CN100525182C - Authentication and encryption method for wireless network - Google Patents
Authentication and encryption method for wireless network Download PDFInfo
- Publication number
- CN100525182C CN100525182C CNB2004100062038A CN200410006203A CN100525182C CN 100525182 C CN100525182 C CN 100525182C CN B2004100062038 A CNB2004100062038 A CN B2004100062038A CN 200410006203 A CN200410006203 A CN 200410006203A CN 100525182 C CN100525182 C CN 100525182C
- Authority
- CN
- China
- Prior art keywords
- access point
- radio access
- multicast
- wireless terminal
- broadcast
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000006854 communication Effects 0.000 claims abstract description 39
- 238000004891 communication Methods 0.000 claims abstract description 36
- 230000004044 response Effects 0.000 claims description 99
- 230000008569 process Effects 0.000 claims description 25
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000000052 comparative effect Effects 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 6
- 238000004321 preservation Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000012423 maintenance Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 7
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 7
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
This invention relates to a discrimination and secrecy method in wireless network. When a radio terminal communicates with a radio access point, a discrimination server carries out two-way certificate discrimination and single broadcast cryptographic key negotiation to realize the secrete communication of single broadcast, then the access point informs the terminal for the multicast and/broadcast cryptographic, which solves the problem of safety access control, overcomes the limitation of secrecy of data communication on wireless links and increases the safety of access control by two-way certificate discrimination between access points.
Description
Technical field
The present invention relates to a kind of discriminating and time slot scrambling that is used for wireless network, specifically be meant and a kind of wireless communication technology combined with cryptographic technique, be used for solving wireless network wireless terminal (Wireless Terminal, be called for short WT) with radio access point (Access Point is called for short AP) between identity differentiate the method for maintaining secrecy with communication data.Belong to radio communication and computer network and cryptographic technique.
Background technology
The target of personal communication, make exactly people can be at any time, any place and all other men write to each other arbitrarily, the multiple service of freely enjoying network and being provided.Wireless network is to realize the most important approach of personal communication target, and it is for mobile host or wireless terminal are provided convenience, network communication services and the Internet access services efficiently, to adapt to people to the ever-increasing demand of convenience of communicating by letter.
Radio communication and Internet (Internet) technology rapid development has brought huge variation for people's life style and quality of life, increasing user wishes to insert Internet in the moving process high speed, browse news, send and receive e-mail, appreciate multimedia video, chat, fight online game, the enjoyment that not enjoyed life by space and time restriction.Wireless local area network technology is as a kind of network insertion means,, networking flexibility free, be easy to advantages such as migration and expansion with its frequency band, become one of emerging developing direction that radio communication combines with the Internet technology, also become one of the most basic in the cordless communication network, most typical network schemer simultaneously.
From fixedly having access to the mobile wireless access the Internet, new idea and huge impact have been brought for world's network environment based on the cordless communication network of WLAN (wireless local area network).The application of this system is very extensive, and the occasion that is difficult in commerce NET (mainly being company intranet), organization user's network (as public security, finance, Government departments etc.), cell networks (as school, hospital, residential area, remote monitoring or centralized monitor etc.), casual network (as temporary meeting etc.), outdoor mobile subscriber and wiring, the occasion that needs often change etc. are all very useful.
Along with developing rapidly of WLAN (wireless local area network), its safety problem is subjected to people's attention day by day.Data in the WLAN (wireless local area network) are by the wireless radiofrequency electrical transmission, and it is very favourable that this assailant for malice implements eavesdropping.Therefore compare with cable network, wireless network is difficult to adopt physically control measure, protects the safe difficulty of wireless network will be much larger than the protection cable network.Generally speaking, there are two big danger in the WLAN (wireless local area network) at least: the one, to the unauthorized access of network, the 2nd, eavesdropped.Therefore the WLAN (wireless local area network) of safety should stop disabled user's accesses network, guarantees the visit of legal wireless user's safety simultaneously; And prevent that by the secret transmission that realizes wireless data the disabled user is by monitoring steal information and further utilizing the information that intercepts to invade network internal.
The WLAN (wireless local area network) means of having introduced several levels solve safety problem for this reason.
At first be by each radio access point being provided with different service set identifier SSID (Service SetID), and force the wireless terminal visit that corresponding business group identifier SSID is provided the time, thereby can allow the user capture of different groups, and the authority of resource access is distinguished restriction.But utilizing service set identifier SSID is the most a kind of identification method, is that more rudimentary safety is differentiated, this is because periodically outside its service set identifier of the multicast SSID of radio access point descends safe coefficient; In addition, generally speaking,,, be easy to share to the disabled user so a lot of people knows this service set identifier SSID by the own configuration of wireless terminal of user; Moreover the product support of the manufacturer production that also has " any " (" any ") service set identifier SSID mode, as long as wireless terminal is in the radio access point coverage, it will be connected to radio access point automatically so, and this will walk around the safety function of service set identifier SSID.
Next is media interviews control MAC (Medium Access Control) address limitation.Therefore the wireless network card of each wireless terminal can safeguard one group of MAC Address tabulation that allows visit all by only MAC Address sign in radio access point, realize that physical address filters.This mode requires the MAC Address tabulation in the radio access point to upgrade at any time, yet all is manual operationss at present, if the user increases, extended capability is very poor, therefore only is suitable for the mininet scale.In addition, the disabled user utilizes the network intercepting means to be easy to steal legal MAC Address, and the not so difficult modification of MAC Address, so the disabled user can usurp legal MAC Address fully and carries out unauthorized access.Mac address filter also belongs to more low-level mandate and differentiates.
Except that above-mentioned two kinds of methods, a kind of measure of more employings at present is the international standards (IEEE802.11) according to WLAN (wireless local area network), introduces two kinds of authentication schemes and a kind of Wired Equivalent Privacy WEP (WiredEquivalency Privacy) algorithm and realizes that the discriminating of WLAN (wireless local area network) is with secret.Yet the IEEE802.11 security protocol has just been suffered to attack widely since announcing.The design error that the Borisov of Univ California-Berkeley, Goldberg and Wagner publish thesis the earliest and pointed out to exist in the WEP agreement, next the researcher of information security circle has also delivered a large amount of papers, gone through the safety defect in the WEP agreement, and cooperate with engineers and technicians, in experiment, decoded the wirelessly transmitting data that uses the WEP agreement to encrypt.Below the IEEE802.11 security protocol is described in detail.
(1) differentiates
IEEE802.11 has defined open system discriminating (Open System Authentication) and has differentiated (Shared Key Authentication) two kinds of authentication schemes with shared key, to realize the safe access control to wireless terminal WT.Yet open system is differentiated and is essentially a kind of empty identification algorithm, almost do not have any safety and can say.Sharing key differentiates based on Wired Equivalent Privacy WEP realization access control, yet its authentication information is easy to forge, this is to differentiate it is to prove by encryption discriminating challenge text oneself to know shared key because share key, if listening to, the assailant differentiates replying of challenge text and respective encrypted, then can be identified for RC4 (Rivest Cipher 4 the is called for short RC4) key stream of encrypted response.Therefore, by monitoring once successful discriminating, the assailant just can forge discriminating.Share key and differentiate the overall security that has in fact reduced network, make and guess wep encryption key right and become more easy.
(2) maintain secrecy
IEEE802.11 has defined the secure communication that Wired Equivalent Privacy WEP realizes data on the Radio Link, and its target is to provide safeguard protection with the cable network same levels for WLAN (wireless local area network).
When WLAN (wireless local area network) starts WEP, the RC4 cipher stream encryption that the packet of all IEEE802.11 all uses 64 RC4 keys to generate, and the RC4 key is made of 24 initialization vector IV (InitializationVector) and 40 wep encryption key.Encrypted data packet is generated by raw data packets and RC4 key stream XOR, and IV is by sender-selected and variation termly, and bright putting in packet.The integrity check value ICV of 4 bytes (Integrity Check Value) is calculated by raw data packets and obtains, with the end that is attached to bag behind the RC4 cipher stream encryption.
WEP attempts to provide by encryption the fail safe of network, but things turn out contrary to one's wishes, has following defective:
Lack key management.Wireless terminal must be identical with the encryption key of radio access point, and all interior wireless terminals of service area are all shared same as key.Do not stipulate to share the Managed Solution of key in the WEP standard, be configured and safeguard by hand usually.Owing to change the time-consuming of key and difficulty simultaneously, use and seldom replacing so key is long-time usually, if a wireless terminal user Lost Security Key then will bring disaster to whole network.
There is weakness in the RC4 algorithm.In RC4, it is found that weak key.So-called weak key is exactly a key with output between existence exceed a good password the correlation that should have.In 24 IV value, more than 9000 weak key arranged.The assailant just can analyze them after collecting the bag of enough use weak key encryptions, and the key that need only attempt seldom just can have access in the network.
Utilize and differentiate and the security breaches of encrypting that in the time that does not go out a few minutes, wep encryption key can be cracked.
In sum, safety problem has become one of major obstacle that hinders the wireless network application popularization, and how visiting safely and carrying out secure communication just becomes the most important thing that wireless network is studied.
Summary of the invention
Main purpose of the present invention is to provide a kind of discriminating and time slot scrambling that is used for wireless network, solves prior art and wireless terminal is not carried out effective safe access control problem, overcomes the limitation of data wireless links communication security.
Another object of the present invention is to provide a kind of discriminating and time slot scrambling that is used for wireless network, realizing on the basis that two-way certificate is differentiated between wireless terminal and the radio access point, by dynamic unicast key agreement and multicast/broadcast key notification, finish every wireless terminal and differentiate dynamically updating of singlecast key and multicast/broadcast key in each singlecast key and the communication process at every turn, to realize the secure communication of data, increase the difficulty that cracks, ensure the fail safe of wireless terminal visit, the high security of communication.
The object of the present invention is achieved like this:
A kind of discriminating and time slot scrambling that is used for wireless network, communicate when being connected between wireless terminal in the wireless network and the radio access point, differentiate by the two-way certificate that authentication server carries out between wireless terminal and the radio access point, after two-way certificate is differentiated successfully, wireless terminal and radio access point carry out unicast key agreement, realize the secure communication of unicast data on the Radio Link; After unicast key agreement success between wireless terminal and the radio access point, radio access point also further carries out the multicast/broadcast key notification to wireless terminal, realizes the secure communication of multicast/broadcast data on the Radio Link;
Described multicast/broadcast key notification process comprises the steps:
Step 1: radio access point sends the multicast/broadcast key notification to all wireless terminals with its maintenance physical interconnection;
Step 2: wireless terminal responds processing to described notice after receiving the multicast/broadcast key notification that radio access point sends, and the response of multicast/broadcast key notification is sent to radio access point;
Step 3: radio access point is verified it after receiving the multicast/broadcast key notification response that wireless terminal sends, if checking is not passed through, is then abandoned this multicast/broadcast key notification; Otherwise, the success of multicast/broadcast key notification;
Step 4: after the multicast/broadcast key notification success, wireless terminal and radio access point utilize this multicast/broadcast key to the transmission of maintaining secrecy of multicast/broadcast communication data packets.
When wireless terminal is linked into wireless network of the present invention, need carry out two-way certificate discrimination process, its concrete step is as follows:
Steps A 1: when wireless terminal physical interconnection during to radio access point, radio access point sends to wireless terminal and differentiates and activate;
Steps A 2: after wireless terminal receives that discriminating that radio access point sends activates, produce and preserve a disposable number, differentiate request mark, and should visit and differentiate request mark and the combination of wireless terminal certificate as visit, constitute visit and differentiate request, send to described radio access point;
Steps A 3: after radio access point receives that request is differentiated in the visit of wireless terminal transmission, preserve this visit and differentiate request mark, again wireless terminal certificate, radio access point certificate, visit are differentiated that the signature of request mark, radio access point makes up, constitute request of certificate authentication, and send to authentication server;
Steps A 4: after authentication server is received the request of certificate authentication of radio access point, the signature of radio access point is verified,, then abandoned this request of certificate authentication or identification result is changed to failure if checking is not passed through; Otherwise, the legitimacy of checking radio access point certificate and wireless terminal certificate.Authentication server makes up the signature of wireless terminal certificate identification result information, radio access point certificate identification result information, authentication server, constitutes certificate and differentiates response, sends back to radio access point;
Steps A 5: after radio access point receives that the certificate of authentication server is differentiated response, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server is verified, if comparative result is different or checking is not passed through, then abandon this certificate and differentiate response, otherwise certificate is differentiated that response send back to wireless terminal as visit discriminating response, and wireless terminal is carried out corresponding access control according to the identification result of wireless terminal certificate.
Steps A 6: after wireless terminal receives that response is differentiated in visit that radio access point returns, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server is verified, if comparative result is different or checking is not passed through, then abandon this visit and differentiate response, otherwise, whether continue physical interconnection to this radio access point according to the identification result decision of radio access point certificate.
Differentiate that at two-way certificate later unicast key agreement process comprises following step:
Step B1: radio access point sends unicast key agreement request to wireless terminal;
Step B2: wireless terminal responds processing to described request after receiving the unicast key agreement request that radio access point sends, and the unicast key agreement response is sent to radio access point;
Step B3: radio access point advances checking to it after receiving described unicast key agreement response, if checking is not passed through, then abandons this unicast key agreement response; Otherwise, the unicast key agreement success;
Step B4: after the unicast key agreement success, the singlecast key of wireless terminal and radio access point utilization negotiation is the packet transmission of maintaining secrecy to unicast communication.
When the radio access point accesses network of described wireless terminal by appointment, before two-way certificate was differentiated, wireless terminal was preserved the information or the certificate of this radio access point, is used for wireless terminal the visit that receives is differentiated that response judges.
When described radio access point limited specific wireless terminal accesses network, before two-way certificate was differentiated, radio access point was preserved the information or the certificate of particular wireless station, is used for radio access point the visit discriminating request that receives is judged.
When described wireless terminal is equipped with a plurality of certificate that different authentication servers issue, comprise the information of the authentication server that this radio access point trusts during discriminating that radio access point sends activates, be used for wireless terminal and differentiate according to the corresponding certificate of this Information Selection.
In sum, the present invention compared with prior art has following advantage:
1, solves prior art in the WLAN (wireless local area network) is not carried out effective safe access control to wireless terminal problem, overcome the secret limitation of data wireless links communication;
2, utilize public key cryptography technology,, realized the two-way discriminating of wireless terminal and radio access point, further improved the fail safe of visit by authentication server AS (Authentication Server);
3, by dynamic unicast key agreement and multicast/broadcast key notification, finish dynamically updating of singlecast key and multicast/broadcast key in each singlecast key of each discriminating and the communication process, realized the secure communication of data, increased the difficulty that cracks greatly.
In a word, the present invention has not only realized the access control to wireless terminal, and has ensured the fail safe of wireless terminal visit, the high security of communication.
Description of drawings
Fig. 1 is the logical construction schematic diagram that the present invention is based on the wireless network secure identification system of authentication server AS;
Certificate when Fig. 2 visits for wireless terminal of the present invention is differentiated and the key agreement flow chart.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing and specific embodiment:
As shown in Figure 1, adopt public key cryptography technology, when wireless terminal WT physical interconnection during to radio access point AP, utilizing authentication server AS to carry out two-way certificate differentiates, the wireless terminal WT that only holds legal certificate could visit the radio access point AP that holds legal certificate, otherwise radio access point AP and wireless terminal WT remove physical interconnection.Wherein, the certificate content mainly comprises signature algorithm that sequence number, the certificate authority person's of certificate title, the term of validity of certificate, certificate holder's title, certificate holder's public key information, certificate type, certificate authority person adopt and the certificate authority person information such as signature to certificate.
As shown in Figure 2, in the process that between above-mentioned wireless terminal WT and radio access point AP, establishes a communications link, mainly comprise following step:
1, two-way certificate is differentiated
Wireless terminal WT physical interconnection is during to radio access point AP, and the two-way certificate discrimination process of being undertaken by authentication server AS is as follows:
A) differentiate to activate: when wireless terminal WT physical interconnection during to radio access point AP, radio access point AP sends to wireless terminal WT and differentiates and activate.
B) request is differentiated in visit: wireless terminal WT produces and preserves a disposable number after receiving that discriminating that radio access point AP sends activates, and it and wireless terminal WT certificate are constituted visit differentiates and ask, and sends to radio access point AP.Wherein, disposable number is called as visit and differentiates request mark, in order to identify the freshness that this certificate is differentiated;
C) request of certificate authentication: after radio access point AP receives that request is differentiated in wireless terminal WT visit, preserve visit and differentiate request mark, wireless terminal WT certificate, radio access point AP certificate, visit are differentiated that request mark, radio access point AP signature constitute request of certificate authentication, send to authentication server AS.Wherein, radio access point AP signature is the signature that utilizes the private key of radio access point AP that other data except that radio access point AP signature in the request of certificate authentication are carried out;
D) certificate is differentiated response: after authentication server AS receives the request of certificate authentication of radio access point AP, earlier the signature of radio access point AP is verified, if checking is not passed through, then abandoned this request of certificate authentication or identification result is changed to failure; Otherwise the legitimacy of checking radio access point AP certificate and wireless terminal WT certificate.Authentication server AS constitutes certificate with wireless terminal WT certificate identification result information, radio access point AP certificate identification result information, authentication server AS signature and differentiates response, sends back to radio access point AP.Wherein, wireless terminal WT certificate identification result information comprises wireless terminal WT certificate and identification result, radio access point AP certificate identification result information comprises radio access point AP certificate and identification result and visit discriminating request mark, and authentication server AS signature is to utilize the private key of authentication server AS that certificate is differentiated the signature that other data except that authentication server AS signature are carried out in the response;
E) response is differentiated in visit: after radio access point AP receives that the certificate of authentication server AS is differentiated response, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server AS is verified, if comparative result is different or checking is not passed through, then abandon this certificate and differentiate response, otherwise certificate is differentiated that response send back to wireless terminal WT as visit discriminating response, and wireless terminal WT is carried out corresponding access control according to the identification result of wireless terminal WT certificate.
After wireless terminal WT receives that response is differentiated in visit that radio access point AP returns, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server AS is verified, if comparative result is different or checking is not passed through, then abandon this visit and differentiate response, otherwise whether continue physical interconnection to this radio access point AP according to the identification result decision of radio access point AP certificate.
If both sides' certification authentication is unsuccessful, then remove physical interconnection; Otherwise, carry out unicast key agreement.
2, unicast key agreement
After wireless terminal WT and the two-way certificate of radio access point AP are differentiated successfully, used singlecast key in both sides' negotiation communication process.The unicast key agreement process is as follows:
F) unicast key agreement request: radio access point AP produces a random data, obtains the unicast key agreement request data after utilizing the public key encryption of wireless terminal WT.Radio access point AP constitutes unicast key agreement request with unicast key agreement request data, unicast key agreement freshness sign, radio access point AP signature and mails to wireless terminal WT.Wherein, unicast key agreement freshness sign is in order to identify the freshness of this unicast key agreement, if this unicast key agreement is the unicast key agreement first after two-way certificate is differentiated successfully, then the unicast key agreement freshness is designated the visit discriminating request mark in the two-way certificate discrimination process, otherwise the unicast key agreement freshness is designated the unicast key agreement response identification of unicast key agreement process last time; Radio access point AP signature is the signature that utilizes the private key of radio access point AP that other data except that radio access point AP signature in the unicast key agreement request are carried out;
G) unicast key agreement response: after wireless terminal WT receives the unicast key agreement request that radio access point AP sends, the signature of checking radio access point AP and judgement unicast key agreement freshness sign are (if this unicast key agreement is the unicast key agreement first after two-way certificate is differentiated successfully, then unicast key agreement freshness sign should be the visit discriminating request mark in the two-way certificate discrimination process, otherwise unicast key agreement freshness sign should be the unicast key agreement response identification of success last time unicast key agreement process) whether correct, if checking is not passed through or judged result is incorrect, then abandon this unicast key agreement request, otherwise wireless terminal WT utilizes the private key of oneself that the unicast key agreement request data are decrypted, obtain the random data that radio access point AP produces, this locality produces a random data more then, these two random data are calculated, derive the singlecast key that this time negotiates.The local random data that wireless terminal WT will produce just now obtains the unicast key agreement response data after utilizing the public key encryption of radio access point AP, produces another disposable number again as the unicast key agreement response identification.Wireless terminal WT constitutes the unicast key agreement response with unicast key agreement response data, unicast key agreement response identification, Message Authentication Code, returns to radio access point AP.Wherein, Message Authentication Code is the Hash Value that wireless terminal WT utilizes the cryptographic Hash function that other data computation except that Message Authentication Code in the unicast key agreement response are come out.
After radio access point AP receives the unicast key agreement response, utilize the private key of oneself that the unicast key agreement response data is decrypted earlier, obtain the random data that wireless terminal WT produces.Radio access point AP utilizes own two random data that produce respectively with wireless terminal WT to calculate, derive the singlecast key of this time consulting, then the Message Authentication Code in the unicast key agreement response is verified that (utilizing the cryptographic Hash function that other data except that Message Authentication Code in the unicast key agreement response are carried out hash calculates, value that calculates and the Message Authentication Code that extracts from the unicast key agreement response are compared), if checking is not passed through, then abandon this unicast key agreement response, otherwise unicast key agreement success, and the unicast key agreement response identification identified as the unicast key agreement freshness of unicast key agreement process next time.
After the unicast key agreement success, the singlecast key that wireless terminal WT and radio access point AP can utilize negotiation is the packet transmission of maintaining secrecy to unicast communication.
3, multicast/broadcast key notification
After wireless terminal WT and the success of radio access point AP unicast key agreement, radio access point AP carries out the multicast/broadcast key notification to wireless terminal WT.Multicast/broadcast key notification process is as follows:
H) multicast/broadcast key notification: radio access point AP produces a random data as the multicast/broadcast key, obtains multicast/broadcast key notification data after this multicast/broadcast key being utilized the public key encryption of wireless terminal WT.Radio access point AP produces another disposable number as multicast/broadcast key freshness sign, in order to the freshness of sign multicast/broadcast key notice.Radio access point AP constitutes the multicast/broadcast key notification with multicast/broadcast key notification data, multicast/broadcast key freshness sign, radio access point multicast/broadcast Message Authentication Code, mails to wireless terminal WT.Wherein, the radio access point multicast/broadcast Message Authentication Code Hash Value that utilizes the cryptographic Hash function that other data computation except that radio access point multicast/broadcast Message Authentication Code in the multicast/broadcast key notification are come out for radio access point AP;
I) multicast/broadcast key notification response: after wireless terminal WT receives the multicast/broadcast key notification that radio access point AP sends, at first radio access point multicast/broadcast Message Authentication Code is verified that (utilizing the cryptographic Hash function that other data except that radio access point multicast/broadcast Message Authentication Code in the multicast/broadcast key notification are carried out hash calculates, value that calculates and the radio access point multicast/broadcast Message Authentication Code that extracts from the multicast/broadcast key notification are compared), if checking is not passed through, then abandon this multicast/broadcast key notification; Otherwise utilize the private key of oneself that multicast/broadcast key notification data are decrypted, just obtain the multicast/broadcast key, wireless terminal WT constitutes the response of multicast/broadcast key notification with multicast/broadcast key freshness sign, wireless terminal multicast/broadcast Message Authentication Code, returns to radio access point AP.Wherein, the wireless terminal multicast/broadcast Message Authentication Code in the response of multicast/broadcast key notification is the Hash Value that wireless terminal WT utilizes the cryptographic Hash function that other data computation except that wireless terminal multicast/broadcast Message Authentication Code in the response of multicast/broadcast key notification are come out.
After radio access point AP receives the response of multicast/broadcast key notification, wireless terminal multicast/broadcast Message Authentication Code is verified that (utilizing the cryptographic Hash function that other data except that wireless terminal multicast/broadcast key message authentication code in the response of multicast/broadcast key notification are carried out hash calculates, value that calculates and the wireless terminal multicast/broadcast Message Authentication Code that extracts from the response of multicast/broadcast key notification are compared), if checking is not passed through, then abandon this multicast/broadcast key notification response; Otherwise, the success of multicast/broadcast key notification.
After the multicast/broadcast key notification success, wireless terminal WT and radio access point AP can utilize this multicast/broadcast key to the transmission of maintaining secrecy of multicast/broadcast communication data packets.
In order further to improve the confidentiality of communication, wireless terminal WT communicates by letter the grouping of a period of time or exchange some with radio access point AP after or adopt other policy mechanisms, can also carry out the negotiation again of singlecast key or multicast/broadcast key updating and notify.
Two-way certificate is differentiated the safe access control of having finished wireless terminal WT, and unicast key agreement and multicast/broadcast key notification have fully ensured the secure communication between wireless terminal WT and the radio access point AP.
When the present invention specifically implements:
(1) as if the radio access point AP accesses network of wireless terminal WT desire by appointment, then before two-way certificate is differentiated, wireless terminal WT should know the relevant information of this radio access point AP or have the certificate of this radio access point AP, judges so that wireless terminal WT differentiates to respond to the visit that receives.
(2) if radio access point AP desire limits specific wireless terminal WT accesses network, then before two-way certificate is differentiated, radio access point AP should know the relevant information of particular wireless station WT or have the certificate of particular wireless station WT, asks to judge so that radio access point AP differentiates the visit that receives.
(3) if a plurality of certificates that the different authentication server AS of wireless terminal WT desire support issue, satisfy the demand that wireless terminal WT visits a plurality of WLAN (wireless local area network), then can comprise the information of the own authentication server AS that is trusted in the discriminating activation that radio access point AP sends, wireless terminal WT is used for differentiating according to the corresponding certificate of this Information Selection.
(4) the unicast key agreement process can also comprise the negotiation of session algorithm, points out in the unicast key agreement request that promptly the requesting party advises the session algorithm that adopts, and whether response side agrees to adopt this session algorithm to give the requesting party by the unicast key agreement response back; Perhaps, enumerate out the session algorithm that the requesting party supports in the unicast key agreement request, response side selects a kind of in the session algorithm that the requesting party provides, and gives the requesting party by the unicast key agreement response back.After the unicast key agreement success, both sides adopt the session algorithm of negotiation to carry out secure communication.
(5) singlecast key that can also utilize negotiation of the multicast/broadcast key notification data in the multicast/broadcast key notification is encrypted multicast key and is obtained, after then correspondingly wireless terminal WT receives the multicast/broadcast key notification, with utilizing the singlecast key of consulting that multicast/broadcast key notification data are decrypted, obtain multicast key.
(6) visit differentiates that request mark can also be the main frame time of wireless terminal WT.
(7) Message Authentication Code in unicast key agreement process and the multicast/broadcast key announce process can also be the signature that the private key of transmitting terminal utilization oneself is done, and correspondingly receiving terminal will utilize the other side's PKI to verify.
(8) in the specific implementation process,, overtime re-transmission is carried out in grouping, to raise the efficiency no matter be that radio access point AP or wireless terminal WT all can be provided with repeatedly retransmission mechanism.
It should be noted that at last: above embodiment only in order to the explanation the present invention and and unrestricted technical scheme described in the invention; Therefore, although this specification has been described in detail the present invention with reference to each above-mentioned embodiment,, those of ordinary skill in the art should be appreciated that still and can make amendment or be equal to replacement the present invention; And all do not break away from the technical scheme and the improvement thereof of the spirit and scope of the present invention, and it all should be encompassed in the middle of the claim scope of the present invention.
Claims (26)
1, a kind of discriminating and time slot scrambling that is used for wireless network, communicate when being connected between wireless terminal in the wireless network and the radio access point, differentiate by the two-way certificate that authentication server carries out between wireless terminal and the radio access point, after two-way certificate is differentiated successfully, wireless terminal and radio access point carry out unicast key agreement, realize the secure communication of unicast data on the Radio Link; It is characterized in that: after unicast key agreement success between wireless terminal and the radio access point, radio access point also further carries out the multicast/broadcast key notification to wireless terminal, realizes the secure communication of multicast/broadcast data on the Radio Link;
Described multicast/broadcast key notification process comprises the steps:
Step 1: radio access point sends the multicast/broadcast key notification to all wireless terminals with its maintenance physical interconnection;
Step 2: wireless terminal responds processing to described notice after receiving the multicast/broadcast key notification that radio access point sends, and the response of multicast/broadcast key notification is sent to radio access point;
Step 3: radio access point is verified it after receiving the multicast/broadcast key notification response that wireless terminal sends, if checking is not passed through, then abandons this multicast/broadcast key notification response; Otherwise, the success of multicast/broadcast key notification;
Step 4: after the multicast/broadcast key notification success, wireless terminal and radio access point utilize this multicast/broadcast key to the transmission of maintaining secrecy of multicast/broadcast communication data packets.
2, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: described step 1 specifically comprises:
Step 10: described radio access point produces a random data as the multicast/broadcast key;
Step 11: the described accessing wirelessly multicast/broadcast key of naming a person for a particular job utilizes the PKI of wireless terminal to encrypt, and obtains the multicast/broadcast key notification.
3, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: described multicast/broadcast key notification comprises at least: multicast/broadcast key notification data, multicast/broadcast key freshness sign and radio access point multicast/broadcast Message Authentication Code; Wherein,
Multicast/broadcast key notification data be a random data producing by radio access point as the multicast/broadcast key, and this multicast/broadcast key utilized obtain behind the public key encryption of wireless terminal;
Multicast/broadcast key freshness sign is the disposable number that radio access point produces, in order to the freshness of sign radio access point multicast/broadcast key notification;
Radio access point multicast/broadcast Message Authentication Code is: radio access point utilizes the cryptographic Hash function that other data hash except that radio access point multicast/broadcast Message Authentication Code in the multicast/broadcast key notification are obtained.
4, discriminating and the time slot scrambling that is used for wireless network according to claim 3, it is characterized in that: wireless terminal to the concrete steps that described multicast/broadcast key notification responds processing is:
Step 20: wireless terminal is verified the multicast/broadcast key notification after receiving the multicast/broadcast key notification that radio access point sends;
Step 21:, then abandon this multicast/broadcast key notification if checking is not passed through; Otherwise the private key of wireless terminal utilization oneself is decrypted multicast/broadcast key notification data, obtains the multicast/broadcast key;
Step 22: wireless terminal returns the response of multicast/broadcast key notification to radio access point.
5, discriminating and the time slot scrambling that is used for wireless network according to claim 4, it is characterized in that: the described method that the multicast/broadcast key notification is verified is: after wireless terminal is received the multicast/broadcast key notification, utilizing the cryptographic Hash function that other data except that radio access point multicast/broadcast Message Authentication Code in this notice are carried out hash calculates, value that calculates and the radio access point multicast/broadcast Message Authentication Code that extracts from this notice are compared, if identical, then checking is passed through; Otherwise checking is not passed through.
6, discriminating and the time slot scrambling that is used for wireless network according to claim 1 is characterized in that: described multicast/broadcast key notification response is made up of following data at least: multicast/broadcast key freshness sign, wireless terminal multicast/broadcast Message Authentication Code; Wherein,
Multicast/broadcast key freshness is designated the multicast/broadcast key freshness sign in the multicast/broadcast key notification;
Wireless terminal multicast/broadcast Message Authentication Code is that wireless terminal utilizes the cryptographic Hash function that other data hash except that wireless terminal multicast/broadcast Message Authentication Code in the response of multicast/broadcast key notification is obtained.
7, discriminating and the time slot scrambling that is used for wireless network according to claim 6, it is characterized in that: the described method that response is verified to the multicast/broadcast key notification is: after radio access point is received the multicast/broadcast key notification response of wireless terminal, utilizing the cryptographic Hash function that other data except that wireless terminal multicast/broadcast Message Authentication Code in this response are carried out hash calculates, value that calculates and the wireless terminal multicast/broadcast Message Authentication Code that extracts from this response are compared, if identical, then checking is passed through; Otherwise checking is not passed through.
8, according to arbitrary described discriminating and the time slot scrambling that is used for wireless network of claim 1-7, it is characterized in that: described unicast key agreement and/or multicast/broadcast key notification process, when the grouping of having carried out communicating by letter of stipulated time and/or having exchanged the specified data amount at wireless terminal and radio access point is carried out later on again, be that radio access point sends new unicast key agreement request and/or multicast/broadcast key notification to wireless terminal, consult new singlecast key between wireless terminal and the radio access point and/or notify new multicast/broadcast key.
9, discriminating and the time slot scrambling that is used for wireless network according to claim 1 is characterized in that: secret key encryption obtains the multicast/broadcast key notification data singlecast key through consultation in the described multicast/broadcast key notification to multicast/broadcast; Correspondingly, after wireless terminal is received the multicast/broadcast key notification, then utilize the singlecast key of consulting that multicast/broadcast key notification data are decrypted, obtain the multicast/broadcast key.
10, according to arbitrary described discriminating and the time slot scrambling that is used for wireless network of claim 1-7, it is characterized in that: described radio access point and/or wireless terminal retransfer after the grouping transmission is overtime.
11, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: described multicast/broadcast key notification comprises at least: multicast/broadcast key notification data, multicast/broadcast key freshness sign and radio access point multicast/broadcast Message Authentication Code; Wherein,
Multicast/broadcast key notification data be a random data producing by radio access point as the multicast/broadcast key, and this multicast/broadcast key utilized obtain behind the public key encryption of wireless terminal;
Multicast/broadcast key freshness sign is the disposable number that radio access point produces, in order to the freshness of sign radio access point multicast/broadcast key notification;
Radio access point multicast/broadcast Message Authentication Code is the signature that radio access point utilizes the private key of radio access point to do, and correspondingly, wireless terminal then utilizes the PKI of radio access point that described radio access point multicast/broadcast Message Authentication Code is verified.
12, discriminating and the time slot scrambling that is used for wireless network according to claim 1 is characterized in that: described multicast/broadcast key notification response is made up of following data at least: multicast/broadcast key freshness sign, wireless terminal multicast/broadcast Message Authentication Code; Wherein,
Multicast/broadcast key freshness is designated the multicast/broadcast key freshness sign in the multicast/broadcast key notification;
Described wireless terminal multicast/broadcast Message Authentication Code is the signature that wireless terminal utilizes the private key of wireless terminal to do, and correspondingly, radio access point then utilizes the PKI of wireless terminal that described wireless terminal multicast/broadcast Message Authentication Code is verified.
13, discriminating and the time slot scrambling that is used for wireless network according to claim 1 is characterized in that: described two-way certificate is differentiated and is comprised following step:
Steps A 1: when wireless terminal physical interconnection during to radio access point, radio access point sends to wireless terminal and differentiates and activate;
Steps A 2: after wireless terminal receives that discriminating that radio access point sends activates, produce and preserve a disposable number, differentiate request mark, and should visit and differentiate request mark and the combination of wireless terminal certificate as visit, constitute visit and differentiate request, send to described radio access point;
Steps A 3: after radio access point receives that request is differentiated in the visit of wireless terminal transmission, preserve this visit and differentiate request mark, again wireless terminal certificate, radio access point certificate, visit are differentiated that the signature of request mark, radio access point makes up, constitute request of certificate authentication, and send to authentication server;
Steps A 4: after authentication server is received the request of certificate authentication of radio access point, the signature of radio access point is verified,, then abandoned this request of certificate authentication or identification result is changed to failure if checking is not passed through; Otherwise, the legitimacy of checking radio access point certificate and wireless terminal certificate; Authentication server makes up the signature of wireless terminal certificate identification result information, radio access point certificate identification result information, authentication server, constitutes certificate and differentiates response, sends back to radio access point; Wherein, described radio access point certificate identification result information comprises certificate and the identification result and the visit discriminating request mark of radio access point;
Steps A 5: after radio access point receives that the certificate of authentication server is differentiated response, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server is verified, if comparative result is different or checking is not passed through, then abandon this certificate and differentiate response, otherwise certificate is differentiated that response send back to wireless terminal as visit discriminating response, and wireless terminal is carried out corresponding access control according to the identification result information of wireless terminal certificate;
Steps A 6: after wireless terminal receives that response is differentiated in visit that radio access point returns, the visit discriminating request mark of visit wherein being differentiated request mark and preservation compares and the signature of authentication server is verified, if comparative result is different or checking is not passed through, then abandon this visit and differentiate response, otherwise, whether continue physical interconnection to this radio access point according to the identification result decision of radio access point certificate.
14, discriminating and the time slot scrambling that is used for wireless network according to claim 13 is characterized in that: described wireless terminal certificate identification result information comprises the certificate and the identification result thereof of wireless terminal.
15, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: described unicast key agreement comprises following step:
Step B1: radio access point sends unicast key agreement request to wireless terminal;
Step B2: wireless terminal responds processing to described request after receiving the unicast key agreement request that radio access point sends, and the unicast key agreement response is sent to radio access point;
Step B3: radio access point is verified it after receiving described unicast key agreement response, if checking is not passed through, then abandons this unicast key agreement response; Otherwise, the unicast key agreement success;
Step B4: after the unicast key agreement success, the singlecast key of wireless terminal and radio access point utilization negotiation is the packet transmission of maintaining secrecy to unicast communication.
16, discriminating and the time slot scrambling that is used for wireless network according to claim 15, it is characterized in that: described unicast key agreement request comprises at least: the signature of unicast key agreement request data, unicast key agreement freshness sign and radio access point; Wherein,
The unicast key agreement request data are random data that produced by radio access point, utilize to obtain behind the public key encryption of wireless terminal;
The unicast key agreement freshness is designated a disposable number, in order to the freshness of sign unicast key agreement;
The signature of radio access point is that the private key of radio access point utilization oneself obtains other data signature except that the signature of radio access point in the unicast key agreement request.
17, discriminating and the time slot scrambling that is used for wireless network according to claim 16, it is characterized in that: wireless terminal to the concrete steps that described radio access point unicast key agreement request responds processing is:
Step B20: after wireless terminal is received the unicast key agreement request that radio access point sends, the signature of radio access point is verified and judged whether unicast key agreement freshness sign is correct;
Step B21:, then abandon this unicast key agreement request if checking is not passed through or judged result is incorrect; Otherwise, the private key of wireless terminal utilization oneself is decrypted the unicast key agreement request data, obtains the random data that radio access point produces, and produces a random data then again in this locality, these two random data are calculated, derive the singlecast key of this time consulting;
Step B22: wireless terminal returns the unicast key agreement response to radio access point.
18, discriminating and the time slot scrambling that is used for wireless network according to claim 15 is characterized in that: described unicast key agreement response comprises at least: unicast key agreement response data, unicast key agreement response identification and wireless terminal unicast key agreement Message Authentication Code; Wherein,
The unicast key agreement response data local random data that produces that is wireless terminal when deriving the singlecast key of consulting obtains after utilizing the public key encryption of radio access point;
The unicast key agreement response identification is the disposable number that wireless terminal generates, the unicast key agreement freshness sign when it will be as unicast key agreement next time;
Wireless terminal unicast key agreement Message Authentication Code is the Hash Value that wireless terminal utilizes the cryptographic Hash function that other data computation except that wireless terminal unicast key agreement Message Authentication Code in the unicast key agreement response are come out.
19, discriminating and the time slot scrambling that is used for wireless network according to claim 18 is characterized in that: the described concrete steps that response is verified to unicast key agreement are:
Step B30: radio access point utilizes the private key of radio access point that the unicast key agreement response data is decrypted after receiving the unicast key agreement response that wireless terminal sends, and obtains the random data that wireless terminal produces;
Step B31: two random data that radio access point utilizes itself and wireless terminal to produce respectively calculate, and derive the singlecast key of this time consulting;
Step B32: radio access point utilizes the cryptographic Hash function that other data except that wireless terminal unicast key agreement Message Authentication Code in the unicast key agreement response are carried out hash and calculates, value that calculates and the wireless terminal unicast key agreement Message Authentication Code that extracts from the unicast key agreement response are compared, if it is identical, then checking is passed through, otherwise checking is not passed through;
Step B33: after checking is passed through, the unicast key agreement response identification in the unicast key agreement response is identified as the unicast key agreement freshness of unicast key agreement process next time.
20, according to arbitrary described discriminating and the time slot scrambling that is used for wireless network of claim 15-19, it is characterized in that: described unicast key agreement also comprises the negotiation of session algorithm, and concrete negotiations process is as follows:
The requesting party of unicast key agreement points out the session algorithm that the requesting party can adopt in unicast key agreement request, the response square tube of unicast key agreement is crossed the requesting party that response message that whether unicast key agreement response will agree to adopt this session algorithm is returned to unicast key agreement; After the unicast key agreement success, both sides adopt the session algorithm of negotiation to carry out secure communication.
21, according to arbitrary described discriminating and the time slot scrambling that is used for wireless network of claim 15-19, it is characterized in that: described unicast key agreement also comprises the negotiation of session algorithm, and concrete negotiations process is as follows:
The requesting party of unicast key agreement is enumerated out the session algorithm that the requesting party supports in unicast key agreement request, the response side of unicast key agreement selects a kind of in the session algorithm that the requesting party provides, and gives the requesting party of unicast key agreement by the unicast key agreement response back; After the unicast key agreement success, both sides adopt the session algorithm of negotiation to carry out secure communication.
22, discriminating and the time slot scrambling that is used for wireless network according to claim 16, it is characterized in that: described unicast key agreement freshness sign, the process of unicast key agreement first after if two-way certificate is differentiated, then the unicast key agreement freshness is designated the visit discriminating request mark of two-way certificate discrimination process; Otherwise, be the key negotiation response sign of unicast key agreement process last time.
23, discriminating and the time slot scrambling that is used for wireless network according to claim 15 is characterized in that: described unicast key agreement response comprises at least: unicast key agreement response data, unicast key agreement response identification and wireless terminal unicast key agreement Message Authentication Code; Wherein,
The unicast key agreement response data local random data that produces that is wireless terminal when deriving the singlecast key of consulting obtains after utilizing the public key encryption of radio access point;
The unicast key agreement response identification is the disposable number that wireless terminal generates, the unicast key agreement freshness sign when it will be as unicast key agreement next time;
Wireless terminal unicast key agreement Message Authentication Code is the signature that the private key of wireless terminal utilization oneself is done, and correspondingly, radio access point utilizes the PKI of wireless terminal that wireless terminal unicast key agreement Message Authentication Code is verified.
24, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: during the radio access point accesses network of described wireless terminal by appointment, then before two-way certificate is differentiated, wireless terminal is preserved the information or the certificate of this radio access point, is used for wireless terminal the visit discriminating response that receives is judged.
25, discriminating and the time slot scrambling that is used for wireless network according to claim 1, it is characterized in that: when described radio access point limits specific wireless terminal accesses network, then before two-way certificate is differentiated, radio access point is preserved the information or the certificate of particular wireless station, is used for radio access point the visit discriminating request that receives is judged.
26, discriminating and the time slot scrambling that is used for wireless network according to claim 13, it is characterized in that: when described wireless terminal is equipped with a plurality of certificate that different authentication servers issue, comprise the information of the authentication server that this radio access point trusts during discriminating that radio access point sends activates, be used for wireless terminal and differentiate according to the corresponding certificate of this Information Selection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100062038A CN100525182C (en) | 2004-03-11 | 2004-03-11 | Authentication and encryption method for wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100062038A CN100525182C (en) | 2004-03-11 | 2004-03-11 | Authentication and encryption method for wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1668000A CN1668000A (en) | 2005-09-14 |
| CN100525182C true CN100525182C (en) | 2009-08-05 |
Family
ID=35038895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100062038A Expired - Lifetime CN100525182C (en) | 2004-03-11 | 2004-03-11 | Authentication and encryption method for wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100525182C (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100479569C (en) * | 2005-10-10 | 2009-04-15 | 华为技术有限公司 | Controlled key updating method |
| EP1860819B1 (en) * | 2006-05-23 | 2013-09-11 | Nokia Siemens Networks GmbH & Co. KG | Method and system for dynamically constructing and controlling short-lived communication groups with secure transmission |
| CN100463391C (en) * | 2006-09-23 | 2009-02-18 | 西安西电捷通无线网络通信有限公司 | Network key management and session key updating method |
| CN101155396B (en) * | 2006-09-25 | 2012-03-28 | 联想(北京)有限公司 | Terminal node switching method |
| CN101431455B (en) * | 2007-11-09 | 2011-03-23 | 北京华旗资讯数码科技有限公司 | Method for implementing secret communication of wireless local area network |
| CN101431454B (en) * | 2007-11-09 | 2011-05-25 | 北京华旗资讯数码科技有限公司 | Wireless local area network building method |
| CN101431453B (en) * | 2007-11-09 | 2011-05-25 | 北京华旗资讯数码科技有限公司 | Method for implementing secret communication between communication terminal and wireless access point |
| CN101345677B (en) * | 2008-08-21 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | Method for improving security of broadcast or multicast system |
| CN100581169C (en) | 2008-08-21 | 2010-01-13 | 西安西电捷通无线网络通信有限公司 | Multicast cryptographic key distribution method and updating method based on unicast conversation cryptographic key |
| CN101765057B (en) * | 2008-12-25 | 2014-03-05 | 上海贝尔股份有限公司 | Method, equipment and system for providing multicast service to WiFi access terminal |
| US20100175113A1 (en) * | 2009-01-05 | 2010-07-08 | International Business Machine Corporation | Secure System Access Without Password Sharing |
| CN104243416B (en) * | 2013-06-17 | 2018-04-27 | 华为技术有限公司 | Encryption communication method, system and relevant device |
| CN109890029B (en) * | 2019-01-29 | 2022-06-03 | 珠海迈科智能科技股份有限公司 | Automatic network distribution method of intelligent wireless equipment |
| CN114866267B (en) * | 2021-02-03 | 2023-12-05 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing secure multicast in block chain network |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
-
2004
- 2004-03-11 CN CNB2004100062038A patent/CN100525182C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CN1668000A (en) | 2005-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100832893B1 (en) | A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely | |
| CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
| CN1910861B (en) | Public access point | |
| Shen et al. | Secure device-to-device communications over WiFi direct | |
| CN101222331B (en) | Authentication server, method and system for bidirectional authentication in mesh network | |
| CN100525182C (en) | Authentication and encryption method for wireless network | |
| CN101262333B (en) | A secure communication method between nodes in vehicular network | |
| CN1124759C (en) | Safe access method of mobile terminal to radio local area network | |
| Dantu et al. | EAP methods for wireless networks | |
| CN107396350A (en) | SDN inter-module method for security protection based on the SDN 5G network architectures | |
| CN101552984B (en) | Base station secure accessing method of mobile communication system | |
| CN108882238A (en) | A kind of lightweight rotation ca authentication method in mobile ad hoc network based on common recognition algorithm | |
| CN101635922B (en) | Safety communication method of wireless mesh network | |
| CN101136741A (en) | Multicast key management method and central node used for the same | |
| CN101478389B (en) | Multi-stage security supporting mobile IPSec transmission authentication method | |
| CN101119368A (en) | Method for implementing wireless network safety communication | |
| CN101521884A (en) | Terminal and security association establishment method under ad hoc network mode and | |
| Casoni et al. | Security issues in emergency networks | |
| Yao et al. | A blockchain based authentication mechanism in wireless local area network | |
| CN1996838A (en) | AAA certification and optimization method for multi-host WiMAX system | |
| Islam et al. | Security enhancement of d2d communication based on handshaking mechanism | |
| Kaur | Wireless security issues and their emerging trends | |
| Uskela | Security in Wireless Local Area Networks | |
| Pervaiz et al. | Security in wireless local area networks | |
| CN106658506A (en) | Security authentication architecture of wireless mesh network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: XI'AN XIDIAN JIETONG WIRELESS NETWORK COMMUNICATI Free format text: FORMER OWNER: CHEN YIRONG Effective date: 20070615 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20070615 Address after: High tech Zone technology two road 710075 Xi'an City No. 68 Xi'an Software Park A201 Applicant after: CHINA IWNCOMM Co.,Ltd. Address before: 100088 Beijing City, Haidian District Huayuan Road No. 13 Daolong Executive Hotel Applicant before: Chen Yirong |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: XI'AN IWNCOMM CO., LTD. Free format text: FORMER NAME: XIDIAN JIETONG WIRELESS NETWORK COMMUNICATION CO LTD, XI'AN |
|
| CP01 | Change in the name or title of a patent holder |
Address after: High tech Zone technology two road 710075 Xi'an City No. 68 Xi'an Software Park A201 Patentee after: CHINA IWNCOMM Co.,Ltd. Address before: High tech Zone technology two road 710075 Xi'an City No. 68 Xi'an Software Park A201 Patentee before: CHINA IWNCOMM Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2016610000049 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20161117 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017610000001 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20170106 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017610000005 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20170317 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Beijing next Technology Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017610000014 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20170601 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: HYTERA COMMUNICATIONS Corp.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017610000015 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20170602 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Beijing Hua Xinaotian network technology Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017610000028 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20171122 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: ALPINE ELECTRONICS, Inc. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2017990000497 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20171222 |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2018610000006 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20180226 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2018610000012 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20180404 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Sony Mobile Communications AB Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: 2018990000306 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20181123 |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2019610000002 Denomination of invention: Authentication and encryption method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20191010 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd. Assignor: China IWNCOMM Co.,Ltd. Contract record no.: X2021610000001 Denomination of invention: Authentication and security methods for wireless networks Granted publication date: 20090805 License type: Common License Record date: 20210125 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: EKC communication technology (Shenzhen) Co.,Ltd. Assignor: China IWNCOMM Co.,Ltd. Contract record no.: X2021610000008 Denomination of invention: Authentication and security methods for wireless networks Granted publication date: 20090805 License type: Common License Record date: 20210705 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Guangzhou nengchuang Information Technology Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2021610000011 Denomination of invention: Authentication and security method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20211104 Application publication date: 20050914 Assignee: Xinruiya Technology (Beijing) Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2021610000012 Denomination of invention: Authentication and security method for wireless network Granted publication date: 20090805 License type: Common License Record date: 20211104 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2022610000005 Denomination of invention: Authentication and security methods for wireless networks Granted publication date: 20090805 License type: Common License Record date: 20220531 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2023610000003 Denomination of invention: Authentication and security methods for wireless networks Granted publication date: 20090805 License type: Common License Record date: 20230207 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Beijing baicaibang Technology Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2023610000005 Denomination of invention: Identification and Security Methods for Wireless Networks Granted publication date: 20090805 License type: Common License Record date: 20230329 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Shenzhen wisky Technology Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2023610000008 Denomination of invention: Identification and Security Methods for Wireless Networks Granted publication date: 20090805 License type: Common License Record date: 20230522 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20050914 Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd. Assignor: CHINA IWNCOMM Co.,Ltd. Contract record no.: X2023610000012 Denomination of invention: Identification and Security Methods for Wireless Networks Granted publication date: 20090805 License type: Common License Record date: 20231114 |
|
| CX01 | Expiry of patent term |
Granted publication date: 20090805 |
|
| CX01 | Expiry of patent term |