CN105516984A - Safe access system of public WiFi - Google Patents
Safe access system of public WiFi Download PDFInfo
- Publication number
- CN105516984A CN105516984A CN201510874872.5A CN201510874872A CN105516984A CN 105516984 A CN105516984 A CN 105516984A CN 201510874872 A CN201510874872 A CN 201510874872A CN 105516984 A CN105516984 A CN 105516984A
- Authority
- CN
- China
- Prior art keywords
- wifi
- user
- vpn
- application
- mobile device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a safe access system of public WiFi, comprising mobile device application service, a VPN service general framework, a WiFi access sensor and a wireless network card; the WiFi access sensor senses safety of accessing to WiFi by a user; with respect to the user trusted WiFi hot spot, the application of a mobile device directly accesses to the WiFi; with respect to the user untrusted WiFi hot spot, the application of the mobile device invokes the VPN service general framework to encrypt the data transmission of the application according to user customized VPN service interface and then accesses to the public WiFi; the VPN service general framework provides various VPN application interfaces to the user. According to the invention, whether the access WiFi is trusted by the user is sensed; integrating VPNs of different protocols and different encryption modes to the VPN service general framework is supported; and safe WiFi access and data transmission are supported.
Description
Technical field
The present invention relates to the safety access system of a kind of public WiFi, under being specifically related to public WiFi environment, be applicable to a kind of safety access system based on VPN service general framework of mobile device.
Background technology
The demand of public WiFi secure accessing proposes for the linking Internet demand of undergoes rapid expansion instantly and growing network malicious attack behavior setting, the existence of the multiple factors the such as particularly awareness of network security of the formation relative complex of the environment opposing open of public WiFi, user group, user self is relatively thin, causes the network security problem under public WiFi environment to seem particularly outstanding.
At present, the access way of extensively universal public WiFi is mainly divided into without authentication and has authentication two kinds.Wi-Fi hotspot without identification authentication mode only needs the service set identifier (ServiceSetIdentifier of user radio network
,and input correct wireless password SSID), get final product access network, this mode in hotel, dining room, the public place ubiquity such as market.When the Wi-Fi hotspot with identification authentication mode needs user to connect SSID, after inputting correct user name, password and identifying code, the accessible use through the confirmation rear of certificate server, this mode for representative, appears at the public places such as campus, shopping centre, airport with the ChinaNet hotspot of the ChinaUnicom of the CMCC of China Mobile, CHINAUNICOM and China Telecom widely.
There is a lot of potential safety hazard in the access way of the public WiFi of tradition, assailant adopts common attack pattern to have HTTP to kidnap, ARP attacks, DNS cheats, man-in-the-middle attack (Man-in-the-MiddleAttack, MITMA) etc., normally transmit with cleartext information because user accesses public WiFi online, once user suffers man-in-the-middle attack in public WiFi environment, assailant can kidnap the surfing flow of user, the service request of refusal user, reveal the online privacy of user, account password stealing user etc., serious threat is caused to privacy of user.Common reply man-in-the-middle attack defensive measure is the authentication being realized WiFi access user by modes such as IP and MAC binding, signing certificates.The mode of IP and MAC binding is not also suitable for the environment of a large amount of mobility colony of public WiFi; The mode of signing certificate increases the operating load of routing device, accesses fast and easily and has certain conflicting, be not suitable for the user group of the extensive quantity of public WiFi simultaneously with WiFi self.Meanwhile, once the invasion of routing device victim, the invaded person's amendment of key parameter, so above-mentioned identification authentication mode does not just have effect.
Summary of the invention
The object of this invention is to provide the safety access system of a kind of public WiFi, solve the potential safety hazard that public place connects the man-in-the-middle attack that WiFi exists, for the WiFi access of user provides reliable and secure Data Encryption Transmission tunnel, the VPN for user uses and provides private subscribed services.
The technical solution adopted in the present invention is, the safety access system of a kind of public WiFi, and this system is made up of mobile device application service, VPN service general framework, WiFi access perceptron and wireless network card four part;
WiFi accesses perceptron and carries out perception to the fail safe that user accesses WiFi, and for the Wi-Fi hotspot of user's credit, the application of mobile device directly accesses WiFi; For the Wi-Fi hotspot of non-user credit, the VPN service interface that the application of mobile device customizes according to user oneself, calls VPN service general framework, is encrypted the public WiFi of rear access to the transfer of data of application; VPN service general framework provides various VPN application interface for user;
Described WiFi accesses perceptron and comprises:
WiFi identification module: this module is monitored in real time to the WiFi of mobile device access, identifies the SSID of Wi-Fi hotspot and MAC Address and SSID and MAC is back to WiFi filtering module;
WiFi filtering module: the SSID that cognitive phase obtains by this module and MAC and WiFi white list are compared, alignment algorithm adopts prefix trees technology, realizes the real-time high-efficiency coupling of character string; WiFi white list loads when this module starts, and the Wi-Fi hotspot of trust can be added in white list by user; The match is successful is then directly connected into credit Wi-Fi hotspot for white list, and the working application of mobile device directly can be connected into WiFi; It fails to match then thinks that this Wi-Fi hotspot is not by credit, will start WiFi control module;
WiFi control module: this module starts when mobile device accesses the WiFi of non-white list; According to the VPN file of customization, start corresponding vpn application, mobile device is through VPN secure accessing Wi-Fi hotspot;
And some configuration files.
Further, VPN service general framework comprises: application presentation layer, service interface layer, program control layer and program accumulation layer four layer architecture, for user provides traditional PPTPVPN, and L2TPVPN, the communication encryption services of IPSecVPN, OpenVPN and other privately owned VPN.
The invention has the beneficial effects as follows: the present invention can perception access WiFi whether credit is in user, the VPN of different for different agreement cipher mode can be supported to be integrated in VPN service general framework, and to support WiFi secure accessing and transfer of data.Under supporting various public place environment, the secure accessing of WiFi resists the common man-in-the-middle attack of WiFi, the online privacy of protection user; Support that VPN service general framework is to the flexible expansion of novel VPN; Support that the user of different demand takes different VPN service, efficient WiFi secure accessing under realizing various environment; Support that the running log to different VPN service under the public WiFi environment of difference uses is added up, analyzed, selecting which kind of VPN to access WiFi under various circumstances to other users provides recommendations, has certain instruction meaning; Support that carrying out collection to the WiFi white list of different user merges, for all users provide relieved safe WiFi list.
Accompanying drawing explanation
Fig. 1 is overall structure figure of the present invention.
Fig. 2 is that WiFi accesses perceptron module relation diagram.
Fig. 3 is VPN service general frame construction drawing.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
A safety access system of public WiFi, comprises mobile device application service, VPN service general framework, WiFi access perceptron and wireless network card;
WiFi accesses perceptron and carries out perception to the fail safe that user accesses WiFi, and for the Wi-Fi hotspot of user's credit, the application of mobile device directly accesses WiFi; For the Wi-Fi hotspot of non-user credit, the VPN service interface that the application of mobile device customizes according to user oneself, calls VPN service general framework, is encrypted the public WiFi of rear access to the transfer of data of application.VPN service general framework provides various VPN application interface for user, the VPN service that other proprietary protocols such as the VPN service that agreement as publicly-owned in widely used PPTPVPN, L2TPVPN, IPSecVPN, OpenVPN etc. is supported and ShadowVPN are supported;
WiFi accesses perceptron and comprises WiFi identification module, WiFi filtering module, WiFi control module three submodules and some configuration files composition;
WiFi identification module: this module is monitored in real time to the WiFi of mobile device access, identifies the service set identifier (ServiceSetIdentifier, SSID) of Wi-Fi hotspot and MAC Address and SSID and MAC is back to WiFi filtering module;
WiFi filtering module: the SSID that cognitive phase obtains by this module and MAC and WiFi white list are compared, alignment algorithm adopts prefix trees technology, realizes the real-time high-efficiency coupling of character string; WiFi white list loads when this module starts, and the Wi-Fi hotspot of trust can be added in white list by user, as credit WiFi such as family's Wi-Fi hotspot.The match is successful is then directly connected into credit Wi-Fi hotspot for white list, and the working application of mobile device directly can be connected into WiFi; It fails to match then thinks that this Wi-Fi hotspot is not by credit, will start WiFi control module;
WiFi control module: this module starts when mobile device accesses the WiFi of non-white list.According to the VPN file of customization, start corresponding vpn application, mobile device is through VPN secure accessing Wi-Fi hotspot.
VPN service general framework forms by applying presentation layer, service interface layer, program control layer and program accumulation layer four layer architecture, for user provides traditional PPTPVPN, and the communication encryption services of L2TPVPN, IPSecVPN, OpenVPN and other privately owned VPN.
Application presentation layer: this layer represents the UI interface of general VPN application software, this UI interface can for user consider Cipher Strength, connection speed, stability etc. demand in many ways, and select the VPN service being applicable to oneself.
Service interface layer: this layer comprises the booting script of a script startup scheduler and multiple VPN application service.The booting script of all VPN of script startup scheduler unified management, booting script provides interactive interface for upper strata UI and lower level processes; The booting script of VPN application service comprises traditional VPN booting script, as Run Script, the Run Script of L2TPVPN, the Run Script of IPSecVPN of PPTPVPN; In addition, the Run Script of some other privately owned VPN is also comprised.
Program control layer: this layer of primary responsibility upper strata VPN service is called dynamic base and static library, managed, comprises the dynamic base of dynamic base manager and some VPN programs and static library manager and the composition of the static library needed for some VPN programs.Corresponding to the VPN booting script that service interface layer is different, the CPU model of this layer for different mobile device and the compiled corresponding VPN program dynamic base of framework, as the dynamic base pptp.so of PPTPVPN, dynamic base l2tp.so of L2TPVPN etc.Static library manager primary responsibility dispatching management key management algorithm, certificate management algorithm and DEA, be mainly the support that different VPN dynamic base provides algorithm interface.
Data storage layer: this layer is by the unified storage of information configuration manager, managing user information file, key certificate file, network profile, running log file etc., user profile file comprises the personal information such as server ip, user name, password connecting VPN, key certificate configuration file then stores the relevant parameter of VPN authentication, network profile is then that the route after being responsible for configuration VPN startup is arranged, and running log file refers to some journal files that VPN program operation process produces.
Claims (2)
1. a safety access system of public WiFi, is characterized in that: comprise mobile device application service, VPN service general framework, WiFi access perceptron and wireless network card;
WiFi accesses perceptron and carries out perception to the fail safe that user accesses WiFi, and for the Wi-Fi hotspot of user's credit, the application of mobile device directly accesses WiFi; For the Wi-Fi hotspot of non-user credit, the VPN service interface that the application of mobile device customizes according to user oneself, calls VPN service general frame module, is encrypted the public WiFi of rear access to the transfer of data of application; VPN service general frame module provides various VPN application interface for user;
Described WiFi accesses perceptron and comprises:
WiFi identification module: this module is monitored in real time to the WiFi of mobile device access, identifies the service set identifier of Wi-Fi hotspot and MAC Address and SSID and MAC is back to WiFi filtering module;
WiFi filtering module: the SSID that cognitive phase obtains by this module and MAC and WiFi white list are compared, alignment algorithm adopts prefix trees technology, realizes the real-time high-efficiency coupling of character string; WiFi white list loads when this module starts, and the Wi-Fi hotspot of trust can be added in white list by user; The match is successful is then directly connected into credit Wi-Fi hotspot for white list, and the working application of mobile device directly can be connected into WiFi; It fails to match then thinks that this Wi-Fi hotspot is not by credit, will start WiFi control module;
WiFi control module: this module starts when mobile device accesses the WiFi of non-white list; According to the VPN file of customization, start corresponding vpn application, mobile device is through VPN secure accessing Wi-Fi hotspot;
And some configuration files.
2. the safety access system of a kind of public WiFi according to claim 1, it is characterized in that: described VPN service general framework comprises: application presentation layer, service interface layer, program control layer and program accumulation layer four layer architecture, for user provides traditional PPTPVPN, L2TPVPN, the communication encryption services of IPSecVPN, OpenVPN and other privately owned VPN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510874872.5A CN105516984A (en) | 2015-07-29 | 2015-12-02 | Safe access system of public WiFi |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510455592 | 2015-07-29 | ||
| CN2015104555920 | 2015-07-29 | ||
| CN201510874872.5A CN105516984A (en) | 2015-07-29 | 2015-12-02 | Safe access system of public WiFi |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105516984A true CN105516984A (en) | 2016-04-20 |
Family
ID=55724549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510874872.5A Pending CN105516984A (en) | 2015-07-29 | 2015-12-02 | Safe access system of public WiFi |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516984A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106028320A (en) * | 2016-07-26 | 2016-10-12 | 深圳市金立通信设备有限公司 | Data security transmission method, terminal and server |
| CN106332317A (en) * | 2016-10-27 | 2017-01-11 | 深圳市信锐网科技术有限公司 | Network management method and device |
| CN106550365A (en) * | 2016-10-27 | 2017-03-29 | 努比亚技术有限公司 | A kind of method and terminal of WIFI network access process |
| CN107070816A (en) * | 2017-03-31 | 2017-08-18 | 北京小米移动软件有限公司 | Recognition methods, device and the mobile terminal of application |
| WO2018010128A1 (en) * | 2016-07-13 | 2018-01-18 | 深圳市沃特沃德股份有限公司 | Method and system for freely switching wireless communication modes of smart wearable device |
| CN107948121A (en) * | 2016-10-12 | 2018-04-20 | 深圳市百米生活股份有限公司 | One kind is based on the encrypted Internet Security method and system of WiFi |
| CN108650265A (en) * | 2018-05-11 | 2018-10-12 | 广州优视网络科技有限公司 | Method for down loading and its device, storage medium, the electric terminal of file |
| WO2018205444A1 (en) * | 2017-05-06 | 2018-11-15 | 深圳市前海安测信息技术有限公司 | Dynamically encrypted medical data transmission system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065125A (en) * | 2010-11-18 | 2011-05-18 | 广州致远电子有限公司 | Method for realizing embedded secure socket layer virtual private network (SSL VPN) |
| CN104205945A (en) * | 2012-03-19 | 2014-12-10 | 英派尔科技开发有限公司 | Schemes for providing wireless communication |
| CN104580152A (en) * | 2014-12-03 | 2015-04-29 | 中国科学院信息工程研究所 | Protection method and system against wifi (wireless fidelity) phishing |
-
2015
- 2015-12-02 CN CN201510874872.5A patent/CN105516984A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065125A (en) * | 2010-11-18 | 2011-05-18 | 广州致远电子有限公司 | Method for realizing embedded secure socket layer virtual private network (SSL VPN) |
| CN104205945A (en) * | 2012-03-19 | 2014-12-10 | 英派尔科技开发有限公司 | Schemes for providing wireless communication |
| CN104580152A (en) * | 2014-12-03 | 2015-04-29 | 中国科学院信息工程研究所 | Protection method and system against wifi (wireless fidelity) phishing |
Non-Patent Citations (1)
| Title |
|---|
| ALEXANDER V. USKOV: ""Information Security of Mobile VPN:Conceptual Models and Design Methodology"", 《2012 IEEE INTERNATIONAL CONFERENCE ON ELECTRO/INFORMATION TECHNOLOGY》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018010128A1 (en) * | 2016-07-13 | 2018-01-18 | 深圳市沃特沃德股份有限公司 | Method and system for freely switching wireless communication modes of smart wearable device |
| CN106028320A (en) * | 2016-07-26 | 2016-10-12 | 深圳市金立通信设备有限公司 | Data security transmission method, terminal and server |
| CN107948121A (en) * | 2016-10-12 | 2018-04-20 | 深圳市百米生活股份有限公司 | One kind is based on the encrypted Internet Security method and system of WiFi |
| CN106332317A (en) * | 2016-10-27 | 2017-01-11 | 深圳市信锐网科技术有限公司 | Network management method and device |
| CN106550365A (en) * | 2016-10-27 | 2017-03-29 | 努比亚技术有限公司 | A kind of method and terminal of WIFI network access process |
| CN106550365B (en) * | 2016-10-27 | 2020-04-17 | 深圳市微网力合信息技术有限公司 | WIFI network access processing method and terminal |
| CN107070816A (en) * | 2017-03-31 | 2017-08-18 | 北京小米移动软件有限公司 | Recognition methods, device and the mobile terminal of application |
| CN107070816B (en) * | 2017-03-31 | 2020-07-03 | 北京小米移动软件有限公司 | Application identification method and device and mobile terminal |
| WO2018205444A1 (en) * | 2017-05-06 | 2018-11-15 | 深圳市前海安测信息技术有限公司 | Dynamically encrypted medical data transmission system and method |
| CN108650265A (en) * | 2018-05-11 | 2018-10-12 | 广州优视网络科技有限公司 | Method for down loading and its device, storage medium, the electric terminal of file |
| CN108650265B (en) * | 2018-05-11 | 2021-08-20 | 阿里巴巴(中国)有限公司 | File downloading method and device, storage medium and electronic terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516984A (en) | Safe access system of public WiFi | |
| CN107005442B (en) | Method and apparatus for remote access | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| CN104980412B (en) | A kind of applications client, server-side and corresponding portal authentication method | |
| US9240977B2 (en) | Techniques for protecting mobile applications | |
| US9769172B2 (en) | Method of accessing a network securely from a personal device, a personal device, a network server and an access point | |
| CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
| CN107071867B (en) | Wireless network access method, Wifi access point and terminal | |
| US11812261B2 (en) | System and method for providing a secure VLAN within a wireless network | |
| CN104113934A (en) | Router accessing method for communication equipment and accessing system | |
| CN104769909A (en) | Internetwork authentication | |
| CN105100095A (en) | Secure interaction method and apparatus for mobile terminal application program | |
| WO2017219748A1 (en) | Method and device for access permission determination and page access | |
| CN101986598A (en) | Authentication method, server and system | |
| CN105898747A (en) | Wireless network security authentication method and device and wireless network access method and device | |
| US20210243188A1 (en) | Methods and apparatus for authenticating devices | |
| CN104767621A (en) | Single-point security certification method for having access to enterprise data through mobile application | |
| CN104618360B (en) | Bypass authentication method and system based on 802.1X agreement | |
| US11336621B2 (en) | WiFiwall | |
| CN106954212A (en) | A kind of portal authentication method and system | |
| CN104753851B (en) | A kind of method and device accessing network | |
| CN105101210A (en) | Wireless security based client automatic connection protecting method and system | |
| CN102137044A (en) | Method and system for safely interacting group information based on community platform | |
| CN106878989B (en) | Access control method and device | |
| Fuster et al. | Analysis of security and privacy issues in wearables for minors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160420 |