Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control method and system for wireless local area network

A wireless local area network and access control technology, applied in the field of communication, can solve the problems that AS cannot truly authenticate STAA, cannot truly authenticate STAA identity, and cannot fully satisfy operators, so as to avoid denial of service attacks, password parameters and software. The effect of attacking and avoiding communication blocking

Active Publication Date: 2011-01-19
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF3 Cites 65 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] (2) A large number of user public key certificates need to be stored in the authentication server, which brings a great burden to the authentication server;
[0011] (3) The transmission of the public key certificate will occupy a lot of bandwidth, and may cause communication congestion of the authentication server in a wireless environment with limited bandwidth
[0013] (1) In the certificate authentication stage, since the AP signed the authentication request, the AS can authenticate the AP; but the AS cannot actually authenticate the STAA, because what STAA provides is only a public key certificate (because the certificate is easy to obtain, the certificate can be is any STAA), the AS only verifies the validity of the certificate, but cannot really authenticate the identity of the STAA, and there is a man-in-the-middle attack
[0014] (2) The key negotiation part of WAPI is initiated by STA, which is easy to cause DoS (Denial of service, denial of service) attack
In order to cause DoS attacks, illegal attackers can initiate many "key negotiation requests" at the same time to consume AP resources in terms of quantity.
[0015] (3) WAPI only authenticates identities, and does not control the permissions of users to access the network and applications, and cannot fully meet the needs of operators.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control method and system for wireless local area network
  • Access control method and system for wireless local area network
  • Access control method and system for wireless local area network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

[0068] figure 2 It is a schematic flow chart of the wireless local area network access control method of the present invention. As shown in the figure, the mobile terminal realizes mutual communication and access to network resources through the wireless access node, including the following two sub-processes:

[0069] (1) Authentication based on user identity: This process corresponds to the authentication process in WAPI, but in the authentication process, IBE's identity-based authentication technology is applied, and security enhancement is performed to authenticate all user identities accessing the network. Only authenticated users can access the network. The authentication process based on the user identity is a two-way authentication, that is, the wireless access node authenticates the mobile terminal, and the mobile terminal a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an access control method for a wireless local area network. The method comprises the following steps of: A, arranging a user identity token USB-KEY for storing an identity identifier and a private key on a mobile terminal and performing the operation of an IBE algorithm; B, performing identity authentication on the mobile terminal to be subjected to network entry by adopting the identity-based encryption technology, namely IBE technology, and if the authentication is not passed, not allowing users to access the network; and C, determining the resource access permissionof the mobile terminal, and controlling the network access action of the mobile terminal according to the resource access permission. The method introduces the authentication control of specific application resources accessed by the users, adapts to the development tendency of taking application as the center in the wireless local area network, and simultaneously, improves the safety of the access control scheme of the wireless local area network and avoids man-in-the-middle attack and the attack of denial of service. The invention also discloses a system for the access control of the wireless local area network correspondingly.

Description

technical field [0001] The invention belongs to the technical field of communication, and in particular relates to a wireless local area network access control method and system. Background technique [0002] Currently commonly used WLAN access authentication technology WAPI (WLAN Authentication and Privacy Infrastructure) is mainly based on PKI (Public Key Infrastructure, public key infrastructure), AP (Access Point, wireless access node), STA (STAation, mobile terminal) in WAPI The authentication process between AS (Authentication Server, authentication server) is as follows: figure 1 Shown: [0003] (1) Authentication activation: when the STA is associated or re-associated with the AP, the AP sends the authentication activation to start the entire authentication process; [0004] (2) Access authentication request: The STA sends an authentication request to the AP, that is, the STA certificate and the current system time of the STA are sent to the AP, where the system ti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04W12/04H04W12/06H04W12/0431H04W12/0471H04W12/069
Inventor 卿昱肖毅冷冰杨宇曾梦岐
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com