| 摘要 |
An embodiment of the present invention discloses an enhanced wireless local area network (WLAN) certificate authentication method. The method comprises: sending, by an AP, to an STA an authentication activation message to trigger the STA to perform identity verification for the AP, wherein the authentication activation message carries an AP certificate and first AP signature information; receiving, by the AP, an access authentication request message sent by the STA after the identity verification of the AP, and performing, according to a public key of the STA and the access authentication request message, identity verification for the STA; and if the AP verifies that an STA identity corresponding to STA signature information matches an STA certificate, and the STA certificate is valid, then sending a certificate authentication request message to an AS to trigger the AS to perform two-way certificate authentication. The present technical solution can add an identity verification function between an STA and an AP before an AS performs two-way certificate authentication, thus ensuring the uniqueness and unforgeability of identities of an STA and AP, and improving security of a WLAN certificate authentication process. |
