CN106714156A - Wireless access point and management platform authentication method and device - Google Patents
Wireless access point and management platform authentication method and device Download PDFInfo
- Publication number
- CN106714156A CN106714156A CN201510410310.5A CN201510410310A CN106714156A CN 106714156 A CN106714156 A CN 106714156A CN 201510410310 A CN201510410310 A CN 201510410310A CN 106714156 A CN106714156 A CN 106714156A
- Authority
- CN
- China
- Prior art keywords
- wap
- key
- key information
- information
- identification number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application, which relates to the wireless network field, provides a wireless access point and management platform authentication method and device. The method comprises: a wireless access point generates a first random challenge word; the wireless access point encrypts an identification number of the wireless access point and the first random challenge word by using a secret key stored by the wireless access point to obtain first secret key information; the wireless access point sends first authentication information to a management platform, wherein the first authentication information includes the identification number of the wireless access point, the first random challenge word and the first key information; the management platform verifies the first authentication information by using a secret key corresponding to the wireless access point to obtain second secret key information; and when the management platform determines that the first secret key information corresponds to the second secret key information, the wireless access point is determined to be legal.
Description
Technical field
The present invention relates to field of wireless, and in particular to what a kind of WAP and management platform were authenticated
Method and apparatus.
Background technology
The scale development of wireless network, the management method of WAP is more and more, especially currently without
The evolution of gauze network, numerous WAP passes through linking Internet to management platform, is set based on access
Standby safety problem, it has to consider the authentication management between WAP and management platform.
In wireless network management, to ensure the security of equipment, WAP is to be registered to management flat
During platform, it is necessary to MAC (Media Access Control, media intervention key-course) address according to equipment
It is general in advance by the MAC of equipment or the sequence number of equipment judges the legitimacy of connection WAP
Address or sequence number are configured on network management platform.
But, in current security fields, MAC Address is rewritten, counterfeit WAP is all to hold
The thing easily realized, only by the identification of MAC Address and sequence number, it is impossible to ensure WAP
Legitimacy, after counterfeit WAP is linked into network management platform, will be from network management platform
Data are got, the safety of user profile will certainly be threatened.
The content of the invention
The method and apparatus that the present invention provides a kind of WAP and management platform authentication, solve access
The problem of the legitimacy verifies of point device and network management platform, for the equipment in network provides safer
It is reliable to access.
In order to realize foregoing invention purpose, the technical scheme that the present invention takes is as follows:
A kind of WAP and management platform method for authenticating, are applied to management platform side, including:
The first authentication information that WAP sends is received, first authentication information includes described wireless
The identification number of access point, the first random challenge word and first key information, the first key information is institute
State WAP using the key of WAP storage to the identification number of the WAP and
The first random challenge word is encrypted acquisition;
First authentication information is verified using key corresponding with the WAP, is obtained
Second key information;
When it is determined that the first key information and second key information to it is corresponding when then judge described wireless
Access point is legal.
Further, also include after the second key information of acquisition:
When it is determined that the first key information and second key information not to it is corresponding when then judge the nothing
Line access point is illegal.
Further, it is described to judge also to include after the WAP is legal:
Generate the second random challenge word;
Using key corresponding with the WAP to the identification number of the WAP and described
Two random challenge words are encrypted, and obtain the 3rd key information;
The second authentication information is sent to the WAP, so that the WAP utilizes the nothing
The key of line access point storage is verified to second authentication information, and second authentication information includes
The identification number of the WAP, the second random challenge word and the 3rd key information.
Further, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Further, first authentication information is carried out using key corresponding with the WAP
Verification includes:
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP
, then utilize shared key corresponding with the WAP to the identification number of the WAP and
The first random challenge word carries out hash operations;
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the
One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value
, then utilize public key corresponding with the WAP to be decrypted the first key information,
Obtain the first decrypted hash value;And using shared key corresponding with the WAP to described wireless
The identification number of access point and the first random challenge word carry out hash operations and obtain the second hashed value.
Further, using key corresponding with the WAP to the mark of the WAP
Number and the second random challenge word be encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed.
Further, it is determined that the first key information it is corresponding with second key information including:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
In order to solve the above technical problems, the present invention also provides a kind of WAP and management platform authentication side
Method, is applied to WAP side, including:
Generate the first random challenge word;
Using the key of WAP storage to the identification number of the WAP and described first
Random challenge word is encrypted, and obtains first key information;
The first authentication information is sent to management platform, so that the management platform is utilized and the wireless access
The corresponding key of point is verified to first authentication information, and first authentication information includes the nothing
The identification number of line access point, the first random challenge word and first key information.
Further, also include after sending the first authentication information to management platform:
The second authentication information that management platform sends is received, second authentication information wirelessly connects including described
The identification number of access point, the second random challenge word and the 3rd key information, the 3rd key information is described
Management platform utilizes identification number and institute of the key corresponding with the WAP to the WAP
State the second random challenge word and be encrypted acquisition;
The key stored using the WAP is verified to second authentication information, obtains the
Four key informations;
When it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge the management
Platform is legal.
Further, also include after the 4th key information of acquisition:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe
Platform is illegal.
Further, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Further, the key for being stored using the WAP is to the identification number of the WAP
With the first random challenge word be encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed.
Further, the key for being stored using the WAP carries out school to second authentication information
Test including:
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP
, then utilize identification number and institute of the shared key of WAP storage to the WAP
Stating the second random challenge word carries out hash operations;
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the
Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value
, then utilize public key corresponding with the management platform to be decrypted the 3rd key information, obtain
Second decrypted hash value;And the shared key of WAP storage is utilized to the WAP
Identification number and the second random challenge word carry out hash operations obtain the 4th hashed value.
Further, it is determined that the 3rd key information it is corresponding with the 4th key information including:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
In order to solve the above technical problems, the present invention also provides a kind of WAP and management platform authentication side
Method, including:
WAP generates the first random challenge word;
The WAP utilizes the key of WAP storage to the mark of the WAP
Knowledge number and the first random challenge word are encrypted, and obtain first key information;
The WAP sends the first authentication information to management platform, and first authentication information includes
The identification number of the WAP, the first random challenge word and first key information;
The management platform is entered using key corresponding with the WAP to first authentication information
Row verification, obtains the second key information;
When the management platform determine the first key information and second key information to it is corresponding when then
Judge that the WAP is legal.
Further, methods described also includes:
When the management platform determine the first key information and second key information not to it is corresponding when
Then judge that the WAP is illegal.
Further, it is described to judge also to include after the WAP is legal:
The management platform generates the second random challenge word;
The management platform is using key corresponding with the WAP to the mark of the WAP
Knowledge number and the second random challenge word are encrypted, and obtain the 3rd key information;
The management platform sends the second authentication information to the WAP;Second authentication information
Identification number including the WAP, the second random challenge word and the 3rd key information;
The WAP is entered using the key that the WAP is stored to second authentication information
Row verification, obtains the 4th key information;
When the WAP determine the 3rd key information and the 4th key information to it is corresponding when
Then judge that the management platform is legal.
Further, when the WAP determines that the 3rd key information is believed with the 4th key
Then judge that the management platform is illegal when breath is not to correspondence.
Further, the WAP utilizes the key of WAP storage to described wireless
The identification number of access point and the first random challenge word be encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed.
Further, the management platform utilizes key corresponding with the WAP to described first
Authentication information carries out verification to be included:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the first random challenge word carries out hash operations;Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained
First decrypted hash value;And using shared key corresponding with the WAP to the wireless access
The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value.
Further, it is determined that the first key information it is corresponding with second key information including:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
Further, the management platform utilizes key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word be encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed.
Further, the WAP utilizes the key of WAP storage to described second
Authentication information carries out verification to be included:
The shared key stored using the WAP is to the identification number of the WAP and described
Second random challenge word carries out hash operations;Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the
Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP
Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value.
Further, it is determined that the 3rd key information it is corresponding with the 4th key information including:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
The present invention also provides a kind of WAP and management platform authentication device, is arranged at management platform side,
Including:
First receiver module, the first authentication information for receiving WAP transmission, first mirror
Power information includes identification number, the first random challenge word and the first key information of the WAP, institute
It is that the WAP utilizes the key of WAP storage to the nothing to state first key information
The identification number of line access point and the first random challenge word are encrypted acquisition;
First authentication module, for being authenticated to described first using key corresponding with the WAP
Information is verified, and obtains the second key information;
First judge module, determines that the first key information is corresponding with second key information for working as
When, then judge that the WAP is legal.
Alternatively, first judge module, is additionally operable to when determining the first key information with described the
Then judge that the WAP is illegal when two key informations are not to correspondence.
Alternatively, described device also includes:
First generation module, for generating the second random challenge word;
First encrypting module, for utilizing key corresponding with the WAP to the wireless access
The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
First sending module, for sending the second authentication information to the WAP, so that the nothing
Line access point is verified using the key that the WAP is stored to second authentication information, institute
State identification number of second authentication information including the WAP, the second random challenge word and the 3rd key
Information.
Alternatively, first authentication module includes:
First dismisses unit, for being that the WAP utilizes the nothing when the first key information
Identification number and the first random challenge word of the shared key of line access point storage to the WAP
Hash operations acquisition is carried out, then utilizes shared key corresponding with the WAP to described wireless
The identification number of access point and the first random challenge word carry out hash operations;
First decryption unit, for being that the WAP utilizes the nothing when the first key information
Identification number and the first random challenge word of the shared key of line access point storage to the WAP
Carry out hash operations obtain the first hashed value and using WAP storage private key to described the
One hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described first
Key information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP
Shared key carries out hash operations and obtains to the identification number and the first random challenge word of the WAP
Obtain the second hashed value.
Alternatively, first encrypting module includes:
First hashing unit, for utilizing shared key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word carry out hash operations;Or,
First signature unit, for utilizing shared key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word carry out hash operations and obtain the 3rd hashed value and profit
The private key stored with the management platform is signed to the 3rd hashed value.
Alternatively, first judge module includes:
First direct corresponding unit, for when the first key information it is identical with second decryption information
When, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit, for when the first decrypted hash value is identical with the second hashed value,
Determine that the first key information is corresponding with second key information.
The present invention also provides a kind of WAP and management platform authentication device, is arranged at WAP
Side, including:
Second generation module, for generating the first random challenge word;
Second encrypting module, for the key using WAP storage to the WAP
Identification number and the first random challenge word be encrypted, obtain first key information;
Second sending module, for sending the first authentication information to management platform, so that the management platform
First authentication information is verified using key corresponding with the WAP, described first
Authentication information includes identification number, the first random challenge word and the first key information of the WAP.
Alternatively, described device also includes:
Second receiver module, the second authentication information for receiving management platform transmission, second authentication
Information includes identification number, the second random challenge word and the 3rd key information of the WAP, described
3rd key information is that the management platform utilizes key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word are encrypted acquisition;
Second authentication module, for the key using WAP storage to the described second authentication letter
Breath is verified, and obtains the 4th key information;
Second judge module, determines that the 3rd key information is corresponding with the 4th key information for working as
When, then judge that the management platform is legal.
Alternatively, second judge module is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe
Platform is illegal.
Alternatively, second encrypting module includes:
Second hashing unit, the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the first random challenge word carry out hash operations;Or,
Second signature unit, the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the first random challenge word carry out hash operations and obtain the first hashed value and utilize
The private key of the WAP storage is signed to first hashed value.
Alternatively, second authentication module includes:
Second dismisses unit, for being that the management platform is utilized and the nothing when the 3rd key information
Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP
Hash operations acquisition is carried out, then the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the second random challenge word carry out hash operations;
Second decryption unit, for being that the management platform is utilized and the nothing when the 3rd key information
Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP
Hash operations are carried out to obtain the 3rd hashed value and utilize the private key of management platform storage to the described 3rd
Hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the 3rd key
Information is decrypted, and obtains the second decrypted hash value;And using the shared close of WAP storage
Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the 4th
Hashed value.
Alternatively, second judge module includes:
Second direct corresponding unit, for when the 3rd key information it is identical with the 4th decryption information
When, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit, for when the second decrypted hash value is identical with the 4th hashed value,
Determine that the 3rd key information is corresponding with the 4th key information.
Compared to the prior art the present invention, has the advantages that:
Method for authenticating and device that the present invention is provided, can realize access point apparatus and network management platform
Legitimacy is mutually verified, it is ensured that the legitimacy of WAP, for the equipment in network provides safer
It is reliable to access.
Brief description of the drawings
Fig. 1 is the WAP for being applied to management platform side and the management platform authentication of the embodiment of the present invention
The flow chart of method;
Fig. 2 is the WAP for being applied to WAP side and the management platform mirror of the embodiment of the present invention
The flow chart of power method;
Fig. 3 is the flow chart of a kind of WAP and management platform method for authenticating of the embodiment of the present invention;
Fig. 4 is the WAP for being arranged at management platform side and the management platform authentication of the embodiment of the present invention
The structural representation of device;
Fig. 5 is the WAP for being arranged at WAP side and the management platform dress of the embodiment of the present invention
The structural representation put;
Fig. 6 is the WAP encryption schematic diagram 1 of the embodiment of the present invention;
Fig. 7 is the WAP encryption schematic diagram 2 of the embodiment of the present invention;
Fig. 8 is the management platform authentication schematic diagram 1 of the embodiment of the present invention;
Fig. 9 is the management platform authentication schematic diagram 2 of the embodiment of the present invention;
Figure 10 is the management platform encryption schematic diagram 1 of the embodiment of the present invention;
Figure 11 is the management platform encryption schematic diagram 2 of the embodiment of the present invention;
Figure 12 is the WAP authentication schematic diagram 1 of the embodiment of the present invention;
Figure 13 is the WAP authentication schematic diagram 2 of the embodiment of the present invention;
Figure 14 is the flow chart of WAP and the management platform authentication of the embodiment of the present invention 1;
Figure 15 is the flow chart of WAP and the management platform authentication of the embodiment of the present invention 2.
Specific embodiment
To make goal of the invention of the invention, technical scheme and beneficial effect of greater clarity, with reference to
Accompanying drawing is illustrated to embodiments of the invention, it is necessary to explanation is, in the case where not conflicting, this Shen
Please in embodiment and embodiment in feature can mutually be combined.
As shown in figure 1, the embodiment of the present invention provides a kind of WAP and management platform method for authenticating,
Management platform side is applied to, when management platform is authenticated to WAP, including:
S101, the first authentication information for receiving WAP transmission, first authentication information include institute
State identification number, the first random challenge word and the first key information of WAP, the first key letter
Cease for the WAP utilizes the key of WAP storage to the mark of the WAP
Knowledge number and the first random challenge word are encrypted acquisition;
S102, school is carried out to first authentication information using key corresponding with the WAP
Test, obtain the second key information;
S103, when it is determined that the first key information and second key information to it is corresponding when then judge institute
State WAP legal.
S104, when it is determined that the first key information and second key information not to it is corresponding when then judge
The WAP is illegal.
Preferably, when asking WAP to authenticate management platform, including:
S105, the second random challenge word of generation;
S106, using key corresponding with the WAP to the identification number of the WAP and
The second random challenge word is encrypted, and obtains the 3rd key information;
S107, to the WAP send the second authentication information so that the WAP utilize
The key of the WAP storage is verified to second authentication information, the second authentication letter
Breath includes identification number, the second random challenge word and the 3rd key information of the WAP.
Wherein, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Step S102 includes:
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP
(as shown in Figure 6), then utilize shared key corresponding with the WAP to the wireless access
The identification number and the first random challenge word of point carry out hash operations (as shown in Figure 8);
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the
One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value
(as shown in Figure 7) for obtaining, then utilize public key corresponding with the WAP to the first key
Information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP shared
Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the
Two hashed values (as shown in Figure 9).
Step S106 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations (as shown in Figure 10);Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed (as shown in figure 11).
Step S103 includes:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
As shown in Fig. 2 the embodiment of the present invention provides a kind of WAP and management platform method for authenticating,
WAP side is applied to, when asking management platform to authenticate WAP, including:
S201, the first random challenge word of generation;
S202, identification number and institute using the key of WAP storage to the WAP
State the first random challenge word to be encrypted, obtain first key information;
S203, to management platform send the first authentication information so that the management platform utilize and the nothing
The corresponding key of line access point is verified to first authentication information, and first authentication information includes
The identification number of the WAP, the first random challenge word and first key information.
Preferably, when WAP is authenticated to management platform, also include:
S204, the second authentication information for receiving management platform transmission, second authentication information includes described
The identification number of WAP, the second random challenge word and the 3rd key information, the 3rd key information
For the management platform using key corresponding with the WAP to the mark of the WAP
Number and the second random challenge word be encrypted acquisition;
S205, the key stored using the WAP are verified to second authentication information,
Obtain the 4th key information;
S206, when it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge institute
State management platform legal.
S207, when it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge
The management platform is illegal.
Wherein, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Step S202 includes:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations (as shown in Figure 6);Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed (as shown in Figure 7).
Step S205 includes:
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP
(as shown in Figure 10), then using the shared key of WAP storage to the WAP
Identification number and the second random challenge word carry out hash operations (as shown in figure 12);
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the
Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value
(as shown in figure 11), then utilize public key corresponding with the management platform to the 3rd key information
It is decrypted, obtains the second decrypted hash value;And using the shared key pair of WAP storage
The identification number of the WAP and the second random challenge word carry out hash operations and obtain the 4th hash
Value (as shown in figure 13).
Step S206 includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
As shown in figure 3, the embodiment of the present invention provides a kind of WAP and management platform method for authenticating,
WAP is encrypted using the key of storage, and asks management platform to authenticate WAP,
Including:
S301, WAP generate the first random challenge word;
S302, the WAP are using the key of WAP storage to the wireless access
The identification number and the first random challenge word of point are encrypted, and obtain first key information;
S303, the WAP send the first authentication information, the first authentication letter to management platform
Breath includes identification number, the first random challenge word and the first key information of the WAP;
S304, the management platform are authenticated using key corresponding with the WAP to described first
Information is verified, and obtains the second key information;
S305, determine that the first key information is corresponding with second key information when the management platform
When, then judge that the WAP is legal.
S306, determine that the first key information is not right with second key information when the management platform
At once, then judge that the WAP is illegal.
If WAP is legal, key and the management platform storage of WAP storage
Key corresponding with the WAP is identical or corresponding, and now authentication can pass through, if wirelessly
Access point is illegal, and such as WAP is camouflage, then the key of WAP storage and management
The key corresponding from WAP of platform storage is different or does not correspond to, and now authentication cannot pass through.
Management platform is encrypted using key corresponding with WAP, and asks WAP pair
Management platform authentication (if this authentication being not required to, without the following steps), including:
S307, the management platform generate the second random challenge word;
S308, the management platform are using key corresponding with the WAP to the wireless access
The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
S309, the management platform send the second authentication information to the WAP;Second mirror
Power information includes identification number, the second random challenge word and the 3rd key information of the WAP;
S310, the WAP are authenticated using the key of WAP storage to described second
Information is verified, and obtains the 4th key information;
S311, the 3rd key information and the 4th key information pair are determined when the WAP
At once, then judge that the management platform is legal.
S312, determine the 3rd key information with the 4th key information not when the WAP
Then judge that the management platform is illegal during to correspondence.
Similar, if management platform is legal, the key and management platform of WAP storage
The key corresponding with the WAP of storage is identical or corresponding, and now authentication can pass through, such as
Fruit management platform be it is illegal, such as management platform be camouflage, then WAP storage key with
The key corresponding from WAP of management platform storage is different or does not correspond to, and now authentication cannot
Pass through.
Step S302 includes:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations (as shown in Figure 6);Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed (as shown in Figure 7).
Step S304 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the first random challenge word carries out hash operations (as shown in Figure 8);Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained
First decrypted hash value;And using shared key corresponding with the WAP to the wireless access
The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value (such as Fig. 9 institutes
Show).
Step S305 includes:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
Step S308 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations (as shown in Figure 10);Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed (as shown in figure 11).
Step S310 includes:
The shared key stored using the WAP is to the identification number of the WAP and described
Second random challenge word carries out hash operations (as shown in figure 12);Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the
Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP
Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value (as shown in figure 13).
Step S311 includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
The shared key of each WAP, different from other WAPs.Legal is wireless
Access point preserves this shared key with legal management platform, and both sides are believed key using this shared key
Breath is authenticated.
To prevent shared key from divulging a secret, ciphering signature (such as RSA Algorithm) can be further done.
WAP preserves the corresponding public key of private key and management platform of signature, and management platform is preserved
The corresponding public key of private key and WAP of platform, both sides are using this corresponding public key or private key to closing
Key information is authenticated.
As shown in figure 4, the present invention also provides a kind of WAP and management platform authentication device, set
In management platform side, including:
First receiver module 401, the first authentication information for receiving WAP transmission, described the
One authentication information includes identification number, the first random challenge word and the first key information of the WAP,
The first key information is that the WAP utilizes the key of WAP storage to described
The identification number of WAP and the first random challenge word are encrypted acquisition;
First authentication module 402, for utilizing key corresponding with the WAP to described first
Authentication information is verified, and obtains the second key information;
First judge module 403, for when the determination first key information and second key information
Then judge that the WAP is legal during to correspondence.
First judge module 403, is additionally operable to when the determination first key information is close with described second
Key Asymmetry information is seasonable, then judge that the WAP is illegal.
Said apparatus also include:
First generation module 404, for generating the second random challenge word;
First encrypting module 405, for utilizing key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word are encrypted, and obtain the 3rd key information;
First sending module 406, for sending the second authentication information to the WAP, so that institute
State WAP carries out school using the key that the WAP is stored to second authentication information
Test, the identification number of second authentication information including the WAP, the second random challenge word and the
Three key informations.
Wherein, first authentication module 402 includes:
First dismiss unit 4021, for when the first key information for the WAP utilizes institute
The shared key for stating WAP storage is chosen at random to the identification number of the WAP and described first
War word carries out hash operations acquisition, then utilize shared key corresponding with the WAP to described
The identification number of WAP and the first random challenge word carry out hash operations;
First decryption unit 4022, for when the first key information for the WAP utilizes institute
The shared key for stating WAP storage is chosen at random to the identification number of the WAP and described first
War word carries out hash operations and obtains the first hashed value and utilize the private key of WAP storage to institute
Stating the first hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described
First key information is decrypted, and obtains the first decrypted hash value;And utilize and the WAP pair
The shared key answered carries out hash fortune to the identification number and the first random challenge word of the WAP
Calculate and obtain the second hashed value.
First encrypting module 405 includes:
First hashing unit 4051, for utilizing shared key corresponding with the WAP to described
The identification number of WAP and the second random challenge word carry out hash operations;Or,
First signature unit 4052, for utilizing shared key corresponding with the WAP to described
The identification number of WAP and the second random challenge word carry out hash operations obtain the 3rd hashed value,
And the 3rd hashed value is signed using the private key that the management platform is stored.
First judge module 403 includes:
First direct corresponding unit 4031, for when the first key information and second decryption information
When identical, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit 4032, for when the first decrypted hash value it is identical with the second hashed value
When, determine that the first key information is corresponding with second key information.
As shown in figure 5, the embodiment of the present invention also provides a kind of WAP and management platform authentication device,
WAP side is arranged at, including:
Second generation module 501, for generating the first random challenge word;
Second encrypting module 502, the key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the first random challenge word are encrypted, and obtain first key information;
Second sending module 503, for sending the first authentication information to management platform, so that the management
Platform is verified using key corresponding with the WAP to first authentication information, described
First authentication information includes identification number, the first random challenge word and the first key letter of the WAP
Breath.
Said apparatus also include:
Second receiver module 504, the second authentication information for receiving management platform transmission, described second
Authentication information includes identification number, the second random challenge word and the 3rd key information of the WAP,
3rd key information is that the management platform utilizes key corresponding with the WAP to described
The identification number of WAP and the second random challenge word are encrypted acquisition;
Second authentication module 505, reflects for the key using WAP storage to described second
Power information is verified, and obtains the 4th key information;
Second judge module 506, for when determination the 3rd key information and the 4th key information
Then judge that the management platform is legal during to correspondence.
Second judge module 506 is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe
Platform is illegal.
Wherein, second encrypting module 502 includes:
Second hashing unit 5021, for the shared key using WAP storage to the nothing
The identification number of line access point and the first random challenge word carry out hash operations;Or,
Second signature unit 5022, for the shared key using WAP storage to the nothing
The identification number of line access point and the first random challenge word carry out hash operations obtain the first hashed value and
The private key stored using the WAP is signed to first hashed value.
Second authentication module 505 includes:
Second dismiss unit 5051, for when the 3rd key information be the management platform using and institute
The corresponding shared key of WAP is stated to choose the identification number of the WAP and described second at random
War word carries out hash operations acquisition, then using the shared key of WAP storage to the nothing
The identification number of line access point and the second random challenge word carry out hash operations;
Second decryption unit 5052, for when the 3rd key information for the management platform utilize and institute
The corresponding shared key of WAP is stated to choose the identification number of the WAP and described second at random
War word carries out hash operations and obtains the 3rd hashed value and utilize the private key of management platform storage to described
3rd hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the described 3rd
Key information is decrypted, and obtains the second decrypted hash value;And using being total to that the WAP is stored
Enjoy key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP
4th hashed value.
Second judge module 506 includes:
Second direct corresponding unit 5061, for when the 3rd key information and the 4th decryption information
When identical, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit 5062, for when the second decrypted hash value it is identical with the 4th hashed value
When, determine that the 3rd key information is corresponding with the 4th key information.
Embodiment 1
Shared key in the embodiment of the present invention, refer to for the hashing algorithm arranged for certain (such as
SHA-256), the shared key of hash operations is carried out.As shown in figure 14, step is as follows:
11st, with the NodeID of oneself, (NodeID can be the MAC of WAP to WAP
Address, sequence number, or other unique identifications) and randomly generate one challenge word X, using depositing
The shared key of storage does hash operations to them, obtains hashed value A (see Fig. 6);
12nd, WAP is when request is connected to management platform, message carry NodeID, challenge word and
Hashed value A;
13rd, management platform uses the WAP pair after the connection request for receiving WAP
Answer shared key to do hashing algorithm to the NodeID that receives and challenge word X, obtain hashed value AA (see
Fig. 8).
If the 14, A=AA, management platform judges that the WAP is legal, otherwise illegally.
Following four step is authentication of the WAP to management platform, is the further embodiment of the present invention
Function.If this authentication is not required to, without this four steps:
15th, if it is determined that WAP is legal, management platform randomly generates a challenge word Y, to receiving
To NodeID, carry out hash operations using the corresponding shared key of the WAP and obtain hashed value B
(see Figure 10);
16th, management platform carries WAP in the response message for being sent to WAP
The hashed value B (see Figure 10) of NodeID, challenge word and encryption;
17th, after WAP receives response message, the shared key using storage is to receiving
NodeID and challenge word Y do hash operations, obtain hashed value BB;
If the 18, B=BB, the management platform point is legal, otherwise illegal (see Fig. 3).
Embodiment 2
To prevent shared key from divulging a secret, ciphering signature (such as RSA Algorithm) can be further done to hashed value.
As shown in figure 15, step is as follows:
21st, with the NodeID of oneself, (NodeID can be the MAC of WAP to WAP
Address, sequence number, or other unique identifications) and randomly generate one challenge word X, using depositing
Storage shared key does hash operations to them, obtains hashed value A, the private key stored using WAP
RSA signature is done to A, RSA signature ciphertext AAA is drawn (see Fig. 7);
22nd, when request is connected to management platform, message carries NodeID, challenge character to WAP
String and RSA signature ciphertext AAA;
23rd, management platform uses WAP correspondence after the connection request for receiving WAP
Public key to signature result AAA carry out RSA decryption, obtain the signature original text of RSA, draw decryption
Hashed value AAAA, then again with WAP correspondence shared key to NodeID, challenge word X
Do hash operations, obtain hashed result AA (see Fig. 9);
24th, management platform compares the hashed value AA knots of RSA signature decrypted hash value AAAA and calculating
Really, if unanimously, the WAP is legal, otherwise illegally.
Following four step is authentication of the WAP to management platform, is the further embodiment of the present invention
Function.If this authentication is not required to, without this four steps:
25th, if it is determined that WAP is legal, management platform randomly generates a challenge word Y, to receiving
To NodeID, carry out hash operations using the corresponding shared key of the WAP and obtain hashed value B;
26th, the private key stored using management platform does RSA signature to hashed value B, draws RSA signature
Ciphertext BBB (see Figure 11), and the NodeID of WAP, challenge word are carried in response message
With RSA signature ciphertext BBB.
27th, after WAP receives response message, the corresponding public affairs of the management platform for pre-saving are used
Key does RSA decryption to the signature result BBB for receiving, and draws the signature original text of RSA, show that decryption dissipates
Train value BBBB, then the shared key stored with WAP does hash fortune to NodeID and challenge word
Calculate BB (see Figure 13);
28th, WAP compares the hashed value BB of RSA signature decrypted hash value BBBB and calculating,
If two results are consistent, the management platform is legal, otherwise illegally.
Although disclosed implementation method is as above, its content is only to facilitate understand the present invention
Technical scheme and the implementation method that uses, be not intended to limit the present invention.Technology belonging to any present invention
Technical staff in field, on the premise of disclosed core technology scheme is not departed from, can be with
Any modification and change, but the protection domain that the present invention is limited are made in the form and details implemented, still
The scope that must be limited by appending claims is defined.
Claims (36)
1. a kind of WAP and management platform method for authenticating, are applied to management platform side, and its feature exists
In, including:
The first authentication information that WAP sends is received, first authentication information includes described wireless
The identification number of access point, the first random challenge word and first key information, the first key information is institute
State WAP using the key of WAP storage to the identification number of the WAP and
The first random challenge word is encrypted acquisition;
First authentication information is verified using key corresponding with the WAP, is obtained
Second key information;
When it is determined that the first key information and second key information to it is corresponding when then judge described wireless
Access point is legal.
2. the method for claim 1, it is characterised in that:Obtain and also wrap after the second key information
Include:
When it is determined that the first key information and second key information not to it is corresponding when then judge the nothing
Line access point is illegal.
3. the method for claim 1, it is characterised in that:It is described to judge that the WAP is closed
Also include after method:
Generate the second random challenge word;
Using key corresponding with the WAP to the identification number of the WAP and described
Two random challenge words are encrypted, and obtain the 3rd key information;
The second authentication information is sent to the WAP, so that the WAP utilizes the nothing
The key of line access point storage is verified to second authentication information, and second authentication information includes
The identification number of the WAP, the second random challenge word and the 3rd key information.
4. the method for claim 1, it is characterised in that the identification number bag of the WAP
Include following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
5. the method for claim 1, it is characterised in that:Using corresponding with the WAP
Key verification carried out to first authentication information include:
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP
, then utilize shared key corresponding with the WAP to the identification number of the WAP and
The first random challenge word carries out hash operations;
When the first key information is the WAP sharing using WAP storage
Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the
One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value
, then utilize public key corresponding with the WAP to be decrypted the first key information,
Obtain the first decrypted hash value;And using shared key corresponding with the WAP to described wireless
The identification number of access point and the first random challenge word carry out hash operations and obtain the second hashed value.
6. method as claimed in claim 3, it is characterised in that using corresponding with the WAP
Key the identification number and the second random challenge word of the WAP are encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed.
7. method as claimed in claim 6, it is characterised in that determine the first key information and institute
Stating the second key information correspondence includes:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
8. a kind of WAP and management platform method for authenticating, are applied to WAP side, its feature
It is, including:
Generate the first random challenge word;
Using the key of WAP storage to the identification number of the WAP and described first
Random challenge word is encrypted, and obtains first key information;
The first authentication information is sent to management platform, so that the management platform is utilized and the wireless access
The corresponding key of point is verified to first authentication information, and first authentication information includes the nothing
The identification number of line access point, the first random challenge word and first key information.
9. method as claimed in claim 8, it is characterised in that:The first authentication letter is sent to management platform
Also include after breath:
The second authentication information that management platform sends is received, second authentication information wirelessly connects including described
The identification number of access point, the second random challenge word and the 3rd key information, the 3rd key information is described
Management platform utilizes identification number and institute of the key corresponding with the WAP to the WAP
State the second random challenge word and be encrypted acquisition;
The key stored using the WAP is verified to second authentication information, obtains the
Four key informations;
When it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge the management
Platform is legal.
10. method as claimed in claim 9, it is characterised in that obtain after the 4th key information also
Including:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe
Platform is illegal.
11. methods as claimed in claim 8, it is characterised in that:The identification number of the WAP
Including following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
12. methods as claimed in claim 8, it is characterised in that:Stored using the WAP
Key the identification number and the first random challenge word of the WAP are encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed.
13. methods as claimed in claim 9, it is characterised in that:Stored using the WAP
Key verification carried out to second authentication information include:
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP
, then utilize identification number and institute of the shared key of WAP storage to the WAP
Stating the second random challenge word carries out hash operations;
When the 3rd key information is that the management platform is shared using corresponding with the WAP
Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the
Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value
, then utilize public key corresponding with the management platform to be decrypted the 3rd key information, obtain
Second decrypted hash value;And the shared key of WAP storage is utilized to the WAP
Identification number and the second random challenge word carry out hash operations obtain the 4th hashed value.
14. methods as claimed in claim 13, it is characterised in that:Determine the 3rd key information with
The 4th key information correspondence includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
A kind of 15. WAPs and management platform method for authenticating, it is characterised in that including:
WAP generates the first random challenge word;
The WAP utilizes the key of WAP storage to the mark of the WAP
Knowledge number and the first random challenge word are encrypted, and obtain first key information;
The WAP sends the first authentication information to management platform, and first authentication information includes
The identification number of the WAP, the first random challenge word and first key information;
The management platform is entered using key corresponding with the WAP to first authentication information
Row verification, obtains the second key information;
When the management platform determine the first key information and second key information to it is corresponding when then
Judge that the WAP is legal.
16. methods as claimed in claim 15, it is characterised in that:Also include:
When the management platform determine the first key information and second key information not to it is corresponding when
Then judge that the WAP is illegal.
17. methods as claimed in claim 15, it is characterised in that:It is described to judge the WAP
Also include after legal:
The management platform generates the second random challenge word;
The management platform is using key corresponding with the WAP to the mark of the WAP
Knowledge number and the second random challenge word are encrypted, and obtain the 3rd key information;
The management platform sends the second authentication information to the WAP;Second authentication information
Identification number including the WAP, the second random challenge word and the 3rd key information;
The WAP is entered using the key that the WAP is stored to second authentication information
Row verification, obtains the 4th key information;
When the WAP determine the 3rd key information and the 4th key information to it is corresponding when
Then judge that the management platform is legal.
18. methods as claimed in claim 17, it is characterised in that:When the WAP determines institute
State the 3rd key information and the 4th key information not to it is corresponding when then judge that the management platform is illegal.
19. methods as claimed in claim 15, it is characterised in that:The WAP is using described
The key of WAP storage enters to the identification number and the first random challenge word of the WAP
Row encryption includes:
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described
First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage
Private key first hashed value is signed.
20. methods as claimed in claim 19, it is characterised in that:The management platform utilize with it is described
The corresponding key of WAP carries out verification to first authentication information to be included:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the first random challenge word carries out hash operations;Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained
First decrypted hash value;And using shared key corresponding with the WAP to the wireless access
The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value.
21. methods as claimed in claim 20, it is characterised in that:Determine the first key information with
The second key information correspondence includes:
When the first key information is identical with second decryption information, the first key letter is determined
Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with
The second key information correspondence.
22. methods as claimed in claim 17, it is characterised in that:The management platform utilize with it is described
The corresponding key of WAP enters to the identification number and the second random challenge word of the WAP
Row encryption includes:
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP
Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage
Private key the 3rd hashed value is signed.
23. methods as claimed in claim 22, it is characterised in that:The WAP is using described
The key of WAP storage carries out verification to second authentication information to be included:
The shared key stored using the WAP is to the identification number of the WAP and described
Second random challenge word carries out hash operations;Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the
Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP
Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value.
24. methods as claimed in claim 23, it is characterised in that:Determine the 3rd key information with
The 4th key information correspondence includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined
Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with
The 4th key information correspondence.
A kind of 25. WAPs and management platform authentication device, are arranged at management platform side, its feature
It is, including:
First receiver module, the first authentication information for receiving WAP transmission, first mirror
Power information includes identification number, the first random challenge word and the first key information of the WAP, institute
It is that the WAP utilizes the key of WAP storage to the nothing to state first key information
The identification number of line access point and the first random challenge word are encrypted acquisition;
First authentication module, for being authenticated to described first using key corresponding with the WAP
Information is verified, and obtains the second key information;
First judge module, determines that the first key information is corresponding with second key information for working as
When, then judge that the WAP is legal.
26. devices as claimed in claim 25, it is characterised in that:First judge module, also uses
In when it is determined that the first key information and second key information not to it is corresponding when then judge described wireless
Access point is illegal.
27. devices as claimed in claim 25, it is characterised in that:Also include:
First generation module, for generating the second random challenge word;
First encrypting module, for utilizing key corresponding with the WAP to the wireless access
The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
First sending module, for sending the second authentication information to the WAP, so that the nothing
Line access point is verified using the key that the WAP is stored to second authentication information, institute
State identification number of second authentication information including the WAP, the second random challenge word and the 3rd key
Information.
28. devices as claimed in claim 25, it is characterised in that:First authentication module includes:
First dismisses unit, for being that the WAP utilizes the nothing when the first key information
Identification number and the first random challenge word of the shared key of line access point storage to the WAP
Hash operations acquisition is carried out, then utilizes shared key corresponding with the WAP to described wireless
The identification number of access point and the first random challenge word carry out hash operations;
First decryption unit, for being that the WAP utilizes the nothing when the first key information
Identification number and the first random challenge word of the shared key of line access point storage to the WAP
Carry out hash operations obtain the first hashed value and using WAP storage private key to described the
One hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described first
Key information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP
Shared key carries out hash operations and obtains to the identification number and the first random challenge word of the WAP
Obtain the second hashed value.
29. devices as claimed in claim 27, it is characterised in that first encrypting module includes:
First hashing unit, for utilizing shared key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word carry out hash operations;Or,
First signature unit, for utilizing shared key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word carry out hash operations and obtain the 3rd hashed value and profit
The private key stored with the management platform is signed to the 3rd hashed value.
30. devices as claimed in claim 29, it is characterised in that first judge module includes:
First direct corresponding unit, for when the first key information it is identical with second decryption information
When, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit, for when the first decrypted hash value is identical with the second hashed value,
Determine that the first key information is corresponding with second key information.
A kind of 31. WAPs and management platform authentication device, are arranged at WAP side, and it is special
Levy and be, including:
Second generation module, for generating the first random challenge word;
Second encrypting module, for the key using WAP storage to the WAP
Identification number and the first random challenge word be encrypted, obtain first key information;
Second sending module, for sending the first authentication information to management platform, so that the management platform
First authentication information is verified using key corresponding with the WAP, described first
Authentication information includes identification number, the first random challenge word and the first key information of the WAP.
32. devices as claimed in claim 31, it is characterised in that:Also include:
Second receiver module, the second authentication information for receiving management platform transmission, second authentication
Information includes identification number, the second random challenge word and the 3rd key information of the WAP, described
3rd key information is that the management platform utilizes key corresponding with the WAP to described wireless
The identification number of access point and the second random challenge word are encrypted acquisition;
Second authentication module, for the key using WAP storage to the described second authentication letter
Breath is verified, and obtains the 4th key information;
Second judge module, determines that the 3rd key information is corresponding with the 4th key information for working as
When, then judge that the management platform is legal.
33. devices as claimed in claim 32, it is characterised in that second judge module is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe
Platform is illegal.
34. devices as claimed in claim 31, it is characterised in that:Second encrypting module includes:
Second hashing unit, the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the first random challenge word carry out hash operations;Or,
Second signature unit, the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the first random challenge word carry out hash operations and obtain the first hashed value and utilize
The private key of the WAP storage is signed to first hashed value.
35. devices as claimed in claim 32, it is characterised in that:Second authentication module includes:
Second dismisses unit, for being that the management platform is utilized and the nothing when the 3rd key information
Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP
Hash operations acquisition is carried out, then the shared key for being stored using the WAP is wirelessly connect to described
The identification number of access point and the second random challenge word carry out hash operations;
Second decryption unit, for being that the management platform is utilized and the nothing when the 3rd key information
Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP
Hash operations are carried out to obtain the 3rd hashed value and utilize the private key of management platform storage to the described 3rd
Hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the 3rd key
Information is decrypted, and obtains the second decrypted hash value;And using the shared close of WAP storage
Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the 4th
Hashed value.
36. devices as claimed in claim 35, it is characterised in that:Second judge module includes:
Second direct corresponding unit, for when the 3rd key information it is identical with the 4th decryption information
When, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit, for when the second decrypted hash value is identical with the 4th hashed value,
Determine that the 3rd key information is corresponding with the 4th key information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510410310.5A CN106714156A (en) | 2015-07-13 | 2015-07-13 | Wireless access point and management platform authentication method and device |
| PCT/CN2016/080767 WO2017008556A1 (en) | 2015-07-13 | 2016-04-29 | Authentication method and device for wireless access point and management platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510410310.5A CN106714156A (en) | 2015-07-13 | 2015-07-13 | Wireless access point and management platform authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106714156A true CN106714156A (en) | 2017-05-24 |
Family
ID=57756810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510410310.5A Withdrawn CN106714156A (en) | 2015-07-13 | 2015-07-13 | Wireless access point and management platform authentication method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106714156A (en) |
| WO (1) | WO2017008556A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019153118A1 (en) * | 2018-02-06 | 2019-08-15 | 福建联迪商用设备有限公司 | Method for transmitting key, receiving terminal, and distribution terminal |
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111107551A (en) * | 2018-10-29 | 2020-05-05 | 杭州海康威视数字技术股份有限公司 | Wireless network bridge networking method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753361A (en) * | 2004-09-20 | 2006-03-29 | 华为技术有限公司 | Right identification method |
| CN1757195A (en) * | 2003-03-06 | 2006-04-05 | Tim意大利股份公司 | Methods and software program product for mutual authentication in a communications network |
| US20080134306A1 (en) * | 2006-12-04 | 2008-06-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for fast handover and authentication in a packet data network |
| CN101640886A (en) * | 2008-07-29 | 2010-02-03 | 上海华为技术有限公司 | Authentication method, re-authentication method and communication device |
| CN101764693A (en) * | 2009-12-24 | 2010-06-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| CN102625307A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Wireless network access system |
| CN103096301A (en) * | 2011-10-31 | 2013-05-08 | 华为技术有限公司 | Method for verifying wireless local area network access point and station for the same |
| CN103634170A (en) * | 2012-08-21 | 2014-03-12 | 中兴通讯股份有限公司 | Home network interconnecting method and apparatus |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201112360D0 (en) * | 2011-07-18 | 2011-08-31 | Skype Ltd | Distributing information |
| CN102685745B (en) * | 2012-04-23 | 2016-05-11 | 深圳市江波龙电子有限公司 | The authentication method of wireless aps equipment and system |
| US20140337950A1 (en) * | 2013-05-07 | 2014-11-13 | Futurewei Technologies, Inc. | Method and Apparatus for Secure Communications in a Wireless Network |
| CN104125568B (en) * | 2014-08-11 | 2018-09-07 | 湖南恒茂高科股份有限公司 | Wireless access point safety certifying method and system |
| CN104581727A (en) * | 2015-02-03 | 2015-04-29 | 福州瑞芯微电子有限公司 | Equipment connecting method and device and AP (access point) end electronic equipment |
-
2015
- 2015-07-13 CN CN201510410310.5A patent/CN106714156A/en not_active Withdrawn
-
2016
- 2016-04-29 WO PCT/CN2016/080767 patent/WO2017008556A1/en active Application Filing
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1757195A (en) * | 2003-03-06 | 2006-04-05 | Tim意大利股份公司 | Methods and software program product for mutual authentication in a communications network |
| CN1753361A (en) * | 2004-09-20 | 2006-03-29 | 华为技术有限公司 | Right identification method |
| US20080134306A1 (en) * | 2006-12-04 | 2008-06-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for fast handover and authentication in a packet data network |
| CN101640886A (en) * | 2008-07-29 | 2010-02-03 | 上海华为技术有限公司 | Authentication method, re-authentication method and communication device |
| CN101764693A (en) * | 2009-12-24 | 2010-06-30 | 福建星网锐捷网络有限公司 | Authentication method, system, client and network equipment |
| CN102625307A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Wireless network access system |
| CN103096301A (en) * | 2011-10-31 | 2013-05-08 | 华为技术有限公司 | Method for verifying wireless local area network access point and station for the same |
| CN103634170A (en) * | 2012-08-21 | 2014-03-12 | 中兴通讯股份有限公司 | Home network interconnecting method and apparatus |
Non-Patent Citations (1)
| Title |
|---|
| 尹淑玲: "《网络安全技术教程》", 31 May 2014 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019153118A1 (en) * | 2018-02-06 | 2019-08-15 | 福建联迪商用设备有限公司 | Method for transmitting key, receiving terminal, and distribution terminal |
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017008556A1 (en) | 2017-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109862041B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| CN104796265B (en) | A kind of Internet of Things identity identifying method based on Bluetooth communication access | |
| EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
| CN106603485A (en) | Secret key negotiation method and device | |
| CN108270571A (en) | Internet of Things identity authorization system and its method based on block chain | |
| CN103095456B (en) | The processing method of transaction message and system | |
| CN103427992B (en) | The method and system of secure communication is set up between node in a network | |
| CN105162797B (en) | A kind of mutual authentication method based on video monitoring system | |
| CN105915502A (en) | Method and system for facilitating network joining | |
| CN105554760B (en) | Wireless access point authentication method, apparatus and system | |
| CN103248491B (en) | A kind of backup method of electronic signature token private key and system | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN103812651B (en) | Method of password authentication, apparatus and system | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN107360125A (en) | Access authentication method, WAP and user terminal | |
| CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN107454035A (en) | A kind of identity authentication method and device | |
| US20210227368A1 (en) | Master-Slave System for Communication Over a Bluetooth Low Energy Connection | |
| CN109257170A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN107277020A (en) | The system and method for remote validation mobile device legitimacy based on public private key system | |
| CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
| CN102264068B (en) | Shared key consultation method, system, network platform and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170524 |