CN116634430A - Multi-terminal independent access authentication method, system and medium based on pre-shared secret key - Google Patents
Multi-terminal independent access authentication method, system and medium based on pre-shared secret key Download PDFInfo
- Publication number
- CN116634430A CN116634430A CN202310637386.6A CN202310637386A CN116634430A CN 116634430 A CN116634430 A CN 116634430A CN 202310637386 A CN202310637386 A CN 202310637386A CN 116634430 A CN116634430 A CN 116634430A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- access
- authentication
- list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 3
- 101000838578 Homo sapiens Serine/threonine-protein kinase TAO2 Proteins 0.000 description 69
- 102100028949 Serine/threonine-protein kinase TAO2 Human genes 0.000 description 69
- 101000838579 Homo sapiens Serine/threonine-protein kinase TAO1 Proteins 0.000 description 8
- 102100028948 Serine/threonine-protein kinase TAO1 Human genes 0.000 description 8
- 238000005457 optimization Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 101100299367 Arabidopsis thaliana PSK6 gene Proteins 0.000 description 2
- 101150036717 PSK3 gene Proteins 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 101000666098 Homo sapiens WAP four-disulfide core domain protein 12 Proteins 0.000 description 1
- 102100038089 WAP four-disulfide core domain protein 12 Human genes 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a multi-terminal independent access authentication method, a system and a medium based on a pre-shared secret key; relates to the technical field of communication authentication; firstly, acquiring a terminal of access authentication, configuring a terminal association key in sequence to obtain a configured access authentication user list, and then generating a pre-shared key PSK list; performing independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list; the access point allows the terminal successfully authenticated by the independent handshake key to access the network; independent handshake key authentication of the access point and each terminal is carried out based on a pre-shared key PSK list, under the condition of single access point deployment, no additional software and hardware cost is needed, only the list of the terminals and the pre-shared keys is needed to be maintained, simultaneous configuration of multiple pre-shared keys and multiple terminals is supported, and no specific software and hardware platform and wireless terminal are relied on; different terminals correspond to different pre-shared keys, and the security is higher.
Description
Technical Field
The application relates to the technical field of communication authentication, in particular to a method, a system and a medium for multi-terminal independent access authentication based on a pre-shared secret key.
Background
With the rapid development of domestic wireless networks at present, wiFi wireless networks based on the 802.11 protocol are widely applied and popularized, and in order to improve the security of wireless communication, encryption modes such as WPA and WPA2 based on the IEEE 802.11i protocol are also adopted as a mandatory standard. WAP2 is used as an upgrade of WPA, and an encryption standard CCMP with higher security is adopted, and in the use scene, the WPA2 encryption mode can meet the user demands of enterprises, government institutions, household and the like.
In the prior art, the PMK required by the access authentication is generally calculated directly by the cloud service end and is issued to the wireless network access point, the wireless network access point does not need to calculate the PMK, various resources of the cloud service end are far higher than those of the wireless network access point, the access authentication process is quickened, the access authentication efficiency is improved, the resource consumption of the wireless network access point is reduced, and the hardware requirement of the wireless network access point is reduced, so that the hardware cost of the wireless network access point is reduced. Or the interaction process of the cloud service end and the wireless AP is needed, and extra equipment performance and network resources are occupied; the pre-shared secret key configured by the cloud server is still universal for all terminals aiming at the independent authentication methods of different terminals; for high concurrency wireless terminal access authentication of multi-wireless AP, the cloud server may still have performance bottleneck; the cloud server is required to participate in management and control, so that the network deployment and maintenance cost is increased; the usage scenario of single AP deployment such as home cannot be satisfied.
Disclosure of Invention
The technical problems to be solved by the application are as follows: the existing wireless network access authentication method needs a cloud service end to participate in management and control for high concurrency wireless terminal access authentication of multiple wireless APs, increases network deployment and maintenance cost, and is difficult to meet the use scene of single AP deployment such as household use; the application aims to provide a multi-terminal independent access authentication method, a system and a medium based on a pre-shared key, which are used for optimizing a general encryption technology on the existing wireless network access authentication method, and carrying out independent handshake key authentication of an access point and each terminal based on a pre-shared key PSK list, wherein under the condition of single access point deployment, no additional software and hardware cost is needed; the configuration is simple, only a list of terminal users and pre-shared keys is required to be maintained, the application is flexible, the simultaneous configuration of multiple pre-shared keys and multiple users is supported, and the configuration does not depend on a specific software and hardware platform and a wireless terminal; different terminals correspond to different pre-shared keys, and compared with the original general pre-shared key, the method has higher security.
The application is realized by the following technical scheme:
the scheme provides a multi-terminal independent access authentication method based on a pre-shared key, which comprises the following steps:
step one: acquiring an access authentication terminal and sequentially carrying out association key configuration on the terminal to obtain an access authentication user list;
step two: generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the access authentication user list;
step three: performing independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
step four: the access point allows a terminal that has successfully authenticated with the independent handshake key to access the network.
The working principle of the scheme is as follows: the existing wireless network access authentication method needs a cloud service end to participate in management and control for high concurrency wireless terminal access authentication of multiple wireless APs, increases network deployment and maintenance cost, and is difficult to meet the use scene of single AP deployment such as household use; the application aims to provide a multi-terminal independent access authentication method, a system and a medium based on a pre-shared key, which are improved on the prior wireless network access authentication method, and the independent handshake secret key authentication of an access point and each terminal is carried out based on a pre-shared key PSK list, so that no additional software and hardware cost is needed under the condition of single access point deployment; the configuration is simple, only a list of the terminal and the pre-shared key is required to be maintained, the simultaneous configuration of a plurality of pre-shared keys and a plurality of terminals is supported, and the configuration does not depend on a specific software and hardware platform and a wireless terminal; different terminals correspond to different pre-shared keys, and compared with the original general pre-shared key, the method has higher security. The pre-shared key can be associated with the end user in 1-to-1 or 1-to-many, and can be only 1-to-1 if the user name in the pre-shared key PSK list is MAC, and can be 1-to-many if the user name in the pre-shared key PSK list is MAC.
The further optimization scheme is that the composition of the access authentication user list comprises:
the first column is the user name of the terminal accessing the authentication, the second column is the SSID name of the corresponding wireless radio frequency, and the third column is the corresponding association key.
The further optimization scheme is that the user name is any character string or MAC address.
The further optimization scheme is that the composition of the pre-shared key PSK list comprises:
the first column is the user name of the terminal accessing the authentication, and the second column is the unique pre-shared key PSK correspondingly generated.
A further optimization scheme is that the pre-shared key PSK is any letter or number.
The further optimization scheme is that one terminal can correspond to one unique pre-shared key PSK, and a plurality of terminals can also correspond to one unique pre-shared key PSK.
The further optimization scheme is that the third step comprises the following substeps:
s31: the access point generates a random number Anonce and sends the random number Anonce to each terminal;
s32: each terminal sends a return packet to the access point, wherein the return packet comprises: a random number SNonce generated by a terminal, a terminal MIC (STA), a terminal MAC (STA) address and a terminal calculation key PTK (STA);
s33: the access point selects a unique pre-shared key PSK in a pre-shared key PSK list, and generates an access point calculation key PTK (AP) and an access point MIC (AP) by adding a random number Snonce, a terminal MAC (STA) address, an access point MAC address and a random number Anonce in a matching way;
values of PSK are sequentially fetched from a pre-shared key PSK list (including PSK1, PSK2 and PSK3 … …), and PSK1 is taken as an example, and PSK1 is combined with parameters obtained in the previous steps to obtain PTKs and MICs of access points corresponding to PSK1 through a fixed algorithm, namely:
PSK1+Snonce+MAC(STA)+MIC(AP)+Anonce==>ApPTK PSK1 +ApMIC PSK1 ;
s34: judging whether the access point MIC (AP) is equal to the terminal MIC (STA), if so, entering S35; otherwise, returning to the step S33, repeatedly executing the step S33 until all the unique pre-shared secret keys PSK are matched, and directly entering the step S36;
judgment of ApMIC PSK1 If the PTK and the MIC are equal to each other, the process goes to S35 if the PTK and the MIC are equal to each other, and if the PTK and the MIC are not equal to each other, the process returns to S33 to take the next PSK (i.e., PSK 2) and recalculate the PTK and the MIC of the corresponding access point, namely:
PSK2+Snonce+MAC(STA)+MIC(AP)+Anonce==>ApPTK PSK2 +ApMIC PSK2 ;
until all PSK in the pre-shared key PSK list is verified;
s35: judging whether the user name corresponding to the currently selected unique pre-shared key PSK in the pre-shared key PSK list is an MAC address, comparing whether the user name is equal to the terminal MAC (STA) address or not under the condition that the user name is the MAC address, and if so, entering step S36; otherwise, repeating steps S33-S34;
the result is that PSKn (n=1, 2,3 …) will have a corresponding user name USERNAMEn in the pre-shared key PSK list, if the USERNAMEn is a MAC address, then it is further determined whether USERNAMEn and StaMAC are equal, and if they are equal, S36 is entered, and if they are not equal, S33 is returned to continue to take the next PSK for recalculation and verification;
s36: if the effective PSK is obtained based on the steps, the subsequent flow allows the terminal to access, otherwise, the terminal authentication fails and cannot be accessed.
The further optimization scheme is that the PTK of the terminal user is generated according to a password and a random number Anonce, a random number Snonce, an MAC address of the terminal user and an MAC address of an access point which are input when the terminal user accesses the SSID, and the MIC of the terminal user is generated according to the PTK of the terminal user and a data frame through an MD5 algorithm.
The scheme also provides a multi-terminal independent access authentication system based on the pre-shared key, which is used for realizing the multi-terminal independent access authentication method based on the pre-shared key, and comprises the following steps:
the configuration module is used for acquiring the terminal of the access authentication and sequentially carrying out association key configuration on the terminal to obtain a configuration access authentication user list;
the calculation module is used for generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the configuration access authentication user list;
the authentication module is used for carrying out independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
and the access module is used for allowing the terminal successfully authenticated by the independent handshake key to access the network by the access point.
The further optimization scheme is that the access point is deployed for a single AP.
The present solution also provides a computer readable medium having stored thereon a computer program for execution by a processor to implement a multi-terminal independent access authentication method based on a pre-shared key as described above
Compared with the prior art, the application has the following advantages and beneficial effects:
the application provides a multi-terminal independent access authentication method, a system and a medium based on a pre-shared secret key; the general encryption technology is optimized on the existing wireless network access authentication method, independent handshake key authentication of the access point and each terminal is performed based on a pre-shared key PSK list, and extra software and hardware cost is not needed under the condition of single access point deployment; the configuration is simple, only a list of the terminal and the pre-shared key is required to be maintained, the simultaneous configuration of multiple pre-shared keys and multiple terminals is supported, and the configuration does not depend on a specific software and hardware platform and a specific wireless terminal; different terminals correspond to different pre-shared keys, and compared with the original general pre-shared key, the method has higher security.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present application, the drawings that are needed in the examples will be briefly described below, it being understood that the following drawings only illustrate some examples of the present application and therefore should not be considered as limiting the scope, and that other related drawings may be obtained from these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a flow chart of a method for multi-terminal independent access authentication based on a pre-shared key;
fig. 2 is a schematic diagram of an independent handshake key authentication procedure.
Detailed Description
For the purpose of making apparent the objects, technical solutions and advantages of the present application, the present application will be further described in detail with reference to the following examples and the accompanying drawings, wherein the exemplary embodiments of the present application and the descriptions thereof are for illustrating the present application only and are not to be construed as limiting the present application.
The existing wireless network access authentication method needs a cloud service end to participate in management and control for high concurrency wireless terminal access authentication of multiple wireless APs, increases network deployment and maintenance cost, and is difficult to meet the use scene of single AP deployment such as household use; the present application provides the following embodiments to solve the above technical problems:
example 1
The embodiment provides a multi-terminal independent access authentication method based on a pre-shared key, as shown in fig. 1, including:
step one: acquiring an access authentication terminal and sequentially carrying out association key configuration on the terminal to obtain an access authentication user list;
the access authentication user list comprises the following components:
the form is as follows:
the first column is the user name of the terminal accessing authentication, the second column is the SSID name of the corresponding wireless radio frequency, and the third column is the corresponding association key. The user name is any string or MAC address.
Step two: generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the configuration access authentication user list;
the composition of the pre-shared key PSK list includes:
the form is as follows:
ABC 5cc70f7da31f09d30ebb30abfb5d2e914fd75f574107eabcb7aedb8e99164252
XYZ 4c551d4a0666b1fd2042cb02d2ee0ecbb368f632bbfae05c6cd94f4198aeb70f
AA:BB:CC:11:22:33 85aff993621b23d5142c541f334be0939e7b5b82b6fb66a19f5d08a9d2559d30
the first column is the user name of the terminal with access authentication, and the second column is the unique pre-shared key PSK which is correspondingly generated. The pre-shared key PSK is any letter or number.
One terminal may correspond to a unique pre-shared key PSK (e.g., user AA: BB: CC:11:22:33, meaning that only wireless terminals with the MAC can uniquely associate the pre-shared key PSK as 85aff993621b23d5142c541f334be0939e7b5b82b6fb66a19f5d08a9d2559d 30), or multiple terminals may correspond to a unique pre-shared key PSK (e.g., user ABC, XY Z, meaning that any wireless terminal used by the user can associate the respective pre-shared key).
Step three: performing independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
as shown in fig. 2, step three includes the sub-steps of:
s31: the access point generates a random number Anonce and sends the random number Anonce to each terminal;
s32: each terminal sends a return packet to the access point, wherein the return packet comprises: a random number SNonce generated by a terminal, a terminal MIC (STA), a terminal MAC (STA) address and a terminal calculation key PTK (STA);
s33: the access point selects a unique pre-shared key PSK in a pre-shared key PSK list, and generates an access point calculation key PTK (AP) and an access point MIC (AP) by adding a random number Snonce, a terminal MAC (STA) address, an access point MAC address and a random number Anonce in a matching way;
values of PSK are sequentially fetched from a pre-shared key PSK list (including PSK1, PSK2 and PSK3 … …), and PSK1 is taken as an example, and PSK1 is combined with parameters obtained in the previous steps to obtain PTKs and MICs of access points corresponding to PSK1 through a fixed algorithm, namely:
PSK1+Snonce+MAC(STA)+MIC(AP)+Anonce==>ApPTK PSK1 +ApMIC PSK1 ;
s34: judging whether the access point MIC (AP) is equal to the terminal MIC (STA), if so, entering S35; otherwise, returning to the step S33, repeatedly executing the step S33 until all the unique pre-shared secret keys PSK are matched, and directly entering the step S36;
judgment of ApMIC PSK1 If the PTK and the MIC are equal to each other, the process goes to S35 if the PTK and the MIC are equal to each other, and if the PTK and the MIC are not equal to each other, the process returns to S33 to take the next PSK (i.e., PSK 2) and recalculate the PTK and the MIC of the corresponding access point, namely:
PSK2+Snonce+MAC(STA)+MIC(AP)+Anonce==>ApPTK PSK2 +ApMIC PSK2 ;
until all PSK in the pre-shared key PSK list is verified;
s35: judging whether the user name corresponding to the currently selected unique pre-shared key PSK in the pre-shared key PSK list is an MAC address, comparing whether the user name is equal to the terminal MAC (STA) address or not under the condition that the user name is the MAC address, and if so, entering step S36; otherwise, repeating steps S33-S34;
the result is that PSKn (n=1, 2,3 …) will have a corresponding user name USERNAMEn in the pre-shared key PSK list, if the USERNAMEn is a MAC address, then it is further determined whether USERNAMEn and StaMAC are equal, and if they are equal, S36 is entered, and if they are not equal, S33 is returned to continue to take the next PSK for recalculation and verification;
s36: if the effective PSK is obtained based on the steps, the subsequent flow allows the terminal to access, otherwise, the terminal authentication fails and cannot be accessed.
Step four: the access point allows a terminal that has successfully authenticated with the independent handshake key to access the network.
The PTK of the terminal user is generated according to the password and the random number Anonce, the random number Snonce, the MAC address of the terminal user and the MAC address of the access point which are input when the terminal user accesses the SSID, and the MIC of the terminal user is generated according to the PTK of the terminal user and the data frame through an MD5 algorithm.
The embodiment optimizes the general encryption technology on the existing wireless network access authentication method, performs independent handshake key authentication of the access point and each terminal based on a pre-shared key PSK list, and does not need additional software and hardware cost under the condition of single access point deployment; the configuration is simple, only a list of terminal users and pre-shared keys is required to be maintained, the application is flexible, the simultaneous configuration of multiple pre-shared keys and multiple users is supported, and the configuration does not depend on a specific software and hardware platform and a wireless terminal; different terminals correspond to different pre-shared keys, and compared with the original general pre-shared key, the method has higher security.
Example 2
The embodiment provides a multi-terminal independent access authentication system based on a pre-shared key, which is used for realizing the multi-terminal independent access authentication method based on the pre-shared key, and comprises the following steps:
the configuration module is used for acquiring the terminal of the access authentication and sequentially carrying out association key configuration on the terminal to obtain an access authentication user list;
the calculation module is used for generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the access authentication user list;
the authentication module is used for carrying out independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
and the access module is used for allowing the terminal successfully authenticated by the independent handshake key to access the network by the access point. The access point is a single AP deployment.
Example 3
The present embodiment provides a computer-readable medium having stored thereon a computer program that is executed by a processor to implement a multi-terminal independent access authentication method based on a pre-shared key as described above.
The application ensures that no extra software and hardware cost is needed under the single AP deployment condition; the configuration is simple, and only a list of the terminal user and the pre-shared key is required to be maintained; supporting simultaneous configuration of multiple pre-shared keys and multiple users, wherein the pre-shared keys and the users can be associated in a 1-to-1 mode, and can also be associated in a 1-to-multiple mode; the scheme of the application realizes the independent authentication method of multiple wireless terminals, and the implementation does not depend on a specific software and hardware platform and wireless terminals; the security is higher, different terminals correspond to different pre-shared keys, and compared with the original general pre-shared key, the security is higher.
The present application is described with reference to flowchart illustrations or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow or block of the flowchart illustrations or block diagrams, and combinations of flows or blocks in the flowchart illustrations or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.
Claims (10)
1. The multi-terminal independent access authentication method based on the pre-shared key is characterized by comprising the following steps:
step one: acquiring an access authentication terminal and carrying out association key configuration on the terminal to obtain an access authentication user list;
step two: generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the access authentication user list;
step three: performing independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
step four: the access point allows a terminal that has successfully authenticated with the independent handshake key to access the network.
2. The method for multi-terminal independent access authentication based on pre-shared secret key according to claim 1, wherein the composition of the access authentication user list comprises:
the first column is the user name of the terminal accessing the authentication, the second column is the SSID name of the corresponding wireless radio frequency, and the third column is the corresponding association key.
3. The method for authenticating multi-terminal independent access based on pre-shared secret key according to claim 2, wherein the user name is any character string or MAC address.
4. The method for multi-terminal independent access authentication based on pre-shared key according to claim 2, wherein the composition of the pre-shared key PSK list comprises:
the first column is the user name of the terminal accessing the authentication, and the second column is the unique pre-shared key PSK correspondingly generated.
5. The method for multi-terminal independent access authentication based on pre-shared key according to claim 4, wherein the pre-shared key PSK is an arbitrary letter or number.
6. The method for multi-terminal independent access authentication based on pre-shared secret key according to claim 2, wherein the step three comprises the following sub-steps:
s31: the access point generates a random number Anonce and sends the random number Anonce to each terminal;
s32: each terminal sends a return packet to the access point, wherein the return packet comprises: a random number SNonce generated by a terminal, a terminal MIC, a terminal MAC address and a terminal calculation key PTK;
s33: the access point sequentially selects a unique pre-shared key PSK in a pre-shared key PSK list, and generates an access point calculation key PTK and an access point MIC by matching and adding a random number Snonce, a terminal MAC address, an access point MAC address and a random number Anonce;
s34: judging whether the MIC of the access point is equal to the MIC of the terminal, if so, entering S35; otherwise, returning to the step S33, repeatedly executing the step S33 until all the unique pre-shared secret keys PSK are matched, and directly entering the step S36;
s35: judging whether the user name corresponding to the currently selected unique pre-shared key PSK in the pre-shared key PSK list is an MAC address, comparing whether the user name is equal to the terminal MAC address or not under the condition that the user name is the MAC address, and if so, entering step S36; otherwise, repeating steps S33-S34;
s36: if the effective PSK is obtained based on the steps, the subsequent flow allows the terminal to access, otherwise, the terminal authentication fails and cannot be accessed.
7. The method for multi-terminal independent access authentication based on pre-shared secret key according to claim 1, wherein the end user PTK is generated according to a password and a random number Anonce, a random number Snonce, an end user MAC address and an access point MAC address input when the end user accesses the SSID, and the end user MIC is generated according to the end user PTK and the data frame by the MD5 algorithm.
8. A multi-terminal independent access authentication system based on a pre-shared key, which is used for implementing the multi-terminal independent access authentication method based on a pre-shared key as claimed in any one of claims 1 to 7, comprising:
the configuration module is used for acquiring the terminal of the access authentication and sequentially carrying out association key configuration on the terminal to obtain a configuration access authentication user list;
the calculation module is used for generating a pre-shared key PSK list based on the pdkdf 2-SHA 1 algorithm and the configuration access authentication user list;
the authentication module is used for carrying out independent handshake key authentication of the access point and each terminal based on the pre-shared key PSK list;
and the access module is used for allowing the terminal successfully authenticated by the independent handshake key to access the network by the access point.
9. The pre-shared key based multi-terminal independent access authentication system of claim 8, wherein the access point is a single AP deployment.
10. A computer readable medium having stored thereon a computer program, wherein the computer program is executable by a processor to implement a pre-shared key based multi-terminal independent access authentication method as claimed in any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310637386.6A CN116634430A (en) | 2023-05-31 | 2023-05-31 | Multi-terminal independent access authentication method, system and medium based on pre-shared secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310637386.6A CN116634430A (en) | 2023-05-31 | 2023-05-31 | Multi-terminal independent access authentication method, system and medium based on pre-shared secret key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116634430A true CN116634430A (en) | 2023-08-22 |
Family
ID=87621050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310637386.6A Pending CN116634430A (en) | 2023-05-31 | 2023-05-31 | Multi-terminal independent access authentication method, system and medium based on pre-shared secret key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116634430A (en) |
-
2023
- 2023-05-31 CN CN202310637386.6A patent/CN116634430A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2696208C1 (en) | Method and device for wireless devices authentication | |
| US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
| KR101270323B1 (en) | Methods, apparatuses, and computer program products for providing a single service sign-on | |
| EP2345268B1 (en) | Support of multiple pre-shared keys in access point | |
| EP2343917B1 (en) | Method, system and device for implementing device addition in the wi-fi device to device network | |
| CN102550001B (en) | User identity management for permitting interworking of a bootstrapping architecture and a shared identity service | |
| US8869252B2 (en) | Methods, apparatuses, and computer program products for bootstrapping device and user authentication | |
| US11882102B2 (en) | Generating a device identification key from a base key for authentication with a network | |
| US8621577B2 (en) | Method for performing multiple pre-shared key based authentication at once and system for executing the method | |
| WO2022127434A1 (en) | Wireless local area network authentication method and apparatus, and electronic device and storage medium | |
| US20190116493A1 (en) | Device Based Credentials | |
| CN101194529A (en) | Method for agreeing on a security key between at least one first and one second communications station for securing a communications link | |
| US20230076147A1 (en) | Method and apparatus for authenticating terminal, computer device and storage medium | |
| US20230344626A1 (en) | Network connection management method and apparatus, readable medium, program product, and electronic device | |
| WO2007034299A1 (en) | Re-keying in a generic bootstrapping architecture following handover of a mobile terminal | |
| US20240089728A1 (en) | Communication method and apparatus | |
| Castiglione et al. | An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update | |
| EP1915837A1 (en) | Method for performing multiple pre-shared key based authentication at once and system for executing the method | |
| WO2018067865A1 (en) | Generating an authentication result by using a secure base key | |
| CN116634430A (en) | Multi-terminal independent access authentication method, system and medium based on pre-shared secret key | |
| CN112423300A (en) | Wireless network access authentication method and device | |
| CN113543131A (en) | Network connection management method and device, computer readable medium and electronic equipment | |
| CN112202799B (en) | Authentication system and method for realizing binding of user and/or terminal and SSID | |
| CN116137711A (en) | User privacy protection method, device and system | |
| CN105828328A (en) | Network connection method, client network access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |