Access control method and system for wireless local area network

Abstract

The invention discloses an access control method for a wireless local area network. The method comprises the following steps of: A, arranging a user identity token USB-KEY for storing an identity identifier and a private key on a mobile terminal and performing the operation of an IBE algorithm; B, performing identity authentication on the mobile terminal to be subjected to network entry by adopting the identity-based encryption technology, namely IBE technology, and if the authentication is not passed, not allowing users to access the network; and C, determining the resource access permissionof the mobile terminal, and controlling the network access action of the mobile terminal according to the resource access permission. The method introduces the authentication control of specific application resources accessed by the users, adapts to the development tendency of taking application as the center in the wireless local area network, and simultaneously, improves the safety of the access control scheme of the wireless local area network and avoids man-in-the-middle attack and the attack of denial of service. The invention also discloses a system for the access control of the wireless local area network correspondingly.

Description

technical field [0001] The invention belongs to the technical field of communication, and in particular relates to a wireless local area network access control method and system. Background technique [0002] Currently commonly used WLAN access authentication technology WAPI (WLAN Authentication and Privacy Infrastructure) is mainly based on PKI (Public Key Infrastructure, public key infrastructure), AP (Access Point, wireless access node), STA (STAation, mobile terminal) in WAPI The authentication process between AS (Authentication Server, authentication server) is as follows: figure 1 Shown: [0003] (1) Authentication activation: when the STA is associated or re-associated with the AP, the AP sends the authentication activation to start the entire authentication process; [0004] (2) Access authentication request: The STA sends an authentication request to the AP, that is, the STA certificate and the current system time of the STA are sent to the AP, where the system ti...

AI Technical Summary

Problems solved by technology

[0010] (2) A large number of user public key certificates need to be stored in the authentication server, which brings a great burden to the authentication server;

[0011] (3) The transmission of the public key certificate will occupy a lot of bandwidth, and may cause communication congestion of the authentication server in a wireless environment with limited bandwidth

[0013] (1) In the certificate authentication stage, since the AP signed the authentication request, the AS can authenticate the AP; but the AS cannot actually authenticate the STAA, because what STAA provides is only a public key certificate (because the certificate is easy to obtain, th

Images