CN105871777A - Wireless router access processing method, wireless router access method and device - Google Patents

Wireless router access processing method, wireless router access method and device Download PDF

Info

Publication number
CN105871777A
CN105871777A CN201510028076.XA CN201510028076A CN105871777A CN 105871777 A CN105871777 A CN 105871777A CN 201510028076 A CN201510028076 A CN 201510028076A CN 105871777 A CN105871777 A CN 105871777A
Authority
CN
China
Prior art keywords
wireless router
terminal
passage
information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510028076.XA
Other languages
Chinese (zh)
Inventor
温海龙
张大吴
李建锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510028076.XA priority Critical patent/CN105871777A/en
Priority to PCT/CN2015/080919 priority patent/WO2016115807A1/en
Publication of CN105871777A publication Critical patent/CN105871777A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Abstract

The invention provides a wireless router access processing method, a wireless router access method and a device. The wireless router access processing method comprises steps: user identity information of a terminal user sent by a terminal via a first channel is received, wherein the user identity information is used for uniquely identifying the terminal user; according to the user identity information, identity authentication is carried out on the terminal user; after the authentication is passed, connection parameters needed by a second channel used when the terminal is accessed to the wireless router are sent to the terminal via the first channel. When the above technical scheme provided by the invention is adopted, the conflict between complexity and usability of a WIFI password in related technology is solved, a mode of using user identity information such as a fingerprint, a voiceprint or a human face for authentication and automatic and safe wireless router access can be realized, safe and high-efficiency user Internet access transmission can be ensured while identity authentication is ensured to be safe and reliable, and the user experience is improved.

Description

Access process, cut-in method and the device of wireless router
Technical field
The present invention relates to the communications field, in particular to access process, cut-in method and the dress of a kind of wireless router Put.
Background technology
WIFI because of support hotspot cover, transfer rate is high and cheap and obtains fast development and is widely used, Current almost all of smart mobile phone, panel computer and router, all with WIFI function, use mobile phone or electricity at home Nicergoline is crossed wireless router and is carried out having surfed the Net a part for people's daily life.But WIFI is bringing to us It is likely to bring risk and problem, if the WIFI cipher mode of such as router and password are arranged simply the most simultaneously Network then may be caused to be cracked and usurp, and even user profile is compromised;And if cipher mode and password arrange the most multiple Miscellaneous user is caused again to be difficult to remember.
For in correlation technique, the complexity of WIFI password and the contradiction of ease for use, effective solution is not yet proposed.
Summary of the invention
In order to solve above-mentioned technical problem, the invention provides access process, cut-in method and the dress of a kind of wireless router Put.
According to an aspect of the invention, it is provided the access processing method of a kind of wireless router, including: by first The subscriber identity information of the terminal use that channel reception terminal sends, wherein, described subscriber identity information is for unique mark Described terminal use;According to described subscriber identity information, described terminal use is carried out authentication;After certification is passed through, By described first passage, the Connecting quantity that the second channel that described terminal access wireless router is used needs is sent To described terminal.
Preferably, before receiving, by described first passage, the subscriber identity information that terminal sends, also include: by described The identity characteristic information of described wireless router is issued to described terminal, wherein, described identity characteristic information by first passage For judging the legitimacy of described wireless router.
Preferably, described identity characteristic information is issued to described terminal, including: described identity characteristic information is added Close;Described identity characteristic information after encryption is issued to described terminal.
Preferably, described identity characteristic information is encrypted, including: use at least two to body described in asymmetric double secret key Part characteristic information is encrypted, and wherein, described at least two is root key to the one pair of which of asymmetric key, and described At least two in asymmetric key, and other double secret key in addition to described root key are random key pair, described random key pair PKI all carry described identity characteristic information.
Preferably, described identity characteristic information is generated in the following manner: determine that described random key centering PKI is corresponding Digest value;According to appointment order by following message linkage formation tandem data: described digest value, the matchmaker of described first passage Body Access Control (Media Access Control, referred to as MAC) address, the service set of described first passage (the part or all of character of Service Set Identifier, referred to as SSID;Use the private key of described root key to described Tandem data is encrypted and obtains described identity characteristic information.
Preferably, described method also includes: according to the AES consulted in advance and/or communication key to described first The communication data of passage is encrypted.
Preferably, described subscriber identity information includes at least one of: the finger print information of user, the voiceprint of user, The facial feature information of user.
Preferably, described Connecting quantity includes at least one of: the SSID name of described second channel, described wireless The password that the cipher mode that router is used, described wireless router are used.
According to another aspect of the present invention, additionally provide the cut-in method of a kind of wireless router, including: by first The subscriber identity information of terminal use is reported to wireless router by passage, and wherein, described subscriber identity information is for unique Identify described terminal use;After described subscriber identity information certification is passed through by described wireless router, by described first What wireless router described in channel reception sent sets up the Connecting quantity required for the terminal described wireless router of access;Pass through Described wireless router is accessed according to the second channel that described Connecting quantity is set up.
Preferably, before described subscriber identity information being reported to wireless router by first passage, also include: receive The identity characteristic information that described wireless router is issued by described first passage;Institute is judged according to described identity characteristic information State wireless router the most legal.
According to another aspect of the present invention, additionally provide the access processing means of a kind of wireless router, be applied to wireless Router, including: receiver module, for being received the subscriber identity information of the terminal use that terminal sends by first passage, Wherein, described subscriber identity information identifies described terminal use for unique;Authentication module, for according to described user's body Part information carries out authentication to described terminal use;Sending module, for after certification is passed through, leads to by described first The Connecting quantity that the second channel that described terminal access wireless router is used needs is sent to described terminal by road.
Preferably, described device also includes: issue module, is used for described wireless router by described first passage Identity characteristic information is issued to described terminal, and wherein, described identity characteristic information is for judging the conjunction of described wireless router Method.
According to another aspect of the present invention, additionally provide the access device of a kind of wireless router, be applied to terminal, bag Include: reporting module, for the subscriber identity information of terminal use being reported to wireless router by first passage, wherein, Described subscriber identity information identifies described terminal use for unique;Receiver module, is used at described wireless router institute State after subscriber identity information certification passes through, receive, by described first passage, the terminal of setting up that described wireless router sends and connect Enter the Connecting quantity required for described wireless router;AM access module, for the by setting up according to described Connecting quantity Two passages access described wireless router.
By the present invention, the subscriber identity information according to first passage reception user is used to come the end accessing wireless router End is authenticated, and accesses the technological means of wireless router according to second channel, solves in correlation technique, WIFI The complexity of password and the contradiction of ease for use, it is achieved that the subscriber identity informations such as a kind of use fingerprint, vocal print or face are carried out Certification and automatic safe access wireless router mode, while guaranteeing that authenticating user identification is safe and reliable, in turn, ensure that User Internet accesses safe and efficient, also improves Consumer's Experience simultaneously.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, the present invention Schematic description and description be used for explaining the present invention, be not intended that inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the access processing method of wireless router according to embodiments of the present invention;
Fig. 2 is the structured flowchart of the access processing means of the wireless router according to the embodiment of the present invention;
Fig. 3 is another structured flowchart of the access processing means of the wireless router according to the embodiment of the present invention;
Fig. 4 is the flow chart of the cut-in method of wireless router according to embodiments of the present invention;
Fig. 5 is the structured flowchart of the access device of the wireless router according to the embodiment of the present invention;
Fig. 6 is the system structure schematic diagram of the wireless router secure accessing according to the preferred embodiment of the present invention;
Fig. 7 be the wireless router secure accessing according to the preferred embodiment of the present invention realize schematic flow sheet;
Fig. 8 is that the client of the preferred embodiment of the present invention carries out line router authentication and encipherment protection mechanism with service end The schematic flow sheet consulted;
Fig. 9 is the identity characteristic letter of the wireless router that the PKI of the random key pair according to the preferred embodiment of the present invention carries The schematic flow sheet that breath generates;
Figure 10 is the flow process signal of the legitimacy of the client validation wireless router identity according to the preferred embodiment of the present invention Figure.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments.It should be noted that in the feelings do not conflicted Under condition, the embodiment in the application and the feature in embodiment can be mutually combined.
Other features and advantages of the present invention will illustrate in the following description, and, partly become from description It is clear that or understand by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Structure specifically noted in book, claims and accompanying drawing realizes and obtains.
In order to make those skilled in the art be more fully understood that the present invention program, attached below in conjunction with in the embodiment of the present invention Figure, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only It is the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, this area is common The every other embodiment that technical staff is obtained under not making creative work premise, all should belong to the present invention and protect The scope protected.
In order to solve above-mentioned technical problem, provide the access processing method of a kind of wireless router in the present embodiment, figure 1 is the flow chart of the access processing method of wireless router according to embodiments of the present invention, as it is shown in figure 1, include following Step:
Step S102, receives the subscriber identity information of the terminal use that terminal sends by first passage, wherein, above-mentioned Subscriber identity information identifies above-mentioned terminal use for unique;
Step S104, carries out authentication according to above-mentioned subscriber identity information to above-mentioned terminal use;
Step S106, after certification is passed through, the above-mentioned terminal access wireless router used by first passage The Connecting quantity that two passages need sends to above-mentioned terminal.
By each step above-mentioned, it is possible to the subscriber identity information receiving unique mark user according to first passage comes access The terminal of wireless router is authenticated, and accesses the technological means of wireless router according to second channel, solves relevant In technology, the complexity of WIFI password and the contradiction of ease for use, it is achieved that a kind of use fingerprint, vocal print or face etc. are used Family identity information is authenticated accessing wireless router mode with automatic safe, is guaranteeing that authenticating user identification is safe and reliable Meanwhile, in turn, ensure that user Internet accesses safe and efficient, also improve Consumer's Experience simultaneously.So that above-mentioned nothing The access procedure of line router is safer, additionally provides techniques below scheme in embodiments of the present invention: performing step Before the technical scheme that S102 is embodied, by above-mentioned first passage by under the identity characteristic information of above-mentioned wireless router Sending to above-mentioned terminal, wherein, above-mentioned identity characteristic information is for judging the legitimacy of above-mentioned wireless router, say, that Before terminal being verified according to subscriber identity information, it is to need the legitimacy of wireless router is detected, And in the related, some illegitimate site can get identity information (such as, vocal print, fingerprint, the user of user Facial feature information), and these identity informations are all user's private informations, once divulge a secret, it is possible to can make client Become huge loss,.Use technique scheme, it is possible to current without circuit before getting subscriber identity information It is monitored by the legitimacy of device, greatly reduces the danger that subscriber identity information is revealed.
Wherein, in order to more increase the confidentiality of the embodiment of the present invention, it is also possible to perform techniques below scheme, to above-mentioned body Part characteristic information is encrypted;Above-mentioned identity characteristic information after encryption is issued to above-mentioned terminal, in the embodiment of the present invention In, above-mentioned identity characteristic information is encrypted and can be achieved through the following technical solutions: uses at least two to asymmetric close Above-mentioned identity characteristic information is encrypted by key, and wherein, above-mentioned at least two is root key to the one pair of which of asymmetric key, And above-mentioned at least two in asymmetric key, other double secret key in addition to above-mentioned root key are random key pair, above-mentioned with The PKI of machine double secret key all carries above-mentioned identity characteristic information.
And for the generating mode of above-mentioned identity characteristic information, the embodiment of the present invention additionally provides techniques below scheme;Determine The digest value that above-mentioned random key centering PKI is corresponding;According to appointment order, following message linkage is formed tandem data: on State the part or all of character of the SSID of digest value, the MAC Address of above-mentioned first passage, above-mentioned first passage;Make With the private key of above-mentioned root key above-mentioned tandem data is encrypted and obtains above-mentioned identity characteristic information.
It should be noted that above-mentioned subscriber identity information includes at least one of: the finger print information of user, the sound of user Stricture of vagina information, the facial feature information of user;Above-mentioned Connecting quantity includes at least one of: the SSID name of second channel Claim, password that the cipher mode that used of wireless router, wireless router are used.
In sum, the technique scheme that the embodiment of the present invention provides can be with summary: provides for user terminal and recognizes Card and network (Internet) access service, use certification passage and client complete alternately encipherment protection mechanism consult, Start certification channel encryption defencive function and carry out user terminal identity certification, in certification by afterwards by Internet passage The Connecting quantity such as service set SSID, cipher mode and password be sent to client, and by the MAC of user terminal Address joins in the white list of wireless router, to allow this user terminal to carry out Internet by Internet passage Access.
Additionally provide the access processing means of a kind of wireless router in the present embodiment, be applied to wireless router, be used for Realize above-described embodiment and preferred implementation, carried out repeating no more of explanation, and related in this device below Module illustrate.As used below, term " module " can realize software and/or the hardware of predetermined function Combination.Although the device described by following example preferably realizes with software, but hardware, or software is with hard The realization of the combination of part also may and be contemplated.Fig. 2 be according to the access of the wireless router of the embodiment of the present invention at The structured flowchart of reason device.As in figure 2 it is shown, this device includes:
Receiver module 20, for being received the subscriber identity information of the terminal use that terminal sends by first passage, wherein, Above-mentioned subscriber identity information identifies above-mentioned terminal use for unique;
Authentication module 22, is connected with receiver module 20, for entering above-mentioned terminal use according to above-mentioned subscriber identity information Row authentication;
Sending module 24, is connected with authentication module 22, for after certification is passed through, by above-mentioned first passage by above-mentioned Terminal accesses the Connecting quantity of the second channel needs that wireless router is used and sends to above-mentioned terminal.
Comprehensive function by above-mentioned modules, it is possible to the user identity being received unique mark user by first passage is believed Cease the terminal to accessing wireless router to be authenticated, and access the technological means of wireless router according to second channel, Solve in correlation technique, the complexity of WIFI password and the contradiction of ease for use, it is achieved that a kind of use fingerprint, vocal print Or the subscriber identity information such as face is authenticated and automatic safe accesses wireless router mode, is guaranteeing authenticating user identification While safe and reliable, in turn, ensure that user Internet accesses safe and efficient, also improve Consumer's Experience simultaneously.
Fig. 3 is another structured flowchart of the access processing means of the wireless router according to the embodiment of the present invention, such as Fig. 3 institute Showing, said apparatus also includes: issue module 24, is connected with receiver module 20, and being used for will by pre-above-mentioned first passage The identity characteristic information of above-mentioned wireless router is issued to above-mentioned terminal, and wherein, above-mentioned identity characteristic information is for judging State the legitimacy of wireless router.
In order to improve technique scheme, providing the cut-in method of a kind of wireless router in the present embodiment, Fig. 4 is The flow chart of the cut-in method of wireless router according to embodiments of the present invention, as shown in Figure 4, comprises the following steps:
Step S402, reports to wireless router by first passage by the subscriber identity information of terminal use, wherein, Above-mentioned subscriber identity information identifies above-mentioned terminal use for unique;
Step S404, after above-mentioned subscriber identity information certification is passed through by above-mentioned wireless router, is connect by first passage The terminal of setting up receiving the transmission of above-mentioned wireless router accesses the Connecting quantity required for above-mentioned wireless router;
Step S406, accesses above-mentioned wireless router by the second channel set up according to above-mentioned Connecting quantity.
By each step above-mentioned, by first passage, the subscriber identity information being used for uniquely marking user is reported, upper State after above-mentioned subscriber identity information certification passed through by wireless router, it becomes possible to by setting up according to the Connecting quantity received Second channel access above-mentioned wireless router, use such technical scheme, solve in correlation technique, WIFI is close The complexity of code and the contradiction of ease for use, it is achieved that the subscriber identity informations such as a kind of use fingerprint, vocal print or face are recognized Card and automatic safe access wireless router mode, while guaranteeing that authenticating user identification is safe and reliable, in turn, ensure that use Family Internet accesses safe and efficient, also improves Consumer's Experience simultaneously.
In an example of the embodiment of the present invention, before performing the technical scheme that step S402 is embodied, it is also possible to Perform techniques below scheme: receive the identity characteristic information that above-mentioned wireless router is issued by first passage;According to above-mentioned Identity characteristic information judges that above-mentioned wireless router is the most legal.
In sum, the technique scheme that the embodiment of the present invention provides can be summarized as subscriber identity information typing or collection, Setting up the certification passage (i.e. first passage) of wireless router, then the service end with wireless router is led to by certification It is mutual that road carries out information, completes wireless router authentication and encipherment protection mechanism is consulted, then start certification channel encryption Defencive function, then the identity information of user is sent to wireless router carries out authenticating user identification, the most again The Connecting quantity using the Internet passage of wireless router return sets up the user terminal Internet to wireless router Access path (i.e. second channel).
It is to say, the technical scheme that the embodiment of the present invention is provided, by a kind of dual pathways mechanism: by certification passage Realize processes such as user identity or wireless router are authenticated, and realize terminal by second channel and access without circuit By device, in embodiments of the present invention, second channel preferred Internet access path, terminal passes through Internet access path Access wireless router, it is possible to the access process realizing wireless router rapidly and efficiently, be greatly improved the Experience Degree of user.
In order to be better understood from the access procedure of above-mentioned wireless router, below in conjunction with an example from client with without circuit It is briefly described by device side:
It should be noted that in embodiments of the present invention, wireless router provides two service set SSID to access clothes Business, one of them SSID is certification passage (being equivalent to the first passage of above-described embodiment), for providing for user terminal Identity authentication service;Another SSID is Internet passage (being equivalent to the second channel of above-described embodiment), be used for be User terminal provides Internet to access service, and client carries out subscriber identity information typing or collection, subscriber identity information May refer to the types such as stricture of vagina, vocal print or face.
Step 1) client uses the pre-configured Connecting quantity of certification passage to connect wireless router;
Step 2) client communicated by certification passage with service end, use at least two to or multipair asymmetric key Carry out wireless router authentication and encipherment protection mechanism to consult, then use the AES consulted with communicate close Key starts certification channel encryption defencive function, and to subsequent client and service end, the communication data on certification passage adds Close;
It practice, in specific implementation process, all communication datas in authenticated channel can be according to consulting in advance AES and/or communication key be encrypted, i.e. for certification passage realize to user identity or wireless router Verification process, the embodiment of the present invention in above-mentioned certification passage communication data perform cryptographic means, it is ensured that certification lead to The safety of data on road, simultaneously, it is to avoid the wind that in subsequent process, the Connecting quantity of Internet access path is stolen Danger, fundamentally improves terminal and accesses the safety of wireless router.
It should be noted that two couple being used above or multipair asymmetric key, one pair of which is root key, remaining close Key is to for random key, and the PKI of all random keys pair all carries the identity characteristic information of wireless router, in order to visitor The legitimacy of family end checking wireless router identity, random key is to for certification channel encryption parameter negotiation.Root key pair Pact be saved in client, the private key of root key pair is then preserved by wireless router manufacturer secret, forbids outward leakage; The pact of random key preserves in the router, and service end can be sent to user side by clear-text way, but random key Private key then necessary encrypting storing in the router, is forbidden outward leakage.
It is alternatively possible to the identity characteristic letter of the wireless router that the PKI of generation random key pair carries in the following manner Breath:
First, calculate the digest value of PKI of random key pair, calculate the algorithm of summary can be MD5 or SHA-1 or Other algorithms, then by MAC Address and the SSID name of certification passage of this summary and wireless router certification passage Part or all of character string be linked togather, then use root key pair private key to these connect after data be encrypted, The ciphertext that encryption obtains is exactly the identity characteristic information of wireless router.
In an optional example of the embodiment of the present invention, client validation wireless router can be realized by below scheme The legitimacy of identity:
Client receives the PKI of the random key pair that service end sends over and the wireless router identity spy of correspondence thereof After reference breath, the digest algorithm identical with identity characteristic information generation method is first used to calculate the PKI of this random key pair Digest value X1, this identity characteristic information is decrypted by the PKI of root key pair then using client this locality to preserve, Therefrom summary, MAC Address and SSID name are decrypted, the most again by the summary decrypted, MAC Address With SSID and the summary of local computing, the MAC Address of current authentication passage and the part or all of character of SSID name Comparing, if consistent, this wireless router is legal, is otherwise illegal.
Step 3) identity information data of user is sent to wireless router, wireless routing by certification passage by client Device carries out contrasting certification according to the identity database that this locality preserves, if certification success, by the SSID of Internet passage The Connecting quantity such as title, cipher mode and password issue client, and join wireless by the MAC Address of user terminal In the white list of router, to allow this user terminal to carry out Internet access by Internet passage;If certification is not Success, then return failure;
Step 4) the wireless authentication result returned by device in client detection road, if certification success, the most first disconnect and route The certification passage of device connects, and then uses the Connecting quantity of the Internet passage of router return to set up user terminal to road Being connected by the Internet passage of device, now the user terminal at client place can carry out Internet access by this connection; If authentification failure, then point out user to re-type identity information and carry out retrying or directly disconnecting the certification passage with router Connect.
Use the technique scheme that the embodiment of the present invention provides, by using double SSID passage to access, unique wireless The technology such as router identification checking, encipherment protection negotiation mechanism and authenticating user identification, are possible to prevent subscriber identity information quilt Steal, user data reveals and network is rubbed and uses, it addition, user need not memorize mechanically the WIFI cryptographic parameter of complexity again, After selected specific wireless router, only just need to can realize use by modes such as simple touch/acoustic controls/take pictures and refer to The subscriber identity informations such as stricture of vagina, vocal print or face are authenticated accessing wireless router with automatic safe.
Additionally provide the access device of a kind of wireless router in the present embodiment, be applied to terminal, be used for realizing above-mentioned reality Execute example and preferred implementation, carried out repeating no more of explanation, and below the module related in this device had been carried out Explanation.As used below, term " module " can realize the software of predetermined function and/or the combination of hardware.To the greatest extent Device described by pipe following example preferably realizes with software, but hardware, or the combination of software and hardware Realize also may and being contemplated.Fig. 5 is the structural frames of the access device of the wireless router according to the embodiment of the present invention Figure.As it is shown in figure 5, this device includes:
Reporting module 50, for the subscriber identity information of terminal use being reported to wireless router by first passage, its In, above-mentioned subscriber identity information identifies above-mentioned terminal use for unique;
Receiver module 52, is connected with reporting module 50, for recognizing above-mentioned subscriber identity information at above-mentioned wireless router Card is by rear, and the terminal of setting up being received the transmission of above-mentioned wireless router by above-mentioned first passage accesses above-mentioned wireless router Required Connecting quantity;
AM access module 54, is connected with receiver module 52, for being connect by the second channel set up according to above-mentioned Connecting quantity Enter above-mentioned wireless router.
By the comprehensive function of above-mentioned modules, the subscriber identity information being used for uniquely marking user is reported, above-mentioned After above-mentioned subscriber identity information certification is passed through by wireless router, it becomes possible to by set up according to the Connecting quantity received Network channel accesses above-mentioned wireless router, uses such technical scheme, solves in correlation technique, WIFI password The contradiction of complexity and ease for use, it is achieved that a kind of use the subscriber identity informations such as fingerprint, vocal print or face to be authenticated Access wireless router mode with automatic safe, while guaranteeing that authenticating user identification is safe and reliable, in turn, ensure that user Internet accesses safe and efficient, also improves Consumer's Experience simultaneously.
In order to be better understood from above-mentioned client and wireless router workflow in the access procedure of wireless router, Illustrate below in conjunction with preferred embodiment:
Fig. 6 is the system structure schematic diagram of the wireless router secure accessing according to the preferred embodiment of the present invention, this system bag Include: run on the client 60 of user terminal and run on the service end 62 of wireless router.
Client 60, is responsible for subscriber identity information typing or collection, sets up the certification passage of wireless router, then Carry out information alternately with the service end of wireless router by certification passage, complete wireless router authentication and add password protection Protection mechanism is consulted, and then starts certification channel encryption defencive function, then the identity information of user is sent to wireless router Carrying out authenticating user identification, the Connecting quantity re-using the Internet passage that wireless router returns after the authentication has been successful is built Vertical user terminal is to the Internet access path of wireless router;
Server end 62, is responsible for user terminal and provides certification and Internet access service, use certification passage and client End completes encipherment protection mechanism alternately and consults, start certification channel encryption defencive function and carry out user terminal identity certification, In certification by afterwards the Connecting quantity such as SSID, cipher mode and the password of Internet passage being sent to client, And the MAC Address of user terminal is joined in the white list of wireless router, to allow this user terminal to pass through Internet passage carries out Internet access.
Fig. 7 be the wireless router secure accessing according to the preferred embodiment of the present invention realize schematic flow sheet, idiographic flow Including:
Step S702: starting double SSID after wireless router start and access channel service and service end, a SSID is User terminal provides identity authentication service, and another SSID provides Internet to access service for user terminal;
Step S704: client carries out subscriber identity information typing or collection, subscriber identity information may refer to stricture of vagina, vocal print or The types such as face;
Step S706: the Connecting quantity that client uses certification passage pre-configured connects wireless router;
Step S708: it is mutual that client and the service end of wireless router carry out information by certification passage, completes without circuit Consulted by device authentication and encipherment protection mechanism, then start certification channel encryption defencive function;
Step S710: the identity information data of user is sent to wireless router service end by certification passage by client, Service end carries out contrasting certification according to the identity database that this locality preserves, if certification success, by Internet passage SSID name/Connecting quantity such as cipher mode and password issues client, and is joined by the MAC Address of user terminal In the white list of wireless router, to allow this user terminal to carry out Internet access by Internet passage;If recognized Demonstrate,prove unsuccessful, then return failure;
Step S712: client checks the authentication result that service end returns, if certification success, the most first disconnects and route The certification passage of device connects, and then uses the Connecting quantity of the Internet passage of service end return to set up user terminal to road Connected by the Internet passage of device;If authentification failure, then prompting user re-type identity information carry out retrying or Directly disconnect and being connected with the certification passage of router.
Fig. 8 is that the client of the preferred embodiment of the present invention carries out line router authentication and encipherment protection machine with service end The schematic flow sheet that system is consulted.Idiographic flow includes:
Step S802: send handshake request, the AES that the inside is supported with oneself to service end;
Step S804: service end selects a kind of secure cryptographic algorithm oneself supported from handshake request message, simultaneously from Locally select a random key K1 is consulted for encryption mechanism;
Step S806: by PKI to K1 of selected AES and random key and the wireless router body of correspondence thereof Part characteristic information is sent to client;
Step S808: client carries out the legitimate verification of wireless router identity, if legal, performs step S812, Otherwise perform step S810,
Step S810: this router identification is trustless, terminates encipherment protection mechanism and consults flow process.
Step S812: this wireless router identity is believable, generates a communication key;
Step S814: use random key that by the encryption of this communication key, the PKI of K1 is sent to service end;
Step S816: service end uses this random key to decrypt the private key of K1 by the communication key encrypted;
Step S818: client starts certification channel encryption protection mechanism with service end, uses the encryption just now consulted to calculate The communication data on certification passage is encrypted to subsequent client and service end for method and communication key.
Fig. 9 is the identity characteristic of the wireless router that the PKI of the random key pair according to the preferred embodiment of the present invention carries The schematic flow sheet that information generates.Idiographic flow includes:
Step S902: calculate the digest value of PKI of random key pair, calculate the algorithm of summary can be MD5 or SHA-1 or other algorithms;
Step S904: by MAC Address and the SSID name of certification passage of this summary and wireless router certification passage Part or all of character string be linked togather;
Step S906: the data after using the private key of root key pair these to be connected are encrypted, the ciphertext that encryption obtains It it is exactly the identity characteristic information of wireless router.
Figure 10 is the flow process signal of the legitimacy of the client validation wireless router identity according to the preferred embodiment of the present invention Figure, idiographic flow includes:
Step S1002: client receive the PKI of the random key pair that service end sends over and correspondence thereof without circuit By device identity characteristic information;
Step S1004: use the digest algorithm identical with identity characteristic information generation method to calculate this random key pair The summary X1 of PKI;
Step S1006: use the PKI of the root key pair of client this locality preservation that this identity characteristic information is decrypted, Therefrom summary, MAC Address and SSID name are decrypted;
Step S1008: by the digest value X1 of the summary decrypted, MAC Address and SSID and local computing, when The MAC Address of front certification passage and the part or all of character of SSID name compare, if consistent, this is wireless Router is legal, is otherwise illegal.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to be Unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated list Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
In sum, the embodiment of the present invention has reached techniques below effect: solve in correlation technique, WIFI password The contradiction of complexity and ease for use, it is achieved that a kind of use the subscriber identity informations such as fingerprint, vocal print or face to be authenticated and Automatic safe accesses wireless router mode, while guaranteeing that authenticating user identification is safe and reliable, in turn, ensures that user Internet accesses safe and efficient, also improves Consumer's Experience simultaneously.
In another embodiment, additionally providing a kind of software, this software is used for performing above-described embodiment and being preferable to carry out Technical scheme described in mode.
In another embodiment, additionally providing a kind of storage medium, in this storage medium, storage has above-mentioned software, should Storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc..
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second " Etc. being for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that so use Object can exchange in the appropriate case, in order to embodiments of the invention described herein can be with except here illustrating Or the order enforcement beyond those described.Additionally, term " includes " and " having " and their any deformation, it is intended that Be to cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product or Equipment is not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for these Other step that process, method, product or equipment are intrinsic or unit.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general Calculating device to realize, they can concentrate on single calculating device, or be distributed in multiple calculating device and formed Network on, alternatively, they can realize, it is thus possible to by them with calculating the executable program code of device Storage is performed by calculating device in the storage device, and in some cases, can hold with the order being different from herein Step shown or described by row, or they are fabricated to respectively each integrated circuit modules, or by many in them Individual module or step are fabricated to single integrated circuit module and realize.So, the present invention is not restricted to any specific hardware Combine with software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the technology of this area For personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made is any Amendment, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (13)

1. the access processing method of a wireless router, it is characterised in that including:
The subscriber identity information of the terminal use that terminal sends, wherein, described user identity is received by first passage Information identifies described terminal use for unique;
According to described subscriber identity information, described terminal use is carried out authentication;
After certification is passed through, second led to what described terminal access wireless router was used by described first passage The Connecting quantity that road needs sends to described terminal.
Method the most according to claim 1, it is characterised in that receive the terminal that terminal sends by described first passage Before the subscriber identity information of user, also include:
By described first passage the identity characteristic information of described wireless router is issued to described terminal, wherein, Described identity characteristic information is for judging the legitimacy of described wireless router.
Method the most according to claim 2, it is characterised in that described identity characteristic information is issued to described terminal, Including:
Described identity characteristic information is encrypted;
Described identity characteristic information after encryption is issued to described terminal.
Method the most according to claim 3, it is characterised in that described identity characteristic information is encrypted, including:
Using at least two to be encrypted identity characteristic information described in asymmetric double secret key, wherein, described at least two is right The one pair of which of asymmetric key is root key, and described at least two in asymmetric key, except described root key Other outer double secret key are random key pair, and the PKI of described random key pair all carries described identity characteristic information.
Method the most according to claim 4, it is characterised in that generate described identity characteristic information in the following manner:
Determine the digest value that described random key centering PKI is corresponding;
According to appointment order by following message linkage formation tandem data: described digest value, the matchmaker of described first passage Body access control MAC address, the part or all of character of service set SSID of described first passage;
Described tandem data is encrypted and obtains described identity characteristic information by the private key using described root key.
Method the most according to claim 1, it is characterised in that described method also includes:
According to the AES consulted in advance and/or communication key, the communication data of described first passage is added Close.
7. according to the method described in any one of claim 1 to 6, it is characterised in that described subscriber identity information includes following At least one: the finger print information of user, the voiceprint of user, the facial feature information of user.
8. according to the method described in any one of claim 1 to 6, it is characterised in that described Connecting quantity include following at least One of: cipher mode that the SSID name of described second channel, described wireless router are used, described without circuit The password used by device.
9. the cut-in method of a wireless router, it is characterised in that including:
By first passage, the subscriber identity information of terminal use is reported to wireless router, wherein, described user Identity information identifies described terminal use for unique;
After described subscriber identity information certification is passed through by described wireless router, receive institute by described first passage The terminal of setting up stating wireless router transmission accesses the Connecting quantity required for described wireless router;
Described wireless router is accessed by the second channel set up according to described Connecting quantity.
Method the most according to claim 9, it is characterised in that described subscriber identity information is reported by first passage Before wireless router, also include:
Receive the identity characteristic information that described wireless router is issued by described first passage;
Judge that described wireless router is the most legal according to described identity characteristic information.
The access processing means of 11. 1 kinds of wireless routers, is applied to wireless router, it is characterised in that including:
Receiver module, for being received the subscriber identity information of the terminal use that terminal sends by first passage, wherein, Described subscriber identity information identifies described terminal use for unique;
Authentication module, for carrying out authentication according to described subscriber identity information to described terminal use;
Sending module, for after certification is passed through, accesses wireless router by described first passage by described terminal The Connecting quantity that the second channel used needs sends to described terminal.
12. devices according to claim 11, it is characterised in that described device also includes:
Issue module, for the identity characteristic information of described wireless router being issued to institute by described first passage Stating terminal, wherein, described identity characteristic information is for judging the legitimacy of described wireless router.
The access device of 13. 1 kinds of wireless routers, is applied to terminal, it is characterised in that including:
Reporting module, for the subscriber identity information of terminal use being reported to wireless router by first passage, Wherein, described subscriber identity information identifies described terminal use for unique;
Receiver module, for after described subscriber identity information certification is passed through by described wireless router, by described First passage receives the terminal of setting up of described wireless router transmission and accesses the connection required for described wireless router Parameter;
AM access module, accesses described wireless router for the second channel by setting up according to described Connecting quantity.
CN201510028076.XA 2015-01-20 2015-01-20 Wireless router access processing method, wireless router access method and device Pending CN105871777A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510028076.XA CN105871777A (en) 2015-01-20 2015-01-20 Wireless router access processing method, wireless router access method and device
PCT/CN2015/080919 WO2016115807A1 (en) 2015-01-20 2015-06-05 Wireless router access processing method and device, and wireless router access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510028076.XA CN105871777A (en) 2015-01-20 2015-01-20 Wireless router access processing method, wireless router access method and device

Publications (1)

Publication Number Publication Date
CN105871777A true CN105871777A (en) 2016-08-17

Family

ID=56416338

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510028076.XA Pending CN105871777A (en) 2015-01-20 2015-01-20 Wireless router access processing method, wireless router access method and device

Country Status (2)

Country Link
CN (1) CN105871777A (en)
WO (1) WO2016115807A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106535190A (en) * 2016-11-24 2017-03-22 北京小米移动软件有限公司 Network connection method and apparatus
CN106792693A (en) * 2016-12-28 2017-05-31 太仓红码软件技术有限公司 A kind of intelligent wireless local area network reservation cut-in method based on voiceprint
CN107172620A (en) * 2017-03-30 2017-09-15 中国移动通信集团江苏有限公司 A kind of wireless local area network (WLAN) verification method and apparatus
CN107196933A (en) * 2017-05-18 2017-09-22 西南大学 A kind of novel finger print certification networked devices and its networking method
CN108347730A (en) * 2017-01-25 2018-07-31 中兴通讯股份有限公司 A kind of wireless communication process method and device
CN108769986A (en) * 2018-06-08 2018-11-06 廊坊新奥燃气设备有限公司 A kind of GPRS remote transmitting gas meters encryption communication method
CN108834137A (en) * 2018-05-17 2018-11-16 四川斐讯信息技术有限公司 A kind of distribution method and system of wireless router
CN108900306A (en) * 2018-07-02 2018-11-27 四川斐讯信息技术有限公司 A kind of production method and system of wireless router digital certificate
CN110858971A (en) * 2018-08-22 2020-03-03 九阳股份有限公司 Intelligent device network distribution method and system
CN111770588A (en) * 2020-07-28 2020-10-13 青岛矽昌通信技术有限公司 Method and system for quickly establishing wireless connection with wireless router
CN111917746A (en) * 2020-07-17 2020-11-10 北京世纪互联宽带数据中心有限公司 Routing protocol access authentication method, device and medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018027853A1 (en) * 2016-08-11 2018-02-15 张焰焰 Method and router for matching wifi password according to fingerprint
CN113556736A (en) * 2021-07-21 2021-10-26 元心信息科技集团有限公司 Access method, server, terminal to be accessed, electronic device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101227467A (en) * 2008-01-08 2008-07-23 中兴通讯股份有限公司 Apparatus and method for managing black list
CN101765181A (en) * 2008-12-25 2010-06-30 上海贝尔阿尔卡特股份有限公司 Method, device and system for controlling mobile site to access through a designated WLAN
CN102625303A (en) * 2011-01-27 2012-08-01 西安龙飞软件有限公司 A method for WFII/3G router access authentication by using fingerprint
CN103369707A (en) * 2012-03-27 2013-10-23 华为终端有限公司 Wireless network connection establishing method and terminal equipment
CN103517383A (en) * 2012-06-18 2014-01-15 华为终端有限公司 A method and a device for the access of a mobile terminal to a household network
CN103916855A (en) * 2014-04-28 2014-07-09 太仓市同维电子有限公司 Method for enabling mobile phone to be connected to WiFi network
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 Wireless MESH network access authentication system and method based on privacy protection
CN104185181A (en) * 2014-08-20 2014-12-03 成都千牛信息技术有限公司 WiFi user access control method based on iptables

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101668290B (en) * 2008-09-04 2013-10-09 华为终端有限公司 Method and device for configuring wireless local area network (WLAN)
CN101621800B (en) * 2009-08-13 2013-01-30 深圳市星谷科技有限公司 Method for exchanging authentication information between wireless terminal and wireless router
CN103873359A (en) * 2012-12-14 2014-06-18 上海斐讯数据通信技术有限公司 Mobile device, wireless router, route configuration method and system
CN103327519A (en) * 2013-07-11 2013-09-25 成都西加云杉科技有限公司 AP (Access Point) and system based AP and AC (AP Controller) architecture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101227467A (en) * 2008-01-08 2008-07-23 中兴通讯股份有限公司 Apparatus and method for managing black list
CN101765181A (en) * 2008-12-25 2010-06-30 上海贝尔阿尔卡特股份有限公司 Method, device and system for controlling mobile site to access through a designated WLAN
CN102625303A (en) * 2011-01-27 2012-08-01 西安龙飞软件有限公司 A method for WFII/3G router access authentication by using fingerprint
CN103369707A (en) * 2012-03-27 2013-10-23 华为终端有限公司 Wireless network connection establishing method and terminal equipment
CN103517383A (en) * 2012-06-18 2014-01-15 华为终端有限公司 A method and a device for the access of a mobile terminal to a household network
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 Wireless MESH network access authentication system and method based on privacy protection
CN103916855A (en) * 2014-04-28 2014-07-09 太仓市同维电子有限公司 Method for enabling mobile phone to be connected to WiFi network
CN104185181A (en) * 2014-08-20 2014-12-03 成都千牛信息技术有限公司 WiFi user access control method based on iptables

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106535190A (en) * 2016-11-24 2017-03-22 北京小米移动软件有限公司 Network connection method and apparatus
CN106792693B (en) * 2016-12-28 2020-10-30 泰州市元和达电子科技有限公司 Intelligent wireless local area network reserved access method based on voiceprint authentication
CN106792693A (en) * 2016-12-28 2017-05-31 太仓红码软件技术有限公司 A kind of intelligent wireless local area network reservation cut-in method based on voiceprint
CN108347730A (en) * 2017-01-25 2018-07-31 中兴通讯股份有限公司 A kind of wireless communication process method and device
WO2018137309A1 (en) * 2017-01-25 2018-08-02 中兴通讯股份有限公司 Wireless communication processing method and device
CN108347730B (en) * 2017-01-25 2022-12-09 中兴通讯股份有限公司 Wireless communication processing method and device
CN107172620A (en) * 2017-03-30 2017-09-15 中国移动通信集团江苏有限公司 A kind of wireless local area network (WLAN) verification method and apparatus
CN107196933A (en) * 2017-05-18 2017-09-22 西南大学 A kind of novel finger print certification networked devices and its networking method
CN108834137A (en) * 2018-05-17 2018-11-16 四川斐讯信息技术有限公司 A kind of distribution method and system of wireless router
CN108769986A (en) * 2018-06-08 2018-11-06 廊坊新奥燃气设备有限公司 A kind of GPRS remote transmitting gas meters encryption communication method
CN108900306A (en) * 2018-07-02 2018-11-27 四川斐讯信息技术有限公司 A kind of production method and system of wireless router digital certificate
CN110858971A (en) * 2018-08-22 2020-03-03 九阳股份有限公司 Intelligent device network distribution method and system
CN111917746A (en) * 2020-07-17 2020-11-10 北京世纪互联宽带数据中心有限公司 Routing protocol access authentication method, device and medium
CN111917746B (en) * 2020-07-17 2022-06-28 北京世纪互联宽带数据中心有限公司 Routing protocol access authentication method, device and medium
CN111770588A (en) * 2020-07-28 2020-10-13 青岛矽昌通信技术有限公司 Method and system for quickly establishing wireless connection with wireless router
CN111770588B (en) * 2020-07-28 2024-04-26 青岛矽昌通信技术有限公司 Method and system for quickly establishing wireless connection with wireless router

Also Published As

Publication number Publication date
WO2016115807A1 (en) 2016-07-28

Similar Documents

Publication Publication Date Title
CN105871777A (en) Wireless router access processing method, wireless router access method and device
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
CN105119939B (en) The cut-in method and device, providing method and device and system of wireless network
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
US7409552B2 (en) Method for securing communications between a terminal and an additional user equipment
US8327143B2 (en) Techniques to provide access point authentication for wireless network
CN107959686B (en) A kind of Internet of Things security certification system and authentication method
US7793102B2 (en) Method for authentication between a portable telecommunication object and a public access terminal
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
KR20070091266A (en) Bootstrapping authentication using distinguished random challenges
CN103415008A (en) Encryption communication method and encryption communication system
KR20120101523A (en) Secure multi-uim authentication and key exchange
CN105792194B (en) Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy
Dewanta et al. A mutual authentication scheme for secure fog computing service handover in vehicular network environment
CN105282179A (en) Family Internet of things security control method based on CPK
CN105635062A (en) Network access equipment verification method and device
CN108809633A (en) A kind of identity authentication method, apparatus and system
CN106790080A (en) Secure communication of network method and apparatus between operation system and electronic certificate system
CN101944216A (en) Two-factor online transaction safety authentication method and system
CN106792994A (en) A kind of dual system termi-nal WIFI shared method and apparatus
CN107070918A (en) A kind of network application login method and system
CN106790078A (en) Safety communicating method and device between a kind of SDK and electronic certificate system
CN107786978B (en) NFC authentication system based on quantum encryption
CN107888376B (en) NFC authentication system based on quantum communication network
WO2006026925A1 (en) A method for setting the authentication key

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160817