WO2017041298A1 - Wireless local area network access point verification method, terminal, service platform, access point and access point background - Google Patents

Wireless local area network access point verification method, terminal, service platform, access point and access point background Download PDF

Info

Publication number
WO2017041298A1
WO2017041298A1 PCT/CN2015/089450 CN2015089450W WO2017041298A1 WO 2017041298 A1 WO2017041298 A1 WO 2017041298A1 CN 2015089450 W CN2015089450 W CN 2015089450W WO 2017041298 A1 WO2017041298 A1 WO 2017041298A1
Authority
WO
WIPO (PCT)
Prior art keywords
access point
verification
terminal
service platform
verification result
Prior art date
Application number
PCT/CN2015/089450
Other languages
French (fr)
Chinese (zh)
Inventor
陈曦
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201580082995.3A priority Critical patent/CN107950043B/en
Priority to PCT/CN2015/089450 priority patent/WO2017041298A1/en
Publication of WO2017041298A1 publication Critical patent/WO2017041298A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, a terminal, a service platform, an access point, and an access point backend for authenticating a wireless local area network access point.
  • wireless communication systems include a variety of service types, such as Global System for Mobile Communication (GSM) or Universal Mobile Telecommunications System (UMTS).
  • GSM Global System for Mobile Communication
  • UMTS Universal Mobile Telecommunications System
  • WLAN Wireless Local Area Network
  • WLAN service is a combination of computer network and wireless communication technology. It uses wireless multiple access channel as the transmission medium, and uses electromagnetic waves to complete data interaction to realize the functions of traditional wired LAN.
  • FIG. 1a shows a simplified WLAN service model.
  • the terminal 101 interacts with the core network 103 through an access point (AP) 102.
  • the access point 102 is also called a hotspot, and the core network 103 is set by the operator to provide a WLAN access service.
  • the core network 103 includes service entities such as authentication, authorization, and accounting. For the user, as long as the available access point 102 is searched, the Internet can be accessed, which provides great convenience to the user.
  • the embodiments of the present invention provide a method for verifying a wireless local area network access point, a terminal, a service platform, an access point, and an access point background, to solve the technical problem that the terminal is connected to the fake WLAN in the prior art.
  • an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a terminal, and the method includes:
  • the terminal acquires information of an access point
  • the terminal initiates an authentication request to the service platform, where the verification request includes information of the access point, and the verification request is used to request the service platform to generate a verification message;
  • the first verification result is obtained by the service platform from a trusted access point in the background;
  • the trusted access point background is determined by the service platform according to the information of the access point;
  • the first verification result is determined by the trusted access point background according to the verification message
  • the verification message includes any one of the following:
  • an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a service platform, and the method includes:
  • the service platform receives an authentication request from a terminal, where the verification request includes information of an access point acquired by the terminal;
  • the service platform generates a verification message according to the verification request
  • the service platform sends the verification message to the trusted access point background
  • Determining, by the service platform, the trusted access point corresponding to the information of the access point according to the information of the access point specifically includes:
  • an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to an access point, and the method includes:
  • the verification message is sent to the terminal after the service platform is generated, and the verification message is used to enable the access point to obtain a second verification result from a background of the corresponding access point;
  • an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a trusted access point background, and the method includes:
  • an embodiment of the present invention provides a terminal for verifying a wireless local area network access point, where the terminal includes:
  • An obtaining module configured to obtain information of an access point
  • a requesting module configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and according to the information of the access point Determining the trusted access point backend;
  • a first receiving module configured to receive the verification message and the first verification result sent by the service platform
  • the first verification result is obtained by the service platform from the trusted access point in the background;
  • the trusted access point background is determined by the service platform according to the information of the access point;
  • the first verification result is determined by the trusted access point background according to the verification message
  • a first sending module configured to send the verification message to the acquired access point
  • a second receiving module configured to receive a second verification result from the obtained access point
  • a comparison module configured to compare the second verification result with the first verification result, and confirm that the acquired access point is true when the comparison result satisfies a preset condition.
  • an embodiment of the present invention provides a service platform for verifying a wireless local area network access point, where the service platform is set on a network side, and the service platform includes:
  • a third receiving module configured to receive an authentication request from the terminal, where the verification request includes information of the access point
  • a generating module configured to generate a verification message according to the verification request
  • a determining module configured to determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
  • a second sending module configured to send the verification message to the trusted access point background
  • a fourth receiving module configured to receive a first verification result, where the first verification result is determined by the trusted access point background according to the verification message
  • a third sending module configured to send the verification message and the first verification result to the terminal, so that the terminal may obtain the second verification according to the first verification result and an access point acquired from the terminal The results are compared.
  • an embodiment of the present invention provides an access point for verifying a wireless local area network access point, where the access point includes:
  • a fifth receiving module configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, where the verification message is used to make the access point from the corresponding access point Obtaining a second verification result in the background;
  • a fourth sending module configured to send a second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
  • an embodiment of the present invention provides a background of an access point for verifying a wireless local area network access point, where the background of the access point includes:
  • a sixth receiving module configured to receive a verification message from the service platform, where the verification message is generated by the service platform, where the verification message is used to request the access point to obtain the first verification result in the background;
  • a first generating module configured to generate a first verification result according to the verification message
  • a fifth sending module configured to send the first verification result to the service platform, so that the service platform may send the first verification result to the terminal, so that the terminal may use the first verification result and the The second verification result obtained by the terminal from the corresponding access point background is compared.
  • an embodiment of the present invention provides a terminal for verifying a wireless local area network access point, where the terminal includes:
  • a processor configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and determine, according to the information of the access point, Trusted access point backend;
  • the receiver is further configured to receive the verification message and the first verification result sent by the service platform;
  • the first verification result is obtained by the service platform from a trusted access point in the background;
  • the trusted access point background is determined by the service platform according to the information of the access point;
  • the first verification result is determined by the trusted access point in the background according to the verification message
  • the sender is further configured to send the verification message to the acquired access point
  • a receiver configured to receive a second verification result from the obtained access point
  • the processor is further configured to compare the second verification result with the first verification result, and when the comparison result satisfies a preset condition, confirm that the acquired access point is true.
  • an embodiment of the present invention provides a server for verifying a wireless local area network access point, where the server is set on the network side, and one or more interfaces are externally provided for calling by other devices, where the server includes:
  • a receiver configured to receive an authentication request from the terminal, where the verification request includes information of the access point
  • a processor configured to generate a verification message; and, according to the information of the access point, determine a trusted access point background corresponding to the information of the access point;
  • a sender configured to send the verification message to the trusted access point background
  • the receiver is further configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
  • a transmitter configured to send the verification message and the first verification result to the terminal, so that the terminal may compare the second verification result obtained by the terminal from the access point according to the first verification result.
  • an embodiment of the present invention provides an access point for verifying a wireless local area network access point.
  • the access point includes:
  • a receiver configured to receive a verification message sent from the terminal, where the verification message is sent to the terminal after being generated by the service platform, where the verification message is used to obtain the access point from the corresponding access point in the background Second verification result;
  • a transmitter configured to send a second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
  • an embodiment of the present invention provides a background of an access point for verifying a wireless local area network access point, where the background of the access point includes:
  • a receiver configured to receive a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the access point to obtain the first verification result in the background;
  • a processor configured to generate a first verification result according to the verification message
  • a transmitter configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can obtain the first verification result and the terminal from the corresponding access
  • the second verification result obtained by the background is compared.
  • the method for verifying a wireless local area network access point, the terminal, the service platform, the access point, and the access point background provided by the embodiment of the present invention before the terminal is connected to the access point, initiates an authentication request to the service platform of the core network.
  • the method identifies the authenticity of the access point and protects the user from surfing the Internet.
  • 1a is a schematic diagram of a WLAN service model in the prior art
  • 1b is a schematic diagram of a core network in the prior art
  • FIG. 2 is a flowchart of a method for verifying a wireless local area network access point according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of a service platform for verifying a wireless local area network access point according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a server for verifying a wireless local area network access point according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
  • FIG. 10 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the terminal includes, but is not limited to, a mobile phone having a wireless communication function, a Personal Digital Assistant (PDA), a tablet, a portable device (for example, a portable computer), a wearable watch, a wristband, The workstation (STA), the user equipment (UE), and the like are not limited in this embodiment of the present invention.
  • PDA Personal Digital Assistant
  • a tablet for example, a portable computer
  • a wearable watch for example, a portable computer
  • a wristband for example, a portable computer
  • STA workstation
  • UE user equipment
  • an access point refers to an entity that provides distributed service access functions through a wireless medium, the access point supports wireless access of one or more terminals, and connects the wireless access network to Core Network.
  • the method provided by the embodiment of the present invention includes: the terminal acquires information of the access point; the terminal initiates an authentication request to the service platform, where the verification request includes information of the acquired access point, and the verification request is used to request the service platform. Generating a verification message and determining a trusted access point background according to the information of the access point; the service platform receives the verification request, generates a verification message, and determines a trusted access point background according to the information of the access point.
  • the service platform sends the generated verification message to the determined trusted access point background; the trusted access point background generates and sends the first verification result to the service platform according to the verification message; the service platform puts the verification message Transmitting, by the terminal, the verification message generated by the access point to the access point that initiates the verification request, where the terminal receives the verification message returned by the access point according to the verification message.
  • the second verification result is compared, the first verification result and the second verification result are compared, and when the comparison result satisfies the preset condition, the access point is confirmed to be true.
  • the method for verifying a wireless local area network access point identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
  • FIG. 2 is a flowchart of a method for verifying a wireless local area network access point according to an embodiment of the present invention. Combined with Figure 2, the details are as follows:
  • the terminal acquires information about an access point.
  • the terminal can scan for available access points periodically or irregularly according to the program settings when it is powered on, or when it receives an instruction to enable the WLAN function, or after its WLAN function is turned on. These scanned access points are typically located within a certain range around the terminal. After scanning for available access points, the terminal obtains information about these access points.
  • the information of the access point includes an Service Set Identifier (SSID) of the access point, a Media Access Control Address (MAC) of the access point, a frequency band number, and/or a WLAN chip vendor code. Wait.
  • SSID Service Set Identifier
  • MAC Media Access Control Address
  • the scanned access points may be different.
  • the access points scanned by the terminal include: “home_ap”, “Netget”, etc.
  • the access points scanned by the terminal include: “lab_ap”, “huawei_ap”, and the like.
  • the "home_ap”, “Netget”, “lab_ap”, “huawei_ap”, etc. are all SSIDs of the access point.
  • the information of the access point is presented to the user in a visual manner.
  • the information of multiple access points is presented in a list on the display screen.
  • S102 The terminal initiates an authentication request to the service platform, where the verification request includes information about the access point, where the verification request is used to request the service platform to generate a verification message and determine a trusted connection according to the information of the access point.
  • the verification request includes information about the access point
  • the verification request is used to request the service platform to generate a verification message and determine a trusted connection according to the information of the access point.
  • the service platform is a service entity located in the core network, and is similar to the service entity such as authentication and authentication in the core network in the prior art.
  • the service platform is used to provide the verification wireless in the embodiment of the present invention. Part of the function of the authenticity of the LAN access point.
  • the service platform may be a newly added independent service entity in the core network, or part or all of the functions of the service platform may be implemented by using one or more service entities in the prior art.
  • the service platform includes a receiver, a processor, a transmitter, and the like. Wherein the receiver is used to receive from the end The verification request of the terminal; the receiver includes a radio frequency receiving circuit and the like.
  • the processor is configured to process the verification request received by the receiver and generate a verification message according to the received verification request.
  • the processor includes a baseband circuit that is comprised of integrated circuits and/or discrete components.
  • the terminal initiates a registration request to the service platform, so that a communication path is established between the terminal and the service platform.
  • the registration request is a message, a code or a data stream, and the registration request includes information about the terminal, such as information of a Subscriber Identity Module (SIM) card, a MAC address of the terminal, and the like.
  • SIM Subscriber Identity Module
  • the service platform establishes a relationship with the registered terminal and provides services to the registered terminal.
  • the terminal initiates a registration request and/or a verification request to the service platform by using a mobile data network, Bluetooth, infrared, data line, short-range wireless communication, and the like.
  • the terminal in the process that the terminal sends the information of the access point to the service platform, the terminal first encodes the information of the access point to generate a list of access points, and then the service platform performs the list of the access points. Decode and restore the information of the access point.
  • the verification request is a piece of a message, a code, or a data stream, and the like, and the verification request includes at least information of an access point acquired by the terminal, where the verification request is used to request the service platform to generate The message is verified and a trusted access point backend is determined based on the information of the access point.
  • the service platform receives the verification request, generates a verification message, and determines a trusted access point background according to the information of the access point.
  • the verification request includes the SSID of the access point, the MAC address of the access point, and the like, and the service platform reads the following information from the verification request, that is, the terminal requests the service platform to generate the verification message. It can be understood that if there is only one access point, a verification message corresponding to the information of the access point is generated, and if there are multiple access points, a verification message corresponding to the information of the multiple access points is generated respectively.
  • the authentication message of each access point may be one, or may be multiple, which is not limited in this embodiment of the present invention.
  • the verification message is a piece of message, code or data stream.
  • the verification message includes: checking the account opening status, querying the account balance, querying the account validity period, and querying other core network service status attributes of the account.
  • other core network service status attributes include status attributes such as billing, account opening, and billing.
  • the account number may be an account corresponding to the terminal, or may be an account unrelated to the terminal.
  • the account may be an account selected by the service platform for testing.
  • the verification request and the verification message have a corresponding relationship, and the relationship may be one-to-one correspondence, or different verification requests may correspond to the same verification message.
  • the verification message table is stored in the service platform, and the verification message table is A verification message is included.
  • the service platform receives the verification request, it will invoke the verification message in the verification message table.
  • the verification message table the verification message of “checking the balance of the account is 130xxxxxxxx” is included, and after the verification request sent by the terminal received by the service platform, the verification message table is invoked to generate a verification message: “the balance of the query account is 130xxxxxxxx. ".
  • the verification message table may be preset in the service platform, or may be sent to the service platform by the core network after being updated periodically or irregularly.
  • the verification request includes a time when the verification request is initiated, or a time when the verification request arrives, and the service platform may generate different verification messages for the verification request obtained at different times.
  • the access point-access point background relationship table is stored in the service platform.
  • the real-time correspondence between the access point and the corresponding trusted access point background is included in the access point-access point background relationship table.
  • the service platform may determine the corresponding trusted access point background by querying the access point-access point background relationship table according to the obtained information of the access point.
  • the connection between the service platform and the trusted access point background is secure and controllable, and the information that the service platform queries from the trusted access point is safe and credible.
  • the trusted access point is used to manage the access point in the background, and the trusted access point includes a database in the background, which can provide functions such as system management, online statistics, IP address management, and log management.
  • the access point-access point background relationship table may be preset in the service platform, or may be periodically updated by the core network and sent to the service platform.
  • the table is checked to confirm that the corresponding background is the CMCC background.
  • the service platform sends the verification message to the trusted access point backend.
  • the service platform includes a transmitter and the like in addition to a receiver and a processor.
  • the sender is configured to send the verification message to the trusted access point background;
  • the transmitter includes the radio frequency Sending circuit, etc.
  • the receiver and the transmitter may be separate circuits, and may also have a partially shared circuit, which is not limited in this embodiment of the present invention.
  • the service platform interacts with the trusted access point in the background via the Internet or a private line (VPN).
  • VPN private line
  • the trusted access point sends a first verification result to the service platform according to the verification message.
  • a first verification result is sent; when multiple verification messages are received, multiple first verification results are sent respectively.
  • the first verification result sent is "balance: 39rmb”.
  • the verification message is "the balance of the query account is 189xxxxxxxx”
  • the first verification result sent is "balance: 15rmb”.
  • the trusted access point stores the information of the terminal, the information of the access point, the verification request, the verification message and/or the first verification result.
  • the service platform sends the verification message and the first verification result to the terminal.
  • the service platform sends the first verification result sent in S105 and the verification message in S103 to the terminal.
  • the verification message received by the terminal and the verification message received by the trusted access point in the background are the same.
  • the first verification result is generated by the trusted access point in the background and then forwarded to the terminal through the service platform.
  • the service platform sends the verification message and the first verification result to the terminal, and the terminal decodes the information after receiving the information, and restores the first verification result and the verification message.
  • the service platform stores information of the terminal, information of the access point, a verification request, a verification message, and/or a first verification result.
  • the terminal sends a verification message to the access point.
  • the terminal sends the verification message received in S106 to the access point described in S101.
  • the terminal sends the verification messages corresponding to different access points to the corresponding access points.
  • the terminal After receiving the verification message sent by the terminal, it returns a second verification result to the terminal, and the second verification result should meet the preset condition with the first verification result, for example, two The same.
  • the method of comparing the first verification result and the second verification result to the preset condition may adopt a hash algorithm, a loop check code, or the like.
  • the terminal stores the obtained information of the access point, the information of the service platform, the verification request, the verification message, the first verification result, and/or the second verification result.
  • S109 when the terminal does not receive the second verification result sent by the access point, or the comparison result does not satisfy the preset condition, confirm that the access point is false.
  • the comparison result satisfies the preset condition, and the first verification result and the second verification result are completely the same, or the degree of similarity between the first verification result and the second verification result is greater than or equal to a threshold, and the threshold may be set to 95%. 90% or 85.1%, etc.
  • a pseudo access point in one case, it may not correspond to any access point background, so when it receives the verification message sent by the terminal, there is no way to send the verification message to The corresponding access point is in the background, so there is no way to send any verification result to the terminal.
  • the pseudo access point also corresponds to the background of the pseudo access point, but the pseudo access point cannot send the same verification result to the pseudo access point in the background generated by the trusted access point. It can be confirmed that the access point is a pseudo access point.
  • the method for verifying a wireless local area network access point identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
  • the access point that is confirmed as false in S109 is marked as a fake access point, and is added to the blacklist, and the marked fake access point is not verified subsequently.
  • FIG. 3 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the terminal 301 includes:
  • the requesting module 303 is configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and according to the access point Information identifies the trusted access point backend;
  • the first receiving module 304 is configured to receive the verification message and the first verification result sent by the service platform;
  • the first verification result is obtained by the service platform from the trusted access point in the background;
  • the trusted access point background is determined by the service platform according to the information of the access point;
  • the first verification result is determined by the trusted access point background according to the verification message
  • a first sending module 305 configured to send the verification message to the acquired access point
  • the second receiving module 306 is configured to receive a second verification result from the acquired access point, where
  • the comparing module 307 is configured to compare the second verification result with the first verification result, and when the comparison result meets the preset condition, confirm that the acquired access point is true.
  • the terminal for verifying the wireless local area network access point provided by the embodiment of the present invention identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
  • FIG. 4 is a schematic diagram of a service platform for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the service platform 401 may be one or more servers, and one or more interfaces are provided for the other devices to be called.
  • the service platform 401 is set on the network side.
  • the service platform 401 includes:
  • the third receiving module 402 is configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
  • a generating module 403, configured to generate a verification message according to the verification request
  • the determining module 404 is configured to determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
  • a second sending module 405, configured to send the verification message to the trusted access point background
  • the fourth receiving module 406 is configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
  • a third sending module 407 configured to send the verification message and the first verification result to the terminal, so that the terminal may obtain a second according to the first verification result and an access point acquired from the terminal Verification results are compared.
  • the service platform for verifying the wireless local area network access point provided by the embodiment of the present invention, before the terminal is connected to the access point, processes the verification request sent by the terminal, and sends the verification result to the terminal, where the terminal identifies the access point. Authenticity, protect users safely online.
  • FIG. 5 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the access point 501 includes: a fifth receiving module 502, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, and the verification message is used to enable the The access point obtains the second verification result from the background of the corresponding access point;
  • the fourth sending module 503 is configured to send a second verification result to the terminal, so that the terminal can compare the second verification result with the first verification result obtained by the terminal from the service platform.
  • the access point for verifying the WLAN access point provided by the embodiment of the present invention, before the connection service is provided to the terminal, processes the verification message sent by the terminal, and sends the verification result to the terminal, where the terminal identifies the access point. Authenticity, protect users safely online.
  • FIG. 6 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the access point backend 601 includes: a sixth receiving module 602, configured to receive a verification message from a service platform, where the verification message is generated by a service platform, where the verification message is used to obtain a request from the access point in the background a verification result;
  • the first generating module 603 is configured to generate a first verification result according to the verification message.
  • the fifth sending module 604 is configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can correspond to the first verification result and the terminal
  • the second verification result obtained by the access point in the background is compared.
  • the authentication point of the access point of the WLAN access point provided by the embodiment of the present invention is processed by the service platform before the connection service is provided to the terminal, and the verification result is sent to the terminal for the terminal to identify the access.
  • the authenticity of the point protects the user from surfing the Internet safely.
  • FIG. 7 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention.
  • a receiver 702 configured to acquire information about an access point
  • the processor 703 is configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and determine according to the information of the access point.
  • the receiver 702 is further configured to receive the verification message and the first verification result sent by the service platform;
  • the first verification result is obtained by the service platform from a trusted access point in the background;
  • the trusted access point background is determined by the service platform according to the information of the access point;
  • the first verification result is determined by the trusted access point in the background according to the verification message
  • the sender 704 is further configured to send the verification message to the acquired access point.
  • the receiver 702 is further configured to receive a second verification result from the acquired access point, where
  • the processor 703 is further configured to compare the second verification result with the first verification result, and when the comparison result meets a preset condition, confirm that the acquired access point is true.
  • FIG. 8 is a schematic diagram of a server for verifying a wireless local area network access point according to an embodiment of the present invention.
  • a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the server 801 provides one or more interfaces for external device calls, and the server 401 is configured on the network side. Specifically, the server 801 includes:
  • a receiver 802 configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
  • the processor 803 is configured to generate a verification message, and determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
  • a sender 804 configured to send the verification message to the trusted access point background
  • the receiver 802 is further configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
  • the transmitter 804 is further configured to send the verification message and the first verification result to the terminal, so that the terminal may compare the second verification result obtained by the terminal from the access point according to the first verification result.
  • FIG. 9 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
  • the access point 901 includes a receiver 902, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, and the verification message is used to enable the access
  • the point obtains the second verification result from the background of the corresponding access point;
  • the transmitter 903 is configured to send a second verification result to the terminal, so that the terminal can compare the second verification result with the first verification result obtained by the terminal from the service platform.
  • FIG. 10 is a schematic diagram showing an access point for verifying a wireless local area network access point according to an embodiment of the present invention. intention.
  • the access point background 111 includes: a receiver 112, configured to receive a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the access point to obtain the first verification result;
  • the processor 113 is configured to generate a first verification result according to the verification message.
  • the sender 114 is configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can connect the first verification result and the terminal from the corresponding
  • the second verification result obtained by the inbound background is compared.
  • the terminal, the server, the access point, and the access point background of the WLAN access point provided by the embodiment of the present invention are used to identify the request by initiating a verification request to the service platform of the core network before the terminal connects to the access point.
  • the authenticity of the access point protects the user from surfing the Internet safely.
  • a "module” as referred to in some embodiments of the invention is a combination of hardware and/or software that can implement the corresponding functions, that is, hardware, software, or a combination of software and hardware implementations are contemplated.

Abstract

Provided are a wireless local area network access point verification method, terminal, service platform, access point and access point background. The method comprises: a terminal obtaining information of an access point (S101), and initiating a verification request to a service platform (S102); the service platform generating, on the basis of the verification request, a verification message and determining a trusted access point background (S103); the service platform sending the verification message to the trusted access point background (S104); the trusted access point background sending, on the basis of the verification message, a first verification result to the service platform (S105); the service platform sending the verification message and the first verification result to the terminal (S106); the terminal sending the verification message to the access point (S107); when the terminal receives a second verification result sent by the access point, comparing the first verification result with the second verification result; and if the comparison result meets a preset condition, confirming the access point as true (S108).

Description

验证无线局域网接入点的方法、终端、服务平台、接入点和接入点后台Method for verifying WLAN access point, terminal, service platform, access point and access point background 技术领域Technical field
本发明涉及通信技术领域,尤其涉及验证无线局域网接入点的方法、终端、服务平台、接入点和接入点后台。The present invention relates to the field of communications technologies, and in particular, to a method, a terminal, a service platform, an access point, and an access point backend for authenticating a wireless local area network access point.
背景技术Background technique
在无线通信***中,语音、图像、视频、短消息、多媒体消息业务、数据业务等借助电磁波传播。目前,无线通信***包括多种业务类型,例如,全球移动通信***(Global System for Mobile Communication,GSM)或者通用移动通讯***(Universal Mobile Telecommunications System,UMTS)。除此之外,无线局域网(Wireless Local Area Network,WLAN)业务也成为了无线通信***的重要组成,WLAN业务覆盖的小区范围直径通常在几百米之内。WLAN业务是计算机网络与无线通信技术相结合的产物,它以无线多址信道作为传输媒介,利用电磁波完成数据交互,实现传统有线局域网的功能。In a wireless communication system, voice, image, video, short message, multimedia message service, data service, etc. are propagated by means of electromagnetic waves. Currently, wireless communication systems include a variety of service types, such as Global System for Mobile Communication (GSM) or Universal Mobile Telecommunications System (UMTS). In addition, the Wireless Local Area Network (WLAN) service has become an important component of the wireless communication system, and the cell range covered by the WLAN service is usually within a few hundred meters. WLAN service is a combination of computer network and wireless communication technology. It uses wireless multiple access channel as the transmission medium, and uses electromagnetic waves to complete data interaction to realize the functions of traditional wired LAN.
图1a示出了一种简化的WLAN业务模型。在WLAN业务中,终端101通过接入点(Access Point,AP)102与核心网103发生数据交互,其中,接入点102又称热点,核心网103是运营商为提供WLAN上网服务所设置的后台服务网络的统称,如图1b所示,核心网103包括认证、授权和计费等服务实体。对用户来说,只要搜索到可用的接入点102,就可以上网,给用户提供了极大的便利。Figure 1a shows a simplified WLAN service model. In the WLAN service, the terminal 101 interacts with the core network 103 through an access point (AP) 102. The access point 102 is also called a hotspot, and the core network 103 is set by the operator to provide a WLAN access service. As a general term for the background service network, as shown in FIG. 1b, the core network 103 includes service entities such as authentication, authorization, and accounting. For the user, as long as the available access point 102 is searched, the Internet can be accessed, which provides great convenience to the user.
然而,由于WLAN接入点设置中信道开放的特点,尤其是一些虚假WLAN的存在,使得用户数据在传播中容易被窃取,造成用户信息、财产的丢失。However, due to the open channel feature in the WLAN access point setting, especially the existence of some fake WLANs, user data is easily stolen during transmission, resulting in loss of user information and property.
发明内容Summary of the invention
本发明实施例提供验证无线局域网接入点的方法、终端、服务平台、接入点和接入点后台,用以解决现有技术中终端连接到虚假WLAN的技术问题。The embodiments of the present invention provide a method for verifying a wireless local area network access point, a terminal, a service platform, an access point, and an access point background, to solve the technical problem that the terminal is connected to the fake WLAN in the prior art.
第一方面,本发明实施例提供了一种验证无线局域网接入点的方法,所述方法应用于终端,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a terminal, and the method includes:
所述终端获取接入点的信息; The terminal acquires information of an access point;
所述终端向服务平台发起验证请求,其中所述验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息;The terminal initiates an authentication request to the service platform, where the verification request includes information of the access point, and the verification request is used to request the service platform to generate a verification message;
所述终端接收所述服务平台发送的所述验证消息和第一验证结果;其中Receiving, by the terminal, the verification message and the first verification result sent by the service platform;
所述第一验证结果由所述服务平台从可信的接入点后台获取;The first verification result is obtained by the service platform from a trusted access point in the background;
所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The first verification result is determined by the trusted access point background according to the verification message;
所述终端将所述验证消息发送给所述获取的接入点;Sending, by the terminal, the verification message to the acquired access point;
所述终端从所述获取的接入点接收第二验证结果,比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。Receiving, by the terminal, the second verification result from the obtained access point, comparing the second verification result with the first verification result, and when the comparison result satisfies a preset condition, confirming that the acquired access point is true.
在第一方面的第一种可能的实现方式中,所述验证消息包括以下任意一种:In a first possible implementation manner of the first aspect, the verification message includes any one of the following:
查询账号的开户状态,查询账号余额,查询账号有效期,查询账号的其他核心网业务状态属性。Query the account opening status, query the account balance, query the account validity period, and query other core network service status attributes of the account.
结合第一方面,或者第一方面第一种可能的实现方式,在第二种可能的实现方式中,当所述比较结果不满足预设条件时,确认所述获取的接入点为假,并将所述获取的接入点加入黑名单。With reference to the first aspect, or the first possible implementation manner of the first aspect, in a second possible implementation manner, when the comparison result does not meet the preset condition, confirm that the acquired access point is false, And adding the obtained access point to the blacklist.
第二方面,本发明实施例提供了一种验证无线局域网接入点的方法,所述方法应用于服务平台,所述方法包括:In a second aspect, an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a service platform, and the method includes:
所述服务平台从终端接收验证请求,所述验证请求包括所述终端获取的接入点的信息;The service platform receives an authentication request from a terminal, where the verification request includes information of an access point acquired by the terminal;
所述服务平台根据所述验证请求生成验证消息;The service platform generates a verification message according to the verification request;
所述服务平台根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台Determining, by the service platform, a trusted access point background corresponding to the information of the access point according to the information of the access point
所述服务平台将所述验证消息发送给所述可信的接入点后台;The service platform sends the verification message to the trusted access point background;
所述服务平台接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;Receiving, by the service platform, a first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
所述服务平台将所述验证消息和所述第一验证结果发送给所述终端,使得所述终端可以根据所述第一验证结果和从所述终端获取的接入点获得的第二验证结果比较。Sending, by the service platform, the verification message and the first verification result to the terminal, so that the terminal may obtain a second verification result according to the first verification result and an access point acquired from the terminal Comparison.
结合第二方面第一种可能的实现方式,在第一种可能的实现方式中,所述 服务平台根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台具体包括:With reference to the first possible implementation manner of the second aspect, in a first possible implementation manner, Determining, by the service platform, the trusted access point corresponding to the information of the access point according to the information of the access point, specifically includes:
在服务平台中存储了接入点与可信的接入点后台关系表,在所述关系表中包括接入点与对应的可信的接入点后台的对应关系,所述服务平台根据所述获取的接入点的信息,通过查询所述关系表,确定与所述接入点对应的可信的接入点后台。Storing an access point and a trusted access point background relationship table in the service platform, where the relationship table includes a correspondence between the access point and a corresponding trusted access point background, where the service platform is The information about the obtained access point is determined by querying the relationship table to determine a trusted access point background corresponding to the access point.
第三方面,本发明实施例提供了一种验证无线局域网接入点的方法,所述方法应用于接入点,所述方法包括:In a third aspect, an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to an access point, and the method includes:
接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;Receiving a verification message sent from the terminal, the verification message is sent to the terminal after the service platform is generated, and the verification message is used to enable the access point to obtain a second verification result from a background of the corresponding access point;
向所述终端发送所述第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。Transmitting the second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
第四方面,本发明实施例提供了一种验证无线局域网接入点的方法,所述方法应用于可信的接入点后台,所述方法包括:In a fourth aspect, an embodiment of the present invention provides a method for verifying a wireless local area network access point, where the method is applied to a trusted access point background, and the method includes:
从服务平台接收验证消息,所述验证消息是所述服务平台生成的,所述验证消息用于向所述可信的接入点后台请求获取第一验证结果;Receiving a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the trusted access point to obtain the first verification result in the background;
根据所述验证消息,生成第一验证结果;Generating a first verification result according to the verification message;
将所述第一验证结果发送给所述服务平台,以使得所述服务平台将所述第一验证结果发送给终端,并使得所述终端可以将所述第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。Sending the first verification result to the service platform, so that the service platform sends the first verification result to the terminal, and enables the terminal to correspond to the first verification result and the terminal The second verification result obtained by the access point in the background is compared.
第五方面,本发明实施例提供了一种验证无线局域网接入点的终端,所述终端包括:In a fifth aspect, an embodiment of the present invention provides a terminal for verifying a wireless local area network access point, where the terminal includes:
获取模块,用于获取接入点的信息;An obtaining module, configured to obtain information of an access point;
请求模块,用于向服务平台发起验证请求,其中所述验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息,并根据所述接入点的信息确定可信的接入点后台;a requesting module, configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and according to the information of the access point Determining the trusted access point backend;
第一接收模块,用于接收所述服务平台发送的所述验证消息和第一验证结果;其中a first receiving module, configured to receive the verification message and the first verification result sent by the service platform;
所述第一验证结果由所述服务平台从所述可信的接入点后台获取; The first verification result is obtained by the service platform from the trusted access point in the background;
所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The first verification result is determined by the trusted access point background according to the verification message;
第一发送模块,用于将所述验证消息发送给所述获取的接入点;a first sending module, configured to send the verification message to the acquired access point;
第二接收模块,用于从所述获取的接入点接收第二验证结果,a second receiving module, configured to receive a second verification result from the obtained access point, where
比较模块,用于比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。And a comparison module, configured to compare the second verification result with the first verification result, and confirm that the acquired access point is true when the comparison result satisfies a preset condition.
第六方面,本发明实施例提供了一种验证无线局域网接入点的服务平台,所述服务平台设置在网络侧,所述服务平台包括:In a sixth aspect, an embodiment of the present invention provides a service platform for verifying a wireless local area network access point, where the service platform is set on a network side, and the service platform includes:
第三接收模块,用于从终端接收验证请求,所述验证请求包括接入点的信息;a third receiving module, configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
生成模块,用于根据所述验证请求,生成验证消息;a generating module, configured to generate a verification message according to the verification request;
确定模块,用于根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台;a determining module, configured to determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
第二发送模块,用于将所述验证消息发送给所述可信的接入点后台;a second sending module, configured to send the verification message to the trusted access point background;
第四接收模块,用于接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;a fourth receiving module, configured to receive a first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
第三发送模块,用于将所述验证消息和所述第一验证结果发送给终端,使得所述终端可以根据所述第一验证结果和从所述终端获取的接入点获得的第二验证结果比较。a third sending module, configured to send the verification message and the first verification result to the terminal, so that the terminal may obtain the second verification according to the first verification result and an access point acquired from the terminal The results are compared.
第七方面,本发明实施例提供了一种验证无线局域网接入点的接入点,所述接入点包括:In a seventh aspect, an embodiment of the present invention provides an access point for verifying a wireless local area network access point, where the access point includes:
第五接收模块,用于接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;a fifth receiving module, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, where the verification message is used to make the access point from the corresponding access point Obtaining a second verification result in the background;
第四发送模块,用于向终端发送第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。And a fourth sending module, configured to send a second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
第八方面,本发明实施例提供了一种验证无线局域网接入点的接入点后台,所述接入点后台包括:In an eighth aspect, an embodiment of the present invention provides a background of an access point for verifying a wireless local area network access point, where the background of the access point includes:
第六接收模块,用于从服务平台接收验证消息,所述验证消息是服务平台生成的,所述验证消息用于向所述接入点后台请求获取第一验证结果; a sixth receiving module, configured to receive a verification message from the service platform, where the verification message is generated by the service platform, where the verification message is used to request the access point to obtain the first verification result in the background;
第一生成模块,用于根据所述验证消息,生成第一验证结果;a first generating module, configured to generate a first verification result according to the verification message;
第五发送模块,用于将所述第一验证结果发送给所述服务平台,以使得所述服务平台可以将该第一验证结果发给终端,使得终端可以将该第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。a fifth sending module, configured to send the first verification result to the service platform, so that the service platform may send the first verification result to the terminal, so that the terminal may use the first verification result and the The second verification result obtained by the terminal from the corresponding access point background is compared.
第九方面,本发明实施例提供了一种验证无线局域网接入点的终端,所述终端包括:A ninth aspect, an embodiment of the present invention provides a terminal for verifying a wireless local area network access point, where the terminal includes:
接收器,用于获取接入点的信息;a receiver for obtaining information of an access point;
处理器,用于向服务平台发起验证请求;其中验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息,并根据所述接入点的信息确定对应可信的接入点后台;a processor, configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and determine, according to the information of the access point, Trusted access point backend;
接收器,还用于接收所述服务平台发送的验证消息和第一验证结果;其中The receiver is further configured to receive the verification message and the first verification result sent by the service platform;
所述第一验证结果由所述服务平台从可信的接入点后台获取;The first verification result is obtained by the service platform from a trusted access point in the background;
所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
所述第一验证结果由所述可信的接入点后台根据所述验证消息确定的;The first verification result is determined by the trusted access point in the background according to the verification message;
发送器,还用于将所述验证消息发送给所述获取的接入点;The sender is further configured to send the verification message to the acquired access point;
接收器,还用于从所述获取的接入点接收第二验证结果,a receiver, configured to receive a second verification result from the obtained access point,
处理器,还用于比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。The processor is further configured to compare the second verification result with the first verification result, and when the comparison result satisfies a preset condition, confirm that the acquired access point is true.
第十方面,本发明实施例提供了一种验证无线局域网接入点的服务器,所述服务器设置在网络侧,对外提供一个或多个接口供其他设备调用,所述服务器包括:According to a tenth aspect, an embodiment of the present invention provides a server for verifying a wireless local area network access point, where the server is set on the network side, and one or more interfaces are externally provided for calling by other devices, where the server includes:
接收器,用于从终端接收验证请求,验证请求包括接入点的信息;a receiver, configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
处理器,用于生成验证消息;并根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台;a processor, configured to generate a verification message; and, according to the information of the access point, determine a trusted access point background corresponding to the information of the access point;
发送器,用于将所述验证消息发送给所述可信的接入点后台;a sender, configured to send the verification message to the trusted access point background;
接收器,还用于接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The receiver is further configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
发送器,用于将所述验证消息和所述第一验证结果发送给终端,使得所述终端可以根据所述第一验证结果和终端从接入点获得的第二验证结果比较。And a transmitter, configured to send the verification message and the first verification result to the terminal, so that the terminal may compare the second verification result obtained by the terminal from the access point according to the first verification result.
第十一方面,本发明实施例提供了一种验证无线局域网接入点的接入点, 所述接入点包括:In an eleventh aspect, an embodiment of the present invention provides an access point for verifying a wireless local area network access point. The access point includes:
接收器,用于接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;a receiver, configured to receive a verification message sent from the terminal, where the verification message is sent to the terminal after being generated by the service platform, where the verification message is used to obtain the access point from the corresponding access point in the background Second verification result;
发送器,用于向终端发送第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。And a transmitter, configured to send a second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
第十二方面,本发明实施例提供了一种验证无线局域网接入点的接入点后台,所述接入点后台包括:According to a twelfth aspect, an embodiment of the present invention provides a background of an access point for verifying a wireless local area network access point, where the background of the access point includes:
接收器,用于从服务平台接收验证消息,所述验证消息是服务平台生成的,所述验证消息用于向所述接入点后台请求获取第一验证结果;a receiver, configured to receive a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the access point to obtain the first verification result in the background;
处理器,用于根据验证消息,生成第一验证结果;a processor, configured to generate a first verification result according to the verification message;
发送器,用于将第一验证结果发送给服务平台,以使得所述服务平台可以将该第一验证结果发给终端,使得终端可以将该第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。a transmitter, configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can obtain the first verification result and the terminal from the corresponding access The second verification result obtained by the background is compared.
采用本发明实施例提供的验证无线局域网接入点的方法、终端、服务平台、接入点和接入点后台,在终端连接到接入点前,通过向核心网的服务平台发起验证请求的方式,识别出接入点的真伪,保护用户安全上网。The method for verifying a wireless local area network access point, the terminal, the service platform, the access point, and the access point background provided by the embodiment of the present invention, before the terminal is connected to the access point, initiates an authentication request to the service platform of the core network. The method identifies the authenticity of the access point and protects the user from surfing the Internet.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获取其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings to be used in the embodiments will be briefly described below. Obviously, the drawings in the following description are some of the present invention. For the embodiments, those skilled in the art can obtain other drawings according to the drawings without any creative labor.
图1a为现有技术中的WLAN业务模型示意图;1a is a schematic diagram of a WLAN service model in the prior art;
图1b为现有技术中的核心网示意图;1b is a schematic diagram of a core network in the prior art;
图2为本发明实施例提供的一种验证无线局域网接入点的方法流程图;2 is a flowchart of a method for verifying a wireless local area network access point according to an embodiment of the present invention;
图3为本发明实施例提供的一种验证无线局域网接入点的终端示意图;FIG. 3 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present disclosure;
图4为本发明实施例提供的一种验证无线局域网接入点的服务平台示意图;4 is a schematic diagram of a service platform for verifying a wireless local area network access point according to an embodiment of the present invention;
图5为本发明实施例提供的一种验证无线局域网接入点的接入点示意图;FIG. 5 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention;
图6为本发明实施例提供的一种验证无线局域网接入点的接入点后台示意 图;FIG. 6 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention Figure
图7为本发明实施例提供的一种验证无线局域网接入点的终端示意图;FIG. 7 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention;
图8为本发明实施例提供的一种验证无线局域网接入点的服务器示意图;FIG. 8 is a schematic diagram of a server for verifying a wireless local area network access point according to an embodiment of the present invention; FIG.
图9为本发明实施例提供的一种验证无线局域网接入点的接入点示意图;FIG. 9 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention;
图10为本发明实施例提供的一种验证无线局域网接入点的接入点后台示意图。FIG. 10 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获取的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without departing from the inventive scope are the scope of the present invention.
在本发明所有实施例中,终端包括但不限于具有无线通信功能的手机、个人数字助理(Personal Digital Assistant,PDA)、平板电脑、便携设备(例如,便携式计算机)、可穿戴手表、手环,工作站(Station,STA)、用户设备(User Equipment,UE)等,本发明实施例对此并不限定。In all embodiments of the present invention, the terminal includes, but is not limited to, a mobile phone having a wireless communication function, a Personal Digital Assistant (PDA), a tablet, a portable device (for example, a portable computer), a wearable watch, a wristband, The workstation (STA), the user equipment (UE), and the like are not limited in this embodiment of the present invention.
在本发明所有实施例中,接入点是指通过无线媒体,提供分布式业务接入功能的实体,接入点支持一个或多个终端的无线接入,并将该无线接入网络连接到核心网。In all embodiments of the present invention, an access point refers to an entity that provides distributed service access functions through a wireless medium, the access point supports wireless access of one or more terminals, and connects the wireless access network to Core Network.
本发明实施例提供的方法包括:终端获取接入点的信息;终端向服务平台发起验证请求,其中所述验证请求包括获取的接入点的信息,所述验证请求用于请求所述服务平台生成验证消息并根据所述接入点的信息确定可信的接入点后台;服务平台接收验证请求,生成验证消息,并根据所述接入点的信息确定可信的接入点后台。服务平台将生成的验证消息发送给确定的可信的接入点后台;可信的接入点后台根据所述验证消息,生成并发送第一验证结果给服务平台;所述服务平台把验证消息和第一验证结果发送给终端;所述终端向发起验证请求的所述接入点发送该接入点生成的验证消息,当所述终端收到所述接入点根据所述验证消息返回的第二验证结果时,比较第一验证结果和第二验证结果,当比较结果满足预设条件时,确认所述接入点为真。 The method provided by the embodiment of the present invention includes: the terminal acquires information of the access point; the terminal initiates an authentication request to the service platform, where the verification request includes information of the acquired access point, and the verification request is used to request the service platform. Generating a verification message and determining a trusted access point background according to the information of the access point; the service platform receives the verification request, generates a verification message, and determines a trusted access point background according to the information of the access point. The service platform sends the generated verification message to the determined trusted access point background; the trusted access point background generates and sends the first verification result to the service platform according to the verification message; the service platform puts the verification message Transmitting, by the terminal, the verification message generated by the access point to the access point that initiates the verification request, where the terminal receives the verification message returned by the access point according to the verification message. When the second verification result is compared, the first verification result and the second verification result are compared, and when the comparison result satisfies the preset condition, the access point is confirmed to be true.
采用本发明实施例提供的验证无线局域网接入点的方法,在终端连接到接入点前,通过向核心网的服务平台发起验证请求的方式,识别出接入点的真伪,保护用户安全上网。The method for verifying a wireless local area network access point provided by the embodiment of the present invention identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
图2为本发明实施例提供的一种验证无线局域网接入点的方法流程图。结合图2,具体介绍如下:FIG. 2 is a flowchart of a method for verifying a wireless local area network access point according to an embodiment of the present invention. Combined with Figure 2, the details are as follows:
S101,终端获取接入点的信息;S101. The terminal acquires information about an access point.
终端可以在其开机时,或者当其收到开启WLAN功能的指令时,或者在其WLAN功能开启后,根据程序的设定,定时或者不定时的扫描可用的接入点。这些扫描到的可用的接入点通常位于终端周围的一定范围内。当扫描到可用的接入点后,终端获取这些接入点的信息。The terminal can scan for available access points periodically or irregularly according to the program settings when it is powered on, or when it receives an instruction to enable the WLAN function, or after its WLAN function is turned on. These scanned access points are typically located within a certain range around the terminal. After scanning for available access points, the terminal obtains information about these access points.
所述接入点的信息包括接入点的服务集标识(Service Set Identifier,SSID),接入点的媒体接入控制地址(Media Access Control Address,MAC),频段号和/或WLAN芯片厂商代码等。The information of the access point includes an Service Set Identifier (SSID) of the access point, a Media Access Control Address (MAC) of the access point, a frequency band number, and/or a WLAN chip vendor code. Wait.
可以理解的,当终端在不同的时间、不同的地方,扫描到的接入点可能不同。例如,当用户在家中,终端扫描到的接入点包括:“home_ap”,“Netget”等,当用户在公司,终端扫描到的接入点包括:“lab_ap”,“huawei_ap”等。其中的“home_ap”,“Netget”,“lab_ap”,“huawei_ap”等都是接入点的SSID。It can be understood that when the terminal is at different times and in different places, the scanned access points may be different. For example, when the user is at home, the access points scanned by the terminal include: "home_ap", "Netget", etc., when the user is at the company, the access points scanned by the terminal include: "lab_ap", "huawei_ap", and the like. The "home_ap", "Netget", "lab_ap", "huawei_ap", etc. are all SSIDs of the access point.
可选的,对于带有显示屏的终端,当其获取到接入点的信息后,将接入点的信息以可视化的方式呈现给用户。当终端扫描到多个接入点后,多个接入点的信息则以列表的方式呈现在显示屏上。Optionally, for the terminal with the display, after acquiring the information of the access point, the information of the access point is presented to the user in a visual manner. After the terminal scans multiple access points, the information of multiple access points is presented in a list on the display screen.
S102,终端向服务平台发起验证请求;其中验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息并根据所述接入点的信息确定可信的接入点后台;S102: The terminal initiates an authentication request to the service platform, where the verification request includes information about the access point, where the verification request is used to request the service platform to generate a verification message and determine a trusted connection according to the information of the access point. In the background;
在本发明实施例中,服务平台是位于核心网内的一个服务实体,类似于现有技术中核心网内的认证、鉴权等服务实体,服务平台用于提供本发明实施例中的验证无线局域网接入点真伪的部分功能。在本发明实施例中,服务平台可以是核心网内新增加的一个独立服务实体,或者,服务平台的部分或者全部功能利用现有技术中的一个或多个服务实体实现。In the embodiment of the present invention, the service platform is a service entity located in the core network, and is similar to the service entity such as authentication and authentication in the core network in the prior art. The service platform is used to provide the verification wireless in the embodiment of the present invention. Part of the function of the authenticity of the LAN access point. In the embodiment of the present invention, the service platform may be a newly added independent service entity in the core network, or part or all of the functions of the service platform may be implemented by using one or more service entities in the prior art.
服务平台包括接收器、处理器、发送器等。其中,接收器用于接收来自终 端的验证请求;接收器包括射频接收电路等。The service platform includes a receiver, a processor, a transmitter, and the like. Wherein the receiver is used to receive from the end The verification request of the terminal; the receiver includes a radio frequency receiving circuit and the like.
处理器用于处理接收器收到的验证请求,并根据收到的验证请求生成验证消息。处理器包括基带电路,基带电路由集成电路和/或分立元件组成。The processor is configured to process the verification request received by the receiver and generate a verification message according to the received verification request. The processor includes a baseband circuit that is comprised of integrated circuits and/or discrete components.
可选的,在终端向服务平台发起验证请求之前或者同时,终端向服务平台发起注册请求,使终端和服务平台间建立通信路径。所述注册请求是一段消息、代码或者数据流,在所述注册请求中,包括了终端的信息,例如:终端用户识别模块(Subscriber Identity Module,SIM)卡的信息、终端的MAC地址等。在完成注册后,服务平台和已注册的终端间建立关系,并向已注册的终端提供服务。Optionally, before the terminal initiates the verification request to the service platform, or at the same time, the terminal initiates a registration request to the service platform, so that a communication path is established between the terminal and the service platform. The registration request is a message, a code or a data stream, and the registration request includes information about the terminal, such as information of a Subscriber Identity Module (SIM) card, a MAC address of the terminal, and the like. After the registration is completed, the service platform establishes a relationship with the registered terminal and provides services to the registered terminal.
可选的,终端通过移动数据网络、蓝牙、红外、数据线、近距离无线通信等方式向服务平台发起注册请求和/或验证请求。Optionally, the terminal initiates a registration request and/or a verification request to the service platform by using a mobile data network, Bluetooth, infrared, data line, short-range wireless communication, and the like.
可选的,在终端将接入点的信息发送给服务平台的过程中,终端先对接入点的信息进行编码,生成接入点列表,然后,服务平台在接收到接入点列表后进行解码,还原出接入点的信息。Optionally, in the process that the terminal sends the information of the access point to the service platform, the terminal first encodes the information of the access point to generate a list of access points, and then the service platform performs the list of the access points. Decode and restore the information of the access point.
在本发明实施例中,验证请求是一段消息、代码或者数据流等,在所述验证请求中至少包括了终端获取到的接入点的信息,所述验证请求用于请求所述服务平台生成验证消息并根据所述接入点的信息确定可信的接入点后台。In the embodiment of the present invention, the verification request is a piece of a message, a code, or a data stream, and the like, and the verification request includes at least information of an access point acquired by the terminal, where the verification request is used to request the service platform to generate The message is verified and a trusted access point backend is determined based on the information of the access point.
S103,服务平台接收验证请求,生成验证消息,并根据所述接入点的信息确定可信的接入点后台。S103. The service platform receives the verification request, generates a verification message, and determines a trusted access point background according to the information of the access point.
所述验证请求包括了接入点的SSID、接入点的MAC地址等,服务平台从验证请求中读取下述信息,即:终端请求所述服务平台生成验证消息。可以理解的,如果只有一个接入点,则生成对应该接入点的信息的验证消息,如果有多个接入点,则分别生成对应这多个接入点的信息的验证消息。每个接入点的验证消息可以是一条,也可以是多条,本发明实施例对此不做限制。The verification request includes the SSID of the access point, the MAC address of the access point, and the like, and the service platform reads the following information from the verification request, that is, the terminal requests the service platform to generate the verification message. It can be understood that if there is only one access point, a verification message corresponding to the information of the access point is generated, and if there are multiple access points, a verification message corresponding to the information of the multiple access points is generated respectively. The authentication message of each access point may be one, or may be multiple, which is not limited in this embodiment of the present invention.
验证消息是一段消息、代码或者数据流等,可选的,验证消息包括:查询账号的开户状态,查询账号余额,查询账号有效期,查询账号的其他核心网业务状态属性。其中,其他核心网业务状态属性包括计费、开户、出账单等状态属性。需要说明的是,所述账号可以是所述终端对应的账号,也可以是与所述终端无关的账号,例如,所述账号可以是服务平台随机选择的一个用于测试的账号。 The verification message is a piece of message, code or data stream. Optionally, the verification message includes: checking the account opening status, querying the account balance, querying the account validity period, and querying other core network service status attributes of the account. Among them, other core network service status attributes include status attributes such as billing, account opening, and billing. It should be noted that the account number may be an account corresponding to the terminal, or may be an account unrelated to the terminal. For example, the account may be an account selected by the service platform for testing.
验证请求和验证消息有对应的关系,这种关系可以是一一对应的,也可以是不同的验证请求对应相同的验证消息,可选的,在服务平台中存储了验证消息表,验证消息表中包括了验证消息。当服务平台接收到验证请求后,会调用验证消息表中的验证消息。例如,在验证消息表中包括“查询账户为130xxxxxxxx的余额”的验证消息,则当服务平台接收到的终端发送的验证请求后,调用验证消息表,生成验证消息:“查询账户为130xxxxxxxx的余额”。验证消息表可以预置在服务平台中,也可以由核心网定时或不定时的更新后发送给服务平台。可选的,验证请求中包含验证请求发起的时刻,或者验证请求到达的时刻,服务平台可以对不同时刻获得的验证请求,生成不同的验证消息。The verification request and the verification message have a corresponding relationship, and the relationship may be one-to-one correspondence, or different verification requests may correspond to the same verification message. Optionally, the verification message table is stored in the service platform, and the verification message table is A verification message is included. When the service platform receives the verification request, it will invoke the verification message in the verification message table. For example, in the verification message table, the verification message of “checking the balance of the account is 130xxxxxxxx” is included, and after the verification request sent by the terminal received by the service platform, the verification message table is invoked to generate a verification message: “the balance of the query account is 130xxxxxxxx. ". The verification message table may be preset in the service platform, or may be sent to the service platform by the core network after being updated periodically or irregularly. Optionally, the verification request includes a time when the verification request is initiated, or a time when the verification request arrives, and the service platform may generate different verification messages for the verification request obtained at different times.
在服务平台根据接入点的信息,确定与接入点的信息对应的可信的接入点后台的步骤中,可选的,在服务平台中存储了接入点-接入点后台关系表,在接入点-接入点后台关系表中包括接入点与对应的可信的接入点后台的真实的对应关系。服务平台根据获取的接入点的信息,可以通过查询接入点-接入点后台关系表,确定对应的可信的接入点后台。另外,服务平台和可信的接入点后台间的连接是安全、可控的,服务平台从可信的接入点后台查询到的信息是安全、可信的。其中,可信的接入点后台用于管理接入点,可信的接入点后台包括数据库,可以提供***管理、在线统计、I P地址管理、日志管理等功能。In the step of determining, by the service platform, the trusted access point background corresponding to the information of the access point according to the information of the access point, optionally, the access point-access point background relationship table is stored in the service platform. The real-time correspondence between the access point and the corresponding trusted access point background is included in the access point-access point background relationship table. The service platform may determine the corresponding trusted access point background by querying the access point-access point background relationship table according to the obtained information of the access point. In addition, the connection between the service platform and the trusted access point background is secure and controllable, and the information that the service platform queries from the trusted access point is safe and credible. The trusted access point is used to manage the access point in the background, and the trusted access point includes a database in the background, which can provide functions such as system management, online statistics, IP address management, and log management.
接入点-接入点后台关系表可以预置在服务平台中,也可以由核心网周期性的更新后发送给服务平台。The access point-access point background relationship table may be preset in the service platform, or may be periodically updated by the core network and sent to the service platform.
例如,在接入点-接入点后台关系表中包括了表一所示的对应关系:For example, the correspondence relationship shown in Table 1 is included in the access point-access point background relationship table:
表一,接入点-接入点后台关系表:Table 1, access point-access point background relationship table:
接入点Access Point 可信的接入点后台Trusted access point background
CMCCCMCC CMCC后台CMCC background
ChinaNetChinaNet ChinaNet后台ChinaNet background
当服务平台收到的接入点的信息包括CMCC时,则通过查表,确认对应的后台是CMCC后台。When the information of the access point received by the service platform includes the CMCC, the table is checked to confirm that the corresponding background is the CMCC background.
S104,服务平台将验证消息发送给可信的接入点后台;.S104. The service platform sends the verification message to the trusted access point backend.
服务平台除了包括接收器、处理器外,还包括发送器等。The service platform includes a transmitter and the like in addition to a receiver and a processor.
其中,发送器用于将验证消息发送给可信的接入点后台;发送器包括射频 发送电路等。接收器和发送器可以是分别的电路,也可以有部分共用的电路,对此本发明实施例不做限制。Wherein, the sender is configured to send the verification message to the trusted access point background; the transmitter includes the radio frequency Sending circuit, etc. The receiver and the transmitter may be separate circuits, and may also have a partially shared circuit, which is not limited in this embodiment of the present invention.
可选的,服务平台通过互联网或者专线(VPN)和可信的接入点后台交互。Optionally, the service platform interacts with the trusted access point in the background via the Internet or a private line (VPN).
S105,可信的接入点后台根据验证消息,发送第一验证结果给服务平台;S105. The trusted access point sends a first verification result to the service platform according to the verification message.
可选的,当可信的接入点后台收到一条验证消息,则发送一条第一验证结果;当收到多条验证消息,则分别发送多条第一验证结果。Optionally, when the trusted access point receives an authentication message in the background, a first verification result is sent; when multiple verification messages are received, multiple first verification results are sent respectively.
例如,当验证消息是“查询账户为130xxxxxxxx的余额”,发送的第一验证结果是“余额:39rmb”。当验证消息是“查询账户为189xxxxxxxx的余额”,发送的第一验证结果是“余额:15rmb”。For example, when the verification message is "the balance of the query account is 130xxxxxxxx", the first verification result sent is "balance: 39rmb". When the verification message is "the balance of the query account is 189xxxxxxxx", the first verification result sent is "balance: 15rmb".
可选的,可信的接入点后台存储终端的信息,接入点的信息,验证请求,验证消息和/或第一验证结果。Optionally, the trusted access point stores the information of the terminal, the information of the access point, the verification request, the verification message and/or the first verification result.
S106,所述服务平台把验证消息和第一验证结果发送给终端;S106. The service platform sends the verification message and the first verification result to the terminal.
具体的,服务平台把S105中发送的第一验证结果和S103中的验证消息发送给终端。Specifically, the service platform sends the first verification result sent in S105 and the verification message in S103 to the terminal.
也就是说,终端收到的验证消息和可信的接入点后台收到的验证消息是相同的。而第一验证结果是由可信的接入点后台生成后通过服务平台转发给终端的。That is to say, the verification message received by the terminal and the verification message received by the trusted access point in the background are the same. The first verification result is generated by the trusted access point in the background and then forwarded to the terminal through the service platform.
可选的,服务平台将验证消息和第一验证结果编码后发送给终端,终端在收到上述信息后解码,还原出第一验证结果和验证消息。Optionally, the service platform sends the verification message and the first verification result to the terminal, and the terminal decodes the information after receiving the information, and restores the first verification result and the verification message.
可选的,服务平台存储终端的信息,接入点的信息,验证请求,验证消息和/或第一验证结果。Optionally, the service platform stores information of the terminal, information of the access point, a verification request, a verification message, and/or a first verification result.
S107,所述终端向所述接入点发送验证消息,S107. The terminal sends a verification message to the access point.
具体的,终端将S106中收到的验证消息发送给S101中所述的接入点。Specifically, the terminal sends the verification message received in S106 to the access point described in S101.
可以理解的,如果有多条对应不同接入点的验证消息,终端会将对应不同接入点的验证消息分别发送给对应的接入点。It can be understood that if there are multiple verification messages corresponding to different access points, the terminal sends the verification messages corresponding to different access points to the corresponding access points.
S108,当所述终端收到所述接入点发送的第二验证结果时,比较第一验证结果和第二验证结果,当比较结果满足预设条件时,确认所述接入点为真。S108. When the terminal receives the second verification result sent by the access point, compare the first verification result with the second verification result, and when the comparison result meets the preset condition, confirm that the access point is true.
对真实的接入点而言,当其收到终端发来的验证消息后,它会向终端返回第二验证结果,该第二验证结果应该与第一验证结果满足预设条件,例如,两者相同。 For a real access point, after receiving the verification message sent by the terminal, it returns a second verification result to the terminal, and the second verification result should meet the preset condition with the first verification result, for example, two The same.
比较第一验证结果和第二验证结果是否满足预设条件可以采用哈希算法、循环校验码等方式。The method of comparing the first verification result and the second verification result to the preset condition may adopt a hash algorithm, a loop check code, or the like.
可选的,终端存储获取的接入点的信息,服务平台的信息,验证请求,验证消息,第一验证结果和/或第二验证结果。Optionally, the terminal stores the obtained information of the access point, the information of the service platform, the verification request, the verification message, the first verification result, and/or the second verification result.
或,S109,当所述终端未收到所述接入点发送的第二验证结果,或比较结果不满足预设条件时,确认所述接入点为假。Or, S109, when the terminal does not receive the second verification result sent by the access point, or the comparison result does not satisfy the preset condition, confirm that the access point is false.
所述比较结果满足预设条件,包括第一验证结果和第二验证结果完全相同,或者第一验证结果和第二验证结果的相似程度大于或大于等于一个阈值,该阈值可以设置为95%,90%或85.1%等。The comparison result satisfies the preset condition, and the first verification result and the second verification result are completely the same, or the degree of similarity between the first verification result and the second verification result is greater than or equal to a threshold, and the threshold may be set to 95%. 90% or 85.1%, etc.
可以理解的,对伪接入点而言,一种情况是,它有可能并没有对应任何接入点后台,所以当它收到终端发来的验证消息时,没有办法把该验证消息发送给对应的接入点后台,所以也就没有办法向终端发送任何验证结果。另外一种情况是,伪接入点还对应伪接入点后台,但是伪接入点后台无法向伪接入点发送与可信的接入点后台生成的相同的验证结果,通过这种方式可以确认接入点为伪接入点。It can be understood that, for a pseudo access point, in one case, it may not correspond to any access point background, so when it receives the verification message sent by the terminal, there is no way to send the verification message to The corresponding access point is in the background, so there is no way to send any verification result to the terminal. In another case, the pseudo access point also corresponds to the background of the pseudo access point, but the pseudo access point cannot send the same verification result to the pseudo access point in the background generated by the trusted access point. It can be confirmed that the access point is a pseudo access point.
采用本发明实施例提供的验证无线局域网接入点的方法,在终端连接到接入点前,通过向核心网的服务平台发起验证请求的方式,识别出接入点的真伪,保护用户安全上网。The method for verifying a wireless local area network access point provided by the embodiment of the present invention identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
可选的,为了减少终端后续的重复扫描,对S109中确认为假的接入点,终端标记为假接入点,加入到黑名单中,后续不再验证已标记的假接入点。Optionally, in order to reduce the subsequent repeated scanning of the terminal, the access point that is confirmed as false in S109 is marked as a fake access point, and is added to the blacklist, and the marked fake access point is not verified subsequently.
参考图3,图3为本发明实施例提供的一种验证无线局域网接入点的终端示意图。该终端301包括:Referring to FIG. 3, FIG. 3 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention. The terminal 301 includes:
获取模块302,用于获取接入点的信息;An obtaining module 302, configured to acquire information about an access point;
请求模块303,用于向服务平台发起验证请求;其中所述验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息,并根据所述接入点的信息确定可信的接入点后台;The requesting module 303 is configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and according to the access point Information identifies the trusted access point backend;
第一接收模块304,用于接收所述服务平台发送的所述验证消息和第一验证结果;其中The first receiving module 304 is configured to receive the verification message and the first verification result sent by the service platform;
所述第一验证结果由所述服务平台从所述可信的接入点后台获取;The first verification result is obtained by the service platform from the trusted access point in the background;
所述可信的接入点后台由所述服务平台根据所述接入点的信息确定; The trusted access point background is determined by the service platform according to the information of the access point;
所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The first verification result is determined by the trusted access point background according to the verification message;
第一发送模块305,用于将所述验证消息发送给所述获取的接入点;a first sending module 305, configured to send the verification message to the acquired access point;
第二接收模块306,用于从所述获取的接入点接收第二验证结果,The second receiving module 306 is configured to receive a second verification result from the acquired access point, where
比较模块307,用于比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。The comparing module 307 is configured to compare the second verification result with the first verification result, and when the comparison result meets the preset condition, confirm that the acquired access point is true.
本发明实施例中没有详述的内容可以参考方法实施例中的相关描述。For details not described in the embodiments of the present invention, reference may be made to related descriptions in the method embodiments.
采用本发明实施例提供的验证无线局域网接入点的终端,在终端连接到接入点前,通过向核心网的服务平台发起验证请求的方式,识别出接入点的真伪,保护用户安全上网。The terminal for verifying the wireless local area network access point provided by the embodiment of the present invention identifies the authenticity of the access point and protects the user's security by initiating an authentication request to the service platform of the core network before the terminal connects to the access point. Go online.
参考图4,图4为本发明实施例提供的一种验证无线局域网接入点的服务平台示意图。Referring to FIG. 4, FIG. 4 is a schematic diagram of a service platform for verifying a wireless local area network access point according to an embodiment of the present invention.
该服务平台401可以是一个或多个服务器,对外提供一个或多个接口供其他设备调用,服务平台401设置在网络侧,具体的,该服务平台401包括:The service platform 401 may be one or more servers, and one or more interfaces are provided for the other devices to be called. The service platform 401 is set on the network side. Specifically, the service platform 401 includes:
第三接收模块402,用于从终端接收验证请求,所述验证请求包括接入点的信息;The third receiving module 402 is configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
生成模块403,用于根据所述验证请求,生成验证消息;a generating module 403, configured to generate a verification message according to the verification request;
确定模块404,用于根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台;The determining module 404 is configured to determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
第二发送模块405,用于将所述验证消息发送给所述可信的接入点后台;a second sending module 405, configured to send the verification message to the trusted access point background;
第四接收模块406,用于接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The fourth receiving module 406 is configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
第三发送模块407,用于将所述验证消息和所述第一验证结果发送给终端,使得所述终端可以根据所述第一验证结果和从所述终端获取的接入点获得的第二验证结果比较。a third sending module 407, configured to send the verification message and the first verification result to the terminal, so that the terminal may obtain a second according to the first verification result and an access point acquired from the terminal Verification results are compared.
本发明实施例中没有详述的内容可以参考方法实施例中的相关描述。For details not described in the embodiments of the present invention, reference may be made to related descriptions in the method embodiments.
采用本发明实施例提供的验证无线局域网接入点的服务平台,在终端连接到接入点前,通过处理终端发来的验证请求,并将验证结果发送给终端,供终端识别接入点的真伪,保护用户安全上网。The service platform for verifying the wireless local area network access point provided by the embodiment of the present invention, before the terminal is connected to the access point, processes the verification request sent by the terminal, and sends the verification result to the terminal, where the terminal identifies the access point. Authenticity, protect users safely online.
参考图5,图5为本发明实施例提供的一种验证无线局域网接入点的接入点示意图。 Referring to FIG. 5, FIG. 5 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
所述接入点501包括,第五接收模块502,用于接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;The access point 501 includes: a fifth receiving module 502, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, and the verification message is used to enable the The access point obtains the second verification result from the background of the corresponding access point;
第四发送模块503,用于向终端发送第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。The fourth sending module 503 is configured to send a second verification result to the terminal, so that the terminal can compare the second verification result with the first verification result obtained by the terminal from the service platform.
本发明实施例中没有详述的内容可以参考方法实施例中的相关描述。For details not described in the embodiments of the present invention, reference may be made to related descriptions in the method embodiments.
采用本发明实施例提供的验证无线局域网接入点的接入点,在向终端提供连接服务之前,通过处理终端发来的验证消息,并将验证结果发送给终端,供终端识别接入点的真伪,保护用户安全上网。The access point for verifying the WLAN access point provided by the embodiment of the present invention, before the connection service is provided to the terminal, processes the verification message sent by the terminal, and sends the verification result to the terminal, where the terminal identifies the access point. Authenticity, protect users safely online.
参考图6,图6为本发明实施例提供的一种验证无线局域网接入点的接入点后台示意图。Referring to FIG. 6, FIG. 6 is a schematic diagram of a background of an access point for verifying a wireless local area network access point according to an embodiment of the present invention.
所述接入点后台601包括:第六接收模块602,用于从服务平台接收验证消息,所述验证消息是服务平台生成的,所述验证消息用于向所述接入点后台请求获取第一验证结果;The access point backend 601 includes: a sixth receiving module 602, configured to receive a verification message from a service platform, where the verification message is generated by a service platform, where the verification message is used to obtain a request from the access point in the background a verification result;
第一生成模块603,用于根据验证消息,生成第一验证结果;The first generating module 603 is configured to generate a first verification result according to the verification message.
第五发送模块604,用于将第一验证结果发送给服务平台,以使得所述服务平台可以将该第一验证结果发给终端,使得终端可以将该第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。The fifth sending module 604 is configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can correspond to the first verification result and the terminal The second verification result obtained by the access point in the background is compared.
本发明实施例中没有详述的内容可以参考方法实施例中的相关描述。For details not described in the embodiments of the present invention, reference may be made to related descriptions in the method embodiments.
采用本发明实施例提供的验证无线局域网接入点的接入点后台,在向终端提供连接服务之前,通过处理服务平台发来的验证消息,并将验证结果发送给终端,供终端识别接入点的真伪,保护用户安全上网。The authentication point of the access point of the WLAN access point provided by the embodiment of the present invention is processed by the service platform before the connection service is provided to the terminal, and the verification result is sent to the terminal for the terminal to identify the access. The authenticity of the point protects the user from surfing the Internet safely.
图7为本发明实施例提供的一种验证无线局域网接入点的终端示意图;包括:FIG. 7 is a schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention;
接收器702,用于获取接入点的信息;a receiver 702, configured to acquire information about an access point;
处理器703,用于向服务平台发起验证请求;其中验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息,并根据所述接入点的信息确定对应的可信的接入点后台;The processor 703 is configured to initiate an authentication request to the service platform, where the verification request includes information of the access point, where the verification request is used to request the service platform to generate a verification message, and determine according to the information of the access point. Corresponding trusted access point background;
接收器702,还用于接收所述服务平台发送的验证消息和第一验证结果;其中 The receiver 702 is further configured to receive the verification message and the first verification result sent by the service platform;
所述第一验证结果由所述服务平台从可信的接入点后台获取;The first verification result is obtained by the service platform from a trusted access point in the background;
所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
所述第一验证结果由所述可信的接入点后台根据所述验证消息确定的;The first verification result is determined by the trusted access point in the background according to the verification message;
发送器704,还用于将所述验证消息发送给所述获取的接入点;The sender 704 is further configured to send the verification message to the acquired access point.
接收器702,还用于从所述获取的接入点接收第二验证结果,The receiver 702 is further configured to receive a second verification result from the acquired access point, where
处理器703,还用于比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。The processor 703 is further configured to compare the second verification result with the first verification result, and when the comparison result meets a preset condition, confirm that the acquired access point is true.
可选的,在接收器702、发送器704和处理器703之间有总线连接。Optionally, there is a bus connection between the receiver 702, the transmitter 704, and the processor 703.
图8为本发明实施例提供的一种验证无线局域网接入点的服务器示意图。FIG. 8 is a schematic diagram of a server for verifying a wireless local area network access point according to an embodiment of the present invention.
本发明实施例提供的一种验证无线局域网接入点的终端示意图。A schematic diagram of a terminal for verifying a wireless local area network access point according to an embodiment of the present invention.
该服务器801,对外提供一个或多个接口供其他设备调用,服务器401设置在网络侧,具体的,该服务器801包括:The server 801 provides one or more interfaces for external device calls, and the server 401 is configured on the network side. Specifically, the server 801 includes:
接收器802,用于从终端接收验证请求,验证请求包括接入点的信息;a receiver 802, configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
处理器803,用于生成验证消息;并根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台;The processor 803 is configured to generate a verification message, and determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
发送器804,用于将所述验证消息发送给所述可信的接入点后台;a sender 804, configured to send the verification message to the trusted access point background;
接收器802,还用于接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The receiver 802 is further configured to receive the first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
发送器804,还用于将所述验证消息和所述第一验证结果发送给终端,使得所述终端可以根据所述第一验证结果和终端从接入点获得的第二验证结果比较。The transmitter 804 is further configured to send the verification message and the first verification result to the terminal, so that the terminal may compare the second verification result obtained by the terminal from the access point according to the first verification result.
可选的,在接收器802、发送器804和处理器803之间有总线连接。Optionally, there is a bus connection between the receiver 802, the transmitter 804, and the processor 803.
图9为本发明实施例提供的一种验证无线局域网接入点的接入点示意图;FIG. 9 is a schematic diagram of an access point for verifying a wireless local area network access point according to an embodiment of the present invention;
所述接入点901包括,接收器902,用于接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;The access point 901 includes a receiver 902, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, and the verification message is used to enable the access The point obtains the second verification result from the background of the corresponding access point;
发送器903,用于向终端发送第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。The transmitter 903 is configured to send a second verification result to the terminal, so that the terminal can compare the second verification result with the first verification result obtained by the terminal from the service platform.
可选的,在接收器902、发送器903之间有总线连接。Optionally, there is a bus connection between the receiver 902 and the transmitter 903.
图10为本发明实施例提供的一种验证无线局域网接入点的接入点后台示 意图。FIG. 10 is a schematic diagram showing an access point for verifying a wireless local area network access point according to an embodiment of the present invention; intention.
所述接入点后台111包括:接收器112,用于从服务平台接收验证消息,所述验证消息是服务平台生成的,所述验证消息用于向所述接入点后台请求获取第一验证结果;The access point background 111 includes: a receiver 112, configured to receive a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the access point to obtain the first verification result;
处理器113,用于根据验证消息,生成第一验证结果;The processor 113 is configured to generate a first verification result according to the verification message.
发送器114,用于将第一验证结果发送给服务平台,以使得所述服务平台可以将该第一验证结果发给终端,使得终端可以将该第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。The sender 114 is configured to send the first verification result to the service platform, so that the service platform can send the first verification result to the terminal, so that the terminal can connect the first verification result and the terminal from the corresponding The second verification result obtained by the inbound background is compared.
可选的,在接收器112、发送器114和处理器113之间有总线连接。Optionally, there is a bus connection between the receiver 112, the transmitter 114 and the processor 113.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the details that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.
采用本发明实施例提供的验证无线局域网接入点的终端、服务器、接入点、接入点后台,在终端连接到接入点前,通过向核心网的服务平台发起验证请求的方式,识别出接入点的真伪,保护用户安全上网。The terminal, the server, the access point, and the access point background of the WLAN access point provided by the embodiment of the present invention are used to identify the request by initiating a verification request to the service platform of the core network before the terminal connects to the access point. The authenticity of the access point protects the user from surfing the Internet safely.
在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。进一步应当理解,本文中采用的术语“包括”规定了所述的特征、整体、步骤、操作、元件和/或部件的存在,而不排除一个或多个其他特征、整体、步骤、操作、元件、部件和/或它们的组的存在或附加。The terms used in the embodiments of the present invention are for the purpose of describing particular embodiments only and are not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. It is further understood that the term "comprising", used herein, is intended to mean the presence of the features, the whole, the steps, the operation, the elements and / The presence or addition of components, and/or their groups.
在本文中,诸如第一和第二等之类的关系术语,仅仅用来将一个实体或者操作与另一个实体或者操作区别开来,而不一定要求或者暗示这些实体或者操作之间存在任何这种实际的关系或者顺序。In this document, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such The actual relationship or order.
本发明一些实施例中提到的“模块”是可以实现相应功能的硬件和/或软件的组合,即硬件、软件、或者软件和硬件的组合的实现方式都是可以被构想的。A "module" as referred to in some embodiments of the invention is a combination of hardware and/or software that can implement the corresponding functions, that is, hardware, software, or a combination of software and hardware implementations are contemplated.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明实施例可以用硬件实现,或软件实现,或它们的组合方式来实现。上面的组 合也应当包括在触屏装置可读介质的保护范围之内。总之,以上所述仅为本发明技术方案的实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 Through the description of the above embodiments, those skilled in the art can clearly understand that the embodiments of the present invention can be implemented by hardware, software implementation, or a combination thereof. Group above The combination should also be included within the scope of protection of the readable medium of the touch screen device. In summary, the above description is only an embodiment of the technical solution of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (11)

  1. 一种验证无线局域网接入点的方法,所述方法应用于终端,其特征在于,所述方法包括:A method for verifying a WLAN access point, the method being applied to a terminal, wherein the method includes:
    所述终端获取接入点的信息;The terminal acquires information of an access point;
    所述终端向服务平台发起验证请求,其中所述验证请求包括所述接入点的信息,所述验证请求用于请求所述服务平台生成验证消息;The terminal initiates an authentication request to the service platform, where the verification request includes information of the access point, and the verification request is used to request the service platform to generate a verification message;
    所述终端接收所述服务平台发送的所述验证消息和第一验证结果;其中Receiving, by the terminal, the verification message and the first verification result sent by the service platform;
    所述第一验证结果由所述服务平台从可信的接入点后台获取;The first verification result is obtained by the service platform from a trusted access point in the background;
    所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
    所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The first verification result is determined by the trusted access point background according to the verification message;
    所述终端将所述验证消息发送给所述获取的接入点;Sending, by the terminal, the verification message to the acquired access point;
    所述终端从所述获取的接入点接收第二验证结果,比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。Receiving, by the terminal, the second verification result from the obtained access point, comparing the second verification result with the first verification result, and when the comparison result satisfies a preset condition, confirming that the acquired access point is true.
  2. 根据权利要求1所述的方法,其特征在于,所述验证消息包括以下任意一种:The method of claim 1, wherein the verification message comprises any one of the following:
    查询账号的开户状态,查询账号余额,查询账号有效期,查询账号的其他核心网业务状态属性。Query the account opening status, query the account balance, query the account validity period, and query other core network service status attributes of the account.
  3. 根据权利要求1或2任一所述的方法,其特征在于,当所述比较结果不满足预设条件时,确认所述获取的接入点为假,并将所述获取的接入点加入黑名单。The method according to any one of claims 1 or 2, wherein when the comparison result does not satisfy the preset condition, it is confirmed that the acquired access point is false, and the acquired access point is added. blacklist.
  4. 一种验证无线局域网接入点的方法,其特征在于,所述方法应用于服务平台,所述方法包括:A method for verifying a wireless local area network access point, wherein the method is applied to a service platform, and the method includes:
    所述服务平台从终端接收验证请求,所述验证请求包括所述终端获取的接入点的信息;The service platform receives an authentication request from a terminal, where the verification request includes information of an access point acquired by the terminal;
    所述服务平台根据所述验证请求生成验证消息;The service platform generates a verification message according to the verification request;
    所述服务平台根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台Determining, by the service platform, a trusted access point background corresponding to the information of the access point according to the information of the access point
    所述服务平台将所述验证消息发送给所述可信的接入点后台; The service platform sends the verification message to the trusted access point background;
    所述服务平台接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;Receiving, by the service platform, a first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
    所述服务平台将所述验证消息和所述第一验证结果发送给所述终端,使得所述终端可以根据所述第一验证结果和从所述终端获取的接入点获得的第二验证结果比较。Sending, by the service platform, the verification message and the first verification result to the terminal, so that the terminal may obtain a second verification result according to the first verification result and an access point acquired from the terminal Comparison.
  5. 根据权利要求3所述的方法,其特征在于,所述服务平台根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台具体包括:The method according to claim 3, wherein the determining, by the service platform, the trusted access point background corresponding to the information of the access point according to the information of the access point comprises:
    在服务平台中存储了接入点与可信的接入点后台关系表,在所述关系表中包括接入点与对应的可信的接入点后台的对应关系,所述服务平台根据所述获取的接入点的信息,通过查询所述关系表,确定与所述接入点对应的可信的接入点后台。Storing an access point and a trusted access point background relationship table in the service platform, where the relationship table includes a correspondence between the access point and a corresponding trusted access point background, where the service platform is The information about the obtained access point is determined by querying the relationship table to determine a trusted access point background corresponding to the access point.
  6. 一种验证无线局域网接入点的方法,其特征在于,所述方法应用于接入点,所述方法包括:A method for verifying a wireless local area network access point, wherein the method is applied to an access point, the method comprising:
    接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;Receiving a verification message sent from the terminal, the verification message is sent to the terminal after the service platform is generated, and the verification message is used to enable the access point to obtain a second verification result from a background of the corresponding access point;
    向所述终端发送所述第二验证结果,以使得所述终端可以将所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。Transmitting the second verification result to the terminal, so that the terminal may compare the second verification result with a first verification result obtained by the terminal from the service platform.
  7. 一种验证无线局域网接入点的方法,其特征在于,所述方法应用于可信的接入点后台,所述方法包括:A method for verifying a wireless local area network access point, wherein the method is applied to a trusted access point background, the method comprising:
    从服务平台接收验证消息,所述验证消息是所述服务平台生成的,所述验证消息用于向所述可信的接入点后台请求获取第一验证结果;Receiving a verification message from the service platform, where the verification message is generated by the service platform, and the verification message is used to request the trusted access point to obtain the first verification result in the background;
    根据所述验证消息,生成第一验证结果;Generating a first verification result according to the verification message;
    将所述第一验证结果发送给所述服务平台,以使得所述服务平台将所述第一验证结果发送给终端,并使得所述终端可以将所述第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。Sending the first verification result to the service platform, so that the service platform sends the first verification result to the terminal, and enables the terminal to correspond to the first verification result and the terminal The second verification result obtained by the access point in the background is compared.
  8. 一种验证无线局域网接入点的终端,其特征在于,所述终端包括:A terminal for verifying a wireless local area network access point, wherein the terminal comprises:
    获取模块,用于获取接入点的信息;An obtaining module, configured to obtain information of an access point;
    请求模块,用于向服务平台发起验证请求,其中所述验证请求包括所述接 入点的信息,所述验证请求用于请求所述服务平台生成验证消息,并根据所述接入点的信息确定可信的接入点后台;a requesting module, configured to initiate an authentication request to the service platform, where the verification request includes the Information about the ingress, the verification request is used to request the service platform to generate an authentication message, and determine a trusted access point background according to the information of the access point;
    第一接收模块,用于接收所述服务平台发送的所述验证消息和第一验证结果;其中a first receiving module, configured to receive the verification message and the first verification result sent by the service platform;
    所述第一验证结果由所述服务平台从所述可信的接入点后台获取;The first verification result is obtained by the service platform from the trusted access point in the background;
    所述可信的接入点后台由所述服务平台根据所述接入点的信息确定;The trusted access point background is determined by the service platform according to the information of the access point;
    所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;The first verification result is determined by the trusted access point background according to the verification message;
    第一发送模块,用于将所述验证消息发送给所述获取的接入点;a first sending module, configured to send the verification message to the acquired access point;
    第二接收模块,用于从所述获取的接入点接收第二验证结果,a second receiving module, configured to receive a second verification result from the obtained access point, where
    比较模块,用于比较所述第二验证结果与所述第一验证结果,当比较结果满足预设条件时,确认所述获取的接入点为真。And a comparison module, configured to compare the second verification result with the first verification result, and confirm that the acquired access point is true when the comparison result satisfies a preset condition.
  9. 一种验证无线局域网接入点的服务平台,其特征在于,所述服务平台设置在网络侧,所述服务平台包括:A service platform for verifying a wireless local area network access point, wherein the service platform is disposed on a network side, and the service platform includes:
    第三接收模块,用于从终端接收验证请求,所述验证请求包括接入点的信息;a third receiving module, configured to receive an authentication request from the terminal, where the verification request includes information of the access point;
    生成模块,用于根据所述验证请求,生成验证消息;a generating module, configured to generate a verification message according to the verification request;
    确定模块,用于根据所述接入点的信息,确定与所述接入点的信息对应的可信的接入点后台;a determining module, configured to determine, according to the information of the access point, a trusted access point background corresponding to the information of the access point;
    第二发送模块,用于将所述验证消息发送给所述可信的接入点后台;a second sending module, configured to send the verification message to the trusted access point background;
    第四接收模块,用于接收第一验证结果;其中,所述第一验证结果由所述可信的接入点后台根据所述验证消息确定;a fourth receiving module, configured to receive a first verification result, where the first verification result is determined by the trusted access point background according to the verification message;
    第三发送模块,用于将所述验证消息和所述第一验证结果发送给终端,使得所述终端可以根据所述第一验证结果和从所述终端获取的接入点获得的第二验证结果比较。a third sending module, configured to send the verification message and the first verification result to the terminal, so that the terminal may obtain the second verification according to the first verification result and an access point acquired from the terminal The results are compared.
  10. 一种验证无线局域网接入点的接入点,其特征在于,所述接入点包括:An access point for verifying a wireless local area network access point, wherein the access point comprises:
    第五接收模块,用于接收从终端发来的验证消息,所述验证消息是服务平台生成后发送给所述终端的,所述验证消息用于使所述接入点从对应的接入点后台获取第二验证结果;a fifth receiving module, configured to receive a verification message sent by the terminal, where the verification message is sent by the service platform to the terminal, where the verification message is used to make the access point from the corresponding access point Obtaining a second verification result in the background;
    第四发送模块,用于向终端发送第二验证结果,以使得所述终端可以将 所述第二验证结果和所述终端从所述服务平台获取的第一验证结果比较。a fourth sending module, configured to send a second verification result to the terminal, so that the terminal may The second verification result is compared with a first verification result obtained by the terminal from the service platform.
  11. 一种验证无线局域网接入点的接入点后台,其特征在于,所述接入点后台包括:An access point background for verifying a wireless local area network access point, wherein the access point background includes:
    第六接收模块,用于从服务平台接收验证消息,所述验证消息是服务平台生成的,所述验证消息用于向所述接入点后台请求获取第一验证结果;a sixth receiving module, configured to receive a verification message from the service platform, where the verification message is generated by the service platform, where the verification message is used to request the access point to obtain the first verification result in the background;
    第一生成模块,用于根据所述验证消息,生成第一验证结果;a first generating module, configured to generate a first verification result according to the verification message;
    第五发送模块,用于将所述第一验证结果发送给所述服务平台,以使得所述服务平台可以将该第一验证结果发给终端,使得终端可以将该第一验证结果和所述终端从对应的接入点后台获取的第二验证结果比较。 a fifth sending module, configured to send the first verification result to the service platform, so that the service platform may send the first verification result to the terminal, so that the terminal may use the first verification result and the The second verification result obtained by the terminal from the corresponding access point background is compared.
PCT/CN2015/089450 2015-09-11 2015-09-11 Wireless local area network access point verification method, terminal, service platform, access point and access point background WO2017041298A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201580082995.3A CN107950043B (en) 2015-09-11 2015-09-11 Method, terminal, service platform, access point and access point background for verifying wireless local area network access point
PCT/CN2015/089450 WO2017041298A1 (en) 2015-09-11 2015-09-11 Wireless local area network access point verification method, terminal, service platform, access point and access point background

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/089450 WO2017041298A1 (en) 2015-09-11 2015-09-11 Wireless local area network access point verification method, terminal, service platform, access point and access point background

Publications (1)

Publication Number Publication Date
WO2017041298A1 true WO2017041298A1 (en) 2017-03-16

Family

ID=58239078

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/089450 WO2017041298A1 (en) 2015-09-11 2015-09-11 Wireless local area network access point verification method, terminal, service platform, access point and access point background

Country Status (2)

Country Link
CN (1) CN107950043B (en)
WO (1) WO2017041298A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system
WO2013023966A1 (en) * 2011-08-12 2013-02-21 F-Secure Corporation Detection of suspect wireless access points
CN104023336A (en) * 2014-06-13 2014-09-03 张力军 Mobile terminal and wireless access method thereof
CN104113842A (en) * 2014-07-31 2014-10-22 北京金山安全软件有限公司 Method, device, server and mobile terminal for identifying pseudo wireless network access point
CN104144163A (en) * 2014-07-24 2014-11-12 腾讯科技(深圳)有限公司 Identity verification method, device and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345673B (en) * 2008-05-21 2012-03-21 华为技术有限公司 Method for position validity detection, communication system, access equipment and top management network element
CN102014378B (en) * 2010-11-29 2014-04-02 北京星网锐捷网络技术有限公司 Method and system for detecting rogue access point device and access point device
US8660528B2 (en) * 2012-05-01 2014-02-25 Radisys Corporation Adaptive coverage area by beacon breathing
CN103648094A (en) * 2013-11-19 2014-03-19 华为技术有限公司 Method, device and system for detecting illegal wireless access point

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
WO2013023966A1 (en) * 2011-08-12 2013-02-21 F-Secure Corporation Detection of suspect wireless access points
CN102843682A (en) * 2012-08-20 2012-12-26 中国联合网络通信集团有限公司 Access point authorizing method, device and system
CN104023336A (en) * 2014-06-13 2014-09-03 张力军 Mobile terminal and wireless access method thereof
CN104144163A (en) * 2014-07-24 2014-11-12 腾讯科技(深圳)有限公司 Identity verification method, device and system
CN104113842A (en) * 2014-07-31 2014-10-22 北京金山安全软件有限公司 Method, device, server and mobile terminal for identifying pseudo wireless network access point

Also Published As

Publication number Publication date
CN107950043A (en) 2018-04-20
CN107950043B (en) 2020-07-14

Similar Documents

Publication Publication Date Title
CN110798833B (en) Method and device for verifying user equipment identification in authentication process
US8400989B2 (en) Activating private access points for wireless networking
US10237732B2 (en) Mobile device authentication in heterogeneous communication networks scenario
US9131373B2 (en) Dynamic account creation with secured hotspot network
US11503469B2 (en) User authentication method and apparatus
US8189548B2 (en) Authorizing access to telecommunications networks for mobile devices, such as mobile devices accessing networks via non-traditional entry points
WO2023165150A1 (en) Communication method and apparatus, and satellite convergence gateway and readable storage medium
US10045213B2 (en) Method and apparatus for authenticating terminal in mobile communications system
CN108322902A (en) A kind of data transmission method and data transmission system
US20150327073A1 (en) Controlling Access of a User Equipment to Services
CN110519760B (en) Network access method, device, equipment and storage medium
DK2924944T3 (en) Presence authentication
TW200522647A (en) System, method and machine-readable storage medium for subscriber identity module (SIM) based pre-authentication across wireless LAN
US11871223B2 (en) Authentication method and apparatus and device
WO2014117493A1 (en) Method and related device for accessing access point
WO2016161832A1 (en) System and corresponding method for realizing mobile communication via sim card management
US20110286443A1 (en) System, apparatus and method for roaming in dect-voip network
US20230136421A1 (en) Caller verification in rich communication services (rcs)
WO2013185709A1 (en) Call authentication method, device, and system
US20220225095A1 (en) External Authentication Method, Communication Apparatus, and Communication System
US20220086145A1 (en) Secondary Authentication Method And Apparatus
WO2021129803A1 (en) Information processing method and communication apparatus
JP2009193326A (en) Authentication system, authentication method and server
US20020042820A1 (en) Method of establishing access from a terminal to a server
WO2017041298A1 (en) Wireless local area network access point verification method, terminal, service platform, access point and access point background

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15903404

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15903404

Country of ref document: EP

Kind code of ref document: A1