WO2011009268A1 - Système et procédé d'authentification basés sur wapi (infrastructure d'authentification et de confidentialité wlan) - Google Patents

Système et procédé d'authentification basés sur wapi (infrastructure d'authentification et de confidentialité wlan) Download PDF

Info

Publication number
WO2011009268A1
WO2011009268A1 PCT/CN2009/075687 CN2009075687W WO2011009268A1 WO 2011009268 A1 WO2011009268 A1 WO 2011009268A1 CN 2009075687 W CN2009075687 W CN 2009075687W WO 2011009268 A1 WO2011009268 A1 WO 2011009268A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
certificate
access point
mobile terminal
access
Prior art date
Application number
PCT/CN2009/075687
Other languages
English (en)
Chinese (zh)
Inventor
周伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011009268A1 publication Critical patent/WO2011009268A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • Line LAN authentication and privacy infrastructure technology specifically related to a WAPI-based authentication system and method. Background technique
  • WAPI is a security protocol applied to WLAN (Wireless Local Network). It is a standard of innovative technology proposed by China, which solves the existing vulnerabilities and hidden dangers of wireless local area network security mechanisms.
  • the WAPI security mechanism consists of two parts: WAI (WLAN Authentication Infrastructure) and WPI (WLAN Privacy Infrastructure).
  • WAI is used to authenticate the user's identity, ensuring that legitimate users access the legitimate network; WPI is used to encrypt the transmitted data, ensuring the confidentiality of the communication.
  • WAI uses the public key cryptosystem to use the digital certificate to perform mutual authentication between the MT (Mobile Terminal) and the AP (Access Point) of the WLAN system.
  • WAI defines a type called ASU (Authentication).
  • ASU Authentication
  • the entity of the Service Unit which is used to manage the certificates required by the parties involved in the information exchange, including the generation, issuance, revocation and update of certificates.
  • the certificate is the digital identity certificate of the network device terminal MT, and its content package uses the WAPI-specific elliptic curve digital signature algorithm.
  • the specific implementation of the WAPI protocol includes the following processes:
  • Authentication activation When the MT logs in to the AP, the AP sends an authentication activation to the MT to start the authentication process.
  • Access authentication request The MT sends an authentication request to the AP, and sends its own certificate and access authentication request time to the AP.
  • Certificate authentication request After receiving the MT access authentication request, the AP sends an authentication request to the ASU.
  • the ASU After receiving the AP authentication request, the ASU verifies the signature of the AP and the legality of the AP and MT certificates. After the verification is completed, the ASU will verify the result of the MT certificate (including the MT certificate, the authentication result, the access authentication request time, and the signature of the ASU), and the AP certificate authentication result information (including the AP certificate, the authentication result, the access authentication request time, and The ASU signs their signatures and sends a certificate response message back to the AP.
  • the result of the MT certificate including the MT certificate, the authentication result, the access authentication request time, and the signature of the ASU
  • the AP certificate authentication result information including the AP certificate, the authentication result, the access authentication request time, and The ASU signs their signatures and sends a certificate response message back to the AP.
  • the AP verifies the certificate response returned by the ASU, and obtains the MT certificate authentication result.
  • the AP sends the MT certificate authentication information, the AP certificate authentication result information, and the AP's signature to form an access authentication response message to the MT.
  • the MT verifies the signature of the ASU, the AP certificate is obtained, and the MT determines whether to access the AP according to the authentication result.
  • the technical problem to be solved by the present invention is to provide a WAPI-based authentication system and method, which improves the security and efficiency of the WAPI authentication mechanism.
  • the present invention provides an authentication method based on a wireless local area network authentication and privacy infrastructure, including: when accessing an access point and a mobile terminal to implement certificate authentication, the access point selects one or more The authentication server completes the authentication of the certificate.
  • the access point stores a current usage list of the authentication server, where the usage table records the current load status of each authentication server and whether the status is available;
  • the access point selects one or more authentication servers having the smallest current load from the available authentication servers to complete the authentication of the certificate.
  • the access point when the access point selects multiple authentication servers to complete the authentication of the certificate, the access point sends the certificate authentication request message to each selected authentication server, and the authentication server authenticates the certificate of the mobile terminal. And constituting a certificate authentication response message is sent to the access point;
  • the access point performs signature verification on each received certificate authentication response message, and obtains a result of the authentication of the mobile terminal certificate by each authentication server. If each authentication server corrects at least one of the mobile terminal certificate authentication results, the mobile terminal is allowed. Accessing the access point, if each authentication server incorrectly verifies the result of the mobile terminal certificate authentication, the mobile terminal is not allowed to access the access point.
  • the method for determining the authentication result of the authentication server to the mobile terminal certificate is: if each authentication server has the same certificate authentication result for the mobile terminal, it is considered that each authentication server has correct authentication results for the mobile terminal certificate, and if there is an inconsistency, it is considered There is a spoofing behavior, the access point sends the authentication result of the mobile terminal certificate to each trusted server to the trusted center, and the trusted center verifies the authentication result of each authentication server to the mobile terminal certificate, and detects the authentication server that has the spoofing behavior. , and notify the access point. Further, the access point performs mobile terminal certificate authentication result information, access point certificate authentication result information, and access point information of the access terminal to the mobile terminal certificate authentication result and access generated by the authentication server without fraudulent behavior.
  • the signature of the access point certificate authentication result information constitutes an access authentication response message, and the access authentication response message is sent to the mobile terminal; after receiving the access authentication response message, the mobile terminal verifies the packet
  • the signature of the access point and the signature of the authentication server are obtained, and the certificate verification result of the access point is obtained, and it is determined whether the authentication result of the access point certificate is correct, and then the access point is determined to be accessed, otherwise the access point is not connected. Enter the access point.
  • the access point divides the security level of the mobile terminal according to the number of the authentication server, and the number of levels of the security level of the mobile terminal is consistent with the number of the authentication server; when the authentication server that performs certificate authentication is selected, The access point selects the number of authentication servers that complete the certificate authentication according to the security level of the mobile terminal.
  • the security level of the mobile terminal is ⁇
  • n authentication servers are selected for certificate authentication, and if the currently available authentication server is less than ⁇ , the selection is performed. All available authentication servers perform certificate authentication.
  • the present invention also provides an authentication system based on a wireless local area network authentication and privacy infrastructure, including an access point, a mobile terminal, and an authentication server;
  • the one or more authentication servers are selected to complete the authentication of the certificate
  • the authentication server is configured to authenticate the access point certificate and the mobile terminal certificate. Further, the access point is further configured to store an authentication server current usage table, where the usage table records a current load status of each authentication server and a status of availability;
  • the access point selects one or more authentication servers having the smallest current load from the available authentication servers to complete the authentication of the certificate.
  • the access point when the access point selects multiple authentication servers to complete the authentication of the certificate, the access point sends the certificate authentication request message to each selected authentication server, each authentication service.
  • the server authenticates the certificate of the mobile terminal, and forms a certificate authentication response to be sent to the access point;
  • the access point performs signature verification on each received certificate authentication response message, and obtains a result of the authentication of the mobile terminal certificate by each authentication server. If each authentication server corrects at least one of the mobile terminal certificate authentication results, the mobile terminal is allowed. Accessing the access point, if each authentication server incorrectly verifies the result of the mobile terminal certificate authentication, the mobile terminal is not allowed to access the access point.
  • system further includes a trusted center
  • the determining whether the authentication server corrects the result of the certificate authentication of the mobile terminal means that the access point determines whether the authentication results of the authentication certificates of the mobile terminal are consistent with each other, and if they are consistent, it is considered that the authentication results of the authentication certificates of the mobile terminal are correct; If the inconsistency is inconsistent, the access point is sent to the trusted center by the authentication server, and the trusted center verifies the authentication result of the authentication certificate of the mobile terminal, and detects the fraudulent behavior. The authentication server, and notify the access point.
  • the access point is further configured to: use the mobile terminal certificate authentication result information generated by the authentication server that does not have fraudulent behavior, access the access point certificate authentication result information, and access the access point to the mobile terminal certificate authentication result.
  • the information and the signature of the access point certificate authentication result information constitute an access authentication response message, and the access authentication response message is sent to the mobile terminal;
  • the mobile terminal After receiving the access authentication response message, the mobile terminal is configured to verify the signature of the access point and the signature of the authentication server, obtain the certificate verification result of the access point, and determine the access point certificate. If the authentication result is correct, it is decided to access the access point, otherwise the access point is not accessed.
  • the present invention proposes a WAPI-based authentication system and method, and the authentication of the certificate can be flexibly selected according to the actual situation to be completed by a single ASU or multiple ASUs.
  • the AP selects the ASU participating in the certificate authentication according to the ASU current usage table maintained by the AP, and the multiple ASUs are overcome to overcome the shortcomings of the single ASU authentication, and can effectively detect the fraudulent ASU.
  • the efficiency of authentication is improved because load sharing can be achieved.
  • FIG. 1 is a schematic structural diagram of a certificate authentication system of the present invention
  • the present invention provides a WAPI-based authentication system.
  • the authentication system includes an AP, an MT, a TC (Trust Center), and a plurality of ASUs.
  • the MT After receiving the authentication activation message sent by the AP, the MT sends an authentication request to the AP, and carries the MT certificate and the MT access authentication request time;
  • the MT is further configured to: after receiving the access authentication response message sent by the AP, verifying the signature of the AP and the signature of the ASU to obtain the certificate verification result of the AP, and determining whether to access the AP according to the verification result of the AP certificate;
  • the AP After receiving the access authentication request sent by the MT, the AP selects the number of ASUs for certificate authentication according to the security level of the MT. When the security level of the MT is low, only one ASU can be selected for certificate authentication. When the security level is high, multiple ASUs can be selected for certificate authentication. Specifically, the AP can classify the security level of the MT according to the number of ASUs, such as, but not limited to, the number of security levels of the MT and the number of ASUs. Consistently, when the security level of the MT is 1, select 1 ASU for certificate authentication. When the security level of the MT is 2, select
  • Two ASUs perform certificate authentication.
  • the security level of the MT is n
  • n ASUs are selected for certificate authentication.
  • the security level of the MT is n
  • the currently available ASU is insufficient. In this case, all available ones can be selected.
  • ASU performs certificate authentication; of course, there are many other
  • the manner of division is not limited by the present invention.
  • the AP is further configured to use the AP private key to sign the MT certificate, the access authentication request time, and the AP certificate to form a certificate authentication request message, and send the certificate authentication request message to the selected M ASUs for certificate authentication;
  • the m authentication response packets are signed and verified, and m certificate authentication results are obtained for the MT, and it is determined whether the m authentication results are correct. If at least one of the authentication results is correct, the MT is allowed to access, and if the m authentication results are not correct, the MT is not allowed to access;
  • the AP compares the m authentication results first. If they are consistent, the ASU does not have fraudulent behavior, that is, the m authentication results are correct. If the m authentication results are not completely consistent. And sending the m authentication results to the TC, and determining whether the correct authentication result exists according to the feedback information of the TC;
  • the AP is further configured to form the correct MT certificate authentication result information, the AP certificate authentication result information, and the signature of the AP on the foregoing information (including the MT certificate authentication result information and the AP certificate authentication result information) to form an access authentication response message, and the AP is configured to The access authentication response packet is sent to the MT.
  • the TC After receiving the m authentication results sent by the AP, the TC verifies the m authentication results in turn, detects the ASU with the deceptive behavior, and the ASU with the fraudulent behavior is the ASU corresponding to the incorrect authentication result, and the fraudulent behavior is present.
  • the ASU (or incorrect authentication result) is sent to the AP.
  • the present invention also provides a WAPI-based authentication method, as shown in FIG. 2, including the following steps:
  • the AP selects the number of ASUs according to the security level of the network.
  • the maintainer in the AP has an ASU current usage table. According to the current usage table of the ASU, the one or more ASUs with the lowest load are selected. Identification.
  • Step 201 After receiving the MT access authentication request, the AP selects according to the security level of the MT. For the number of ASUs for certificate authentication, when the security level of the MT is low, only one ASU can be selected for certificate authentication. When the security level of the MT is high, multiple ASUs can be selected for certificate authentication. Specifically, the AP can follow The number of ASUs is divided into the security level of the MT. For example, but not limited to, the number of security levels of the MT is the same as the number of ASUs. When the security level of the MT is 1, select one ASU for certificate authentication. When the security level is 2, select 2 ASUs for certificate authentication. When the security level of the MT is n, select n ASUs for certificate authentication.
  • the AP selects the m ASUs with the smallest current load from all available ASUs;
  • the AP uses the AP private key to sign the MT certificate, the access authentication request time, and the AP certificate to form a certificate authentication request message, and sends the certificate authentication request message to the selected m ASUs.
  • Step 202 The ASU that receives the certificate authentication request message verifies the legality of the AP signature, the AP certificate, and the MT certificate according to the public key and the verification information on the trusted center TC. After the verification is completed, the m ASUs will authenticate the MT certificate. The result information and the AP certificate authentication result information form a certificate authentication response message to be sent to the AP;
  • the MT certificate authentication result information includes an MT certificate, an authentication result, an access authentication request time, and an ASU signature on the foregoing information.
  • the AP certificate authentication result information includes an AP certificate, an authentication result, an access authentication request time, and an ASU signature on the foregoing information;
  • Step 203 After receiving the certificate authentication response message of the M ASUs, the AP performs signature verification on each authentication response packet to obtain the MT certificate authentication result of each ASU, and determines whether the correct MT certificate authentication result exists. Step 204 is performed, otherwise step 208 is performed;
  • the method for judging whether the m authentication results are correct is that the AP first compares the m authentication results. If the two are consistent, the ASU does not have the spoofing behavior, that is, the m authentication results are correct. If the m authentication results are not completely consistent, the m authentication results are sent to the TC, and the TC sequentially verifies the m authentication results. The ASU with the spoofing behavior is detected, that is, the incorrect authentication result, and the ASU (or the incorrect authentication result) with the spoofing behavior is sent to the AP.
  • Step 204 The AP allows the MT to access the network.
  • Step 205 The AP forms an access authentication response by using the MT certificate authentication result information, the AP certificate authentication result information, and the AP's signature on the information (including the MT certificate authentication result information and the AP certificate authentication result information) generated by the ASU that does not have the spoofing behavior.
  • the packet is sent to the MT.
  • each MT certificate authentication result information and the AP certificate authentication result information correspond to the signature of one AP, that is, multiple access authentication response messages exist.
  • step 206 after receiving the access authentication response message sent by the AP, the MT verifies the signature of the AP and the signature of the ASU, and obtains the verification result of the AP certificate (when multiple access authentication responses are received, the MT will obtain If the verification result of the AP certificate is correct, and it is determined whether the verification result of the AP certificate is correct, if yes, go to step 207, otherwise go to step 209;
  • Step 207 determining to access the AP
  • Step 208 The AP does not allow the MT to access the network.
  • Step 209 determining not to access the AP.
  • the AP selects the number of authentication servers according to the actual situation, and selects the ASU with the lowest load and good working condition to complete the authentication according to the current usage table of the ASU maintained, and improves the authentication. effectiveness. It is authenticated by multiple ASUs, which overcomes the authoritative fraud behavior of ASU authentication in the prior art and improves security. In the case of a large number of wireless LAN MTs, a single ASU authentication is selected, and the efficiency of the authentication is improved due to the presence of multiple ASUs.
  • the method of the present invention is further illustrated by an application example, taking 5 ASUs as an example.
  • the AP can select one to five servers to complete certificate authentication.
  • the AP maintains one.
  • ASU current usage table according to the current usage table to select the server with the lowest load to complete the authentication of the certificate. Let's take the example of selecting two ASUs.
  • Step 1 The authentication is activated; the MT logs in to the AP, and the AP sends an authentication activation to the MT; to initiate the authentication process;
  • Step 2 Access the authentication request; the MT sends an authentication request to the AP, and sends the MT certificate and the MT access authentication request time to the AP;
  • Step 3 After receiving the MT access authentication request, the AP needs to select two ASUs to perform certificate authentication according to the security level of the MT. As shown in Table 1, ASU2 is currently unavailable, so only the remaining 4 ASUs can be obtained. Select two ASUs with the lowest current load (that is, the minimum number of authentications to be processed) for certificate authentication, namely ASU1 and ASU5;
  • the AP uses the AP private key to sign the MT certificate, the access authentication request time, and the AP certificate to form a certificate authentication request message, and sends the certificate authentication request message to ASU1 and ASU5.
  • Table 1 ASU current usage table stored by AP
  • Step 4 After receiving the certificate authentication request packet of the AP, the ASU1 and the ASU5 verify the legality of the AP signature, the AP certificate, and the MT certificate.
  • ASU1 and ASU5 respectively obtain the MT certificate authentication result information (including the MT certificate, the authentication result, the access authentication request time, and the signatures of ASU1 and ASU5 respectively) and the AP certificate authentication result information (including the AP certificate and the authentication result).
  • access authentication request time and ASU1 and ASU5 respectively send a certificate authentication response message to the AP.
  • Step 5 After receiving the authentication response message from ASU1 and ASU5, the AP performs signature verification on the authentication response packet to obtain ASU1 and ASU5 to MT. Certificate authentication result information;
  • Step 6 After obtaining the authentication result information of the MT certificate by the ASU1 and the ASU5, the AP compares the authentication result of the certificate. If the two authentication results are the same, the AP considers that there is no fraudulent behavior, and performs step 8; if the two authentication results are inconsistent, it is considered that There is a spoofing behavior, and the authentication results of the MT certificate are sent to the TC by ASU1 and ASU5;
  • Step 7 the trusted center TC verifies the authentication result of the MT certificate by ASU1 and ASU5, puts the fraudulent ASU into the bad record table for auditing, and notifies the AP of the fraudulent ASU to the AP; and then performs step 8;
  • Step 8 The AP determines whether to allow the MT to access the network according to the authentication result of the MT certificate by the ASU1 and the ASU5. Specifically, when at least one of the authentication results of the MT certificate by the ASU 1 and the ASU 5 is correct, the AP allows the MT to access the network. If the authentication results of the MT certificate are incorrect by the ASU1 and the ASU5, the AP does not allow the MT to access the network.
  • the AP sends the correct MT certificate authentication result information, the AP certificate authentication result information, and the signature of the AP (including the MT certificate authentication result information and the AP certificate authentication result information) to form an access authentication response message to the MT;
  • Step 9 After receiving the access authentication response packet sent by the AP, the MT verifies the signature of the AP and the signature of the ASU, and obtains the certificate verification result of the AP, and determines whether to access the AP according to the verification result of the AP certificate. If the verification result is correct, the access is decided, otherwise it is not accessed;);
  • Step 10 If the certificate authentication is passed, the AP and the MT perform key negotiation, and the negotiated key is used for communication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un système et un procédé d'authentification basés sur WAPI (infrastructure d'authentification et de confidentialité WLAN). Le procédé comprend : lorsqu'une authentification est mise en place pour un certificat entre un point d'accès et un terminal mobile, ledit point d'accès sélectionne un ou plusieurs serveurs d'authentification afin de mettre en place l'authentification du certificat. Grâce à la solution technique de l'invention, l'authentification du certificat peut être mise en place par la sélection flexible d'un seul serveur d'authentification ou d'une pluralité de serveurs d'authentification selon un exemple réel et selon une table d'états d'utilisation actuelle des serveurs d'authentification, gérée par le point d'accès qui sélectionne les serveurs d'authentification qui participent à l'authentification du certificat. L'authentification réalisée avec une pluralité de serveurs d'authentification supprime les inconvénients de l'authentification réalisée avec un seul serveur d'authentification et le serveur d'authentification dans lequel survient la tromperie peut être détecté efficacement ; en outre l'efficacité d'authentification est améliorée.
PCT/CN2009/075687 2009-07-22 2009-12-17 Système et procédé d'authentification basés sur wapi (infrastructure d'authentification et de confidentialité wlan) WO2011009268A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910160652.0 2009-07-22
CNA2009101606520A CN101610515A (zh) 2009-07-22 2009-07-22 一种基于wapi的认证***及方法

Publications (1)

Publication Number Publication Date
WO2011009268A1 true WO2011009268A1 (fr) 2011-01-27

Family

ID=41484045

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075687 WO2011009268A1 (fr) 2009-07-22 2009-12-17 Système et procédé d'authentification basés sur wapi (infrastructure d'authentification et de confidentialité wlan)

Country Status (2)

Country Link
CN (1) CN101610515A (fr)
WO (1) WO2011009268A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404736A (zh) * 2011-12-28 2012-04-04 西安西电捷通无线网络通信股份有限公司 一种wai 证书鉴别方法及装置

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610515A (zh) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 一种基于wapi的认证***及方法
CN101795463B (zh) * 2010-02-09 2012-10-31 工业和信息化部电信传输研究所 无线局域网鉴别和保密基础结构协议分析方法和***
CN101783753B (zh) * 2010-02-09 2012-04-25 工业和信息化部电信传输研究所 无线局域网鉴别和保密基础结构协议分析方法和***
CN101795239B (zh) * 2010-04-14 2012-10-17 杭州华三通信技术有限公司 一种认证方法和设备
CN103795694A (zh) * 2012-10-31 2014-05-14 中国电信股份有限公司 许可控制方法及***
CN106330828B (zh) * 2015-06-25 2020-02-18 联芯科技有限公司 网络安全接入的方法、终端设备
CN107360572B (zh) * 2016-05-10 2019-11-12 普天信息技术有限公司 一种基于wifi的安全增强认证方法以及装置
CN111669756B (zh) * 2020-07-24 2023-07-04 广西电网有限责任公司 一种wapi网络中传递接入网络信息的***及方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1356812A (zh) * 2002-01-08 2002-07-03 广东省电信科学技术研究院 分布式认证/计费服务器***及其实现方法
CN1444386A (zh) * 2001-12-31 2003-09-24 西安西电捷通无线网络通信有限公司 宽带无线ip***移动终端的安全接入方法
CN1802839A (zh) * 2003-01-13 2006-07-12 摩托罗拉公司(在特拉华州注册的公司) 通过无线局域网向移动站提供网络服务信息的方法和装置
CN101243438A (zh) * 2005-08-22 2008-08-13 微软公司 分布式单一注册服务
CN101610515A (zh) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 一种基于wapi的认证***及方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1444386A (zh) * 2001-12-31 2003-09-24 西安西电捷通无线网络通信有限公司 宽带无线ip***移动终端的安全接入方法
CN1356812A (zh) * 2002-01-08 2002-07-03 广东省电信科学技术研究院 分布式认证/计费服务器***及其实现方法
CN1802839A (zh) * 2003-01-13 2006-07-12 摩托罗拉公司(在特拉华州注册的公司) 通过无线局域网向移动站提供网络服务信息的方法和装置
CN101243438A (zh) * 2005-08-22 2008-08-13 微软公司 分布式单一注册服务
CN101610515A (zh) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 一种基于wapi的认证***及方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404736A (zh) * 2011-12-28 2012-04-04 西安西电捷通无线网络通信股份有限公司 一种wai 证书鉴别方法及装置

Also Published As

Publication number Publication date
CN101610515A (zh) 2009-12-23

Similar Documents

Publication Publication Date Title
WO2011009268A1 (fr) Système et procédé d'authentification basés sur wapi (infrastructure d'authentification et de confidentialité wlan)
US8756675B2 (en) Systems and methods for security in a wireless utility network
KR101158956B1 (ko) 통신 시스템에 증명서를 배분하는 방법
CN104145465B (zh) 机器类型通信中基于群组的自举的方法和装置
JP5688087B2 (ja) 信頼できる認証およびログオンのための方法および装置
EP1536609A2 (fr) Systemes et methodes d'authentification des communications dans une reseau
US20110107104A1 (en) METHOD, SYSTEM, AND DEVICE FOR NEGOTIATING SA ON IPv6 NETWORK
CN107396350B (zh) 基于sdn-5g网络架构的sdn组件间安全保护方法
WO2011038620A1 (fr) Procédé d'authentification d'accès, appareil et système dans un réseau de communications mobiles
US11451959B2 (en) Authenticating client devices in a wireless communication network with client-specific pre-shared keys
WO2017185913A1 (fr) Procédé d'amélioration du mécanisme d'authentification d'un réseau local sans fil
WO2011020274A1 (fr) Procédé et système de commande d'accès de sécurité pour réseau local filaire
CN101552986B (zh) 一种流媒体业务的接入认证方法及***
WO2010012203A1 (fr) Procédé d'authentification, procédé de recertification et dispositif de communication
WO2017185450A1 (fr) Procédé et système d'authentification de terminal
WO2013004112A1 (fr) Procédé et dispositif de transmission de données
WO2011009317A1 (fr) Procédé, système et serveur d'authentification
WO2011017924A1 (fr) Procede, systeme, serveur et terminal d'authentification dans un reseau local sans fil
WO2012058896A1 (fr) Procédé et système pour ouverture de session unique
WO2009074050A1 (fr) Procede, systeme et appareil d'authentification de dispositif de point d'acces
WO2011022915A1 (fr) Procédé et système pour commande d'accès de sécurité à un réseau basé sur des clés pré-partagées
GB2598669A (en) Server-based setup for connecting a device to a local area newwork
WO2011063744A1 (fr) Procédé, système et dispositif d'authentification d'identité dans l'authentification par protocole d'authentification extensible (eap)
CN101969639B (zh) 一种多级证书和多种认证模式混合共存接入认证方法和***
WO2011020279A1 (fr) Procédé d'authentification d'identité à base certificat de clé publique et système correspondant

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09847503

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09847503

Country of ref document: EP

Kind code of ref document: A1