CN103428203A - Access control method and device - Google Patents

Abstract

The invention provides an access control method and device. The method includes that a Portal server generates a coded image according to information corresponding to a second terminal and provided by an access controller (AC) and returns the coded image to the second terminal, an authenticated first terminal scans the coded image and sends the information corresponding to the second terminal to a Radius certificate authority server through the Portal server; after the Radius certificate authority server determines that the first terminal is the authenticated terminal, a user name and a password are distributed to the second terminal, internet surfing permission is generated according to at least one of internet surfing permission of the first terminal, internet surfing permission configured on a service set identifier (SSID) identified by SSID information and default internet surfing permission distributed for the second terminal, the internet surfing permission is provided for the AC, the AC authenticates the second terminal according to the user name and the password, and the internet surfing permission of the second terminal is set locally after the authentication passes. By means of the access control method and device, terminal account opening cycle shortening is facilitated.

Description

Access control method and equipment

Technical field

The present invention relates to the communication technology, relate in particular to a kind of access control method and equipment.

Background technology

Entrance (Portal) authentication is also referred to as web authentication usually.With the 802.1x authentication mode, compare, web authentication has stronger ease for use.The user does not need to install Authentication Client, only need on terminal, use browser, and the input username and password, can complete authentication, realizes access control.The classical group web frame of web authentication mainly comprises five basic roles: website (Station, referred to as STA), accessing points (Access Point, referred to as AP), access controller (Access Controller, referred to as AC), Portal server and Radius server.Usually Portal server can be arranged in AC and realize.

Wherein, STA supports the browser of operation HTML (Hypertext Markup Language) (Hypertext Transfer Protocol, referred to as HTTP), sends the HTTP request during online.AC realizes user's forced portal/compulsory portal, Service control, receives the authentication request that Portal server is initiated, the completing user authentication function.Portal server is portal website, the main pushing certification page of being responsible for, receive WLAN (wireless local area network) (Wireless Local Area Networks, referred to as WLAN) user's authentication information, initiate user authentication request and user offline notice to AC, and provide the user from service option, what be linked to that the Radius server provides completes corresponding function from service page.The Radius server mainly to user access authenticated, charging and mandate.

Before disposing web authentication, need to be on the Radius server pre-configured user name, password and corresponding network legal power, then just can carry out web authentication, this process is called as the user and opens an account.Following two kinds of modes of opening an account are arranged at present: a kind of is that administrator hand is opened an account, and the problem of this mode is that Admin Administration's workload is large, and the cycle of opening an account is long; Another kind is that user self-help is opened an account, and when the user logins by web authentication, the certification page of Portal server provides a user from the page of opening an account, and the user fills in by this page the network legal power that user name, password and application need; Then by the keeper is unified online, process, this mode has alleviated keeper's management workload, so but the problem of growing due to cycle of opening an account that still needs keeper's Attended Operation still to exist.

Summary of the invention

The invention provides a kind of access control method and equipment, the problem of growing in the cycle of opening an account in order to solve the user.

First aspect provides a kind of access control method, comprising:

After access controller AC is intercepted the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Described AC receives corresponding user name, password and the access authority of described the second terminal that the Radius certification authority server sends by described Portal server; wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server,

Described AC sends to described Radius certification authority server by the username and password of described the second terminal, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal is arranged to this locality, sends described authentication to described Portal server and described the second terminal and pass through result.

Second aspect provides a kind of access control method, comprising:

Portal server receives the access request that the second terminal to be certified sends, and receiving information corresponding to described the second terminal that access controller AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

The first coded image of described the second terminal of Information generation that described Portal server is corresponding according to described the second terminal, and described the first coded image is sent to described the second terminal;

Described Portal server receives and has authenticated information corresponding to described the second terminal that first terminal sends, and information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal;

The information that described Portal server is corresponding by described the second terminal and the identification information of described first terminal send to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal,

Described Portal server receives access authority, the username and password of described second terminal of described Radius certification authority server transmission, and be transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

The third aspect provides a kind of access control method, comprising:

The Radius certification authority server receives information corresponding to the second terminal to be certified that Portal server sends and has authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to access controller AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC,

Described Radius certification authority server determines that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal,

Described Radius certification authority server sends to described AC by the access authority of described the second terminal, username and password by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

Fourth aspect provides a kind of access control method, comprising:

Access controller AC receives the coding indication information that terminal to be certified sends, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;

Described AC obtains information corresponding to described terminal to be certified according to described coding indication information, and information exchange corresponding to described terminal to be certified crossed to Portal server send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified,

Described AC receives access authority, the username and password of the described terminal to be certified of described Radius certification authority server transmission;

Described AC sends to described Radius certification authority server by the username and password of described terminal to be certified, so that described terminal to be certified is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described terminal to be certified is arranged to this locality, sends described authentication to described Portal server and described terminal to be certified and pass through result.

The 5th aspect provides a kind of access control method, comprising:

The Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified be access controller AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC,

Described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;

Described Radius certification authority server sends to described AC by the access authority of described terminal to be certified, username and password by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authentication by after the access authority of described terminal to be certified is arranged on to this locality.

The 6th aspect provides a kind of access controller AC, comprising:

Redirection module, for after intercepting the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Receiver module, corresponding user name, password and the access authority of described the second terminal sent by described Portal server for receiving the Radius certification authority server; wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server,

Identification processing module, for the username and password of described the second terminal is sent to described Radius certification authority server, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal is arranged to this locality, sends described authentication to described Portal server and described the second terminal and pass through result.

The 7th aspect provides a kind of Portal server, comprising:

Receiver module, the access request sent for receiving the second terminal to be certified, and receiving information corresponding to described the second terminal that access controller AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Sending module, for the first coded image of Information generation described second terminal corresponding according to described the second terminal, and send to described the second terminal by described the first coded image;

Described receiver module, also for receiving, authenticated information corresponding to described the second terminal that first terminal sends, information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal;

Described sending module, also the identification information for the information that described the second terminal is corresponding and described first terminal sends to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal,

Described receiver module, also for receiving access authority, the username and password of described the second terminal that described Radius certification authority server sends;

Described sending module, also access authority, the username and password for described the second terminal that described receiver module is received is transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

Eight aspect provides a kind of Radius certification authority server, comprising:

Receiver module, for receiving information corresponding to the second terminal to be certified that Portal server sends and having authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to access controller AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC,

The distributively generated module, the identification information that authenticates terminal for the identification information according to described first terminal and local storage determines that whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal,

Sending module, for the access authority of described the second terminal, username and password are sent to described AC by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authenticate by after the access authority of described the second terminal is arranged on to this locality.

The 9th aspect provides a kind of access controller AC, comprising:

Receiver module, the coding indication information sent for receiving terminal to be certified, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;

Acquisition module, for obtaining information corresponding to described terminal to be certified according to described coding indication information;

Sending module, cross Portal server for information exchange corresponding to terminal described to be certified that described acquisition module is obtained and send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified,

Described receiver module, also for receiving access authority, the username and password of the described terminal to be certified that described Radius certification authority server sends;

Described sending module, also the username and password for the described terminal to be certified by described receiver module reception sends to described Radius certification authority server, so that described terminal to be certified is authenticated;

Described receiver module, the authentication result of also returning for receiving described Radius certification authority server;

Module is set, for receiving authentication that described Radius certification authority server returns at described receiver module by after result, the access authority of described terminal to be certified is arranged to this locality;

Described sending module, also pass through result for to described Portal server and described terminal to be certified, sending described authentication.

The tenth aspect provides a kind of Radius certification authority server, comprising:

Receiver module, information corresponding to terminal to be certified sent for receiving Portal server, information corresponding to described terminal to be certified be access controller AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC,

The distributively generated module, for after described receiver module receives information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;

Sending module, for the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authenticate by after the access authority of described terminal to be certified is arranged on to this locality.

Access control method provided by the invention and equipment, by the coded image that authenticates terminal scanning corresponding Information generation by terminal to be certified, and information exchange corresponding to terminal to be certified obtained crossed to Portal server offer the Radius server, make the Radius server in definite above-mentioned information by after authenticating terminal and sending, for terminal distribution username and password to be certified, and according to the access authority that authenticates terminal, the SSID that has authenticated the AC of terminal and terminal to be certified access goes up the access authority configured and is at least one the dynamic assignment access authority in the acquiescence access authority of terminal distribution to be certified, afterwards by access authority, username and password offers AC, by AC user name and password complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.As can be seen here, technical solution of the present invention completes the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The accompanying drawing explanation

The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention;

The flow chart of the another kind of access control method that Fig. 2 provides for the embodiment of the present invention;

The flow process of another access control method embodiment that Fig. 3 provides for the embodiment of the present invention;

The flow chart of another access control method that Fig. 4 provides for the embodiment of the present invention;

The flow chart of another access control method that Fig. 5 provides for the embodiment of the present invention;

The flow chart of another access control method that Fig. 6 provides for the embodiment of the present invention;

The flow chart of another access control method that Fig. 7 provides for the embodiment of the present invention;

The structural representation of a kind of AC that Fig. 8 provides for the embodiment of the present invention;

The structural representation of a kind of Portal server that Fig. 9 provides for the embodiment of the present invention;

The structural representation of a kind of Radius certification authority server that Figure 10 provides for the embodiment of the present invention;

The structural representation of another AC that Figure 11 provides for the embodiment of the present invention;

The structural representation of the another kind of Radius certification authority server that Figure 12 provides for the embodiment of the present invention.

Embodiment

The flow chart of a kind of access control method that Fig. 1 provides for the embodiment of the present invention.As shown in Figure 1, described method comprises:

101, after AC intercepts the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying service set (the Service Set Identifier on described AC, referred to as SSID) the SSID identification information.

In the present embodiment, by authenticating terminal, replace terminal to be certified to carry out the scanning of coded image, assist terminal to be certified authenticated and open an account.For ease of describing, be called first terminal by authenticating terminal, terminal to be certified is called to the second terminal.

In this explanation, the coded system that the embodiment of the present invention is used coded image is not done restriction, can be for example bar code, Quick Response Code or can also be other coded systems that may develop in the future, for example three-dimensional code.Wherein, the Quick Response Code coding information quantity is larger, and is comparatively ripe at present coded system, and therefore, the coded image in the embodiment of the present invention is preferably image in 2 D code.

In this explanation, do not limit in embodiments of the present invention the authentication mode of first terminal, for example first terminal can adopt web authentication flow process of the prior art to complete authentication, also can adopt the method that the embodiment of the present invention provides to complete in advance authentication.

In the present embodiment, carry out the second terminal is authenticated and the network environment of opening an account mainly comprises AC, Portal server and Radius certification authority server, but be not limited to this.Wherein, Portal server can independently be realized, also can be integrated in AC and realize.The Radius certification authority server refers to and is integrated with the Radius server that function is controlled in network authorization.

In actual applications, AC can open access authority and control, and in order to the control of surf the Net of the terminal to access, also the Web turn function can be set simultaneously, with the terminal that will need to authenticate, is redirected on Portal server and is authenticated.In addition, on the Radius certification authority server of the present embodiment, the more pre-stored user names of meeting, password and corresponding access authority, be used to the second terminal distribution to be certified.A kind ofly be comparatively preferred embodiment: create visitor's flowing water account pond on the Radius certification authority server, for storing visitor's flowing water account, visitor's flowing water account is numbered in a certain order, and each visitor's flowing water account comprises default user name, default password and the default information such as access authority.

When the second terminal need to be surfed the Net, can open the browser on the second terminal, access URL(uniform resource locator) (Uniform Resource Locator, referred to as URL) arbitrarily, be equivalent to send access request.AC can tackle the access request of the second terminal, after finding that the second terminal is unverified terminal, the second terminal is redirected to Portal server.The second terminal is by the URL access Portal server of Portal server.In the present embodiment, AC, except the second terminal is redirected to Portal server, also can information corresponding to the second terminal provide to Portal server.

In the present embodiment, information corresponding to the second terminal includes but not limited to: the identification information of the second terminal and for identifying the SSID identification information of the SSID on AC.Illustrate, the identification information of the second terminal can be medium access control (Media Access Control, referred to as the MAC) address of the second terminal, or can be the IP address of the second terminal and the combination of MAC Address, etc.Described SSID identification information can be the information of the SSID on any described AC that can identify the second terminal access, for example this SSID identification information can comprise the IP address of AC and the SSID on AC, wherein, the IP address of AC is used for AC of unique identification, and then can unique identification be the SSID on certain AC in conjunction with the SSID on this AC; Again for example, described SSID identification information can also comprise the IP address of AC, the title (Name) of AC and the SSID on AC.

In this explanation, information corresponding to described the second terminal, except the identification information and described SSID identification information that comprise the second terminal, can also comprise the authentication mode of the upper acquiescence of AC and the information such as access authority of the upper acquiescence of AC.

After Portal server receives information corresponding to the second terminal, information that can be corresponding to the second terminal is carried out fgs encoder, generates the coded image that carries information corresponding to the second terminal.Afterwards, Portal server can return to this coded image the second terminal, and this coded image may be displayed on the browser of the second terminal.

102, AC receives corresponding user name, password and the access authority of described the second terminal that the Radius certification authority server sends by described Portal server.

Wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server.

On the second terminal, after the code displaying image, certified first terminal replaces the second terminal to be scanned this coded image, and resolves and obtain wherein information corresponding to the second terminal, the i.e. identification information of the second terminal and described SSID identification information.Then, first terminal sends to Portal server by information corresponding to described the second terminal.After Portal server is received information corresponding to the second terminal that first terminal sends, by the second terminal, corresponding information and the identification information of first terminal together send to the Radius certification authority server.

In this explanation, after first terminal is by authentication, on AC, Portal server and Radius certification authority server, store first terminal for information about.Illustrate, the information of the first terminal of storing on the Radius certification authority server comprises: the user name of first terminal authentication, the IP address of first terminal, the MAC Address of first terminal, ACDeIP address, first terminal place, the access authority that first terminal obtains, etc.The information of the first terminal of storing on the Radius certification authority server can mean by an information group: A_authentication& Authorization(A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.The information of the first terminal of the upper storage of AC also comprises: the user name of first terminal authentication, and the IP address of first terminal, the MAC Address of first terminal, ACDeIP address, first terminal place, the access authority that first terminal obtains, etc.The information of the first terminal of the upper storage of AC can mean by an information group: A(A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.The information of the first terminal of storing on Portal server comprises: user name, the IP address of first terminal and the MAC Address of first terminal of first terminal authentication, etc.User name, the IP address of first terminal and the MAC Address of first terminal etc. of first terminal authentication can the unique identification first terminal, therefore is considered as the identification information of first terminal.

After the Radius certification authority server receives the identification information of information corresponding to the second terminal that Portal server sends and first terminal, can determine that whether first terminal is for authenticating terminal according to the identification information of first terminal and the identification information that authenticates terminal of local storage, in addition, in can the information corresponding according to the second terminal, the identification information of the second terminal be confirmed to be and will be authenticated and need to be its distributing user name the second terminal, password and access authority, and the SSID identification information in corresponding information can be determined the SSID of the AC that the second terminal and first terminal access according to the second terminal.Concrete, the Radius certification authority server can be mated the identification information of first terminal in the identification information that authenticates terminal of this locality storage, if in coupling, illustrate that first terminal is to have authenticated terminal, the Radius certification authority server just can determine that second terminal of being assisted by first terminal belongs to validated user like this, can be its distributing user name, password and access authority.

So, the Radius certification authority server at definite first terminal for after authenticating terminal, be the second terminal distribution username and password, and dynamically for described the second terminal, generate access authority according at least one in the access authority of the access authority of the described first terminal of this locality storage, the upper configuration of SSID that described SSID identification information identifies and acquiescence access authority that described Radius certification authority server is described the second terminal distribution.

Illustrate, in the situation that be pre-created visitor's flowing water account pond on the Radius certification authority server, the Radius certification authority server can be from visitor's flowing water account pond, take out idle visitor's flowing water account in turn, user name default in taken out visitor's flowing water account and default password are distributed to the second terminal as the username and password of the second terminal, and access authority default in taken out visitor's flowing water account is distributed to the second terminal as the acquiescence access authority of the second terminal.Then, the Radius certification authority server generates access authority according at least one in the acquiescence access authority of the access authority of the access authority of the described first terminal of this locality storage, the upper configuration of SSID that described SSID identification information identifies and described the second terminal for described the second terminal.

For ease of describing, the access authority of first terminal can be designated as to A_auth, the access authority of the upper configuration of the SSID that described SSID identification information is identified is designated as SSID_auth, and the acquiescence access authority of the second terminal is designated as to R_auth, and the access authority of the second terminal is designated as to B_auth.

Optionally, can to adopt but be not limited to following several mode be the second terminal distribution access authority to the Radius certification authority server:

The Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that the access authority of described first terminal, described SSID identification information identify and described the second terminal as the access authority of described the second terminal.Be B_auth=A_auth ∪ SSID_auth ∪ R_auth.Perhaps

The access authority of Radius certification authority server using the access authority of described first terminal as described the second terminal.Be B_auth=A_auth.Perhaps

The access authority of the upper configuration of the SSID that the Radius certification authority server identifies described SSID identification information is as the access authority of described the second terminal.Be B_auth=R_auth.Perhaps

The Radius certification authority server is got the common factor of the access authority of the access authority of described first terminal and the upper configuration of SSID that described SSID identification information identifies, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal.Be B_auth=A_auth ∩ SSID_auth ∩ R_auth.Perhaps

The Radius certification authority server is got the access authority of the acquiescence access authority of the second terminal as described the second terminal.Be B_auth=R_auth.

As can be seen here, in actual applications, by the A_auth that makes rational planning for, SSID_auth and R_auth, can be the second terminal and authorize different network legal powers.

When Radius certification authority server be the second terminal distribution user name, password and after having generated access authority, the access authority of the second terminal, username and password can be sent to AC by Portal server.

103, AC sends to described Radius certification authority server by the username and password of described the second terminal, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal is arranged to this locality, sends described authentication to described Portal server and described the second terminal and pass through result.

After AC receives the access authority, username and password of the second terminal, username and password based on the second terminal is authenticated the second terminal, and after authentication is passed through, the access authority of the second terminal is arranged to this locality, thereby controls the access of the second terminal to network according to the access authority of the second set terminal.

Concrete, AC can send to the Radius certification authority server by the username and password of the second terminal, and so that the second terminal is authenticated, this process can, referring to the same section in existing web authentication flow process, not repeat them here.

AC receives authentication that the Radius certification authority server returns by after result, except arranging in this locality the access authority of the second terminal, also can authenticate and pass through result to transmission such as the second terminal and Portal server.Optionally, AC can also send to first terminal by result by authentication.

From above-mentioned, the access control method that the present embodiment provides, by the coded image that authenticates terminal scanning corresponding Information generation by terminal to be certified, and information exchange corresponding to terminal to be certified obtained crossed to Portal server offer the Radius server, make the Radius server in definite above-mentioned information by after authenticating terminal and sending, for terminal distribution username and password to be certified, and according to the access authority that authenticates terminal, the access authority of the upper configuration of the SSID of AC and be at least one the dynamic assignment access authority in the acquiescence access authority of terminal distribution to be certified, afterwards by access authority, username and password offers AC, by AC user name and password complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.Complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated due to the present embodiment simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow chart of the another kind of access control method that Fig. 2 provides for the embodiment of the present invention.As shown in Figure 2, described method comprises:

201, Portal server receives the access request that the second terminal to be certified sends, and receiving information corresponding to described the second terminal that AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the SSID on described AC.

The first coded image of described the second terminal of Information generation that 202, Portal server is corresponding according to described the second terminal, and described the first coded image is sent to described the second terminal.

203, Portal server receives and has authenticated information corresponding to described the second terminal that first terminal sends, and information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal.

204, the information that Portal server is corresponding by described the second terminal and the identification information of described first terminal send to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal.

205, Portal server receives access authority, the username and password of described second terminal of described Radius certification authority server transmission, and be transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

The method that the present embodiment provides and embodiment illustrated in fig. 1 adapting, be the description of carrying out from the angle of Portal server, and the description that detailed process can embodiment shown in Figure 1, do not repeat them here.

The access control method that the present embodiment provides, complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow process of another access control method embodiment that Fig. 3 provides for the embodiment of the present invention.As shown in Figure 3, described method comprises:

301, the Radius certification authority server receives information corresponding to the second terminal to be certified that Portal server sends and has authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the SSID on described AC.

302, the Radius certification authority server determines that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal.

303, the Radius certification authority server sends to described AC by the access authority of described the second terminal, username and password by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

In an optional execution mode, described Radius certification authority server is described the second terminal distribution username and password, and generate access authority according at least one in the access authority of the access authority of the described first terminal of this locality storage, the upper configuration of SSID that described SSID identification information identifies and acquiescence access authority that described Radius certification authority server is described the second terminal distribution for described the second terminal, comprising:

Described Radius certification authority server, from default visitor's flowing water account pond, takes out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Described Radius certification authority server is distributed to described the second terminal using user name default in described access flowing water account and default password as the username and password of described the second terminal, and the acquiescence access authority using access authority default in described access flowing water account as described the second terminal is assigned as described the second terminal;

At least one in the access authority of the access authority of the described first terminal that described Radius certification authority server is stored according to this locality, the upper configuration of the SSID that described SSID identification information identifies and the acquiescence access authority of described the second terminal generates access authority for described the second terminal.

Further alternative, at least one in the access authority of the access authority of the described first terminal that described Radius certification authority server is stored according to this locality, the upper configuration of the SSID that described SSID identification information identifies and the acquiescence access authority of described the second terminal generates access authority for described the second terminal, comprising:

Described Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that the access authority of described first terminal, described SSID identification information identify and described the second terminal as the access authority of described the second terminal; Perhaps

The access authority of described Radius certification authority server using the access authority of described first terminal as described the second terminal; Perhaps

The access authority of the upper configuration of the SSID that described Radius certification authority server identifies described SSID identification information is as the access authority of described the second terminal; Perhaps

Described Radius certification authority server is got the common factor of the access authority of the access authority of described first terminal and the upper configuration of SSID that described SSID identification information identifies, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal; Perhaps

The Radius certification authority server is got the access authority of the acquiescence access authority of the second terminal as described the second terminal.Be B_auth=R_auth.

Based on above-mentioned, described Radius certification authority server sends to described AC by the access authority of described the second terminal, username and password by described Portal server, comprising:

Described Radius certification authority server, by after in described access flowing water account, default access authority replaces with the access authority of described the second terminal, sends to described AC by described Portal server.

The method that the present embodiment provides and embodiment illustrated in fig. 1 adapting, be the description of carrying out from the angle of Radius certification authority server, and the description that detailed process can embodiment shown in Figure 1, do not repeat them here.

The access control method that the present embodiment provides, complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow chart of another access control method that Fig. 4 provides for the embodiment of the present invention.Before the identifying procedure of introducing the second terminal to be certified, at first to what store on AC, Portal server and Radius certification authority server, authenticate describing for information about of first terminal:

The information of the first terminal of storing on the Radius certification authority server comprises: the user name of first terminal authentication, and the IP address of first terminal, the MAC Address of first terminal, ACDeIP address, first terminal place, the access authority that first terminal obtains, etc.The information of the first terminal of storing on the Radius certification authority server can mean by an information group: A_authentication& Authorization(A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.

The information of the first terminal of the upper storage of AC also comprises: the user name of first terminal authentication, and the IP address of first terminal, the MAC Address of first terminal, ACDeIP address, first terminal place, the access authority that first terminal obtains, etc.The information of the first terminal of the upper storage of AC can mean by an information group: A(A_username, A_IP, A_MAC, A_AC_IP, A_authorization), but be not limited to this.

The information of the first terminal of storing on Portal server comprises: user name, the IP address of first terminal and the MAC Address of first terminal of first terminal authentication, etc.

The present embodiment be take image in 2 D code as example, and as shown in Figure 4, described method comprises:

41, AC opens access authority control, and the Web turn function is set; Simultaneously, the Radius certification authority server creates visitor's flowing water account pond, and for storing visitor's flowing water account, each visitor's flowing water account comprises default user name, default password and default access authority etc.By a tlv triple, mean: visitor's flowing water account _ x (default user name, default password, default access authority); Wherein x is the natural number numbering, such as 1,2, and 3;

42, the second terminal is opened browser, accesses URL arbitrarily, is equivalent to send access request;

43, AC tackles the access request of the second terminal, and the second terminal is redirected to Portal server;

44, the second terminal access Portal server;

45, AC is the IP address of the second terminal, the MAC Address of the second terminal, and the IP address of AC, the title of AC, the SSID on AC, the authentication mode of acquiescence, the access authority of acquiescence passes to Portal server;

46, the information that Portal server transmits AC is carried out the Quick Response Code coding, generates image in 2 D code, and returns to the second terminal;

47, first terminal is used the Quick Response Code scanning software to scan the image in 2 D code on the second terminal, and resolves the MAC Address of obtaining second terminal of wherein carrying, the IP address of AC, the title of AC, SSID on AC, the authentication mode of acquiescence, the information such as the online power of acquiescence;

48, first terminal sends to Portal server by the information of obtaining;

49,, after Portal server is received the information that first terminal sends, the information received and the identification information of first terminal are together sent to the Radius certification authority server.Wherein, the identification information of first terminal comprises user name, the IP address of first terminal and the MAC Address of first terminal of first terminal authentication.

50, the Radius certification authority server is from visitor's flowing water account pond, take out in turn idle visitor's flowing water account, and increase the user name prefix of first terminal before visitor's flowing water account of taking out, form new visitor's flowing water account, it is the user name of A_username_ visitor's flowing water account _ x(the second terminal, the password of the second terminal, the access authority of the second terminal), then by the user name of A_username_ visitor's flowing water account _ x(the second terminal, the password of the second terminal, the access authority of the second terminal) send to Portal server.

At least one in the access authority of the access authority of the described first terminal that wherein, the Radius certification authority server specifically can be stored according to this locality, the upper configuration of SSID that described SSID identification information identifies and the acquiescence access authority of described the second terminal generates access authority for described the second terminal.For ease of describing, the access authority of first terminal can be designated as to A_auth, the access authority of the upper configuration of the SSID that described SSID identification information is identified is designated as SSID_auth, and the acquiescence access authority of the second terminal is designated as to R_auth, and the access authority of the second terminal is designated as to B_auth.

Concrete, the Radius certification authority server is that the second terminal generation access authority can adopt but be not limited to following methods:

The Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that the access authority of described first terminal, described SSID identification information identify and described the second terminal as the access authority of described the second terminal.Be B_auth=A_auth ∪ SSID_auth ∪ R_auth.Perhaps

The access authority of Radius certification authority server using the access authority of described first terminal as described the second terminal.Be B_auth=A_auth.Perhaps

The access authority of the upper configuration of the SSID that the Radius certification authority server identifies described SSID identification information is as the access authority of described the second terminal.Be B_auth=R_auth.Perhaps

The Radius certification authority server is got the common factor of the access authority of the access authority of described first terminal and the upper configuration of SSID that described SSID identification information identifies, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal.Be B_auth=A_auth ∩ SSID_auth ∩ R_auth.Perhaps

The access authority of Radius certification authority server using the acquiescence access authority of the second terminal as described the second terminal.Be B_auth=R_auth.

As can be seen here, in actual applications, by the A_auth that makes rational planning for, SSID_auth and R_auth, can be the second terminal and authorize different network legal powers.

51, Portal server is by portal protocol, by the user name of A_username_ visitor's flowing water account _ x(the second terminal, the password of the second terminal, the access authority of the second terminal) issue AC;

52, AC is used the username and password of the second terminal to initiate the Radius protocol authentication;

53, Radius server return authentication result is to AC;

54, AC, according to authentication result, arranges the access authority of the second terminal;

55, AC is according to authentication result, to first terminal return authentication result;

56, AC is according to authentication result, to Portal server return authentication result;

57, AC is according to authentication result, to the second terminal return authentication result.

From above-mentioned, the access control method that the present embodiment provides, by the image in 2 D code that authenticates terminal scanning corresponding Information generation by terminal to be certified, and information exchange corresponding to terminal to be certified obtained crossed to Portal server offer the Radius server, make the Radius server in definite above-mentioned information by after authenticating terminal and sending, for terminal distribution username and password to be certified, and according to the access authority that authenticates terminal, the SSID that has authenticated the AC of terminal and terminal to be certified access goes up the access authority configured and is at least one the dynamic assignment access authority in the acquiescence access authority of terminal distribution to be certified, afterwards by access authority, username and password offers AC, by AC user name and password complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.Complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated due to the present embodiment simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow chart of another access control method that Fig. 5 provides for the embodiment of the present invention.As shown in Figure 5, described method comprises:

501, AC receives the coding indication information that terminal to be certified sends, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.

In the present embodiment, terminal to be certified is by own scanning encoding image, in order to authenticated and be oneself to open an account.

In the present embodiment, carry out terminal to be certified is authenticated and the network environment of opening an account mainly comprises AC, Portal server and Radius certification authority server, but be not limited to this.Wherein, Portal server can independently be realized, also can be integrated in AC and realize.The Radius certification authority server refers to and is integrated with the Radius server that function is controlled in network authorization.

In the present embodiment, the Radius certification authority server can according to terminal to be certified, corresponding coding indication information generates coded image in advance, and this coded image is placed on to the place that terminal to be certified can scan.Described coding indication information is used to indicate information corresponding to terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.

In this explanation, the coded system that the embodiment of the present invention is used coded image is not done restriction, can be for example bar code, Quick Response Code or can also be other coded systems that may develop in the future, for example three-dimensional code.Wherein, the Quick Response Code coding information quantity is larger, and is comparatively ripe at present coded system, and therefore, the coded image in the embodiment of the present invention is preferably image in 2 D code.Accordingly, the coding indication information can be bar code indication information, Quick Response Code indication information or other coding indication informations.

Illustrate, the identification information of terminal to be certified can be the MAC Address of terminal to be certified, or can be the IP address of terminal to be certified and the combination of MAC Address, etc.The IP address that described SSID identification information can be AC and the SSID on AC, or can be the IP address of AC, the title of AC and the SSID on AC, etc.IP address and MAC Address that the identification information of terminal to be certified of take is terminal to be certified, the IP address that described SSID identification information can be AC, the title of AC and the SSID on AC are example, described coding indication information can be (B_IP=0, B_MAC=0, AC_IP=0, AC_NAME=NULL, AC_SSID=NULL).Wherein, B means terminal to be certified.

In actual applications, AC can open access authority and control, and in order to the control of surf the Net of the terminal to access, also the Web turn function can be set simultaneously, with the terminal that will need to authenticate, is redirected on Portal server and is authenticated.In addition, on the Radius certification authority server of the present embodiment, the more pre-stored user names of meeting, password and corresponding access authority, be used to the second terminal distribution to be certified.A kind ofly be comparatively preferred embodiment: create visitor's flowing water account pond on the Radius certification authority server, for storing visitor's flowing water account, visitor's flowing water account is numbered in a certain order, and each visitor's flowing water account comprises default user name, default password and the default information such as access authority.

In this explanation, information corresponding to described terminal to be certified, except the identification information and described SSID identification information that comprise terminal to be certified, can also comprise the authentication mode of the upper acquiescence of AC and the information such as access authority of the upper acquiescence of AC.

When terminal to be certified need to be surfed the Net, can use coded scanning software scans coded image, coded image is resolved, obtain the coding indication information wherein carried.Then, terminal to be certified can send to AC by the coding indication information obtained.After AC receives the coding indication information, according to the indication of this coding indication information, obtain information corresponding to terminal to be certified, i.e. the identification information of terminal to be certified and described SSID identification information.

502, AC obtains information corresponding to described terminal to be certified according to described coding indication information, and information exchange corresponding to described terminal to be certified crossed to Portal server send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.

After AC gets information corresponding to terminal to be certified, by Portal server, by terminal to be certified, corresponding information sends to the Radius certification authority server.After the Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, for terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.

Illustrate, in the situation that be pre-created visitor's flowing water account pond on the Radius certification authority server, the Radius certification authority server can be from visitor's flowing water account pond, take out idle visitor's flowing water account in turn, user name default in taken out visitor's flowing water account and default password are distributed to terminal to be certified as the username and password of terminal to be certified, and access authority default in taken out visitor's flowing water account is distributed to terminal to be certified as the acquiescence access authority of terminal to be certified.At least one in the access authority of the upper configuration of the SSID that then, the Radius certification authority server identifies according to described SSID identification information and the acquiescence access authority of described terminal to be certified generates access authority for described terminal to be certified.

For ease of describing, the access authority of the upper configuration of the SSID that described SSID identification information can be identified is designated as SSID_auth, and the acquiescence access authority of terminal to be certified is designated as to R_auth, and the access authority of terminal to be certified is designated as to B_auth.

Optionally, can to adopt but be not limited to following several mode be terminal distribution access authority to be certified to the Radius certification authority server:

The Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified.Be B_auth=SSID_auth ∪ R_auth.Perhaps

The access authority of the upper configuration of the SSID that the Radius certification authority server identifies described SSID identification information is as the access authority of described terminal to be certified.Be B_auth=R_auth.Perhaps

The Radius certification authority server is got the common factor of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified.Be B_auth=SSID_auth ∩ R_auth.Perhaps

The access authority of Radius certification authority server using the acquiescence access authority of terminal to be certified as described terminal to be certified.Be B_auth=R_auth.

As can be seen here, in actual applications, by SSID_auth and the R_auth of making rational planning for, can be terminal to be certified and authorize different network legal powers.

503, AC receives access authority, the username and password of the described terminal to be certified of described Radius certification authority server transmission.

When Radius certification authority server be terminal distribution to be certified user name, password and after having generated access authority, the access authority of terminal to be certified, username and password can be sent to AC by Portal server.Accordingly, AC can receive access authority, the username and password of the described terminal to be certified that the Radius certification authority server sends by Portal server.

504, AC sends to described Radius certification authority server by the username and password of described terminal to be certified, so that described terminal to be certified is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described terminal to be certified is arranged to this locality, sends described authentication to described Portal server and described terminal to be certified and pass through result.

After AC receives the access authority, username and password of terminal to be certified, username and password based on terminal to be certified is authenticated terminal to be certified, and after authentication is passed through, the access authority of terminal to be certified is arranged to this locality, thereby controls the access of terminal to be certified to network according to the access authority of set terminal to be certified.

Concrete, AC can send to the Radius certification authority server by the username and password of terminal to be certified, and so that terminal to be certified is authenticated, this process can, referring to the same section in existing web authentication flow process, not repeat them here.

AC receives authentication that the Radius certification authority server returns by after result, except arranging in this locality the access authority of terminal to be certified, also can authenticate and pass through result to transmission such as terminal to be certified and Portal server.

From above-mentioned, the access control method that the present embodiment provides, by the own scanning encoding image acquisition coding of terminal to be certified indication information, and offer AC, and AC obtains information corresponding to terminal to be certified according to the coding indication information, and offer the Radius server by Portal server, make the Radius server after determining and receiving above-mentioned information, for terminal distribution username and password to be certified, and according to the access authority of the upper configuration of the SSID of AC be at least one the dynamic assignment access authority in the acquiescence access authority of terminal distribution to be certified, afterwards by access authority, username and password offers AC, by AC user name and password complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.Complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated due to the present embodiment simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow chart of another access control method that Fig. 6 provides for the embodiment of the present invention.As shown in Figure 6, described method comprises:

601, the Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified be AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.

602, the Radius certification authority server is after receiving information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.

603, the Radius certification authority server sends to described AC by the access authority of described terminal to be certified, username and password by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authentication by after the access authority of described terminal to be certified is arranged on to this locality.

In an optional execution mode, the Radius certification authority server is described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified comprises dynamically for described terminal to be certified generates access authority:

Described Radius certification authority server, from default visitor's flowing water account pond, takes out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Described Radius certification authority server is distributed to described terminal to be certified using user name default in described access flowing water account and default password as the username and password of described terminal to be certified, and the acquiescence access authority using access authority default in described access flowing water account as described terminal to be certified is assigned as described terminal to be certified;

At least one in the access authority of the upper configuration of the SSID that described Radius certification authority server identifies according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.

Further alternative, at least one in the access authority of the upper configuration of the SSID that described Radius certification authority server identifies according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically, for described terminal to be certified generates access authority, comprising:

Described Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified; Perhaps

The access authority of the upper configuration of the SSID that described Radius certification authority server identifies described SSID identification information is as the access authority of described terminal to be certified; Perhaps

Described Radius certification authority server is got the common factor of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified; Perhaps

Described Radius certification authority server is got the access authority of the acquiescence access authority of terminal to be certified as described terminal to be certified.

Based on above-mentioned, described Radius certification authority server sends to described AC by the access authority of described terminal to be certified, username and password by described Portal server, comprising:

Described Radius certification authority server, by after in described access flowing water account, default access authority replaces with the access authority of described terminal to be certified, sends to described AC by described Portal server.

The method that the present embodiment provides and embodiment illustrated in fig. 5 adapting, the present embodiment is the description of carrying out from the angle of Radius certification authority server, the description that idiographic flow can embodiment shown in Figure 5.

The method that the present embodiment provides, complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The flow chart of another access control method that Fig. 7 provides for the embodiment of the present invention.The present embodiment be take image in 2 D code and Quick Response Code indication information and is described as example.Before introducing the identifying procedure of terminal to be certified, at first the image in 2 D code in the present embodiment and Quick Response Code indication information are described: preset the Quick Response Code indication information on the Radius certification authority server, Quick Response Code indication information=(B_IP=0 for example, B_MAC=0, AC_IP=0, AC_NAME=NULL, AC_SSID=NULL, the authentication mode of acquiescence=1, and the Quick Response Code indication information is carried out to the Quick Response Code coding generate image in 2 D code and be placed on the place that terminal to be certified can scan the access authority=1 of acquiescence).Wherein, B in the Quick Response Code indication information means terminal to be certified, that is to say that the Quick Response Code indication information is used to indicate will be authenticated and be opened an account terminal to be certified, needs to use the information such as the authentication mode of the SSID of title, this AC of the IP address of terminal to be certified, the MAC Address of terminal to be certified, ACDeIP address, terminal to be certified place, this AC and acquiescence and access authority.In this explanation, in the present embodiment, the Quick Response Code indication information indicates the information comprised than horn of plenty, but and does not mean that all information is all necessary.

As shown in Figure 7, described method comprises:

71, AC opens access authority control, and the Web turn function is set; Simultaneously, the Radius certification authority server creates visitor's flowing water account pond, and for storing visitor's flowing water account, each visitor's flowing water account comprises default user name, default password and default access authority etc.By a tlv triple, mean: visitor's flowing water account _ x (default user name, default password, default access authority); Wherein x is the natural number numbering, such as 1,2, and 3;

72, terminal to be certified is used Quick Response Code scanning software scanning image in 2 D code, extracts Quick Response Code indication information wherein.

73, terminal to be certified sends to AC by the Quick Response Code indication information of extraction;

74, after AC receives the Quick Response Code indication information, obtain information corresponding to terminal to be certified, then send to Portal server.Here information corresponding to terminal to be certified comprises: the information such as the authentication mode of the title of the MAC Address of the IP address of terminal to be certified, terminal to be certified, ACDeIP address, terminal to be certified place, this AC, the SSID of this AC and acquiescence and access authority.

75, by terminal to be certified, corresponding information sends to the Radius certification authority server to Portal server.

76, the Radius certification authority server is from visitor's flowing water account pond, take out in turn idle visitor's flowing water account, and increase the user name prefix of AC before visitor's flowing water account of taking out, form new visitor's flowing water account, it is the user name of AC_username_ visitor's flowing water account _ x(terminal to be certified, the password of terminal to be certified, the access authority of terminal to be certified), then send to Portal server.

At least one in the access authority of the upper configuration of the SSID that wherein, the Radius certification authority server specifically can identify according to described SSID identification information and the acquiescence access authority of described terminal to be certified generates access authority for described terminal to be certified.For ease of describing, the access authority of the upper configuration of the SSID that described SSID identification information can be identified is designated as SSID_auth, and the acquiescence access authority of terminal to be certified is designated as to R_auth, and the access authority of terminal to be certified is designated as to B_auth.

Concrete, the Radius certification authority server is that terminal generation access authority to be certified can adopt but be not limited to following methods:

The Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified.Be B_auth=SSID_auth ∪ R_auth.Perhaps

The access authority of the upper configuration of the SSID that the Radius certification authority server identifies described SSID identification information is as the access authority of described terminal to be certified.Be B_auth=R_auth.Perhaps

The Radius certification authority server is got the common factor of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified.Be B_auth=SSID_auth ∩ R_auth.Perhaps

The Radius certification authority server is got the access authority of the acquiescence access authority of terminal to be certified as described terminal to be certified.Be B_auth=R_auth.

As can be seen here, in actual applications, by SSID_auth and the R_auth of making rational planning for, can be terminal to be certified and authorize different network legal powers.

77, Portal server is by portal protocol, by the user name of AC_username_ visitor's flowing water account _ x(terminal to be certified, the password of terminal to be certified, the access authority of terminal to be certified) issue AC;

78, AC is used the username and password of terminal to be certified to initiate the Radius protocol authentication;

79, Radius server return authentication result is to AC;

80, AC, according to authentication result, arranges the access authority of terminal to be certified;

81, AC is according to authentication result, to terminal return authentication result to be certified.

From above-mentioned, the access control method that the present embodiment provides, obtain the Quick Response Code indication information by terminal to be certified oneself scanning image in 2 D code, and offer AC, and AC obtains information corresponding to terminal to be certified according to the Quick Response Code indication information, and offer the Radius server by Portal server, make the Radius server after determining and receiving above-mentioned information, for terminal distribution username and password to be certified, and according to the access authority of the upper configuration of the SSID of AC be at least one the dynamic assignment access authority in the acquiescence access authority of terminal distribution to be certified, afterwards by access authority, username and password offers AC, by AC user name and password complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.Complete the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated due to the present embodiment simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The beneficial effect based on being coded in the method for opening an account for terminal to be certified in verification process and having of testing by reality that comparative descriptions the present embodiment provides, comparative result is as shown in table 1.

Table 1

The structural representation of a kind of AC that Fig. 8 provides for the embodiment of the present invention.As shown in Figure 8, described AC comprises:redirection module 801,receiver module 802 andidentification processing module 803.

Redirection module 801, for after intercepting the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the SSID on described AC;

Receiver module 802, corresponding user name, password and the access authority of described the second terminal sent by described Portal server for receiving the Radius certification authority server; wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server,

Identification processing module 803, username and password for described the second terminal byreceiver module 802 receptions sends to described Radius certification authority server, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal thatreceiver module 802 is received is arranged at this locality, sends described authentication to described Portal server and described the second terminal and passes through result.

Optionally, described SSID identification information can comprise the IP address of described AC and the SSID on described AC, but is not limited to this.

Further alternative, information corresponding to described the second terminal also comprises: the access authority of the authentication mode of the upper acquiescence of described AC and the upper acquiescence of described AC.

Each functional module of the AC that the present embodiment provides can be used for the flow process of the embodiment of access control method shown in execution graph 1, and its specific works principle repeats no more, and refers to the description of embodiment of the method.

The AC that the present embodiment provides, after intercepting the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, and then make and authenticate first terminal and scan described coded image the information exchange corresponding to the second terminal that will obtain and cross Portal server and send to the Radius certification authority server, for the Radius certification authority server is the second terminal distribution user name, password also generates access authority and lays the first stone, the AC of the present embodiment is in the user name that receives the second terminal that the Radius certification authority server returns, after password and access authority, complete to the authentication of the second terminal and authentication by after the access authority of terminal to be certified is arranged to this locality.Because the AC of the present embodiment completes the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The structural representation of a kind of Portal server that Fig. 9 provides for the embodiment of the present invention.As shown in Figure 9, described Portal server comprises:receiver module 901 and sendingmodule 902.

Receiver module 901, the access request sent for receiving the second terminal to be certified, and receiving information corresponding to described the second terminal that AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the SSID on described AC.

Sendingmodule 902, the first coded image of corresponding described the second terminal of Information generation for described the second terminal received according toreceiver module 901, and described the first coded image is sent to described the second terminal.

Receiver module 901, also for receiving, authenticated information corresponding to described the second terminal that first terminal sends, information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal.

Sendingmodule 902, also for described the second terminal thatreceiver module 901 is received, corresponding information and the identification information of described first terminal send to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal.

Receiver module 901, also for receiving access authority, the username and password of described the second terminal that described Radius certification authority server sends.

Sendingmodule 902, also access authority, the username and password for described the second terminal thatreceiver module 901 is received is transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

Each functional module of the Portal server that the present embodiment provides can be used for the flow process of the embodiment of access control method shown in execution graph 2, and its specific works principle repeats no more, and refers to the description of embodiment of the method.

The Portal server that the present embodiment provides, the AC provided with above-described embodiment matches, identification information by the information that the second terminal is corresponding and described first terminal sends to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal, and then by the user name of the second terminal, password and access authority are transmitted to AC, make the user name of AC based on the second terminal, password the second terminal is authenticated and the authentication by after the access authority of the second terminal is arranged to this locality, owing to completing the user name of terminal to be certified in the process terminal to be certified is authenticated simultaneously, the distribution of password and access authority, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The structural representation of a kind of Radius certification authority server that Figure 10 provides for the embodiment of the present invention.As shown in figure 10, described Radius certification authority server comprises: receiver module 1001, distributively generated module 1002 and sending module 1003.

Receiver module 1001, for receiving information corresponding to the second terminal to be certified that Portal server sends and having authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the SSID on described AC.

Distributively generated module 1002, determine that for the identification information of the described first terminal according to receiver module 1001 receptions and the identification information that authenticates terminal of local storage whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal.

Sending module 1003, for the access authority of described the second terminal, username and password are sent to described AC by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authenticate by after the access authority of described the second terminal is arranged on to this locality.

In an optional execution mode, distributively generated module 1002 comprises: acquiring unit, allocation units and generation unit.

Acquiring unit, for the visitor's flowing water account pond from default, take out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Allocation units, distribute to described the second terminal for the user name that described access flowing water account is default and default password as the username and password of described the second terminal, and the acquiescence access authority using access authority default in described access flowing water account as described the second terminal is assigned as described the second terminal;

Generation unit, generate access authority at least one of the acquiescence access authority of the access authority of the access authority of the described first terminal according to this locality storage, the upper configuration of SSID that described SSID identification information identifies and described the second terminal for described the second terminal.

Further alternative, the union of the access authority of the upper configuration of the SSID that generation unit identifies specifically for the access authority of getting described first terminal, described SSID identification information and the acquiescence access authority of described the second terminal is as the access authority of described the second terminal; Perhaps

Generation unit is the access authority as described the second terminal specifically for the access authority using described first terminal; Perhaps

Generation unit is the access authority as described the second terminal specifically for the upper access authority configured of the SSID that described SSID identification information is identified; Perhaps

The common factor of the access authority of the upper configuration of SSID that described generation unit identifies specifically for the access authority of getting described first terminal and described SSID identification information, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal; Perhaps

Described generation unit is the access authority as described the second terminal specifically for the acquiescence access authority using the second terminal.

Based on above-mentioned, sending module 1003, specifically for by after in described access flowing water account, default access authority replaces with the access authority of described the second terminal, sends to described AC by described Portal server.

Each functional module of the Radius certification authority server that the present embodiment provides can be used for the flow process of the embodiment of access control method shown in execution graph 3, and its specific works principle repeats no more, and refers to the description of embodiment of the method.

The Radius certification authority server that the present embodiment provides, the AC and the Portal server that with above-described embodiment, provide match, based on authenticating terminal, it is unverified terminal distribution user name, password and access authority, and by the user name of unverified terminal, password and access authority offer AC, make AC be authenticated unverified terminal based on username and password, and the authentication by after corresponding access authority is arranged to this locality, owing to completing the user name of terminal to be certified in the process terminal to be certified is authenticated simultaneously, the distribution of password and access authority, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The structural representation of another AC that Figure 11 provides for the embodiment of the present invention.As shown in figure 11, described AC comprises:receiver module 1101,acquisition module 1102, sendingmodule 1103 andmodule 1104 is set.

Receiver module 1101, the coding indication information sent for receiving terminal to be certified, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC;

Acquisition module 1102, obtain information corresponding to described terminal to be certified for the described coding indication information received according toreceiver module 1101.

Sendingmodule 1103, cross Portal server for information exchange corresponding to terminal described to be certified thatacquisition module 1102 is obtained and send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.

Receiver module 1101, also for receiving access authority, the username and password of the described terminal to be certified that described Radius certification authority server sends.

Sendingmodule 1103, also the username and password for the described terminal to be certified byreceiver module 1101 receptions sends to described Radius certification authority server, so that described terminal to be certified is authenticated.

Receiver module 1101, the authentication result of also returning for receiving described Radius certification authority server.

Module 1104 is set, for receiving authentication that described Radius certification authority server returns atreceiver module 1101 by after result, the access authority of described terminal to be certified is arranged to this locality.

Sendingmodule 1103, also pass through result for to described Portal server and described terminal to be certified, sending described authentication.

Optionally, described SSID identification information can comprise the IP address of described AC and the SSID on described AC, but is not limited to this.

Further alternative, information corresponding to described the second terminal also comprises: the access authority of the authentication mode of the upper acquiescence of described AC and the upper acquiescence of described AC.

Each functional module of the AC that the present embodiment provides can be used for the flow process of the embodiment of access control method shown in execution graph 5, and its specific works principle repeats no more, and refers to the description of embodiment of the method.

The AC that the present embodiment provides, the coding indication information sent according to terminal to be certified obtains information corresponding to terminal to be certified, and send to the Radius certification authority server by Portal server, for the Radius certification authority server is terminal distribution user name to be certified, password also generates access authority and lays the first stone, the AC of the present embodiment is in the user name that receives the terminal to be certified that the Radius certification authority server returns, after password and access authority, complete to the authentication of terminal to be certified and authentication by after the access authority of terminal to be certified is arranged to this locality.Because the AC of the present embodiment completes the distribution of user name, password and the access authority of terminal to be certified in the process that terminal to be certified is authenticated simultaneously, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

The structural representation of the another kind of Radius certification authority server that Figure 12 provides for the embodiment of the present invention.As shown in figure 12, described Radius certification authority server comprises:receiver module 1201, distributively generatedmodule 1202 and sendingmodule 1203.

Receiver module 1201, information corresponding to terminal to be certified sent for receiving Portal server, information corresponding to described terminal to be certified be AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the SSID on described AC.

Distributively generatedmodule 1202, for afterreceiver module 1201 receives information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified.

Sendingmodule 1203, for the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authenticate by after the access authority of described terminal to be certified is arranged on to this locality.

In an optional execution mode, the distributively generated module comprises: acquiring unit, allocation units and generation unit.

Acquiring unit, for the visitor's flowing water account pond from default, take out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Allocation units, distribute to described terminal to be certified for the user name that described access flowing water account is default and default password as the username and password of described terminal to be certified, and the acquiescence access authority using access authority default in described access flowing water account as described terminal to be certified is assigned as described terminal to be certified;

Generation unit, at least one of the access authority above configured for the SSID identified according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.

Further alternative, generation unit is the access authority as described terminal to be certified specifically for the union of the acquiescence access authority of the access authority of the upper configuration of SSID of getting described SSID identification information and identifying and described terminal to be certified; Perhaps

Generation unit is the access authority as described terminal to be certified specifically for the upper access authority configured of the SSID that described SSID identification information is identified; Perhaps

Generation unit is the access authority as described terminal to be certified specifically for the common factor of the acquiescence access authority of the access authority of the upper configuration of SSID of getting described SSID identification information and identifying and described terminal to be certified; Perhaps

Generation unit is the access authority as described terminal to be certified specifically for the acquiescence access authority using terminal to be certified.

Based on above-mentioned, sending module, specifically for by after in described access flowing water account, default access authority replaces with the access authority of described terminal to be certified, sends to described AC by described Portal server.

Each functional module of the Radius certification authority server that the present embodiment provides can be used for the flow process of the embodiment of access control method shown in execution graph 6, and its specific works principle repeats no more, and refers to the description of embodiment of the method.

The Radius certification authority server that the present embodiment provides, the AC provided with above-described embodiment matches, after receiving information corresponding to terminal to be certified that AC provides, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified, and by the user name of terminal to be certified, password and access authority offer AC, make AC be authenticated unverified terminal based on username and password, and the authentication by after corresponding access authority is arranged to this locality, owing to completing the user name of terminal to be certified in the process terminal to be certified is authenticated simultaneously, the distribution of password and access authority, complete opening an account to terminal in verification process simultaneously, and whole process participates in without the keeper, be conducive to improve the terminal speed of opening an account, reduce and open an account the cycle.

One of ordinary skill in the art will appreciate that: realize that the hardware that all or part of step of above-mentioned each embodiment of the method can be relevant by program command completes.Aforesaid program can be stored in a computer read/write memory medium.This program, when carrying out, is carried out the step that comprises above-mentioned each embodiment of the method; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.

Finally it should be noted that: above each embodiment, only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to aforementioned each embodiment, the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: its technical scheme that still can put down in writing aforementioned each embodiment is modified, or some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.

Claims (18)

1. an access control method, is characterized in that, comprising:

After access controller AC is intercepted the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Described AC receives corresponding user name, password and the access authority of described the second terminal that the Radius certification authority server sends by described Portal server; wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server,

Described AC sends to described Radius certification authority server by the username and password of described the second terminal, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal is arranged to this locality, sends described authentication to described Portal server and described the second terminal and pass through result.

2. an access control method, is characterized in that, comprising:

Portal server receives the access request that the second terminal to be certified sends, and receiving information corresponding to described the second terminal that access controller AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

The first coded image of described the second terminal of Information generation that described Portal server is corresponding according to described the second terminal, and described the first coded image is sent to described the second terminal;

Described Portal server receives and has authenticated information corresponding to described the second terminal that first terminal sends, and information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal;

The information that described Portal server is corresponding by described the second terminal and the identification information of described first terminal send to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal,

Described Portal server receives access authority, the username and password of described second terminal of described Radius certification authority server transmission, and be transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

3. an access control method, is characterized in that, comprising:

The Radius certification authority server receives information corresponding to the second terminal to be certified that Portal server sends and has authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to access controller AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC,

Described Radius certification authority server determines that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal,

Described Radius certification authority server sends to described AC by the access authority of described the second terminal, username and password by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

4. method according to claim 3, it is characterized in that, described Radius certification authority server is described the second terminal distribution username and password, and generate access authority according at least one in the access authority of the access authority of the described first terminal of this locality storage, the upper configuration of SSID that described SSID identification information identifies and acquiescence access authority that described Radius certification authority server is described the second terminal distribution for described the second terminal, comprising:

Described Radius certification authority server, from default visitor's flowing water account pond, takes out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Described Radius certification authority server is distributed to described the second terminal using user name default in described access flowing water account and default password as the username and password of described the second terminal, and the acquiescence access authority using access authority default in described access flowing water account as described the second terminal is assigned as described the second terminal;

At least one in the access authority of the access authority of the described first terminal that described Radius certification authority server is stored according to this locality, the upper configuration of the SSID that described SSID identification information identifies and the acquiescence access authority of described the second terminal generates access authority for described the second terminal.

5. method according to claim 4, it is characterized in that, at least one in the access authority of the access authority of the described first terminal that described Radius certification authority server is stored according to this locality, the upper configuration of the SSID that described SSID identification information identifies and the acquiescence access authority of described the second terminal generates access authority for described the second terminal, comprising:

Described Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that the access authority of described first terminal, described SSID identification information identify and described the second terminal as the access authority of described the second terminal; Perhaps

The access authority of described Radius certification authority server using the access authority of described first terminal as described the second terminal; Perhaps

The access authority of the upper configuration of the SSID that described Radius certification authority server identifies described SSID identification information is as the access authority of described the second terminal; Perhaps

Described Radius certification authority server is got the common factor of the access authority of the access authority of described first terminal and the upper configuration of SSID that described SSID identification information identifies, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal; Perhaps

The access authority of described Radius certification authority server using the acquiescence access authority of described the second terminal as described the second terminal.

6. an access control method, is characterized in that, comprising:

Access controller AC receives the coding indication information that terminal to be certified sends, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;

Described AC obtains information corresponding to described terminal to be certified according to described coding indication information, and information exchange corresponding to described terminal to be certified crossed to Portal server send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified,

Described AC receives access authority, the username and password of the described terminal to be certified of described Radius certification authority server transmission;

Described AC sends to described Radius certification authority server by the username and password of described terminal to be certified, so that described terminal to be certified is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described terminal to be certified is arranged to this locality, sends described authentication to described Portal server and described terminal to be certified and pass through result.

7. an access control method, is characterized in that, comprising:

The Radius certification authority server receives information corresponding to terminal to be certified that Portal server sends, information corresponding to described terminal to be certified be access controller AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC,

Described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;

Described Radius certification authority server sends to described AC by the access authority of described terminal to be certified, username and password by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authentication by after the access authority of described terminal to be certified is arranged on to this locality.

8. method according to claim 7, it is characterized in that, described Radius certification authority server is described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified comprises dynamically for described terminal to be certified generates access authority:

Described Radius certification authority server, from default visitor's flowing water account pond, takes out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Described Radius certification authority server is distributed to described terminal to be certified using user name default in described access flowing water account and default password as the username and password of described terminal to be certified, and the acquiescence access authority using access authority default in described access flowing water account as described terminal to be certified is assigned as described terminal to be certified;

At least one in the access authority of the upper configuration of the SSID that described Radius certification authority server identifies according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.

9. method according to claim 8, it is characterized in that, at least one in the access authority of the upper configuration of the SSID that described Radius certification authority server identifies according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically, for described terminal to be certified generates access authority, comprising:

Described Radius certification authority server is got the union of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified; Perhaps

The access authority of the upper configuration of the SSID that described Radius certification authority server identifies described SSID identification information is as the access authority of described terminal to be certified; Perhaps

Described Radius certification authority server is got the common factor of acquiescence access authority of the access authority of the upper configuration of SSID that described SSID identification information identifies and described terminal to be certified as the access authority of described terminal to be certified; Perhaps

The access authority of described Radius certification authority server using the acquiescence access authority of described terminal to be certified as described terminal to be certified.

10. an access controller AC, is characterized in that, comprising:

Redirection module, for after intercepting the access request of the second terminal to be certified, described the second terminal is redirected to Portal server, and information corresponding to described the second terminal provide to described Portal server, so that the first coded image corresponding to described Portal server Information generation described second terminal corresponding according to described the second terminal return to described the second terminal, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Receiver module, corresponding user name, password and the access authority of described the second terminal sent by described Portal server for receiving the Radius certification authority server; wherein, described access authority is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates for described the second terminal, described username and password is the information that described Radius certification authority server is corresponding in described the second terminal that receives described Portal server transmission and the identification information that has authenticated first terminal, and determine that according to the identification information of described first terminal and the identification information that authenticates terminal of local storage described first terminal is for after authenticating terminal, for described the second terminal distribution, the information that described the second terminal is corresponding and the identification information of described first terminal be described Portal server after receiving information corresponding to described the second terminal that described first terminal obtains by described the first coded image scanned on described the second terminal, sends to described Radius certification authority server,

Identification processing module, for the username and password of described the second terminal is sent to described Radius certification authority server, so that described the second terminal is authenticated, and receiving authentication that described Radius certification authority server returns by after result, the access authority of described the second terminal is arranged to this locality, sends described authentication to described Portal server and described the second terminal and pass through result.

11. a Portal server, is characterized in that, comprising:

Receiver module, the access request sent for receiving the second terminal to be certified, and receiving information corresponding to described the second terminal that access controller AC sends, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC;

Sending module, for the first coded image of Information generation described second terminal corresponding according to described the second terminal, and send to described the second terminal by described the first coded image;

Described receiver module, also for receiving, authenticated information corresponding to described the second terminal that first terminal sends, information corresponding to described the second terminal that described first terminal sends is that described first terminal obtains by described the first coded image scanned on described the second terminal;

Described sending module, also the identification information for the information that described the second terminal is corresponding and described first terminal sends to the Radius certification authority server, so that described Radius certification authority server determines that at the identification information that authenticates terminal of the identification information according to described first terminal and the local storage of described Radius certification authority server described first terminal is for after authenticating terminal, for described the second terminal distribution username and password and according to the access authority of the described first terminal of this locality storage, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution dynamically generates access authority for described the second terminal,

Described receiver module, also for receiving access authority, the username and password of described the second terminal that described Radius certification authority server sends;

Described sending module, also access authority, the username and password for described the second terminal that described receiver module is received is transmitted to described AC so that described AC according to the username and password of described the second terminal complete to the authentication of described the second terminal and authentication by after the access authority of described the second terminal is arranged on to this locality.

12. a Radius certification authority server, is characterized in that, comprising:

Receiver module, for receiving information corresponding to the second terminal to be certified that Portal server sends and having authenticated the identification information of first terminal, information corresponding to described the second terminal is that described first terminal obtains and send to described Portal server by the first coded image scanned on described the second terminal, the Information generation that described the first coded image described the second terminal that to be described Portal server send according to access controller AC is corresponding also sends to described the second terminal of being redirected to described Portal server, information corresponding to described the second terminal comprises the identification information of described the second terminal and for identifying the SSID identification information of the service set SSID on described AC,

The distributively generated module, the identification information that authenticates terminal for the identification information according to described first terminal and local storage determines that whether described first terminal is for authenticating terminal, and at definite described first terminal for after authenticating terminal, for described the second terminal distribution username and password, and the access authority of the described first terminal of storing according to this locality, at least one in the acquiescence access authority that the access authority of the upper configuration of the SSID that described SSID identification information identifies and described Radius certification authority server are described the second terminal distribution generates access authority for described the second terminal,

Sending module, for the access authority of described the second terminal, username and password are sent to described AC by described Portal server so that described username and password according to described the second terminal complete to the authentication of described the second terminal and authenticate by after the access authority of described the second terminal is arranged on to this locality.

13. Radius certification authority server according to claim 12, is characterized in that, described distributively generated module comprises:

Acquiring unit, for the visitor's flowing water account pond from default, take out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Allocation units, distribute to described the second terminal for the user name that described access flowing water account is default and default password as the username and password of described the second terminal, and the acquiescence access authority using access authority default in described access flowing water account as described the second terminal is assigned as described the second terminal;

Generation unit, generate access authority at least one of the acquiescence access authority of the access authority of the access authority of the described first terminal according to this locality storage, the upper configuration of SSID that described SSID identification information identifies and described the second terminal for described the second terminal.

14. Radius certification authority server according to claim 13, it is characterized in that, the union of the access authority of the upper configuration of the SSID that described generation unit identifies specifically for the access authority of getting described first terminal, described SSID identification information and the acquiescence access authority of described the second terminal is as the access authority of described the second terminal; Perhaps

Described generation unit is the access authority as described the second terminal specifically for the access authority using described first terminal; Perhaps

Described generation unit is the access authority as described the second terminal specifically for the upper access authority configured of the SSID that described SSID identification information is identified; Perhaps

The common factor of the access authority of the upper configuration of SSID that described generation unit identifies specifically for the access authority of getting described first terminal and described SSID identification information, then the union of acquiescence access authority of getting described common factor and described the second terminal is as the access authority of described the second terminal; Perhaps

Described generation unit is the access authority as described the second terminal specifically for the acquiescence access authority using described the second terminal.

15. an access controller AC, is characterized in that, comprising:

Receiver module, the coding indication information sent for receiving terminal to be certified, described coding indication information is that the second coded image of the described terminal to be certified of described terminal scanning to be certified obtains, described the second coded image is that the Radius certification authority server generates according to described coding indication information, described coding indication information is used to indicate information corresponding to described terminal to be certified, and information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC;

Acquisition module, for obtaining information corresponding to described terminal to be certified according to described coding indication information;

Sending module, cross Portal server for information exchange corresponding to terminal described to be certified that described acquisition module is obtained and send to described Radius certification authority server, so that described Radius certification authority server is after receiving information corresponding to described terminal to be certified, for at least one in the access authority of described terminal distribution username and password to be certified the upper configuration of the SSID that identifies according to described SSID identification information and acquiescence access authority that described Radius certification authority server is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified,

Described receiver module, also for receiving access authority, the username and password of the described terminal to be certified that described Radius certification authority server sends;

Described sending module, also the username and password for the described terminal to be certified by described receiver module reception sends to described Radius certification authority server, so that described terminal to be certified is authenticated;

Described receiver module, the authentication result of also returning for receiving described Radius certification authority server;

Module is set, for receiving authentication that described Radius certification authority server returns at described receiver module by after result, the access authority of described terminal to be certified is arranged to this locality;

Described sending module, also pass through result for to described Portal server and described terminal to be certified, sending described authentication.

16. a Radius certification authority server, is characterized in that, comprising:

Receiver module, information corresponding to terminal to be certified sent for receiving Portal server, information corresponding to described terminal to be certified be access controller AC receive described terminal to be certified by the coding indication information that scans the second coded image and obtain after, obtain and send to described Portal server according to described coding indication information, described the second coded image is Information generation that described Radius certification authority server is corresponding according to described terminal to be certified, information corresponding to described terminal to be certified comprises the identification information of described terminal to be certified and for identifying the SSID identification information of the service set SSID on described AC,

The distributively generated module, for after described receiver module receives information corresponding to described terminal to be certified, for described terminal distribution username and password to be certified, and at least one in the access authority of the upper configuration of the SSID identified according to described SSID identification information and the described Radius certification authority server acquiescence access authority that is described terminal distribution to be certified dynamically generates access authority for described terminal to be certified;

Sending module, for the access authority of described terminal to be certified, username and password are sent to described AC by described Portal server so that described username and password according to described terminal to be certified complete to the authentication of described terminal to be certified and authenticate by after the access authority of described terminal to be certified is arranged on to this locality.

17. Radius certification authority server according to claim 16, is characterized in that, described distributively generated module comprises:

Acquiring unit, for the visitor's flowing water account pond from default, take out idle visitor's flowing water account in turn, and described access flowing water account comprises default user name, default password and default access authority;

Allocation units, distribute to described terminal to be certified for the user name that described access flowing water account is default and default password as the username and password of described terminal to be certified, and the acquiescence access authority using access authority default in described access flowing water account as described terminal to be certified is assigned as described terminal to be certified;

Generation unit, at least one of the access authority above configured for the SSID identified according to described SSID identification information and the acquiescence access authority of described terminal to be certified dynamically generates access authority for described terminal to be certified.

18. Radius certification authority server according to claim 17, it is characterized in that, described generation unit is the access authority as described terminal to be certified specifically for the union of the acquiescence access authority of the access authority of the upper configuration of SSID of getting described SSID identification information and identifying and described terminal to be certified; Perhaps

Described generation unit is the access authority as described terminal to be certified specifically for the upper access authority configured of the SSID that described SSID identification information is identified; Perhaps

Described generation unit is the access authority as described terminal to be certified specifically for the common factor of the acquiescence access authority of the access authority of the upper configuration of SSID of getting described SSID identification information and identifying and described terminal to be certified; Perhaps

Described generation unit is the access authority as described terminal to be certified specifically for the acquiescence access authority using described terminal to be certified.

Images