CN105357670B - A kind of router - Google Patents

A kind of router Download PDF

Info

Publication number
CN105357670B
CN105357670B CN201510916627.6A CN201510916627A CN105357670B CN 105357670 B CN105357670 B CN 105357670B CN 201510916627 A CN201510916627 A CN 201510916627A CN 105357670 B CN105357670 B CN 105357670B
Authority
CN
China
Prior art keywords
router
wifikey
units
data
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510916627.6A
Other languages
Chinese (zh)
Other versions
CN105357670A (en
Inventor
马俊国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201510916627.6A priority Critical patent/CN105357670B/en
Publication of CN105357670A publication Critical patent/CN105357670A/en
Application granted granted Critical
Publication of CN105357670B publication Critical patent/CN105357670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a kind of router, is included at least in the router:Router main body unit, for realizing router by the function with WIFI;WIFIKey units, the information of configuration information and the client device being connected with the router for storing the router;WIFIKey administrative units, the data communication for managing the router and the connected client device and WIFIKey.

Description

A kind of router
Technical field
This application involves the technical field of router more particularly to a kind of routers.
Background technology
Intelligent WIFI routers are the main products that major router vendors are promoted now, are positioned as the heart of smart home It is dirty.Router is all based on linux kernel at present, realizes the routing function of in-home.Existing smart home routing plan In, the sensitive information and the connection equal stored in clear of facility information of router are not done in router storage based on safety chip height The protection of security level.With the ecological concept industrialization of internet of things intelligent household, the safety of Intelligent routing is at main problem.
USBKey is the security medium for realizing network bank business, based on the safety-related specifications of ISO7816, is calculated in conjunction with PKCS The ciphertext transmission of communication data, ensures that Transaction Information is not stolen, distorts in method standard implementation network trading.
Existing intelligent and safe router does not introduce trustable security environment SE, this problem can cause safety-related one Series of problems.Router account, which is easily stolen, distorts, and the facility information being connect with router is stolen, and passes through equipment and routing The critical data information of user, including social networks account and financial related data etc. are stolen in the data of device communication.And it is based on The intelligent router of smart home, then problem is more notable, and criminal obtains the control of router by some technological means Permission, can be with the home equipment of some intelligent links of remote control, such as intelligent video camera head, intelligent kitchen, intelligent air condition, intelligence Sweeping robot, smart television, intelligent door and window etc..
The current application fields of USBKey are more limited to so that its following problems faced is that the industrial structure is single, product shape State is single, be badly in need of being incorporated into Internet of Things and internet+related product industry in, just can guarantee its sustainable development.
Invention content
In view of this, the application provides a kind of router, including:
Router main body unit, for realizing router by the function with WIFI;
WIFIKey units, data information for storing router working condition and the visitor being connected to the router Family end equipment information;
WIFIKey administrative units, the data for managing the router and the client device and WIFIKey units Communication.
In the application preferred embodiment, the WIFIKey units can be also used for:
Router configuration data management instruction is handled, processing returns to router configuration data;
Receive client device link order, the connection for completing client device;
Operational order of the client device about other client devices is received, the client-side management permission is verified, tests The operational order legitimacy is demonstrate,proved, and respective operations are carried out by the WIFIKey administrative units;
When detecting router attack, early warning processing is carried out.
In the application preferred embodiment, the connection for completing client device includes:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, the data for asking equipment to send and generating random number is signed, it is desirable that equipment is signed Verification;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf so, executing S109;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
In the application preferred embodiment, the processing router configuration data management instruction, processing returns to router and matches Data are set, include the manufacture processing of router and WIFIKey units, specially:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
In the application preferred embodiment, the processing router configuration data management instruction, processing returns to router and matches Data are set, including uses and the data used is managed when router, specially:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
In the application preferred embodiment, when be written in data procedures encounter power-off it is abnormal when, the data management processes In can also include write-in power interruption recovering, specially:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
In the application preferred embodiment, the operational order for receiving client device about other client devices, The client-side management permission is verified, verifies the operational order legitimacy, and is carried out pair by the WIFIKey administrative units It should operate, wherein the client device is superclient end, is specifically included:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list, and return authentication shape after S607, WIFIKey unit nuclear tests card data State information;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy The list of devices returned is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, WIFIKey administrative units in router according to the device authentication information that WIFIkey units return send from The equipment operation that superclient end equipment receives is asked to designated equipment;Specified equipment is returned after being operated according to the instruction received Return mode of operation;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to super visitor Family end equipment.
In the application preferred embodiment, it is described detect router attack when, carry out early warning processing, specially:
When WIFIKey units find within the preset period, the router continually storage to WIFIKey units When data access, WIFIKey units then start alarm flow;
The alarm flow is:
WIFIKe units y sends special instruction to the WIFIKey administrative units of router, it is desirable that it passes through pre-set The client device that Path remote notice of alarming connects, while WIFIKey units stop automatically into low-power consumption mode or completely Only work, it is locked into inside, and prompt the access registrar password of user's change WIFIKey units.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments described in application can also be obtained according to these attached drawings other for those of ordinary skill in the art Attached drawing.
Fig. 1 is the structural schematic diagram that the application is router;
Connection processing flow chart when Fig. 2 is equipment connection router;
Fig. 3 is router manufacture process chart;
Fig. 4 is the flow chart of router data management;
Fig. 5 is power interruption recovering flow chart in ablation process;
Fig. 6 is the flow chart of mobile phone connection router;
Fig. 7 is the flow chart that superclient end equipment operates other client devices by router.
Specific implementation mode
A kind of router disclosed herein, in the technical scheme by the data information of router working condition and company The facility information connect is stored entirely in WIFIKey units, when router need of work use these data when, then in real time from It is read in WIFIKey units.It is not stolen not to illegal control with this to protect router and its connect the information of equipment.
In order to make those skilled in the art more fully understand the technical solution in the application, below in conjunction with the embodiment of the present application In attached drawing, technical solutions in the embodiments of the present application is clearly and completely described, it is clear that described embodiment is only It is some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people The every other embodiment that member is obtained, shall fall within the protection scope of the present application.
Further illustrate that the application implements with reference to illustrations.
As shown in Figure 1, this application provides a kind of router, included at least in the router:
Router main body unit 1, for realizing router by the function with WIFI;
WIFIKey units 2, data information for storing router working condition and the visitor being connected to the router Family end equipment information;
WIFIKey administrative units 3, the number for managing the router and the client device and WIFIKey units According to communication.
The WIFIKey units can be by the believable safety chip structure of a variety of encryption and decryption of support and abstract mathematical algorithm At.
Data memory format inside WIFIKey units:
(1) router data uses TLV format organizations, i.e. TAG+Length+DATA;
(2) the secret key format description of WIFIKey units:Secret key divides secret key data head and secret key number body two parts, i.e. HEAD+ Body。
WIFIKey cell operation flows are described below:
(1) processing router configuration data management instruction, processing return to router configuration data
(2) equipment link order is received, processing equipment connects flow.
(3) operational order of the client about other equipment is received, client-side management permission, verification operation instruction are verified Legitimacy, and inform router services program, carry out respective operations.
(4) when detecting router attack (such as the short time persistently carries out configuration data access), into early warning process flow.
As shown in Fig. 2, will be explained in connection processing flow when equipment connection, specifically include:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, the data for asking equipment to send and generating random number is signed, it is desirable that equipment is signed Verification;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107,;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf correct, S109 is executed;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
Router disclosed herein, the router and WIFIKey units therein need to complete default in manufacture It sets, router data is provided by router vendors, and WIFIKey units are provided by security firm.All data are mono- by WIFIKey Member is written to using prefabricated instruction in the secure storage of WIFIKey units in the manufacture stage.In the memory mechanism of WIFIkey units The format for deferring to a and b is determined the storage mode (plaintext or cipher text) of every group of data by router vendors.
Default setting example:
Router factory data:
The manufacture prefabricated citing of WIFIKey unit secret keys:
Data above is required to the special manufacture instruction write-in of WIFIKey units.
As shown in figure 3, router and WIFIKey units manufacture process chart include:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
In routine use, the route configuration information that router is read in WIFIKey units can work router.
Router needs are managed the data used, including:
Router data updates:When user is in WEB interface or use mobile terminal APP update router datas, only Have when application selects to determine storage, data ought to be written to WIFIKey units by router built-in pipe with ability with instruction mode In.
The mode that WIFIKey units are written in router data is backed up using new value.When WIFIKey units receive router pipe When managing the data update instruction of program, the built-in backup region of WIFIKey units is first write new data into, waits for that all updates refer to After order is sent completely, when sending the last item instruction instruction, Backup Data effective marker is arranged in WIFIKey units, then will The new data for being stored in backup region is written to the target area of normal storage.
As shown in figure 4, the flow of router data management includes:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
When being powered off in ablation process, the data write-in of WIFIKey units is interrupted, when being once again powered up, WIFIKey It will check whether the new data in backup region is effective inside unit, if effectively, new data is re-write normal storage area Domain;If invalid, then it represents that not yet operate normal storage region, WIFIKey units can work normally.
As shown in figure 5, the power interruption recovering flow in ablation process includes:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
When user occur and having updated error configurations data, router can not work normally, and WIFIKey units are supported to restore To manufacture configuration feature.
Next, will be described in the function of WIFIKey administrative units in WIFI routers, include mainly:
(1) it is communicated with WIFIKey units, confirms the legitimacy of WIFIKey units.
(2) by the configuration management information of WIFI routers with ciphertext form secure storage in WIFIKey.
(3) by the facility information being connect with WIFI routers with encrypted test mode secure storage in WIFIKey units.
Connecting facility information includes but not limited to:
The routing of device name, device id, device type, device mac address, the IP that equipment obtains, equipment connects the rental period, The connection Permission Levels etc. that equipment obtains.
(4) escape way is established with the security client of intelligent mobile terminal, the connection of authentication intelligent mobile terminal is legal Property, authorize access control right rank of the intelligent mobile terminal to the home equipment of router and its connection.
(5) when encountering attack, the intelligent mobile terminal of certification is notified to carry out security alarm immediately by secure connection.
Alarm mechanism is:When WIFIKey units find that within a shorter period, router is continually right When the data of the storage inside of WIFIKey units access, such as:30 data updates have been done in one minute confirms behaviour Make, you can think router by rogue attacks, WIFIKey units then start alarm flow.
WIFIKey alarm flows are as follows:
WIFIKey units send special instruction to the WIFIKey administrative units (WIFIKey management programs) of router, Ask it by pre-set alarm channel (VPN etc. that cell phone application is built) remote notification mobile phone, while WIFIKey units are certainly It is dynamic to enter low-power consumption mode or be stopped completely, it is locked into inside, restart after router actively powers off, WIFIKey units could enter normal mode of operation, and prompt the access registrar password of user's change WIFIKey units. WIFIKey administrative units can be located in the WIFIKey service units of router.
(6) the ciphertext format used in WIFIKey units can include but is not limited to:Single des encryption ciphertext, 3DES encryption Ciphertext, RSA public key encryptions ciphertext, RSA private key signatures data, SM2 public key encryptions ciphertext, SM2 private key signatures data, SMS4 are close Text, AES ciphertexts etc..
For not needing the data of ciphertext storage, stored using plaintext abstract mode.Abstract mode includes but not limited to: SHA1, SHA224, SHA256, SHA384, SHA512, MD5, SM3 etc..
The function of WIFIKey units is described more fully below:
(1) confirm couple in router with WIFIKey service units communication in router to carry out client secure certification The legitimacy of intelligent mobile terminal;
(2) list of devices and its related status information etc. of Intelligent routing connection are obtained;
(3) escape way is completed, sends instruction to the specified other equipment being connect with router so that target device is complete At correspondingly function;
Such as, work order is sent to intelligent video camera head, to realize the case where watching family etc.;
(4) when router is under attack, by carrying out preset related security after warning message;
Such as, router shutdown command etc. is remotely sent.
Client device and router communication flow is described more fully below:
Those skilled in the art can define:
Client device can be loaded in mobile phone, tablet computer, smartwatch etc. to connect the smart machine of router On APP, be generally divided into Android APP, IOSAPP, HTML5APP, WINDOWS APP.
Comprising mounted in operating system on the router and the WIFIKey administrative units based on operating system in router.
The communication flow includes:
(1) router is switched on and enters working condition;
(2) client device is switched on and enters working condition;
(3) client device finds router and initiates the connection certification request.
(4) WIFIKey administrative units receive certification request in router and that the certification request is sent to WIFIKey is mono- Member;
(5) WIFIKey units receive the message identifying of WIFIKey administrative units transmission, safe handling are carried out, after processing Safe packet be sent to the WIFIKey administrative units in router.
The safe handling includes but not limited to:Data encryption, data deciphering, data MAC certifications, data HASH verification, Verifying data signature, data carry out PKCS and are packaged unpacking etc..
(6) WIFIKey administrative units receive the processing message of WIFIKey units, send it to client device and want Client device is asked to carry out safety certification.
(7) client device receives safe packet, and verify data is sent to router after carrying out safety certification.
(8) the WIFIKey administrative units of loading in the router confirm data integrity after receiving verify data, then will It is sent to WIFIKey units.
(9) WIFIKey units are verified, and client, which is added to safety, after confirmation is errorless trusts in registration table, and root Correspondingly security level is distributed for it according to verification information, corresponding message is returned and gives server-side management program.
Be stored in WIFIKey units the credible registration table structure of equipment can include but is not limited to include:Device type is set Standby ID, device mac address and equipment description.Such as:PC computers, 0001,12-34-56-78-9A-BC, Peter-PC.
(10) WIFIKey administrative units carry out respective handling according to the message that WIFIKey units return, and allow client Equipment accesses and network connection.
As shown in fig. 6, by taking mobile phone as an example, the flow that mobile phone is connect with router includes:
S501 starts.
S502, router enter WIFI working conditions.
S503, mobile phone detect WIFI signal, and WIFI connection requests are initiated by the APP installed on mobile phone.
S504, cell phone application tissue connection request Data Concurrent send the WIFIKey administrative units into router.
Preferably, cell phone application can be by mobile phone MAC Address, the account registered on the router and WIFI connection passwords It organizes, and WIFIKey administrative units is sent to after adding CRC.
S505, WIFIKey administrative units receive transmitted data in router, are sent the data to after verification is errorless WIFIKey units.
The verification refers to that verify CRC wherein included removes CRC and send the data to WIFIKey after confirmation is errorless Unit.
Whether S506, WIFIKey unit judges mobile phone are in trust listIf so, jumping to S513;If otherwise executing S507。
It is digitally signed after S507, WIFIKey reconfiguration of cell information, WIFIKey signature being sent in router Administrative unit.
The WIFIKey units recombinate the information that 8 byte random numbers and mobile phone are sent, and carry out RSA digital signature, WIFIKey administrative units signature result being sent in router.
Signature is sent to cell phone application by S508, the WIFIKey administrative units in router.
S509, cell phone application carry out signature verification, by after verification data and result be sent to WIFI Key administrative units.
The public key that mobile phone uses when installing APP by it carries out signature verification, and the data of signature verification and result are sent To WIFI Key administrative units.
S510, WIFIKey administrative unit forward Signature verification data and result to give WIFIKey units.
Whether the signature verification of S511, WIFIKey unit judges passes throughIf so, executing S512;If it is not, then jumping to S516。
Cellphone information is added to safety and trusts registration table by S512.
S513 verifies WIFI passwords.
S514 determines whether WIFI passwords are correctIf so, executing S515;If it is not, then jumping to S516.
S515 allows mobile phone to connect.
S516 terminates.
It is for road it should be noted why first sending message by mobile phone rather than removing connection mobile phone by router When can verify that whether mobile phone has carried out secure registration on the router by device, and can prevent router from illegally being controlled It goes actively to connect chartered equipment.
It is that completion is established in Router Security connection above, as shown in fig. 7, will be described below after a connection setup, has super The client device of grade administrator right is (referred to as:Superclient end equipment) by the router to other client devices into The flow of row operation:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list, and return authentication shape after S607, WIFIKey unit nuclear tests card data State information;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy The list of devices returned is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, WIFIKey administrative units in router according to the device authentication information that WIFIkey units return send from The equipment operation that superclient end equipment receives is asked to designated equipment;Specified equipment is returned after being operated according to the instruction received Return mode of operation;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to super visitor Family end equipment.
The implementation of the present invention can ensure Router Security even running, ensure router access and control secure and trusted It is carried out under environment, ensures the safety of smart home device remote control, ensure the safety of smart home ecological data.
It will be understood by those skilled in the art that embodiments herein can be provided as method, apparatus (equipment) or computer Program product.Therefore, in terms of the application can be used complete hardware embodiment, complete software embodiment or combine software and hardware Embodiment form.Moreover, the application can be used in one or more wherein include computer usable program code meter The computer journey implemented in calculation machine usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of sequence product.
The application is flow chart of the reference according to method, apparatus (equipment) and computer program product of the embodiment of the present application And/or block diagram describes.It should be understood that each flow in flowchart and/or the block diagram can be realized by computer program instructions And/or the combination of the flow and/or box in box and flowchart and/or the block diagram.These computer programs can be provided to refer to Enable the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate One machine so that by the instruction that computer or the processor of other programmable data processing devices execute generate for realizing The device for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application Belong within the scope of the application claim and its equivalent technologies, then the application is also intended to exist comprising these modification and variations It is interior.

Claims (7)

1. a kind of router, included at least in the router:
Router main body unit, for realizing router by the function with WIFI;
WIFIKey units, data information for storing router working condition and the client being connected to the router Facility information;
WIFIKey administrative units, it is logical for managing the router and the client device and the data of WIFIKey units News;
The WIFIKey units are additionally operable to:
Receive client device link order, the connection for completing client device;
Wherein, it is described complete client device connection include:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, and the data for asking equipment to send and generating random number are signed, it is desirable that equipment carries out signature and tests Card;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf so, executing S109;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
2. router as described in claim 1, the WIFIKey units are additionally operable to:
Router configuration data management instruction is handled, processing returns to router configuration data;
Operational order of the client device about other client devices is received, the client-side management permission is verified, verifies institute Operational order legitimacy is stated, and respective operations are carried out by the WIFIKey administrative units;
When detecting router attack, early warning processing is carried out.
3. router as claimed in claim 2, the processing router configuration data management instruction, processing return to router and match Data are set, include the manufacture processing of router and WIFIKey units, specially:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
4. router as claimed in claim 2, the processing router configuration data management instruction, processing return to router and match Data are set, including uses and the data used is managed when router, specially:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
5. router as claimed in claim 4, when be written in data procedures encounter power-off it is abnormal when, the data management Can also include write-in power interruption recovering in journey, specially:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
6. router as claimed in claim 2, the operational order for receiving client device about other client devices, The client-side management permission is verified, verifies the operational order legitimacy, and is carried out pair by the WIFIKey administrative units It should operate, wherein the client device is superclient end, is specifically included:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list after S607, WIFIKey unit nuclear tests card data, and return authentication state is believed Breath;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns to obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy List of devices is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, the WIFIKey administrative units in router are sent according to the device authentication information that WIFIkey units return from super The equipment operation that client device receives is asked to designated equipment;Specified equipment is grasped according to return after the instruction operation received Make state;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to superclient end Equipment.
It is described when detecting router attack 7. router as claimed in claim 2, early warning processing is carried out, specially:
When WIFIKey units find that within the preset period, the router is continually to the storage data of WIFIKey units When accessing, WIFIKey units then start alarm flow;
The alarm flow is:
WIFIKey units send special instruction to the WIFIKey administrative units of router, it is desirable that it passes through pre-set alarm The client device of Path remote notice connection, while WIFIKey units stop work automatically into low-power consumption mode or completely Make, it is locked into inside, and prompt the access registrar password of user's change WIFIKey units.
CN201510916627.6A 2015-12-10 2015-12-10 A kind of router Active CN105357670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510916627.6A CN105357670B (en) 2015-12-10 2015-12-10 A kind of router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510916627.6A CN105357670B (en) 2015-12-10 2015-12-10 A kind of router

Publications (2)

Publication Number Publication Date
CN105357670A CN105357670A (en) 2016-02-24
CN105357670B true CN105357670B (en) 2018-08-21

Family

ID=55333502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510916627.6A Active CN105357670B (en) 2015-12-10 2015-12-10 A kind of router

Country Status (1)

Country Link
CN (1) CN105357670B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105871852B (en) * 2016-04-08 2019-03-05 绍兴文理学院元培学院 A kind of intelligent router, Router Security management method
CN108833221A (en) * 2018-05-30 2018-11-16 四川斐讯全智信息技术有限公司 A kind of quick distribution of smart home and the system and method for binding account

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201700013U (en) * 2010-06-29 2011-01-05 北京北方博业科技发展有限公司 3g router
CN102291856A (en) * 2011-09-21 2011-12-21 大连钜正科技有限公司 Internet of things gateway with multipassage and multichannel supporting effect
CN104618899A (en) * 2015-01-29 2015-05-13 杭州晟元芯片技术有限公司 ZigBee router with built-in safety module
CN104618204A (en) * 2015-01-29 2015-05-13 杭州晟元芯片技术有限公司 Intelligent home system for guaranteeing safe and remote control based on security modules and realization method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201700013U (en) * 2010-06-29 2011-01-05 北京北方博业科技发展有限公司 3g router
CN102291856A (en) * 2011-09-21 2011-12-21 大连钜正科技有限公司 Internet of things gateway with multipassage and multichannel supporting effect
CN104618899A (en) * 2015-01-29 2015-05-13 杭州晟元芯片技术有限公司 ZigBee router with built-in safety module
CN104618204A (en) * 2015-01-29 2015-05-13 杭州晟元芯片技术有限公司 Intelligent home system for guaranteeing safe and remote control based on security modules and realization method thereof

Also Published As

Publication number Publication date
CN105357670A (en) 2016-02-24

Similar Documents

Publication Publication Date Title
EP3646173B1 (en) Theft and tamper resistant data protection
CN103227776B (en) Configuration method, configuration device, computer program product and control system
CN101351807B (en) Methods and systems for associating an embedded security chip with a computer
TWI643508B (en) Smart routing system for IoT smart devices
US9021568B2 (en) Verification method for verifying validity of program, and verification system
MX2011002423A (en) Authorization of server operations.
JP2016531508A (en) Data secure storage
JP2008532123A (en) Method for monitoring and controlling managed devices
JP2006114010A (en) System for home network and method for authentication between remote terminal and home network using smart card
KR102439881B1 (en) System for controlling network access based on controller and method of the same
CN107368737A (en) A kind of processing method for preventing copy-attack, server and client
US8254577B2 (en) Validation of encryption key
JP2012137975A (en) Relay processor, control method for the same and program
KR102460695B1 (en) System for controlling network access based on controller and method of the same
KR102377248B1 (en) System for controlling network access based on controller and method of the same
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
KR20190057677A (en) Electronic device and method for transmitting and receiving data based on secured operating system in the electronic device
CN105357670B (en) A kind of router
KR101206854B1 (en) Authentication system and method based by unique identifier
JP2010212805A (en) Method and system for distributing security information of settlement processing, center apparatus thereof, settlement device and program
CN102822840B (en) Use management system and use management method
CN110311937B (en) Data forwarding system
CN107026734A (en) A kind of method and system that Password Management is carried out using certification lasting effectiveness
KR20160063250A (en) Network authentication method using a card device
CN105991524A (en) Family information security system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant