CN105049413A

CN105049413A - Authentication method for free wireless Internet access

Info

Publication number: CN105049413A
Application number: CN201510297638.0A
Authority: CN
Inventors: 石冬雪; 葛曙光
Original assignee: Hangzhou Dun Chong Science And Technology Co Ltd
Current assignee: Hangzhou Dun Chong Science And Technology Co Ltd
Priority date: 2015-06-02
Filing date: 2015-06-02
Publication date: 2015-11-11

Abstract

The invention provides an authentication method for free wireless Internet access. The authentication method comprises the following steps that (A1) wireless network setting of a mobile terminal is opened, free WIFI of a hotel or market and the like is selected and connected to; (A2) the mobile terminal emits a message to detect the network, the message is processed so that an authentication page is automatically popped up in the mobile terminal, and a user clicks a We-Chat authentication manner; (A3) the We-Chat is automatically started, and the user input the We-Chat public code of the hotel or market and the like; and (A4) information of the hotel or market and the like is popped up in We-Chat, the user clicks ''follow'', and authentication for free Internet access is completed. The method has the advantages of good and convenient experience.

Description

A kind of authentication method of free wireless Internet access

Technical field

The present invention relates to networking technology area, particularly free authentication method of getting online without being tethered to a cable.

Background technology

Free WIFI wireless Internet access environment is all provided in the communal facilitys such as existing megastore, shopping center, office building, restaurant, connection AP is carried out in the WIFI setting that user first can open smart mobile phone, then need to input my phone number, initiate application authentication request.Public WIFI Cloud Server generates corresponding network access authentication code according to application authentication request, and is returned to the phone number of user's input.User needs this network access authentication code to be input in corresponding input frame to generate network access authentication request, and Cloud Server certification issues authentication result to AP after passing through, the access of the user of AP clearance subsequently, and user normally can access the Internet.

Fig. 1 schematically illustrates the structure chart of public WIFI environment networking in prior art, and as shown in Figure 1, system is made up of AP and public WIFI operator Cloud Server, is hereinafter called for short Cloud Server.AP also may be exactly a wireless router, is responsible for communicating with Cloud Server.Completing user management on Cloud Server, agent administration and equipment are checked.AP is responsible for obtaining authentication mode from Cloud Server, issues authentication result by Cloud Server.Cloud Server generally comprises authentication management server and PORTAL server, and hereinafter described portal refers to a part for Cloud Server in fact.

Fig. 2 schematically illustrates the flow chart of getting online without being tethered to a cable in prior art, and as shown in Figure 2, existing methodical step is as follows:

The wireless network that step 1, user open mobile phone terminal is arranged, and selects and connects the free WIFI of retail shop, successfully.Now can not appliance for releasing single PORTAL certification, user yet not through system authentication, cannot access INTERNET.

Step 2, user need the browser oneself opening mobile phone, input the network address that will access, as WWW.BAIDU.COM, so that triggering authentication.

The access of step 3, browser is redirected to a PORTAL page by AP, page prompts user input handset number, clicks and obtains identifying code.

The arrival of the codes to be verified such as step 4, user need, then at certification page input validation code.

Step 5, complete the verification process of terminal in free WIFI system, normally can access the Internet afterwards.

There is many deficiencies in above-mentioned network access, as:

1. go up the very tired lock of network process, cell-phone number always has 11, identifying code has 6-8 position, and must input nearly 20 numerals or letter to surf the Net, mobile phone terminal itself is designed to facilitate touch operation but not input operation, add also there is a process waiting identifying code, sometimes because Short Message Service Gateway reason, identifying code also sends unsuccessful, and all of these factors taken together is added up, the efficiency that result in whole certification is very low, Consumer's Experience extreme difference.

2. some user thinks and adds that WIFI just can use, and does not have recognized the need to oneself to open a browser and goes triggering authentication.When user directly open micro-letter but find have more than is needed time, can suspect that the reasons such as wireless signal cause can not enter net, directly abandon use, this can cause businessman directly to lose this crowd of user undoubtedly.

Summary of the invention

In order to solve the deficiency in above-mentioned prior art, the invention provides the authentication method of the good free wireless Internet access of a kind of Consumer's Experience.

The object of the invention is to be achieved through the following technical solutions:

An authentication method for free wireless Internet access, described authentication method comprises the following steps:

(A1) wireless network opening mobile terminal is arranged, and selects and connects the free WIFI of businessman;

(A2) described mobile terminal sends the message of detection network, processes described message, makes mobile terminal automatic spring certification page, and user clicks micro-letter authentication mode;

(A3) micro-letter is opened automatically, and user inputs micro-letter public number of described businessman.

(A4) micro-letter ejects the information of businessman, and user clicks " concern ", thus completes Free Internet Access certification.

According to above-mentioned authentication method, preferably, in step (A3), user sweeps function with sweeping, micro-letter public number of scanning businessman, thus inputs micro-letter public number.

According to above-mentioned authentication method, alternatively, in step (A2):

If user had paid close attention to micro-letter public number of businessman, when again coming this businessman, user only need open the micro-letter public number of businessman in micro-letter, enters the function interface of businessman, clicks " surfing the Net immediately " function button.

According to above-mentioned authentication method, preferably, in step (A2):

The processing method of described message is: check whether message meets probe messages condition, if met, processes; If do not met, termination message.

According to above-mentioned authentication method, alternatively, described message meets following requirement:

Be TCP message, destination interface is 80, with PSH flag bit, message content meets http protocol form.

According to above-mentioned authentication method, preferably, HTTP head User-Agent: comprise character string " CaptiveNetworkSupport ", or the URL address that HTTP head comprises is: "/library/test/success.html " or User-Agent comprise character string: " wispr ".

According to above-mentioned authentication method, preferably, in step (A2):

The processing method of described message is:

The response message of structure server sends to described mobile terminal, and the content of response message band is " HTTP302FOUND r n ", and brings corresponding parameter.

According to above-mentioned authentication method, preferably, the method constructing the response message of server is:

(B1) in LINUX kernel, a SKB is created;

(B2) calculate the TCP request message of described mobile terminal, obtain TCP length, TCPSEQ sequence number, both are added, as No. ACK of reply TCP message;

With No. ACK sequence number as reply TCP message of described mobile terminal; The TCP load that will reply assembles a TCP message content;

(B3) by the transport layer position of described TCP message copy content to SKB;

(B4) according to the IP address information of mobile terminal, assemble the IP message structure head of a standard, copy the network layer position of SKB to;

(B5) send function dev_queue_xmit (skb) by network protocol stack, above-mentioned SKB is sent.

According to above-mentioned authentication method, alternatively,

When having replied 302 to after described mobile terminal, described mobile terminal can be initiated second time according to 302 re-direction prompt and be connected, and the destination address now connected will point to AP;

Mobile terminal according to 302 result, the local WEB server of the AP that is certainly dynamically connected; AP just can reply the page with ad content in the response.

According to above-mentioned authentication method, alternatively, described with the page of ad content in embed the URL link of a setting, point to a blank horizontal line picture of PORTAL server:

If judge that mobile terminal shows the PORTAL page completely, just the detecting periodically request follow-up to mobile terminal can reply successful result, like this, mobile terminal just can think that wireless is available, demonstrates the wireless icon that success connects; Otherwise attempt can not get successful result, mobile terminal can think wireless unreachable and by wireless automatic closedown always.

According to above-mentioned authentication method, preferably, the method for the termination of non-probe messages is:

If the terminal message received be TCP80 port SYN request, then dropping packets and with destination address identity go reply SYN-ACK;

If that the terminal message TCP80 port received is ACK, is not with data, then directly abandons;

If the terminal message received is DNS message, be then redirected to local dns proxy server;

If what receive is the icmp packet of terminal, then directly let pass, so that carry out the diagnosis of network;

Other messages, directly abandon.

According to above-mentioned authentication method, preferably, step (A3) is further comprising the steps:

(C1) when user sweeps with micro-letter the micro-signal sweeping function Sao Liao businessman, mobile terminal sends a HTTP request to micro-letter;

(C2) domain name of the pre-configured micro-letter of AP and IP address, so that AP directly lets pass; When AP receives the message of this object IP of access, directly forward to micro-telecommunications services device;

(C3), when user clicks " concern " button in micro-letter details page of businessman, mobile terminal can send a HTTPGET request to the server address of businessman, asks the URL parameter bringing to appoint;

When AP identifies this character string, be redirected to backstage cloud server system; The information of described user is recorded in high in the clouds;

(C4) described cloud server system receives request, judges that user authentication passes through, and revises user in online subscriber's meter for certification, issues result to AP, and request AP lets pass this terminal;

(C5) this mobile terminal subsequent access is let pass by AP.

According to above-mentioned authentication method, preferably,

Described AP dynamically upgrades IP corresponding to domain name, converts IP white list to and carries out Business Processing, thus makes to carry out TCP at mobile terminal and micro-telecommunications services device and be connected stage of shaking hands and just correctly put logical.

According to above-mentioned authentication method, preferably, put logical micro-letters and calls to ask and comprise the following steps:

(D1) pre-configured good micro-letter domain name in AP;

(D2) pre-configured good micro-letter other server ip lists outer in AP;

(D3) mobile terminal is connected with micro-telecommunications services device:

If based on domain name, and do not have CACHE, then first can send DNS query, AP intercepts and captures DNS response, and the host name of matching inquiry comprises the domain name of micro-letter, refreshes IP address in IP white list; Enter step (D4);

If there is DNSCACHE mobile terminal this locality, then DNS query can be skipped; Enter step (D5);

(D4) mobile terminal and micro-telecommunications services device are initiated TCP and are shaken hands, and send SYN message, AP judges that Target IP belongs to IP white list, this IP message of directly letting pass;

(D5) because mobile terminal does not send out the IP initiation HTTP access of DNS directly to micro-telecommunications services device, this fashion of AP does not possess corresponding IP white list, and therefore judge that Target IP does not belong to IP white list, AP directly replys SYN-ACK, carries out finalization process;

(D6) mobile terminal responds ACK to SYN-ACK, and TCP shakes hands successfully.After AP receives ACK, abandon and do not need process;

(D7) the access GET that mobile terminal sends micro-letter asks, AP intercepts and captures the domain name whether rear HOST territory judging that GET asks contains micro-letter, if, then reply TCPRST message, the TCP this established connects disconnection, simultaneously, the object IP that mobile terminal is accessed is added to IP white list, correspond to the white list state described in (D5), to this step, AP inside has just possessed corresponding IP white list.AP ensure that on the basis that IP white list correctly refreshes, and forces mobile terminal again to walk flow process (D4), correctly to put the access of logical micro-letter;

When mobile terminal is from 4G/3G environment changing to the WIFI network of businessman, the scene that terminal inner has DNSCACHE often occurs, under this scene, terminal is before the micro-letter HTTP of request accesses, DNS query can not be sent, by said method, under solving this scene, the problem of being tackled by mistake is accessed to micro-letter HTTP.

Compared with prior art, the beneficial effect that the present invention has is:

1, no matter be pay close attention to certification or subsequent authentication first, user does not need input character, meets the operating habit of the mobile terminals such as mobile phone, significantly improves the experience of user;

User only needs to utilize micro-letter to sweep and sweeps just can realize network access authentication, easy and simple to handle, avoids inputting cumbersome phone number identifying code, improves efficiency, allows user have better experience;

Businessman can also sweep by this sweeping the function that micro-letter completes certification, reaches the advertising effects promoting the micro-letter of businessman, and can attract rapidly micro-letter bean vermicelli;

2, user's automatic spring PORTAL certification page after connection WIFI, clearly informs and cannot not use network before completing certification, decrease user misoperation.

Accompanying drawing explanation

With reference to accompanying drawing, disclosure of the present invention will be easier to understand.Those skilled in the art it is easily understood that: these accompanying drawings only for illustrating technical scheme of the present invention, and and are not intended to be construed as limiting protection scope of the present invention.In figure:

Fig. 1 is the structure chart of public WIFI environment networking in prior art;

Fig. 2 is the flow chart of getting online without being tethered to a cable in prior art;

Fig. 3 is the flow chart of the wireless Internet access according to the embodiment of the present invention;

Fig. 4 is the flow chart of the step (A2) according to the embodiment of the present invention;

Fig. 5 is the flow chart of micro-letter certification in the step (A3) according to the embodiment of the present invention;

Fig. 6 is the flow chart that in the step (A3) according to the embodiment of the present invention, micro-telecommunications services device access is let pass.

Embodiment

Fig. 3-6 and following description describe Alternate embodiments of the present invention and how to implement to instruct those skilled in the art and to reproduce the present invention.In order to instruct technical solution of the present invention, simplifying or having eliminated some conventional aspects.Those skilled in the art should understand that the modification that is derived from these execution modes or replace will within the scope of the invention.Those skilled in the art should understand that following characteristics can combine to form multiple modification of the present invention in every way.Thus, the present invention is not limited to following Alternate embodiments, and only by claim and their equivalents.

Embodiment:

Fig. 3 schematically illustrates the flow chart of the authentication method of the free wireless Internet access of the embodiment of the present invention, and as shown in Figure 3, described authentication method comprises the following steps:

(A1) wireless network opening mobile terminal (as mobile phone, IPAD etc.) is arranged, and selects and connects the free WIFI of businessman;

(A2) Fig. 4 schematically illustrates the flow chart of the step (A2) of the embodiment of the present invention, as shown in Figure 4, described mobile terminal sends the message of detection network, processes described message, make mobile terminal automatic spring certification page, user clicks micro-letter authentication mode; If user had paid close attention to micro-letter public number of businessman, when again coming this businessman, user only need open the micro-letter public number of businessman in micro-letter, enters the function interface of businessman, clicks " surfing the Net immediately " function button; Be specially:

The processing method of described message is:

Check whether message meets probe messages condition: message must be TCP message, destination interface is 80, with PSH flag bit, message content meets http protocol form.HTTP head User-Agent: comprise character string " CaptiveNetworkSupport ", or the URL address that HTTP head comprises is: "/library/test/success.html " or User-Agent comprise character string: " wispr ", if met, process; The response message of structure server sends to described mobile terminal, and the content of response message band is " HTTP302FOUND r n ", and brings corresponding parameter.Design parameter is as follows:

"HTTP/1.1302Found\r\nLocation:http://％u.％u.％u.％u/cgi-bin/userLogin.cgi？redirect＝code&ip＝％u.％u.％u.％u&mac＝％02x:％02x:％02x:％02x:％02x:％02x&Id＝http://％s％s\r\nContent-Type:text/html；charset＝iso-8859-1\r\nContent-length:0\r\nCache-control:no-cache\r\n\r\n"

Parameter declaration:

The method of the response message of structure server is:

(B1) in LINUX kernel, a SKB is created;

Further, in order to the ejection allowing system validation mobile terminal complete the PORTAL page, in this page, embed the URL link of a setting, point to a blank horizontal line picture of PORTAL server.Like this, when systems axiol-ogy has crossed this blank horizontal line picture resource to mobile terminal Outside Access, just can judge that mobile terminal has flicked the PORTAL page completely.

If judge that mobile terminal shows the PORTAL page completely, just the detecting periodically request follow-up to mobile terminal can reply successful result, like this, mobile terminal just can think that wireless is available, demonstrates the wireless icon that success connects.Otherwise attempt can not get successful result, mobile terminal can think wireless unreachable and by wireless automatic closedown always.

Above-mentioned successful result is a HTTP200OK, and the content of concrete band is as follows:

"HTTP/1.0200OK\r\n"

"Content-Type:text/html\r\n"

"Content-length:68\r\n"

"Date:Wed,04Mar201507:40:42GMT\r\n"

"Connection:close\r\n"

"\r\n"

"<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>"；

If message does not meet detection messages condition, then terminate message, and the method for concrete termination is:

Other messages, directly abandon.

(A3) Fig. 5 schematically illustrates the flow chart of the step (A3) of the embodiment of the present invention, and as shown in Figure 5, micro-letter is opened automatically, and user sweeps function with sweeping, micro-letter public number of scanning businessman, thus inputs micro-letter public number; Be specially:

The feature of above-mentioned agreement parameter 1 is: comprise following word string in URL: "? action=weixin & sessionid=%s "

Value wherein in sessionid is a random value, dynamically generates.

The feature of above-mentioned agreement parameter 2 is: comprise following character string in URL: "? the actual mobile terminal mac> of redirect=weixin & sessionid=%s & ip=< actual mobile terminal ip> & mac=< "

(C5) this mobile terminal subsequent access is let pass by AP.

In this step (A3), in order to correctly put the logical access to micro-telecommunications services device, need domain name addresses and the IP address of pre-configured micro-telecommunications services device.In addition, also need dynamically to upgrade IP corresponding to domain name by AP, convert IP white list to and carry out Business Processing, to be connected the stage of shaking hands at mobile terminal and micro-telecommunications services device and just correctly to put logical carrying out TCP.Meanwhile, mobile terminal this locality has the scene of DNS cache to need to process especially, to prevent whether AP None-identified IP address under this scene from being white list IP.

The flow chart that the micro-telecommunications services device that Fig. 6 schematically illustrates the embodiment of the present invention is let pass, as shown in Figure 6, put the detailed step that logical micro-letters and calls ask as follows:

(D1) pre-configured good micro-letter domain name in AP;

(D2) pre-configured good micro-letter other server ip lists outer in AP;

Above-described embodiment is only exemplarily give execution mode, essence of the present invention is: (1) is by detecting the probe requests thereby after wireless terminal association, for probe requests thereby forges the response of response server, make terminal automatic spring PORTAL certification page; (2) detect based on DNS detection and HTTP request head HOST host name, realize letting pass to the access of micro-telecommunications services device with domain name white list conversion IP white list.(3), termination unauthenticated user access, avoid interference upstream gateway.

Claims

1. a free authentication method of getting online without being tethered to a cable, described authentication method comprises the following steps:

(A3) micro-letter is opened automatically, and user inputs micro-letter public number of described businessman;

2. authentication method according to claim 1, is characterized in that: in step (A2):

The processing method of described message is: check whether message meets probe messages condition, if met, processes; If do not met, termination message; Described message meets following requirement:

3. authentication method according to claim 2, it is characterized in that: HTTP head User-Agent: comprise character string " CaptiveNetworkSupport ", or the URL address that HTTP head comprises is: "/library/test/success.html " or User-Agent comprise character string: " wispr ".

4. authentication method according to claim 1, is characterized in that: in step (A2):

The processing method of described message is:

5. authentication method according to claim 4, is characterized in that: the method for the response message of structure server is:

(B1) in LINUX kernel, a SKB is created;

6. authentication method according to claim 4, is characterized in that: when having replied 302 to after described mobile terminal, and described mobile terminal can be initiated second time according to 302 re-direction prompt and be connected, and the destination address now connected will point to AP;

7. authentication method according to claim 6, is characterized in that: described with the page of ad content in embed the URL link of a setting, point to a blank horizontal line picture of PORTAL server:

If judge that mobile terminal shows the PORTAL page completely, just the detecting periodically request follow-up to mobile terminal can reply successful result, like this, mobile terminal just can think that wireless is available, demonstrates the wireless icon that success connects; Otherwise mobile terminal can think wireless unreachable and by wireless automatic closedown.

8. authentication method according to claim 1, is characterized in that: step (A3) is further comprising the steps:

(C5) this mobile terminal subsequent access is let pass by AP.

9. authentication method according to claim 8, is characterized in that:

10. authentication method according to claim 9, is characterized in that: put logical micro-letters and calls and ask and comprise the following steps:

(D1) pre-configured good micro-letter domain name in AP;

(D2) pre-configured good micro-letter other server ip lists outer in AP;