CN103781074B - Wireless LAN safety cut-in method and equipment - Google Patents

Abstract

The present invention relates to wireless communication technology field, disclose a kind of wireless LAN safety cut-in method and equipment.The method comprising the steps of: receives the probe request of client, whether the signal intensity detecting described probe request meets requirement, judge to meet whether the client required supports secure accessing based on signal strength detection, if then opening WPS support and carry out WPS negotiation, by WPS negotiations process, the configuration of current wireless Local Area Network is supplied to client, accepts to use the client of described configuration to access described WLAN.The present invention utilizes the attenuation degree premise as secure accessing of wireless signal, clear and definite restriction is made without wireless client and user are used, reduce design research and development difficulty, on the basis of not increasing cost, access the Consumer's Experience that WLAN provides more convenient, more superior first for wireless client.

Description

Wireless LAN safety cut-in method and equipment

Technical field

The present invention relates to a kind of wireless communication technology field, access particularly to a kind of wireless LAN safety Method and apparatus.

Background technology

User typically can be to wireless network name (SSID, service set when a newly-built wireless network Identifier) it is configured with wireless encryption mode, in order to ensure the safety of wireless network, it will usually set Put hiding SSID and a tediously long wireless security key.After these are provided with, wireless client is first Secondary when being connected into this wireless network, need manually add network name (SSID) and input tediously long wireless peace Full key, this is all a loaded down with trivial details process for a lot of users.After wireless client successful connection one As can remember network, secondary connects and then need not to input password from being dynamically connected again, and such time one is long, very Multi-user oneself does not remembers that key yet, when there being new wireless client access network, needs to use Access network wireless client or use access in radio client log in back-stage management interface Checking key set originally, Consumer's Experience is poor；In the system that some are safer, if key sets Can not show after Ding, even need to change key or reset system, this bad experience especially.

Owing to there are the problems referred to above, Wi-Fi Alliance organize and implement WPS(Wi-Fi Protected Setup, Wi-Fi protection setting) authentication item, it is directed generally to simplify installation and the security performance of WLAN Configuration work.WPS can help wireless client end subscriber to automatically configure network name (SSID) and wireless peace Full key.For domestic consumer, it is not necessary to possess background knowledge and amendment necessity of Wi-Fi equipment The ability of configuration just can easily realize secure connection network, and user is tediously long wireless without remembering simultaneously Safe key, it is to avoid forget the trouble of key.

In prior art, Wi-Fi Alliance release various ways triggering WPS realizes wireless client and connects safely Enter WLAN to include:

1. user pressed respectively in two minutes wireless client and the hardware button of WAP or The button of software simulation, triggers WPS and starts link negotiation, and active wireless network is configured by WAP Being handed down to wireless client by encryption safe, wireless client obtains active wireless network configuration the most automatically Configuration take-effective is also connected with WAP foundation.

2. user inputs 8 bit digital PIN of WAP on the software interface that wireless client provides (Personal Identification Number) code, triggers WPS and starts link negotiation, WAP Active wireless network configuration is handed down to wireless client by encryption safe, it is achieved wireless client and nothing Line access point is set up and is connected.

3. use special NFC(Near Field Communication, near-field communication) chip, utilize NFC technology, it is desirable to wireless client and WAP trigger in the way of closely touching WPS, it is achieved wireless client is set up with WAP and is connected.

But, aforesaid way is required to equipment vendors and designs equipment accordingly and develop, and to The use at family has certain limitations, and design cost and research and development difficulty are relatively big, and the improvement to Consumer's Experience is limited.

Summary of the invention

For the defect of prior art, the technical problem to be solved is the most quick advantageously real The secure accessing of existing wireless network.

For solving the problems referred to above, on the one hand, the invention provides a kind of wireless LAN safety cut-in method, Including step:

S1, receives the probe request of client, and the signal intensity detecting described probe request is the fullest Foot requirement, if then continuing step S2, stops the access procedure of described client the most immediately；

S2, it is judged that whether described client supports secure accessing based on signal strength detection, if then opening Open WPS support and continue step S3, stop the access procedure of described client the most immediately；

S3, carries out WPS negotiation, detects described client in access procedure and WPS negotiations process simultaneously Signal intensity whether meet requirement, if then continue step S4, stop described client the most immediately WPS negotiations process；

S4, is supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network, accepts to make Described WLAN is accessed by the client of described configuration.

Preferably, described method further comprises the steps of:

After the access completing described client, it is automatically switched off described WPS and supports.

Preferably, described client should by adding a custom field mark in described probe request Client supports secure accessing based on signal strength detection.

Preferably, in step S2, only all support based on signal intensity in described client and WAP Just open described WPS during the secure accessing detected to support.

Preferably, in step S1 and S3, whether described signal intensity meets requirement refers specifically to: the letter of signal Make an uproar and than whether whether be less than 30dB more than 65dB and/or signal attenuation, if then meeting requirement, the most not Meet requirement.

On the other hand, the present invention provides a kind of wireless LAN safety access device the most simultaneously, including:

Request processing module, for receiving the probe request of client, the probe requests thereby that detection receives Whether the signal intensity of frame meets requirement, if then being continued with by support module, stops institute the most immediately State the access procedure of client；

Support module, for judging whether described client supports secure accessing based on signal strength detection, If then opening WPS support and continued with by negotiation module, stop connecing of described client the most immediately Enter process；

Negotiation module, is used for carrying out WPS negotiation, detects described client at access procedure and WPS simultaneously Whether the wireless signal strength in negotiations process meets requirement, if then being continued with by AM access module, no Stop the WPS negotiations process of described client the most immediately；

AM access module, for being supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network End, accepts to use the client of described configuration to access described WLAN.

Preferably, described equipment is wireless access point device.

Preferably, described equipment also includes closing module, is used for after the access completing described client, It is automatically switched off described WPS to support.

Preferably, described client should by adding a custom field mark in described probe request Client supports secure accessing based on signal strength detection；Described equipment is by the letter periodically sent Mark frame adds corresponding custom field and states that it supports secure accessing based on signal strength detection.

Preferably, whether described signal intensity meets requirement and refers specifically to: whether the signal to noise ratio of signal is more than 65dB and/or signal attenuation, whether less than 30dB, if then meeting requirement, are otherwise unsatisfactory for requirement.

Relative to prior art, the invention provides a kind of wireless LAN safety cut-in method and equipment, Utilize the attenuation degree premise as secure accessing of wireless signal, it is not necessary to wireless client and user are made With making clear and definite restriction, reduce design research and development difficulty, on the basis of not increasing cost, for wireless Client accesses the Consumer's Experience that WLAN provides more convenient, more superior first.

Accompanying drawing explanation

Fig. 1 is the schematic flow sheet of wireless LAN safety cut-in method in one embodiment of the present of invention.

Detailed description of the invention

As employed some vocabulary in the middle of description and claim to censure specific components.This area skill Art personnel are it is to be appreciated that hardware manufacturer may call same parts with different nouns.This explanation In the way of book and claim not difference by title is used as distinguishing parts, but with parts in function On difference be used as distinguish criterion.Additionally, " coupling " word comprise at this any directly and indirectly Electric property coupling means.Therefore, if a first device is coupled to one second device described in literary composition, then institute is represented State first device and can directly be electrically coupled to described second device, or pass through other devices or couple between means Ground connection is electrically coupled to described second device.Description subsequent descriptions is to implement the preferable embodiment party of the present invention Formula, for the purpose of right described description is the rule so that the present invention to be described, is not limited to the present invention's Scope.Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is entered Row clearly and completely describes.Obviously, described embodiment is to implement the better embodiment of the present invention, For the purpose of described description is the rule so that the present invention to be described, it is not limited to the scope of the present invention. Protection scope of the present invention should be as defined in claim, based on the embodiment in the present invention, The every other reality that those of ordinary skill in the art are obtained on the premise of not making creative work Execute example, broadly fall into the scope of protection of the invention.

Prior art provides the means of many secure accessing WLANs, but existing mode is being brought There is also significantly defect, such as the most simultaneously:

Use the technology that hardware button triggers, need on equipment, install a controlled button additional, the most required Equipment reserves single space, increases specific components and parts.This outward appearance to product, size, Structure both increases requirement, more and more exquisiter pocket wireless client device, the difficulty of design Strengthening, design cost increases.The button increased also increases Material Cost and testing cost at production link. Additionally the general WAP used in family or hotel, such as wireless router, the most all can be put Put the most accessible place in high-wall or corner etc., when needs newly access wireless client, need Going to press tactile button with hands, this also makes troubles to user.

The technology using software virtual push button to trigger, needs the support of corresponding software, different producer's designs Difference, therefore corresponding software needs to be developed by producer oneself.But the variation of current platform, different flat Platform software can not multiplexing, such as windows platform, Linux platform, iOS platform, Android platform etc. Deng, software all can not be general；Support various platform, development cost will be increased to producer and open The cycle of sending out.

Additionally, either use hardware button or software virtual push button mode triggers WPS, be desirable that with In one time, only two equipment press the button, and have time interval to limit, then WPS protocol realization Two apparatus interconnections pressed the button, otherwise will result in the unknowable wireless client device of user and access Network, brings hidden danger to network security, and the use to user improves requirement the most undoubtedly.

Use the 8 bit digital PIN codes inputting WAP on the software interface that wireless client provides Technology, need also exist for wireless client manufacturer exploitation corresponding software support, additionally PIN code one As be to be produced house by the raw factory of wireless access point device to specify, or combined by the pure digi-tal of stochastic generation, Can not be specified voluntarily by user, user is difficult to remember for a long time the PIN code of this 8 bit digital, so PIN code one As identify on the housing of wireless access point device or on the interface of its management software.User is made With also resulting in inconvenience.Last position of the PIN code of other 8 bit digital is check code, the most only 7 Significant digits, wireless client can carry out Brute Force by the way of exhaustive, so this use PIN The mode of code there is also hidden danger for security.

Special NFC chip is used to pass through the technology closely touched, owing to equipment master chip is general the most not Supporting NFC, need one NFC chip of extra gear, this to increase the biggest Material Cost undoubtedly, also Information processing between NFC chip to be considered and master chip, which again increases the R&D costs of producer.Mesh Front this mode does not obtain the accreditation of equipment vendors, is not the most promoted.

In the inventive solutions, in order on the basis of not increasing cost, first for wireless client Secondary access WLAN provides more convenient, more superior Consumer's Experience, utilizes the decay of wireless signal Degree is as the premise of secure accessing, it is not necessary to uses wireless client and user and makes clear and definite restriction, Reduce design research and development difficulty, enhance Consumer's Experience.

Seeing Fig. 1, in one embodiment of the invention, wireless LAN safety cut-in method includes step Rapid:

S1, receives the probe request of client, and the signal intensity detecting described probe request is the fullest Foot requirement, if then continuing step S2, stops the access procedure of described client the most immediately；

S2, it is judged that whether described client supports secure accessing based on signal strength detection, if then opening Open WPS support and continue step S3, stop the access procedure of described client the most immediately；

S3, carries out WPS negotiation, detects described client in access procedure and WPS negotiations process simultaneously Wireless signal strength whether meet requirement, if then continue step S4, stop described client the most immediately The WPS negotiations process of end；

S4, is supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network, accepts to make Described WLAN is accessed by the client of described configuration.

Preferably, for ensureing safety, after the access completing client, also it is automatically switched off WPS and supports.

Wherein, " access procedure " in above-mentioned steps refers in particular to client and uses aforesaid way to carry out accessing Process, the access procedure stopping client in step S1, S2 only refers to stop using signal strength detection automatic The process accessed, is not limiting as this client and adopts and access in other ways, and such as limited client is still Traditional approach or existing WPS mode etc. can be used to access wireless network.

It will appreciated by the skilled person that all or part of step realizing in above-described embodiment method Suddenly the program that can be by completes to instruct relevant hardware, and described program can be stored in a calculating In machine read/write memory medium, this program upon execution, including each step of above-described embodiment method, and Described storage medium may is that ROM/RAM, magnetic disc, CD, storage card etc..Therefore, ability Territory person skilled will be understood that corresponding with the method for the present invention, and the present invention includes one the most simultaneously Planting wireless LAN safety access device, with said method step correspondingly, this equipment includes:

Request processing module, for receiving the probe request of client, the probe requests thereby that detection receives Whether the signal intensity of frame meets requirement, if then being continued with by support module, stops institute the most immediately State the WPS negotiations process of client；

Support module, for judging whether described client supports secure accessing based on signal strength detection, If then opening WPS support and continued with by negotiation module, stop connecing of described client the most immediately Enter process；

Negotiation module, is used for carrying out WPS negotiation, detects described client at access procedure and WPS simultaneously Whether the wireless signal strength in negotiations process meets requirement, if then being continued with by AM access module, no Stop the access procedure of described client the most immediately；

AM access module, for being supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network End, accepts to use the client of described configuration to access described WLAN.

Above-mentioned wireless LAN safety access device is preferably wireless access point device, typically as without circuit By or provide wireless access terminal unit etc..

Wherein, client uses the nothing that described probe request (Probe Request) scanning is the most available Line access point, identifies this client support base by adding a custom field in described probe request Secure accessing in signal strength detection.WAP also oneself is supported corresponding to client statement simultaneously Secure accessing based on signal strength detection, main by the beacon frame (Beacon) periodically sent The corresponding custom field of middle interpolation is stated.

Preferably, only just open corresponding WPS when client all supports this technology with WAP to prop up Hold.The WPS wireless access that ambient signals is the strongest and supports aforesaid way is preferably connected during client scan Point.

Technical scheme achieves WPS secure accessing based on wireless signal strength detection, at this Invention being assumed, the client that distance WAP within the specific limits and stops without partition wall is access point The equipment of owner's accreditation, can allow its access network；And exceed certain limit or have partition wall to stop Client is not recognized, and does not allow it to access.Use technique scheme, the invention enables safety Higher equipment can access wireless network quickly, or user only need to enter particular range and can obtain License, this makes technical scheme eliminate button relative to prior art, more need not directly Touch wireless access point device, also simpler and safer than what input PIN code mode operated.

Wherein, WLAN uses undelegated 2.4GHz or 5GHz radio frequency in LAN environment Wave band carries out wireless connections.Owing to electromagnetic wave is to propagate in the confined space, and by air and surrounding The impact of the factors such as ground environment, generally, average path decay is the power function of distance, expresses Formula is:

Lp(d)=L(d0)+10nlog[d/d0]

In formula, L (d0) is that reference path decays (dB), and d is the distance (m) receiving point to launch point, D0 is reference distance (m)；Lp (d) is the launch point path attenuation to reference distance；N is depending on environment Average path damped expoential.

Knowable to above formula, path attenuation is logarithm normal distribution, in view of WLAN is typically erected at Indoor, the environmental factors of the indoor radio wave propagation of impact is extremely complex, the layout of these factors such as building, Material structure and type, can cause radio wave propagation characteristic and the change of the area of coverage and unstability.Consider Interior of building has substantial amounts of baffle element and separation, reference path decay in above formula, index n and standard Variance is depending on building type, side of buildings and receives the ginseng of number of floor levels between point and launch point Number.Extremely complex owing to affecting the environmental factors of WLAN indoor wave transmissions, obtain accurate Indoor total path attenuation result of calculation is extremely difficult, and common way is to apply above formula sum According to, after the planning and designing of the estimation to path attenuation and receiving power and WLAN, by reality The method of ground test is obtained a result.But substantially can there is such conclusion: (d in the case of close together It is worth smaller), the change of distance is very big to the influence of fading of signal, and the most distant in distance In the case of, the influence of fading degree of signal is diminished by the change of distance.

In practice, signal is penetrated by the stop of general partition wall to be consumed at more than 30dB, and within general two meters The decay in path less than 30dB, therefore can with less than two meters or more small distance scope limit signal attenuation as Index assert safe distance.The signal less than 30dB of decaying for receiving may be considered user to be recognized Can equipment to be accessed, the process of access according to the WPS agreement of standard, safety and quickly.So have Imitate and the access preventing illegality equipment of safety.Certainly, practical situation is accurately known signal attenuation degree There is certain difficulty access point and can accurately know received signal strength, but the transmitting signal of transmitting terminal Intensity may not necessarily accurately understand at access point that (signal intensity launched by the wireless device of different vendor may not One)；Thus embodiments of the invention may be used without other replacement schemes and judge signal intensity requirement.Right In can substantially know the situation launching signal intensity, gather same model or similar transmitting terminal the most in advance Launch signal data or transmitting signal intensity has clear and definite standard, it is judged that whether signal attenuation is less than 30dB.When being difficult to know transmitting signal intensity, received signal strength is set according to certain convention Threshold value (wireless signal strength of Wi-Fi is had maximum to limit by such as various countries, signal intensity and also Limited by Wi-Fi chip itself), with CNS Wi-Fi chip emission power maximum 20dBm be Example, weighs a signal intensity received with signal to noise ratio, when the Signal-to-Noise received is more than It is believed that the decay of its signal is less than 30dB during 65dB, regard as meeting the signal of requirement.Real at other Execute in example, it would however also be possible to employ the combination of above two mode judges whether signal intensity meets requirement, such as Received signal strength and attenuation degree are all defined, or both of which are judged, meets wherein One of etc..

Relative to prior art, the invention provides a kind of wireless LAN safety cut-in method and equipment, It need not set up hardware button and the virtual triggering of software.Set up connection procedure also to have only to connect near wireless Enter point device to contact without reality, reduce use condition.Set up connection procedure to need not by Three method, apparatus, it is not required that specific software trigger mechanism, it is not necessary to the too much intervention of user.Around In the case of having multiple WAP, as long as the distance between wireless access point device is relatively big or has partition wall Situation, it is possible to allow the technical scheme simultaneously having multiple stage wireless client to use the present invention to provide just carrying out Really connect.Therefore, using the technical scheme that this patent provides, operation when using user requires more Simplicity, the condition of use limits and requires less, the most flexible safety.

Although above in association with preferred embodiment, invention has been described, but those skilled in the art should This understanding, method and system of the present invention is not limited to the embodiment described in detailed description of the invention, In the case of without departing substantially from the spirit and scope of the invention being defined by the appended claims, can be to the present invention Various modification can be adapted, increase and replace.

Claims (10)

1. a wireless LAN safety cut-in method, it is characterised in that described method includes step:

S1, receives the probe request of client, and the signal intensity detecting described probe request is the fullest Foot requirement, if then continuing step S2, stops the access procedure of described client the most immediately；

S2, it is judged that whether described client supports secure accessing based on signal strength detection, if then opening Open WPS support and continue step S3, stop the access procedure of described client the most immediately；

S3, carries out WPS negotiation, detects described client in access procedure and WPS negotiations process simultaneously Signal intensity whether meet requirement, if then continue step S4, stop described client the most immediately WPS negotiations process；

S4, is supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network, accepts to make Described WLAN is accessed by the client of described configuration.

Method the most according to claim 1, it is characterised in that described method further comprises the steps of:

After the access completing described client, it is automatically switched off described WPS and supports.

Method the most according to claim 1, it is characterised in that described client is by described spy Survey claim frame adds a custom field and identifies this client support safety based on signal strength detection Access.

Method the most according to claim 1, it is characterised in that in step S2, only described client End and WAP all support that just opening described WPS during secure accessing based on signal strength detection props up Hold.

Method the most according to claim 1, it is characterised in that in step S1 and S3, described signal Whether intensity meets requirement refers specifically to:

Whether whether the signal to noise ratio of signal be less than 30dB, if then meeting more than 65dB and/or signal attenuation Requirement, is otherwise unsatisfactory for requirement.

6. a wireless LAN safety access device, it is characterised in that described equipment includes:

Request processing module, for receiving the probe request of client, the probe requests thereby that detection receives Whether the signal intensity of frame meets requirement, if then being continued with by support module, stops institute the most immediately State the access procedure of client；

Support module, for judging whether described client supports secure accessing based on signal strength detection, If then opening WPS support and continued with by negotiation module, stop connecing of described client the most immediately Enter process；

Negotiation module, is used for carrying out WPS negotiation, detects described client at access procedure and WPS simultaneously Whether the wireless signal strength in negotiations process meets requirement, if then being continued with by AM access module, no Stop the WPS negotiations process of described client the most immediately；

AM access module, for being supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network End, accepts to use the client of described configuration to access described WLAN.

Equipment the most according to claim 6, it is characterised in that described equipment is that WAP sets Standby.

Equipment the most according to claim 6, it is characterised in that described equipment also includes closing module, For after the access completing described client, it is automatically switched off described WPS and supports.

Equipment the most according to claim 6, it is characterised in that described client is by described spy Survey claim frame adds a custom field and identifies this client support safety based on signal strength detection Access；Described equipment states it by adding corresponding custom field in the beacon frame periodically sent Support secure accessing based on signal strength detection.

Equipment the most according to claim 6, it is characterised in that whether described signal intensity meets Requirement refers specifically to:

Whether whether the signal to noise ratio of signal be less than 30dB, if then meeting more than 65dB and/or signal attenuation Requirement, is otherwise unsatisfactory for requirement.