Specific implementation mode
In the term that the embodiment of the present application uses merely for the sake of the purpose of description specific embodiment, and this unrestricted ShenPlease.The "an" of singulative used in the application and claims, " described " and "the" are also intended to including most shapesFormula, unless context clearly shows that other meanings.It is also understood that term "and/or" used herein refers to including oneA or multiple associated list items purposes any or all may combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the embodiment of the present applicationBreath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example,In the case where not departing from the application range, the first information can also be referred to as the second information, and similarly, the second information can alsoIt is referred to as the first information.Depending on context, in addition, used word " if " can be construed to " ... when " or" when ... " or " in response to determination ".
It is proposed a kind of authentication method in the embodiment of the present application, this method can be applied to include first terminal, second terminal,The system of wireless device, network management server and application server, it is shown in Figure 1, it is the applied field of the embodiment of the present applicationScape schematic diagram.The system can be realized using even Wi-Fi functions, be the Wi-Fi solutions provided for Wi-Fi trade companies, in Wi-Management place under the line of Fi trade companies, user is by the modes such as scanning the two-dimensional code, you can fast network access, to improve user experience,Promote the competitiveness of Wi-Fi trade companies.
Wherein, first terminal can be laptop, PC (Personal Computer, personal computer) etc., be to useWhat family used needs to access the terminal of network, and certainly, first terminal can also be other types of terminal, not to this terminal typeIt is limited.In the embodiment of the present application, first terminal can be the terminal for needing certification, i.e. first terminal is after by certification, energyThe wireless device of Wi-Fi trade companies is enough used to access network.
Wherein, second terminal can be mobile terminal, smart mobile phone, iPAD, laptop, PC etc., be to be equipped with to answerWith the terminal of client, and have the function of scanning the two-dimensional code, certainly, second terminal can also be other types of terminal,This terminal type is not limited.Moreover, applications client can be the client (such as APP) interacted with application server,User information can be obtained from application server.
Wherein, wireless device can be AP (Access Point, access point), AC (Access Controller, accessController), wireless router etc., be the equipment with Wifi functions that Wi-Fi trade companies provide, be typically deployed at Wi-Fi trade companiesLine under management place, i.e. first terminal can access network by wireless device.
Wherein, network management server is the server for having authentication function, is the server that Wi-Fi trade companies provide, leads toManagement place under the line of Wi-Fi trade companies can be often deployed in.In conventional manner, Wifi trade companies can not participate in the certification of userIn flow, and in the present embodiment, Wi-Fi trade companies can be with on-premise network management server, and is participated in by network management serverInto the identifying procedure of user, that is to say, that first terminal can be authenticated by network management server, once certification is lostIt loses, the reason of network management server can know authentification failure, solution can be provided to the user.Moreover, network managementServer can know user information, then provide personalized service to user, and side is provided for the operation and popularization of Wi-Fi trade companiesIt helps.
Based on above application scene, as shown in Fig. 2, for the flow chart of authentication method, this method may include:
Step 201, first terminal sends radio connection request to wireless device.
Specifically, when user accesses network by first terminal, first terminal can send to wireless device and be wirelessly connectedRequest, the radio connection request are used to establish between first terminal and wireless device and be wirelessly connected.
For example, first terminal may search for SSID (Service Set Identifier, the services set mark of wireless deviceKnow), and radio connection request is sent to the corresponding wireless devices of the SSID, it is thus connected to this wireless device.For not settingThe wireless device of password is set, first terminal can directly transmit radio connection request, be thus connected to wireless device;For settingThe wireless device of password can be inputted password by user, and first terminal sends the radio connection request for carrying password, to evenIt is connected to wireless device, it is without limitation.
Step 202, wireless device sends to first terminal after receiving the radio connection request and redirects message, shouldRedirect URL (Uniform Resoure Locator, the uniform resource locator) letters that message includes network management serverThe label information of breath, the verification information of network management server, first terminal.
Wherein, wireless device can be that first terminal distributes label information (such as after receiving radio connection requestTicket), and there is label information uniqueness, as different first terminals to distribute different label informations.For example, wirelessly settingStandby to generate a character string at random, which can be as the label information of first terminal.Certainly, above-mentioned only labelOne example of information, is not limited this label information.
Wherein, wireless device can be pre-configured with the URL information and verification information of network management server, be based on this, nothingLine equipment after receiving radio connection request, can be inquired from being locally configured network management server URL information andVerification information.The URL information can be the URL information for accessing network management server, which can be networkThe unique mark of management server, and the verification information is registered to application server by network management server, is tested thisThe type of card information is not limited.
Step 203, first terminal is after receiving the redirection message, according to the URL information, the verification information and the markIt signs information and generates Quick Response Code, and the Quick Response Code is shown to user.That is, the content of the Quick Response Code may include but unlimitedIn:The URL information, the verification information and the label information.
Wherein, script information (such as JavaScript information) can be carried by redirecting message, the script information for realizingQuick Response Code systematic function.First terminal can parse script information after receiving redirection message from redirecting in message,And run the script information (such as by the browser execution script information).Since the script information generates for realizing Quick Response CodeFunction, therefore, after running the script information, so that it may which, to generate Quick Response Code, the content of the Quick Response Code may include:URL information,Verification information and label information.
Step 204, first terminal is after receiving the redirection message, to the corresponding network management services of the URL informationDevice sends long connection request, which can carry the label information.
Wherein, first terminal can execute step 203 and step 204 after receiving the redirection message, to this executionSequence is not limited, and can be first carried out step 203, can also be first carried out step 204.
Wherein, which is redirected to network management server for triggering first terminal and is authenticated, therefore,After first terminal receives redirection message, long connection request can be sent to network management server.For example, to network managementServer is sent based on Ajax (Asynchronous JavaScript And eXtensible Markup Language, woundThe web development technologies of creating interactive web application) long connection request.
Step 205, after network management server receives the long connection request, long connection is established with first terminal, from thisThe label information is obtained in long connection request, and establishes the correspondence of length connection and the label information.
Wherein, after network management server establishes long connection with first terminal, the length can also be kept to connect, for example,Can be that ageing timer is arranged in long connection, the time-out time of the ageing timer can be configured rule of thumb, not limited thisSystem, for example, can configure it is larger, such as 60 seconds.Before ageing timer time-out, if being connected to first terminal by longUser information (subsequent process can introduce the transmission process of user information) is sent, then disconnects long connection.Alternatively, in ageing timerAfter time-out, then disconnect long connection, long connection request retransmitted by first terminal, network management server again with first terminalEstablish long connection.
Step 206, second terminal scans above-mentioned Quick Response Code, and opens the applications client of second terminal, and application clientEnd parses the URL information, the verification information and the label information from the Quick Response Code.
Wherein, first terminal is generating Quick Response Code, and after showing the Quick Response Code to user, user can pass through second terminalScanning the Quick Response Code, (such as user opens the barcode scanning function of second terminal to scan the Quick Response Code, can not be opened at this time using visitorFamily end, as long as the barcode scanning function of second terminal, it is of course also possible to open applications client to scan the two-dimensional code).It is sweepingWhen retouching the Quick Response Code, the applications client of second terminal can also be actively opened;It is automatically opened using visitor for example, Quick Response Code hasThe function at family end, therefore, second terminal can also actively open the applications client of second terminal when scanning the Quick Response Code,And the applications client can parse the URL information, the verification information and the label information from the Quick Response Code.
Step 207, applications client sends subscriber information request message, the subscriber information request message to application serverUser's login banner of the verification information, applications client can be carried, that is to say, that user can be logged in by this userMark logs on to applications client, the function of then using applications client to provide.
Step 208, application server is tested after receiving the subscriber information request message according to the verification informationCard.If being verified, user information corresponding with user's login banner of applications client can be inquired, and the user is believedBreath returns to applications client.If verification does not pass through, can forbid user information returning to applications client.For convenienceIt describes, is illustrated for being verified in the present embodiment.
Wherein, application server can parse the verification letter of network management server from subscriber information request messageBreath, and inquire and locally whether register with the verification information.If it is, illustrating network management server in application serverIt registered, hence, it can be determined that being verified;If it is not, then illustrating network management server not in application server registersIt crosses, hence, it can be determined that verification does not pass through.
Wherein, application server can record user's login banner of applications client and the correspondence of user information.Based on this, application server can parse user's login banner of applications client from subscriber information request message, and lead toIt crosses and inquires the correspondence, obtain user information corresponding with user's login banner.For example, the user information may includeBut it is not limited to:OpenId and tid etc., the openId can be the unique marks of user, which can be that cell-phone number is encryptedInformation is not limited this user information.
Step 209, applications client is after receiving user information, to the corresponding network management server of the URL informationIt sends a notification message, which can carry the label information and the user information.
Step 210, network management server stores user letter after receiving the notification message in validated user tableBreath, alternatively, storing the user information and the label information in validated user table.
Wherein, validated user table is for recording all user informations by certification, and therefore, network management server receivesTo after notification message, label information and user information can be parsed from notification message, and the use is stored in validated user tableFamily information, or the user information and the label information are stored in validated user table.
In one example, network management server can also obtain customized information after receiving the notification message,And the customized information is pushed to applications client, this customized information is not limited, for example, it may be portion of Wi-Fi trade companiesAdministration provides the information of help for the operation and popularization of Wi-Fi trade companies in network management server.For example, customized information canThink the advertising information etc. of Wi-Fi trade companies, it is without limitation.
Step 211, network management server inquires the corresponding long connection of the label information, and is connected the use by the lengthFamily information is sent to first terminal, and disconnects the long connection of network management server and first terminal.
Wherein, in step 205, network management server has built up the correspondence of long connection and label information, becauseThis, in step 211, network management server can inquire the corresponding long connection of the label information, and be connected by the lengthThe user information is sent to first terminal, and since user information is sent to first terminal, and hence it is also possible to disconnectNetwork management server and the long of first terminal connect.
Step 212, first terminal sends certification request, this is recognized after receiving user information to network management serverCard request carries the address information (such as IP address) of the user information and first terminal.
Step 213, whether network management server is inquired in validated user table and is stored with after receiving the certification requestThe user information;If it is, determining that first terminal passes through certification;If it is not, then determining that first terminal is not authenticated.In order toFacilitate description, is illustrated for by certification in the present embodiment.
Wherein, if being stored with the user information in validated user table, illustrate that first terminal has executed step 201- stepsRapid 212 identifying procedure, therefore, network management server can determine that first terminal passes through certification.If not having in validated user tableHave and store the user information, then illustrates that first terminal is not carried out the identifying procedure of step 201- steps 212, therefore, network managementServer can determine that first terminal is not authenticated.
Step 214, if first terminal is by certification, the address information of first terminal is sent to by network management serverWireless device.For example, network management server sends certification success message to wireless device, certification success message carries the groundLocation information, to indicate that the address information is the address information by certification.
Step 215, wireless device records the address after receiving the address information of first terminal in authentication information tableInformation, to indicate that the address information is the address information by certification.
Wherein, authentication information table is for recording all address informations by certification, and therefore, wireless device receives certificationAfter success message, the address information of first terminal can be parsed from certification success message, and by address information storage to recognizingIt demonstrate,proves in information table, to indicate that the address information is the address information by certification.
Step 216, wireless device inquires the address of the user's message when receiving the user's message of first terminal transmissionWhether information (such as source IP address) is located at authentication information table;If it is, user's message can be allowed to pass through, i.e. permission first is wholeEnd accesses network;Pass through if it is not, then user's message can be refused.
Wherein, wireless device can be parsed when receiving the user's message of first terminal transmission from user's messageThe address information (source IP address of such as user's message) of first terminal.If the address information is located in authentication information table, illustrateFor first terminal by certification, therefore allowing first terminal to access network can allow user's message to pass through;If the addressInformation then illustrates that first terminal is not authenticated not in authentication information table, and forbidding first terminal to access network therefore canPassed through with refusing user's message.
In the above-described embodiments, applications client and application server can be depending on actual conditions, for example, application visitorFamily end can be wechat client, and application server can be wechat server, and above-mentioned verification information can be public platform information,Above-mentioned user's login banner can be WeChat ID, and above-mentioned customized information can be public platform information, certainly, public platform information andWeChat ID etc. is an example, without limitation.In another example applications client can be microblogging client, application serviceDevice can be micro blog server, and above-mentioned verification information can be microblogging number, to the type of this applications client and application serverIt is not limited.
Based on the above-mentioned technical proposal, in the embodiment of the present application, network management server can be established long connect with first terminalIt connects, after the notification message for receiving applications client transmission, user information can be obtained from notification message, and by describedUser information is sent to first terminal by long connection;Then, network management server receives the carrying user that first terminal is sentThe certification request of information is authenticated first terminal according to certification request.It, can be by network management services based on aforesaid wayDevice is authenticated terminal, and terminal authentication flow can be completed by network management server so that network management server canIt participates in identifying procedure, once authentification failure, the reason of network management server can know authentification failure, can be userSolution is provided.Moreover, network management server can know user information, then provide personalized service to user, isThe operation and popularization of Wi-Fi trade companies provide help so that terminal accesses network by Wi-Fi.Aforesaid way can reduce to the greatest extentThe interaction times of applications client and application server avoid the interaction of network management server and application server, can makeFirst terminal accesses network by way of application even Wi-Fi.
Based on similarly applying conceiving with the above method, another authentication method, the party are also proposed in the embodiment of the present applicationMethod can be applied to network management server, shown in Figure 3, and this method may include:
Step 301, after the long connection request for receiving first terminal transmission, long connection is established with first terminal.
Step 302, the notification message that applications client is sent is received, which carries applications client and taken from applicationThe user information that business device obtains, which is that applications client obtains network management services from the Quick Response Code of first terminalAfter the URL information of device, sent according to the URL information.
Step 303, it is connected by the length and the user information is sent to first terminal.
Step 304, the certification request for carrying the user information that first terminal is sent is received.
Step 305, first terminal is authenticated according to the certification request.
In one example, which can also include the label information of first terminal;The notification message may be used alsoLabel information with the first terminal obtained from the Quick Response Code including applications client.
Based on this, for network management server after establishing long connection with first terminal, network management server can be withEstablish the correspondence for the label information that length connection includes with the long connection request.
Further, it is connected by the length and the user information is sent to first terminal, may include:Network management servicesDevice inquires the correspondence by the label information that the notification message includes, and obtains long connection corresponding with the label information,And it is connected by the length and user information is sent to the first terminal.
In one example, network management server can also be that the length connects after establishing long connection with first terminalAgeing timer is set;Before ageing timer time-out, if sending user information to first terminal by long connection, breakOpen long connection;Alternatively, after ageing timer time-out, then long connection is disconnected.
In one example, it after receiving the notification message that applications client is sent, can also be recorded in validated user tableUser information;Further, certification request can also carry the address information of first terminal, eventually according to the certification request pair firstEnd is authenticated, and can include but is not limited to:If there are the user informations carried in the certification request in validated user table, reallyFirst terminal is determined by certification, and the address information of first terminal is sent to wireless device, so that wireless device is according to addressInformation allows first terminal to access network.
In one example, after receiving the notification message that applications client is sent, network management server can also obtainCustomized information is taken, and the customized information is pushed to applications client.
Wherein, the authentication method of Fig. 3 and the authentication method of Fig. 2 are similar, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, a kind of Verification System, including nothing are also proposed in the embodiment of the present applicationLine equipment and network management server, wherein:Wireless device, can be with after the radio connection request for receiving first terminal transmissionThe redirection message for carrying the URL information for accessing network management server is sent to first terminal, so that first terminal willLong connection request is redirected to network management server, and generates Quick Response Code according to the URL information;Network management server receivesTo after long connection request, long connection can be established with first terminal;In addition, network management server can receive applications clientThe notification message of transmission, which carries the user information that applications client is obtained from application server, and the notice disappearsBreath is applications client after obtaining URL information in the Quick Response Code, is sent according to the URL information;Then, network management servicesDevice is connected by the length user information being sent to first terminal, and receives the carrying of the first terminal transmission user informationCertification request, and first terminal is authenticated according to the certification request.
Wherein, above-mentioned Verification System is similar with the authentication method of Fig. 2 or Fig. 3, and it is no longer repeated herein.
Based on similarly applying conceiving with the above method, the embodiment of the present application also proposes a kind of authentication device, is applied to netNetwork management server, it is shown in Figure 4, it is the structure chart of described device, described device includes:
Module 401 is established, for after the long connection request for receiving first terminal transmission, being established with the first terminalLong connection;
Receiving module 402, the notification message for receiving applications client transmission, the notification message carry the applicationThe user information that client is obtained from application server, the notification message are two dimension of the applications client from the first terminalAfter obtaining the URL information of the network management server in code, sent according to the URL information;
Sending module 403, for the user information to be sent to the first terminal by the long connection;
Receiving module 402 is additionally operable to receive the certification request for the carrying user information that first terminal is sent;
Authentication module 404, for being authenticated to the first terminal according to the certification request.
The long connection request further includes the label information of the first terminal;The notification message further includes the applicationThe label information for the first terminal that client is obtained from the Quick Response Code;It is described to establish module 401, it is additionally operable to establish instituteState the correspondence for the label information that long connection includes with the long connection request;The sending module 403 is connected by the lengthConnecing when that the user information is sent to the first terminal is specifically used for:The label information for including by the notification message is looked intoThe correspondence is ask, the corresponding long connection of the label information is obtained, is connected the user information by the lengthIt is sent to the first terminal.
In one example, described device can also include (not shown in FIG.):Processing module, for described theOne terminal is established after long connection, for the long connection setting ageing timer;Before the ageing timer time-out, ifIt is connected to the first terminal by the length and sends user information, then disconnect the long connection;Alternatively, in aging timingAfter device time-out, then the long connection is disconnected.
The authentication module 404 is additionally operable to record the user information in validated user table;
The certification request also carries the address information of the first terminal;
The authentication module 404 is specifically used for when being authenticated to the first terminal according to the certification request:If instituteState in validated user table that there are the user informations carried in the certification request, it is determined that the first terminal by certification, andThe address information of the first terminal is sent to wireless device, so that the wireless device allows institute according to described address informationIt states first terminal and accesses network.
The sending module 403 is additionally operable to obtain customized information, and pushes the personalization to the applications clientInformation.
Network management server provided by the embodiments of the present application, for hardware view, hardware structure schematic diagram specifically may be usedWith shown in Figure 5, may include:Machine readable storage medium and processor, wherein:
Machine readable storage medium:Store instruction code.
Processor:Communicated with machine readable storage medium, read and execute stored in machine readable storage medium it is describedInstruction code realizes authentication operation disclosed in the application above-mentioned example.
Here, machine readable storage medium can be any electronics, magnetism, optics or other physical storage devices, can be withIncluding or storage information, such as executable instruction, data, etc..For example, machine readable storage medium can be:RAM(RadomAccess Memory, random access memory), volatile memory, nonvolatile memory, flash memory, memory driver is (as hardDisk drive), solid state disk, any kind of storage dish (such as CD, dvd) either similar storage medium or theyCombination.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer canTo be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media playIn device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipmentThe combination of arbitrary several equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing thisThe function of each unit is realized can in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer programProduct.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the applicationApply the form of example.Moreover, it wherein includes computer usable program code that the embodiment of the present application, which can be used in one or more,The computer implemented in computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The form of program product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present applicationFigure and/or block diagram describe.It is generally understood that being realized by computer program instructions each in flowchart and/or the block diagramThe combination of flow and/or box in flow and/or box and flowchart and/or the block diagram.These computer journeys can be providedSequence instruct to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor withGenerate a machine so that the instruction generation executed by computer or the processor of other programmable data processing devices is used forRealize the dress for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxesIt sets.
Computer or the processing of other programmable datas can be guided to set moreover, these computer program instructions can also be stored inIn standby computer-readable memory operate in a specific manner so that instruction stored in the computer readable memory generatesManufacture including command device, the command device are realized in one flow of flow chart or multiple flows and/or block diagram oneThe function of being specified in a box or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that countedSeries of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computerOr the instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagramThe step of function of being specified in one box or multiple boxes.
Above is only an example of the present application, it is not intended to limit this application.For those skilled in the artFor, the application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalentReplace, improve etc., it should be included within the scope of claims hereof.