CN104602231A - Method and device for updating pre-shared keys - Google Patents
Method and device for updating pre-shared keys Download PDFInfo
- Publication number
- CN104602231A CN104602231A CN201510069049.7A CN201510069049A CN104602231A CN 104602231 A CN104602231 A CN 104602231A CN 201510069049 A CN201510069049 A CN 201510069049A CN 104602231 A CN104602231 A CN 104602231A
- Authority
- CN
- China
- Prior art keywords
- character string
- initial
- psk
- subscriber equipment
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
An embodiment of the invention provides a method and a device for updating pre-shared keys (PSK). The method is applied to wireless access points (AP), and includes randomly generating initial PSK character strings when user equipment is primarily associated with the device, storing initial PSK character sting generating timestamps and the initial PSK character strings, and transmitting the initial PSK character strings to the user equipment; receiving re-association requests initiated by the user equipment; computing second updated PSK character strings by the aid of preset algorithms on the basis of the initial PSK character sting generating timestamps, current timestamps of the wireless access points AP and the initial PSK character strings, and associating the user equipment with the device when first updated PSK character strings are identical to the second updated PSK character strings. The re-association requests contain the first updated PSK character strings, and the first updated PSK character strings are determined by the user equipment by the aid of the preset algorithms according to the received initial PSK character string generating timestamps, current timestamps of the user equipment and the initial PSK character strings.
Description
Technical field
Embodiment of the present invention belongs to network communication technology field, particularly a kind of method and apparatus of more new pre-shared key.
Background technology
The such as wireless network of small business's network and public place adopts wildcard (pre-shared key, PSK) to carry out authentication and encryption to user usually.PSK is open or semi-over information in such networks.Network attack person is easy to steal PSK, adds wireless network by the PSK stolen, and monitoring wireless network also catches the 4-Way Handshake message of user, can be decrypted the enciphered data of user.Therefore, a kind of mode is needed to dynamically update PSK.
In the prior art, the regular artificial regeneration PSK of network manager, and manually inform user upgrade after PSK key, thus add operation maintenance workload.
And in prior art, different user shares identical PSK key, cannot realize real Secure isolation.
Summary of the invention
Embodiment of the present invention proposes a kind of method and apparatus of more new pre-shared key, thus reduces operation maintenance workload.
The technical scheme of embodiment of the present invention is as follows:
According to the one side of embodiment of the present invention, propose a kind of method upgrading PSK, described method is applied to WAP (wireless access point) (AP), and the method comprises:
When subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and described initial p SK character string, and described initial p SK character string is sent to subscriber equipment;
Receive the request of association again that subscriber equipment is initiated, the described request of association again comprises the first renewal PSK character string, and described first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string;
Calculate second based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with described pre-defined algorithm and upgrade PSK character string, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
Preferably, described when subscriber equipment associates first, stochastic generation initial p SK character string comprises:
Receive the request of association first that subscriber equipment is initiated, be redirected to predetermined Web page;
Receive the PSK acquisition request that subscriber equipment is initiated by described Web page, and based on initial p SK character string described in AP current time stochastic generation.
Preferably, describedly calculate second based on timestamp, AP current time stamp and described initial p SK character string when generating initial p SK character string with pre-defined algorithm and upgrade PSK character string and comprise:
Number is taken turns based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string;
According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described second renewal PSK character string.
Preferably, the method comprises further:
Update of time stamp when utilizing calculating second to upgrade PSK character string preserves timestamp during described generation initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve described initial p SK character string.
Preferably, timestamp during preservation generation initial p SK character string and described initial p SK character string comprise:
By the MAC Address of described subscriber equipment, preserve with timestamp during described generation initial p SK character string and described initial p SK string association.
According to the another aspect of embodiment of the present invention, propose a kind of method upgrading PSK, described method is applied to subscriber equipment (UE), and the method comprises:
As association access point AP first, receive the initial p SK character string of stochastic generation from described AP;
When sending association request again to AP, the first renewal PSK character string is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string, and during described in described first renewal PSK character string being carried at, association is asked again; Thus calculate second renewal PSK character string based on timestamp, AP current time stamp and described initial p SK character string when generating initial p SK character string with described pre-defined algorithm by AP, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described AP.
Preferably, during described association access point AP first, the initial p SK character string receiving stochastic generation from AP comprises:
Associate request based on acquiescence PSK first to AP transmission, and be redirected to Web page;
Initiate PSK by described Web page and obtain request, and receive the initial p SK character string based on AP current time stochastic generation from AP.
Preferably, with pre-defined algorithm, timestamp when described basis receives initial p SK character string, subscriber equipment current time stamp and described initial p SK character string determine that the first renewal PSK character string comprises:
The difference determination iteration of all numbers of the timestamp based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number;
According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described first renewal PSK character string.
Preferably, the method comprises further:
Update of time stamp when utilizing calculating first to upgrade PSK character string preserves timestamp when receiving initial p SK character string, and utilizes the first renewal PSK character string to upgrade to preserve described initial p SK character string.
According to the one side of embodiment of the present invention, propose a kind of device upgrading PSK, described method is applied to WAP (wireless access point) (AP), and this device comprises:
Initial p SK sending module, for when subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and described initial p SK character string, and described initial p SK character string is sent to subscriber equipment;
Receiver module, for receiving the request of association again that subscriber equipment is initiated, the described request of association again comprises the first renewal PSK character string, and described first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string;
Relating module, PSK character string is upgraded for calculating second based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with described pre-defined algorithm, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
Preferably, initial p SK sending module, for receiving the request of association first that subscriber equipment is initiated, is redirected to predetermined Web page; Receive the PSK acquisition request that subscriber equipment is initiated by described Web page, and based on initial p SK character string described in AP current time stochastic generation.
Preferably, relating module, for taking turns number based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string; According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described second renewal PSK character string.
Preferably, comprise further:
Update module, update of time stamp when upgrading PSK character string for utilizing calculating second preserves timestamp during described generation initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve described initial p SK character string.
Preferably, initial p SK sending module, for the MAC Address by described subscriber equipment, preserves with timestamp during described generation initial p SK character string and described initial p SK string association.
According to the one side of embodiment of the present invention, propose a kind of device upgrading PSK, described application of installation is in subscriber equipment (UE), and this device comprises:
Receiver module, for as association access point AP first, receives the initial p SK character string of stochastic generation from described AP;
Update module, for when sending association request again to AP, the first renewal PSK character string is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string, and during described in described first renewal PSK character string being carried at, association is asked again; Thus calculate second renewal PSK character string based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with described pre-defined algorithm by AP, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described AP.
Preferably, receiver module, for associating request based on acquiescence PSK first to AP transmission, and is redirected to Web page; Initiate PSK by described Web page and obtain request, and receive the initial p SK character string based on current time stochastic generation from AP.
Preferably, update module, the difference determination iteration for all numbers of the timestamp based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number; According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described first renewal PSK character string.
In embodiments of the present invention, dynamically update PSK when user logs in, without the need to manually inform again user upgrade after PSK key, thus reduce operation maintenance workload.And each user can have different PSK in embodiment of the present invention, assailant is avoided to utilize identical PSK to eavesdrop user profile.In addition, embodiment of the present invention can upgrade PSK based on user's login time and last PSK iteration, thus improves wireless network security.
Accompanying drawing explanation
Fig. 1 is the method flow diagram upgrading PSK according to the present invention in AP side;
Fig. 2 is the method flow diagram upgrading PSK according to the present invention in user equipment side;
Fig. 3 is the exemplary method flowchart upgrading PSK according to the present invention;
Fig. 4 is the structure drawing of device upgrading PSK according to the present invention in AP side;
Fig. 5 is the structure drawing of device upgrading PSK according to the present invention in user equipment side.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail.
In embodiments of the present invention, dynamically update PSK when user logs in, without the need to manually inform again user upgrade after PSK key, thus reduce operation maintenance workload.And each user can have different PSK in embodiment of the present invention, assailant is avoided to utilize identical PSK to eavesdrop user profile.In addition, embodiment of the present invention can upgrade PSK based on user's login time and last PSK iteration, thus improves wireless network security.
Embodiment of the present invention proposes a kind of method upgrading PSK in access point (AP) side.
Fig. 1 is the method flow diagram upgrading PSK according to the present invention in AP side, and the method is applied to AP.
As shown in Figure 1, the method comprises:
Step 101: when subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and initial p SK character string, and initial p SK character string is sent to subscriber equipment.
Here, when association request initiated first by subscriber equipment, AP can based on various Pseudo-Random Number stochastic generation initial p SK character string.Such as, AP can adopt direct method (Direct Method), Inversion process (Inversion Method, accepts the mode stochastic generation initial p SK character strings such as rejection method (Acceptance-Rejection Method).
In one embodiment, AP receives the request of association first that subscriber equipment is initiated, and is redirected to predetermined Web page; Receive the PSK acquisition request that subscriber equipment is initiated by Web page, and based on AP current time stochastic generation initial p SK character string.
More than describe the representative instance of AP stochastic generation initial p SK character string in detail, invention technician can recognize, this description is only exemplary, and is not used in the protection range formation restriction to embodiment of the present invention.
Particularly, timestamp when generating initial p SK character string is the system time information of AP side when generating initial p SK character string.AP preserves timestamp when generating initial p SK character string and initial p SK character string in this locality, and initial p SK character string is sent to subscriber equipment.
In one embodiment, AP, by the MAC Address of subscriber equipment, preserves with timestamp during generation initial p SK character string and initial p SK string association.
After subscriber equipment receives initial p SK character string, based on initial p SK character string and AP 4-Way Handshake, thus can be associated.
Step 102: receive the request of association again that subscriber equipment is initiated, the request that again associates comprises the first renewal PSK character string, and the first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and initial p SK character string when receiving initial p SK character string.
After subscriber equipment associating of utilizing initial p SK character string and AP to set up is expired, subscriber equipment initiates association request to AP equipment again, this association request comprises the first renewal PSK character string, and the first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and initial p SK character string when receiving initial p SK character string.
In one embodiment, the difference determination iteration of all numbers of the timestamp of subscriber equipment based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number; According to iterations, the MD5 digest of iterative computation initial p SK character string, and iterative computation result is defined as the first renewal PSK character string.
Step 103: calculate second based on timestamp, AP current time stamp and initial p SK character string when generating initial p SK character string with this pre-defined algorithm and upgrade PSK character string, and when first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
In one embodiment, AP takes turns number based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string; According to iterations, the MD5 digest of iterative computation initial p SK character string, and iterative computation result is defined as the second renewal PSK character string.
AP generates initial p SK character string and to be sent to time of subscriber equipment negligible, and timestamp essence on number of days and/or all numbers that AP generates when the timestamp of initial p SK character string and subscriber equipment receive initial p SK character string is identical.Subscriber equipment is when calculating first upgrades PSK character string, timestamp when receiving initial p SK character string is converted to number of days or all numbers, and timestamp when generating initial p SK character string is converted to number of days or all numbers when calculating second upgrades PSK character string by AP.The number of days conversed due to subscriber equipment and AP or all numbers identical, what therefore subscriber equipment calculated first upgrades PSK character string and AP second and upgrades PSK character string and can keep identical.
In one embodiment, the method comprises further:
Update of time stamp when utilizing calculating second to upgrade PSK character string preserves timestamp when generating initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve initial p SK character string.
Based on above-mentioned explanation, the invention allows for a kind of method upgrading PSK in user equipment side.
Fig. 2 is the method flow diagram upgrading PSK according to the present invention in user equipment side, and the method is applied to subscriber equipment.
As shown in Figure 2, the method comprises:
Step 201: as association access point AP first, receives the initial p SK character string of stochastic generation from AP;
Step 202: when sending association request again to AP, determine the first renewal PSK character string according to timestamp, subscriber equipment current time stamp and initial p SK character string when receiving initial p SK character string with pre-defined algorithm, and the first renewal PSK character string is carried in association request again; Thus calculate second renewal PSK character string based on timestamp, AP current time stamp and initial p SK character string when generating initial p SK character string with pre-defined algorithm by AP, and when first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described AP.
In one embodiment, first during association access point AP, the initial p SK character string receiving stochastic generation from AP comprises: associate request based on acquiescence PSK first to AP transmission, and be redirected to Web page; Initiate PSK by Web page and obtain request, and receive the initial p SK character string based on AP current time stochastic generation from AP.
In one embodiment, determine that the first renewal PSK character string comprises according to timestamp when receiving initial p SK character string, subscriber equipment current time stamp and initial p SK character string with pre-defined algorithm: take turns number based on subscriber equipment current time stamp and the difference determination iteration of all numbers of timestamp when receiving initial p SK character string; According to described iterations, the MD5 digest of iterative computation initial p SK character string, and described iterative computation result is defined as described first renewal PSK character string.
In one embodiment, the method comprises further:
Update of time stamp when utilizing calculating first to upgrade PSK character string preserves timestamp when receiving initial p SK character string, and utilizes the first renewal PSK character string to upgrade to preserve initial p SK character string.
Fig. 3 is the exemplary method flowchart upgrading PSK according to the present invention.
As shown in Figure 3, the method comprises:
Step 301: subscriber equipment associates request based on acquiescence PSK first to AP transmission.
Step 302:AP, for the subscriber equipment attempting associating first, uses acquiescence PSK to carry out 4-Way Handshake, and makes user device association.And, the MAC Address of AP recording user equipment, and the subscriber equipment identified corresponding to this MAC Address is acquiescence PSK user, to its limiting access authority, only allow the Web page of user equipment access AP, all HTTP request of subscriber equipment are all redirected in the Web page of AP, and push to subscriber equipment the trigger control that current state is " initialized cryptographic " in this Web page.
Step 303: Web page opened by subscriber equipment, " cryptographic initialization " trigger control triggered in Web page is connected to set up HTTPS with the Web server of AP, connects send PSK initialization request, to ask initialization PSK to AP based on this HTTPS.
Step 304:AP is this subscriber equipment stochastic generation initial p SK based on current local system time UTC (YYYYMMDD).And AP obtains the timestamp (being preferably current local system time) when generating initial p SK character string, and timestamp when generating initial p SK character string is scaled all numbers (YYYYWW) in the current year.
All numbers in the converted current year, initial p SK character string are associated with the MAC Address of subscriber equipment and are recorded in this locality by step 305:AP, and by HTTPS connection, initial p SK character string are sent to subscriber equipment.
Step 306: timestamp when receiving initial p SK character string is scaled all numbers (YYYYWW) in the current year by subscriber equipment, and at all numbers that the initial p SK character string that local record receives and subscriber equipment convert based on timestamp when receiving initial p SK character string.Meanwhile, the interface of subscriber equipment shows initial p SK character string to user, thus subscriber equipment can utilize initial p SK character string and AP 4-Way Handshake with associated AP.After this, subscriber equipment can obtain the full access right of AP.
Step 307: after subscriber equipment associating of utilizing initial p SK character string and AP to set up is expired, subscriber equipment initiates association request to AP equipment again, this association request comprises the first renewal PSK character string, and first to upgrade PSK character string be that the initial p SK character string that all numbers, subscriber equipment current time that subscriber equipment converts based on timestamp when receiving initial p SK character string according to subscriber equipment stabs all numbers and the local preservation of subscriber equipment converted is determined with pre-defined algorithm.
Citing, subscriber equipment can calculate first by various iterative algorithm and upgrade PSK (PSK
thisweek).Such as, the PSK (PSK that preserves with this locality of subscriber equipment
old) as original input parameter, calculate next round PSK, and using the PSK that calculates as the input parameter after upgrading, then continue to calculate PSK, thus realize iterative computation; The difference that wherein iteration round stabs by the current time of subscriber equipment all numbers that timestamp when receiving initial p SK character string converts by all numbers of converting and subscriber equipment determined.
Such as, iterative algorithm is CalculatePSK (), calculates PSK
thisweekformula be:
PSK
thisweek=CalculatePSK(PSK
old);
Illustrate:
Assuming that PSK when subscriber equipment associated with the AP last time is PSK
old, and this correlation distance last time be associated with three time-of-weeks, namely subscriber equipment current time stabs the difference of all numbers of all numbers that timestamp when receiving initial p SK character string converts by all numbers of converting and subscriber equipment is 3, and namely iteration round is 3.
Subscriber equipment performs first round iteration: calculate MD (PSK
old);
Subscriber equipment performs second and takes turns iteration: calculate: MD (MD (PSK
old));
Subscriber equipment performs third round iteration: calculate: MD (MD (MD (PSK
old))).
So, the first renewal PSK is MD (MD (MD (PSK
old))).And, MD (MD (MD (PSK is utilized in subscriber equipment this locality
old))) upgrade PSK
old.
Step 308: subscriber equipment upgrades PSK character string based on first and sends association request to AP.
Step 309:AP utilizes all number calculating second converted at the current time stamp of the initial p SK character string of the local preservation of AP, all numbers converted by timestamp when generating initial p SK character string preserved in AP this locality and AP to upgrade PSK character string.Particularly, AP calculates the second renewal PSK character string based on the iterative algorithm identical with subscriber equipment.AP side is when each user associates again, if find, subscriber equipment MAC Address is for record MAC Address, then calculate the second renewal PSK character string that this subscriber equipment is corresponding in real time.
Example in undertaking, this correlation distance last time is associated with three time-of-weeks, namely AP current time stabs the difference of all numbers of all numbers that timestamp when generating initial p SK character string converts by all numbers of converting and AP is 3, and namely iteration round is 3, and preserves PSK in AP this locality
old.
AP performs first round iteration: calculate MD (PSK
old);
AP performs second and takes turns iteration: calculate: MD (MD (PSK
old));
AP performs third round iteration: calculate: MD (MD (MD (PSK
old))).
So, the second renewal PSK is MD (MD (MD (PSK
old))).And, MD (MD (MD (PSK is utilized in AP this locality
old))) upgrade PSK
old.
Step 310: when first upgrade PSK character string and second upgrade PSK character string identical time, AP carries out School Affairs with subscriber equipment by this identical PSK and shakes hands, thus is again associated.
In embodiments of the present invention, for support user due to refitting the situation such as PSK loss, for have recorded MAC Address user and first time 4-Way Handshake verify unsuccessfully time, AP in second time user re-association and carry out 4-Way Handshake verify time use default PSK to verify.If pass through, then require user's initialising subscriber PSK with reference to step 303.
In order to avoid AP power-off causes the loss of user profile, AP associates after the timestamp when MAC Address of subscriber equipment, generation initial p SK can being encrypted with initial p SK character string and is kept in local Flash.In order to avoid frequent operation Flash, this operation can be closed in network in public places.
By embodiment of the present invention, uniquely can obtain the dynamic PSK based on absolute time, and this key updating process does not need alternately, to guarantee not monitored.
Based on above-mentioned analysis, embodiment of the present invention also proposed a kind of device upgrading PSK in AP side.
Fig. 4 is the structure drawing of device upgrading PSK according to the present invention in AP side, and this device is applicable to AP.
As shown in Figure 4, this device comprises:
Initial p SK sending module 401, for when subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and described initial p SK character string, and described initial p SK character string is sent to subscriber equipment;
Receiver module 402, for receiving the request of association again that subscriber equipment is initiated, the described request of association again comprises the first renewal PSK character string, and described first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string;
Relating module 403, PSK character string is upgraded for calculating second based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with this pre-defined algorithm, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
In one embodiment:
Initial p SK sending module 401, for receiving the request of association first that subscriber equipment is initiated, is redirected to predetermined Web page; Receive the PSK acquisition request that subscriber equipment is initiated by Web page, and based on AP current time stochastic generation initial p SK character string.
In one embodiment:
Relating module 403, for taking turns number based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string; According to iterations, the MD5 digest of iterative computation initial p SK character string, and iterative computation result is defined as the second renewal PSK character string.
In one embodiment, comprise further:
Update module 404, update of time stamp when upgrading PSK character string for utilizing calculating second preserves timestamp when generating initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve initial p SK character string.
In one embodiment:
Initial p SK sending module 401, for the MAC Address by subscriber equipment, preserves with timestamp during generation initial p SK character string and initial p SK string association.
Based on above-mentioned labor, embodiment of the present invention also proposed a kind of device upgrading PSK in user equipment side.
Fig. 5 is the structure drawing of device upgrading PSK according to the present invention in user equipment side, and this application of installation is in subscriber equipment.
As shown in Figure 5, this device 500 comprises:
Receiver module 501, for as association access point AP first, receives the initial p SK character string of stochastic generation from described AP;
Update module 502, for when sending association request again to AP, determine the first renewal PSK character string according to timestamp, subscriber equipment current time stamp and initial p SK character string when receiving initial p SK character string with pre-defined algorithm, and the first renewal PSK character string is carried in association request again; Thus calculate second renewal PSK character string based on timestamp, AP current time stamp and initial p SK character string when generating initial p SK character string with this pre-defined algorithm by AP, and when first upgrade PSK character string and second upgrade PSK character string identical time, be associated with AP.
In one embodiment:
Receiver module 501, for associating request based on acquiescence PSK first to AP transmission, and is redirected to Web page; Initiate PSK by Web page and obtain request, and receive the initial p SK character string based on current time stochastic generation from AP.
In one embodiment:
Update module 502, the difference determination iteration for all numbers of the timestamp based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number; According to iterations, the MD5 digest of iterative computation initial p SK character string, and iterative computation result is defined as described first renewal PSK character string.
In sum, in embodiments of the present invention, dynamically update PSK when user logs in, without the need to manually inform again user upgrade after PSK key, thus reduce operation maintenance workload.And each user can have different PSK in embodiment of the present invention, assailant is avoided to utilize identical PSK to eavesdrop user profile.In addition, embodiment of the present invention can upgrade PSK based on user's login time and last PSK iteration, thus improves wireless network security.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (17)
1. a method of more new pre-shared key PSK, it is characterized in that, described method is applied to wireless access point AP, and the method comprises:
When subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and described initial p SK character string, and described initial p SK character string is sent to subscriber equipment;
Receive the request of association again that subscriber equipment is initiated, the described request of association again comprises the first renewal PSK character string, and described first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string;
Calculate second based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with described pre-defined algorithm and upgrade PSK character string, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
2. method according to claim 1, is characterized in that, described when subscriber equipment associates first, and stochastic generation initial p SK character string comprises:
Receive the request of association first that subscriber equipment is initiated, be redirected to predetermined Web page;
Receive the PSK acquisition request that subscriber equipment is initiated by described Web page, and based on initial p SK character string described in AP current time stochastic generation.
3. method according to claim 1, is characterized in that, describedly calculates second based on timestamp, AP current time stamp and described initial p SK character string when generating initial p SK character string with pre-defined algorithm and upgrades PSK character string and comprise:
Number is taken turns based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string;
According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described second renewal PSK character string.
4. method according to claim 1, is characterized in that, the method comprises further:
Update of time stamp when utilizing calculating second to upgrade PSK character string preserves timestamp during described generation initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve described initial p SK character string.
5. method according to claim 1, is characterized in that, timestamp during described preservation generation initial p SK character string and described initial p SK character string comprise:
By the MAC Address of described subscriber equipment, preserve with timestamp during described generation initial p SK character string and described initial p SK string association.
6. a method of more new pre-shared key PSK, it is characterized in that, described method is applied to subscriber equipment, and the method comprises:
As association access point AP first, receive the initial p SK character string of stochastic generation from described AP;
When sending association request again to AP, the first renewal PSK character string is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string, and during described in described first renewal PSK character string being carried at, association is asked again; Thus calculate second renewal PSK character string based on timestamp, AP current time stamp and described initial p SK character string when generating initial p SK character string with described pre-defined algorithm by AP, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described AP.
7. method according to claim 6, is characterized in that, during described association access point AP first, the initial p SK character string receiving stochastic generation from AP comprises:
Associate request based on acquiescence PSK first to AP transmission, and be redirected to Web page;
Initiate PSK by described Web page and obtain request, and receive the initial p SK character string based on AP current time stochastic generation from AP.
8. method according to claim 6, is characterized in that, with pre-defined algorithm, timestamp when described basis receives initial p SK character string, subscriber equipment current time stamp and described initial p SK character string determine that the first renewal PSK character string comprises:
The difference determination iteration of all numbers of the timestamp based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number;
According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described first renewal PSK character string.
9. method according to claim 6, is characterized in that, the method comprises further:
Update of time stamp when utilizing calculating first to upgrade PSK character string preserve described in timestamp when receiving initial p SK character string, and utilize the first renewal PSK character string to upgrade to preserve described initial p SK character string.
10. a device of more new pre-shared key PSK, it is characterized in that, described method is applied to wireless access point AP, and this device comprises:
Initial p SK sending module, for when subscriber equipment associates first, stochastic generation initial p SK character string, preserves timestamp when generating initial p SK character string and described initial p SK character string, and described initial p SK character string is sent to subscriber equipment;
Receiver module, for receiving the request of association again that subscriber equipment is initiated, the described request of association again comprises the first renewal PSK character string, and described first renewal PSK character string is that subscriber equipment is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string;
Relating module, PSK character string is upgraded for calculating second based on timestamp during described generation initial p SK character string, AP current time stamp and described initial p SK character string with described pre-defined algorithm, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described subscriber equipment.
11. devices according to claim 10, is characterized in that,
Initial p SK sending module, for receiving the request of association first that subscriber equipment is initiated, is redirected to predetermined Web page; Receive the PSK acquisition request that subscriber equipment is initiated by described Web page, and based on initial p SK character string described in AP current time stochastic generation.
12. devices according to claim 10, is characterized in that,
Relating module, for taking turns number based on AP current time stamp and the difference determination iteration of all numbers of timestamp during generation initial p SK character string; According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described second renewal PSK character string.
13. devices according to claim 10, is characterized in that, comprise further:
Update module, update of time stamp when upgrading PSK character string for utilizing calculating second preserves timestamp during described generation initial p SK character string, and utilizes the second renewal PSK character string to upgrade to preserve described initial p SK character string.
14. devices according to claim 10, is characterized in that,
Initial p SK sending module, for the MAC Address by described subscriber equipment, preserves with timestamp during described generation initial p SK character string and described initial p SK string association.
The device of 15. 1 kinds of more new pre-shared key PSK, it is characterized in that, described application of installation is in subscriber equipment, and this device comprises:
Receiver module, for as association access point AP first, receives the initial p SK character string of stochastic generation from described AP;
Update module, for when sending association request again to AP, the first renewal PSK character string is determined with pre-defined algorithm according to timestamp, subscriber equipment current time stamp and described initial p SK character string when receiving initial p SK character string, and during described in described first renewal PSK character string being carried at, association is asked again; Thus calculate second renewal PSK character string based on timestamp, AP current time stamp and described initial p SK character string when generating initial p SK character string with described pre-defined algorithm by AP, and when described first upgrade PSK character string and second upgrade PSK character string identical time, be associated with described AP.
16. devices according to claim 15, is characterized in that,
Receiver module, for associating request based on acquiescence PSK first to AP transmission, and is redirected to Web page; Initiate PSK by described Web page and obtain request, and receive the initial p SK character string based on current time stochastic generation from AP.
17. devices according to claim 15, is characterized in that,
Update module, the difference determination iteration for all numbers of the timestamp based on subscriber equipment current time stamp and when receiving initial p SK character string takes turns number; According to described iterations, the MD5 digest of initial p SK character string described in iterative computation, and described iterative computation result is defined as described first renewal PSK character string.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510069049.7A CN104602231B (en) | 2015-02-10 | 2015-02-10 | A kind of method and apparatus of more new pre-shared key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510069049.7A CN104602231B (en) | 2015-02-10 | 2015-02-10 | A kind of method and apparatus of more new pre-shared key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104602231A true CN104602231A (en) | 2015-05-06 |
| CN104602231B CN104602231B (en) | 2018-04-20 |
Family
ID=53127647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510069049.7A Active CN104602231B (en) | 2015-02-10 | 2015-02-10 | A kind of method and apparatus of more new pre-shared key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104602231B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106817695A (en) * | 2015-11-26 | 2017-06-09 | 阿尔斯通运输科技公司 | Access method, related network wireless accessing points and the wireless subscriber station of telecommunications network |
| CN107666384A (en) * | 2016-07-29 | 2018-02-06 | 恩智浦有限公司 | Update the method and apparatus of encryption key |
| CN114694279A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Method for acquiring offline password, computer readable storage medium and terminal device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080123852A1 (en) * | 2006-11-28 | 2008-05-29 | Jianping Jiang | Method and system for managing a wireless network |
| CN101399661A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Legal neighbor authentication method and device in group key management |
| CN101521882A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for updating preshared key |
| JP2013106091A (en) * | 2011-11-10 | 2013-05-30 | Toshiba Mitsubishi-Electric Industrial System Corp | Pre-shared key update system |
| CN103987037A (en) * | 2014-05-28 | 2014-08-13 | 大唐移动通信设备有限公司 | Secret communication implementation method and device |
-
2015
- 2015-02-10 CN CN201510069049.7A patent/CN104602231B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080123852A1 (en) * | 2006-11-28 | 2008-05-29 | Jianping Jiang | Method and system for managing a wireless network |
| CN101399661A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Legal neighbor authentication method and device in group key management |
| CN101521882A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for updating preshared key |
| JP2013106091A (en) * | 2011-11-10 | 2013-05-30 | Toshiba Mitsubishi-Electric Industrial System Corp | Pre-shared key update system |
| CN103987037A (en) * | 2014-05-28 | 2014-08-13 | 大唐移动通信设备有限公司 | Secret communication implementation method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106817695A (en) * | 2015-11-26 | 2017-06-09 | 阿尔斯通运输科技公司 | Access method, related network wireless accessing points and the wireless subscriber station of telecommunications network |
| CN106817695B (en) * | 2015-11-26 | 2022-06-07 | 阿尔斯通运输科技公司 | Method for accessing a telecommunication network, associated network radio access point and radio subscriber station |
| CN107666384A (en) * | 2016-07-29 | 2018-02-06 | 恩智浦有限公司 | Update the method and apparatus of encryption key |
| CN114694279A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Method for acquiring offline password, computer readable storage medium and terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104602231B (en) | 2018-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11265319B2 (en) | Method and system for associating a unique device identifier with a potential security threat | |
| CA2805529C (en) | Communicating an identity to a server | |
| CN101741860B (en) | Computer remote security control method | |
| EP2634954B1 (en) | Identity of a group shared secret | |
| CN102594555A (en) | Security protection method for data, entity on network side and communication terminal | |
| CN105323754B (en) | A kind of distributed method for authenticating based on wildcard | |
| EP3153985A1 (en) | Device and method for password generation in a user device | |
| CN103188229A (en) | Method and equipment for secure content access | |
| Premarathne et al. | Secure and reliable surveillance over cognitive radio sensor networks in smart grid | |
| CN104602231A (en) | Method and device for updating pre-shared keys | |
| CN105049448B (en) | Single-sign-on device and method | |
| US11665539B2 (en) | Communication system | |
| CN104065619B (en) | login method and device | |
| CN110635894B (en) | Quantum key output method and system based on frame protocol format | |
| CN112087305B (en) | NIDDGAL (network data identification and transmission elevation graph) user identity tracing system based on block chain | |
| KR20170131785A (en) | Method for privacy object masking and key management for user authentication in video surveillance system and video surveillance system using the same | |
| CN110570197B (en) | Data processing method and device based on block chain | |
| Tabassum et al. | Scapach: Scalable password-changing protocol for smart grid device authentication | |
| KR102219018B1 (en) | Blockchain based data transmission method in internet of things | |
| CN109522689B (en) | Multi-factor body-building authentication method in mobile office environment | |
| KR101593675B1 (en) | User data integrity verification method and apparatus | |
| CN101217532B (en) | An anti-network attack data transmission method and system | |
| CN101772025B (en) | User identification method, device and system | |
| WO2018155561A1 (en) | Information processing apparatus, information processing method, device, encryption key updating method, system, and recording medium | |
| CN110138565A (en) | Anti- quantum calculation wired home quantum communications method and system based on unsymmetrical key pond pair |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |