WO2013097348A1 - Extendible authentication protocol access authentication method and device - Google Patents

Extendible authentication protocol access authentication method and device Download PDF

Info

Publication number
WO2013097348A1
WO2013097348A1 PCT/CN2012/072155 CN2012072155W WO2013097348A1 WO 2013097348 A1 WO2013097348 A1 WO 2013097348A1 CN 2012072155 W CN2012072155 W CN 2012072155W WO 2013097348 A1 WO2013097348 A1 WO 2013097348A1
Authority
WO
WIPO (PCT)
Prior art keywords
parameter
app
terminal device
authentication
eap
Prior art date
Application number
PCT/CN2012/072155
Other languages
French (fr)
Chinese (zh)
Inventor
刘少华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013097348A1 publication Critical patent/WO2013097348A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications, and in particular to a scalable authentication protocol authentication access method and apparatus.
  • An Extensible Authentication Protocol is a user access network authentication protocol based on a Universal Subscriber Identity Module (USIM) card.
  • the protocol can be directly applied to the data link layer, such as 802.11, 802.3, and Point to Point Protocol (PPP), providing mechanisms for retransmitting and eliminating duplicate messages.
  • PPP Point to Point Protocol
  • All types of authentication can be supported. Different authentication access methods are implemented by extending EAP request response messages and introducing different authentication methods, including EAP-SIM, EAP-authentication, and key agreement. Authentication and Key Agreement (AKA).
  • AKA Authentication and Key Agreement
  • EAP-SIM uses the Global System for Mobile Communication (GSM) authentication method and SIM's key distribution mechanism to implement two-way authentication of terminals and networks based on GSM one-way authentication.
  • GSM Global System for Mobile Communication
  • EAP-AKA uses the AKA rights method and the USIM key distribution mechanism to implement two-way authentication between the terminal and the network.
  • EAP authentication must be based on the USIM card. Therefore, this authentication method mainly appears in terminal devices embedded in USIM cards, such as mobile phones, data cards, modules, and tablets.
  • the EAP authentication process of the current data card is mostly integrated in the UI.
  • the access point (Access Point, AP for short) is selected on the UI, the authentication mode is selected, the SIM card information is queried and recorded, and the authentication parameters are used. Organization, processing of connection results, etc.
  • AP Access Point
  • the present invention provides a scalable authentication protocol authentication access method and apparatus, to at least solve the problem that the EAP authentication in the related art causes the terminal device to have a large dependence on the external environment.
  • an extensible authentication protocol authentication access method including: receiving a connection request from an APP of a terminal device, wherein the connection request is used by an APP to request access to a designated AP thereof;
  • the parameter of the AP and the parameter of the USIM card of the terminal device generate an EAP authentication request message; and send an EAP authentication request message to the DRIVER of the terminal device.
  • the method Before receiving the connection request from the APP of the terminal device, the method further includes: receiving a scan instruction from the APP for instructing scanning of the AP; scanning to one or more APs according to the scan instruction; sending one or more to the APP
  • the parameters of the AP wherein the parameters of one or more APs include at least one of the following: authentication type, encryption mode, network mode, physical address, and signal strength.
  • the method further includes: determining that the access status of the APP requesting access to the designated AP is the accessed state; A message indicating the termination of the connection.
  • the method further includes: determining that the access state of the APP requesting access to the specified AP is a pending access state, where the access mode is to be accessed.
  • the status includes one of the following: searching AP status, disconnecting status, initializing status; indicating that the APP delays waiting for the access status of its designated AP to exit the pending status.
  • the method Before generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the specified AP supports EAP authentication; if the determination result is yes, performing the The parameter and the parameters of the USIM card of the terminal device generate an operation of the EAP authentication request message. Before the EAP authentication request message is generated according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the signal strength of the specified AP meets the requirement of the terminal device; if the determination result is yes, performing the The operation of the EAP authentication request message is generated by the parameters of the specified AP and the parameters of the USIM card of the terminal device.
  • the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device includes: determining an EAP authentication mode according to the type of the USIM card, where the EAP authentication mode includes one of the following: EAP-SIM, EAP-AKA;
  • the authentication request message carries the EAP authentication mode.
  • the method further includes: starting a timer, wherein the timer is configured to monitor whether the EAP authentication result from the DRIVER is received within a predetermined time.
  • an extensible authentication protocol authentication access apparatus comprising a first receiving module configured to receive a connection request from an application layer APP of a terminal device, wherein the connection request is used for APP request access a specified AP; a generating module, configured to generate an extensible authentication protocol EAP authentication request message according to a parameter of the specified AP and a parameter of the USIM card of the terminal device; the first sending module is configured to send the EAP to the driving layer DRIVER of the terminal device Authentication request message.
  • the device further includes: a second receiving module, configured to receive a scan instruction from the APP for instructing scanning of the AP; a scanning module configured to scan to one or more APs according to the scan instruction; and a second sending module configured to The APP sends parameters of one or more APs, where the parameters of one or more APs include at least one of the following: authentication type, encryption mode, network mode, physical address, and signal strength.
  • a second receiving module configured to receive a scan instruction from the APP for instructing scanning of the AP
  • a scanning module configured to scan to one or more APs according to the scan instruction
  • a second sending module configured to The APP sends parameters of one or more APs, where the parameters of one or more APs include at least one of the following: authentication type, encryption mode, network mode, physical address, and signal strength.
  • FIG. 1 is a flowchart of an extensible authentication protocol authentication access method according to an embodiment of the present invention
  • FIG. 2 is an overall flowchart of EAP authentication access according to an embodiment of the present invention
  • FIG. 4 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to an embodiment of the present invention
  • FIG. 5 is an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention
  • FIG. 6 is a structural block diagram 2 of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention
  • FIG. 7 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention.
  • Step S102 Receive a connection request from an APP of the terminal device, where the connection request is used by the APP to request access to the designated AP.
  • Step S104 Generate an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device.
  • Step S106 sending an EAP authentication request message to the DRIVER of the terminal device.
  • the EAP authentication causes the terminal device to have a greater dependence on the external environment.
  • an EAP authentication-based EAP authentication access module is integrated in the terminal device, which can reduce the dependence of the terminal on the external environment and improve the performance of the entire system.
  • the information related to the SIM card and the terminal exposed by the present invention is small, and the security performance can be greatly improved.
  • the integration of the module greatly reduces various abnormal faults, the stability of the entire system is improved.
  • the method before receiving the connection request from the APP of the terminal device, the method further includes: receiving a scan instruction from the APP for instructing scanning of the AP; scanning to one or more APs according to the scan instruction; sending to the APP A parameter of one or more APs, where the parameters of one or more APs include at least one of the following: an authentication type, an encryption mode, a network mode, a physical address, and a signal strength.
  • the scan instructions do not need to pass any parameters.
  • the following describes the EAP authentication access process of the present invention by using the WLAN connection process as an example, including the following steps 1 to 7. Step 1.
  • the WIFI driver layer is successfully initialized.
  • Step 2 Scan the APs available in the current network, and record related parameters of each AP into the AP list.
  • Step 3 After receiving the specified AP connection command, determine the validity of the AP and obtain the parameters of the AP.
  • Step 4 Obtain the USIM card information and determine the authentication mode, and assemble the EAP authentication message parameters.
  • Step 5 Correctly process and feedback the authentication result, and reset the connection status.
  • Step 6. Initiate a DHCP request and apply for a network address.
  • Step 7. Complete the data transfer. That is, the following method is adopted in the embodiment: The card side receives the commands of scanning, connecting, disconnecting, etc. delivered by the APP, completes the EAP authentication of the AP, and accesses the AP, and feeds back the connection result.
  • the first 5 steps are necessary to complete EAP authentication. It should be noted that before the WIFI driver layer is initialized, the WIFI switch must be turned on before WIFI can start working. Before connecting to the AP, you need to scan the APs available in the network and obtain some authentication parameters provided by the AP for connection. If there is no USIM. If the card or USIM does not open the related service, it cannot be authenticated. If the authentication result is successful, failure, timeout, etc., the subsequent processing of the module itself and feedback of the corresponding result should be completed to the APP. The next two steps are necessary to transfer data.
  • the function module can correctly receive the message instruction of the APP, convert it into a command type that can be recognized by the WIFI driver layer, and complete data transfer between the APP and the WIFI driver layer.
  • the EAP authentication access method may be presented in the form of a function module, where the module is responsible for receiving and feeding back various command messages of the upper layer, and directly transmitting data and commands to and from the WIFI driver layer (the WIFI driver layer is a WIFI chip).
  • the provider provides a set of interface layers that can handle various WIFI-related operations, which is not the focus of this patent.
  • the module can provide WIFI connection, disconnection, scanning AP and other AT command interfaces (for UI) and API interface (for secondary development) at the same time.
  • the number of interfaces is relatively small, and the form and incoming parameters are relatively simple. It can effectively reduce the workload of secondary development, while reducing the dependence on the UI. For example, as long as the AT command connected to an AP is sent, the entire connection process can be completed; when the API interface is called, the name of the AP is also passed.
  • the method further includes: determining that the access state of the APP requesting access to the designated AP is the accessed state; The APP sends a message indicating the termination of the connection.
  • the connection state is already established, the connection action is terminated to avoid waste of system resources.
  • the method further includes: determining that the access state of the APP requesting access to the designated AP is a pending state, where The to-be-accessed state includes one of the following: searching for an AP state, a disconnecting state, and an initializing state; indicating that the APP delays waiting for an access state of its designated AP to exit the pending access state.
  • the method before the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the specified AP supports EAP authentication; If yes, an operation of generating an EAP authentication request message according to the parameters of the specified AP and the parameters of the USIM card of the terminal device is performed.
  • the designated operation is performed in the case of judging the support of the authentication, thereby avoiding waste of system resources.
  • the method before the generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the signal strength of the specified AP meets the requirement of the terminal device; if the determination result is yes, Then, an operation of generating an EAP authentication request message according to the parameters of the specified AP and the parameters of the USIM card of the terminal device is performed.
  • the specified operation is performed in the case where it is judged that the signal strength satisfies the requirement, thereby avoiding waste of system resources.
  • generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device includes: determining an EAP authentication mode according to the type of the USIM card, where the EAP authentication mode includes one of the following: EAP-SIM, EAP-AKA The EAP authentication mode is carried in the EAP authentication request message.
  • the method further includes: starting a timer, wherein the timer is configured to monitor whether the EAP authentication result from the DRIVER is received within a predetermined time.
  • Step S202 in the MODEM, the module is powered on, and the data port is inserted into the USB port.
  • Step S204 initializing system resources, including platform initialization, creating system resources, and the like.
  • Step S206 creating a message processing thread, the thread is the main working thread of the module.
  • the operations of connecting, scanning, disconnecting, etc., and the results of these operations are all received by the module thread in the form of a message.
  • the thread receives the message, it performs corresponding
  • the next step is to set the current operating state, such as the connected state, disconnected state, idle state, and so on.
  • the MODEM underlying driver is initialized.
  • the APP sends a scan AP command.
  • the MODEM receives the scan instruction of the APP, and performs the scanning operation.
  • the module can receive the APP command and work normally. You must scan before connecting. Because it must be obtained
  • the APs in the current network and the related parameters of each AP can be used as the basis for access to successfully connect to the AP.
  • step S214 the DRIVER learns the available APs in the current network and sends them to the WLAN-AN.
  • DRIVER records information about each AP from the node and sends it to the MODEM.
  • step S218, the APs and their key parameters are fed back to the APP in a list form, and the key parameters refer to the authentication type, the encryption mode, and the signal strength. This allows the upper layer to determine which APs are available for use.
  • step S220 the APP obtains the AP list.
  • step S222 the APP specifies an AP to connect.
  • step S224 the MODEM starts to initiate an EAP authentication request and waits for the DRIVER layer to return the authentication result.
  • the EAP authentication interaction also involves many more detailed details, which will be further explained in subsequent Figure 3.
  • Step S226 the DRIVER layer will complete the interaction of the protocol message related to the EAP authentication with the network.
  • step S230 the MODEM layer receives the authentication result and the processing details, which will be described in detail in FIG. Return the connection result to the APP.
  • step S232 the APP acquires the connection result.
  • Step S234 if the authentication is successful, the APP can apply for the network address.
  • Step S236, the MODEM receives the network address request of the APP, and sends various data packets related to the DHCP request to the DRIVER.
  • Step S238, the DRIVER layer encapsulates the data and sends it to apply for a network address (including DS, IP address, gateway address, etc.).
  • Step S240 if the network card device can be enumerated when the data card is connected to the PC, the DHCP request can be completed by the PC.
  • MODEM only needs to perform data transfer.
  • the MODEM can report the network address to the APP, or directly forward the DHCP packet to the PC, and the PC resolves the network address by itself.
  • the AP connection process is completed.
  • Step S250 after receiving the instruction, the MODEM sends an offline message to the DRIVER layer.
  • step S252 DRIVER encapsulates the data and sends it to the WLAN-AN. Because the general EAP certified server has a billing system.
  • step S254 DRIVER forwards the data to the MODEM.
  • step S256 the MODEM analyzes the response of the offline message.
  • step S260 DRIVER sends a disconnect request to the AP.
  • step S262 the APP receives further processing of the disconnection result, including related timer reset, connection status setting, and result reporting APP.
  • DRIVER returns the disconnection result to the MODEM and processes the report.
  • step S264 the MODEM processes the disconnection result and reports it.
  • step S266 the disconnection ends.
  • FIG. 3 is a detailed flowchart of performing EAP authentication according to an embodiment of the present invention. As shown in FIG. 3, the following steps S302 to S338 are included. Step S302, receiving a specified AP connection request of the APP, marking the start of an EAP authentication.
  • Step S304 the MODEM determines the validity of the AP that is sent by the APP.
  • Step S306 determine whether the AP exists in the network, and then determine whether the AP supports EAP authentication; then check whether the signal strength analysis is suitable for connection.
  • Step S306 obtaining an AP parameter, and some parameters of the AP are used for accessing, such as an authentication type, an encryption mode, a network mode, and the like.
  • the DRIVER layer has already recorded these parameters, and the MODEM is directly acquired and saved to DRIVER.
  • Step S308 detecting the current state.
  • step S310 it is determined whether the connection is in progress. If the process of the last connection is not completed, that is, the connection state is still currently in progress, step S312 is performed; if not, the step S314 is performed. Step S312, returning information that the APP is currently busy.
  • step S314 it is determined whether the current is idle. If yes, go to step S316; if no, go to step S336.
  • Step S316 determining an EAP authentication mode, generally having two types of EAP-SIM and EAP-AKA. The selection of the mode can be determined by the user or by determining the type of the SIM card.
  • IMSI International Mobile Subscriber Identification
  • Step S320 organizing the authentication parameter, because the DRIVER layer and the AP need a series of authentication information, such as an AP name, an authentication type, an encryption mode, a network mode, an IMSI number, a key, etc., so the MODEM must be from various The way to get these parameters is effectively organized and sent to the DRIVER layer.
  • the MODEM initiates an authentication request, and all the required parameters are brought in at this time.
  • Step S324 starting a timer.
  • the MODEM introduces a timeout mechanism, and does not receive the authentication result within a certain period of time to perform timeout failure processing.
  • the MODEM determines whether the authentication result returned by the DRIVER is received within the specified timeout period.
  • Step S328 stopping and resetting the timer.
  • Step S330 resetting the connection state.
  • the result of the authentication is reported to the APP, which is a successful connection, a connection failure, or a connection timeout. Different authentication results determine the next operation of the APP, such as reconnection, disconnection, and network address application.
  • the result of the determination is a connection timeout.
  • other states such as searching for the AP state, the disconnecting state, and the initializing state, delay waiting to return to the idle state and then performing the connection. Also, if you are currently connected to the network.
  • step S3308 the connection ends.
  • the EAP certification is basically completed.
  • MODEM implements a complete set of WLAN access procedures. There are only a few simple message instructions provided to the APP. The scanning AP does not need to pass any parameters, and can return all available APs and various required authentication parameters for AP reference. The AP only needs to specify the AP name. If necessary, the key is re-introduced. The MODEM side fully considers the various situations that may occur during the access. The APP only needs to wait for the connection result. The MODEM can even inform the AP of the reason for the failure in the case of a connection failure.
  • the open connection also does not need to carry other parameters, and the MODEM also considers the function of terminating server billing. If the APP needs, the MODEM can also inform the AP of the changes in the AP list and parameters, the signal strength of each AP, and let the APP select the appropriate AP to connect, the theoretical rate that each AP can bear, and so on. In this way, whether it is secondary development or UI design, the interface with MODEM has become very simple. It also reduces the development amount and debugging difficulty of the APP side. Even if you change the app, the card side can be fully adapted with a few changes. In addition, the MODEM side can also consider non-EAP authentication mode access to adapt to the user's connection to the ordinary AP.
  • FIG. 4 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to an embodiment of the present invention. As shown in FIG. 4, the first receiving module 42, the generating module 44, and the first sending module 46 are included.
  • the first receiving module 42 is configured to receive a connection request from the application layer APP of the terminal device, where the connection request is used for the APP to request access to its designated AP;
  • the generating module 44 is connected to the first receiving module 42 and configured to be specified according to the The parameter of the AP and the parameter of the USIM card of the terminal device generate an extensible authentication protocol EAP authentication request message;
  • the first sending module 46 is connected to the generating module 44, and is configured to send an EAP authentication request message to the driver layer DRIVER of the terminal device.
  • 5 is a structural block diagram of an extensible authentication protocol authentication access device according to a preferred embodiment of the present invention. As shown in FIG.
  • the device further includes: a second receiving module 48, configured to receive an indication scan from the APP. Scanning instruction of the AP; the scanning module 410 is connected to the second receiving module 48, and is set to scan according to the scanning instruction
  • the first sending module 412 is connected to the scanning module 410, and is configured to send parameters of one or more APs to the APP, where the parameters of the one or more APs include at least one of the following: authentication type, encryption Mode, network mode, physical address, signal strength.
  • FIG. 6 is a block diagram showing the structure of an extensible authentication protocol authentication access device according to a preferred embodiment of the present invention. As shown in FIG.
  • the device further includes: a first determining module 414 connected to the first receiving module 42 and configured to be configured as Determining that the access status of the APP requesting access to its designated AP is the accessed state; the third sending module 416 is connected to the first determining module 414, and is configured to send a message to the APP for indicating termination of the connection.
  • FIG. 7 is a structural block diagram 3 of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention. As shown in FIG.
  • the apparatus further includes: a second determining module 418 connected to the first receiving module 42 and configured to Determining that the access status of the APP requesting access to the specified AP is a pending access state, wherein the to-be-accessed state includes one of the following: searching for an AP state, a disconnecting state, and an initializing state; the indicating module 420, connecting to the second determining The module 418 is configured to indicate that the APP delays waiting for the access state of the designated AP to exit the pending state.
  • the extensible authentication protocol authentication access device described in the device embodiment corresponds to the foregoing method embodiment, and the specific implementation process has been described in detail in the method embodiment, and details are not described herein again.
  • an extended authentication protocol authentication access method and apparatus are provided.
  • an EAP authentication-based EAP authentication access module is integrated in the terminal device, which reduces the dependence of the terminal on the external environment and improves the performance of the entire system.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are an extendible authentication protocol authentication access method and device. The method comprises: receiving a connection request from an APP of a terminal device, the connection request being used for the APP to request to access a specified AP thereof; generating an EAP authentication request message in accordance with a parameter of the specified AP and a USIM parameter of the terminal device; and sending the EAP authentication request message to a DRIVER of the terminal device. Through the present invention, EAP authentication access modules based on EAP authentication are integrated in the terminal device, the dependency of a terminal on the external environment is reduced, and the overall system performance is improved.

Description

可扩展认证协议认证接入方法及装置 技术领域 本发明涉及通信领域, 具体而言,涉及一种可扩展认证协议认证接入方法及装置。 背景技术 可扩展认证协议 (Extensible Authentication Protocol, 简称为 EAP), 是一种基于 总体客户识别模块 (Universe Subscriber Identity Module, 简称为 USIM) 卡的用户接 入网络认证协议。 该协议可直接应用于数据链路层之上, 如 802.11、 802.3、 点对点协 议 (Point to Point Protocol, 简称为 PPP), 提供重传和消除重复报文的机制。 在 EAP 框架下, 各类鉴权都可以被支持, 不同认证接入方法通过扩展 EAP请求响应消息, 并 引入具体不同的鉴权方法来实现, 主要包括 EAP-SIM、 EAP-认证与密钥协商协议 (Authentication and Key Agreement, 简称为 AKA)等。 EAP-SIM在 EAP框架基础上 使用全球移动通信(Global system for Mobile Communication, 简称为 GSM)鉴权方法 和 SIM 的密钥分发机制, 在 GSM 单向鉴权基础上实现终端和网络的双向鉴权。 EAP-AKA在 EAP框架基础上使用 AKA权方法和 USIM的密钥分发机制, 实现终端 和网络的双向鉴权。  The present invention relates to the field of communications, and in particular to a scalable authentication protocol authentication access method and apparatus. An Extensible Authentication Protocol (EAP) is a user access network authentication protocol based on a Universal Subscriber Identity Module (USIM) card. The protocol can be directly applied to the data link layer, such as 802.11, 802.3, and Point to Point Protocol (PPP), providing mechanisms for retransmitting and eliminating duplicate messages. In the EAP framework, all types of authentication can be supported. Different authentication access methods are implemented by extending EAP request response messages and introducing different authentication methods, including EAP-SIM, EAP-authentication, and key agreement. Authentication and Key Agreement (AKA). Based on the EAP framework, EAP-SIM uses the Global System for Mobile Communication (GSM) authentication method and SIM's key distribution mechanism to implement two-way authentication of terminals and networks based on GSM one-way authentication. . Based on the EAP framework, EAP-AKA uses the AKA rights method and the USIM key distribution mechanism to implement two-way authentication between the terminal and the network.
EAP认证必须以 USIM卡作为媒介, 所以这种认证方式主要出现在内嵌 USIM卡 的终端设备中, 如手机、 数据卡、 模块、 平板电脑等。 现行数据卡的 EAP认证流程大 都集成在 UI内部, 在 UI上完成对接入点 (Access Point, 简称为 AP) 的选取、 鉴权 模式的选择、 SIM卡信息的查询与记录、 鉴权参数的组织、 连接结果的处理等操作。 这样的方式固然减轻了终端的工作量,但是有一个明显的缺点是 UI和终端的相互依赖 性比较大。 由于上述 EAP认证的各个环节的复杂性和特殊性, 当更换别的类型的数据 卡后, ***不一定能正常工作。 相反, 更换 UI的结果也一样。 另外一个缺点就是, 如果用数据卡做二次开发, 那么以 EAP认证方式去连接 AP 的话,应用层 APP和卡侧之间的应用程序编程接口(Application Programming Interface, 简称为 API) 将非常的复杂。 这无疑增加了二次开发的工作量。 另外, 接口越复杂, 双方就越难完好的配合, 必然导致各种潜在的隐患, 降低整个***的性能。 发明内容 本发明提供了一种可扩展认证协议认证接入方法及装置, 以至少解决相关技术中 EAP认证造成终端设备对外界环境的依赖性较大的问题。 根据本发明的一个方面, 提供了一种可扩展认证协议认证接入方法, 包括: 接收 到来自终端设备的 APP的连接请求, 其中连接请求用于 APP请求接入其指定的 AP; 根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息; 向终端 设备的 DRIVER发送 EAP认证请求消息。 在接收到来自终端设备的 APP 的连接请求之前, 上述方法还包括: 接收到来自 APP的用于指示扫描 AP的扫描指令; 根据扫描指令, 扫描到一个或多个 AP; 向 APP 发送一个或多个 AP的参数,其中一个或多个 AP的参数包括以下至少之一:认证类型、 加密方式、 网络模式、 物理地址、 信号强度。 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息之 前, 上述方法还包括: 确定 APP请求接入其指定的 AP的接入状态是已接入状态; 向 APP发送用于指示终止连接的消息。 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息之 前, 上述方法还包括: 确定 APP请求接入其指定的 AP的接入状态是待接入状态, 其 中待接入状态包括以下之一: 搜索 AP状态、 正在断开状态、 初始化状态; 指示 APP 延时等待其指定的 AP的接入状态退出待接入状态。 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息之 前, 上述方法还包括: 判断指定的 AP的是否支持 EAP认证; 如果判断结果为是, 则 执行根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息的操 作。 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息之 前, 上述方法还包括: 判断指定的 AP的信号强度是否满足终端设备的需求; 如果判 断结果为是, 则执行根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认 证请求消息的操作。 根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息包括: 根据 USIM卡的类型确定 EAP认证模式,其中 EAP认证模式包括以下之一: EAP-SIM、 EAP-AKA; 在 EAP认证请求消息中携带 EAP认证模式。 在向终端设备的 DRIVER发送 EAP认证请求消息之后, 上述方法还包括: 启动 定时器, 其中定时器用于监控在预定的时间内是否收到来自 DRIVER的 EAP认证结 果。 根据本发明的另一个方面, 提供了一种可扩展认证协议认证接入装置, 包括第一 接收模块, 设置为接收来自终端设备的应用层 APP 的连接请求, 其中连接请求用于 APP请求接入其指定的 AP; 生成模块, 设置为根据指定的 AP 的参数和终端设备的 USIM卡的参数生成可扩展认证协议 EAP认证请求消息; 第一发送模块, 设置为向终 端设备的驱动层 DRIVER发送 EAP认证请求消息。 上述装置还包括: 第二接收模块, 设置为接收来自 APP的用于指示扫描 AP的扫 描指令; 扫描模块, 设置为根据扫描指令, 扫描到一个或多个 AP; 第二发送模块, 设 置为向 APP发送一个或多个 AP的参数, 其中一个或多个 AP的参数包括以下至少之 一: 认证类型、 加密方式、 网络模式、 物理地址、 信号强度。 通过本发明, 在终端设备内部集成基于 EAP认证的 EAP认证接入模块, 减少终 端对外界环境的依赖, 提升整个***性能。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1是根据本发明实施例的可扩展认证协议认证接入方法的流程图; 图 2是根据本发明实施例的 EAP认证接入的整体流程图; 图 3是根据本发明实施例的进行 EAP认证的详细流程图; 图 4是根据本发明实施例的可扩展认证协议认证接入装置的结构框图; 图 5是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图一; 图 6是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图二; 图 7是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图三。 具体实施方式 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相 互组合。 下面将参考附图并结合实施例来详细说明本发明。 本发明提供了一种可扩展认证协议认证接入方法, 图 1是根据本发明实施例的可 扩展认证协议认证接入方法的流程图, 包括如下的步骤 S102至步骤 S106。 步骤 S102, 接收到来自终端设备的 APP的连接请求, 其中连接请求用于 APP请 求接入其指定的 AP。 步骤 S104,根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请 求消息。 步骤 S106, 向终端设备的 DRIVER发送 EAP认证请求消息。 相关技术中, EAP认证造成终端设备对外界环境的依赖性较大。本发明实施例中, 在终端设备内部集成基于 EAP认证的 EAP认证接入模块, 可以减少终端对外界环境 的依赖, 提升整个***性能。 同时, 本发明对外暴露的与 SIM卡和终端相关的信息很少, 可以大大提升安全性 能。 并且, 由于模块的集成大大减少了各种异常故障, 也就提升了整个***的稳定性。 优选地, 在接收到来自终端设备的 APP的连接请求之前, 上述方法还包括: 接收 到来自 APP的用于指示扫描 AP的扫描指令; 根据扫描指令, 扫描到一个或多个 AP; 向 APP发送一个或多个 AP的参数, 其中一个或多个 AP的参数包括以下至少之一: 认证类型、 加密方式、 网络模式、 物理地址、 信号强度。 本优选实施例中, 仅仅将用 于指示扫描 AP的简单消息指令提供给 APP, 扫描指令无须传入任何参数。 下面以 WLAN的连接过程为例具体描述本发明的 EAP认证接入过程, 包括如下 步骤 1至步骤 7。 步骤 1, WIFI驱动层初始化成功。 步骤 2, 扫描当前网络中可用的 AP, 并记录各 AP的相关参数放入 AP列表。 步骤 3, 接收到指定 AP连接指令后, 判断 AP的有效性及获取该 AP的参数。 步骤 4, 获取 USIM卡信息并且确定好鉴权模式, 组装 EAP认证消息参数。 步骤 5, 正确处理和反馈认证结果, 重置连接状态。 步骤 6, 发起 DHCP请求, 申请网络地址。 步骤 7, 完成数据中转。 即, 本实施例采用以下方法: 卡侧接收 APP下发的扫描、 连接、 断开等指令, 完 成对 AP的 EAP认证, 并接入 AP, 反馈连接结果。 在上述 7个步骤中, 前面 5个步 骤是完成 EAP认证所必须的。 需要注意的是, WIFI驱动层初始化前先要打开 WIFI 开关, WIFI才能开始工作; 在连接 AP之前需要扫描网络中可用的 AP, 同时获取 AP 所提供的一些鉴权参数供连接使用; 如果没有 USIM卡或者 USIM没有开通相关业务 也是无法进行认证的; 认证结果有成功, 失败和超时等, 应该完成对模块本身的后续 处理和反馈相应的结果给 APP。 后面两个步骤是传输数据时所必须。 通过本发明实施 例, 功能模块可以正确接收 APP的消息指令, 转化成 WIFI驱动层能识别的命令类型, 并完成 APP和 WIFI驱动层之间的数据中转。 本实施例提供 EAP认证接入方法可以以功能模块的形式呈现,该模块负责接收和 反馈上层的各种命令消息, 并直接与 WIFI驱动层进行数据、 命令的相互传输 (WIFI 驱动层是 WIFI芯片提供商所提供的一套能处理各种 WIFI相关的各种操作的接口层, 非本专利所研究重点)。 该模块能同时向上提供 WIFI连接、 断开、 扫描 AP等 AT命 令接口 (针对 UI) 和 API接口 (针对二次开发), 接口数目相对较少, 形式和传入参 数也比较简单。能很有效的降低二次开发的工作量,同时对 UI的依赖性也减少。例如, 只要发送连接某个 AP的 AT命令, 就能完成整个连接过程; 调用 API接口时, 也只 要传入 AP的名字就行。 优选地, 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请 求消息之前, 上述方法还包括: 确定 APP请求接入其指定的 AP的接入状态是已接入 状态; 向 APP发送用于指示终止连接的消息。 通过本优选实施例, 在已处于连接状态 时, 终止连接动作, 避免***资源的浪费。 优选地, 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请 求消息之前, 上述方法还包括: 确定 APP请求接入其指定的 AP的接入状态是待接入 状态, 其中待接入状态包括以下之一: 搜索 AP状态、 正在断开状态、 初始化状态; 指示 APP延时等待其指定的 AP的接入状态退出待接入状态。 优选地, 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请 求消息之前, 上述方法还包括: 判断指定的 AP是否支持 EAP认证; 如果判断结果为 是, 则执行根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消 息的操作。通过本发明, 在判断支持认证的情况下进行指定操作, 避免***资源浪费。 优选地, 在根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请 求消息之前, 上述方法还包括: 判断指定的 AP的信号强度是否满足终端设备的需求; 如果判断结果为是, 则执行根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求消息的操作。 通过本发明, 在判断信号强度满足要求的情况下进行指定 操作, 避免***资源浪费。 优选地, 根据指定的 AP的参数和终端设备的 USIM卡的参数生成 EAP认证请求 消息包括: 根据 USIM卡的类型确定 EAP认证模式, 其中 EAP认证模式包括以下之 一: EAP-SIM、 EAP-AKA; 在 EAP认证请求消息中携带 EAP认证模式。 优选地, 在向终端设备的 DRIVER发送 EAP认证请求消息之后, 上述方法还包 括: 启动定时器, 其中定时器用于监控在预定的时间内是否收到来自 DRIVER的 EAP 认证结果。 下面将结合实例对本发明实施例的实现过程进行详细描述。 图 2是根据本发明实施例的 EAP认证接入的整体流程图, 在 WLAN接入的整个 过程中, 主要操作集中在 MODEM (调制解调) 层, MODEM和 APP、 DRIVER以及 WLAN接入网 (WLAN-AN)共同完成 EAP流程的过程如图 2所示, 包括如下的步骤 S202至步骤 S266。 步骤 S202, 在 MODEM中, 模块上电启动, 对于数据卡来说就是*** USB口。 步骤 S204, ***资源初始化, 包括平台初始化, 创建***资源等。 步骤 S206, 创建消息处理线程, 该线程是模块的主工作线程.连接、 扫描、 断开等 操作以及这些操作的结果都以消息的形式被模块线程接收.线程在接收到消息时, 做相 应的下一步处理, 同时设置当前操作状态, 如连接状态、 断开状态、 空闲状态等。 步骤 S208, MODEM底层驱动进行初始化。 步骤 S210, APP发送扫描 AP指令。 步骤 S212, MODEM接收到 APP的扫描指令, 进行扫描操作经过前面三个步骤 以后, 模块就能接收 APP指令并正常工作了。 连接之前必须先进行扫描。 因为必须获 知当前网络中的可用 AP以及各个 AP的相关参数作为接入的依据才能成功连接 AP。 相关参数包括认证类型、 加密方式、 网络模式、 物理地址、 信号强度等。 步骤 S214, DRIVER获知当前网络中的可用 AP, 发送给 WLAN-AN。 步骤 S216, DRIVER记录来自的各 AP相关信息, 发送给 MODEM。 步骤 S218, 将各个 AP及其关键参数以列表形式反馈给 APP, 关键参数是指认证 类型、 加密方式和信号强度。 这样可以让上层判断筛选出可供使用的 AP。 步骤 S220, APP获得该 AP列表。 步骤 S222, APP指定某个 AP进行连接。 步骤 S224, MODEM开始发起 EAP认证请求并等待 DRIVER层返回认证结果。 EAP认证交互还涉及到许多更详细的细节, 后续附图 3将进一步说明。 步骤 S226, DRIVER层将与网络之间完成 EAP认证相关的协议消息的交互。 步骤 S228, 返回认证结果给 MODEM层。 步骤 S230, MODEM层接收到认证结果后处理,处理细节将在附图 3中详细介绍。 将连接结果返回给 APP。 步骤 S232, APP获取连接结果。 步骤 S234, 如果认证成功, APP就可以申请网络地址了。 步骤 S236, MODEM接收到 APP的网络地址申请, 组装 DHCP请求相关的各种 数据包发送给 DRIVER。 步骤 S238, DRIVER层对数据进行封装并发送以申请网络地址 (包括 DS、 IP 地址、 网关地址等)。 步骤 S240, 如果数据卡接入 PC的时候, 能枚举出网卡设备, 则 DHCP请求可以 由 PC来完成。 MODEM只要进行数据中转即可。 步骤 S242, 解析 DHCP。 步骤 S244, MODEM可以将网络地址上报给 APP, 或者直接将 DHCP包转发给 PC, 由 PC自己解析网络地址。 步骤 S246, AP连接过程完成。 断开过程相对简单, 有以下步骤: 步骤 S248, APP直接下发断开连接请求, 无须具体指定某个 AP。 步骤 S250, MODEM接收到指令后, 向 DRIVER层发送下线消息。 步骤 S252, DRIVER对数据进行封装并发送至 WLAN-AN。 因为一般 EAP认证 的服务器都有计费***。 服务器接收到终端的下线消息, 就会停止计费。 步骤 S254, DRIVER将数据转发至 MODEM。 步骤 S256, MODEM分析下线消息的响应。 步骤 S258, MODEM再下发断开请求等待断开结果。 步骤 S260, DRIVER向 AP发送断开请求。 步骤 S262, APP收到断开结果的进一步处理, 包括相关定时器重置, 连接状态设 置, 结果上报 APP等。 DRIVER向 MODEM返回断开结果并处理上报。 步骤 S264, MODEM处理断开结果并上报。 步骤 S266, 断开结束。 图 3是根据本发明实施例的进行 EAP认证的详细流程图, 如图 3所示, 包括如下 的步骤 S302至步骤 S338。 步骤 S302, 接收到 APP的指定 AP连接请求, 标志一个 EAP认证的开始。 步骤 S304, MODEM对 APP传入的 AP进行有效性判断。 首先, 判断 AP是否存 在于网络中,然后判断 AP是否支持 EAP认证;再查看信号强度分析是否适于连接等。 步骤 S306, 获取 AP参数, AP某些参数是为了在接入的时候使用到, 如认证类 型、 加密方式、 网络模式等。 在扫描 AP的时候, DRIVER层已经记录了这些参数, MODEM直接向 DRIVER获取并保存即可。 步骤 S308, 检测当前状态。 步骤 S310, 判断是否正在连接, 如果上次连接的过程未完成, 即当前还处于连接 状态, 则执行步骤 S312; 如果不处于连接状态, 则执行步骤 S314。 步骤 S312, 返回 APP目前***忙的信息。 步骤 S314,判断当前是否空闲。如果是,执行步骤 S316;如果否,执行步骤 S336。 步骤 S316, 确定 EAP认证模式, 一般有 EAP-SIM和 EAP-AKA两种。 模式的选 择可以由用户决定或者判断 SIM卡的类型来确定。 步骤 S318,获取 SIM卡参数。主要是指国际移动用户识别码(International Mobile Subscriber Identification, 简称为 IMSI), 用来生成 EAP认证时所需的用户名等。 步骤 S320, 组织鉴权参数, 因为 DRIVER层与 AP进行认证时需要一系列的鉴权 信息, 如 AP名称、认证类型、加密方式、 网络模式、 IMSI号、密钥等, 所以 MODEM 必须从各种途径获取这些参数并有效的组织起来, 发给 DRIVER层。 步骤 S322, MODEM发起认证请求, 此时会将所需参数全部带入。 步骤 S324, 启动定时器。 MODEM引入超时机制, 在一定时间内没有收到认证结 果做超时失败处理。 步骤 S326, MODEM判断是否在规定的超时时间内收到了 DRIVER返回的认证 结果。 如果是, 执行步骤 S328; 如果否, 执行步骤 S334。 步骤 S328, 停止并重置定时器。 步骤 S330, 重置连接状态。 步骤 S332, 将认证的结果上报给 APP, 是连接成功、 连接失败, 或者是连接超时 等, 不同的认证结果决定着 APP的下一步操作, 如重连接、 断开、 网络地址申请等。 步骤 S334, 确定结果为连接超时。 步骤 S336, 其他状态如搜索 AP状态、 正在断开状态、 初始化状态, 延时等待回 到空闲状态再进行连接。 另外, 如果目前已连接网络。 则需告诉 APP应该先断开连接 再发送连接指令。 步骤 S338, 连接结束。 经过以上步骤, EAP认证就算基本完成。 从图 3可以看出, MODEM实现了一套完成的 WLAN接入流程。 提供给 APP的 只有几个简单的消息指令, 扫描 AP 无须传入任何参数, 并且能返回所有能用的 AP 以及所需要的各种鉴权参数以供 AP参考; 连接 AP只要指定 AP的名称, 必要的情况 下再传入密钥, 在 MODEM侧充分考虑了接入时会出现的各种情况, APP只需等待连 接结果就行, MODEM甚至可以告知 AP在连接失败的情况下失败的原因; 断开连接 同样不需要携带其他参数, MODEM还考虑了终止服务器计费的功能。如果 APP需要, MODEM还能随时告知网络中 AP列表及参数的改变、 各个 AP的信号强度来让 APP 选择适合的 AP进行连接、 每个 AP所能承载的理论速率等等。 这样, 无论是二次开发还是 UI的设计, 与 MODEM的接口也变得十分简单。 也 就降低了 APP侧的开发量和调试难度。 即使更换 APP, 卡侧也只需稍作改动就能完全 适配好。 另外, MODEM侧还能考虑非 EAP认证方式的接入, 以适应于用户对普通 AP的 连接。 增加了终端的适应范围。 如果是这样, 就可以将终端完全当作一个无线网卡来 用了。 需要说明的是, 在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的 计算机***中执行, 并且, 虽然在流程图中示出了逻辑顺序, 但是在某些情况下, 可 以以不同于此处的顺序执行所示出或描述的步骤。 本发明实施例提供了一种可扩展认证协议认证接入装置, 该装置可以用于实现上 述可扩展认证协议认证接入方法。 图 4是根据本发明实施例的可扩展认证协议认证接 入装置的结构框图, 如图 4所示, 包括第一接收模块 42、 生成模块 44和第一发送模 块 46。 下面对其结构进行详细描述。 第一接收模块 42,设置为接收来自终端设备的应用层 APP的连接请求,其中连接 请求用于 APP请求接入其指定的 AP; 生成模块 44, 连接至第一接收模块 42, 设置为 根据指定的 AP的参数和终端设备的 USIM卡的参数生成可扩展认证协议 EAP认证请 求消息; 第一发送模块 46, 连接至生成模块 44, 设置为向终端设备的驱动层 DRIVER 发送 EAP认证请求消息。 图 5是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图一, 如 图 5所示, 上述装置还包括: 第二接收模块 48, 设置为接收来自 APP的用于指示扫描 AP的扫描指令; 扫描模块 410, 连接至第二接收模块 48, 设置为根据扫描指令, 扫描 到一个或多个 AP; 第二发送模块 412, 连接至扫描模块 410, 设置为向 APP发送一个 或多个 AP的参数, 其中一个或多个 AP的参数包括以下至少之一: 认证类型、加密方 式、 网络模式、 物理地址、 信号强度。 图 6是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图二, 如 图 6所示, 上述装置还包括: 第一确定模块 414, 连接至第一接收模块 42, 设置为确 定 APP请求接入其指定的 AP的接入状态是已接入状态; 第三发送模块 416, 连接至 第一确定模块 414, 设置为向 APP发送用于指示终止连接的消息。 图 7是根据本发明优选实施例的可扩展认证协议认证接入装置的结构框图三, 如 图 7所示, 上述装置还包括: 第二确定模块 418, 连接至第一接收模块 42, 设置为确 定 APP请求接入其指定的 AP的接入状态是待接入状态, 其中待接入状态包括以下之 一: 搜索 AP状态、 正在断开状态、 初始化状态; 指示模块 420, 连接至第二确定模块 418, 设置为指示 APP延时等待其指定的 AP的接入状态退出待接入状态。 需要说明的是, 装置实施例中描述的可扩展认证协议认证接入装置对应于上述的 方法实施例,其具体的实现过程在方法实施例中已经进行过详细说明,在此不再赘述。 需要说明的是, 对于不支持 EAP-SIM认证的普通 AP, 本发明同样可以兼容。 综上所述, 根据本发明的上述实施例, 提供了一种可扩展认证协议认证接入方法 及装置。 通过本发明, 在终端设备内部集成基于 EAP认证的 EAP认证接入模块, 减 少终端对外界环境的依赖, 提升整个***性能。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 或者将它们分别制作成各个集成电路模 块, 或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明 不限制于任何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技 术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 EAP authentication must be based on the USIM card. Therefore, this authentication method mainly appears in terminal devices embedded in USIM cards, such as mobile phones, data cards, modules, and tablets. The EAP authentication process of the current data card is mostly integrated in the UI. The access point (Access Point, AP for short) is selected on the UI, the authentication mode is selected, the SIM card information is queried and recorded, and the authentication parameters are used. Organization, processing of connection results, etc. This way, although the workload of the terminal is reduced, there is an obvious disadvantage that the mutual dependence of the UI and the terminal is relatively large. Due to the complexity and particularity of each link of the above EAP authentication, the system may not work properly after replacing other types of data cards. On the contrary, the result of replacing the UI is the same. Another disadvantage is that if the data card is used for secondary development, then the application programming interface (API) between the application layer APP and the card side will be very complicated if the AP is connected by EAP authentication. . This undoubtedly increased the workload of secondary development. In addition, the more complex the interface, the harder it is for the two parties to cooperate, which will inevitably lead to various potential hidden dangers and reduce the performance of the entire system. SUMMARY OF THE INVENTION The present invention provides a scalable authentication protocol authentication access method and apparatus, to at least solve the problem that the EAP authentication in the related art causes the terminal device to have a large dependence on the external environment. According to an aspect of the present invention, an extensible authentication protocol authentication access method is provided, including: receiving a connection request from an APP of a terminal device, wherein the connection request is used by an APP to request access to a designated AP thereof; The parameter of the AP and the parameter of the USIM card of the terminal device generate an EAP authentication request message; and send an EAP authentication request message to the DRIVER of the terminal device. Before receiving the connection request from the APP of the terminal device, the method further includes: receiving a scan instruction from the APP for instructing scanning of the AP; scanning to one or more APs according to the scan instruction; sending one or more to the APP The parameters of the AP, wherein the parameters of one or more APs include at least one of the following: authentication type, encryption mode, network mode, physical address, and signal strength. Before the EAP authentication request message is generated according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining that the access status of the APP requesting access to the designated AP is the accessed state; A message indicating the termination of the connection. Before the EAP authentication request message is generated according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining that the access state of the APP requesting access to the specified AP is a pending access state, where the access mode is to be accessed. The status includes one of the following: searching AP status, disconnecting status, initializing status; indicating that the APP delays waiting for the access status of its designated AP to exit the pending status. Before generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the specified AP supports EAP authentication; if the determination result is yes, performing the The parameter and the parameters of the USIM card of the terminal device generate an operation of the EAP authentication request message. Before the EAP authentication request message is generated according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the signal strength of the specified AP meets the requirement of the terminal device; if the determination result is yes, performing the The operation of the EAP authentication request message is generated by the parameters of the specified AP and the parameters of the USIM card of the terminal device. The generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device includes: determining an EAP authentication mode according to the type of the USIM card, where the EAP authentication mode includes one of the following: EAP-SIM, EAP-AKA; The authentication request message carries the EAP authentication mode. After the EAP authentication request message is sent to the DRIVER of the terminal device, the method further includes: starting a timer, wherein the timer is configured to monitor whether the EAP authentication result from the DRIVER is received within a predetermined time. According to another aspect of the present invention, an extensible authentication protocol authentication access apparatus is provided, comprising a first receiving module configured to receive a connection request from an application layer APP of a terminal device, wherein the connection request is used for APP request access a specified AP; a generating module, configured to generate an extensible authentication protocol EAP authentication request message according to a parameter of the specified AP and a parameter of the USIM card of the terminal device; the first sending module is configured to send the EAP to the driving layer DRIVER of the terminal device Authentication request message. The device further includes: a second receiving module, configured to receive a scan instruction from the APP for instructing scanning of the AP; a scanning module configured to scan to one or more APs according to the scan instruction; and a second sending module configured to The APP sends parameters of one or more APs, where the parameters of one or more APs include at least one of the following: authentication type, encryption mode, network mode, physical address, and signal strength. Through the invention, an EAP authentication-based EAP authentication access module is integrated in the terminal device, which reduces the dependence of the terminal on the external environment and improves the performance of the entire system. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a flowchart of an extensible authentication protocol authentication access method according to an embodiment of the present invention; FIG. 2 is an overall flowchart of EAP authentication access according to an embodiment of the present invention; Detailed flowchart of performing EAP authentication of an embodiment; FIG. 4 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to an embodiment of the present invention; FIG. 5 is an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention; FIG. 6 is a structural block diagram 2 of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention; FIG. 7 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention. . DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. The present invention provides a scalable authentication protocol authentication access method. FIG. 1 is a flowchart of a scalable authentication protocol authentication access method according to an embodiment of the present invention, which includes the following steps S102 to S106. Step S102: Receive a connection request from an APP of the terminal device, where the connection request is used by the APP to request access to the designated AP. Step S104: Generate an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device. Step S106, sending an EAP authentication request message to the DRIVER of the terminal device. In the related art, the EAP authentication causes the terminal device to have a greater dependence on the external environment. In the embodiment of the present invention, an EAP authentication-based EAP authentication access module is integrated in the terminal device, which can reduce the dependence of the terminal on the external environment and improve the performance of the entire system. At the same time, the information related to the SIM card and the terminal exposed by the present invention is small, and the security performance can be greatly improved. Moreover, since the integration of the module greatly reduces various abnormal faults, the stability of the entire system is improved. Preferably, before receiving the connection request from the APP of the terminal device, the method further includes: receiving a scan instruction from the APP for instructing scanning of the AP; scanning to one or more APs according to the scan instruction; sending to the APP A parameter of one or more APs, where the parameters of one or more APs include at least one of the following: an authentication type, an encryption mode, a network mode, a physical address, and a signal strength. In the preferred embodiment, only simple message instructions for instructing scanning of the AP are provided to the APP, and the scan instructions do not need to pass any parameters. The following describes the EAP authentication access process of the present invention by using the WLAN connection process as an example, including the following steps 1 to 7. Step 1. The WIFI driver layer is successfully initialized. Step 2: Scan the APs available in the current network, and record related parameters of each AP into the AP list. Step 3: After receiving the specified AP connection command, determine the validity of the AP and obtain the parameters of the AP. Step 4: Obtain the USIM card information and determine the authentication mode, and assemble the EAP authentication message parameters. Step 5: Correctly process and feedback the authentication result, and reset the connection status. Step 6. Initiate a DHCP request and apply for a network address. Step 7. Complete the data transfer. That is, the following method is adopted in the embodiment: The card side receives the commands of scanning, connecting, disconnecting, etc. delivered by the APP, completes the EAP authentication of the AP, and accesses the AP, and feeds back the connection result. Among the above 7 steps, the first 5 steps are necessary to complete EAP authentication. It should be noted that before the WIFI driver layer is initialized, the WIFI switch must be turned on before WIFI can start working. Before connecting to the AP, you need to scan the APs available in the network and obtain some authentication parameters provided by the AP for connection. If there is no USIM. If the card or USIM does not open the related service, it cannot be authenticated. If the authentication result is successful, failure, timeout, etc., the subsequent processing of the module itself and feedback of the corresponding result should be completed to the APP. The next two steps are necessary to transfer data. Through the embodiment of the present invention, the function module can correctly receive the message instruction of the APP, convert it into a command type that can be recognized by the WIFI driver layer, and complete data transfer between the APP and the WIFI driver layer. In this embodiment, the EAP authentication access method may be presented in the form of a function module, where the module is responsible for receiving and feeding back various command messages of the upper layer, and directly transmitting data and commands to and from the WIFI driver layer (the WIFI driver layer is a WIFI chip). The provider provides a set of interface layers that can handle various WIFI-related operations, which is not the focus of this patent. The module can provide WIFI connection, disconnection, scanning AP and other AT command interfaces (for UI) and API interface (for secondary development) at the same time. The number of interfaces is relatively small, and the form and incoming parameters are relatively simple. It can effectively reduce the workload of secondary development, while reducing the dependence on the UI. For example, as long as the AT command connected to an AP is sent, the entire connection process can be completed; when the API interface is called, the name of the AP is also passed. Preferably, before the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining that the access state of the APP requesting access to the designated AP is the accessed state; The APP sends a message indicating the termination of the connection. With the preferred embodiment, when the connection state is already established, the connection action is terminated to avoid waste of system resources. Preferably, before the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining that the access state of the APP requesting access to the designated AP is a pending state, where The to-be-accessed state includes one of the following: searching for an AP state, a disconnecting state, and an initializing state; indicating that the APP delays waiting for an access state of its designated AP to exit the pending access state. Preferably, before the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the specified AP supports EAP authentication; If yes, an operation of generating an EAP authentication request message according to the parameters of the specified AP and the parameters of the USIM card of the terminal device is performed. Through the present invention, the designated operation is performed in the case of judging the support of the authentication, thereby avoiding waste of system resources. Preferably, before the generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes: determining whether the signal strength of the specified AP meets the requirement of the terminal device; if the determination result is yes, Then, an operation of generating an EAP authentication request message according to the parameters of the specified AP and the parameters of the USIM card of the terminal device is performed. According to the present invention, the specified operation is performed in the case where it is judged that the signal strength satisfies the requirement, thereby avoiding waste of system resources. Preferably, generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device includes: determining an EAP authentication mode according to the type of the USIM card, where the EAP authentication mode includes one of the following: EAP-SIM, EAP-AKA The EAP authentication mode is carried in the EAP authentication request message. Preferably, after the EAP authentication request message is sent to the DRIVER of the terminal device, the method further includes: starting a timer, wherein the timer is configured to monitor whether the EAP authentication result from the DRIVER is received within a predetermined time. The implementation process of the embodiment of the present invention will be described in detail below with reference to examples. 2 is an overall flow chart of EAP authentication access according to an embodiment of the present invention. During the whole process of WLAN access, the main operations are concentrated on the MODEM (modulation and demodulation) layer, MODEM and APP, DRIVER, and WLAN access network ( The process of jointly completing the EAP process by the WLAN-AN is as shown in FIG. 2, and includes the following steps S202 to S266. Step S202, in the MODEM, the module is powered on, and the data port is inserted into the USB port. Step S204, initializing system resources, including platform initialization, creating system resources, and the like. Step S206, creating a message processing thread, the thread is the main working thread of the module. The operations of connecting, scanning, disconnecting, etc., and the results of these operations are all received by the module thread in the form of a message. When the thread receives the message, it performs corresponding The next step is to set the current operating state, such as the connected state, disconnected state, idle state, and so on. In step S208, the MODEM underlying driver is initialized. In step S210, the APP sends a scan AP command. Step S212, the MODEM receives the scan instruction of the APP, and performs the scanning operation. After the first three steps, the module can receive the APP command and work normally. You must scan before connecting. Because it must be obtained The APs in the current network and the related parameters of each AP can be used as the basis for access to successfully connect to the AP. Related parameters include authentication type, encryption mode, network mode, physical address, signal strength, and so on. In step S214, the DRIVER learns the available APs in the current network and sends them to the WLAN-AN. In step S216, DRIVER records information about each AP from the node and sends it to the MODEM. Step S218, the APs and their key parameters are fed back to the APP in a list form, and the key parameters refer to the authentication type, the encryption mode, and the signal strength. This allows the upper layer to determine which APs are available for use. In step S220, the APP obtains the AP list. Step S222, the APP specifies an AP to connect. In step S224, the MODEM starts to initiate an EAP authentication request and waits for the DRIVER layer to return the authentication result. The EAP authentication interaction also involves many more detailed details, which will be further explained in subsequent Figure 3. Step S226, the DRIVER layer will complete the interaction of the protocol message related to the EAP authentication with the network. Step S228, returning the authentication result to the MODEM layer. In step S230, the MODEM layer receives the authentication result and the processing details, which will be described in detail in FIG. Return the connection result to the APP. In step S232, the APP acquires the connection result. Step S234, if the authentication is successful, the APP can apply for the network address. Step S236, the MODEM receives the network address request of the APP, and sends various data packets related to the DHCP request to the DRIVER. Step S238, the DRIVER layer encapsulates the data and sends it to apply for a network address (including DS, IP address, gateway address, etc.). Step S240, if the network card device can be enumerated when the data card is connected to the PC, the DHCP request can be completed by the PC. MODEM only needs to perform data transfer. Step S242, parsing DHCP. In step S244, the MODEM can report the network address to the APP, or directly forward the DHCP packet to the PC, and the PC resolves the network address by itself. In step S246, the AP connection process is completed. The disconnection process is relatively simple, and the following steps are performed: Step S248, the APP directly issues a disconnect request, and does not need to specify an AP. Step S250, after receiving the instruction, the MODEM sends an offline message to the DRIVER layer. In step S252, DRIVER encapsulates the data and sends it to the WLAN-AN. Because the general EAP certified server has a billing system. When the server receives the offline message of the terminal, the server stops charging. In step S254, DRIVER forwards the data to the MODEM. In step S256, the MODEM analyzes the response of the offline message. In step S258, the MODEM sends a disconnect request and waits for the disconnection result. In step S260, DRIVER sends a disconnect request to the AP. In step S262, the APP receives further processing of the disconnection result, including related timer reset, connection status setting, and result reporting APP. DRIVER returns the disconnection result to the MODEM and processes the report. In step S264, the MODEM processes the disconnection result and reports it. In step S266, the disconnection ends. FIG. 3 is a detailed flowchart of performing EAP authentication according to an embodiment of the present invention. As shown in FIG. 3, the following steps S302 to S338 are included. Step S302, receiving a specified AP connection request of the APP, marking the start of an EAP authentication. Step S304, the MODEM determines the validity of the AP that is sent by the APP. First, determine whether the AP exists in the network, and then determine whether the AP supports EAP authentication; then check whether the signal strength analysis is suitable for connection. Step S306, obtaining an AP parameter, and some parameters of the AP are used for accessing, such as an authentication type, an encryption mode, a network mode, and the like. When scanning the AP, the DRIVER layer has already recorded these parameters, and the MODEM is directly acquired and saved to DRIVER. Step S308, detecting the current state. In step S310, it is determined whether the connection is in progress. If the process of the last connection is not completed, that is, the connection state is still currently in progress, step S312 is performed; if not, the step S314 is performed. Step S312, returning information that the APP is currently busy. In step S314, it is determined whether the current is idle. If yes, go to step S316; if no, go to step S336. Step S316, determining an EAP authentication mode, generally having two types of EAP-SIM and EAP-AKA. The selection of the mode can be determined by the user or by determining the type of the SIM card. Step S318, acquiring SIM card parameters. It mainly refers to the International Mobile Subscriber Identification (IMSI), which is used to generate the user name required for EAP authentication. Step S320, organizing the authentication parameter, because the DRIVER layer and the AP need a series of authentication information, such as an AP name, an authentication type, an encryption mode, a network mode, an IMSI number, a key, etc., so the MODEM must be from various The way to get these parameters is effectively organized and sent to the DRIVER layer. In step S322, the MODEM initiates an authentication request, and all the required parameters are brought in at this time. Step S324, starting a timer. The MODEM introduces a timeout mechanism, and does not receive the authentication result within a certain period of time to perform timeout failure processing. In step S326, the MODEM determines whether the authentication result returned by the DRIVER is received within the specified timeout period. If yes, go to step S328; if no, go to step S334. Step S328, stopping and resetting the timer. Step S330, resetting the connection state. In step S332, the result of the authentication is reported to the APP, which is a successful connection, a connection failure, or a connection timeout. Different authentication results determine the next operation of the APP, such as reconnection, disconnection, and network address application. In step S334, the result of the determination is a connection timeout. In step S336, other states, such as searching for the AP state, the disconnecting state, and the initializing state, delay waiting to return to the idle state and then performing the connection. Also, if you are currently connected to the network. Then you need to tell the APP to disconnect and then send the connection command. In step S338, the connection ends. After the above steps, the EAP certification is basically completed. As can be seen from Figure 3, MODEM implements a complete set of WLAN access procedures. There are only a few simple message instructions provided to the APP. The scanning AP does not need to pass any parameters, and can return all available APs and various required authentication parameters for AP reference. The AP only needs to specify the AP name. If necessary, the key is re-introduced. The MODEM side fully considers the various situations that may occur during the access. The APP only needs to wait for the connection result. The MODEM can even inform the AP of the reason for the failure in the case of a connection failure. The open connection also does not need to carry other parameters, and the MODEM also considers the function of terminating server billing. If the APP needs, the MODEM can also inform the AP of the changes in the AP list and parameters, the signal strength of each AP, and let the APP select the appropriate AP to connect, the theoretical rate that each AP can bear, and so on. In this way, whether it is secondary development or UI design, the interface with MODEM has become very simple. It also reduces the development amount and debugging difficulty of the APP side. Even if you change the app, the card side can be fully adapted with a few changes. In addition, the MODEM side can also consider non-EAP authentication mode access to adapt to the user's connection to the ordinary AP. Increased the range of adaptation of the terminal. If so, you can use the terminal as a wireless network card. It should be noted that the steps shown in the flowchart of the accompanying drawings may be performed in a computer system such as a set of computer executable instructions, and, although the logical order is shown in the flowchart, in some cases, The steps shown or described may be performed in an order different than that herein. An embodiment of the present invention provides an extensible authentication protocol authentication access device, where the device can be used to implement the foregoing scalable authentication protocol authentication access method. FIG. 4 is a structural block diagram of an extensible authentication protocol authentication access apparatus according to an embodiment of the present invention. As shown in FIG. 4, the first receiving module 42, the generating module 44, and the first sending module 46 are included. The structure is described in detail below. The first receiving module 42 is configured to receive a connection request from the application layer APP of the terminal device, where the connection request is used for the APP to request access to its designated AP; the generating module 44 is connected to the first receiving module 42 and configured to be specified according to the The parameter of the AP and the parameter of the USIM card of the terminal device generate an extensible authentication protocol EAP authentication request message; the first sending module 46 is connected to the generating module 44, and is configured to send an EAP authentication request message to the driver layer DRIVER of the terminal device. 5 is a structural block diagram of an extensible authentication protocol authentication access device according to a preferred embodiment of the present invention. As shown in FIG. 5, the device further includes: a second receiving module 48, configured to receive an indication scan from the APP. Scanning instruction of the AP; the scanning module 410 is connected to the second receiving module 48, and is set to scan according to the scanning instruction The first sending module 412 is connected to the scanning module 410, and is configured to send parameters of one or more APs to the APP, where the parameters of the one or more APs include at least one of the following: authentication type, encryption Mode, network mode, physical address, signal strength. FIG. 6 is a block diagram showing the structure of an extensible authentication protocol authentication access device according to a preferred embodiment of the present invention. As shown in FIG. 6, the device further includes: a first determining module 414 connected to the first receiving module 42 and configured to be configured as Determining that the access status of the APP requesting access to its designated AP is the accessed state; the third sending module 416 is connected to the first determining module 414, and is configured to send a message to the APP for indicating termination of the connection. FIG. 7 is a structural block diagram 3 of an extensible authentication protocol authentication access apparatus according to a preferred embodiment of the present invention. As shown in FIG. 7, the apparatus further includes: a second determining module 418 connected to the first receiving module 42 and configured to Determining that the access status of the APP requesting access to the specified AP is a pending access state, wherein the to-be-accessed state includes one of the following: searching for an AP state, a disconnecting state, and an initializing state; the indicating module 420, connecting to the second determining The module 418 is configured to indicate that the APP delays waiting for the access state of the designated AP to exit the pending state. It should be noted that the extensible authentication protocol authentication access device described in the device embodiment corresponds to the foregoing method embodiment, and the specific implementation process has been described in detail in the method embodiment, and details are not described herein again. It should be noted that the present invention is also compatible for a normal AP that does not support EAP-SIM authentication. In summary, according to the above embodiments of the present invention, an extended authentication protocol authentication access method and apparatus are provided. Through the invention, an EAP authentication-based EAP authentication access module is integrated in the terminal device, which reduces the dependence of the terminal on the external environment and improves the performance of the entire system. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种可扩展认证协议认证接入方法, 包括: 1. An extended authentication protocol authentication access method, including:
接收到来自终端设备的应用层 APP的连接请求,其中所述连接请求用于所 述 APP请求接入其指定的接入点 AP;  Receiving a connection request from an application layer APP of the terminal device, wherein the connection request is used for the APP request to access its designated access point AP;
根据所述指定的 AP的参数和所述终端设备的总体用户识别模块 USIM卡 的参数生成可扩展认证协议 EAP认证请求消息;  Generating an Extensible Authentication Protocol EAP Authentication Request message according to the parameter of the specified AP and the parameter of the overall subscriber identity module USIM card of the terminal device;
向所述终端设备的驱动层 DRIVER发送所述 EAP认证请求消息。  Sending the EAP authentication request message to the driver layer DRIVER of the terminal device.
2. 根据权利要求 1所述的方法, 其中, 在接收到来自终端设备的 APP的连接请求 之前, 还包括: 2. The method according to claim 1, wherein, before receiving the connection request from the APP of the terminal device, the method further includes:
接收到来自所述 APP的用于指示扫描 AP的扫描指令;  Receiving a scan instruction from the APP for indicating scanning of an AP;
根据所述扫描指令, 扫描到一个或多个 AP;  Scanning to one or more APs according to the scan instruction;
向所述 APP发送所述一个或多个 AP的参数, 其中所述一个或多个 AP的 参数包括以下至少之一: 认证类型、 加密方式、 网络模式、 物理地址、 信号强 度。  And sending, to the APP, a parameter of the one or more APs, where the parameters of the one or more APs include at least one of the following: an authentication type, an encryption mode, a network mode, a physical address, and a signal strength.
3. 根据权利要求 1所述的方法, 其中, 在根据所述指定的 AP的参数和所述终端 设备的 USIM卡的参数生成 EAP认证请求消息之前, 还包括: The method according to claim 1, wherein before the generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes:
确定所述 APP请求接入其指定的 AP的接入状态是已接入状态; 向所述 APP发送用于指示终止连接的消息。  Determining that the access status of the APP requesting access to its designated AP is an accessed state; sending a message to the APP indicating that the connection is terminated.
4. 根据权利要求 1所述的方法, 其中, 在根据所述指定的 AP的参数和所述终端 设备的 USIM卡的参数生成 EAP认证请求消息之前, 还包括: The method according to claim 1, wherein before the generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes:
确定所述 APP请求接入其指定的 AP的接入状态是待接入状态, 其中所述 待接入状态包括以下之一: 搜索 AP状态、 正在断开状态、 初始化状态; 指示所述 APP延时等待其指定的 AP的接入状态退出所述待接入状态。  Determining that the access status of the APP requesting access to the specified AP is a pending access state, where the to-be-accessed state includes one of the following: searching for an AP state, a disconnecting state, and an initializing state; indicating the APP extension Waiting for the access status of the specified AP to exit the pending access state.
5. 根据权利要求 1所述的方法, 其中, 在根据所述指定的 AP的参数和所述终端 设备的 USIM卡的参数生成 EAP认证请求消息之前, 还包括: The method according to claim 1, wherein before the generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes:
判断所述指定的 AP的是否支持 EAP认证; 如果判断结果为是, 则执行根据所述指定的 AP的参数和所述终端设备的 USIM卡的参数生成 EAP认证请求消息的操作。 根据权利要求 1所述的方法, 其中, 在根据所述指定的 AP的参数和所述终端 设备的 USIM卡的参数生成 EAP认证请求消息之前, 还包括: Determining whether the specified AP supports EAP authentication; If the result of the determination is yes, an operation of generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device is performed. The method according to claim 1, wherein before the generating the EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device, the method further includes:
判断所述指定的 AP的信号强度是否满足所述终端设备的需求; 如果判断结果为是, 则执行根据所述指定的 AP的参数和所述终端设备的 USIM卡的参数生成 EAP认证请求消息的操作。 根据权利要求 1所述的方法, 其中, 根据所述指定的 AP的参数和所述终端设 备的 USIM卡的参数生成 EAP认证请求消息包括:  Determining whether the signal strength of the specified AP meets the requirements of the terminal device; if the determination result is yes, performing an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device operating. The method of claim 1, wherein generating an EAP authentication request message according to the parameter of the specified AP and the parameter of the USIM card of the terminal device comprises:
根据所述 USIM卡的类型确定 EAP认证模式, 其中所述 EAP认证模式包 括以下之一: EAP-SIM、 EAP-AKA;  Determining an EAP authentication mode according to the type of the USIM card, where the EAP authentication mode includes one of the following: EAP-SIM, EAP-AKA;
在所述 EAP认证请求消息中携带所述 EAP认证模式。 根据权利要求 1 所述的方法, 其中, 在向所述终端设备的 DRIVER发送所述 EAP认证请求消息之后, 还包括: 启动定时器, 其中所述定时器用于监控在预 定的时间内是否收到来自所述 DRIVER的 EAP认证结果。 一种可扩展认证协议认证接入装置, 包括:  The EAP authentication mode is carried in the EAP authentication request message. The method according to claim 1, wherein after transmitting the EAP authentication request message to the DRIVER of the terminal device, the method further includes: starting a timer, wherein the timer is used to monitor whether the data is received within a predetermined time EAP authentication result from the DRIVER. An extensible authentication protocol authentication access device, comprising:
第一接收模块, 设置为接收来自终端设备的应用层 APP的连接请求, 其中 所述连接请求用于所述 APP请求接入其指定的 AP;  a first receiving module, configured to receive a connection request from an application layer APP of the terminal device, where the connection request is used by the APP to access the designated AP;
生成模块, 设置为根据所述指定的 AP的参数和所述终端设备的 USIM卡 的参数生成可扩展认证协议 EAP认证请求消息;  a generating module, configured to generate an extensible authentication protocol EAP authentication request message according to the parameter of the specified AP and a parameter of the USIM card of the terminal device;
第一发送模块, 设置为向所述终端设备的驱动层 DRIVER发送所述 EAP 认证请求消息。 根据权利要求 9所述的装置, 其中, 所述装置还包括:  The first sending module is configured to send the EAP authentication request message to the driving layer DRIVER of the terminal device. The device according to claim 9, wherein the device further comprises:
第二接收模块,设置为接收来自所述 APP的用于指示扫描 AP的扫描指令; 扫描模块, 设置为根据所述扫描指令, 扫描到一个或多个 AP;  a second receiving module, configured to receive a scan instruction from the APP for instructing scanning of an AP; a scanning module, configured to scan to one or more APs according to the scanning instruction;
第二发送模块, 设置为向所述 APP发送所述一个或多个 AP的参数, 其中 所述一个或多个 AP的参数包括以下至少之一: 认证类型、 加密方式、 网络模 式、 物理地址、 信号强度。  The second sending module is configured to send the parameter of the one or more APs to the APP, where the parameters of the one or more APs include at least one of the following: an authentication type, an encryption mode, a network mode, a physical address, Signal strength.
PCT/CN2012/072155 2011-12-29 2012-03-09 Extendible authentication protocol access authentication method and device WO2013097348A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110452235.0 2011-12-29
CN201110452235.0A CN103188676B (en) 2011-12-29 2011-12-29 Extensible Authentication Protocol authentication accessing method and device

Publications (1)

Publication Number Publication Date
WO2013097348A1 true WO2013097348A1 (en) 2013-07-04

Family

ID=48679563

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/072155 WO2013097348A1 (en) 2011-12-29 2012-03-09 Extendible authentication protocol access authentication method and device

Country Status (2)

Country Link
CN (1) CN103188676B (en)
WO (1) WO2013097348A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187391B (en) * 2015-08-10 2018-10-16 上海迈外迪网络科技有限公司 APP and its logging in network access point methods, server and system
CN107148019B (en) * 2017-05-12 2019-06-21 上海连尚网络科技有限公司 It is a kind of for connecting the method and apparatus of wireless access point

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1688124A (en) * 2005-05-16 2005-10-26 中国科学院计算技术研究所 Wireless network access controlling method based on port technique and authorization protocol
CN101562814A (en) * 2009-05-15 2009-10-21 中兴通讯股份有限公司 Access method and system for a third-generation network
CN101631354A (en) * 2008-07-18 2010-01-20 华为技术有限公司 Method, device and system for selecting packet data network
CN101656661A (en) * 2008-08-18 2010-02-24 华为技术有限公司 Method, system and equipment for implementing transmission of trusted information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7505596B2 (en) * 2003-12-05 2009-03-17 Microsoft Corporation Automatic detection of wireless network type

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1688124A (en) * 2005-05-16 2005-10-26 中国科学院计算技术研究所 Wireless network access controlling method based on port technique and authorization protocol
CN101631354A (en) * 2008-07-18 2010-01-20 华为技术有限公司 Method, device and system for selecting packet data network
CN101656661A (en) * 2008-08-18 2010-02-24 华为技术有限公司 Method, system and equipment for implementing transmission of trusted information
CN101562814A (en) * 2009-05-15 2009-10-21 中兴通讯股份有限公司 Access method and system for a third-generation network

Also Published As

Publication number Publication date
CN103188676A (en) 2013-07-03
CN103188676B (en) 2017-12-26

Similar Documents

Publication Publication Date Title
CN106535288B (en) Method for sending and acquiring wifi networking information and corresponding device
US9774704B2 (en) Home gateway, cloud server, and method for communication therebetween
KR101120731B1 (en) Extensible wireless framework
US8743903B2 (en) Hybrid networking simple-connect setup using forwarding device
WO2011150782A1 (en) Method, device and system for configuring wireless fidelity (wifi) parameter
US8700780B2 (en) Group owner selection with crossing requests
JP2014501057A (en) Method and apparatus for sharing internet connection based on automatic configuration of network interface
WO2014183404A1 (en) Data transmission method, apparatus, system and terminal
WO2021161225A1 (en) Easymesh configuration of ap using ieee 1905.1
CN112566113B (en) Key generation and terminal network distribution method, device and equipment
US9025448B2 (en) Methods and apparatuses for accessing internet
WO2014036933A1 (en) Method, device, and system for sharing content between devices
WO2013075415A1 (en) Download method and system by way of broadcast in ubiquitous network
WO2014169670A1 (en) Wlan networking method and system
WO2012175024A1 (en) Method, system and device for realizing concurrency of wireless data transmission and short message transceiving
WO2011009339A1 (en) Method, system and device for transmitting data
WO2013097348A1 (en) Extendible authentication protocol access authentication method and device
EP2475199A1 (en) Handover method and device for an access service network
US20160095143A1 (en) Remote provisioning of wireless stations with confirmation
WO2012155571A1 (en) Base station self-configuration method and device
WO2022174652A1 (en) Method and system for automatically discovering network configuration by smart terminal
WO2011015049A1 (en) Method and device for establishing data channel between network elements of access service network
WO2013170816A1 (en) Method and device for managing network port release of mobile terminal
WO2011020323A1 (en) Idle exit path establishment method and device for an access service network
WO2023165359A1 (en) Wi-fi p2p connection method, apparatus and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12863350

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12863350

Country of ref document: EP

Kind code of ref document: A1