[go: up one dir, main page]

CN1842000A - Method for realizing access authentication of WLAN - Google Patents

Method for realizing access authentication of WLAN Download PDF

Info

Publication number
CN1842000A
CN1842000A CN 200510059708 CN200510059708A CN1842000A CN 1842000 A CN1842000 A CN 1842000A CN 200510059708 CN200510059708 CN 200510059708 CN 200510059708 A CN200510059708 A CN 200510059708A CN 1842000 A CN1842000 A CN 1842000A
Authority
CN
China
Prior art keywords
authentication
user terminal
mac address
access
access authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200510059708
Other languages
Chinese (zh)
Inventor
高江海
黎静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 200510059708 priority Critical patent/CN1842000A/en
Publication of CN1842000A publication Critical patent/CN1842000A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开一种实现无线局域网接入认证的方法,主要包括如下步骤:A.用户终端与认证点建立物理连接;B.认证点获取用户终端的MAC地址;C.通过所述的认证点以所述的MAC地址对所述的用户终端进行接入认证。本发明基于用户终端设备的MAC地址进行接入认证,对于合法的MAC地址,用户在开机后不需要用户输入用户名/密码,就可以接入到WLAN网络,对于非法的MAC地址,则禁止该用户接入到WLAN网络中,从而可以安全方便的实现用户接入到WLAN网络;另外本发明还解决了某些用户终端设备没有接口输入用户名/密码的情况下的WLAN网络的接入认证。

The invention discloses a method for realizing wireless local area network access authentication, which mainly includes the following steps: A. A user terminal establishes a physical connection with an authentication point; B. The authentication point obtains the MAC address of the user terminal; C. Passes through the authentication point to The MAC address performs access authentication for the user terminal. The present invention performs access authentication based on the MAC address of the user terminal equipment. For a legal MAC address, the user can access the WLAN network without inputting a user name/password after turning on the machine. For an illegal MAC address, the user is prohibited from accessing the WLAN network. The user accesses the WLAN network, so that the user can access the WLAN network safely and conveniently; in addition, the present invention also solves the access authentication of the WLAN network when some user terminal equipment has no interface to input the user name/password.

Description

实现无线局域网接入认证的方法Method for Realizing WLAN Access Authentication

技术领域technical field

本发明涉及无线局域网技术领域,更具体的说,本发明涉及一种无线局域网中接入认证的方法。The present invention relates to the technical field of wireless local area network, and more specifically, the present invention relates to a method for access authentication in a wireless local area network.

背景技术Background technique

由于用户对无线接入速率的要求越来越高,无线局域网(WLAN,WirelessLocal Area Network)应运而生,它能在较小范围内提供高速的无线数据接入。无线局域网包括多种不同技术,目前应用较为广泛的一个技术标准是IEEE802.11b,它采用2.4GHz频段,最高数据传输速率可达11Mbps,使用该频段的还有IEEE 802.11g和蓝牙(Bluetooth)技术,其中,802.11g最高数据传输速率可达54Mbps。其它新技术诸如IEEE 802.11a和ETSI BRAN Hiperlan2都使用5GHz频段,最高传输速率也可达到54Mbps。As users have higher and higher requirements for wireless access rate, Wireless Local Area Network (WLAN, Wireless Local Area Network) emerges at the historic moment, which can provide high-speed wireless data access in a small range. Wireless local area network includes a variety of different technologies. A technical standard that is widely used at present is IEEE802.11b, which uses the 2.4GHz frequency band, and the maximum data transmission rate can reach 11Mbps. IEEE 802.11g and Bluetooth (Bluetooth) technology are also used in this frequency band. , Among them, the highest data transmission rate of 802.11g can reach 54Mbps. Other new technologies such as IEEE 802.11a and ETSI BRAN Hiperlan2 use the 5GHz frequency band, and the highest transmission rate can reach 54Mbps.

目前对于WLAN网络的接入认证,最常用的方法是基于用户名/密码进行认证,该方案的原理是用户在需要开通WLAN业务时,在运营商的认证服务器(通常是AAA服务器)里面开设一个帐户,获取一个用户名和密码。例如一个普通的用户名:wlan@163.com;密码为:12345。在用户需要接入到WLAN网络时,需要输入自己的用户名和密码,然后由认证点AP将该用户的用户名和密码通过RADIUS认证协议传送给认证服务器,由认证服务器进行用户名和密码认证。At present, the most commonly used method for access authentication of WLAN networks is authentication based on user name/password. Account, get a username and password. For example, a common user name: wlan@163.com; password: 12345. When a user needs to access the WLAN network, he needs to enter his user name and password, and then the authentication point AP transmits the user name and password to the authentication server through the RADIUS authentication protocol, and the authentication server performs user name and password authentication.

具体参考图1所示,该图是现有技术基于用户名和密码进行802.1X接入认证的处理流程图,主要包括如下步骤:Specific reference is shown in Figure 1, which is a processing flow chart of performing 802.1X access authentication based on user name and password in the prior art, mainly including the following steps:

1.用户在接入WLAN网络之前,需要先在认证服务器(通常即AAA服务器)中进行开户,获得自己的用户名和密码,AAA和用户终端STA都保存有用户的用户名和密码。该用户名假设为wlan@163.com;密码假设为12345;1. Before accessing the WLAN network, the user needs to open an account in the authentication server (usually the AAA server) to obtain his user name and password. Both AAA and the user terminal STA save the user's user name and password. The username is assumed to be wlan@163.com; the password is assumed to be 12345;

2.用户终端STA和认证点AP之间建立物理连接;2. A physical connection is established between the user terminal STA and the authentication point AP;

3.用户终端STA向认证点AP发送EAPoL-Start报文,开始进行802.1x的过程;3. The user terminal STA sends an EAPoL-Start message to the authentication point AP to start the 802.1x process;

4.认证点AP向用户终端STA发送EAP-Request/Identity报文,要求用户终端STA将用户身份标识送上来;4. The authentication point AP sends an EAP-Request/Identity message to the user terminal STA, requesting the user terminal STA to send the user identity;

5.用户终端STA将自己的用户身份标识通过EAP-Response/Identity报文发送给认证点AP,该报文里包含了用户在AAA服务器中开户获取的用户名wlan@163.com;5. The user terminal STA sends its own user identity to the authentication point AP through the EAP-Response/Identity message, which contains the user name wlan@163.com obtained by the user opening an account in the AAA server;

6.认证点AP随机产生一个16字节的随机数Challenge1;6. The authentication point AP randomly generates a 16-byte random number Challenge1;

7.认证点AP向用户终端STA发送EAP-Request/MD5-Challenge报文,带上产生的随机数Challenge1;7. The authentication point AP sends an EAP-Request/MD5-Challenge message to the user terminal STA, carrying the generated random number Challenge1;

8.用户终端STA在接收到EAP-Request/MD5-Challenge报文后,解析出其中的随机数Challenge1,然后和密码一道进行加密,得到新的密码Key1后,用户终端STA向认证点AP发送EAP-Response/MD5-Challenge报文,里面带上经过加密后的密码Key1;8. After the user terminal STA receives the EAP-Request/MD5-Challenge message, it parses out the random number Challenge1 in it, and then encrypts it together with the password. After obtaining the new password Key1, the user terminal STA sends an EAP to the authentication point AP. -Response/MD5-Challenge message, which contains the encrypted password Key1;

9.认证点AP通过Radius协议的Access-Request报文,向认证服务器(AAA服务器)发起认证请求;报文里含有随机数Challenge1和加密后的密码Key1;9. The authentication point AP initiates an authentication request to the authentication server (AAA server) through the Access-Request message of the Radius protocol; the message contains the random number Challenge1 and the encrypted password Key1;

10.认证服务器在接收到AP发送过来的Access-Request报文后,解析出其中携带的随机数Challenge1和密码Key1;认证服务器利用和用户终端STA一样的方式将获得的Challenge1和自己保存的用户的密码进行加密,得到加密后的密码Key2;然后将Key1和Key2进行比较,如果一致,认证通过,认证服务器向认证点AP发送Access-Accept报文,如果不一致,认证未通过,认证服务器则向认证点AP发送Access-Reject报文;10. After the authentication server receives the Access-Request message sent by the AP, it parses out the random number Challenge1 and the password Key1 carried in it; the authentication server uses the same method as the user terminal STA to obtain the Challenge1 and the user's own saved Encrypt the password to obtain the encrypted password Key2; then compare Key1 and Key2, if they are consistent, the authentication passes, and the authentication server sends an Access-Accept message to the authentication point AP; Point AP to send Access-Reject message;

11.认证点AP如果接收到Access-Accept报文,则向用户终端STA发送EAP-Success报文,通知用户终端STA认证成功;如果接收到Access-Reject报文,则向用户终端STA发送EAP-Failure报文,通知用户终端STA认证失败。11. If the authentication point AP receives the Access-Accept message, it sends an EAP-Success message to the user terminal STA to notify the user terminal STA of successful authentication; if it receives an Access-Reject message, it sends an EAP-Success message to the user terminal STA. Failure message, notifying the user terminal STA of authentication failure.

上述现有基于用户名/密码进行接入认证的方法虽然可实现对用户的接入认证,但由于用户每次接入到WLAN网络时都需要用户输入自己的用户名/密码,操作繁琐,用户使用起来并不方便;另外,对于某些没有接口输入用户名和密码的用户终端该方法无法实现接入认证。Although the above-mentioned existing access authentication method based on user name/password can realize the access authentication to the user, since the user needs to input his user name/password every time he accesses the WLAN network, the operation is cumbersome and the user It is inconvenient to use; in addition, this method cannot realize access authentication for some user terminals that do not have an interface to input user names and passwords.

发明内容Contents of the invention

本发明解决的技术问题是提供一种方便用户接入无线局域网的接入认证方法,以简化用户的输入操作。The technical problem to be solved by the invention is to provide an access authentication method that is convenient for users to access the wireless local area network, so as to simplify the user's input operation.

为解决上述问题,本发明实现无线局域网接入认证的方法,所述的无线局域网包括用户终端、认证点和认证服务器,包括如下步骤:In order to solve the above-mentioned problems, the present invention realizes the method for wireless local area network access authentication, and described wireless local area network comprises user terminal, authentication point and authentication server, comprises the following steps:

A、用户终端与认证点建立物理连接;A. The user terminal establishes a physical connection with the authentication point;

B、认证点获取用户终端的MAC地址;B. The authentication point obtains the MAC address of the user terminal;

C、通过所述的认证点以所述的MAC地址对所述的用户终端进行接入认证。C. Perform access authentication on the user terminal with the MAC address through the authentication point.

可选的,认证点配置有各个用户终端的MAC地址,步骤C包括:Optionally, the authentication point is configured with the MAC address of each user terminal, and step C includes:

认证点根据所述获取的用户终端的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过。The authentication point performs authentication according to the acquired MAC address of the user terminal, and if the MAC address is valid, the user terminal is authenticated.

可选的,认证服务器配置有用户终端的MAC地址,步骤C包括:Optionally, the authentication server is configured with the MAC address of the user terminal, and step C includes:

C1、认证点向认证服务器发送包含用户终端MAC地址的接入请求消息发起接入认证;C1. The authentication point sends an access request message including the MAC address of the user terminal to the authentication server to initiate access authentication;

C2、认证服务器解析出所述的MAC地址并根据所述的MAC地址进行认证,如果所述的MAC地址合法,则用户终端认证通过,向认证点返回接入接受消息。C2. The authentication server parses out the MAC address and performs authentication according to the MAC address. If the MAC address is valid, the user terminal is authenticated and returns an access acceptance message to the authentication point.

可选的,以一个网络服务标识SSID标识用户终端以MAC地址进行接入认证,步骤C1之前还包括:Optionally, a network service identifier SSID is used to identify the user terminal to perform access authentication with a MAC address, and before step C1, it also includes:

认证点根据SSID判断是否对所述的用户终端以MAC地址进行接入认证,若检测到所述的SSID,则判断为是,并在判断为是后执行步骤C1。The authentication point judges whether to perform access authentication on the user terminal with the MAC address according to the SSID, and if the SSID is detected, the judgment is yes, and step C1 is executed after the judgment is yes.

可选的,以域标识属于该域的用户终端以MAC地址进行接入认证,步骤C2之前还包括:Optionally, using the domain to identify the user terminal belonging to the domain to perform access authentication with the MAC address, before step C2 also includes:

认证服务器根据用户终端的域判断是否对所述的用户终端以MAC地址进行接入认证,若用户终端属于所述的以MAC地址进行接入认证的域,则判断为是,并在判断为是后执行步骤C2。The authentication server judges according to the domain of the user terminal whether to perform access authentication on the user terminal with the MAC address. Then execute step C2.

可选的,预设用户终端接入认证的用户名和密码,用户终端首次接入认证在执行步骤C1之前还包括:Optionally, the user name and password for the user terminal access authentication are preset, and the first access authentication of the user terminal also includes before performing step C1:

用户终端发起用户名和密码认证,认证通过后认证服务器获取并配置所述的用户终端的MAC地址。The user terminal initiates user name and password authentication, and the authentication server obtains and configures the MAC address of the user terminal after passing the authentication.

其中,步骤A包括:Wherein, step A includes:

用户终端向认证点发送探测请求消息;The user terminal sends a probe request message to the authentication point;

认证点向用户终端返回探测响应消息;The authentication point returns a probe response message to the user terminal;

用户终端向认证点发送认证请求消息;The user terminal sends an authentication request message to the authentication point;

认证点向用户终端返回认证响应消息;The authentication point returns an authentication response message to the user terminal;

用户终端向认证点发送连接请求消息;The user terminal sends a connection request message to the authentication point;

认证点与用户终端建立物理连接,向用户终端返回连接响应消息。The authentication point establishes a physical connection with the user terminal, and returns a connection response message to the user terminal.

其中,所述的认证服务器是认证、授权、计费服务器Wherein, the authentication server is an authentication, authorization, and accounting server

与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:

首先,本发明基于用户终端设备的MAC地址进行接入认证,对于合法的MAC地址,用户在开机后不需要用户输入用户名/密码,就可以接入到WLAN网络,对于非法的MAC地址,则禁止该用户接入到WLAN网络中,从而可以安全方便的实现用户接入到WLAN网络;First of all, the present invention performs access authentication based on the MAC address of the user terminal device. For a legal MAC address, the user can access the WLAN network without the user inputting a user name/password after turning on the machine. For an illegal MAC address, the user can access the WLAN network. The user is prohibited from accessing the WLAN network, so that the user can access the WLAN network safely and conveniently;

其次,本发明还解决了某些用户终端设备没有接口输入用户名/密码的情况下的WLAN网络的接入认证,如WLAN手机没有接口输入用户名/密码,在这种情况下,通过MAC地址的认证可以很好的保证用户接入到WLAN网路中。Secondly, the present invention also solves the access authentication of the WLAN network when some user terminal equipment does not have an interface to input the user name/password, such as a WLAN mobile phone does not have an interface to input the user name/password. The authentication can well ensure that the user accesses the WLAN network.

附图说明Description of drawings

图1是现有技术基于用户名和密码进行无线局域网接入认证的处理流程图;Fig. 1 is the processing flow diagram of performing WLAN access authentication based on username and password in the prior art;

图2是本发明无线局域网接入认证方法应用的网络环境示意图;Fig. 2 is a schematic diagram of a network environment in which the wireless local area network access authentication method of the present invention is applied;

图3是本发明无线局域网接入认证方法第一实施例的处理流程图;Fig. 3 is a processing flow chart of the first embodiment of the wireless local area network access authentication method of the present invention;

图4是本发明无线局域网接入认证方法第二实施例的处理流程图;Fig. 4 is a processing flowchart of the second embodiment of the wireless local area network access authentication method of the present invention;

图5是本发明无线局域网接入认证方法第三实施例的处理流程图。Fig. 5 is a processing flowchart of the third embodiment of the wireless local area network access authentication method of the present invention.

具体实施方式Detailed ways

本发明的核心在于基于用户终端设备的MAC地址进行接入认证,MAC地址是48位的唯一地址,在网络环境下类似设备的身份证。一般的,MAC地址也叫物理地址、硬件地址或链路地址,由网络设备制造商生产时写在硬件内部。MAC地址在计算机里都是以48位的的二进制表示的,MAC地址的长度为48位(6个字节),通常表示为12个16进制数,每2个16进制数之间用冒号隔开,如:08:00:20:0A:8C:6D就是一个MAC地址,其中前6位16进制数08:00:20代表网络硬件制造商的编号,它由IEEE(电气与电子工程师协会)分配,而后3位16进制数0A:8C:6D代表该制造商所制造的某个网络产品(如网卡)的系列号。只要不更改用户终端设备的MAC地址,该用户终端设备的MAC地址在世界是惟一的。The core of the present invention is to perform access authentication based on the MAC address of the user terminal equipment. The MAC address is a 48-bit unique address, which is similar to the ID card of the equipment in the network environment. Generally, MAC addresses are also called physical addresses, hardware addresses or link addresses, and are written inside the hardware when produced by network equipment manufacturers. The MAC address is expressed in 48-bit binary in the computer. The length of the MAC address is 48 bits (6 bytes), usually expressed as 12 hexadecimal numbers, and between each 2 hexadecimal numbers. Separated by colons, such as: 08:00:20:0A:8C:6D is a MAC address, in which the first 6 digits of hexadecimal number 08:00:20 represent the serial number of the network hardware manufacturer, which is established by IEEE (Electrical and Electronics Institute of Engineers), and the last three hexadecimal numbers 0A:8C:6D represent the serial number of a network product (such as a network card) manufactured by the manufacturer. As long as the MAC address of the user terminal equipment is not changed, the MAC address of the user terminal equipment is unique in the world.

参考图2,该图是本发明实现无线局域网接入认证的网络环境图。本发明应用的WLAN包括:Refer to FIG. 2 , which is a diagram of a network environment for realizing WLAN access authentication in the present invention. The WLAN applied in the present invention includes:

用户终端(Supplicant)1,LAN所连接的一端的实体(Entity),作为认证请求者向认证点(Authenticator)发起请求,对其身份的合法性进行检验;The user terminal (Supplicant) 1, the entity (Entity) at the end of the LAN connection, initiates a request to the authentication point (Authenticator) as an authentication requester, and checks the legitimacy of its identity;

认证点2,响应用户终端1的认证请求,包括两个逻辑端口:受控端口(Controlled Port)21和不受控端口(Uncontrolled Port)22;Authentication point 2, which responds to the authentication request of user terminal 1, includes two logical ports: controlled port (Controlled Port) 21 and uncontrolled port (Uncontrolled Port) 22;

认证服务器3,是指通过检验用户终端1发送来的身份标识,来判断该请求者是否有权使用认证点2所提供的网络服务。The authentication server 3 refers to judging whether the requester has the right to use the network service provided by the authentication point 2 by checking the identity sent by the user terminal 1 .

通常,要访问局域网/城域网4,首先用户终端1要向认证点2发起认证请求,不受控端口22始终处于双向连通状态,主要用来传递EAPoL协议帧,可保证用户终端1始终可以发出或接受;认证授权时,认证点2的受控端口21才被连通,用于传递网络资源和服务。Usually, to access the LAN/MAN 4, the user terminal 1 first initiates an authentication request to the authentication point 2, and the uncontrolled port 22 is always in a two-way connection state, which is mainly used to transmit EAPoL protocol frames, which can ensure that the user terminal 1 can always Sending or accepting; when the authentication is authorized, the controlled port 21 of the authentication point 2 is connected to transfer network resources and services.

参考图3,该图是本发明实现无线局域网接入认证的第一实施例示意图。Referring to FIG. 3 , this figure is a schematic diagram of a first embodiment of the present invention for realizing WLAN access authentication.

本实施例在WLAN网络的AP上静态配置有各个用户终端设备的MAC地址表,在用户终端和AP进行802.11b/g/a的连接时,AP会获得用户终端设备的MAC地址,此时AP去查找配置的MAC地址表,如果发现该MAC地址存在,则认为用户终端合法,认证通过,开放对用户终端的控制,允许用户终端进行后续的流程,如申请IP地址,进行上网等。如果不存在,则保持对用户终端的控制;在这种情况下,用户终端如果要使用WLAN网络,可使用其他的认证方式,如基于用户名/密码的接入认证方式,这里不再赘述。In this embodiment, the MAC address table of each user terminal device is statically configured on the AP of the WLAN network. When the user terminal and the AP perform an 802.11b/g/a connection, the AP will obtain the MAC address of the user terminal device. To find the configured MAC address table, if the MAC address is found, the user terminal is considered legal, the authentication is passed, the control of the user terminal is opened, and the user terminal is allowed to perform subsequent processes, such as applying for an IP address and surfing the Internet. If it does not exist, then keep the control on the user terminal; in this case, if the user terminal wants to use the WLAN network, it can use other authentication methods, such as the access authentication method based on username/password, which will not be repeated here.

具体处理流程如下:The specific processing flow is as follows:

步骤s10,用户终端向认证点发送探测请求消息;Step s10, the user terminal sends a probe request message to the authentication point;

步骤s11,认证点向用户终端返回探测响应消息;Step s11, the authentication point returns a probe response message to the user terminal;

步骤s12,用户终端向认证点发送认证请求消息;Step s12, the user terminal sends an authentication request message to the authentication point;

步骤s13,认证点向用户终端返回认证响应消息;Step s13, the authentication point returns an authentication response message to the user terminal;

步骤s14,用户终端向认证点发送连接请求消息;Step s14, the user terminal sends a connection request message to the authentication point;

步骤s15,认证点与用户终端建立物理连接,向用户终端返回连接响应消息;Step s15, the authentication point establishes a physical connection with the user terminal, and returns a connection response message to the user terminal;

步骤s16,认证点获取用户终端的MAC地址,根据MAC地址进行认证,如果查找配置的MAC地址表发现该MAC地址存在,则认为用户合法,用户终端认证通过,可继续DHCP等后续流程,否则,认证未通过,采用其他认证方式或直接结束认证。Step s16, the authentication point obtains the MAC address of the user terminal, and performs authentication according to the MAC address. If the configured MAC address table is found to be found to exist, the user is considered legal, the user terminal is authenticated, and subsequent processes such as DHCP can be continued. Otherwise, If the authentication fails, use other authentication methods or terminate the authentication directly.

参考图4,该图是本发明实现无线局域网接入认证的第二实施例示意图。Referring to FIG. 4 , this figure is a schematic diagram of a second embodiment of the present invention for realizing WLAN access authentication.

上述第一实施例中静态配置的MAC地址表是在AP上实现,在实际使用中,受AP存储容量的限制,AP上配置的数据一般较少,运营存在困难。为此,本实施例配置的MAC地址表数据在认证服务器(AAA服务器)上实现,即在认证服务器(AAA服务器)上配置各个用户终端的MAC地址表,由AP上报用户终端的MAC地址给认证服务器(AAA服务器),由认证服务器(AAA服务器)进行查找比较。The statically configured MAC address table in the first embodiment above is implemented on the AP. In actual use, due to the limitation of the storage capacity of the AP, the data configured on the AP is generally small, and operation is difficult. For this reason, the MAC address table data configured in this embodiment is implemented on the authentication server (AAA server), that is, the MAC address table of each user terminal is configured on the authentication server (AAA server), and the MAC address of the user terminal is reported by the AP to the authentication server. The server (AAA server) is searched and compared by the authentication server (AAA server).

具体处理流程如下:The specific processing flow is as follows:

在步骤s20-步骤s25与第一实施例步骤s10-s15相同,由用户终端STA和认证点AP建立802.11物理连接。In step s20-step s25 are the same as steps s10-s15 in the first embodiment, an 802.11 physical connection is established between the user terminal STA and the authentication point AP.

在步骤s26,认证点AP获取用户终端STA的MAC地址,同时AP根据一定的规则判断用户是否属于MAC地址认证,例如可以根据特定的网络服务标识SSID来判断,即AP支持多个SSID,其中一个SSID用来标识以MAC地址对用户终端进行接入认证,如果属于以MAC地址进行接入认证,则AP构造RADIUS协议的Access-Request认证请求消息到认证服务器(AAA服务器),该消息中的用户名含有用户终端的MAC地址(例如其用户名的格式可以为MAC@DOMAIN)。In step s26, the authentication point AP obtains the MAC address of the user terminal STA. At the same time, the AP judges whether the user belongs to MAC address authentication according to certain rules. The SSID is used to identify the access authentication of the user terminal with the MAC address. If it belongs to the access authentication with the MAC address, the AP constructs an Access-Request authentication request message of the RADIUS protocol to the authentication server (AAA server), and the user in the message The name contains the MAC address of the user terminal (for example, the format of the user name can be MAC@DOMAIN).

在步骤s27,认证服务器(AAA服务器)收到用户终端的认证请求消息后,解析出用户名,根据一定的规则判断用户终端是否属于以MAC地址进行认证,例如可以根据域(DOMINA)来判断,在认证服务器里面配置DOMAIN和认证的关系,用特定的DOMAIN来表示属于该DOMAIN的用户终端都是以MAC地址进行接入认证。如果属于以MAC地址进行接入认证,则认证服务器根据该用户终端的MAC地址查找数据库,进行比较,搜寻匹配的MAC地址,判断该MAC地址是否合法。如果查找到匹配的MAC地址,则该MAC地址合法,认证通过,允许该用户终端接入WLAN网络,向AP发送Access-Accept认证成功消息;否则,向AP发送Access-Reject认证拒绝消息。In step s27, after the authentication server (AAA server) receives the authentication request message of the user terminal, it resolves the user name, and judges whether the user terminal belongs to authenticating with the MAC address according to certain rules, for example, it can be judged according to the domain (DOMINA), Configure the relationship between DOMAIN and authentication in the authentication server, and use a specific DOMAIN to indicate that the user terminals belonging to this DOMAIN are all authenticated by MAC address. If the access authentication is based on the MAC address, the authentication server searches the database according to the MAC address of the user terminal, compares it, searches for a matching MAC address, and judges whether the MAC address is legal. If a matching MAC address is found, the MAC address is legal and the authentication is passed, the user terminal is allowed to access the WLAN network, and an Access-Accept authentication success message is sent to the AP; otherwise, an Access-Reject authentication rejection message is sent to the AP.

参考图5,该图是本发明实现无线局域网接入认证的第三实施例示意图。Referring to FIG. 5 , this figure is a schematic diagram of a third embodiment of the present invention for implementing WLAN access authentication.

上述第二实施例中虽然将MAC地址的配置放在认证服务器(AAA服务器)中进行配置,但是在实际运营中,用户的MAC地址可能会发生改变,这时需要在认证服务器(AAA服务器)中进行增加、删除、修改的操作,增加了运营的困难。为此,本实施例进一步改进,实现认证服务器(AAA服务器)可以自动学习用户终端的MAC地址。In the above-mentioned second embodiment, although the configuration of the MAC address is placed in the authentication server (AAA server) for configuration, in actual operation, the user's MAC address may change, and at this time it needs to be configured in the authentication server (AAA server) The operation of adding, deleting, and modifying increases the difficulty of operation. For this reason, this embodiment is further improved to realize that the authentication server (AAA server) can automatically learn the MAC address of the user terminal.

具体处理流程如下:The specific processing flow is as follows:

首先用户到认证服务器(AAA服务器)中开设一个帐户,获取一个用户名和密码,然后开始接入认证,其接入流程步骤s30-36步如背景中现有技术1-7步中描述,这里不再赘述,在步骤s37的认证请求消息中,AP会把用户终端STA的MAC地址送给认证服务器(AAA服务器);First, the user opens an account in the authentication server (AAA server), obtains a user name and password, and then starts access authentication. Steps s30-36 of the access process are as described in steps 1-7 of the prior art in the background, and are not described here. To repeat, in the authentication request message of step s37, the AP will send the MAC address of the user terminal STA to the authentication server (AAA server);

在步骤s38,认证服务器(AAA服务器)判断用户的用户名和密码是否合法,如果合法,则认证通过,此时认证服务器(AAA服务器)会自动把用户本次认证中所携带的用户终端的MAC地址加入到自己的数据库中,并且向认证点AP发送认证成功消息Access-Accept,然后在步骤s39,认证点AP通知用户终端STA认证成功,其余后续流程和背景技术中相同,这里不再赘述。In step s38, the authentication server (AAA server) judges whether the user name and password of the user are legal, and if legal, then the authentication passes, and the authentication server (AAA server) will automatically pass the MAC address of the user terminal carried in this authentication of the user Add it to its own database, and send the authentication success message Access-Accept to the authentication point AP, and then in step s39, the authentication point AP notifies the user terminal STA that the authentication is successful.

需要说明的是,本实施例中用户下次再接入到WLAN网络中时,由于此时认证服务器(AAA服务器)中已经保存有用户的MAC地址,此时的认证流程和第二实施例相同,认证服务器以MAC地址对用户终端进行接入认证,这里不再赘述。It should be noted that when the user accesses the WLAN network next time in this embodiment, since the user's MAC address has already been stored in the authentication server (AAA server), the authentication process at this time is the same as that in the second embodiment , the authentication server uses the MAC address to perform access authentication on the user terminal, which will not be repeated here.

另外,如果用户改变了STA,这样其MAC地址也该变了,用户在第一次接入时MAC地址认证会失败,用户可以通过用户名/密码认证成功,并且同时更新认证服务器(AAA服务器)中保存的MAC地址,下次接入时就可以通过MAC地址进行接入认证。In addition, if the user changes the STA, its MAC address should also change, the MAC address authentication will fail when the user accesses for the first time, the user can pass the username/password authentication successfully, and update the authentication server (AAA server) at the same time The MAC address saved in , you can use the MAC address for access authentication the next time you access.

以上所述仅为本发明的优选实施方式,并不构成对本发明保护范围的限定。任何在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的权利要求保护范围之内。The above descriptions are only preferred embodiments of the present invention, and do not constitute a limitation to the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the claims of the present invention.

Claims (8)

1, a kind of method that realizes access authentication of WLAN, described WLAN (wireless local area network) comprises user terminal, authentication points and certificate server, it is characterized in that, comprising:
A, user terminal and authentication points are set up physical connection;
B, authentication points obtain the MAC Address of user terminal;
C, with described MAC Address described user terminal is carried out access authentication by described authentication points.
2, the method for realization access authentication of WLAN according to claim 1 is characterized in that, authentication points disposes the MAC Address of each user terminal, and step C comprises:
Authentication points authenticates according to the MAC Address of the described user terminal that obtains, if described MAC Address is legal, then user end certification passes through.
3, the method for realization access authentication of WLAN according to claim 1 is characterized in that, certificate server disposes the MAC Address of user terminal, and step C comprises:
C1, authentication points send the access request message that comprises the user terminal MAC Address to certificate server and initiate access authentication;
C2, certificate server parse described MAC Address and authenticate according to described MAC Address, if described MAC Address is legal, then user end certification passes through, and return to authentication points and accept message.
4, the method for realization access authentication of WLAN according to claim 3 is characterized in that, carries out access authentication with a network services identification SSID identifying subscriber terminal with MAC Address, also comprises before the step C1:
Authentication points judges whether described user terminal is carried out access authentication with MAC Address according to SSID, if detect described SSID, then is judged as and is, and be back execution in step C1 being judged as.
5, the method for realization access authentication of WLAN according to claim 3 is characterized in that, the user terminal that belongs to this territory with domain identifier carries out access authentication with MAC Address, also comprises before the step C2:
Certificate server judges whether described user terminal is carried out access authentication with MAC Address according to the territory of user terminal, carries out the territory of access authentication if user terminal belongs to described with MAC Address, then is judged as to be, and is back execution in step C2 being judged as.
6, according to the method for claim 3,4 or 5 each described realization access authentication of WLAN, it is characterized in that, the username and password of default subscriber terminal access authentication, user terminal access authentication first also comprised before execution in step C1:
User terminal is initiated the username and password authentication, and the MAC Address of described user terminal is obtained and disposed in authentication by the back certificate server.
7, the method for realization access authentication of WLAN according to claim 6 is characterized in that, steps A comprises:
User terminal sends probe request message to authentication points;
Authentication points returns probe response message to user terminal;
User terminal sends authentication request message to authentication points;
Authentication points is to user terminal return authentication response message;
User terminal sends connection request message to authentication points;
Authentication points and user terminal are set up physical connection, return connection response message to user terminal.
8, the method for realization access authentication of WLAN according to claim 7 is characterized in that, described certificate server is an authentication, authorization and accounting server.
CN 200510059708 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN Pending CN1842000A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510059708 CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510059708 CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Publications (1)

Publication Number Publication Date
CN1842000A true CN1842000A (en) 2006-10-04

Family

ID=37030857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510059708 Pending CN1842000A (en) 2005-03-29 2005-03-29 Method for realizing access authentication of WLAN

Country Status (1)

Country Link
CN (1) CN1842000A (en)

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778385A (en) * 2009-01-14 2010-07-14 北京天昭信息通信系统开发有限责任公司 Distributed multimedia wireless gateway and central base station equipment
CN101860865A (en) * 2009-04-10 2010-10-13 中兴通讯股份有限公司 Method and device for implementing secondary access
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
CN101217805B (en) * 2008-01-21 2011-08-10 中兴通讯股份有限公司 A wireless LAN access control method
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 WLAN authentication method and device based on MAC address
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN102404738A (en) * 2010-09-14 2012-04-04 中国移动通信集团山东有限公司 Method, system and authentication server for accessing and exiting WLAN network
CN102547703A (en) * 2010-12-24 2012-07-04 株式会社泛泰 Mobile terminal, server, and method for providing content information
US8233456B1 (en) 2006-10-16 2012-07-31 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
CN102821439A (en) * 2012-07-18 2012-12-12 中兴通讯股份有限公司 Access method and access device of wireless network
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN102883320A (en) * 2012-09-18 2013-01-16 东莞宇龙通信科技有限公司 WiFi (Wireless Fidelity) authentication method and system thereof
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN103119974A (en) * 2010-09-24 2013-05-22 英特尔公司 Systems and methods for maintaining privacy in wireless networks
CN103139775A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Access method of wireless local area network (WLAN), access device of WLAN and access system of WLAN
CN103260159A (en) * 2012-02-20 2013-08-21 宇龙计算机通信科技(深圳)有限公司 Identity identifying method and identity identifying system
US8619623B2 (en) 2006-08-08 2013-12-31 Marvell World Trade Ltd. Ad-hoc simple configuration
US8628420B2 (en) 2007-07-03 2014-01-14 Marvell World Trade Ltd. Location aware ad-hoc gaming
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN103765855A (en) * 2013-09-13 2014-04-30 华为终端有限公司 Processing method of wireless network device, wireless network device and processor thereof
US8732315B2 (en) 2006-10-16 2014-05-20 Marvell International Ltd. Automatic ad-hoc network creation and coalescing using WiFi protected setup
CN104067671A (en) * 2012-01-25 2014-09-24 高通股份有限公司 Method and apparatus for automatic service discovery and connectivity
CN104349322A (en) * 2013-08-01 2015-02-11 杭州华三通信技术有限公司 Device for detecting faker in wireless local area network and method thereof
CN104394178A (en) * 2014-12-18 2015-03-04 上海市共进通信技术有限公司 System and method for realizing rapid access control on wireless local area network
CN104410988A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Wireless local area network operating state monitoring system
CN104486763A (en) * 2014-12-25 2015-04-01 北京海尔广科数字技术有限公司 Wireless access equipment and method for realizing contact type authentication
CN104796894A (en) * 2014-01-22 2015-07-22 海尔集团公司 Configuration information transmission method and equipment
CN104917775A (en) * 2015-06-17 2015-09-16 北京汇为永兴科技有限公司 Internet access method
CN105007579A (en) * 2014-04-24 2015-10-28 中国移动通信集团广东有限公司 Wireless local area network access authentication method and terminal
CN105246073A (en) * 2015-08-28 2016-01-13 深圳市信锐网科技术有限公司 Wireless network access authentication method and server
CN105391720A (en) * 2015-11-20 2016-03-09 北京那个网络科技有限公司 User terminal login method and device
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
US9308455B1 (en) 2006-10-25 2016-04-12 Marvell International Ltd. System and method for gaming in an ad-hoc network
CN105516976A (en) * 2015-11-26 2016-04-20 苏州集联微电子科技有限公司 Method for authorizing wireless equipment to access Internet without password
CN105828454A (en) * 2015-07-28 2016-08-03 维沃移动通信有限公司 Method for connecting network, device and WiFi routing equipment
CN106161147A (en) * 2015-03-31 2016-11-23 腾讯科技(深圳)有限公司 Set up the method and device that network connects
CN106534117A (en) * 2016-11-10 2017-03-22 杭州华三通信技术有限公司 Authentication method and apparatus
US9705883B2 (en) 2012-11-15 2017-07-11 Zte Corporation Communications terminal and system and rights management method
CN107517189A (en) * 2016-06-17 2017-12-26 中兴通讯股份有限公司 Method, the equipment that a kind of WLAN user access authentication and configuration information issue
CN108076456A (en) * 2017-05-02 2018-05-25 哈尔滨安天科技股份有限公司 A kind of WiFi communication data security protection method and system based on more passwords
CN108347333A (en) * 2017-01-22 2018-07-31 深圳市优朋普乐传媒发展有限公司 A kind of identity identifying method of terminal, device
CN109379354A (en) * 2018-10-10 2019-02-22 小雅智能平台(深圳)有限公司 A kind of methods, devices and systems for binding smart machine
CN105208554B (en) * 2014-06-12 2019-03-05 四川长虹电器股份有限公司 A kind of method, system and equipment realizing zigbee terminal device and networking
CN110401948A (en) * 2018-04-24 2019-11-01 北京码牛科技有限公司 Wireless network authentication method and device
US10616232B2 (en) 2014-05-31 2020-04-07 Huawei Technologies Co., Ltd. Network connection method, hotspot terminal and management terminal

Cited By (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8619623B2 (en) 2006-08-08 2013-12-31 Marvell World Trade Ltd. Ad-hoc simple configuration
US9019866B2 (en) 2006-08-08 2015-04-28 Marvell World Trade Ltd. Ad-hoc simple configuration
US8732315B2 (en) 2006-10-16 2014-05-20 Marvell International Ltd. Automatic ad-hoc network creation and coalescing using WiFi protected setup
US9444874B2 (en) 2006-10-16 2016-09-13 Marvell International Ltd. Automatic Ad-Hoc network creation and coalescing using WPS
US9374785B1 (en) 2006-10-16 2016-06-21 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
US8233456B1 (en) 2006-10-16 2012-07-31 Marvell International Ltd. Power save mechanisms for dynamic ad-hoc networks
US9308455B1 (en) 2006-10-25 2016-04-12 Marvell International Ltd. System and method for gaming in an ad-hoc network
US8628420B2 (en) 2007-07-03 2014-01-14 Marvell World Trade Ltd. Location aware ad-hoc gaming
CN101217805B (en) * 2008-01-21 2011-08-10 中兴通讯股份有限公司 A wireless LAN access control method
CN101778385A (en) * 2009-01-14 2010-07-14 北京天昭信息通信系统开发有限责任公司 Distributed multimedia wireless gateway and central base station equipment
CN101860865A (en) * 2009-04-10 2010-10-13 中兴通讯股份有限公司 Method and device for implementing secondary access
CN102404738A (en) * 2010-09-14 2012-04-04 中国移动通信集团山东有限公司 Method, system and authentication server for accessing and exiting WLAN network
CN102404738B (en) * 2010-09-14 2014-01-08 中国移动通信集团山东有限公司 Method, system and authentication server for accessing and exiting WLAN network
CN103119974B (en) * 2010-09-24 2016-08-03 英特尔公司 For safeguarding the system and method for the privacy in wireless network
CN103119974A (en) * 2010-09-24 2013-05-22 英特尔公司 Systems and methods for maintaining privacy in wireless networks
CN102547703A (en) * 2010-12-24 2012-07-04 株式会社泛泰 Mobile terminal, server, and method for providing content information
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
WO2012171184A1 (en) * 2011-06-15 2012-12-20 华为技术有限公司 Wireless local area network authentication method based on media access control address and device thereof
CN102204307A (en) * 2011-06-15 2011-09-28 华为技术有限公司 WLAN authentication method and device based on MAC address
CN102204307B (en) * 2011-06-15 2014-04-16 华为技术有限公司 WLAN authentication method and device based on MAC address
CN102348209B (en) * 2011-09-23 2014-12-24 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN103139775A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Access method of wireless local area network (WLAN), access device of WLAN and access system of WLAN
CN103139775B (en) * 2011-12-02 2015-12-02 中国移动通信集团上海有限公司 A kind of WLAN cut-in method, Apparatus and system
CN104067671B (en) * 2012-01-25 2018-07-03 高通股份有限公司 For automated service discovery and the method and apparatus of connection
CN104067671A (en) * 2012-01-25 2014-09-24 高通股份有限公司 Method and apparatus for automatic service discovery and connectivity
CN103260159A (en) * 2012-02-20 2013-08-21 宇龙计算机通信科技(深圳)有限公司 Identity identifying method and identity identifying system
CN103260159B (en) * 2012-02-20 2016-08-24 宇龙计算机通信科技(深圳)有限公司 Personal identification method and system
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
CN102821439A (en) * 2012-07-18 2012-12-12 中兴通讯股份有限公司 Access method and access device of wireless network
CN103634270B (en) * 2012-08-21 2017-06-16 中国电信股份有限公司 Recognize method, system and the access point authentication server of access point legitimacy
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN102883320A (en) * 2012-09-18 2013-01-16 东莞宇龙通信科技有限公司 WiFi (Wireless Fidelity) authentication method and system thereof
CN102883320B (en) * 2012-09-18 2017-03-15 东莞宇龙通信科技有限公司 WiFi method for authenticating and its system
CN102857517A (en) * 2012-09-29 2013-01-02 华为技术有限公司 Authentication method, broadband remote access server and authentication server
CN102857517B (en) * 2012-09-29 2015-12-09 华为技术有限公司 Authentication method, Broadband Remote Access Server and certificate server
CN103716795B (en) * 2012-10-09 2018-04-06 中兴通讯股份有限公司 A kind of wireless network safety access method, device and system
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
US9705883B2 (en) 2012-11-15 2017-07-11 Zte Corporation Communications terminal and system and rights management method
CN102984173A (en) * 2012-12-13 2013-03-20 迈普通信技术股份有限公司 Network access control method and system
CN102984173B (en) * 2012-12-13 2017-02-22 迈普通信技术股份有限公司 Network access control method and system
CN104349322B (en) * 2013-08-01 2018-06-12 新华三技术有限公司 A kind of device and method that personator is detected in Wireless LAN
CN104349322A (en) * 2013-08-01 2015-02-11 杭州华三通信技术有限公司 Device for detecting faker in wireless local area network and method thereof
CN103765855A (en) * 2013-09-13 2014-04-30 华为终端有限公司 Processing method of wireless network device, wireless network device and processor thereof
WO2015035620A1 (en) * 2013-09-13 2015-03-19 华为终端有限公司 Processing method of wireless network equipment, wireless network equipment and processor thereof
US9503896B2 (en) 2013-09-13 2016-11-22 Huawei Device Co., Ltd. Processing method of wireless network device, wireless network device, and processor of wireless network device
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN103731425B (en) * 2013-12-31 2016-08-24 迈普通信技术股份有限公司 Network wireless terminal connection control method and system
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN104796894A (en) * 2014-01-22 2015-07-22 海尔集团公司 Configuration information transmission method and equipment
CN105007579A (en) * 2014-04-24 2015-10-28 中国移动通信集团广东有限公司 Wireless local area network access authentication method and terminal
CN105007579B (en) * 2014-04-24 2019-03-15 中国移动通信集团广东有限公司 A wireless local area network access authentication method and terminal
US10616232B2 (en) 2014-05-31 2020-04-07 Huawei Technologies Co., Ltd. Network connection method, hotspot terminal and management terminal
US11310239B2 (en) 2014-05-31 2022-04-19 Huawei Technologies Co., Ltd. Network connection method, hotspot terminal and management terminal
CN105208554B (en) * 2014-06-12 2019-03-05 四川长虹电器股份有限公司 A kind of method, system and equipment realizing zigbee terminal device and networking
CN104410988A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Wireless local area network operating state monitoring system
CN104394178A (en) * 2014-12-18 2015-03-04 上海市共进通信技术有限公司 System and method for realizing rapid access control on wireless local area network
CN104486763A (en) * 2014-12-25 2015-04-01 北京海尔广科数字技术有限公司 Wireless access equipment and method for realizing contact type authentication
CN106161147A (en) * 2015-03-31 2016-11-23 腾讯科技(深圳)有限公司 Set up the method and device that network connects
CN106161147B (en) * 2015-03-31 2019-08-06 腾讯科技(深圳)有限公司 Establish the method and device of network connection
CN104917775A (en) * 2015-06-17 2015-09-16 北京汇为永兴科技有限公司 Internet access method
CN105828454A (en) * 2015-07-28 2016-08-03 维沃移动通信有限公司 Method for connecting network, device and WiFi routing equipment
CN105828454B (en) * 2015-07-28 2019-07-26 维沃移动通信有限公司 A kind of method, apparatus connecting network and a kind of WIFI routing device
CN105246073A (en) * 2015-08-28 2016-01-13 深圳市信锐网科技术有限公司 Wireless network access authentication method and server
CN105246073B (en) * 2015-08-28 2019-06-21 深圳市信锐网科技术有限公司 The access authentication method and server of wireless network
CN105391720A (en) * 2015-11-20 2016-03-09 北京那个网络科技有限公司 User terminal login method and device
CN105516976A (en) * 2015-11-26 2016-04-20 苏州集联微电子科技有限公司 Method for authorizing wireless equipment to access Internet without password
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
CN105450652B (en) * 2015-12-03 2018-06-15 迈普通信技术股份有限公司 A kind of authentication method, apparatus and system
CN107517189A (en) * 2016-06-17 2017-12-26 中兴通讯股份有限公司 Method, the equipment that a kind of WLAN user access authentication and configuration information issue
CN107517189B (en) * 2016-06-17 2022-03-29 中兴通讯股份有限公司 Method and equipment for WLAN user access authentication and configuration information issuing
CN106534117A (en) * 2016-11-10 2017-03-22 杭州华三通信技术有限公司 Authentication method and apparatus
CN106534117B (en) * 2016-11-10 2020-03-06 新华三技术有限公司 Authentication method and device
CN108347333A (en) * 2017-01-22 2018-07-31 深圳市优朋普乐传媒发展有限公司 A kind of identity identifying method of terminal, device
CN108076456A (en) * 2017-05-02 2018-05-25 哈尔滨安天科技股份有限公司 A kind of WiFi communication data security protection method and system based on more passwords
CN110401948A (en) * 2018-04-24 2019-11-01 北京码牛科技有限公司 Wireless network authentication method and device
CN109379354A (en) * 2018-10-10 2019-02-22 小雅智能平台(深圳)有限公司 A kind of methods, devices and systems for binding smart machine

Similar Documents

Publication Publication Date Title
CN1842000A (en) Method for realizing access authentication of WLAN
CN1293720C (en) Method and apparatus for initiating secure communication between wireless devices and dedicated pairing thereto
CN1265607C (en) Method for building up service tunnel in wireless local area network
CA2490131C (en) Key generation in a communication system
CN100366007C (en) System, device and method for SIM-based authentication and encryption for wireless local area network access
CN1186906C (en) Wireless LAN safety connecting-in control method
CN108063689B (en) Secure online registration and provisioning of WI-FI hotspots using Device Management Protocol
US8094821B2 (en) Key generation in a communication system
JP5934364B2 (en) Mobile device and method for secure online sign-up and provision for WI-FI hotspots using SOAP-XML technology
US20130276076A1 (en) Mobile device and method for secure on-line sign-up and provisioning for wi-fi hotspots using soap-xml techniques
CN1549526A (en) A method for realizing wireless local area network authentication
CN101379795A (en) address assignment by a DHCP server while client credentials are checked by an authentication server
CN107079007A (en) certificate-based authentication
CN101032142A (en) Means and methods for signal sign-on access to service network through access network
CN1567868A (en) Authentication method based on Ethernet authentication system
CN1726483A (en) Authentication in communication systems
CN111465011A (en) Cross-network access method, device, storage medium and communication system
CN1674497A (en) Certification method for WLAN terminal switching in mobile network
CN1595894A (en) A method for implementing access authentication of wireless local area network
CN1142662C (en) Authentication method for supporting network switching in based on different devices at same time
CN1691582A (en) Method for implementing compatibility between WAPI protocol and 802.1X protocol
CN101272297A (en) A WiMAX network user EAP authentication method
US11546339B2 (en) Authenticating client devices to an enterprise network
CN1805391A (en) Method and apparatus for supporting multiple logical networks in wireless LAN
KR100667186B1 (en) Apparatus and Method for Implementing Authentication System for Wireless Mobile Terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20061004