CN107248998A - The authentication method and device of a kind of application client of terminal device - Google Patents
The authentication method and device of a kind of application client of terminal device Download PDFInfo
- Publication number
- CN107248998A CN107248998A CN201710537856.6A CN201710537856A CN107248998A CN 107248998 A CN107248998 A CN 107248998A CN 201710537856 A CN201710537856 A CN 201710537856A CN 107248998 A CN107248998 A CN 107248998A
- Authority
- CN
- China
- Prior art keywords
- app
- clients
- access network
- servers
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004321 preservation Methods 0.000 claims abstract description 11
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 31
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 244000078534 Vaccinium myrtillus Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 2
- 235000003095 Vaccinium corymbosum Nutrition 0.000 description 1
- 235000017537 Vaccinium myrtillus Nutrition 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 235000021014 blueberries Nutrition 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 210000004209 hair Anatomy 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000004549 pulsed laser deposition Methods 0.000 description 1
- 241000894007 species Species 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Many aspects of the present invention provide the authentication method and device of a kind of application client of terminal device, and the URL addresses of APP servers are added in the URL white lists of its preservation by access network equipment;The APP clients that access network equipment receiving terminal apparatus is installed complete the authentication result of the APP clients that terminal device is sent after APP certifications with APP servers;The URL white lists and authentication result that access network equipment is preserved according to it judge whether the APP certifications of APP clients succeed;If the APP certifications success of APP clients, the data for the APP clients that access network equipment is sent to APP server forwarding terminals equipment, to realize that APP clients normally access network;If the APP authentification failures of APP clients, access network equipment abandons the data of APP clients, and APP clients be cannot get online.The authentication method and device of the application client of the terminal device can be avoided the occurrence of effectively causes the problem of APP certifications can not be completed due to that can not be communicated between wireless access network equipment and APP servers.
Description
Technical field
The present embodiments relate to wireless communication field, more particularly to a kind of application client of terminal device is recognized
Demonstrate,prove method and apparatus.
Background technology
Application program (Application, APP) refers to the third party application of smart mobile phone, is referred to as " Mobile solution ",
Also referred to as " cell-phone customer terminal ".App clients (APP Client) refer to the application client on mobile device, App client
The running at end and computer are sent as the simple broadband internet of information, and the information between mobile phone A PP exploitation softwares is pushed, except according to
Outside immediate communication tool, become more dependent on third party and push platform.
With the popularization of the mobile terminal devices such as smart mobile phone and iPad, people gradually get used to using in APP clients
The mode of net, and domestic and international major service providers or electric business at present, have the APP clients of oneself, for example, the App of apple
Store, the Google Play Store of Google, the Ovi store, also blackberry, blueberry user of Nokia BlackBerryApp
World, the Marketplace of Microsoft, " wechat " etc..
APP species in the market is varied, including communication class, game class, amusement class, social class, practical life
Class etc..Wherein game class is most popular, download highest mobile phone A PP applications in the market, next to that social class
APP, the APP of well known social class has wechat, footpath between fields footpath between fields etc..The APP of the 3rd amusement class is come, it can be divided into several again
Class:Song class, player class etc..
With the popularization of intelligent terminal, mobile phone mobile applications (APP) market is expected, and numerous investors pour in
This market, so that APP quantity is in the growth of explosion type, various APP applications start to penetrate into side's aspect of people's life
Face.At the same time, it is a series of such as maliciously deduct fees, expose privacy, carrying mobile phone wooden horse and corpse virus malicious application also with
, these bad illegal APP not only encroach on the legitimate interests of user, have also had a strong impact on China's mobile Internet industry
Develop in a healthy way.
Therefore, terminal device is necessary to carry out APP certifications when using APP, and current existing APP certifications are used
Completion certification is directly accessed by way of http messages between APP Client and APP server (APP Server) backstage.
As shown in figure 1, being a kind of method flow schematic diagram of APP certifications of prior art, main process can be as described below.
Step 11, terminal device access access network equipment.
For example, the gNB of the eNodeB or 5G communication systems of the terminal device access LTE communication system.
Step 12, APP certifications are carried out between the APP clients and APP servers of installing terminal equipment.
For example, when the terminal device uses APP Client for the first time, http access requests are carried out in wireless authentication network,
APP download link and download is provided in the page.
The installing terminal equipment APP is simultaneously registered, and sends registration information to APP servers.
APP servers call RADIUS interfaces to be opened an account using log-on message after receiving the submission information of user's registration,
Generate corresponding username and password information.
APP servers create identical account number and password inside the storehouse of oneself, inform that terminal device can after being successfully established
To be logged in using APP clients.
APP servers need the URL addresses of a public network, and the URL addresses are configured to be fixed on APP Client.APP
Client initiates http certification request to the URL addresses of APP servers, for example, when APP clients learn the letter succeeded in registration
Http access requests are initiated in breath, simulation, the information such as the MAC and IP of terminal device are obtained, while APP client registers user names are close
Code information and the IP got, media intervention control (Media Access Control, MAC) information, are sent to APP services
Device carries out normal APP client certificates.
Step 13, after APP Client certifications are completed, APP servers circulate a notice of authentication result to wireless access network equipment.
Step 14, if certification success, wireless access network equipment sends clearance terminal device the number for obtaining APP clients
According to terminal device can normally surf the Net.
Terminal device is when this is linked to the wireless authentication network again, and APP clients are automatic (if backstage is not turned off process
If) the operation completion certification of the 5th step is carried out, carrying out any operation without user can surf the Net.
It can see from above flow, the APP client certificates of terminal device, be on the one hand the Portal certifications used
Flow, Portal address and the parameter information of client have been got by APP client simulation http requests;On the other hand
Terminal device needs registration using APP for the first time, and the flow registered is equivalent to being opened an account in advance in Radius, by with
On be achieved that APP wireless authentication online.
Present technology is in APP certificate schemes, and after the completion of APP client certificates, APP servers need to recognize APP
The result of card is notified to wireless access network equipment.But it is due to that wireless access network equipment and APP servers may belong to completely not
With network, differ between them surely proper communication, for example.Wireless access network equipment belongs to current LTE communication system, APP
Server, which belongs between LAN, therefore wireless Wireless Access Network equipment and the APP servers, has firewall box, prevents
Communication between them.Or wireless access network equipment provide only local reference address, it is impossible to pass through public network address
Access.
The content of the invention
The many aspects of the present invention provide the authentication method and device of a kind of application client of terminal device, can be with
Effective avoid the occurrence of causes what APP certifications can not be completed due to that can not be communicated between wireless access network equipment and APP servers
Problem.
An aspect of of the present present invention provides a kind of authentication method of the application client of terminal device, including:
The URL addresses of APP servers are added in the URL white lists of its preservation by access network equipment;
The APP clients that the access network equipment receiving terminal apparatus is installed are completed after APP certifications with the APP servers
The authentication result for the APP clients that the terminal device is sent;
The URL white lists and the authentication result that the access network equipment is preserved according to it judge the APP client
Whether the APP certifications at end succeed;
If the APP certifications success of the APP clients, the access network equipment forwards described to the APP servers
The data for the APP clients that terminal device is sent, to realize that the APP clients normally access network;
If the APP authentification failures of the APP clients, the access network equipment abandons the data of the APP clients,
The APP clients be cannot get online.
Alternatively, the access network equipment according to the authentication result judge the APP clients APP certifications whether into
Work(is specifically included:
The access network equipment determines that the authentication result is successfully to include the APP servers with the URL white lists
The two conditions of URL addresses when being satisfied by, judge the APP certifications success of the APP clients;Or
The access network equipment determines that the authentication result is successfully to include the APP servers with the URL white lists
At least one the two conditions of URL addresses when not meeting, judge the APP authentification failures of the APP clients.
Alternatively, the access network equipment receives the APP services that the terminal device or the APP servers are sent
The URL addresses of device.
Alternatively, the access network equipment is with receiving the URL for the APP servers that the APP servers are sent
Location is simultaneously sent to the terminal device.
Alternatively, the authentication mode of the APP certifications includes at least one following:Automated validation, a key certification, user name
Password or short message certification.
Another aspect of the present invention also provides a kind of authentication device of the application client of terminal device, including:
Processor, for the URL addresses of APP servers to be added in the URL white lists of its preservation;
Receiver, the APP clients installed for receiving terminal apparatus and institute after APP servers completion APP certifications
State the authentication result of the APP clients of terminal device transmission;
The processor is additionally operable to judge the APP visitors with the authentication result according to the URL white lists of its preservation
Whether the APP certifications at family end succeed;If the APP certifications success of the APP clients, it is determined that allowing to the APP servers
The data of the APP clients of the terminal device transmission are forwarded, to realize that the APP clients normally access network;Such as
The APP authentification failures of really described APP clients, abandon the data of the APP clients, and the APP clients be cannot get online.
Alternatively, the processor determines that the authentication result is successfully to be serviced with the URL white lists including the APP
When the two conditions of the URL addresses of device are satisfied by, the APP certifications success of the APP clients is judged;Or
The processor determines that the authentication result is successfully to include the URL of the APP servers with the URL white lists
When at least one the two conditions of address are not met, the APP authentification failures of the APP clients are judged.
Alternatively, the receiver is additionally operable to receive the APP clothes that the terminal device or the APP servers are sent
The URL addresses of business device.
Alternatively, the receiver is additionally operable to receive the URL for the APP servers that the APP servers are sent
Address;
The authentication device also includes transmitter, and the APP for sending the reception to the terminal device is serviced
The URL addresses of device.
Alternatively, the authentication mode of the APP certifications includes at least one following:Automated validation, a key certification, user name
Password or short message certification.
The authentication method and device of the application client of the terminal device of foregoing description, can effectively be avoided the occurrence of
Cause the problem of APP certifications can not be completed due to that can not be communicated between wireless access network equipment and APP servers.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of method flow schematic diagram of APP certifications of prior art;
Fig. 2 illustrates for a kind of flow of the authentication method of the application client of terminal device of one embodiment of the invention
Figure;
Fig. 3 shows for a kind of flow of the authentication method of the application client of terminal device of another embodiment of the present invention
It is intended to;
Fig. 4 is a kind of structural representation of communication system of the embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
The techniques described herein may be used in various communication systems, such as 2G, 3G, 4G communication system and next generation communication system
Unite (for example, 5G), such as global mobile communication (Global System forMobile Communication, GSM) system,
CDMA (Code Division MultipleAccess, CDMA) system, time division multiple acess (Time Division
MultipleAccess, TDMA) system, WCDMA (Wideband Code Division Multiple Access,
WCDMA) system, frequency division multiple access (Frequency Division MultipleAccess, FDMA) system, OFDM
(Orthogonal Frequency-Division Multiple Access, OFDMA) system, Single Carrier Frequency Division Multiple Access (SC-FDMA)
System, GPRS (General Packet Radio Service, GPRS) system, Long Term Evolution (Long
Term Evolution, LTE) system, and other such communication systems.Cdma system can realize that such as wireless universal land connects
Enter the radiotechnics such as (Universal Terrestrial Radio Access, UTRA), CDMA2000.UTRA includes width
Band-CDMA (WCDMA) and other CDMA variants.In addition, CDAM2000 covers IS-2000, IS-95 and IS-856 standard.TDMA
System can realize the radiotechnics of global system for mobile communications (GSM) etc..OFDMA system can realize such as evolved universal
Land wireless access (Evolved-UMTS Terrestrial Radio Access, E-UTRA), Ultra-Mobile Broadband (Ultra
Mobile Broadband, UMB), IEEE802.11 (Wi-Fi), IEEE802.16 (WiMAX), IEEE802.20, Flash-
The radiotechnics such as OFDMA.UTRA and E-UTRA are UMTS (Universal Mobile
Telecommunication System, UMTS) a part.3GPP Long Term Evolutions (for example, LTE) are UMTS use E-
UTRA version, it can use OFDMA on the uplink, and can use SC-FDMA on uplink.UTRA、E-UTRA、
UMTS, LTE and GSM are described in the document of " third generation partnership project (3GPP) " tissue.In addition, CDAM2000 and UMB descriptions
In the document of " third generation partnership project 2 (3GPP2) " tissue.
Various aspects are described herein in connection with terminal device and/or access network equipment and/or base station controller.
Terminal device, can be that wireless terminal can also be catv terminal, wireless terminal can refer to provide a user language
The equipment of sound and/or data connectivity, portable equipment with wireless connecting function or is connected to radio modem
Other processing equipments.Wireless terminal can be through wireless access network (Radio Access Network, RAN) and one or more cores
Heart net is communicated, and wireless terminal can be mobile terminal, such as mobile phone (or for " honeycomb " phone) and with it is mobile eventually
The computer at end, for example, it may be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, it
Language and/or data are exchanged with wireless access network.For example, PCS (Personal Communication
Service, PCS) phone, wireless phone, Session initiation Protocol (SIP) phone, WLL (Wireless Local
Loop, WLL) stand, the equipment such as personal digital assistant (Personal Digital Assistant, PDA).Wireless terminal can also
Referred to as system, subscri er unit (Subscriber Unit), subscriber station (Subscriber Station), movement station (Mobile
Station), mobile station (Mobile), distant station (Remote Station), access point (Access Point), remote terminal
(Remote Terminal), access terminal (Access Terminal), user terminal (User Terminal), user agent
(User Agent) or user equipment (User Equipment).
Access network equipment (for example, access point) can refer in access network to set with terminal using air interface or Wireline
The equipment of standby communication.For example, the access network equipment can be used for IP packets mutually being changed the air frame received, as
The remainder of router between wireless terminal and the remainder of access network, wherein access network may include Internet protocol (IP)
Network.Attribute management of the access network equipment also tunable to air interface.For example, the access network equipment can be GSM
Or the base station (Base Transceiver Station, BTS) in CDMA or the base station (NodeB) in WCDMA, also
Can be the evolved base station (evolved Node B) in LTE, the base station of passable new access net system, the application is not
Limit.Wherein, the new access net system is properly termed as next generation communication system or 5G communication systems, and the access network equipment can
Think gNB, wherein, the gNB can use CU-DU frameworks, i.e., described gNB includes centralized unit (Centralized
Unit, CU) and distributed unit (Distributed Unit, DU), higher-layer protocols function that the processing of CU equipment is wireless, for example without
Line resources control (Radio Resource Control, RRC) layer, PDCP (Packet Data
Convergence Protocol, PDCP) layer etc., or even also can support section core net function sink down into access network, term
Referred to as edge calculations network.DU equipment mainly handles physical layer function and the higher function of layer 2 of real-time demand.
Base station controller, can be base station controller (BSC, the base station in GSM or CDMA
Controller the radio network controller (RNC, Radio Network Controller)) or in WCDMA, this
Application is not limited.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, represents there may be three kinds of passes
System, for example, A and/or B, can be represented:Individualism A, while there is A and B, these three situations of individualism B.In addition, herein
Middle character "/", it is a kind of relation of "or" to typically represent forward-backward correlation object.In addition, the terms " system " and " network "
Often it is used interchangeably herein.
As shown in Fig. 2 being a kind of authentication method of the application client of terminal device of one embodiment of the invention
Schematic flow sheet.
Step 21, access network equipment is by the uniform resource locator (Uniform of application program (APP) server
Resoure Locator, url) address be added to its preservation URL white lists in.
For example, the access network equipment receives the APP servers that the terminal device or the APP servers are sent
The URL addresses.
In another embodiment of the invention, the access network equipment receives the APP clothes that the APP servers are sent
The URL addresses of business device are simultaneously sent to the terminal device, will be described during the terminal device access access network equipment
The URL addresses of APP servers are sent to the access network equipment.
The access network equipment is received behind the URL addresses of the APP servers, by described in the APP servers
URL addresses are added in the URL white lists of its preservation.
White list represents the list for allowing to pass through, such as address, mark or business etc..
Step 22, the access network equipment receives APP clients and set with terminal after APP servers completion APP certifications
The authentication result for the APP clients that preparation is sent.
For example, authentication result includes the result of the APP clients and the APP server authentications success or failure.
Step 23, the URL white lists and the authentication result that the access network equipment is preserved according to it judge the APP visitors
Whether the APP certifications at family end succeed.
For example, the access network equipment determines that the authentication result is successfully to be taken with the URL white lists including the APP
When the two conditions of URL addresses of business device are satisfied by, the APP certifications success of the APP clients is judged.
In another embodiment of the invention, the access network equipment determine the authentication result be successfully with the URL
When white list is not met including at least one the two conditions of the URL addresses of the APP servers, the APP clients are judged
APP authentification failures.
Step 24, if the APP certifications success of the APP clients, the access network equipment forwards the terminal device
The data of the APP clients sent are to the APP servers, to realize that the APP clients normally access network.
Step 25, if the APP authentification failures of the APP clients, the access network equipment abandons the APP clients
Data, the APP clients cannot get online.
In the present embodiment, circulate a notice of the certification knot between APP clients and APP servers from terminal device to access network equipment
Really, APP certifications can not be complete caused by can effectively avoiding the occurrence of due to that can not be communicated between access network equipment and APP servers
Into the problem of.
As shown in figure 3, the authentication method of the application client for a kind of terminal device of another embodiment of the present invention
Schematic flow sheet.
Step 31, terminal device access access network equipment.
For example, the gNB of the eNodeB or 5G communication systems of the terminal device access LTE communication system.
Step 32, APP certifications are carried out between the APP clients and APP servers of installing terminal equipment.
The authentication mode of the APP certifications includes at least one following:Automated validation, a key certification, user name password or
Short message certification.
For example, when the terminal device uses APP Client for the first time, http access requests are carried out in wireless authentication network,
APP download link and download is provided in the page.
Installing terminal equipment APP is simultaneously registered, and sends registration information to APP servers.
APP servers call RADIUS interfaces to be opened an account using log-on message after receiving the submission information of user's registration,
Generate corresponding username and password information.
APP servers create identical account number and password inside the storehouse of oneself, inform that terminal device can after being successfully established
To be logged in using APP clients.
APP servers need the URL addresses of a public network, and the URL addresses are configured to be fixed on APP Client.APP
Client initiates http certification request to the URL addresses of APP servers, for example, when APP clients learn the letter succeeded in registration
Http access requests are initiated in breath, simulation, the information such as the MAC and IP of terminal device are obtained, while APP client registers user names are close
Code information and the IP got, media intervention control (Media Access Control, MAC) information, are sent to APP services
Device carries out normal APP client certificates.
The APP clients are completed after certification with APP servers, and the authentication result is sent to by the APP servers
The terminal device.
Step 33, the terminal device sends the authentication result to the access network equipment.
When the terminal device is to the access network equipment transmission authentication result, also sent to the access network equipment
MAC, IP, the MAC of the access network equipment, access service set identifier (the Service Set of the terminal device
Identifier, SSID), the information such as online duration.
In another embodiment of the invention, the terminal device also by the URL addresses obtained from the APP servers to
The access network equipment is sent.
Step 34, the access network equipment is according to judging the URL white lists and the authentication result that it is preserved
Whether the APP certifications of APP clients succeed.
For example, the access network equipment determines that the authentication result is successfully and the URL white lists take including the APP
During the URL addresses of business device, the APP certifications success of the APP clients is judged.
The access network equipment determines that the authentication result is successfully to include the APP servers with the URL white lists
At least one the two conditions of URL addresses when not meeting, judge the APP authentification failures of the APP clients.
Step 35, the access network equipment sends APP authentication result confirmations to the terminal device.
If the APP certifications success of the APP clients, the access network equipment forwards described to the APP servers
The data for the APP clients that terminal device is sent, to realize that the APP clients normally access network.
If the APP authentification failures of the APP clients, the access network equipment abandons the data of the APP clients,
The APP clients be cannot get online, and the APP clients also need to re-start certification.
Step 36, when the access network equipment determines the APP certifications success of the APP clients, the APP clients
It is normal to access network.
The authentication method of the application client of the terminal device of above-described embodiment description, can effectively be avoided the occurrence of
The problem of APP certifications can not be completed caused by due to that can not be communicated between access network equipment and APP servers.
As shown in figure 4, a kind of structural representation of communication system for the embodiment of the present invention, the communication system can be
2G, 3G, 4G and new access network (for example, 5G communication systems), the communication system include terminal device 41, the and of authentication device 42
APP servers 43.
The authentication device 42 can be a part for access network equipment or be the access network equipment, the access network
Equipment can be 2G communication systems (such as gsm communication system) base station or 3G communication systems (for example, WCDMA is logical
Letter system) base station or 4G communication systems (for example, LTE communication system) eNB, or 5G communication systems gNB.
The authentication device 42 includes receiver (receiver) 421, processor (processor) 422, transmitter
(transmitter) 423, memory (memory) 424 and bus 425;Wherein, the receiver 421, the processor 422,
The transmitter 423 and the memory 424 complete mutual communication by the bus 425.
In embodiments of the present invention, the processor 422 can be CPU (Central Processing
Unit, CPU), the processor 422 can also be other general processors, digital signal processor (Digital Signal
Processing, DSP), it is application specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable GateArray, FPGA) or other PLDs, discrete
Door or transistor logic, discrete hardware components etc..General processor can be that microprocessor or the processor also may be used
To be any conventional processor, such as single-chip microcomputer.
The memory 424 is used for store program codes or instruction, and described program code includes computer-managed instruction, institute
State program code or instruction that processor 422 is used to perform the memory storage.The memory 424 may be comprising at a high speed
RAM memory, it is also possible to which, also including nonvolatile memory (non-volatile memory), for example, at least one disk is deposited
Reservoir.
Bus 425 can be that industry standard architecture (Industry Standard Architecture, ISA) is total
Line, Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or extension industrial standard
Structure (Extended Industry Standard Architecture, EISA) bus etc..The bus 425 can be divided into ground
Location bus, data/address bus, controlling bus etc..For ease of representing, only represented in figure with a thick line, it is not intended that only one
Bus or a type of bus.
The processor 422, the URL white lists for the URL addresses of the APP servers 43 to be added to its preservation
In.
The receiver 421, the APP clients installed for receiving terminal apparatus 41 are completed with the APP servers 43
The authentication result for the APP clients 43 that the terminal device 41 is sent after APP certifications.
The processor 422 is additionally operable to judge the APP with the authentication result according to the URL white lists of its preservation
Whether the APP certifications of client succeed;If the APP certifications success of the APP clients, it is determined that allowing to service to the APP
Device 43 forwards the data of the APP clients of the transmission of terminal device 41, to realize that the APP clients normally access net
Network;If the APP authentification failures of the APP clients, abandon the data of the APP clients, the APP clients can not on
Net.
Alternatively, the processor 422 determines that the authentication result is successfully to include the APP with the URL white lists
When the two conditions of the URL addresses of server 43 are satisfied by, the APP certifications success of the APP clients is judged.
In another embodiment of the invention, the processor 422 determines that the authentication result is successfully white with the URL
When list is not met including at least one the two conditions of the URL addresses of the APP servers, the APP clients are judged
APP authentification failures.
In another embodiment of the invention, the receiver 421 is additionally operable to receive the terminal device 41 or the APP
The URL addresses for the APP servers 43 that server 43 is sent.
In another embodiment of the invention, the receiver 421 is additionally operable to receive the institute that the APP servers 43 are sent
State the URL addresses of APP servers 43.
In another embodiment of the invention, the transmitter 423, for sending the reception to the terminal device 41
The APP servers 43 the URL addresses.
In another embodiment of the invention, the authentication mode of the APP certifications includes at least one following:Automatically recognize
Card, a key certification, user name password or short message certification.
In another embodiment of the invention, the receiver 421 receives the certification knot that the terminal device is sent
During fruit, also receive the MAC of the terminal device 41 that the terminal device 41 is sent, IP, the MAC of the access network equipment 42,
Access the information such as SSID, online duration.
Device embodiment described above is only schematical, wherein the unit illustrated as separating component can
To be or may not be physically separate, the part shown as unit can be or may not be physics list
Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs
In some or all of module realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creativeness
Work in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Understood based on such, on
The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should
Computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers
Order is to cause a computer equipment (can be personal computer, server, or network equipment etc.) to perform each implementation
Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (10)
1. a kind of authentication method of the application client of terminal device, it is characterised in that including:
The uniform resource locator URL addresses of application APP server are added to the white names of URL of its preservation by access network equipment
Dan Zhong;
The APP clients that the access network equipment receiving terminal apparatus is installed complete described after APP certifications with the APP servers
The authentication result for the APP clients that terminal device is sent;
The URL white lists and the authentication result that the access network equipment is preserved according to it judge the APP clients
Whether APP certifications succeed;
If the APP certifications success of the APP clients, the access network equipment forwards the terminal to the APP servers
The data for the APP clients that equipment is sent, to realize that the APP clients normally access network;
If the APP authentification failures of the APP clients, the access network equipment abandons the data of the APP clients, described
APP clients be cannot get online.
2. the method as described in claim 1, it is characterised in that the access network equipment is according to judging the authentication result
Whether the APP certifications of APP clients successfully specifically include:
The access network equipment determines that the authentication result is successfully to include the URL of the APP servers with the URL white lists
When the two conditions of address are satisfied by, the APP certifications success of the APP clients is judged;Or
The access network equipment determines that the authentication result is successfully to include the URL of the APP servers with the URL white lists
When at least one the two conditions of address are not met, the APP authentification failures of the APP clients are judged.
3. the method as described in claim 1, it is characterised in that methods described also includes:
The access network equipment receives the URL for the APP servers that the terminal device or the APP servers are sent
Address.
4. the method as described in claim 1, it is characterised in that methods described also includes:
The access network equipment receives the URL addresses for the APP servers that the APP servers are sent and to the end
End equipment is sent.
5. the method as described in claim 1-4 any one, it is characterised in that the authentication mode of the APP certifications is included such as
It is at least one lower:Automated validation, a key certification, user name password or short message certification.
6. a kind of authentication device of the application client of terminal device, it is characterised in that including:
Processor, the URL for the uniform resource locator URL addresses of application APP server to be added to its preservation is white
In list;
Receiver, the APP clients installed for receiving terminal apparatus and the end after APP servers completion APP certifications
The authentication result for the APP clients that end equipment is sent;
The processor is additionally operable to judge the APP clients with the authentication result according to the URL white lists of its preservation
APP certifications whether succeed;If the APP certifications success of the APP clients, it is determined that allowing to forward to the APP servers
The data for the APP clients that the terminal device is sent, to realize that the APP clients normally access network;If institute
The APP authentification failures of APP clients are stated, the data of the APP clients are abandoned, the APP clients be cannot get online.
7. device as claimed in claim 6, it is characterised in that
The processor determines that the authentication result is successfully to include the URL addresses of the APP servers with the URL white lists
When the two conditions are satisfied by, the APP certifications success of the APP clients is judged;Or
The processor determines that the authentication result is successfully to include the URL addresses of the APP servers with the URL white lists
When at least one the two conditions are not met, the APP authentification failures of the APP clients are judged.
8. device as claimed in claim 6, it is characterised in that the receiver is additionally operable to receive the terminal device or described
The URL addresses for the APP servers that APP servers are sent.
9. device as claimed in claim 6, it is characterised in that the receiver is additionally operable to receive the APP servers transmission
The APP servers the URL addresses;
The authentication device also includes transmitter, for the APP servers to the terminal device transmission reception
The URL addresses.
10. the device as described in claim 6-9 any one, it is characterised in that the authentication mode of the APP certifications is included such as
It is at least one lower:Automated validation, a key certification, user name password or short message certification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537856.6A CN107248998A (en) | 2017-07-04 | 2017-07-04 | The authentication method and device of a kind of application client of terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537856.6A CN107248998A (en) | 2017-07-04 | 2017-07-04 | The authentication method and device of a kind of application client of terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107248998A true CN107248998A (en) | 2017-10-13 |
Family
ID=60013839
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710537856.6A Pending CN107248998A (en) | 2017-07-04 | 2017-07-04 | The authentication method and device of a kind of application client of terminal device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107248998A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050207378A1 (en) * | 2004-03-18 | 2005-09-22 | Nec Corporation | Public wireless LAN connection servicing device and method |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
| CN104158808A (en) * | 2014-08-19 | 2014-11-19 | 杭州华三通信技术有限公司 | Portal authentication method based on APP application and device |
| CN104917775A (en) * | 2015-06-17 | 2015-09-16 | 北京汇为永兴科技有限公司 | Internet access method |
| CN105813078A (en) * | 2016-05-05 | 2016-07-27 | 杭州树熊网络有限公司 | Network authentication method, device and system and AP (ACCESS POINT) with authentication function |
| CN105871853A (en) * | 2016-04-11 | 2016-08-17 | 上海斐讯数据通信技术有限公司 | Portal authenticating method and system |
-
2017
- 2017-07-04 CN CN201710537856.6A patent/CN107248998A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050207378A1 (en) * | 2004-03-18 | 2005-09-22 | Nec Corporation | Public wireless LAN connection servicing device and method |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
| CN104158808A (en) * | 2014-08-19 | 2014-11-19 | 杭州华三通信技术有限公司 | Portal authentication method based on APP application and device |
| CN104917775A (en) * | 2015-06-17 | 2015-09-16 | 北京汇为永兴科技有限公司 | Internet access method |
| CN105871853A (en) * | 2016-04-11 | 2016-08-17 | 上海斐讯数据通信技术有限公司 | Portal authenticating method and system |
| CN105813078A (en) * | 2016-05-05 | 2016-07-27 | 杭州树熊网络有限公司 | Network authentication method, device and system and AP (ACCESS POINT) with authentication function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104158808B (en) | Portal authentication method and its device based on APP applications | |
| CN107294992A (en) | The authentication method and device of a kind of application client of terminal device | |
| US11950321B2 (en) | Methods and systems of using remote subscriber identification modules at a device | |
| EP3576379B1 (en) | Service layer interworking using mqtt protocol | |
| EP3496439B1 (en) | Method and device for preventing signaling attack | |
| CN110830925B (en) | Session management method and device for user group | |
| CN101702717B (en) | Method, system and equipment for authenticating Portal | |
| CN101491005A (en) | Method and apparatus for policy enforcement in a wireless communication system | |
| CN106487788B (en) | A kind of user access method, SDN controller, forwarding device and subscriber access system | |
| WO2013003564A1 (en) | Managing data mobility policies | |
| CN101237466A (en) | Method, device and system for network configuration of terminal | |
| WO2021244356A1 (en) | Data transmission method and apparatus | |
| CA2543300A1 (en) | On demand session provisioning of ip flows | |
| CN105939519A (en) | Authentication method and device | |
| CN106162640A (en) | A kind of portal authentication method and system | |
| US9923844B1 (en) | Conveying instant messages via HTTP | |
| CN113271299B (en) | Login method and server | |
| CN103905408A (en) | Information acquisition method and equipment | |
| CN103974456B (en) | Communication system and method | |
| CN108184008A (en) | A kind of terminal Communication Performance Evaluation method and apparatus | |
| US9207953B1 (en) | Method and apparatus for managing a proxy autoconfiguration in SSL VPN | |
| CN112469028A (en) | Method for processing remote number changing by subscriber identification module | |
| CN103619032B (en) | Wireless routing device optimization method and device | |
| CN110166518B (en) | Session information transmission method, device, storage medium and electronic device | |
| CN107248998A (en) | The authentication method and device of a kind of application client of terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201104 Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant before: Phicomm (Shanghai) Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171013 |
|
| RJ01 | Rejection of invention patent application after publication |