[go: up one dir, main page]

CN100466567C - A kind of access authentication method of wireless local area network - Google Patents

A kind of access authentication method of wireless local area network Download PDF

Info

Publication number
CN100466567C
CN100466567C CNB031373941A CN03137394A CN100466567C CN 100466567 C CN100466567 C CN 100466567C CN B031373941 A CNB031373941 A CN B031373941A CN 03137394 A CN03137394 A CN 03137394A CN 100466567 C CN100466567 C CN 100466567C
Authority
CN
China
Prior art keywords
authentication
password
user
user side
otp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB031373941A
Other languages
Chinese (zh)
Other versions
CN1567859A (en
Inventor
高江海
唐周和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Huawei Technology Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB031373941A priority Critical patent/CN100466567C/en
Publication of CN1567859A publication Critical patent/CN1567859A/en
Application granted granted Critical
Publication of CN100466567C publication Critical patent/CN100466567C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J13/00Code division multiplex systems
    • H04J13/10Code generation
    • H04J13/12Generation of orthogonal codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • G06Q20/1235Shopping for digital content with control of digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0277Online advertisement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services
    • G06Q50/188Electronic negotiation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/16Coin-freed apparatus for hiring articles; Coin-freed facilities or services for devices exhibiting advertisements, announcements, pictures or the like
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/02Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
    • H04B7/04Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
    • H04B7/06Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station
    • H04B7/0602Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using antenna switching
    • H04B7/0604Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using antenna switching with predefined switching scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/02Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
    • H04B7/04Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
    • H04B7/08Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station
    • H04B7/0837Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station using pre-detection combining
    • H04B7/084Equal gain combining, only phase adjustments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/155Ground-based stations
    • H04B7/15528Control of operation parameters of a relay station to exploit the physical medium
    • H04B7/15535Control of relay amplifier gain
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0041Arrangements at the transmitter end
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0045Arrangements at the receiver end
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0064Concatenated codes
    • H04L1/0066Parallel concatenated codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0067Rate matching
    • H04L1/0068Rate matching by puncturing
    • H04L1/0069Puncturing patterns
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0071Use of interleaving
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/02Arrangements for detecting or preventing errors in the information received by diversity reception
    • H04L1/06Arrangements for detecting or preventing errors in the information received by diversity reception using space diversity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/08Arrangements for detecting or preventing errors in the information received by repeating transmission, e.g. Verdan system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1812Hybrid protocols; Hybrid automatic repeat request [HARQ]
    • H04L1/1819Hybrid protocols; Hybrid automatic repeat request [HARQ] with retransmission of additional or different redundancy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1829Arrangements specially adapted for the receiver end
    • H04L1/1835Buffer management
    • H04L1/1841Resequencing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1829Arrangements specially adapted for the receiver end
    • H04L1/1848Time-out mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/287Remote access server, e.g. BRAS
    • H04L12/2874Processing of data for distribution to the subscribers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/28Flow control; Congestion control in relation to timing considerations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/34Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/0001Arrangements for dividing the transmission path
    • H04L5/0014Three-dimensional division
    • H04L5/0023Time-frequency-space
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0042Intra-user or intra-terminal allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0044Allocation of payload; Allocation of data channels, e.g. PDSCH or PUSCH
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0078Timing of allocation
    • H04L5/0082Timing of allocation at predetermined intervals
    • H04L5/0083Timing of allocation at predetermined intervals symbol-by-symbol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/168Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/253Telephone sets using digital voice transmission
    • H04M1/2535Telephone sets using digital voice transmission adapted for voice communication over an Internet Protocol [IP] network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/0024Services and arrangements where telephone services are combined with data services
    • H04M7/0057Services where the data services network provides a telephone service in addition or as an alternative, e.g. for backup purposes, to the telephone service provided by the telephone services network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • H04M7/0066Details of access arrangements to the networks
    • H04M7/0069Details of access arrangements to the networks comprising a residential gateway, e.g. those which provide an adapter for POTS or ISDN terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/10Flow control between communication endpoints
    • H04W28/14Flow control between communication endpoints using intermediate storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/06TPC algorithms
    • H04W52/14Separate analysis of uplink or downlink
    • H04W52/143Downlink power control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/18TPC being performed according to specific parameters
    • H04W52/24TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/18TPC being performed according to specific parameters
    • H04W52/24TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
    • H04W52/245TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account received signal strength
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/38TPC being performed in particular situations
    • H04W52/46TPC being performed in particular situations in multi-hop networks, e.g. wireless relay networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/38TPC being performed in particular situations
    • H04W52/48TPC being performed in particular situations during retransmission after error or non-acknowledgment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/02Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
    • H04B7/04Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
    • H04B7/08Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station
    • H04B7/0891Space-time diversity
    • H04B7/0894Space-time diversity using different delays between antennas
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/155Ground-based stations
    • H04B7/15507Relay station based processing for cell extension or control of coverage area
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1829Arrangements specially adapted for the receiver end
    • H04L1/1835Buffer management
    • H04L1/1845Combining techniques, e.g. code combining
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L2001/0092Error control systems characterised by the topology of the transmission link
    • H04L2001/0096Channel splitting in point-to-point links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/324Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the data link layer [OSI layer 2], e.g. HDLC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/18TPC being performed according to specific parameters
    • H04W52/22TPC being performed according to specific parameters taking into account previous information or commands
    • H04W52/225Calculation of statistics, e.g. average or variance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/18TPC being performed according to specific parameters
    • H04W52/24TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
    • H04W52/241TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account channel quality metrics, e.g. SIR, SNR, CIR or Eb/lo
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. Transmission Power Control [TPC] or power classes
    • H04W52/04Transmission power control [TPC]
    • H04W52/18TPC being performed according to specific parameters
    • H04W52/24TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
    • H04W52/242TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account path loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Bioethics (AREA)
  • Marketing (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Tourism & Hospitality (AREA)
  • Medical Informatics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Technology Law (AREA)
  • Human Resources & Organizations (AREA)
  • Primary Health Care (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种无线局域网的接入认证方法,门户判断当前接入的用户端是否通过认证,如果是,则该用户端通过门户接入无线局域网,否则,对该用户端进行接入认证,其特征在于,接入认证过程包括:用户端通过门户将至少包括用户名的认证信息传输到认证服务器(AS),AS根据得到的认证信息判断该用户端是否采用OTP接入认证方式,如果不是,则按照该用户端所采用的接入认证方式进行接入认证,如果是,则AS根据得到的认证信息,生成OTP密码,并将该密码传输给用户端,用户端根据得到的OTP密码进行接入认证。

Figure 03137394

The invention discloses an access authentication method of a wireless local area network. The portal judges whether the currently accessed user terminal has passed the authentication, and if so, the user terminal accesses the wireless local area network through the portal; otherwise, the user terminal performs access authentication , wherein the access authentication process includes: the user terminal transmits authentication information including at least the user name to an authentication server (AS) through the portal, and the AS judges whether the user terminal adopts the OTP access authentication method according to the obtained authentication information, if If not, perform access authentication according to the access authentication method adopted by the client. If yes, the AS generates an OTP password according to the obtained authentication information, and transmits the password to the client, and the client uses the obtained OTP password. Perform access authentication.

Figure 03137394

Description

一种无线局域网的接入认证方法 A kind of access authentication method of wireless local area network

技术领域 technical field

本发明涉及无线通信技术中的接入认证领域,尤其涉及无线局域网(WLAN)的接入认证方法。The invention relates to the field of access authentication in wireless communication technology, in particular to an access authentication method of a wireless local area network (WLAN).

背景技术 Background technique

WLAN作为一种无线接入方式,由于其自身所具有的良好性能,正得到日益广泛的应用,其市场前景也被各国的设备提供商和运营商所看好,并且纷纷提出各自的WLAN解决方案。As a wireless access method, WLAN is being widely used due to its good performance. Its market prospect is also favored by equipment providers and operators in various countries, and they have proposed their own WLAN solutions.

从个人终端的操作方式来看,接入方式主要分为基于用户识别卡(SIM)认证的方式和基于用户名以及密码的认证方式,其中,在基于用户名以及密码的认证方式中,还进一步包括两种方式,分别是:采用固定的用户名和密码进行认证;以及采用一次性密码(OTP)进行认证。From the point of view of the operation mode of the personal terminal, the access mode is mainly divided into the mode based on the Subscriber Identification Card (SIM) authentication and the authentication mode based on the user name and password, wherein, in the authentication mode based on the user name and password, further Including two methods, namely: using a fixed user name and password for authentication; and using a one-time password (OTP) for authentication.

在现有技术所提供的WLAN解决方案中,多采用固定的用户名和密码进行认证。在该方法中,用户通过开户向运营商申请得到一个固定的用户名和密码,或者也可通过购买预付费卡从而获得一个固定的用户名和密码,在该用户以后的上网过程中,均是使用这个固定的用户名和密码进行认证,以接入网络。上述方法由于采用固定的用户名和密码作为接入认证信息,使得接入认证信息容易被他人盗取并使用,从而造成用户不必要的损失。In the WLAN solutions provided by the prior art, a fixed user name and password are mostly used for authentication. In this method, the user applies to the operator for a fixed user name and password by opening an account, or obtains a fixed user name and password by purchasing a prepaid card. Fixed user name and password for authentication to access the network. Since the above method uses a fixed user name and password as the access authentication information, the access authentication information is easily stolen and used by others, thereby causing unnecessary losses to the user.

发明内容 Contents of the invention

有鉴于此,本发明的主要目的在于提供一种WLAN的接入认证方法,该方法能够实现在WLAN中利用OTP方式进行接入认证。In view of this, the main purpose of the present invention is to provide a WLAN access authentication method, which can implement access authentication in a WLAN using OTP.

本发明为一种无线局域网的接入认证方法,门户判断当前接入的用户端是否通过认证,如果是,则该用户端通过门户接入无线局域网,否则,对该用户端进行接入认证,其特征在于,接入认证过程包括:The present invention is an access authentication method of a wireless local area network. The portal judges whether the currently accessed user terminal has passed the authentication, and if so, the user terminal accesses the wireless local area network through the portal; otherwise, the user terminal performs access authentication. It is characterized in that the access authentication process includes:

门户请求用户端输入认证信息,用户端将至少包括用户名的认证信息发送给门户,门户将所接收的认证信息携带在认证请求中传输到认证服务器AS,AS根据得到的认证信息判断该用户端是否采用一次性密码OTP接入认证方式,如果不是,则按照该用户端所采用的接入认证方式进行接入认证,如果是,则AS根据得到的认证信息,生成OTP密码,将该密码传输给用户端,并通知门户向用户端请求密码;The portal requests the user terminal to input authentication information, the user terminal sends the authentication information including at least the user name to the portal, the portal carries the received authentication information in the authentication request and transmits it to the authentication server AS, and the AS judges the user terminal according to the obtained authentication information Whether to use the one-time password OTP access authentication method, if not, perform access authentication according to the access authentication method adopted by the client, if yes, the AS generates an OTP password according to the obtained authentication information, and transmits the password to the client and notify the portal to request a password from the client;

门户向用户端请求输入密码,用户端根据请求向门户发送所收到的OTP密码,门户将收到的密码发送到AS,AS根据收到的密码和至少包括用户名的认证信息判断当前用户是否为合法用户,如果是,则AS通知门户该用户端通过认证,门户再通知用户端认证成功;否则,AS通过门户通知用户端认证失败。The portal requests the user to enter a password, and the user sends the received OTP password to the portal according to the request, and the portal sends the received password to the AS, and the AS judges whether the current user is based on the received password and authentication information including at least the user name. If it is a legal user, the AS will notify the portal that the client has passed the authentication, and the portal will then notify the client that the authentication is successful; otherwise, the AS will notify the client that the authentication has failed through the portal.

其中,所述AS根据得到的认证信息判断该用户是否采用OTP接入认证方式为:AS根据认证信息中用户名的格式进行所述判断。Wherein, the AS judges whether the user adopts the OTP access authentication method according to the obtained authentication information: the AS performs the judgment according to the format of the user name in the authentication information.

其中,所述AS根据得到的认证信息生成OTP密码为:AS根据用户名中的移动设备号码随机生成一个OTP密码。Wherein, the AS generates the OTP password according to the obtained authentication information as follows: the AS randomly generates an OTP password according to the mobile device number in the user name.

其中,所述AS将OTP密码传输给用户端包括:Wherein, the AS transmits the OTP password to the client including:

AS将所述OTP密码传送给短消息中心,短消息中心根据认证信息中的用户移动设备号码,将该OTP密码传送到所述移动设备号码对应的移动设备上。The AS transmits the OTP password to the short message center, and the short message center transmits the OTP password to the mobile equipment corresponding to the mobile equipment number according to the mobile equipment number of the user in the authentication information.

其中,所述移动设备为手机,所述移动设备号码为移动台ISDN号码。Wherein, the mobile device is a mobile phone, and the mobile device number is a mobile station ISDN number.

可见,本发明能将OTP和WLAN结合,在WLAN的组网方式中用OTP认证方式实现用户的上网控制,从而使得用户每次上网所采用的密码均不相同,从而减少了密码被盗的可能性,更有效保证了用户的利益。It can be seen that the present invention can combine OTP and WLAN, and realize the user's online control by using the OTP authentication method in the WLAN networking mode, so that the passwords used by users every time they go online are all different, thereby reducing the possibility of password being stolen Sex, more effectively guarantee the interests of users.

附图说明 Description of drawings

图1为本发明实施例中WLAN接入认证的流程图。FIG. 1 is a flowchart of WLAN access authentication in an embodiment of the present invention.

具体实施方式 Detailed ways

本发明为一种WLAN接入认证方法,用户在每次接入网络时,先由认证服务器为该用户生成一个OTP密码,并将该OTP密码通过不易被他人盗取信息的渠道发送给用户,用户收到后,再使用所获得的OTP密码进行认证,以接入网络。The invention relates to a WLAN access authentication method. When a user accesses the network each time, the authentication server first generates an OTP password for the user, and sends the OTP password to the user through a channel that is not easy for others to steal information. After receiving it, the user will use the obtained OTP password for authentication to access the network.

下面结合附图对本发明进行详细描述。The present invention will be described in detail below in conjunction with the accompanying drawings.

在本发明实施例中,用于将用户端接入网络的门户(Portal)内置于认证控制(AC)上,AC和Portal作为一个整体应用于本发明实施例中,在本发明的其它实施例中,AC和Portal也可单独配置,并不影响本发明的实现,参见图1所示,本发明实施例包括以下步骤:In the embodiment of the present invention, the portal (Portal) used to connect the client to the network is built in the authentication control (AC), and the AC and Portal are used as a whole in the embodiment of the present invention. In other embodiments of the present invention Among them, the AC and Portal can also be configured separately, which does not affect the realization of the present invention. Referring to FIG. 1, the embodiment of the present invention includes the following steps:

步骤101:用户开机后,通过动态地址分配协议(DHCP)方式,AC为用户端分配IP地址;Step 101: After the user starts the machine, the AC assigns an IP address to the user terminal through the Dynamic Address Assignment Protocol (DHCP);

步骤102:用户在互联网浏览器(IE)的地址栏中输入用户的访问站点地址,用户端按照此访问站点地址通过Portal尝试进行链接;Step 102: the user inputs the user's access site address in the address bar of the Internet browser (IE), and the user end attempts to link according to the access site address through the Portal;

步骤103:Portal在自身上检测该用户是否已经通过认证,如果是,表明当前用户端是已接入WLAN的用户,则结束用户端的接入过程,直接进行WLAN与用户端之间的正常链接,直至用户断开该链接;否则,执行步骤104;Step 103: Portal detects whether the user has been authenticated on itself, if yes, it indicates that the current user end is a user who has accessed the WLAN, then ends the access process of the user end, and directly performs a normal link between the WLAN and the user end, Until the user disconnects the link; otherwise, execute step 104;

步骤104:Portal向用户端发送认证页面,提示用户在该页面上输入认证所需的用户名和密码;Step 104: Portal sends an authentication page to the client, prompting the user to input the user name and password required for authentication on the page;

步骤105:用户端收到该认证页面,用户在该认证页面上输入认证信息,具体包括:Step 105: The client receives the authentication page, and the user inputs authentication information on the authentication page, specifically including:

用户在该页面所提供的用户名项目中输入用户名,针对不同的接入认证方式,用户所输入用户名的格式各不相同,在本发明实施例中,由于用户采用的是OTP接入认证方式,因此,用户输入的用户名满足OTP接入认证中的用户名的规定格式:用户移动设备的号码@OTP,本发明实施例中,以移动台ISDN号码(MSISDN)作为用户移动设备的号码,在本发明其它实施例中,也可采用其它号码作为用户移动设备的号码;The user enters the user name in the user name item provided on this page. For different access authentication methods, the format of the user name input by the user is different. In the embodiment of the present invention, since the user uses OTP access authentication Therefore, the user name input by the user meets the specified format of the user name in the OTP access authentication: the number of the user's mobile device@OTP. In the embodiment of the present invention, the mobile station ISDN number (MSISDN) is used as the number of the user's mobile device , in other embodiments of the present invention, other numbers may also be used as the number of the user's mobile device;

用户根据所采用的接入认证方式,在页面所提供的密码项中输入密码,由于本实施例采用的是OTP接入认证方式,此时用户密码项被默认为空(null),在本步骤中用户是否输入密码以及所输入密码的内容均不影响后续步骤的接入认证过程;The user enters the password in the password item provided on the page according to the access authentication method adopted. Since this embodiment adopts the OTP access authentication method, the user password item is defaulted to be empty (null) at this time. Whether the user enters a password and the content of the entered password will not affect the access authentication process in the subsequent steps;

在用户端得到用户输入的认证信息后,用户端利用http/https协议向Portal发送包括用户所输入的认证信息的消息;After the user end obtains the authentication information input by the user, the user end uses the http/https protocol to send a message including the authentication information input by the user to Portal;

步骤106:Portal收到用户端发送来的消息,向认证服务器(AS)发送认证请求(Access_Request),该认证请求中包括用户端发送来的包括MSISDN@OTP的用户名和密码项的认证信息;Step 106: Portal receives the message that user end sends, sends authentication request (Access_Request) to authentication server (AS), and this authentication request includes the authentication information that user end sends and comprises the user name of MSISDN@OTP and password item;

步骤107:AS收到认证请求后,判断该请求中的用户名是否为MSISDN@OTP格式,如果不是,则结束OTP认证流程,采用其他认证方式对用户进行认证,否则,确定该用户端采用OTP认证方式,解析出用户名之中的MSISDN,AS根据MSISDN在自身上随机生成一个OTP密码key;其中,在本发明其它实施例中,AS还可采用其他方式随机生成密码key,并不影响本发明的实现;Step 107: After receiving the authentication request, the AS determines whether the user name in the request is in the MSISDN@OTP format, if not, ends the OTP authentication process, and uses other authentication methods to authenticate the user, otherwise, determines that the client uses OTP Authentication method, parse out the MSISDN in the user name, and the AS randomly generates an OTP password key on itself according to the MSISDN; wherein, in other embodiments of the present invention, the AS can also use other methods to randomly generate the password key, which does not affect this realization of the invention;

步骤108~步骤111:根据MSISDN,AS将密码key通过短消息点对点协议(SMPP)发送给短消息中心(SMSC),SMSC通过短消息将密码key发送到该用户的手机上;同时,AS向Portal发送认证请求拒绝消息(Access_Reject),该消息中的失败代码内容为“重推页面”、失败原因值中标明key已经发送给SMSC,该认证请求拒绝消息用以通知Portal向用户端重推认证页面;Portal收到该认证请求拒绝消息,根据其中的失败代码向用户端重新下推认证页面,提示用户输入密码;Step 108~step 111: According to MSISDN, AS sends password key to Short Message Center (SMSC) through Short Message Point-to-Point Protocol (SMPP), and SMSC sends password key to the mobile phone of this user by short message; Meanwhile, AS sends Portal Send an authentication request rejection message (Access_Reject), the failure code content in the message is "re-push page", and the failure reason value indicates that the key has been sent to SMSC, and the authentication request rejection message is used to notify Portal to re-push the authentication page to the client ; Portal receives the authentication request rejection message, pushes down the authentication page again to the client according to the failure code in it, and prompts the user to enter the password;

步骤112:用户端将通过短消息收到的key作为密码输入认证页面,然后利用http/https协议向Portal发送用户输入的密码key;Step 112: the client enters the key received by the short message as a password into the authentication page, and then utilizes the http/https protocol to send the password key entered by the user to Portal;

步骤113~步骤115:Portal获得用户输入的密码key,向AS发送新的认证请求,AS根据密码key和用户名MSISDN@OTP判断该用户是否为合法用户,如果是,则通过认证,向Portal下发认证请求成功消息(Access-Success)消息,Portal收到该消息,向用户端下推认证成功页面,通知用户端认证成功;否则,AS通过Portal/AC向用户端提示认证失败。Steps 113 to 115: Portal obtains the password key entered by the user, and sends a new authentication request to AS. AS judges whether the user is a legitimate user based on the password key and user name MSISDN@OTP. If yes, it passes the authentication and logs in to Portal Send an authentication request success message (Access-Success) message, and the Portal receives the message, pushes down the authentication success page to the client, and notifies the client that the authentication is successful; otherwise, the AS prompts the client through the Portal/AC that the authentication fails.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the scope of the present invention. within the scope of protection.

Claims (5)

1, whether a kind of access authentication method of WLAN (wireless local area network), door judge the user side of current access by authentication, if, then this user side inserts WLAN (wireless local area network) by door, otherwise, this user side is carried out access authentication, it is characterized in that access authentication procedure comprises:
Portal requests user side input authentication information, user side will comprise at least that the authentication information of user name sends to door, door is carried at the authentication information that is received and is transferred to certificate server AS in the authentication request, AS judges according to the authentication information that obtains whether this user side adopts disposal password OTP access authentication mode, if not, then carry out access authentication according to the access authentication mode that this user side adopted, if, then AS is according to the authentication information that obtains, generate the OTP password, give user side with this password transmission, and the notice door is to user side request password;
Door is to user side request input password, user side sends the OTP password of being received according to request to door, door sends to AS with the password of receiving, AS judges according to password of receiving and the authentication information that comprises user name at least whether the active user is validated user, if, then this user side of AS notice door is by authentication, and door reinforms the user side authentication success; Otherwise AS is by portal notifications user side authentification failure.
2, method according to claim 1 is characterized in that, described AS judges according to the authentication information that obtains whether this user adopts OTP access authentication mode to be: AS carries out described judgement according to the form of user name in the authentication information.
3, method according to claim 1 is characterized in that, described AS generates the OTP password according to the authentication information that obtains and is: AS generates an OTP password at random according to the mobile device number in the user name.
4, method according to claim 1 is characterized in that, described AS comprises the OTP password transmission to user side:
AS sends described OTP password to short message service center, and short message service center is sent to this OTP password on the described mobile device number corresponding mobile device according to the user's mobile device number in the authentication information.
5, according to claim 3 or 4 described methods, it is characterized in that described mobile device is a mobile phone, described mobile device number is a mobile station ISDN number.
CNB031373941A 2003-06-23 2003-06-23 A kind of access authentication method of wireless local area network Expired - Lifetime CN100466567C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031373941A CN100466567C (en) 2003-06-23 2003-06-23 A kind of access authentication method of wireless local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031373941A CN100466567C (en) 2003-06-23 2003-06-23 A kind of access authentication method of wireless local area network

Publications (2)

Publication Number Publication Date
CN1567859A CN1567859A (en) 2005-01-19
CN100466567C true CN100466567C (en) 2009-03-04

Family

ID=34470389

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031373941A Expired - Lifetime CN100466567C (en) 2003-06-23 2003-06-23 A kind of access authentication method of wireless local area network

Country Status (1)

Country Link
CN (1) CN100466567C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893B (en) * 2008-10-06 2010-08-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101711031B (en) * 2009-12-23 2012-07-11 杭州华三通信技术有限公司 A Portal authentication method and access controller in local forwarding
CN102547701A (en) * 2010-12-24 2012-07-04 中国移动通信集团公司 Authentication method and wireless access point as well as authentication server
CN102857517B (en) * 2012-09-29 2015-12-09 华为技术有限公司 Authentication method, Broadband Remote Access Server and certificate server
CN105357242B (en) * 2014-08-22 2019-02-22 中国电信股份有限公司 Access the method and system of WLAN, short message pushes platform, gate system
CN107872445B (en) * 2016-09-28 2021-01-29 华为技术有限公司 Access authentication method, device and authentication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001352324A (en) * 2000-06-07 2001-12-21 Nec Corp One-time password generator, authentication method and recording medium with one-time password generating program recorded therein
CN1399490A (en) * 2002-08-15 2003-02-26 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001352324A (en) * 2000-06-07 2001-12-21 Nec Corp One-time password generator, authentication method and recording medium with one-time password generating program recorded therein
CN1399490A (en) * 2002-08-15 2003-02-26 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network

Also Published As

Publication number Publication date
CN1567859A (en) 2005-01-19

Similar Documents

Publication Publication Date Title
EP3008935B1 (en) Mobile device authentication in heterogeneous communication networks scenario
EP3223549B1 (en) Wireless network access method and access apparatus, client and storage medium
US8176327B2 (en) Authentication protocol
RU2370901C2 (en) Checking contact permissibility and updating reliable contacts of mobile wireless communication devices
CA2656919C (en) Method and system for controlling access to networks
CN102204307B (en) WLAN authentication method based on MAC address and device thereof
US20040162998A1 (en) Service authentication in a communication system
CN107529160B (en) VoWiFi network access method and system, terminal and wireless access point equipment
CN102883320A (en) WiFi (Wireless Fidelity) authentication method and system thereof
DK2924944T3 (en) Presence authentication
WO2010094331A1 (en) Authentication to an identity provider
CN101150594A (en) An integrated access method and system for mobile cellular network and WLAN
CN106203021B (en) A kind of more certification modes are integrated to apply login method and system
RU2010104256A (en) CONFIGURATION OF IP SERVICES IN WIRELESS COMMUNICATIONS NETWORKS
WO2015100615A1 (en) Method and apparatus for processing service packet, and gateway device
CN101662768A (en) Authenticating method and equipment based on user identification module of personal handy phone system
CN108024241A (en) Terminal accessing authentication method, system and authentication server
EP2890170A1 (en) Method and system for barcode and link initiated hotspot auto-login in WLANs
CN101800984A (en) Method and server terminal for obtaining WAPI certification and WAPI authentication system
CN100466567C (en) A kind of access authentication method of wireless local area network
CN111669750B (en) PDU session secondary verification method and device
CN100544251C (en) A kind of method of obtaining disposal password by mobile phone
WO2013163846A1 (en) Mobile equipment authentication method, device and system
EP2466937A1 (en) Method and system for subscriber to log in internet content provider (icp) website in identity/location separation network and login device thereof
WO2006079953A1 (en) Authentication method and device for use in wireless communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221101

Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041

Patentee after: Chengdu Huawei Technologies Co.,Ltd.

Address before: 518057 HUAWEI building, road, Shenzhen science and Technology Park

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20090304