种业务设备认证方法,首先由业务设备与业务平台交互确定临时认证凭证,然后终端管理平台将该临时认证凭证作为WiFi SSID生成具有无线接入AP功能的网络,使移动终端在扫描到该WiFi SSID即可对其进行认证,从而能够针对各种类型的业务设备实现快速便捷的认证。In order to solve the defects of difficult authentication and inconvenient use of users caused by the low cost and limited functions of business equipment in the prior art, the present invention proposes a business equipment authentication method. First, the temporary authentication certificate is determined by the interaction between the business equipment and the business platform , and then the terminal management platform uses the temporary authentication credential as the WiFi SSID to generate a network with the function of wireless access AP, so that the mobile terminal can authenticate it when it scans the WiFi SSID, so that various types of business equipment can be quickly implemented. Easy authentication.

如图3所示,为本发明提出的一种业务设备认证方法流程示意图,包括以下步骤:As shown in Figure 3, it is a schematic flow chart of a service equipment authentication method proposed by the present invention, including the following steps:

S301,所述平台服务器接收所述业务设备发送的认证请求,所述认证请求中携带所述业务设备的标识。S301. The platform server receives an authentication request sent by the service device, where the authentication request carries an identifier of the service device.

S302,所述平台服务器根据所述标识生成与所述业务设备对应的临时凭证,并通知所述无线接入设备以所述临时凭证为服务集标识符SSID增设新的无线局域网络WLAN,以使所述移动终端对所述WLAN进行扫描并获取所述SSID。S302. The platform server generates a temporary credential corresponding to the service device according to the identifier, and notifies the wireless access device to use the temporary credential as a service set identifier SSID to add a new wireless local area network WLAN, so that The mobile terminal scans the WLAN and acquires the SSID.

出于安全的考虑,业务设备需要在生成临时凭证之后的一段时间内完成认证,平台业务设备需要为临时凭证设置有效期,有效期的长度与预设时间阈值相同,随后平台服务器将临时凭证以及有效期信息返回至业务设备,以使业务设备向移动终端发送代理认证提示消息。For security reasons, business equipment needs to complete the authentication within a period of time after generating the temporary credentials. The platform business equipment needs to set a validity period for the temporary credentials. Return to the service equipment, so that the service equipment sends a proxy authentication prompt message to the mobile terminal.

在接收到平台服务器发送的临时凭证以及有效期信息后,业务设备将周期性地主动向平台服务器发送携带业务设备的标识以及临时凭证的业务访问请求,此时平台服务器将根据业务设备的认证成功与否进行以下操作:After receiving the temporary credential and validity period information sent by the platform server, the business device will periodically and proactively send a service access request carrying the identity of the business device and the temporary credential to the platform server. At this time, the platform server will Do the following:

若所述业务设备认证失败,所述平台服务器向所述业务设备返回访问失败响应,以使所述业务设备停止周期性发送所述业务访问请求;If the authentication of the service device fails, the platform server returns an access failure response to the service device, so that the service device stops sending the service access request periodically;

若所述业务设备认证成功,所述平台服务器向所述业务设备返回认证成功响应,以使所述业务设备提示所述移动终端认证成功。If the authentication of the service device is successful, the platform server returns an authentication success response to the service device, so that the service device prompts that the authentication of the mobile terminal is successful.

S303,所述平台服务器判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,并在收到所述代理认证请求后进一步根据所述代理认证请求中携带的临时凭证和账户信息对所述业务设备进行认证。S303. The platform server judges whether a proxy authentication request from a mobile terminal is received within a preset time threshold, and further according to the temporary credential and account information carried in the proxy authentication request after receiving the proxy authentication request Authenticate the service equipment.

需要说明的是,平台服务器中预设有账号信息与业务设备标识之间的对应关系,代理认证请求为移动终端在确认用户输入的账号信息与预设的账号信息匹配之后生成,这样保证了移动终端发送的代理认证请求能够与业务设备一一对应,不会因为与其他的业务设备混淆而导致认证失败。具体地,在该一步骤中,平台服务器将通过以下方式对代理认证请求及业务设备进行认证:It should be noted that the corresponding relationship between the account information and the service device identifier is preset in the platform server, and the proxy authentication request is generated by the mobile terminal after confirming that the account information entered by the user matches the preset account information, which ensures that the mobile The proxy authentication request sent by the terminal can correspond to the service equipment one by one, and the authentication will not fail due to confusion with other service equipment. Specifically, in this step, the platform server will authenticate the proxy authentication request and business equipment in the following ways:

若所述平台服务器在预设时间阈值内收到来自于移动终端的代理认证请求,且所述账户信息对应的业务设备的临时凭证与所述代理认证请求中携带的临时凭证一致,所述平台服务器确认所述业务设备认证成功,放开所述业务设备的访问权限;If the platform server receives the proxy authentication request from the mobile terminal within the preset time threshold, and the temporary credential of the service device corresponding to the account information is consistent with the temporary credential carried in the proxy authentication request, the platform The server confirms that the authentication of the service equipment is successful, and releases the access authority of the service equipment;

若所述平台服务器在预设时间阈值内未收到来自于移动终端的代理认证请求,或所述账户信息对应的业务设备的临时凭证与所述代理认证请求中携带的临时凭证不一致,所述平台服务器确认所述业务设备认证失败。If the platform server does not receive the proxy authentication request from the mobile terminal within the preset time threshold, or the temporary credential of the service device corresponding to the account information is inconsistent with the temporary credential carried in the proxy authentication request, the The platform server confirms that the authentication of the service equipment fails.

此外,无论是针对业务设备的认证结果是成功或是失败,临时凭证均已过期或是失效,因此以其命名的WLAN亦不需要,因此平台服务器将通知无线接入设备撤销对应的WLAN并删除SSID。In addition, regardless of whether the authentication result for the business device is successful or failed, the temporary certificate has expired or is invalid, so the WLAN named after it is not needed, so the platform server will notify the wireless access device to revoke the corresponding WLAN and delete it. SSID.

为了进一步阐述本发明的技术思想,现结合具体的应用场景,对本发明的技术方案进行说明。如图4所示,为本发明提出的业务设备认证系统示意图,包括以下设备:In order to further illustrate the technical idea of the present invention, the technical solution of the present invention will now be described in conjunction with specific application scenarios. As shown in Figure 4, it is a schematic diagram of the business equipment authentication system proposed by the present invention, including the following equipment:

无线接入设备:具有无线接入能力的家庭设备,如家庭网关,接受家庭设备管理平台的管理。Wireless access devices: Home devices with wireless access capabilities, such as home gateways, are managed by the home device management platform.

业务设备:访问家庭业务平台上的业务资源,并执行本地业务逻辑;在本提案中的方法主要面向无展示和输入界面的设备,也可用于其它业务设备。Business equipment: access business resources on the home business platform and execute local business logic; the method in this proposal is mainly for devices without display and input interfaces, and can also be used for other business equipment.

移动设备客户端:安装在用户移动设备上的代理认证客户端,具有家庭用户帐号,其认证通过后,可为其它家庭业务设备提供代理认证;Mobile device client: a proxy authentication client installed on the user's mobile device, which has a home user account. After passing the authentication, it can provide proxy authentication for other home business devices;

业务平台:平台服务器的一部分,提供家庭业务服务,并对业务访问进行认证鉴权;Business platform: a part of the platform server that provides home business services and authenticates business access;

设备管理平台:与业务平台同样为平台服务器的一部分,对家庭设备进行管理,主要包括参数设置、设备升级、状态采集、错误报警等。Device management platform: Like the business platform, it is a part of the platform server and manages home devices, mainly including parameter settings, device upgrades, status collection, error alarms, etc.

基于以上系统,本发明技术方案具体的临时认证凭证颁发流程示意图如图5所示,包括以下步骤:Based on the above system, a schematic diagram of the temporary authentication certificate issuance flow chart of the technical solution of the present invention is shown in Figure 5, including the following steps:

S501,家庭无线接入设备(如家庭网关,设备标识2)上电后即与家庭设备管理平台建立管理通道;S501. After the home wireless access device (such as home gateway, device identification 2) is powered on, it establishes a management channel with the home device management platform;

S502,用户从运营商营业厅领回已登记并与帐号绑定的家庭业务设备(设备标识1)后,在该设备上开通业务;S502. After the user retrieves the registered home service device (device ID 1) bound to the account from the operator's business hall, activate the service on the device;

S503,家庭业务设备向家庭业务平台发送业务访问请求,请求报文携带家庭家庭业务设备的标识;S503. The home service device sends a service access request to the home service platform, and the request message carries the identifier of the home service device;

S504,家庭业务平台生成随机的临时认证凭证,由认证前缀、业务编号、及随机码组成,不超过32字节;S504. The home service platform generates a random temporary authentication certificate, which is composed of an authentication prefix, a service number, and a random code, and does not exceed 32 bytes;

S505,家庭业务平台请求家庭设备管理平台将该临时认证凭证设置为家庭无线接入设备新增无线局域网的SSID;S505. The home service platform requests the home device management platform to set the temporary authentication credential as the SSID of the newly added wireless local area network of the home wireless access device;

S506,家庭设备管理平台查找与之绑定的家庭无线接入设备,并将临时认证凭证作为新增SSID设置到家庭无线接入设备上;S506. The home device management platform searches for the home wireless access device bound thereto, and sets the temporary authentication credential as a new SSID on the home wireless access device;

S507,家庭业务平台为该临时认证凭证设置有效期(如2分钟),并向家庭业务设备返回临时认证凭证;S507. The home service platform sets a validity period (such as 2 minutes) for the temporary authentication certificate, and returns the temporary authentication certificate to the home service device;

S508,家庭业务设备周期性(如:10秒钟)向家庭业务平台发起业务访问请求,报文中携带该临时认证凭证;S508, the home service device periodically (for example: 10 seconds) initiates a service access request to the home service platform, and the temporary authentication credential is carried in the message;

S509,由于认证未通过,故对于家庭业务设备的周期性业务访问请求均返回失败响应;S509, because the authentication fails, all the periodic service access requests of the home service equipment return a failure response;

S510,家庭业务平台检测到临时认证凭证失效过期后,请求家庭设备管理平台取消之前为临时认证凭证新增的SSID;S510. After the home service platform detects that the temporary authentication credential is expired, request the home device management platform to cancel the SSID previously added for the temporary authentication credential;

S511,家庭业务设备发出业务访问请求后,若收到临时认证凭证失效失败响应,则停止周期性业务访问请求。S511. After the home service device sends the service access request, if it receives a temporary authentication credential invalidation failure response, stop the periodic service access request.

在完成临时凭证的颁发流程后,将根据以下代理认证流程对业务设备进行认证,包括:After completing the issuance process of the temporary credentials, the business equipment will be certified according to the following proxy certification process, including:

S601,用户打开移动设备上的客户端,客户端通过业务平台的用户登录认证;S601, the user opens the client terminal on the mobile device, and the client terminal passes the user login authentication of the service platform;

S602,用户在客户端选择为家庭业务设备进行代理认证,移动设备上的客户端开始扫描周围环境中无线信号的SSID;S602, the user selects on the client terminal to perform proxy authentication for the home service device, and the client terminal on the mobile device starts to scan the SSID of the wireless signal in the surrounding environment;

S603,移动设备上的客户端检测到带有临时认证凭证的SSID后,向业务平台发起代理认证请求,请求报文中携带用户帐号及该临时认证凭证;S603. After detecting the SSID with the temporary authentication credential, the client on the mobile device initiates a proxy authentication request to the service platform, and the request message carries the user account and the temporary authentication credential;

S604,家庭业务平台收到代理认证请求后,对临时认证凭证的有效性,及账户与设备的绑定关系进行检查,若通过则放开对家庭业务设备的业务访问权限;S604. After receiving the proxy authentication request, the home service platform checks the validity of the temporary authentication certificate and the binding relationship between the account and the device, and releases the service access authority to the home service device if passed;

S605,代理认证通过后,对于家庭业务设备的周期性业务访问请求,家庭业务平台将返回正确响应,后续可正常访问业务;S605, after the proxy authentication is passed, the home service platform will return a correct response to the periodic service access request of the home service device, and the service can be accessed normally subsequently;

S606,家庭业务平台检测到临时认证凭证失效过期后,请求家庭设备管理平台取消之前为临时认证凭证新增的SSID。S606. After detecting that the temporary authentication credential is expired, the home service platform requests the home device management platform to cancel the SSID previously added for the temporary authentication credential.

为达到以上技术目的,本发明还提出了一种平台服务器,应用于包括移动终端、业务设备、无线接入设备、平台服务器的系统中,如图7所示,还包括:In order to achieve the above technical objectives, the present invention also proposes a platform server, which is applied to a system including mobile terminals, business equipment, wireless access equipment, and platform servers, as shown in Figure 7, and also includes:

接收模块710,用于接收所述业务设备发送的认证请求,所述认证请求中携带所述业务设备的标识;A receiving module 710, configured to receive an authentication request sent by the service device, where the authentication request carries the identifier of the service device;

设置模块720,用于根据所述标识生成与所述业务设备对应的临时凭证,并通知所述无线接入设备以所述临时凭证为服务集标识符SSID增设新的无线局域网络WLAN,以使所述移动终端对所述WLAN进行扫描并获取所述SSID;The setting module 720 is configured to generate a temporary credential corresponding to the service device according to the identification, and notify the wireless access device to use the temporary credential as the service set identifier SSID to add a new wireless local area network WLAN, so that The mobile terminal scans the WLAN and acquires the SSID;

认证模块730,用于判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,并在收到所述代理认证请求后进一步根据所述代理认证请求中携带的临时凭证和账户信息对所述业务设备进行认证。The authentication module 730 is configured to determine whether a proxy authentication request from a mobile terminal is received within a preset time threshold, and further base the temporary credentials and account information carried in the proxy authentication request on receipt of the proxy authentication request. Authenticate the service equipment.

在具体的应用场景中,所述认证模块730,具体用于:In a specific application scenario, the authentication module 730 is specifically used for:

若所述接收模块710在预设时间阈值内收到来自于移动终端的代理认证请求,且所述账户信息对应的业务设备的临时凭证与所述代理认证请求中携带的临时凭证一致,所述认证模块730确认所述业务设备认证成功,放开所述业务设备的访问权限;If the receiving module 710 receives a proxy authentication request from a mobile terminal within a preset time threshold, and the temporary credential of the service device corresponding to the account information is consistent with the temporary credential carried in the proxy authentication request, the The authentication module 730 confirms that the authentication of the service equipment is successful, and releases the access authority of the service equipment;

若所述接收模块710在预设时间阈值内未收到来自于移动终端的代理认证请求,或所述账户信息对应的业务设备的临时凭证与所述代理认证请求中携带的临时凭证不一致,所述认证模块730器确认所述业务设备认证失败。If the receiving module 710 does not receive the proxy authentication request from the mobile terminal within the preset time threshold, or the temporary credential of the service device corresponding to the account information is inconsistent with the temporary credential carried in the proxy authentication request, the The authentication module 730 confirms that the authentication of the service equipment fails.

在具体的应用场景中,还包括:In specific application scenarios, it also includes:

撤除模块,用于当所述认证模块730确认所述业务设备认证成功或认证失败之后,通知所述无线接入设备撤销所述WLAN并删除所述SSID。The revocation module is configured to notify the wireless access device to revoke the WLAN and delete the SSID after the authentication module 730 confirms that the authentication of the service device succeeds or fails.

在具体的应用场景中,所述设置模块720还用于在根据所述标识生成与所述业务设备对应的临时凭证后,为所述临时凭证设置有效期,并将所述临时凭证以及有效期信息返回至所述业务设备,以使所述业务设备向所述移动终端发送代理认证提示消息;In a specific application scenario, the setting module 720 is also configured to set the validity period for the temporary voucher after generating the temporary voucher corresponding to the business device according to the identification, and return the temporary voucher and the validity period information to to the service device, so that the service device sends a proxy authentication prompt message to the mobile terminal;

其中,所述有效期的长度与所述预设时间阈值相同。Wherein, the length of the validity period is the same as the preset time threshold.

在具体的应用场景中,所述接收模块710,还用于在所述设置模块720将所述临时凭证以及有效期信息返回至所述业务设备后,接收所述业务设备周期性发送的业务访问请求,所述业务访问请求中携带所述业务设备的标识以及所述临时凭证;In a specific application scenario, the receiving module 710 is also configured to receive the service access request periodically sent by the service device after the setting module 720 returns the temporary credential and validity period information to the service device , the service access request carries the identifier of the service device and the temporary credential;

若所述业务设备认证失败,所述接收模块710向所述业务设备返回访问失败响应,以使所述业务设备停止周期性发送所述业务访问请求;If the authentication of the service device fails, the receiving module 710 returns an access failure response to the service device, so that the service device stops sending the service access request periodically;

若所述业务设备认证成功,所述接收模块710向所述业务设备返回认证成功响应,以使所述业务设备提示所述移动终端认证成功。If the authentication of the service device is successful, the receiving module 710 returns an authentication success response to the service device, so that the service device prompts that the authentication of the mobile terminal is successful.

在具体的应用场景中,还包括:In specific application scenarios, it also includes:

存储模块,存储所述账号信息与所述业务设备标识之间的预设对应关系,所述代理认证请求为所述移动终端在确认用户输入的账号信息与所述预设的账号信息匹配之后生成。A storage module, storing the preset corresponding relationship between the account information and the service device identifier, and the proxy authentication request is generated by the mobile terminal after confirming that the account information input by the user matches the preset account information .

通过应用以上技术方案,首先由平台服务器根据业务设备的标识生成临时认证凭证,然后平台服务器指示无线接入设备将该临时认证凭证作为WiFiSSID生成具有无线功能的WLAN网络,并判断在预设时间阈值内是否收到来自于移动终端的代理认证请求,最后根据代理认证请求中携带的临时凭证和账户信息对业务设备进行认证。从而移动终端只需要扫描到WiFi SSID即可对业务设备进行认证,实现了针对各种类型的业务设备的快速便捷认证。By applying the above technical solutions, the platform server first generates a temporary authentication credential according to the identification of the business device, and then the platform server instructs the wireless access device to use the temporary authentication credential as a WiFiSSID to generate a WLAN network with wireless functions, and judges that the time threshold Whether to receive the proxy authentication request from the mobile terminal, and finally authenticate the service device according to the temporary credentials and account information carried in the proxy authentication request. Therefore, the mobile terminal only needs to scan the WiFi SSID to authenticate the business equipment, realizing fast and convenient authentication for various types of business equipment.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到本发明可以通过硬件实现,也可以借助软件加必要的通用硬件平台的方式来实现。基于这样的理解,本发明的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施场景所述的方法。Through the above description of the embodiments, those skilled in the art can clearly understand that the present invention can be realized by hardware, or by software plus a necessary general hardware platform. Based on this understanding, the technical solution of the present invention can be embodied in the form of software products, which can be stored in a non-volatile storage medium (which can be CD-ROM, U disk, mobile hard disk, etc.), including several The instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in various implementation scenarios of the present invention.

本领域技术人员可以理解附图只是一个优选实施场景的示意图,附图中的模块或流程并不一定是实施本发明所必须的。Those skilled in the art can understand that the accompanying drawing is only a schematic diagram of a preferred implementation scenario, and the modules or processes in the accompanying drawings are not necessarily necessary for implementing the present invention.

本领域技术人员可以理解实施场景中的装置中的模块可以按照实施场景描述进行分布于实施场景的装置中,也可以进行相应变化位于不同于本实施场景的一个或多个装置中。上述实施场景的模块可以合并为一个模块,也可以进一步拆分成多个子模块。Those skilled in the art can understand that the modules in the devices in the implementation scenario can be distributed among the devices in the implementation scenario according to the description of the implementation scenario, or can be located in one or more devices different from the implementation scenario according to corresponding changes. The modules of the above implementation scenarios can be combined into one module, or can be further split into multiple sub-modules.

上述本发明序号仅仅为了描述,不代表实施场景的优劣。The above serial numbers of the present invention are for description only, and do not represent the pros and cons of the implementation scenarios.

以上公开的仅为本发明的几个具体实施场景,但是,本发明并非局限于此,任何本领域的技术人员能思之的变化都应落入本发明的保护范围。The above disclosures are only some specific implementation scenarios of the present invention, however, the present invention is not limited thereto, and any changes conceivable by those skilled in the art shall fall within the protection scope of the present invention.

Claims (12)

1. a business device wireless authentication method, is applied in the system comprising mobile terminal, business device, radio reception device, Platform Server, it is characterized in that, described method also comprises:
Described Platform Server receives the authentication request that described business device sends, and carries the mark of described business device in described authentication request;
Described Platform Server generates the scrip corresponding with described business device according to described mark, and notify that described radio reception device is with the described scrip WLAN WLAN new for service set identifier SSID sets up, to make described mobile terminal described WLAN scanned and obtain described SSID;
Described Platform Server judges in preset time threshold, whether receive the proxy authentication request coming from mobile terminal, and carries out certification according to the scrip carried in described proxy authentication request and accounts information to described business device further after receiving described proxy authentication request.
2. the method for claim 1, it is characterized in that, described Platform Server judges in preset time threshold, whether receive the proxy authentication request coming from mobile terminal, and according to the scrip carried in described proxy authentication request and accounts information, certification is carried out to described business device further after receiving described proxy authentication request, be specially:
If described Platform Server in preset time threshold adduction to the proxy authentication request coming from mobile terminal, and the scrip of business device corresponding to described accounts information is consistent with the scrip carried in described proxy authentication request, described Platform Server confirms described business device authentication success, decontrols the access rights of described business device;
If described Platform Server does not receive the proxy authentication request coming from mobile terminal in preset time threshold, or the scrip carried in the scrip of business device corresponding to described accounts information and described proxy authentication request is inconsistent, described Platform Server confirms described business device authentification failure.
3. method as claimed in claim 2, is characterized in that, also comprise:
After described Platform Server confirms described business device authentication success or authentification failure, described Platform Server notifies that described radio reception device is cancelled described WLAN and deletes described SSID.
4. the method for claim 1, is characterized in that, after described Platform Server generates the scrip corresponding with described business device according to described mark, also comprises:
Described Platform Server is that described scrip arranges the term of validity, and the length of the described term of validity is identical with described preset time threshold;
Described scrip and term of validity information are back to described business device by described Platform Server, send proxy authentication prompting message to make described business device to described mobile terminal.
5. method as claimed in claim 4, is characterized in that, after described scrip and term of validity information are back to described business device by described Platform Server, also comprise:
Described Platform Server receives the Operational Visit request that described business device periodically sends, and carries the mark of described business device and described scrip in described Operational Visit request;
If described business device authentification failure, described Platform Server, to described business device backward reference failure response, sends described Operational Visit request to make described business device dwelling period;
If described business device authentication success, described Platform Server, to the success response of described business device return authentication, points out the success of described mobile terminal authentication to make described business device.
6. the method for claim 1, is characterized in that, be preset with in described Platform Server described account information and described business device identify between corresponding relation, also comprise:
Described proxy authentication request is generate after the account information of described mobile terminal in confirmation user input is mated with described default account information.
7. a Platform Server, is applied in the system comprising mobile terminal, business device, radio reception device, Platform Server, it is characterized in that, also comprise:
Receiver module, for receiving the authentication request that described business device sends, carries the mark of described business device in described authentication request;
Module is set, for generating the scrip corresponding with described business device according to described mark, and notify that described radio reception device is with the described scrip WLAN WLAN new for service set identifier SSID sets up, to make described mobile terminal described WLAN scanned and obtain described SSID;
Authentication module, in preset time threshold, whether receive for judging the proxy authentication request coming from mobile terminal, and according to the scrip carried in described proxy authentication request and accounts information, certification is carried out to described business device further after receiving described proxy authentication request.
8. Platform Server as claimed in claim 7, is characterized in that, described authentication module, specifically for:
If described receiver module in preset time threshold adduction to the proxy authentication request coming from mobile terminal, and the scrip of business device corresponding to described accounts information is consistent with the scrip carried in described proxy authentication request, described authentication module confirms described business device authentication success, decontrols the access rights of described business device;
If described receiver module does not receive the proxy authentication request coming from mobile terminal in preset time threshold, or the scrip carried in the scrip of business device corresponding to described accounts information and described proxy authentication request is inconsistent, described authentication module device confirms described business device authentification failure.
9. Platform Server as claimed in claim 8, is characterized in that, also comprise:
Remove module, after confirming described business device authentication success or authentification failure when described authentication module, notify that described radio reception device is cancelled described WLAN and deletes described SSID.
10. Platform Server as claimed in claim 7, is characterized in that,
Described module is set also for after generating the scrip corresponding with described business device according to described mark, for described scrip arranges the term of validity, and described scrip and term of validity information are back to described business device, send proxy authentication prompting message to make described business device to described mobile terminal;
Wherein, the length of the described term of validity is identical with described preset time threshold.
11. Platform Servers as claimed in claim 10, is characterized in that,
Described receiver module, also for arranging after described scrip and term of validity information be back to described business device by module described, receive the Operational Visit request that described business device periodically sends, in described Operational Visit request, carry the mark of described business device and described scrip;
If described business device authentification failure, described receiver module, to described business device backward reference failure response, sends described Operational Visit request to make described business device dwelling period;
If described business device authentication success, described receiver module, to the success response of described business device return authentication, points out the success of described mobile terminal authentication to make described business device.
12. Platform Servers as claimed in claim 7, is characterized in that, also comprise:
Memory module, store described account information and described business device identify between default corresponding relation, described proxy authentication request is described mobile terminal confirming that the account information of user's input generates after mating with described default account information.
CN201310595366.3A 2013-11-21 2013-11-21 A kind of business device authentication method and equipment Active CN104660405B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310595366.3A CN104660405B (en) 2013-11-21 2013-11-21 A kind of business device authentication method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310595366.3A CN104660405B (en) 2013-11-21 2013-11-21 A kind of business device authentication method and equipment

Publications (2)

Publication Number Publication Date
CN104660405A true CN104660405A (en) 2015-05-27
CN104660405B CN104660405B (en) 2018-06-12

Family

ID=53251142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310595366.3A Active CN104660405B (en) 2013-11-21 2013-11-21 A kind of business device authentication method and equipment

Country Status (1)

Country Link
CN (1) CN104660405B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105357224A (en) * 2015-12-08 2016-02-24 深圳众乐智府科技有限公司 Intelligent household gateway register, remove method and system
WO2017016057A1 (en) * 2015-07-28 2017-02-02 小米科技有限责任公司 Method, apparatus and system for intelligent device to access router
CN106658505A (en) * 2015-10-28 2017-05-10 中兴通讯股份有限公司 Method and apparatus for adding terminal into network
CN107784221A (en) * 2016-08-30 2018-03-09 阿里巴巴集团控股有限公司 Authority control method, service providing method, device, system and electronic equipment
CN108023875A (en) * 2017-11-16 2018-05-11 广州视源电子科技股份有限公司 Equipment authorization method and system
CN108934009A (en) * 2017-05-27 2018-12-04 华为技术有限公司 A kind of WiFi network cut-in method, apparatus and system
CN109327887A (en) * 2018-10-24 2019-02-12 百度在线网络技术(北京)有限公司 Method and apparatus for generating information
WO2019029468A1 (en) * 2017-08-10 2019-02-14 华为技术有限公司 Method, apparatus and device for granting network permission to terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143605A1 (en) * 2005-12-19 2007-06-21 Metke Anthony R Method and apparatus for providing a supplicant access to a requested service
CN101170409A (en) * 2006-10-24 2008-04-30 华为技术有限公司 Method, system, service device and authentication server for realizing device access control
CN101262500A (en) * 2008-04-23 2008-09-10 杭州华三通信技术有限公司 Method, access controller and WEB authentication server for pushing login page
CN101977383A (en) * 2010-08-03 2011-02-16 北京星网锐捷网络技术有限公司 Authentication processing method, system, client side and server for network access
US8019082B1 (en) * 2003-06-05 2011-09-13 Mcafee, Inc. Methods and systems for automated configuration of 802.1x clients
CN102685741A (en) * 2011-03-09 2012-09-19 华为终端有限公司 Access authentication processing method and system, terminal as well as network equipment
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system
CN103297968A (en) * 2012-03-02 2013-09-11 华为技术有限公司 Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8019082B1 (en) * 2003-06-05 2011-09-13 Mcafee, Inc. Methods and systems for automated configuration of 802.1x clients
US20070143605A1 (en) * 2005-12-19 2007-06-21 Metke Anthony R Method and apparatus for providing a supplicant access to a requested service
CN101170409A (en) * 2006-10-24 2008-04-30 华为技术有限公司 Method, system, service device and authentication server for realizing device access control
CN101262500A (en) * 2008-04-23 2008-09-10 杭州华三通信技术有限公司 Method, access controller and WEB authentication server for pushing login page
CN101977383A (en) * 2010-08-03 2011-02-16 北京星网锐捷网络技术有限公司 Authentication processing method, system, client side and server for network access
CN102685741A (en) * 2011-03-09 2012-09-19 华为终端有限公司 Access authentication processing method and system, terminal as well as network equipment
CN103297968A (en) * 2012-03-02 2013-09-11 华为技术有限公司 Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017016057A1 (en) * 2015-07-28 2017-02-02 小米科技有限责任公司 Method, apparatus and system for intelligent device to access router
CN106658505A (en) * 2015-10-28 2017-05-10 中兴通讯股份有限公司 Method and apparatus for adding terminal into network
CN105357224A (en) * 2015-12-08 2016-02-24 深圳众乐智府科技有限公司 Intelligent household gateway register, remove method and system
CN105357224B (en) * 2015-12-08 2019-08-02 深圳众乐智府科技有限公司 A kind of registration of intelligent domestic gateway, removing method and system
CN107784221A (en) * 2016-08-30 2018-03-09 阿里巴巴集团控股有限公司 Authority control method, service providing method, device, system and electronic equipment
CN108934009A (en) * 2017-05-27 2018-12-04 华为技术有限公司 A kind of WiFi network cut-in method, apparatus and system
WO2019029468A1 (en) * 2017-08-10 2019-02-14 华为技术有限公司 Method, apparatus and device for granting network permission to terminal
CN108023875A (en) * 2017-11-16 2018-05-11 广州视源电子科技股份有限公司 Equipment authorization method and system
CN109327887A (en) * 2018-10-24 2019-02-12 百度在线网络技术(北京)有限公司 Method and apparatus for generating information
CN109327887B (en) * 2018-10-24 2020-02-21 百度在线网络技术(北京)有限公司 Method and apparatus for generating information

Also Published As

Publication number Publication date
CN104660405B (en) 2018-06-12

Similar Documents

Publication Publication Date Title
CN104660405B (en) A kind of business device authentication method and equipment
USRE50305E1 (en) Seamless Wi-Fi subscription remediation
CN104519020B (en) Manage method, server and the system of wireless network login password sharing function
CN103222292B (en) The dynamic account utilizing safe hot spot networks creates
CA2656919C (en) Method and system for controlling access to networks
US10924923B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
CN104767715B (en) Access control method and equipment
CN103905401B (en) A kind of identity identifying method and equipment
CN103874065B (en) A kind of method and device for judging customer location exception
CN108476223B (en) Method and apparatus for SIM-based authentication of non-SIM devices
US9549318B2 (en) System and method for delayed device registration on a network
JP2010519640A (en) Method and apparatus for deploying a dynamic credential infrastructure based on proximity
CN104221414A (en) Secure and automatic connection to wireless networks
DK2924944T3 (en) Presence authentication
WO2017054617A1 (en) Wifi network authentication method, device and system
JP5952973B2 (en) Mutual authentication method between terminal and remote server via third-party portal
CN110336870A (en) Method, device, system and storage medium for establishing remote office operation and maintenance channel
CN109460647B (en) Multi-device secure login method
CN106302475B (en) Family's Internet service authorization method and server
CN100563159C (en) Universal authentication system and method for accessing network service applications in the system
JP2016051268A (en) Authentication system, authentication server, client device, and authentication method
KR20100072973A (en) Method of access authentication based on policy for wireless network access service
CN101742507B (en) System and method for accessing Web application site for WAPI terminal
CN104285458A (en) Wireless network access method, system and terminal
WO2019141135A1 (en) Trusted service management method and apparatus capable of supporting wireless network switching

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant