WO2012094841A1 - 网络接入方法、装置及系统 - Google Patents

网络接入方法、装置及系统 Download PDF

Info

Publication number
WO2012094841A1
WO2012094841A1 PCT/CN2011/071238 CN2011071238W WO2012094841A1 WO 2012094841 A1 WO2012094841 A1 WO 2012094841A1 CN 2011071238 W CN2011071238 W CN 2011071238W WO 2012094841 A1 WO2012094841 A1 WO 2012094841A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
network side
access
user
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2011/071238
Other languages
English (en)
French (fr)
Inventor
岳晓贫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to EP11855353.6A priority Critical patent/EP2665302B1/en
Priority to US13/977,746 priority patent/US9154950B2/en
Publication of WO2012094841A1 publication Critical patent/WO2012094841A1/zh
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Definitions

  • the present invention relates to the field of communications, and in particular to a network access method, apparatus, and system.
  • a WLAN network has the characteristics of mobility and high bandwidth, and can meet the high-speed access requirements of users under limited mobility.
  • the breadth and depth of WLAN hotspot coverage is a strategic resource for competitors. It can not only enrich the means for users to access the network, but also enhance China Telecom's network access based on users. Differentiated service capabilities.
  • China Telecom is vigorously promoting the deployment of WLAN hotspots, and at the same time combining WLAN networks with CDMA networks to provide broadband wireless access services for users.
  • the existing WLAN authentication method includes establishing a WLAN file in a smart card, storing a WLAN account, and when the client initiates a WLAN connection, sending an AT command to the data card, instructing it to read the WLAN account stored in the smart card; for a multi-user WLAN
  • the access user equipment is provided with a SIM card interface; the authentication module is configured to determine whether an access user name is stored in the storage module, and if not, issue an authorization request to the WLAN authentication server through the established secure data connection.
  • the WLAN authentication of the user equipment uses the account in the SIM card or the USB KEY for authentication.
  • the main purpose of the present invention is to provide a network access method, Devices and systems to solve the above problems.
  • a network access method is provided.
  • the network access method includes: the network side determines that the first user equipment requests to use the account of the second user equipment for access; the network side determines that the account authentication of the second user equipment is successful; and the network side determines that the second user equipment belongs to The user allows the first user equipment to access the network side using the account of the second user equipment; the network side performs access of the first user equipment.
  • the network side determines that the user to which the second user equipment belongs to allow the first user equipment to access the network side using the account of the second user equipment, where: the network side acquires the MAC address and/or the SIM number of the first user equipment; The user to which the second user equipment belongs sends a MAC address and/or a SIM number; the network side receives the access permission information from the second user equipment, where the access permission information is used to indicate that the user to which the second user equipment belongs allows the first user The device accesses the network side by using the account of the second user equipment. The network side determines, according to the access permission message, that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment.
  • the network side determines that the user to which the second user equipment belongs to allow the first user equipment to access the network side using the account of the second user equipment, where: the network side acquires the MAC address and/or the SIM number of the first user equipment; The user to which the third user equipment belongs sends a MAC address and/or a SIM number, where the third user equipment is used by the user to which the second user equipment belongs to authenticate other users than the second user equipment and the third user equipment.
  • the device accesses the user equipment on the network side by using the account of the second user equipment; the network side receives the access permission information from the third user equipment, where the access permission information is used to indicate that the user to which the second user equipment belongs allows the first user.
  • the device accesses the network side by using the account of the second user equipment.
  • the network side determines, according to the access permission message, that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment.
  • the network side uses the short message mode or the voice prompt information to pass the WLAN or
  • the TD-SCDMA network or the EDG network sends the MAC address and/or the SIM number; the network side receives the access permission information by means of short message or voice prompt information.
  • the method further includes: the network side accessing the access of the first user equipment by using a short message mode or a voice prompt information manner through a WLAN or a TD-SCDMA network or an EDG network, Notify all user devices that use the account of the second user device.
  • the method further includes: determining, by the network side, that the second user equipment is not enabled by the WLAN; and configuring, by the network side, the first user equipment to perform data transmission independently.
  • the method further includes at least one of the following: the network side and the first user equipment perform data transmission according to the transmission control protocol TCP; the first user equipment and the second user equipment Data transmission according to UDP; the first user equipment and the third user equipment perform data transmission according to UDP, wherein the third user equipment is a user that is allowed by the user to which the second user equipment belongs, and uses the account of the second user equipment to access the user on the network side. device.
  • the network side determines that the account authentication of the second user equipment is successful, and the network side determines that the account of the second user equipment is successfully authenticated by the WLAN access device by using a short message mode or a voice prompt information manner; Or the voice prompt information mode determines that the account of the second user equipment is successfully authenticated at the provincial AS; the network side determines whether the account of the second user equipment is successfully authenticated at the national level by using the short message mode or the voice prompt information.
  • a network access apparatus is provided, which is applied to a network side.
  • the network access device includes: a first determining module, configured to determine that the first user equipment requests access by using an account of the second user equipment; and a second determining module, configured to determine that the account authentication of the second user equipment is successful And a third determining module, configured to determine that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment; and the access module is configured to perform access by the first user equipment.
  • a network access system is provided.
  • the network access system includes a first user equipment, a second user equipment, and a network side, where the network side includes: a first determining module, configured to determine that the first user equipment requests to use an account of the second user equipment for accessing a second determining module, configured to determine that the account authentication of the second user equipment is successful; the third determining module is configured to determine that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment; An access module, configured to perform access of the first user equipment.
  • the access of the other user is performed only when the primary user allows the other user to access the network using the account, thereby ensuring the security of the primary user.
  • FIG. 1 is a flowchart of a network access method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a WLAN authentication and transmission process according to an embodiment of the present invention
  • FIG. 3 is a flowchart according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a WLAN slave user authentication process according to an embodiment of the present invention
  • FIG. 5 is a structural block diagram of a network access device according to an embodiment of the present invention
  • FIG. 7 is a structural block diagram of a network access system according to an embodiment of the present invention.
  • FIG. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
  • Step S104 The network side determines that the account authentication of the second user equipment is successful.
  • Step S106 The network side determines that the user to which the second user equipment belongs allows the first user equipment to access the network side by using the account of the second user equipment.
  • Step S108 The network side performs access of the first user equipment.
  • the network side determines that the user to which the second user equipment belongs to allow the first user equipment to access the network side using the account of the second user equipment, where: the network side acquires the MAC address and/or the SIM number of the first user equipment; The user to which the second user equipment belongs sends a MAC address and/or a SIM number; the network side receives the access permission information from the second user equipment, where the access permission information is used to indicate that the user to which the second user equipment belongs allows the first user The device accesses the network side by using the account of the second user equipment.
  • the network side determines, according to the access permission message, that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment.
  • the network side determines that the user to which the second user equipment belongs to allow the first user equipment to access the network side using the account of the second user equipment, where: the network side acquires the MAC address and/or the SIM number of the first user equipment;
  • the user to which the third user equipment belongs sends a MAC address and/or a SIM number, where the third user equipment is used by the user to which the second user equipment belongs to authenticate other users than the second user equipment and the third user equipment.
  • the device accesses the user equipment on the network side by using the account of the second user equipment; the network side receives the access permission information from the third user equipment, where the access permission information is used to indicate that the user to which the second user equipment belongs allows the first user.
  • the device accesses the network side by using the account of the second user equipment.
  • the network side determines, according to the access permission message, that the user that the second user equipment belongs to allows the first user equipment to access the network side by using the account of the second user equipment.
  • the network side uses the short message mode or the voice prompt information to pass the WLAN or
  • the TD-SCDMA network or the EDG network sends the MAC address and/or the SIM number; the network side receives the access permission information by means of short message or voice prompt information.
  • the method further includes: the network side accessing the access of the first user equipment by using a short message mode or a voice prompt information manner through a WLAN or a TD-SCDMA network or an EDG network, Notify all user devices that use the account of the second user device.
  • the method further includes: determining, by the network side, that the second user equipment is not enabled by the WLAN; and configuring, by the network side, the first user equipment to perform data transmission independently.
  • the method further includes at least one of the following: the network side and the first user equipment perform data transmission according to the TCP (ie, an external data transmission manner); the first user equipment and the first user equipment
  • the second user equipment performs data transmission according to UDP (ie, internal data transmission mode); the first user equipment and the third user equipment perform data transmission according to UDP, wherein the third user equipment is allowed by the user to which the second user equipment belongs,
  • the account of the second user equipment accesses the user equipment on the network side.
  • the external data transmission allows all users who pass the authentication to transmit through the TCP mode, and the data traffic and the charging of all the shared users are uniformly calculated by using the primary user account, and if the user sharing the account is in the roaming state, Then, the user charges according to roaming; in the above internal data transmission mode, all shared users internal data transmission adopts UDP transmission mode, UDP is not a link type protocol, resource consumption is small, and data processing speed is fast. The internal data traffic is informed by the network to the primary user. If the internal data transmission is free, the internal data traffic statistics are not necessary.
  • the network side determines that the account authentication of the second user equipment is successful, and the network side determines that the account of the second user equipment is successfully authenticated by the WLAN access device by using a short message mode or a voice prompt information manner; Or the voice prompt information mode determines that the account of the second user equipment is successfully authenticated at the provincial AS; the network side determines whether the account of the second user equipment is successfully authenticated at the national level by using the short message mode or the voice prompt information.
  • the implementation process of the embodiment of the present invention will be described in detail below with reference to examples. 2 is a flowchart of a WLAN authentication and transmission process according to an embodiment of the present invention. As shown in FIG.
  • Step S201 the primary user turns on the WLAN function, and prepares to initiate active authentication or passively accept authentication.
  • Server authentication the primary user authentication process begins, and the primary user authentication mainly includes an encryption information confirmation process between the WLAN access point, the provincial AS, and the national AS, and also includes a monitoring and auditing process of the provincial and national certificate management centers.
  • the specific authentication process is as shown in Figure 3.
  • Step S203 From the authentication process, the authentication is completed by the primary user, and the security reminder and protection function used by the primary user account are mainly completed, and the specific authentication process is as shown in FIG. 4 .
  • Step S204 Data transmission, after the primary user and the secondary user are successfully authenticated, all shared users can access the external network through the WLAN account, and all shared users can perform internal data transmission through the WLAN network.
  • FIG. 3 is a flowchart of a WLAN primary user authentication process according to an embodiment of the present invention. As shown in FIG. 3, the method includes the following steps: Step S301 to Step 4: S301: Step S301, the primary user equipment initiates authentication, and the primary user may also Passively receive authentication from the authentication server. The primary user initiates an authentication request to the WLAN access point through voice prompt information or SMS. The primary user's dial-up authentication supports cardless dial-up authentication. When the user device has no card, the user can register by calling the WLAN access point.
  • Step S302 The authentication between the user equipment and the WLAN access device, and the user equipment and the WLAN access device are authenticated by voice prompt information or short message mode.
  • Step S303 The authentication between the WLAN access device and the provincial AS, and the WLAN access device and the provincial AS are authenticated by voice prompt information or short message mode.
  • step S304 the authentication between the provincial AS and the national AS is performed, and the authentication between the provincial AS and the national AS is authenticated by voice prompt information or short message.
  • FIG. 4 is a flowchart of a WLAN slave user authentication process according to an embodiment of the present invention. As shown in FIG. 4, the method includes the following steps S401 to S404: Step S401: Initiating authentication from a user equipment, and the user may passively receive the primary user.
  • the authentication request is initiated by the user to the primary user through the voice prompt information or the short message; wherein, when an unknown user accesses the network using the primary user's account, the network side will access the MAC address of the user equipment by using the short message or the voice prompt information. Or the SIM card number is fed back to the primary user, and the primary user completes the access permission or rejection operation of the access user equipment.
  • the data encryption mode between the user and the primary user is confirmed. In the process of confirming the data encryption mode from the user, if the primary user does not enable the WLAN function, the primary user is passed through the TD or EDG network.
  • Step S403 After the authentication process between the user and the primary user is obtained from the authentication of the user, after the primary user does not enable the WLAN function, the secondary user can independently access the external network; after the user passes the primary user authentication, The primary user can be authorized to authenticate the right from the user, that is, when the new user wants to share the account, the secondary user who is granted the authentication right can also perform the access permission operation for the new user.
  • Step S404 sharing data transmission. After the primary user and the secondary user are successfully authenticated, all shared users can simultaneously access the external network by using TCP data, and the shared internal user uses the UDP data transmission mode.
  • the network access method of the embodiment of the present invention is further described below.
  • the main authentication link disconnection process including encryption authentication, provincial certificate authentication, national certificate authentication, national roaming certification, etc.; from the authentication process, including the main authentication review, ⁇ ⁇ authorization and other processes.
  • the primary authentication system includes an authentication encryption system and a certificate management system.
  • the authentication encryption system is composed of a user equipment, a WLAN access device, and an authentication server (AS);
  • the certificate management system includes a national certificate management center and a provincial registration audit center, and is responsible for the certificate.
  • the issuance and management include: The primary user uses the dial-up or short-interest mode to confirm the encryption mode with the WLAN access device, and the WLAN access device transmits the dial-up or short message information to the provincial AS, and the provincial AS transmits the dial-up or short message information.
  • the national AS creates an information document library for the user, and the national AS establishes a user-defined key with the user equipment through an encrypted voice call or short message channel, and the key can be used by the user to retrieve the password;
  • the national certificate management center After the primary user establishes the key, the provincial certificate management center automatically performs security audit on the voice prompt information or short message information of the primary user. After the national certificate management center finishes the examination, it is submitted to the national certificate management center, and the national certificate management center audits.
  • the certificate management system for the authentication server (AS) AS issuing device certificate, a device certificate issued for the WLAN WLAN access device, the user device certificate issued for the user equipment, the user equipment
  • the certificate of the WLAN access device is mutually authenticated by the AS, and the primary user equipment accesses the network through the WLAN access device, and implements data encryption on the air interface.
  • the user encrypts and authenticates the link and disconnection process from the user by dialing or short message mode, and the encryption mode confirmation and authentication process between the primary user and the secondary user supports the primary user to initiate and initiate the user.
  • the encryption method between the user and the primary user is the same as that between the primary user and the WLAN access point.
  • the primary user authentication does not need to be reported to the upper authentication system after the user completes the authentication. All the shared users display the upper authentication system. Uniform encryption mode and authentication account; When the user attempts to access the WLAN network through the primary user account, the AP closest to the current user automatically searches for the MAC address of the secondary user or the SIM card number of the user device, with SMS or voice prompt information. The form notifies the primary user via a WLAN network or a non-WLAN network. The primary user allows or denies access to the secondary user according to the short message or voice prompt information. After the primary user ⁇ is authorized to allow the new user to use the account to access the WLAN network, the network side will notify all users sharing the account through the WLAN network or the non-WLAN network in the form of short messages or voice prompts.
  • FIG. 5 is a structural block diagram of a network access apparatus according to an embodiment of the present invention, including a first determining module 52, a second determining module 54, a third determining module 56, and an access module 58. The structure is described in detail below.
  • the first determining module 52 is configured to determine that the first user equipment requests to use the account of the second user equipment for access; the second determining module 54 is configured to determine that the account authentication of the second user equipment is successful; The accessing module 58 is configured to perform access of the first user equipment by using the account of the second user equipment to access the network side.
  • FIG. 6 is a structural block diagram of a network access apparatus according to a preferred embodiment of the present invention. As shown in FIG. 6, the method includes: a WLAN unit 62, an authentication unit 64, and a link unit 66. The structure is described in detail below.
  • the WLAN unit 62 is used for basic function operations such as opening and closing of the WLAN function, searching, linking, setting, and arranging the access point. It is also used for information interaction with the authentication unit 64, and timely feedback of the authentication information.
  • the authentication unit 64 is used for system encryption authentication and management certificate authentication, and the management certificate authentication includes a certificate authentication process such as a national management certificate authentication, a national management certificate authentication, and a national roaming; and is also used for information interaction with the linking unit 66, Link unit 66 provides a link authority credential.
  • the authentication unit 64 includes a primary user authentication unit and a secondary user authentication unit, and the primary user authentication unit completes the receipt of the certificate issued by the certificate management system for the user equipment, and provides the certificate of the user equipment and the WLAN access device through mutual authentication by the AS;
  • the authentication for users sharing the same account is mainly used when the other user attempts to use the account of the primary user to access the WLAN network.
  • the network side notifies the primary user in time to complete the security reminder and protection function for the primary user account.
  • the linking unit 66 is configured to receive the authentication result information of the authentication unit 64, and then give the link permission permission of the corresponding user according to the authentication result.
  • the linking unit 66 is used for controlling the permissions of the browser, including the configuration of the primary user and the secondary user and the configuration and monitoring of the linking process.
  • FIG. 7 is a structural block diagram of a network access system according to an embodiment of the present invention. As shown in FIG. 7, the system includes a first user equipment 72, a second user equipment 74, and a network side 76, wherein the network side 76 includes a first determination.
  • the module 762, the second determining module 764, the third determining module 766 and the access module 768 The structure is described in detail below.
  • the first determining module 762 is configured to determine that the first user equipment 72 requests to use the account of the second user equipment 74 for access; and the second determining module 764 is configured to determine the account of the second user equipment 74.
  • the third module 766 is configured to determine that the user to which the second user equipment 74 belongs allows the first user equipment 72 to access the network side using the account of the second user equipment 74.
  • the access module 768 is configured to perform the first user. Access to device 72.
  • the network access system described in the device embodiment corresponds to the foregoing method embodiment, and the specific implementation process has been described in detail in the method embodiment, and is not described herein.
  • a network access method, apparatus and system are provided. With the present invention, access by the other user is performed only when the primary user allows the other user to access the network using the account, thereby ensuring the security of the primary user.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Description

网络接入方法、 装置及系统 技术领域 本发明涉及通信领域, 具体而言, 涉及一种网络接入方法、 装置及系统。 背景技术 WLAN网络具备移动性、 高宽带特点, 可满足用户有限移动下的高速接 入需求。 在中国电信全业务运营下, WLAN热点覆盖的广度、 深度是一种相 对竟争对手的战略性资源, 既可以丰富用户接入网络的手段, 又可以增强中 国电信为用户提供基于网络接入的差异化服务能力。 目前中国电信正在大力推进 WLAN热点部署, 同时将 WLAN网络与 CDMA网络结合, 为用户提供宽带无线接入业务。 随着 WLAN网络和业务 规模的不断扩大, 以及 WLAN用户设备的不断丰富, 网络和信息安全认证 成为必须考虑和解决的问题。 现有 WLAN认证的方法包括在智能卡中建立 WLAN文件,存储 WLAN 账号, 当客户端发起 WLAN连接时, 向数据卡发送 AT命令, 指示其读取所 述智能卡中存储的 WLAN账号;对于多用户 WLAN接入用户设备设置有 SIM 卡接口; 认证模块, 用于判断存储模块中是否存储有接入用户名, 若否, 则 通过建立的安全数据连接向 WLAN认证服务器发出授权请求。 相关技术中, 用户设备的 WLAN认证多釆用的是 SIM卡或 USB KEY 中的账号进行认证, 当其它用户使用主用户的账号接入网络时, 主用户不会 被告 口, 从而存在安全问题。 发明内容 针对相关技术中, 当其它用户使用主用户的账号接入网络时, 主用户不 会被告知的问题而提出本发明, 为此, 本发明的主要目的在于提供一种网络 接入方法、 装置及系统, 以解决上述问题。 为了实现上述目的,根据本发明的一个方面,提供了一种网络接入方法。 根据本发明的网络接入方法包括: 网络侧确定第一用户设备请求使用第 二用户设备的账号进行接入; 网络侧确定第二用户设备的账号认证成功; 网 络侧确定第二用户设备所属的用户允许第一用户设备使用第二用户设备的账 号接入网络侧; 网络侧进行第一用户设备的接入。 优选地, 网络侧确定第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧包括: 网络侧获取第一用户设备的 MAC地址 和 /或 SIM号码;网络侧向第二用户设备所属的用户发送 MAC地址和 /或 SIM 号码; 网络侧接收到来自第二用户设备的接入允许信息, 其中接入允许信息 用于指示第二用户设备所属的用户允许第一用户设备使用第二用户设备的账 号接入网络侧; 网络侧根据接入允许消息, 确定第二用户设备所属的用户允 许第一用户设备使用第二用户设备的账号接入网络侧。 优选地, 网络侧确定第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧包括: 网络侧获取第一用户设备的 MAC地址 和 /或 SIM号码;网络侧向第三用户设备所属的用户发送 MAC地址和 /或 SIM 号码, 其中第三用户设备为第二用户设备所属的用户允许的、 用于认证除第 二用户设备和第三用户设备之外的其它用户设备使用第二用户设备的账号接 入网络侧的用户设备; 网络侧接收到来自第三用户设备的接入允许信息, 其 中接入允许信息用于指示第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧; 网络侧根据接入允许消息, 确定第二用户设 备所属的用户允许第一用户设备使用第二用户设备的账号接入网络侧。 优选地, 网络侧以短信方式或语音提示信息方式通过 WLAN或
TD-SCDMA网络或 EDG网络发送 MAC地址和 /或 SIM号码;网络侧以短信 方式或语音提示信息方式接收接入允许信息。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括: 网 络侧将第一用户设备的接入以短信方式或语音提示信息方式通过 WLAN或 TD-SCDMA网络或 EDG网络, 通知所有使用第二用户设备的账号的用户设 备。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括: 网 络侧确定第二用户设备 WLAN未开启; 网络侧允许第一用户设备独立进行 数据传输。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括以下 至少之一: 网络侧与第一用户设备按照传输控制协议 TCP进行数据传输; 第 一用户设备与第二用户设备按照 UDP进行数据传输; 第一用户设备与第三 用户设备按照 UDP进行数据传输, 其中第三用户设备为第二用户设备所属 的用户允许的、 使用第二用户设备的账号接入网络侧的用户设备。 优选地, 网络侧确定第二用户设备的账号认证成功包括以下至少之一: 网络侧以短信方式或语音提示信息方式确定第二用户设备的账号在 WLAN 接入设备认证成功; 网络侧以短信方式或语音提示信息方式确定第二用户设 备的账号在省级 AS认证成功; 网络侧以短信方式或语音提示信息方式确定 第二用户设备的账号在国家级 AS认证成功。 为了实现上述目的, 根据本发明的另一个方面, 提供了一种网络接入装 置, 该网络接入装置应用于网络侧。 根据本发明的网络接入装置包括: 第一确定模块, 用于确定第一用户设 备请求使用第二用户设备的账号进行接入; 第二确定模块, 用于确定第二用 户设备的账号认证成功; 第三确定模块, 用于确定第二用户设备所属的用户 允许第一用户设备使用第二用户设备的账号接入网络侧; 接入模块, 用于进 行第一用户设备的接入。 为了实现上述目的, 根据本发明的又一个方面, 提供了一种网络接入系 统。 根据本发明的网络接入系统包括第一用户设备、第二用户设备和网络侧, 其中网络侧包括: 第一确定模块, 用于确定第一用户设备请求使用第二用户 设备的账号进行接入; 第二确定模块, 用于确定第二用户设备的账号认证成 功; 第三确定模块, 用于确定第二用户设备所属的用户允许第一用户设备使 用第二用户设备的账号接入网络侧; 接入模块, 用于进行第一用户设备的接 入。 通过本发明, 仅仅当主用户允许该其它用户使用该账号接入网络时, 才 进行该其它用户的接入, 从而可以保证主用户的安全。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是才艮据本发明实施例的网络接入方法的流程图; 图 2是根据本发明实施例的 WLAN认证、 传输过程的流程图; 图 3是根据本发明实施例的 WLAN主用户认证过程的流程图; 图 4是根据本发明实施例的 WLAN从用户认证过程的流程图; 图 5是 居本发明实施例的网络接入装置的结构框图; 图 6是 居本发明优选实施例的网络接入装置的结构框图; 图 7是 居本发明实施例的网络接入系统的结构框图。 具体实施方式 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特 征可以相互组合。 下面将参考附图并结合实施例来详细说明本发明。 本发明实施例提供了一种网络接入方法。 图 1是根据本发明实施例的网 络接入方法的流程图, 如图 1所示, 包括如下的步骤 S 102至步骤 S 108: 步骤 S 102 , 网络侧确定第一用户设备请求使用第二用户设备的账号进行 接入。 步骤 S 104 , 网络侧确定第二用户设备的账号认证成功。 步骤 S 106, 网络侧确定第二用户设备所属的用户允许第一用户设备使用 第二用户设备的账号接入网络侧。 步骤 S 108, 网络侧进行第一用户设备的接入。 相关技术中, 当其它用户 (对应于上述第一用户设备所属的用户) 使用 主用户 (对应于上述第二用户设备所属的用户) 的账号接入网络时, 主用户 不会被告知, 从而存在安全问题。 本发明实施例中, 仅仅当主用户允许该其 它用户使用该账号接入网络时, 才进行该其它用户的接入, 从而可以保证主 用户的安全。 优选地, 网络侧确定第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧包括: 网络侧获取第一用户设备的 MAC地址 和 /或 SIM号码;网络侧向第二用户设备所属的用户发送 MAC地址和 /或 SIM 号码; 网络侧接收到来自第二用户设备的接入允许信息, 其中接入允许信息 用于指示第二用户设备所属的用户允许第一用户设备使用第二用户设备的账 号接入网络侧; 网络侧根据接入允许消息, 确定第二用户设备所属的用户允 许第一用户设备使用第二用户设备的账号接入网络侧。 优选地, 网络侧确定第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧包括: 网络侧获取第一用户设备的 MAC地址 和 /或 SIM号码;网络侧向第三用户设备所属的用户发送 MAC地址和 /或 SIM 号码, 其中第三用户设备为第二用户设备所属的用户允许的、 用于认证除第 二用户设备和第三用户设备之外的其它用户设备使用第二用户设备的账号接 入网络侧的用户设备; 网络侧接收到来自第三用户设备的接入允许信息, 其 中接入允许信息用于指示第二用户设备所属的用户允许第一用户设备使用第 二用户设备的账号接入网络侧; 网络侧根据接入允许消息, 确定第二用户设 备所属的用户允许第一用户设备使用第二用户设备的账号接入网络侧。 优选地, 网络侧以短信方式或语音提示信息方式通过 WLAN或
TD-SCDMA网络或 EDG网络发送 MAC地址和 /或 SIM号码;网络侧以短信 方式或语音提示信息方式接收接入允许信息。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括: 网 络侧将第一用户设备的接入以短信方式或语音提示信息方式通过 WLAN或 TD-SCDMA网络或 EDG网络, 通知所有使用第二用户设备的账号的用户设 备。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括: 网 络侧确定第二用户设备 WLAN未开启; 网络侧允许第一用户设备独立进行 数据传输。 优选地, 在网络侧进行第一用户设备的接入之后, 上述方法还包括以下 至少之一: 网络侧与第一用户设备按照 TCP进行数据传输(即外部数据传输 方式); 第一用户设备与第二用户设备按照 UDP进行数据传输 (即内部数据 传输方式); 第一用户设备与第三用户设备按照 UDP进行数据传输, 其中第 三用户设备为第二用户设备所属的用户允许的、 使用第二用户设备的账号接 入网络侧的用户设备。 具体地, 在上述外部数据传输方式中, 外部数据传输允许所有认证通过 的用户通过 TCP方式传输,所有共享用户的数据流量与计费统一用主用户账 号计算, 若共用该账号的用户处于漫游状态则该用户按漫游计费; 在上述内 部数据传输方式中, 所有共享用户内部数据传输釆用 UDP传输方式, UDP 不属于链接型协议, 资源消耗小, 数据处理速度快。 内部数据流量由网络告 知主用户统计, 若内部数据传输釆用免费方式, 则不必进行内部数据流量统 计。 优选地, 网络侧确定第二用户设备的账号认证成功包括以下至少之一: 网络侧以短信方式或语音提示信息方式确定第二用户设备的账号在 WLAN 接入设备认证成功; 网络侧以短信方式或语音提示信息方式确定第二用户设 备的账号在省级 AS认证成功; 网络侧以短信方式或语音提示信息方式确定 第二用户设备的账号在国家级 AS认证成功。 下面将结合实例对本发明实施例的实现过程进行详细描述。 图 2是根据本发明实施例的 WLAN认证、 传输过程的流程图, 如图 2 所示, 包括如下的步骤 S201至步骤 S204: 步骤 S201 , 主用户开启 WLAN功能, 准备发起主动认证或被动接受认 证服务器的认证。 步骤 S202, 主用户认证过程开始, 主用户认证主要包括与 WLAN接入 点、 省级 AS、 国家 AS之间的加密信息确认过程, 同时还包括省级和国家级 证书管理中心的监控与审核过程, 具体认证过程如图 3所述。 步骤 S203 , 从认证过程, 从认证是由主用户审核完成的, 主要完成主用 户账号使用的安全提醒与保护功能, 具体认证过程如图 4所述。 步骤 S204, 数据传输, 在主用户与从用户认证成功之后, 所有共享用户 可以通过 WLAN账号访问外部网络, 所有共享用户之间可以通过 WLAN网 络进行内部数据传输。 图 3是根据本发明实施例的 WLAN主用户认证过程的流程图, 如图 3 所示, 包括如下的步 4聚 S301至步 4聚 S304: 步骤 S301 , 主用户设备发起认证, 主用户也可以被动接收认证服务器的 认证, 主用户通过语音提示信息或者短信向 WLAN接入点发起认证请求; 主用户的拨号认证支持无卡拨号认证, 用户设备无卡情况下可以通过呼叫 WLAN的接入点注册到认证系统, 若用户设备处于账号注册地的省内则只进 行省级认证即可, 若用户设备处于账号注册地的省外则进行省级认证完后还 要进行国家级拨号认证。 步骤 S302,用户设备与 WLAN接入设备之间的认证,用户设备与 WLAN 接入设备之间通过语音提示信息方式或短信方式认证。 步骤 S303 , WLAN接入设备与省级 AS之间的认证, WLAN接入设备 与省级 AS之间通过语音提示信息方式或短信方式认证。 步骤 S304, 省级 AS与国家级 AS之间的认证, 省级 AS与国家级 AS 之间的认证通过语音提示信息方式或短信方式认证。 步骤 S305 , WLAN接入设备与省级 AS的认证过程受省级证书管理系统 的监控与审核。 步骤 S306, 省级 AS与国家级 AS的认证过程受国家级证书管理系统的 监控与审核。 图 4是根据本发明实施例的 WLAN从用户认证过程的流程图, 如图 4 所示, 包括如下的步骤 S401至步骤 S404: 步骤 S401 , 从用户设备发起认证, 从用户也可以被动接收主用户的认证 请求, 从用户通过语音提示信息或者短信向主用户发起认证请求; 其中, 当 有未知用户使用主用户的账号访问网络时, 网络侧以短信或语音提示信息将 接入用户设备的 MAC地址或 SIM卡号反馈给主用户, 主用户完成对该接入 用户设备的接入允许或拒绝操作。 步骤 S402 , 从用户与主用户之间的数据加密方式确认, 在从用户发起数 据加密方式确认的过程中,若主用户未开启 WLAN功能,则通过 TD或 EDG 网络通 ^3主用户。 步骤 S403 , 从用户与主用户之间的认证过程, 从用户的认证得到主用户 确认后, 在主用户未开启 WLAN功能情况下, 从用户可以独立访问外部网 络; 从用户通过主用户认证之后, 主用户可以 ·ί受权从用户认证权利, 即当新 的用户想共用此账号时, 被授予认证权利的从用户也可以对新用户进行接入 允许操作。 步骤 S404, 共享数据传输, 在主用户与从用户认证成功后, 所有共享用 户可以同时使用 TCP数据方式访问外部网络, 共享内部用户釆用 UDP数据 传输方式。 下面进一步地描述本发明实施例的网络接入方法。 主认证链接断开过程, 包括加密认证、 省级证书认证、 国家证书认证、 全国漫游认证等过程; 从认证过程, 包括主认证审核、 ·ί受权等过程。 其中, 主认证系统包括认证加密系统和证书管理系统, 认证加密系统由 用户设备、 WLAN接入设备、 认证服务器 (AS ) 组成; 证书管理系统包括 全国证书管理中心、 省级注册审核中心, 负责证书的签发、 管理, 具体包括: 主用户釆用拨号或短息方式与 WLAN接入设备确认加密方式, WLAN 接入设备将拨号或短信信息传送到省级 AS ,省级 AS将拨号或短信信息传送 到国家级 AS , 国家级 AS为该用户创建一个信息文档库, 国家级 AS通过加 密的语音通话或短信信道与用户设备建立用户自定义的密钥, 此密钥可供用 户找回密码使用; 当主用户建立完密钥之后, 首先由省级证书管理中心对主用户语音提示 信息或短信信息自动进行安全审核, 省级证书管理中心审核完之后递交国家 级证书管理中心, 国家级证书管理中心审核完毕创建一个自动拨号或短信认 证信息文档库; 同时证书管理系统为认证服务器 ( AS ) 签发 AS设备证书, 为 WLAN 接入设备签发 WLAN设备证书, 为用户设备签发用户设备证书, 用户设备 和 WLAN接入设备的证书通过 AS进行相互认证, 主用户设备通过 WLAN 接入设备访问网络, 并在空中接口实现数据加密。 其中, 从用户釆用拨号或短信方式与主用户之间进行加密方式确认与认 证链接与断开过程, 主用户与从用户之间的加密方式确认与认证过程支持主 用户发起和从用户发起两种方式; 从用户与主用户之间的加密方式要求与主用户与 WLAN接入点间的加 密方式一致, 主用户认证从用户完毕无需再上报上层认证系统, 所有的共享 用户对上层认证系统显示统一的加密方式与认证账户; 当从用户试图通过主用户账号接入 WLAN网络时, 距当前从用户最近 的 AP 自动搜索该从用户的 MAC地址或用户设备的 SIM卡号, 以短信或语 音提示信息形式通过 WLAN网络或非 WLAN网络通知主用户。 主用户根据 短信或语音提示信息对该从用户进行允许或拒绝接入操作。 当主用户 ·ί受权允 许新用户使用该账号访问 WLAN网络后, 网络侧将以短信或语音提示信息 形式通过 WLAN网络或非 WLAN网络通知所有共享此账号的用户有新用户 接入。 需要说明的是, 在附图的流程图示出的步骤可以在诸如一组计算机可执 行指令的计算机系统中执行, 并且, 虽然在流程图中示出了逻辑顺序, 但是 在某些情况下, 可以以不同于此处的顺序执行所示出或描述的步骤。 本发明实施例提供了一种网络接入装置, 该网络接入装置可以用于实现 上述网络接入方法。 图 5是根据本发明实施例的网络接入装置的结构框图, 包括第一确定模块 52 , 第二确定模块 54 , 第三确定模块 56和接入模块 58。 下面对其结构进行详细描述。 第一确定模块 52 ,用于确定第一用户设备请求使用第二用户设备的账号 进行接入; 第二确定模块 54 , 用于确定第二用户设备的账号认证成功; 第三 确定模块 56 , 用于确定第二用户设备所属的用户允许第一用户设备使用第二 用户设备的账号接入网络侧; 接入模块 58 , 用于进行第一用户设备的接入。 下面将结合实例对本发明实施例的实现过程进行详细描述。 图 6是才艮据本发明优选实施例的网络接入装置的结构框图,如图 6所示, 包括: WLAN单元 62、 认证单元 64和链接单元 66。 下面对其结构进行详细 描述。
WLAN单元 62 , 用于 WLAN功能的开启、 关闭, 接入点的搜索、 链接、 设置、 排列等基本功能操作; 还用于与认证单元 64之间的信息交互, 对认 证信息及时反馈。 认证单元 64用于系统加密认证和管理证书认证, 管理证书认证包括省 级管理证书认证、 国家级管理证书认证和全国漫游等证书认证过程; 还用于 与链接单元 66之间的信息交互, 为链接单元 66提供链接权限凭证。 认证单元 64包括主用户认证单元和从用户认证单元, 主用户认证单元 完成证书管理系统为用户设备签发证书的接收, 提供用户设备和 WLAN接 入设备的证书通过 AS进行相互认证; 从用户认证单元用于对共享同一个账 号的用户的认证, 主要用于当其他用户试图使用主用户的账号访问 WLAN 网络时, 网络侧及时通知主用户, 完成对主用户账号的安全提醒与保护功能。 链接单元 66 , 用于接收认证单元 64的认证结果信息, 才艮据认证结果给 予相应用户的链接允许权限。 链接单元 66用于对浏览器权限的控制, 包括主用户和从用户的链接允 许权限与链接过程的配置、 监控, 链接单元还用于共享用户内部数据传输的 链接建立、 监控与断开过程。 需要说明的是, 装置实施例中描述的网络接入装置对应于上述的方法实 施例, 其具体的实现过程在方法实施例中已经进行过详细说明, 在此不再赞 述。 本发明实施例提供了一种网络接入系统, 该网络接入系统可以用于实现 上述网络接入方法。 图 7是根据本发明实施例的网络接入系统的结构框图, 如图 7所示, 该系统包括第一用户设备 72、 第二用户设备 74和网络侧 76 , 其中网络侧 76包括第一确定模块 762 ,第二确定模块 764 ,第三确定模块 766 和接入模块 768。 下面对其结构进行详细描述。 第一确定模块 762 , 用于确定第一用户设备 72请求使用第二用户设备 74的账号进行接入; 第二确定模块 764 , 用于确定第二用户设备 74的账号 认证成功; 第三确定模块 766, 用于确定第二用户设备 74所属的用户允许第 一用户设备 72使用第二用户设备 74的账号接入网络侧; 接入模块 768 , 用 于进行第一用户设备 72的接入。 需要说明的是, 装置实施例中描述的网络接入系统对应于上述的方法实 施例, 其具体的实现过程在方法实施例中已经进行过详细说明, 在此不再赞 述。 综上所述, 根据本发明的上述实施例, 提供了一种网络接入方法、 装置 及系统。通过本发明,仅仅当主用户允许该其它用户使用该账号接入网络时, 才进行该其它用户的接入, 从而可以保证主用户的安全。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的^"神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。

Claims

权 利 要 求 书 一种网络接入方法, 包括:
网络侧确定第一用户设备请求使用第二用户设备的账号进行接 入;
所述网络侧确定所述第二用户设备的账号认证成功;
所述网络侧确定所述第二用户设备所属的用户允许所述第一用户 设备使用所述第二用户设备的账号接入所述网络侧;
所述网络侧进行所述第一用户设备的接入。 根据权利要求 1所述的方法, 其中, 所述网络侧确定所述第二用户设 备所属的用户允许所述第一用户设备使用所述第二用户设备的账号接 入所述网络侧包括:
所述网络侧获取所述第一用户设备的媒体接入控制 MAC地址和 / 或客户识别模块 SIM号码;
所述网络侧向所述第二用户设备所属的用户发送所述 MAC地址 和 /或所述 SIM号码;
所述网络侧接收到来自所述第二用户设备的接入允许信息, 其中 所述接入允许信息用于指示所述第二用户设备所属的用户允许所述第 一用户设备使用所述第二用户设备的账号接入所述网络侧;
所述网络侧根据所述接入允许消息, 确定所述第二用户设备所属 的用户允许所述第一用户设备使用所述第二用户设备的账号接入所述 网络侧。 根据权利要求 1所述的方法, 其中, 所述网络侧确定所述第二用户设 备所属的用户允许所述第一用户设备使用所述第二用户设备的账号接 入所述网络侧包括:
所述网络侧获取所述第一用户设备的 MAC地址和 /或 SIM号码; 所述网络侧向第三用户设备所属的用户发送所述 MAC地址和 /或 所述 SIM号码, 其中所述第三用户设备为所述第二用户设备所属的用 户允许的、 用于认证除所述第二用户设备和所述第三用户设备之外的 其它用户设备使用所述第二用户设备的账号接入所述网络侧的用户设 备;
所述网络侧接收到来自所述第三用户设备的接入允许信息, 其中 所述接入允许信息用于指示所述第二用户设备所属的用户允许所述第 一用户设备使用所述第二用户设备的账号接入所述网络侧;
所述网络侧根据所述接入允许消息, 确定所述第二用户设备所属 的用户允许所述第一用户设备使用所述第二用户设备的账号接入所述 网络侧。
4. 根据权利要求 2或 3所述的方法, 其中,
所述网络侧以短信方式或语音提示信息方式通过无线局域网 WLAN或时分同步码分多址接入 TD-SCDMA网络或 EDG网络发送所 述 MAC地址和 /或所述 SIM号码;
所述网络侧以短信方式或语音提示信息方式接收所述接入允许信 息。
5. 根据权利要求 1所述的方法, 其中, 在所述网络侧进行所述第一用户 设备的接入之后, 所述方法还包括:
所述网络侧将所述第一用户设备的接入以短信方式或语音提示信 息方式通过 WLAN或 TD-SCDMA网络或 EDG网络, 通知所有使用 所述第二用户设备的账号的用户设备。
6. 根据权利要求 1所述的方法, 其中, 在所述网络侧进行所述第一用户 设备的接入之后, 所述方法还包括:
所述网络侧确定所述第二用户设备 WLAN未开启; 所述网络侧允许所述第一用户设备独立进行数据传输。
7. 根据权利要求 1所述的方法, 其中, 在所述网络侧进行所述第一用户 设备的接入之后, 所述方法还包括以下至少之一:
所述网络侧与所述第一用户设备按照传输控制协议 TCP进行数据 传输;
所述第一用户设备与所述第二用户设备按照用户数据协议 UDP 进行数据传输; 所述第一用户设备与第三用户设备按照 UDP进行数据传输,其中 所述第三用户设备为所述第二用户设备所属的用户允许的、 使用所述 第二用户设备的账号接入所述网络侧的用户设备。 根据权利要求 1所述的方法, 其中, 所述网络侧确定所述第二用户设 备的账号认证成功包括以下至少之一:
所述网络侧以短信方式或语音提示信息方式确定所述第二用户设 备的账号在 WLAN接入设备认证成功;
所述网络侧以短信方式或语音提示信息方式确定所述第二用户设 备的账号在省级自治系统 AS认证成功;
所述网络侧以短信方式或语音提示信息方式确定所述第二用户设 备的账号在国家级 AS认证成功。 一种网络接入装置, 应用于网络侧, 包括:
第一确定模块, 用于确定第一用户设备请求使用第二用户设备的 账号进行接入;
第二确定模块, 用于确定所述第二用户设备的账号认证成功; 第三确定模块, 用于确定所述第二用户设备所属的用户允许所述 第一用户设备使用所述第二用户设备的账号接入所述网络侧;
接入模块, 用于进行所述第一用户设备的接入。 一种网络接入系统, 其中, 包括第一用户设备、 第二用户设备和网络 侧, 其中所述网络侧包括:
第一确定模块, 用于确定所述第一用户设备请求使用所述第二用 户设备的账号进行接入;
第二确定模块, 用于确定所述第二用户设备的账号认证成功; 第三确定模块, 用于确定所述第二用户设备所属的用户允许所述 第一用户设备使用所述第二用户设备的账号接入所述网络侧;
接入模块, 用于进行所述第一用户设备的接入。
PCT/CN2011/071238 2011-01-10 2011-03-04 网络接入方法、装置及系统 Ceased WO2012094841A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP11855353.6A EP2665302B1 (en) 2011-01-10 2011-03-04 Network access method, apparatus and system
US13/977,746 US9154950B2 (en) 2011-01-10 2011-03-04 Network access method, apparatus and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110004412.9 2011-01-10
CN201110004412.9A CN102111766B (zh) 2011-01-10 2011-01-10 网络接入方法、装置及系统

Publications (1)

Publication Number Publication Date
WO2012094841A1 true WO2012094841A1 (zh) 2012-07-19

Family

ID=44175762

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/071238 Ceased WO2012094841A1 (zh) 2011-01-10 2011-03-04 网络接入方法、装置及系统

Country Status (4)

Country Link
US (1) US9154950B2 (zh)
EP (1) EP2665302B1 (zh)
CN (1) CN102111766B (zh)
WO (1) WO2012094841A1 (zh)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307349B (zh) * 2011-08-16 2015-04-01 宇龙计算机通信科技(深圳)有限公司 无线网络的接入方法、终端和服务器
CN103249044B (zh) * 2012-02-14 2016-03-30 中国移动通信集团公司 一种终端通过MiFi接入自有业务的方法、系统和装置
CN102970732B (zh) * 2012-11-26 2015-06-10 中兴通讯股份有限公司 一种无线局域网共享认证的方法、系统及设备
CN104348786B (zh) * 2013-07-29 2018-09-04 腾讯科技(深圳)有限公司 密码找回方法、装置和系统
CN104703160B (zh) * 2013-12-06 2018-07-24 中国移动通信集团公司 一种电子凭证处理方法及设备
EP3082351A4 (en) * 2013-12-12 2016-12-14 Panasonic Ip Man Co Ltd METHOD, SYSTEM AND COMMUNICATION DEVICE
CN106454787A (zh) * 2015-08-05 2017-02-22 中兴通讯股份有限公司 流量分享方法及装置
CN105744507B (zh) * 2016-04-09 2019-11-19 郭今戈 一种终端代理的不同运营商之间通信资源共享的方法、系统
CN105704706A (zh) * 2016-04-13 2016-06-22 苏州蜗牛数字科技股份有限公司 一种基于双通道移动终端的虚拟卡鉴权方法与系统
CN108616884B (zh) * 2016-11-30 2022-01-07 上海掌门科技有限公司 用于无线接入点连接的方法与设备
CN106792693B (zh) * 2016-12-28 2020-10-30 泰州市元和达电子科技有限公司 一种基于声纹认证的智能无线局域网预约接入方法
CN108712419A (zh) * 2018-05-18 2018-10-26 迈普通信技术股份有限公司 一种终端授权认证方法、系统及aaa服务器
CN111212460A (zh) * 2019-12-24 2020-05-29 江苏美的清洁电器股份有限公司 一种扫地机器人的控制系统及方法和扫地机器人
CN111970175B (zh) * 2020-08-26 2022-06-21 武汉绿色网络信息服务有限责任公司 一种入网账户恶意共享检测的方法和装置
CN112202770B (zh) * 2020-09-29 2023-06-16 北京小米移动软件有限公司 设备联网方法及装置、设备、存储介质
CN114745138B (zh) * 2022-05-20 2022-08-26 长扬科技(北京)有限公司 一种设备认证方法、装置、控制平台及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159624A (zh) * 2007-10-31 2008-04-09 中兴通讯股份有限公司 一种账户使用监控方法
CN101321391A (zh) * 2008-07-16 2008-12-10 宇龙计算机通信科技(深圳)有限公司 基于授权的移动通信方法、服务器、终端及系统
CN101414998A (zh) * 2007-10-15 2009-04-22 华为技术有限公司 一种基于认证机制转换的通信方法、系统及设备
WO2009138559A1 (en) * 2008-05-11 2009-11-19 Nokia Corporation Route selection by drag and drop

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1421819B1 (en) * 2001-08-28 2006-06-28 Telefonaktiebolaget LM Ericsson (publ) Multicast group management in telecommunication networks
US8276189B2 (en) * 2006-02-06 2012-09-25 Panasonic Corporation Method, system and apparatus for indirect access by communication device
US7881470B2 (en) * 2006-03-09 2011-02-01 Intel Corporation Network mobility security management
US20080022115A1 (en) * 2006-05-31 2008-01-24 Motorola, Inc. Method and system for electronic graffiti
GB0624571D0 (en) * 2006-12-08 2007-01-17 Cambridge Silicon Radio Ltd Authenticating Devices for Communications
US8966594B2 (en) * 2008-02-04 2015-02-24 Red Hat, Inc. Proxy authentication
US8265599B2 (en) * 2008-05-27 2012-09-11 Intel Corporation Enabling and charging devices for broadband services through nearby SIM devices
GB2467597B (en) * 2009-02-10 2012-12-26 Oracle Int Corp Integrated communication system and method
CN101621801B (zh) * 2009-08-11 2012-11-28 华为终端有限公司 无线局域网的认证方法、系统及服务器、终端

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414998A (zh) * 2007-10-15 2009-04-22 华为技术有限公司 一种基于认证机制转换的通信方法、系统及设备
CN101159624A (zh) * 2007-10-31 2008-04-09 中兴通讯股份有限公司 一种账户使用监控方法
WO2009138559A1 (en) * 2008-05-11 2009-11-19 Nokia Corporation Route selection by drag and drop
CN101321391A (zh) * 2008-07-16 2008-12-10 宇龙计算机通信科技(深圳)有限公司 基于授权的移动通信方法、服务器、终端及系统

Also Published As

Publication number Publication date
EP2665302A4 (en) 2014-07-02
US9154950B2 (en) 2015-10-06
CN102111766B (zh) 2015-06-03
US20130298196A1 (en) 2013-11-07
EP2665302A1 (en) 2013-11-20
EP2665302B1 (en) 2016-04-27
CN102111766A (zh) 2011-06-29

Similar Documents

Publication Publication Date Title
WO2012094841A1 (zh) 网络接入方法、装置及系统
CN114268943B (zh) 授权方法及装置
EP3570515B1 (en) Method, device, and system for invoking network function service
EP1875703B1 (en) Method and apparatus for secure, anonymous wireless lan (wlan) access
CN103780397B (zh) 一种多屏多因子便捷web身份认证方法
CA2792490C (en) Key generation in a communication system
CN102625310B (zh) 无线网络接入方法、认证方法和装置
EP2846586B1 (en) A method of accessing a network securely from a personal device, a corporate server and an access point
US20070269048A1 (en) Key generation in a communication system
DK2924944T3 (en) Presence authentication
CN103441984A (zh) 安全无线网络中的动态认证
WO2008080351A1 (en) Wireless local network operation method based on wapi
KR20240167060A (ko) Wpa3 클라우드 기반 네트워크 액세스 및 프로비저닝
EP2761909A1 (en) Secure wireless network connection method
CN108243413A (zh) 一种无线接入铁路信息网络的方法及系统
WO2009092315A1 (zh) 一种无线个域网接入方法
US20070165582A1 (en) System and method for authenticating a wireless computing device
WO2010124569A1 (zh) 用户接入控制方法和系统
CN101742507B (zh) 一种WAPI终端访问Web应用站点的系统及方法
CN113543131A (zh) 网络连接管理方法、装置、计算机可读介质及电子设备
US11546339B2 (en) Authenticating client devices to an enterprise network
Ye et al. A Study of Semi-Fungible Token based Wi-Fi Access Control
WO2012151933A1 (zh) 自有业务认证方法及系统
WO2008080352A1 (en) A wlan authentication charging method based on wapi
CN101454767B (zh) 安全无线网络中的动态认证

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11855353

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2011855353

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 13977746

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE