Wireless LAN safety cut-in method and equipment
Technical field
The present invention relates to a kind of wireless communication technology field, access particularly to a kind of wireless LAN safety
Method and apparatus.
Background technology
User typically can be to wireless network name (SSID, service set when a newly-built wireless network
Identifier) it is configured with wireless encryption mode, in order to ensure the safety of wireless network, it will usually set
Put hiding SSID and a tediously long wireless security key.After these are provided with, wireless client is first
Secondary when being connected into this wireless network, need manually add network name (SSID) and input tediously long wireless peace
Full key, this is all a loaded down with trivial details process for a lot of users.After wireless client successful connection one
As can remember network, secondary connects and then need not to input password from being dynamically connected again, and such time one is long, very
Multi-user oneself does not remembers that key yet, when there being new wireless client access network, needs to use
Access network wireless client or use access in radio client log in back-stage management interface
Checking key set originally, Consumer's Experience is poor;In the system that some are safer, if key sets
Can not show after Ding, even need to change key or reset system, this bad experience especially.
Owing to there are the problems referred to above, Wi-Fi Alliance organize and implement WPS(Wi-Fi Protected Setup,
Wi-Fi protection setting) authentication item, it is directed generally to simplify installation and the security performance of WLAN
Configuration work.WPS can help wireless client end subscriber to automatically configure network name (SSID) and wireless peace
Full key.For domestic consumer, it is not necessary to possess background knowledge and amendment necessity of Wi-Fi equipment
The ability of configuration just can easily realize secure connection network, and user is tediously long wireless without remembering simultaneously
Safe key, it is to avoid forget the trouble of key.
In prior art, Wi-Fi Alliance release various ways triggering WPS realizes wireless client and connects safely
Enter WLAN to include:
1. user pressed respectively in two minutes wireless client and the hardware button of WAP or
The button of software simulation, triggers WPS and starts link negotiation, and active wireless network is configured by WAP
Being handed down to wireless client by encryption safe, wireless client obtains active wireless network configuration the most automatically
Configuration take-effective is also connected with WAP foundation.
2. user inputs 8 bit digital PIN of WAP on the software interface that wireless client provides
(Personal Identification Number) code, triggers WPS and starts link negotiation, WAP
Active wireless network configuration is handed down to wireless client by encryption safe, it is achieved wireless client and nothing
Line access point is set up and is connected.
3. use special NFC(Near Field Communication, near-field communication) chip, utilize
NFC technology, it is desirable to wireless client and WAP trigger in the way of closely touching
WPS, it is achieved wireless client is set up with WAP and is connected.
But, aforesaid way is required to equipment vendors and designs equipment accordingly and develop, and to
The use at family has certain limitations, and design cost and research and development difficulty are relatively big, and the improvement to Consumer's Experience is limited.
Summary of the invention
For the defect of prior art, the technical problem to be solved is the most quick advantageously real
The secure accessing of existing wireless network.
For solving the problems referred to above, on the one hand, the invention provides a kind of wireless LAN safety cut-in method,
Including step:
S1, receives the probe request of client, and the signal intensity detecting described probe request is the fullest
Foot requirement, if then continuing step S2, stops the access procedure of described client the most immediately;
S2, it is judged that whether described client supports secure accessing based on signal strength detection, if then opening
Open WPS support and continue step S3, stop the access procedure of described client the most immediately;
S3, carries out WPS negotiation, detects described client in access procedure and WPS negotiations process simultaneously
Signal intensity whether meet requirement, if then continue step S4, stop described client the most immediately
WPS negotiations process;
S4, is supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network, accepts to make
Described WLAN is accessed by the client of described configuration.
Preferably, described method further comprises the steps of:
After the access completing described client, it is automatically switched off described WPS and supports.
Preferably, described client should by adding a custom field mark in described probe request
Client supports secure accessing based on signal strength detection.
Preferably, in step S2, only all support based on signal intensity in described client and WAP
Just open described WPS during the secure accessing detected to support.
Preferably, in step S1 and S3, whether described signal intensity meets requirement refers specifically to: the letter of signal
Make an uproar and than whether whether be less than 30dB more than 65dB and/or signal attenuation, if then meeting requirement, the most not
Meet requirement.
On the other hand, the present invention provides a kind of wireless LAN safety access device the most simultaneously, including:
Request processing module, for receiving the probe request of client, the probe requests thereby that detection receives
Whether the signal intensity of frame meets requirement, if then being continued with by support module, stops institute the most immediately
State the access procedure of client;
Support module, for judging whether described client supports secure accessing based on signal strength detection,
If then opening WPS support and continued with by negotiation module, stop connecing of described client the most immediately
Enter process;
Negotiation module, is used for carrying out WPS negotiation, detects described client at access procedure and WPS simultaneously
Whether the wireless signal strength in negotiations process meets requirement, if then being continued with by AM access module, no
Stop the WPS negotiations process of described client the most immediately;
AM access module, for being supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network
End, accepts to use the client of described configuration to access described WLAN.
Preferably, described equipment is wireless access point device.
Preferably, described equipment also includes closing module, is used for after the access completing described client,
It is automatically switched off described WPS to support.
Preferably, described client should by adding a custom field mark in described probe request
Client supports secure accessing based on signal strength detection;Described equipment is by the letter periodically sent
Mark frame adds corresponding custom field and states that it supports secure accessing based on signal strength detection.
Preferably, whether described signal intensity meets requirement and refers specifically to: whether the signal to noise ratio of signal is more than
65dB and/or signal attenuation, whether less than 30dB, if then meeting requirement, are otherwise unsatisfactory for requirement.
Relative to prior art, the invention provides a kind of wireless LAN safety cut-in method and equipment,
Utilize the attenuation degree premise as secure accessing of wireless signal, it is not necessary to wireless client and user are made
With making clear and definite restriction, reduce design research and development difficulty, on the basis of not increasing cost, for wireless
Client accesses the Consumer's Experience that WLAN provides more convenient, more superior first.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of wireless LAN safety cut-in method in one embodiment of the present of invention.
Detailed description of the invention
As employed some vocabulary in the middle of description and claim to censure specific components.This area skill
Art personnel are it is to be appreciated that hardware manufacturer may call same parts with different nouns.This explanation
In the way of book and claim not difference by title is used as distinguishing parts, but with parts in function
On difference be used as distinguish criterion.Additionally, " coupling " word comprise at this any directly and indirectly
Electric property coupling means.Therefore, if a first device is coupled to one second device described in literary composition, then institute is represented
State first device and can directly be electrically coupled to described second device, or pass through other devices or couple between means
Ground connection is electrically coupled to described second device.Description subsequent descriptions is to implement the preferable embodiment party of the present invention
Formula, for the purpose of right described description is the rule so that the present invention to be described, is not limited to the present invention's
Scope.Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is entered
Row clearly and completely describes.Obviously, described embodiment is to implement the better embodiment of the present invention,
For the purpose of described description is the rule so that the present invention to be described, it is not limited to the scope of the present invention.
Protection scope of the present invention should be as defined in claim, based on the embodiment in the present invention,
The every other reality that those of ordinary skill in the art are obtained on the premise of not making creative work
Execute example, broadly fall into the scope of protection of the invention.
Prior art provides the means of many secure accessing WLANs, but existing mode is being brought
There is also significantly defect, such as the most simultaneously:
Use the technology that hardware button triggers, need on equipment, install a controlled button additional, the most required
Equipment reserves single space, increases specific components and parts.This outward appearance to product, size,
Structure both increases requirement, more and more exquisiter pocket wireless client device, the difficulty of design
Strengthening, design cost increases.The button increased also increases Material Cost and testing cost at production link.
Additionally the general WAP used in family or hotel, such as wireless router, the most all can be put
Put the most accessible place in high-wall or corner etc., when needs newly access wireless client, need
Going to press tactile button with hands, this also makes troubles to user.
The technology using software virtual push button to trigger, needs the support of corresponding software, different producer's designs
Difference, therefore corresponding software needs to be developed by producer oneself.But the variation of current platform, different flat
Platform software can not multiplexing, such as windows platform, Linux platform, iOS platform, Android platform etc.
Deng, software all can not be general;Support various platform, development cost will be increased to producer and open
The cycle of sending out.
Additionally, either use hardware button or software virtual push button mode triggers WPS, be desirable that with
In one time, only two equipment press the button, and have time interval to limit, then WPS protocol realization
Two apparatus interconnections pressed the button, otherwise will result in the unknowable wireless client device of user and access
Network, brings hidden danger to network security, and the use to user improves requirement the most undoubtedly.
Use the 8 bit digital PIN codes inputting WAP on the software interface that wireless client provides
Technology, need also exist for wireless client manufacturer exploitation corresponding software support, additionally PIN code one
As be to be produced house by the raw factory of wireless access point device to specify, or combined by the pure digi-tal of stochastic generation,
Can not be specified voluntarily by user, user is difficult to remember for a long time the PIN code of this 8 bit digital, so PIN code one
As identify on the housing of wireless access point device or on the interface of its management software.User is made
With also resulting in inconvenience.Last position of the PIN code of other 8 bit digital is check code, the most only 7
Significant digits, wireless client can carry out Brute Force by the way of exhaustive, so this use PIN
The mode of code there is also hidden danger for security.
Special NFC chip is used to pass through the technology closely touched, owing to equipment master chip is general the most not
Supporting NFC, need one NFC chip of extra gear, this to increase the biggest Material Cost undoubtedly, also
Information processing between NFC chip to be considered and master chip, which again increases the R&D costs of producer.Mesh
Front this mode does not obtain the accreditation of equipment vendors, is not the most promoted.
In the inventive solutions, in order on the basis of not increasing cost, first for wireless client
Secondary access WLAN provides more convenient, more superior Consumer's Experience, utilizes the decay of wireless signal
Degree is as the premise of secure accessing, it is not necessary to uses wireless client and user and makes clear and definite restriction,
Reduce design research and development difficulty, enhance Consumer's Experience.
Seeing Fig. 1, in one embodiment of the invention, wireless LAN safety cut-in method includes step
Rapid:
S1, receives the probe request of client, and the signal intensity detecting described probe request is the fullest
Foot requirement, if then continuing step S2, stops the access procedure of described client the most immediately;
S2, it is judged that whether described client supports secure accessing based on signal strength detection, if then opening
Open WPS support and continue step S3, stop the access procedure of described client the most immediately;
S3, carries out WPS negotiation, detects described client in access procedure and WPS negotiations process simultaneously
Wireless signal strength whether meet requirement, if then continue step S4, stop described client the most immediately
The WPS negotiations process of end;
S4, is supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network, accepts to make
Described WLAN is accessed by the client of described configuration.
Preferably, for ensureing safety, after the access completing client, also it is automatically switched off WPS and supports.
Wherein, " access procedure " in above-mentioned steps refers in particular to client and uses aforesaid way to carry out accessing
Process, the access procedure stopping client in step S1, S2 only refers to stop using signal strength detection automatic
The process accessed, is not limiting as this client and adopts and access in other ways, and such as limited client is still
Traditional approach or existing WPS mode etc. can be used to access wireless network.
It will appreciated by the skilled person that all or part of step realizing in above-described embodiment method
Suddenly the program that can be by completes to instruct relevant hardware, and described program can be stored in a calculating
In machine read/write memory medium, this program upon execution, including each step of above-described embodiment method, and
Described storage medium may is that ROM/RAM, magnetic disc, CD, storage card etc..Therefore, ability
Territory person skilled will be understood that corresponding with the method for the present invention, and the present invention includes one the most simultaneously
Planting wireless LAN safety access device, with said method step correspondingly, this equipment includes:
Request processing module, for receiving the probe request of client, the probe requests thereby that detection receives
Whether the signal intensity of frame meets requirement, if then being continued with by support module, stops institute the most immediately
State the WPS negotiations process of client;
Support module, for judging whether described client supports secure accessing based on signal strength detection,
If then opening WPS support and continued with by negotiation module, stop connecing of described client the most immediately
Enter process;
Negotiation module, is used for carrying out WPS negotiation, detects described client at access procedure and WPS simultaneously
Whether the wireless signal strength in negotiations process meets requirement, if then being continued with by AM access module, no
Stop the access procedure of described client the most immediately;
AM access module, for being supplied to client by WPS negotiations process by the configuration of current wireless Local Area Network
End, accepts to use the client of described configuration to access described WLAN.
Above-mentioned wireless LAN safety access device is preferably wireless access point device, typically as without circuit
By or provide wireless access terminal unit etc..
Wherein, client uses the nothing that described probe request (Probe Request) scanning is the most available
Line access point, identifies this client support base by adding a custom field in described probe request
Secure accessing in signal strength detection.WAP also oneself is supported corresponding to client statement simultaneously
Secure accessing based on signal strength detection, main by the beacon frame (Beacon) periodically sent
The corresponding custom field of middle interpolation is stated.
Preferably, only just open corresponding WPS when client all supports this technology with WAP to prop up
Hold.The WPS wireless access that ambient signals is the strongest and supports aforesaid way is preferably connected during client scan
Point.
Technical scheme achieves WPS secure accessing based on wireless signal strength detection, at this
Invention being assumed, the client that distance WAP within the specific limits and stops without partition wall is access point
The equipment of owner's accreditation, can allow its access network;And exceed certain limit or have partition wall to stop
Client is not recognized, and does not allow it to access.Use technique scheme, the invention enables safety
Higher equipment can access wireless network quickly, or user only need to enter particular range and can obtain
License, this makes technical scheme eliminate button relative to prior art, more need not directly
Touch wireless access point device, also simpler and safer than what input PIN code mode operated.
Wherein, WLAN uses undelegated 2.4GHz or 5GHz radio frequency in LAN environment
Wave band carries out wireless connections.Owing to electromagnetic wave is to propagate in the confined space, and by air and surrounding
The impact of the factors such as ground environment, generally, average path decay is the power function of distance, expresses
Formula is:
Lp(d)=L(d0)+10nlog[d/d0]
In formula, L (d0) is that reference path decays (dB), and d is the distance (m) receiving point to launch point,
D0 is reference distance (m);Lp (d) is the launch point path attenuation to reference distance;N is depending on environment
Average path damped expoential.
Knowable to above formula, path attenuation is logarithm normal distribution, in view of WLAN is typically erected at
Indoor, the environmental factors of the indoor radio wave propagation of impact is extremely complex, the layout of these factors such as building,
Material structure and type, can cause radio wave propagation characteristic and the change of the area of coverage and unstability.Consider
Interior of building has substantial amounts of baffle element and separation, reference path decay in above formula, index n and standard
Variance is depending on building type, side of buildings and receives the ginseng of number of floor levels between point and launch point
Number.Extremely complex owing to affecting the environmental factors of WLAN indoor wave transmissions, obtain accurate
Indoor total path attenuation result of calculation is extremely difficult, and common way is to apply above formula sum
According to, after the planning and designing of the estimation to path attenuation and receiving power and WLAN, by reality
The method of ground test is obtained a result.But substantially can there is such conclusion: (d in the case of close together
It is worth smaller), the change of distance is very big to the influence of fading of signal, and the most distant in distance
In the case of, the influence of fading degree of signal is diminished by the change of distance.
In practice, signal is penetrated by the stop of general partition wall to be consumed at more than 30dB, and within general two meters
The decay in path less than 30dB, therefore can with less than two meters or more small distance scope limit signal attenuation as
Index assert safe distance.The signal less than 30dB of decaying for receiving may be considered user to be recognized
Can equipment to be accessed, the process of access according to the WPS agreement of standard, safety and quickly.So have
Imitate and the access preventing illegality equipment of safety.Certainly, practical situation is accurately known signal attenuation degree
There is certain difficulty access point and can accurately know received signal strength, but the transmitting signal of transmitting terminal
Intensity may not necessarily accurately understand at access point that (signal intensity launched by the wireless device of different vendor may not
One);Thus embodiments of the invention may be used without other replacement schemes and judge signal intensity requirement.Right
In can substantially know the situation launching signal intensity, gather same model or similar transmitting terminal the most in advance
Launch signal data or transmitting signal intensity has clear and definite standard, it is judged that whether signal attenuation is less than
30dB.When being difficult to know transmitting signal intensity, received signal strength is set according to certain convention
Threshold value (wireless signal strength of Wi-Fi is had maximum to limit by such as various countries, signal intensity and also
Limited by Wi-Fi chip itself), with CNS Wi-Fi chip emission power maximum 20dBm be
Example, weighs a signal intensity received with signal to noise ratio, when the Signal-to-Noise received is more than
It is believed that the decay of its signal is less than 30dB during 65dB, regard as meeting the signal of requirement.Real at other
Execute in example, it would however also be possible to employ the combination of above two mode judges whether signal intensity meets requirement, such as
Received signal strength and attenuation degree are all defined, or both of which are judged, meets wherein
One of etc..
Relative to prior art, the invention provides a kind of wireless LAN safety cut-in method and equipment,
It need not set up hardware button and the virtual triggering of software.Set up connection procedure also to have only to connect near wireless
Enter point device to contact without reality, reduce use condition.Set up connection procedure to need not by
Three method, apparatus, it is not required that specific software trigger mechanism, it is not necessary to the too much intervention of user.Around
In the case of having multiple WAP, as long as the distance between wireless access point device is relatively big or has partition wall
Situation, it is possible to allow the technical scheme simultaneously having multiple stage wireless client to use the present invention to provide just carrying out
Really connect.Therefore, using the technical scheme that this patent provides, operation when using user requires more
Simplicity, the condition of use limits and requires less, the most flexible safety.
Although above in association with preferred embodiment, invention has been described, but those skilled in the art should
This understanding, method and system of the present invention is not limited to the embodiment described in detailed description of the invention,
In the case of without departing substantially from the spirit and scope of the invention being defined by the appended claims, can be to the present invention
Various modification can be adapted, increase and replace.