WO2016131289A1 - Method, device and user equipment for testing security of wireless hotspot - Google Patents

Method, device and user equipment for testing security of wireless hotspot Download PDF

Info

Publication number
WO2016131289A1
WO2016131289A1 PCT/CN2015/092218 CN2015092218W WO2016131289A1 WO 2016131289 A1 WO2016131289 A1 WO 2016131289A1 CN 2015092218 W CN2015092218 W CN 2015092218W WO 2016131289 A1 WO2016131289 A1 WO 2016131289A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless hotspot
security
hotspot
user equipment
wireless
Prior art date
Application number
PCT/CN2015/092218
Other languages
French (fr)
Chinese (zh)
Inventor
邵敏茹
王伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016131289A1 publication Critical patent/WO2016131289A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to the field of communications, and in particular to a wireless hotspot security detection method, apparatus, and user equipment.
  • WIFI Wireless-Fidelity
  • the WIFI hotspot is trusted by default, that is, the mobile terminal transparently transmits all network use requests to the hotspot through WIFI, and then sends requests and data to the Internet through the hotspot, which is highly likely in the data.
  • the disclosure of private information during the transmission process poses a security risk.
  • WIFI hotspot In the existing technology, when a mobile terminal (also referred to as a client or a user equipment) accesses a WIFI hotspot, it is more likely to verify the validity of the client to prevent the illegal user from accessing the WIFI hotspot or the WIFI hotspot or It is protected by other clients of the Wireless Local Area Network (WLAN). However, the legality and security of WIFI hotspots have not been considered.
  • WLAN Wireless Local Area Network
  • the invention provides a wireless hotspot security detection method, device and user equipment, so as to at least solve the problem that the security of the wireless hotspot cannot be detected in the related art.
  • a method for detecting a wireless hotspot security includes: receiving a broadcast message of at least one wireless hotspot, wherein the broadcast message includes: security information of a first wireless hotspot; Determining the security information to determine the security of the first wireless hotspot.
  • determining, according to the security information, the security of the first wireless hotspot includes: determining, in the case that the security information indicates that the security of the first wireless hotspot is non-secure The security of a wireless hotspot is non-secure; and/or the security of the first wireless hotspot is determined to be secure if the security information indicates that the security of the first wireless hotspot is secure.
  • the method further includes: When the user equipment is requested to access the first wireless hotspot, the operation of requesting the user equipment to access the first wireless hotspot is not performed; and/or the user equipment has been requested to access the first In the case of a wireless hotspot, the operation of terminating the access of the user equipment to the first wireless hotspot is terminated.
  • the method further includes: initiating a hotspot broadcast of the user equipment, and broadcasting the broadcast message.
  • the method further includes: accessing the user equipment to the first wireless hotspot.
  • the method further includes: sending a pre-association request to the first wireless hotspot, wherein the pre-association request is used for the request The identity information of the first wireless hotspot; the pre-association response of the first wireless hotspot in response to the pre-association request, wherein the pre-association response carries the identity information of the first wireless hotspot The identity information is used to determine a security level of the first wireless hotspot.
  • sending the pre-association request to the first wireless hotspot further includes: starting a timer when sending the pre-association request; wherein, after sending the pre-association request to the first wireless hotspot The method further includes: determining whether the pre-association response is received after the timer expires; determining the first wireless if the timer expires and the pre-association response is not received
  • the security level of the hotspot is a low security level.
  • the method further includes: initiating a networking request in a process of the user equipment In the case, it is determined whether the security level of the first wireless hotspot is lower than a security level required by the process; if the security level is lower than a security level required by the process, through a cellular network pair The process is networked.
  • the method further includes: sending a security evaluation of the first wireless hotspot to a server.
  • a wireless hotspot security detecting apparatus including: a receiving module, configured to receive a broadcast message of at least one wireless hotspot, wherein the broadcast message includes: a first wireless hotspot The security information; the determining module is configured to determine the security of the first wireless hotspot according to the security information.
  • the determining module is configured to: determine that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and Or determining that the security of the first wireless hotspot is secure if the security information indicates that the security of the first wireless hotspot is secure.
  • the device further includes: a processing module, configured to: after determining that the security of the first wireless hotspot is non-secure: in a case that the user equipment is not requested to access the first wireless hotspot, And performing an operation of requesting the user equipment to access the first wireless hotspot; and/or, if the user equipment is requested to access the first wireless hotspot, terminate the execution request to access the user equipment The operation of the first wireless hotspot.
  • a processing module configured to: after determining that the security of the first wireless hotspot is non-secure: in a case that the user equipment is not requested to access the first wireless hotspot, And performing an operation of requesting the user equipment to access the first wireless hotspot; and/or, if the user equipment is requested to access the first wireless hotspot, terminate the execution request to access the user equipment The operation of the first wireless hotspot.
  • the device further includes: a broadcast module, configured to determine that the security of the first wireless hotspot is non-security After all, the hotspot broadcast of the user equipment is started, and the broadcast message is broadcast.
  • a broadcast module configured to determine that the security of the first wireless hotspot is non-security After all, the hotspot broadcast of the user equipment is started, and the broadcast message is broadcast.
  • the device further includes: an access module, configured to: after determining that the security of the first wireless hotspot is secure, access the user equipment to the first wireless hotspot.
  • an access module configured to: after determining that the security of the first wireless hotspot is secure, access the user equipment to the first wireless hotspot.
  • the device further includes: a pre-association request sending module, configured to send a pre-association request to the first wireless hotspot before or after the user equipment is accessed by the first wireless hotspot, where The pre-association request is used to request identity information of the first wireless hotspot; the pre-association response receiving module is configured to receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre- The association response carries the identity information of the first wireless hotspot, and the identity information is used to determine a security level of the first wireless hotspot.
  • a pre-association request sending module configured to send a pre-association request to the first wireless hotspot before or after the user equipment is accessed by the first wireless hotspot, where The pre-association request is used to request identity information of the first wireless hotspot
  • the pre-association response receiving module is configured to receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre- The association response carries the identity information of the first wireless hot
  • the pre-association request sending module is further configured to: when the pre-association request is sent, start a timer; wherein the device further includes: a pre-association response determining module, configured to send the pre-association After requesting to the first wireless hotspot, determining whether the pre-association response is received after the timer expires; the security level determining module is configured to time out the timer and not receive the pre-association response In case, the security level of the first wireless hotspot is determined to be a low security level.
  • the device further includes: a security level determining module, configured to: the security level of the first wireless hotspot accessed by the user equipment is the low security level, and the process of the user equipment is initiated In the case of a networked request, determining whether the security level of the first wireless hotspot is lower than a security level required by the process; the networking module is configured to be lower than the security level required by the process In the case, the process is networked through a cellular network.
  • a security level determining module configured to: the security level of the first wireless hotspot accessed by the user equipment is the low security level, and the process of the user equipment is initiated In the case of a networked request, determining whether the security level of the first wireless hotspot is lower than a security level required by the process; the networking module is configured to be lower than the security level required by the process In the case, the process is networked through a cellular network.
  • the device further includes: a security evaluation sending module, configured to send a security evaluation of the first wireless hotspot to the server after the user equipment is accessed by the first wireless hotspot.
  • a security evaluation sending module configured to send a security evaluation of the first wireless hotspot to the server after the user equipment is accessed by the first wireless hotspot.
  • a user equipment including: the foregoing wireless hotspot security detecting apparatus.
  • the broadcast message of the at least one wireless hotspot is used in the embodiment of the present invention, where the broadcast message includes: security information of the first wireless hotspot; and the manner of determining the security of the first wireless hotspot according to the security information, and the related In the technology, the security of the wireless hotspot cannot be detected, and the security of the wireless hotspot is detected.
  • FIG. 1 is a flowchart of a method for detecting a wireless hotspot security according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a wireless hotspot security detecting apparatus according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for a STA to securely access a WIFI hotspot according to an optional embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an early warning frame of a high-risk hot spot warning information according to an alternative embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a frame structure of pre-association request information according to an optional embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a frame structure of pre-association response information according to an optional embodiment of the present invention.
  • FIG. 7 is a flowchart of accessing the Internet when the security attribute of the target AP is an intermediate security according to an alternative embodiment of the present invention
  • FIG. 8 is a schematic structural diagram of an apparatus for securely accessing a WIFI hotspot according to an alternative embodiment of the present invention.
  • FIG. 1 is a flowchart of a wireless hotspot security detection method according to an embodiment of the present invention. As shown in FIG. 1 , the flow includes the following steps:
  • Step S102 Receive a broadcast message of the at least one wireless hotspot, where the broadcast message includes: security information of the first wireless hotspot;
  • Step S104 Determine security of the first wireless hotspot according to the security information.
  • the security information of the wireless hotspot can be obtained through the broadcast message of the at least one wireless hotspot, and the security of the first wireless hotspot is determined according to the security information, thereby solving the problem that the security of the wireless hotspot cannot be detected in the related art. , to achieve the detection of wireless hotspot security.
  • the wireless hotspots in the embodiments of the present invention include, but are not limited to, a WIFI-based wireless hotspot, a ZigBee based wireless hotspot, and a Bluetooth (BlueTooth) based wireless hotspot.
  • the hotspot identifier may have different names, but the essence is used as the wireless hotspot identification information, which is used to uniquely identify a wireless hotspot or provide the wireless hotspot in the network.
  • the foregoing security information indicates whether the security of the first wireless hotspot is a security level of the recommended access.
  • the security information may include two indications: a secure access indication, an unsecure access indication, or respectively: a secure wireless hotspot indication, a dangerous wireless hotspot indication.
  • the security information may also include security level grading information for the wireless hotspot.
  • the security level may be classified into three levels: a high security level, a low security level, and no security level, wherein high security may be adopted.
  • the level, low security level is used as a secure access indication
  • the security level of the layout security is regarded as an unsecure access level.
  • the wireless hotspot for broadcast message broadcast may be provided by a fixed hotspot providing device, or may be provided by other mobile terminals.
  • the current mobile terminals have the function of turning on the hotspot and setting up the wireless local area network, and the mobile hotspot function can open the wireless hotspot and broadcast the broadcast message.
  • the foregoing method can be applied to a user equipment.
  • the user equipment referred to in the embodiment of the present invention includes a fixed or portable device with a wireless hotspot access function.
  • the embodiment of the present invention is applied to a portable user equipment, such as a mobile terminal such as a smart phone or a tablet computer.
  • the application is also applicable to a fixed device such as a desktop personal computer having a wireless hotspot access function, which is not limited in the embodiment of the present invention.
  • the user equipment is taken as an example for description and description in the embodiment of the present invention.
  • step S104 if the security information indicates that the security of the first wireless hotspot is non-secure, determining that the security of the first wireless hotspot is non-secure; and/or indicating that the security information is first When the security of the wireless hotspot is secure, it is determined that the security of the first wireless hotspot is safe.
  • the foregoing step is applied to the access process of the wireless hotspot, and the wireless hotspot security may be detected before or after the authentication request is sent to the wireless hotspot, and before the access of the wireless hotspot is completed. If the security of the first wireless hotspot is determined to be non-secure, and the user equipment is not requested to access the first wireless hotspot, the operation of requesting to access the user equipment to the first wireless hotspot is not performed; optionally In the case that it is determined that the security of the first wireless hotspot is non-secure and the user equipment is requested to access the first wireless hotspot, the operation of requesting to access the user equipment to the first wireless hotspot may also be terminated.
  • the user may display the alarm information of the first wireless hotspot to the user, and if the user confirms that the first wireless hotspot is no longer accessed according to the alarm information, the user equipment No access is requested to the first wireless hotspot.
  • the user equipment may also store the hotspot identifier and the security information of the first wireless hotspot locally, and establish a blacklist of the wireless hotspot, so that the next time the wireless hotspot is accessed, the wireless hotspot blacklist may be matched first. For the matching wireless hotspot, the access can be denied directly.
  • the user may finally confirm whether to access the first wireless hotspot according to the pre-configured security policy.
  • the user equipment may also initiate a hotspot broadcast of the user equipment and broadcast a broadcast message.
  • the user equipment may be broadcast periodically or only once or several times.
  • the user equipment may also decide whether to broadcast and broadcast the period according to the status of the device. For example, in the case where the power of the user equipment is low, a longer periodic broadcast may be selected, or no broadcast may be performed.
  • the broadcast message when the broadcast message is broadcast, only the security information of the wireless hotspot that the user equipment can detect may be broadcasted, and the wireless hotspot that is not detected by the user equipment may not broadcast the security information.
  • the user equipment may be accessed to the first wireless hotspot if the wireless hotspot needs to be accessed according to the indication of the user.
  • the user equipment may send a pre-association request to the first wireless hotspot through the cellular network or the first wireless hotspot, where the pre-association request is used to request the first Identity information for wireless hotspots; these identity information includes hotspot identifiers, as well as other information used to confirm the security of hotspots.
  • a wireless hotspot provider can apply for authentication from a server, and the authentic identity information of the wireless hotspot provider can be provided as a guarantee during authentication.
  • the server After passing the authentication, the server will issue a certificate to the wireless hotspot provider, where the server can root
  • the security level of the wireless hotspot provider is generated according to the credit rating of the wireless hotspot provider (such as bank credit rating, illegal violation record) or asset information, and the security level is recorded in the authentication certificate.
  • the wireless hotspot may respond to the user equipment, and receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre-association response may carry the authentication certificate of the first wireless hotspot. Or other identity information, so that the user equipment can determine the security level of the first wireless hotspot according to the authentication certificate or the identity information.
  • the user equipment may also start a timer when sending the pre-association request; after sending the pre-association request to the first wireless hotspot, the user equipment determines whether the pre-association response is received after the timer expires; In case of timeout and no pre-association response is received, it is determined that the security level of the first wireless hotspot is a low security level. At this time, the user equipment can also access the first wireless hotspot, but will protect the highly secure process.
  • the user equipment determines whether the security level of the first wireless hotspot is lower than The security level required by the process; in the case that the security level is lower than the security level required by the process, the user equipment can switch to the cellular network to network the process to implement information exchange between the process and the network through the cellular network.
  • you can turn off the wireless hotspot and then enable the data transfer function of the cellular network.
  • the cellular network includes, but is not limited to, a general packet radio service (General Packet Radio Service, GPRS for short), an enhanced data rate (GSM), and an enhanced data rate (Enhanced Date Rate for GSM Evolution, EDGE for short).
  • GPRS General Packet Radio Service
  • GSM enhanced data rate
  • EDGE Enhanced Date Rate for GSM Evolution
  • HSPA High-Speed Packet Access
  • HSPA+ High-Speed Packet Access Technology Evolution
  • 4G fourth-generation mobile communication technology
  • the user equipment may further send a security evaluation of the first wireless hotspot to the server.
  • the security evaluation is input by the user to the user equipment.
  • the user inputs the security evaluation it may be actively input, for example, when the user uses the first wireless hotspot or after using the first wireless hotspot, according to the usage experience and the security status of the user account, by calling the user equipment.
  • the user input security evaluation may also be passive. For example, when the user equipment terminates the access of the first wireless hotspot, the user interface provides an interface for the user to input the security evaluation.
  • the security evaluation may be a text comment or a security level description for the server.
  • the security level of the first wireless hotspot may be determined or updated according to the security evaluation; for example, when the server receives a predetermined number/predetermined proportion of the security rating of the unsecured level of the first wireless hotspot, The security level of a wireless hotspot is updated to be unsecure.
  • the server may also provide security information of the first wireless hotspot to the user equipment through the cellular network.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • a wireless hotspot security detection device is also provided, which is used to implement the above-mentioned embodiments and optional embodiments, and has not been described again.
  • the term “module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the apparatus includes: a receiving module 22 and a determining module 24, wherein the receiving module 22 is configured to receive at least one wireless hotspot.
  • the broadcast message includes: the security information of the first wireless hotspot; the determining module 24 is connected to the receiving module 22, and is configured to determine the security of the first wireless hotspot according to the security information.
  • the determining module 24 includes: a first determining unit, configured to determine that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and/or The second determining unit is configured to determine that the security of the first wireless hotspot is safe if the security information indicates that the security of the first wireless hotspot is secure.
  • the device further includes: a processing module, configured to: after determining that the security of the first wireless hotspot is non-secure: if the user equipment is not requested to access the first wireless hotspot, the request is no longer performed. The operation of accessing the first wireless hotspot; and/or the operation of requesting the user equipment to access the first wireless hotspot if the user equipment has been requested to access the first wireless hotspot.
  • a processing module configured to: after determining that the security of the first wireless hotspot is non-secure: if the user equipment is not requested to access the first wireless hotspot, the request is no longer performed. The operation of accessing the first wireless hotspot; and/or the operation of requesting the user equipment to access the first wireless hotspot if the user equipment has been requested to access the first wireless hotspot.
  • the device further includes: a broadcast module, connected to the first determining unit, configured to start a hotspot broadcast of the user equipment, and broadcast a broadcast message.
  • a broadcast module connected to the first determining unit, configured to start a hotspot broadcast of the user equipment, and broadcast a broadcast message.
  • the device further includes: an access module, connected to the second determining unit, configured to access the user equipment to the first wireless hotspot.
  • the device further includes: a pre-association request sending module, where the connection provided by the first wireless hotspot is connected to the first wireless hotspot, and is configured to send a pre-association request to the first wireless hotspot, where the pre-association request is used for the request a pre-association response receiving module, configured to receive a pre-association response of the first radio hotspot in response to the pre-association request, wherein the pre-association response is connected by the connection provided by the first wireless hotspot to the first wireless hotspot.
  • a pre-association request sending module where the connection provided by the first wireless hotspot is connected to the first wireless hotspot, and is configured to send a pre-association request to the first wireless hotspot, where the pre-association request is used for the request
  • a pre-association response receiving module configured to receive a pre-association response of the first radio hotspot in response to the pre-association request, wherein the pre-association response is connected by the connection provided by the first wireless hotspot to the first wireless hotspot
  • the pre-association request sending module is further configured to: when the pre-association request is sent, start a timer; wherein the device further includes: a pre-association response determining module, connected to the pre-association request sending module, and configured to send the pre-association After requesting to the first wireless hotspot, determining whether a pre-association response is received after the timer expires; the security level determining module is connected to the pre-association response determining module, and when the timer expires and the pre-association response is not received, It is determined that the security level of the first wireless hotspot is a low security level.
  • the device further includes: a security level determining module, configured to determine that the security level of the first wireless hotspot accessed by the user equipment is a low security level, and in the case that the process of the user equipment initiates the networking request, Whether the security level of the first wireless hotspot is lower than the security level required by the process; the networking module is connected with the security level determining module, and is set to perform the process through the cellular network when the security level is lower than the security level required by the process. networking.
  • a security level determining module configured to determine that the security level of the first wireless hotspot accessed by the user equipment is a low security level, and in the case that the process of the user equipment initiates the networking request, Whether the security level of the first wireless hotspot is lower than the security level required by the process
  • the networking module is connected with the security level determining module, and is set to perform the process through the cellular network when the security level is lower than the security level required by the process. networking.
  • the device further includes: a security evaluation sending module, configured to send the security evaluation of the first wireless hotspot to the server after the user equipment accesses the first wireless hotspot.
  • a security evaluation sending module configured to send the security evaluation of the first wireless hotspot to the server after the user equipment accesses the first wireless hotspot.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
  • the embodiment of the present invention further provides a user equipment, including the above-mentioned wireless hotspot security detecting apparatus, for implementing the above wireless hotspot security detecting method.
  • Embodiments of the present invention also provide a software for performing the technical solutions described in the foregoing embodiments and optional embodiments.
  • Embodiments of the present invention also provide a storage medium.
  • the above storage medium may be configured to store program code for performing the following steps:
  • the broadcast message of the at least one wireless hotspot is received, where the broadcast message includes: a hotspot identifier, and security information of the first wireless hotspot with the hotspot identifier;
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM).
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a method and a device for securely accessing a WIFI hotspot are provided.
  • the method for securely accessing a WIFI hotspot includes the following steps:
  • Step 1 The client receives a broadcast message from a target WIFI hotspot (corresponding to the first wireless hotspot) and a broadcast message from other hotspots around;
  • Step 2 The client parses the broadcast message and extracts the high-risk hotspot warning information therein.
  • the client can also query the credit rating of the target hotspot through the cloud server as a supplement to the security diagnosis of the target access point (AP, ie, hotspot). source.
  • AP target access point
  • Step 3 The client performs the judgment according to the high-risk hotspot warning information queried in step 1, if the target WIFI is hot Point to a high-risk hot spot, go to step 4; otherwise, go to step 5.
  • Step 4 The client refuses to access the target WIFI hotspot, stops the authentication request, and starts the high-risk hotspot broadcast, and reports the high-risk hotspot to other nearby clients by sending the broadcast information.
  • Step 5 The client initiates an authentication request to the target WIFI hotspot
  • Step 6 After receiving the authentication response from the target WIFI hotspot, the client initiates a pre-association request to the target WIFI hotspot, where the key information is requested from the target WIFI hotspot, wherein the key information refers to the WIFI hotspot device and the holder.
  • Identity information for example, the International Mobile Equipment Identity (IMEI) of the WIFI hotspot, the valid ID number of the holder, etc.;
  • Step 7 The client waits for a pre-association response from the target WIFI hotspot and starts a timer. If a valid pre-association response from the target WIFI hotspot is received before the timer expires, the process proceeds to step 8; otherwise, the process proceeds to step 9.
  • step 8 the client receives a valid pre-association response from the target WIFI hotspot before the timer expires, and extracts key information in the authentication response information, and saves the information to the local database.
  • the security attributes of the target WIFI hotspot are defined and uploaded to the cloud server.
  • Step 9 The client fails to receive a valid pre-association response from the target WIFI hotspot before the timer expires, and defines the target WIFI hotspot security attribute as intermediate security, and proceeds to step 10.
  • Step 10 The client defines a security level for an application that needs to be networked
  • Step 11 When the client initiates the networking request, the process determines whether the process corresponding to the networking request belongs to a sensitive process; wherein the sensitive process refers to a process that requires high security performance.
  • Step 12 Determine the application of the step 11, when the client's networking request comes from the sensitive application, disconnect the target WIFI hotspot, and switch to the cellular mobile network, otherwise the application's networking request is transparently transmitted to the target WIFI hotspot. .
  • Step 13 When the client ends the connection with the target WIFI hotspot, the client prompts the user to evaluate the security of the connection through the display module.
  • step 14 the client combines the security evaluation of the user in step 13, defines the credit level of the target WIFI hotspot, and uploads it to the cloud server.
  • the security evaluation of the target WIFI hotspot by the client may be initiated by the user actively, that is, when the user finds that the security of the target AP has been compromised during the connection to the target AP at a later time, the user may initiate the security. Upload the security of the target hotspot to update the previously uploaded security evaluation of the target AP.
  • the embodiment of the present invention further provides a device for securely accessing a WIFI hotspot (hereinafter referred to as a client device), and the client device includes:
  • Transceiver module set to send and receive messages with servers, WIFI hotspots or other clients.
  • Parsing module Set to parse client messages from the server, WIFI hotspot or other for sending and receiving.
  • Control module set to control the local process to access the network, according to the security level of the currently connected WIFI hotspot, control some sensitive processes to access the network through WIFI; or switch to the cellular mobile network to control the sensitive process to access the Internet through the cellular mobile network.
  • the sensitive process refers to the process that requires high security performance.
  • Display module set to display the security level of the WIFI hotspot to the user; set to collect the security information of the relevant WIFI hotspot to the user.
  • the foregoing solution provided by the optional embodiment of the present invention can intelligently select an optimal access and data transmission policy according to the security level of the WIFI hotspot to be accessed, effectively protect the privacy and security of the client user, and improve the product. safety.
  • FIG. 3 is a schematic flow chart of a method for securely accessing a WIFI hotspot in an alternative embodiment of the present invention. As shown in FIG. 3, the method includes:
  • step S3001 the STA receives a beacon frame (Beacon) message and a pre-alarm message sent by the hotspot around the local device to detect an AP that is available around the STA.
  • Beacon beacon frame
  • Step S3002 The STA parses the Beacon message received in step S3001 and the pre-alert message to extract the high-risk hot spot warning information therein, and determines whether the pointed AP is the target AP.
  • FIG. 4 is an early warning frame structure of a high-risk hotspot warning information in an alternative embodiment of the present invention, as shown in FIG. 4, including:
  • the Frame Control field includes: protocol version (Protocol) bit, distributed system uplink (To DS) bit and distributed system downlink (From DS) bit, more Fragment bit, retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address 1 field, Address 2 (Address2) Field, Address 3 field, Sequence Control field Address 4 (Address 4) field, Frame Check Sequence (FCS) field.
  • protocol version Protocol
  • To DS distributed system uplink
  • From DS distributed system downlink
  • FSS Frame Check Sequence
  • a standard management frame is modified to enable broadcast of high-risk hotspot warning information.
  • the modified management frame includes:
  • Sub Type field The Sub Type field of the standard frame is modified to form a special frame of the embodiment, which is set as the connection information of the broadcast wireless AP itself, and the wireless AP that receives the radio frame can also perform the same. Analysis. Since the Sub Type values 0110 to 0111 and 1101 to 1111 of the management frame in the standard protocol are not defined, any one of them can be used here to distinguish it from other standard values. Optionally, this embodiment may assign a value of 0110 to the Sub Type, indicating that the The management frame is a high risk alert frame.
  • Frame body field is the data field of the frame.
  • identity of the high-risk AP for example, Media Access Control (MAC) address, service set An Service Set Identifier (SSID) information is encapsulated in this field.
  • MAC Media Access Control
  • SSID Service Set Identifier
  • step S3003 the STA queries the cloud server for the security credit rating of the target hotspot.
  • the security credit rating is data generated and uploaded to the server according to the STA that has been connected to the AP.
  • STA1 is used as an example.
  • the user objectively evaluates the security of the target AP through STA1, and considers that the security credit rating of the target AP is some Level Security_Level_STA1, at the same time STA1 uploads this security credit rating to the cloud server. If the STA has previously uploaded the security credit rating of the target AP, the newly uploaded security credit rating overwrites the previous old security credit rating.
  • the security credit rating may be set to 0, 1, 2, where 0 indicates that the security credit level of the target AP is low, 1 indicates that the security credit level of the target AP is medium, and 2 indicates the security credit rating of the target AP. High.
  • the STA when the STA queries the cloud server for the security credit level of the target AP, the STA extracts the MAC address in the standard Beacon frame, and uses the index as the index to request the cloud server to obtain the security credit rating of the device represented by the MAC.
  • step S3004 the STA determines the security attribute of the target AP, and determines whether the target AP belongs to the high-risk AP.
  • the process goes to step S3101, otherwise to step S3201.
  • the input is the high-risk warning information in step S3002 and the security credit level in step S3003. That is, once the high-risk warning information is detected in step S3002 or the credit security level of the target AP is low in step S3003, the target AP is determined to be a high-risk AP, and the security is defined as low-level security.
  • Step S3101 The STA initiates an authentication request to the target AP.
  • Step S3102 The STA receives an authentication response message from the target AP.
  • step S3103 the STA initiates a pre-association request to the target AP, and sets a timer.
  • the pre-association request means that the STA requests key information about the target AP from the target AP.
  • the key information refers to the ability to effectively identify the target AP device or its holder. For example, the IMEI information of the AP device or valid document information in the traditional sense of the AP holder.
  • FIG. 5 is a frame structure of pre-association request information in an alternative embodiment of the present invention, as shown in FIG. 5, including:
  • the Frame Control field includes: Protocol bit, To DS and From DS bits, More Fragment bit, Retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address1 field, Address2 field, Address3 Field, Sequence Control field Address4 field, FCS field.
  • Sub Type The Sub Type field of the standard frame is modified to form a special frame of the optional embodiment, so that the STA sends a pre-association request to the AP.
  • the Sub Type values 0110 to 0111 and 1101 to 1111 of the management frame in the standard protocol are not defined, any one of them can be used here to distinguish it from other standard values.
  • the Sub Type is assigned a value of 0111, indicating that the management frame is a pre-association request frame.
  • step S3104 the STA determines whether valid pre-association response information from the target AP is received before the Timer expires. If the STA does not receive the valid secondary response information from the target AP before the Timer expires, the process goes to step S3111, otherwise to step S3121.
  • the valid pre-association response information means that the pre-association response information includes key information about the target AP.
  • FIG. 6 is a frame structure of pre-association response information according to an alternative embodiment of the present invention. As shown in FIG. 6, the method includes:
  • the Frame Control field includes: Protocol bit, To DS and From DS bits, More Fragment bit, Retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address1 field, Address2 field, Address3 Field, Sequence Control field Address4 field, FCS field.
  • Sub Type field of the standard frame is modified to form a special frame of the alternative embodiment, which is set to the connection information of the broadcast wireless AP itself, and the wireless AP that receives the radio frame can also parse it;
  • the optional embodiment assigns a value of 0110 to the Sub Type, indicating that the management frame is a pre-association response frame.
  • the Frame body field is a data field of a frame.
  • key information is encapsulated in this field.
  • the key information refers to the ability to effectively identify the target AP device or its holder. For example, the IMEI of the AP device Information or valid document information in the traditional sense of the AP holder.
  • step S3111 the STA defines the security attribute of the target AP as intermediate security.
  • step S3112 the flow shown in FIG. 7 is turned.
  • step S3121 the STA defines the security attribute of the target AP as advanced security; and uploads the security attribute to the cloud server.
  • Step S3122 The STA initiates a connection request to the target AP, and completes data transmission with the target AP according to the existing WIFI technical specification.
  • the data uploaded to the cloud server also includes the MAC address and IMEI information of the STA.
  • step S3201 the STA refuses to access the target AP and stops initiating the authentication request. At the same time, the STA turns off its own WIFI and activates the local hotspot function.
  • step S3202 the STA broadcasts the high-risk hotspot warning information through the Beacon frame. It should be noted that the broadcast high-risk hotspot information may be periodic.
  • FIG. 7 is a flowchart of a method for a STA to access an Internet through a target AP in a method for securely accessing a WIFI hotspot in an alternative embodiment of the present invention.
  • Step S701 When a process accesses the Internet through the STA, the STA determines the security sensitivity of the process, and determines whether the process belongs to the security-sensitive process.
  • the security-sensitive process refers to a service that belongs to an application that requires a higher security level, such as an application such as an email, or an application that is temporarily specified by the user. For example, if the user considers that an application has a high security level at a certain time, the application corresponds to A process is a security-sensitive process.
  • Step S702 when it is determined in step S701 that the process requesting the Internet access belongs to the security-sensitive process, the process goes to step S711, otherwise to step S721.
  • step S711 the STA switches the mode of accessing the Internet from the WIFI mode to the cellular network mode, and after the process accesses the Internet, the STA is restored to the WIFI mode.
  • step S721 the STA transparently transmits the process data requesting the Internet access to the target AP.
  • FIG. 8 is a schematic structural diagram of an apparatus for securely accessing a WIFI hotspot according to an alternative embodiment of the present invention. As shown in FIG. 8, the apparatus includes:
  • Parsing module 801 configured to parse client messages from servers, WIFI hotspots, or others for transmission and reception.
  • the control module 802 is configured to control the local process to access the network, and according to the security level of the currently connected WIFI hotspot, control some sensitive processes to access the network through the WIFI, switch to the cellular mobile network, and control the sensitive process to access the Internet through the cellular mobile network.
  • the display module 803 is configured to display a security level of the WIFI hotspot to the user, and is configured to collect security information about the related WIFI hotspot from the user.
  • the transceiver module 804 is configured to send and receive messages with a server, a WIFI hotspot or other clients.
  • the foregoing embodiment or the optional embodiment of the present invention can effectively detect the security attribute of the target WIFI hotspot that the client is about to access, and intelligently access the target hotspot according to the security attribute of the target AP.
  • the WIFI hotspot accesses the Internet, and at the same time, for a WIFI hotspot with a low security level, it is possible to securely access the Internet for security-sensitive applications.
  • the client detects an unsafe WIFI hotspot it can also share this information to other surrounding clients in time.
  • the network security of the client is protected to a large extent, and the privacy of the user is protected.
  • the security information of the wireless hotspot can be obtained by using the broadcast message of the at least one wireless hotspot, and the security of the first wireless hotspot is determined according to the security information, and the related technology cannot be detected.
  • the security of wireless hotspots enables the detection of wireless hotspot security.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.

Abstract

Provided are a method, device and user equipment (UE) for testing security of a wireless hotspot. The method comprises: receiving a broadcast message of at least one wireless hotspot, wherein the broadcast message comprises security information of a first wireless hotspot; and according to the security information, determining the security of the first wireless hotspot. The present invention addresses the problem in the related art in which the security of the wireless hotspot cannot be tested, and realizes testing of the security of the wireless hotspot.

Description

无线热点安全性检测方法、装置及用户设备Wireless hotspot security detection method, device and user equipment 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种无线热点安全性检测方法、装置及用户设备。The present invention relates to the field of communications, and in particular to a wireless hotspot security detection method, apparatus, and user equipment.
背景技术Background technique
目前,用户在使用移动终端上网时,经常会使用无线保真(Wireless-Fidelity,简称为WIFI)进行网络连接。随着WIFI的日益普遍,现在已经有大量的公共场所提供免费的WIFI供用户使用,大大方便了用户使用。但是由此引发的安全隐患是不容忽视的,例如,一些不法分子在WIFI热点设备上动手脚,通过监听移动终端所有明文流量来偷取用户的口令、小型文本文件(Cookies),还可以进行流量劫持,危害了接入该热点的移动设备的安全。其中,所谓流量劫持,就是用户发出的请求,收到目标网站回复时,收到的内容被不法热点流入或替换成恶意内容、脚本、进而盗取用户的网站账号权限。Currently, when using a mobile terminal to access the Internet, users often use Wireless-Fidelity (WIFI) for network connection. With the increasing popularity of WIFI, there are already a large number of public places that provide free WIFI for users to use, which greatly facilitates users' use. However, the security risks caused by this cannot be ignored. For example, some criminals are on the WIFI hotspot device, stealing the user's password, small text files (Cookies), and traffic by listening to all the plaintext traffic of the mobile terminal. Hijacking compromises the security of mobile devices that access the hotspot. Among them, the so-called traffic hijacking is the request sent by the user. When receiving the reply from the target website, the received content is inflowed or replaced by malicious hotspots, scripts, and then steals the user's website account authority.
对于用户来说,在使用WIFI进行网络连接时,是默认信任WIFI热点的,即移动终端将所有网络使用请求通过WIFI透传至热点,进而通过热点向互联网发送请求和数据,极有可能在数据传输的过程中暴露隐私信息,存在安全隐患。For the user, when using WIFI for network connection, the WIFI hotspot is trusted by default, that is, the mobile terminal transparently transmits all network use requests to the hotspot through WIFI, and then sends requests and data to the Internet through the hotspot, which is highly likely in the data. The disclosure of private information during the transmission process poses a security risk.
现有的技术,在移动终端(又称为客户端、用户设备)接入WIFI热点时,更多的是针对客户端的合法性进行验证,以防止不法的用户接入WIFI热点,对WIFI热点或同无线局域网络(Wireless Local Area Network,简称为WLAN)的其它客户端进行保护。而对于WIFI热点的合法性、安全性却没有进行考虑。In the existing technology, when a mobile terminal (also referred to as a client or a user equipment) accesses a WIFI hotspot, it is more likely to verify the validity of the client to prevent the illegal user from accessing the WIFI hotspot or the WIFI hotspot or It is protected by other clients of the Wireless Local Area Network (WLAN). However, the legality and security of WIFI hotspots have not been considered.
针对相关技术中无法检测无线热点的安全性的问题,目前尚未提出有效的解决方案。In view of the problem that the security of the wireless hotspot cannot be detected in the related art, an effective solution has not been proposed yet.
发明内容Summary of the invention
本发明提供了一种无线热点安全性检测方法、装置及用户设备,以至少解决相关技术中无法检测无线热点的安全性的问题。The invention provides a wireless hotspot security detection method, device and user equipment, so as to at least solve the problem that the security of the wireless hotspot cannot be detected in the related art.
根据本发明实施例的一个方面,提供了一种无线热点安全性检测方法,包括:接收至少一个无线热点的广播消息,其中,所述广播消息包括:第一无线热点的安全性信息;根据所述安全性信息,确定所述第一无线热点的安全性。According to an aspect of the present invention, a method for detecting a wireless hotspot security includes: receiving a broadcast message of at least one wireless hotspot, wherein the broadcast message includes: security information of a first wireless hotspot; Determining the security information to determine the security of the first wireless hotspot.
可选地,根据所述安全性信息,确定所述第一无线热点的安全性包括:在所述安全性信息指示所述第一无线热点的安全性为非安全的情况下,确定所述第一无线热点的安全性为非安全;和/或在所述安全性信息指示所述第一无线热点的安全性为安全的情况下,确定所述第一无线热点的安全性为安全。Optionally, determining, according to the security information, the security of the first wireless hotspot includes: determining, in the case that the security information indicates that the security of the first wireless hotspot is non-secure The security of a wireless hotspot is non-secure; and/or the security of the first wireless hotspot is determined to be secure if the security information indicates that the security of the first wireless hotspot is secure.
可选地,在确定所述第一无线热点的安全性为非安全之后,所述方法还包括:在尚未请 求将用户设备接入所述第一无线热点的情况下,不再执行请求将所述用户设备接入所述第一无线热点的操作;和/或在已请求将用户设备接入所述第一无线热点的情况下,终止执行请求将所述用户设备接入所述第一无线热点的操作。Optionally, after determining that the security of the first wireless hotspot is non-secure, the method further includes: When the user equipment is requested to access the first wireless hotspot, the operation of requesting the user equipment to access the first wireless hotspot is not performed; and/or the user equipment has been requested to access the first In the case of a wireless hotspot, the operation of terminating the access of the user equipment to the first wireless hotspot is terminated.
可选地,在确定所述第一无线热点的安全性为非安全之后,所述方法还包括:启动用户设备的热点广播,并广播所述广播消息。Optionally, after determining that the security of the first wireless hotspot is non-secure, the method further includes: initiating a hotspot broadcast of the user equipment, and broadcasting the broadcast message.
可选地,在确定所述第一无线热点的安全性为安全之后,所述方法还包括:将用户设备接入所述第一无线热点。Optionally, after determining that the security of the first wireless hotspot is secure, the method further includes: accessing the user equipment to the first wireless hotspot.
可选地,在将所述用户设备接入所述第一无线热点之前或者之后,所述方法还包括:发送预关联请求至所述第一无线热点,其中,所述预关联请求用于请求所述第一无线热点的身份信息;接收所述第一无线热点响应于所述预关联请求的预关联响应,其中,所述预关联响应中携带有所述第一无线热点的所述身份信息,所述身份信息用于确定所述第一无线热点的安全等级。Optionally, before or after the user equipment is accessed by the first wireless hotspot, the method further includes: sending a pre-association request to the first wireless hotspot, wherein the pre-association request is used for the request The identity information of the first wireless hotspot; the pre-association response of the first wireless hotspot in response to the pre-association request, wherein the pre-association response carries the identity information of the first wireless hotspot The identity information is used to determine a security level of the first wireless hotspot.
可选地,发送所述预关联请求至所述第一无线热点还包括:在发送所述预关联请求时,启动计时器;其中,在发送所述预关联请求至所述第一无线热点之后,所述方法还包括:判断在所述计时器超时后,是否收到所述预关联响应;在所述计时器超时且未收到所述预关联响应的情况下,确定所述第一无线热点的所述安全等级为低安全等级。Optionally, sending the pre-association request to the first wireless hotspot further includes: starting a timer when sending the pre-association request; wherein, after sending the pre-association request to the first wireless hotspot The method further includes: determining whether the pre-association response is received after the timer expires; determining the first wireless if the timer expires and the pre-association response is not received The security level of the hotspot is a low security level.
可选地,在所述用户设备接入的所述第一无线热点的所述安全等级为所述低安全等级的情况下,所述方法还包括:在所述用户设备的进程发起联网请求的情况下,判断所述第一无线热点的所述安全等级是否低于所述进程所要求的安全等级;在所述安全等级低于所述进程所要求的安全等级的情况下,通过蜂窝网络对所述进程进行联网。Optionally, in a case that the security level of the first wireless hotspot accessed by the user equipment is the low security level, the method further includes: initiating a networking request in a process of the user equipment In the case, it is determined whether the security level of the first wireless hotspot is lower than a security level required by the process; if the security level is lower than a security level required by the process, through a cellular network pair The process is networked.
可选地,在将所述用户设备接入所述第一无线热点之后,所述方法还包括:发送所述第一无线热点的安全性评价至服务器。Optionally, after the user equipment is accessed by the first wireless hotspot, the method further includes: sending a security evaluation of the first wireless hotspot to a server.
根据本发明实施例的另一个方面,还提供了一种无线热点安全性检测装置,包括:接收模块,设置为接收至少一个无线热点的广播消息,其中,所述广播消息包括:第一无线热点的安全性信息;确定模块,设置为根据所述安全性信息,确定所述第一无线热点的安全性。According to another aspect of the present invention, a wireless hotspot security detecting apparatus is provided, including: a receiving module, configured to receive a broadcast message of at least one wireless hotspot, wherein the broadcast message includes: a first wireless hotspot The security information; the determining module is configured to determine the security of the first wireless hotspot according to the security information.
可选地,所述确定模块设置为:在所述安全性信息指示所述第一无线热点的安全性为非安全的情况下,确定所述第一无线热点的安全性为非安全;和/或在所述安全性信息指示所述第一无线热点的安全性为安全的情况下,确定所述第一无线热点的安全性为安全。Optionally, the determining module is configured to: determine that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and Or determining that the security of the first wireless hotspot is secure if the security information indicates that the security of the first wireless hotspot is secure.
可选地,所述装置还包括:处理模块,设置为在确定所述第一无线热点的安全性为非安全之后:在尚未请求将用户设备接入所述第一无线热点的情况下,不再执行请求将所述用户设备接入所述第一无线热点的操作;和/或在已请求将用户设备接入所述第一无线热点的情况下,终止执行请求将所述用户设备接入所述第一无线热点的操作。Optionally, the device further includes: a processing module, configured to: after determining that the security of the first wireless hotspot is non-secure: in a case that the user equipment is not requested to access the first wireless hotspot, And performing an operation of requesting the user equipment to access the first wireless hotspot; and/or, if the user equipment is requested to access the first wireless hotspot, terminate the execution request to access the user equipment The operation of the first wireless hotspot.
可选地,所述装置还包括:广播模块,设置为在确定所述第一无线热点的安全性为非安 全之后,启动用户设备的热点广播,并广播所述广播消息。Optionally, the device further includes: a broadcast module, configured to determine that the security of the first wireless hotspot is non-security After all, the hotspot broadcast of the user equipment is started, and the broadcast message is broadcast.
可选地,所述装置还包括:接入模块,设置为在确定所述第一无线热点的安全性为安全之后,将用户设备接入所述第一无线热点。Optionally, the device further includes: an access module, configured to: after determining that the security of the first wireless hotspot is secure, access the user equipment to the first wireless hotspot.
可选地,所述装置还包括:预关联请求发送模块,设置为在将所述用户设备接入所述第一无线热点之前或者之后,发送预关联请求至所述第一无线热点,其中,所述预关联请求用于请求所述第一无线热点的身份信息;预关联响应接收模块,设置为接收所述第一无线热点响应于所述预关联请求的预关联响应,其中,所述预关联响应中携带有所述第一无线热点的所述身份信息,所述身份信息用于确定所述第一无线热点的安全等级。Optionally, the device further includes: a pre-association request sending module, configured to send a pre-association request to the first wireless hotspot before or after the user equipment is accessed by the first wireless hotspot, where The pre-association request is used to request identity information of the first wireless hotspot; the pre-association response receiving module is configured to receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre- The association response carries the identity information of the first wireless hotspot, and the identity information is used to determine a security level of the first wireless hotspot.
可选地,所述预关联请求发送模块还设置为:在发送所述预关联请求时,启动计时器;其中,所述装置还包括:预关联响应判断模块,设置为在发送所述预关联请求至所述第一无线热点之后,判断在所述计时器超时后,是否收到所述预关联响应;安全等级确定模块,设置为在所述计时器超时且未收到所述预关联响应的情况下,确定所述第一无线热点的所述安全等级为低安全等级。Optionally, the pre-association request sending module is further configured to: when the pre-association request is sent, start a timer; wherein the device further includes: a pre-association response determining module, configured to send the pre-association After requesting to the first wireless hotspot, determining whether the pre-association response is received after the timer expires; the security level determining module is configured to time out the timer and not receive the pre-association response In case, the security level of the first wireless hotspot is determined to be a low security level.
可选地,所述装置还包括:安全等级判断模块,设置为在所述用户设备接入的所述第一无线热点的所述安全等级为所述低安全等级且所述用户设备的进程发起联网请求的情况下,判断所述第一无线热点的所述安全等级是否低于所述进程所要求的安全等级;联网模块,设置为在所述安全等级低于所述进程所要求的安全等级的情况下,通过蜂窝网络对所述进程进行联网。Optionally, the device further includes: a security level determining module, configured to: the security level of the first wireless hotspot accessed by the user equipment is the low security level, and the process of the user equipment is initiated In the case of a networked request, determining whether the security level of the first wireless hotspot is lower than a security level required by the process; the networking module is configured to be lower than the security level required by the process In the case, the process is networked through a cellular network.
可选地,所述装置还包括:安全性评价发送模块,设置为在将所述用户设备接入所述第一无线热点之后,发送所述第一无线热点的安全性评价至服务器。Optionally, the device further includes: a security evaluation sending module, configured to send a security evaluation of the first wireless hotspot to the server after the user equipment is accessed by the first wireless hotspot.
根据本发明实施例的另一个方面,还提供了一种用户设备,包括:上述的无线热点安全性检测装置。According to another aspect of the embodiments of the present invention, a user equipment is provided, including: the foregoing wireless hotspot security detecting apparatus.
通过本发明实施例,采用接收至少一个无线热点的广播消息,其中,广播消息包括:第一无线热点的安全性信息;根据安全性信息,确定第一无线热点的安全性的方式,解决了相关技术中无法检测无线热点的安全性的问题,实现了无线热点安全性的检测。The broadcast message of the at least one wireless hotspot is used in the embodiment of the present invention, where the broadcast message includes: security information of the first wireless hotspot; and the manner of determining the security of the first wireless hotspot according to the security information, and the related In the technology, the security of the wireless hotspot cannot be detected, and the security of the wireless hotspot is detected.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的无线热点安全性检测方法的流程图;1 is a flowchart of a method for detecting a wireless hotspot security according to an embodiment of the present invention;
图2是根据本发明实施例的无线热点安全性检测装置的结构示意图;2 is a schematic structural diagram of a wireless hotspot security detecting apparatus according to an embodiment of the present invention;
图3是本发明可选实施例的STA安全接入WIFI热点的方法的流程图; 3 is a flowchart of a method for a STA to securely access a WIFI hotspot according to an optional embodiment of the present invention;
图4是本发明可选实施例的高危热点预警信息的预警帧结构示意图;4 is a schematic structural diagram of an early warning frame of a high-risk hot spot warning information according to an alternative embodiment of the present invention;
图5是本发明可选实施例的预关联请求信息的帧结构示意图;FIG. 5 is a schematic diagram of a frame structure of pre-association request information according to an optional embodiment of the present invention; FIG.
图6是本发明可选实施例的预关联响应信息的帧结构示意图;6 is a schematic diagram of a frame structure of pre-association response information according to an optional embodiment of the present invention;
图7是本发明可选实施例的目标AP的安全属性为中级安全时访问互联网的流程图;7 is a flowchart of accessing the Internet when the security attribute of the target AP is an intermediate security according to an alternative embodiment of the present invention;
图8是本发明可选实施例的安全接入WIFI热点的装置的结构示意图。FIG. 8 is a schematic structural diagram of an apparatus for securely accessing a WIFI hotspot according to an alternative embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种无线热点安全性检测方法,图1是根据本发明实施例的无线热点安全性检测方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a wireless hotspot security detection method is provided. FIG. 1 is a flowchart of a wireless hotspot security detection method according to an embodiment of the present invention. As shown in FIG. 1 , the flow includes the following steps:
步骤S102,接收至少一个无线热点的广播消息,其中,广播消息包括:第一无线热点的安全性信息;Step S102: Receive a broadcast message of the at least one wireless hotspot, where the broadcast message includes: security information of the first wireless hotspot;
步骤S104,根据安全性信息,确定第一无线热点的安全性。Step S104: Determine security of the first wireless hotspot according to the security information.
通过上述步骤,可以通过至少一个无线热点的广播消息获取无线热点的安全性信息,进而根据该安全性信息确定第一无线热点的安全性,解决了相关技术中无法检测无线热点的安全性的问题,实现了无线热点安全性的检测。Through the foregoing steps, the security information of the wireless hotspot can be obtained through the broadcast message of the at least one wireless hotspot, and the security of the first wireless hotspot is determined according to the security information, thereby solving the problem that the security of the wireless hotspot cannot be detected in the related art. , to achieve the detection of wireless hotspot security.
在本发明实施例中的无线热点包括但不限于:基于WIFI的无线热点、基于紫蜂协议(ZigBee)的无线热点、基于蓝牙(BlueTooth)的无线热点。根据基于的协议的不同,热点标识可以有不同的称呼,但是其本质都是作为该无线热点标识信息,用于在网络中唯一标识一个无线热点或者提供该无线热点的设备。The wireless hotspots in the embodiments of the present invention include, but are not limited to, a WIFI-based wireless hotspot, a ZigBee based wireless hotspot, and a Bluetooth (BlueTooth) based wireless hotspot. Depending on the protocol based on the protocol, the hotspot identifier may have different names, but the essence is used as the wireless hotspot identification information, which is used to uniquely identify a wireless hotspot or provide the wireless hotspot in the network.
上述的安全性信息,表示该第一无线热点的安全性是否为建议接入的安全等级。例如,安全性信息可以包括两个指示:可安全接入指示、不可安全接入指示;或者分别称为:安全无线热点指示、危险无线热点指示。当然,安全性信息中也可以包括对该无线热点的安全等级分级信息,例如,可以将安全等级分为:高安全等级、低安全等级、不具备安全性三个等级,其中,可以将高安全等级、低安全等级作为可安全接入指示,而将布局安全性的安全等级作为不可安全接入等级。The foregoing security information indicates whether the security of the first wireless hotspot is a security level of the recommended access. For example, the security information may include two indications: a secure access indication, an unsecure access indication, or respectively: a secure wireless hotspot indication, a dangerous wireless hotspot indication. Certainly, the security information may also include security level grading information for the wireless hotspot. For example, the security level may be classified into three levels: a high security level, a low security level, and no security level, wherein high security may be adopted. The level, low security level is used as a secure access indication, and the security level of the layout security is regarded as an unsecure access level.
进行广播消息广播的无线热点可以是固定的热点提供设备所提供的,也可以是其他移动终端提供的。例如,目前的移动终端均具备开启热点、组建无线局域网的功能,通过具有开启热点功能的移动终端则可以开启无线热点并进行广播消息的广播。 The wireless hotspot for broadcast message broadcast may be provided by a fixed hotspot providing device, or may be provided by other mobile terminals. For example, the current mobile terminals have the function of turning on the hotspot and setting up the wireless local area network, and the mobile hotspot function can open the wireless hotspot and broadcast the broadcast message.
上述方法可以应用在用户设备上,本发明实施例中所称的用户设备包括具备无线热点接入功能的固定或者便携式设备。较优的,本发明实施例应用于便携式的用户设备中,例如:智能手机、平板电脑等移动终端。然而,应用在具备无线热点接入功能的台式个人电脑等固定设备上也是可以的,在本发明实施例中并不对此进行限制。在本发明实施例中以用户设备为例进行描述和说明。The foregoing method can be applied to a user equipment. The user equipment referred to in the embodiment of the present invention includes a fixed or portable device with a wireless hotspot access function. Preferably, the embodiment of the present invention is applied to a portable user equipment, such as a mobile terminal such as a smart phone or a tablet computer. However, the application is also applicable to a fixed device such as a desktop personal computer having a wireless hotspot access function, which is not limited in the embodiment of the present invention. The user equipment is taken as an example for description and description in the embodiment of the present invention.
可选地,在步骤S104中,在安全性信息指示第一无线热点的安全性为非安全的情况下,确定第一无线热点的安全性为非安全;和/或在安全性信息指示第一无线热点的安全性为安全的情况下,确定第一无线热点的安全性为安全。Optionally, in step S104, if the security information indicates that the security of the first wireless hotspot is non-secure, determining that the security of the first wireless hotspot is non-secure; and/or indicating that the security information is first When the security of the wireless hotspot is secure, it is determined that the security of the first wireless hotspot is safe.
可选地,将上述步骤应用在无线热点的接入过程中,则可以在向无线热点发送认证请求之前或者之后,并在完成无线热点的接入之前,进行无线热点安全性的检测。其中,在确定第一无线热点的安全性为非安全,且尚未请求将用户设备接入第一无线热点的情况下,不再执行请求将用户设备接入第一无线热点的操作;可选地,在确定第一无线热点的安全性为非安全,且已请求将用户设备接入第一无线热点的情况下,则也可以终止执行请求将用户设备接入第一无线热点的操作。Optionally, the foregoing step is applied to the access process of the wireless hotspot, and the wireless hotspot security may be detected before or after the authentication request is sent to the wireless hotspot, and before the access of the wireless hotspot is completed. If the security of the first wireless hotspot is determined to be non-secure, and the user equipment is not requested to access the first wireless hotspot, the operation of requesting to access the user equipment to the first wireless hotspot is not performed; optionally In the case that it is determined that the security of the first wireless hotspot is non-secure and the user equipment is requested to access the first wireless hotspot, the operation of requesting to access the user equipment to the first wireless hotspot may also be terminated.
其时,可以在用户操作用户设备请求接入第一无线热点时,向用户展示第一无线热点的告警信息,在用户根据该告警信息确认不再接入第一无线热点的情况下,用户设备不向第一无线热点请求接入。较优的,用户设备还可以将第一无线热点的热点标识和安全性信息存储在本地,建立无线热点黑名单,以便在下次接入无线热点之前,可以先到无线热点黑名单中进行匹配,对于匹配到的无线热点可以直接拒绝接入。另外,在用户接收到告警信息后,若用户仍然选择接入该第一无线热点,则可以根据预先配置的安全策略,最终确认是否接入第一无线热点。At the same time, when the user operates the user equipment to request access to the first wireless hotspot, the user may display the alarm information of the first wireless hotspot to the user, and if the user confirms that the first wireless hotspot is no longer accessed according to the alarm information, the user equipment No access is requested to the first wireless hotspot. Preferably, the user equipment may also store the hotspot identifier and the security information of the first wireless hotspot locally, and establish a blacklist of the wireless hotspot, so that the next time the wireless hotspot is accessed, the wireless hotspot blacklist may be matched first. For the matching wireless hotspot, the access can be denied directly. In addition, after the user receives the alarm information, if the user still selects to access the first wireless hotspot, the user may finally confirm whether to access the first wireless hotspot according to the pre-configured security policy.
可选地,在确定第一无线热点的安全性为非安全之后,用户设备也可以启动用户设备的热点广播,并广播广播消息。用户设备启用热点广播该广播消息时,可以周期性广播,也可以仅广播一次或者数次;较优的,用户设备还可以结合自身的设备状况决定是否进行广播以及广播的周期。例如,用户设备的电量低的情况下,可以选择较长的周期广播,或者不进行广播。Optionally, after determining that the security of the first wireless hotspot is non-secure, the user equipment may also initiate a hotspot broadcast of the user equipment and broadcast a broadcast message. When the user equipment enables the hotspot to broadcast the broadcast message, it may be broadcast periodically or only once or several times. Preferably, the user equipment may also decide whether to broadcast and broadcast the period according to the status of the device. For example, in the case where the power of the user equipment is low, a longer periodic broadcast may be selected, or no broadcast may be performed.
可选地,在广播广播消息时,可以仅广播用户设备能够探测到的无线热点的安全性信息,而对于用户设备探测不到的无线热点可以不进行安全性信息的广播。Optionally, when the broadcast message is broadcast, only the security information of the wireless hotspot that the user equipment can detect may be broadcasted, and the wireless hotspot that is not detected by the user equipment may not broadcast the security information.
可选地,在确定第一无线热点的安全性为安全之后,则可以根据用户的指示,在需要接入无线热点的情况下,将用户设备接入第一无线热点。Optionally, after determining that the security of the first wireless hotspot is secure, the user equipment may be accessed to the first wireless hotspot if the wireless hotspot needs to be accessed according to the indication of the user.
可选地,在将用户设备接入第一无线热点之前或者之后,用户设备可以通过蜂窝网络或者第一无线热点,发送预关联请求至第一无线热点,其中,预关联请求用于请求第一无线热点的身份信息;这些身份信息包括热点标识,以及其他用于确认热点身份安全性的信息。例如,无线热点提供者可以向服务器申请认证,认证时可以提供无线热点提供者的真实身份信息作为担保。通过认证后,服务器将向无线热点提供者颁布认证证书,其中,服务器可以根 据无线热点提供者的信用等级(例如银行信用等级、违法违规记录)或者资产信息等,生成无线热点提供者的安全等级,并将该安全等级记录在认证证书中。在无线热点接收到预关联请求后,可以将该证书响应给用户设备;接收第一无线热点响应于预关联请求的预关联响应,其中,预关联响应中可以携带有第一无线热点的认证证书或者其他身份信息,使得用户设备可以根据认证证书或者身份信息确定第一无线热点的安全等级。Optionally, before or after the user equipment is connected to the first wireless hotspot, the user equipment may send a pre-association request to the first wireless hotspot through the cellular network or the first wireless hotspot, where the pre-association request is used to request the first Identity information for wireless hotspots; these identity information includes hotspot identifiers, as well as other information used to confirm the security of hotspots. For example, a wireless hotspot provider can apply for authentication from a server, and the authentic identity information of the wireless hotspot provider can be provided as a guarantee during authentication. After passing the authentication, the server will issue a certificate to the wireless hotspot provider, where the server can root The security level of the wireless hotspot provider is generated according to the credit rating of the wireless hotspot provider (such as bank credit rating, illegal violation record) or asset information, and the security level is recorded in the authentication certificate. After receiving the pre-association request, the wireless hotspot may respond to the user equipment, and receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre-association response may carry the authentication certificate of the first wireless hotspot. Or other identity information, so that the user equipment can determine the security level of the first wireless hotspot according to the authentication certificate or the identity information.
可选地,在发送预关联请求时,用户设备还可以启动计时器;在发送预关联请求至第一无线热点之后,用户设备判断在计时器超时后,是否收到预关联响应;在计时器超时且未收到预关联响应的情况下,确定第一无线热点的安全等级为低安全等级。此时,用户设备也可以接入第一无线热点,但是将对安全性较高的进程进行保护。Optionally, the user equipment may also start a timer when sending the pre-association request; after sending the pre-association request to the first wireless hotspot, the user equipment determines whether the pre-association response is received after the timer expires; In case of timeout and no pre-association response is received, it is determined that the security level of the first wireless hotspot is a low security level. At this time, the user equipment can also access the first wireless hotspot, but will protect the highly secure process.
可选地,在用户设备接入的第一无线热点的安全等级为低安全等级的情况下,在用户设备的进程发起联网请求的情况下,用户设备判断第一无线热点的安全等级是否低于进程所要求的安全等级;在安全等级低于进程所要求的安全等级的情况下,用户设备可以切换到蜂窝网络对该进程进行联网,以通过蜂窝网络实现该进程与网络的信息交互。在切换到蜂窝网络时,可以关闭无线热点,然后启用蜂窝网络的数据传输功能。其中的蜂窝网络包括但不限于:基于通用分组无线服务技术(General Packet Radio Service,简称为GPRS)、增强型数据速率全球移动通信系统演进技术(Enhanced Date Rate for GSM Evolution,简称为EDGE)、高速分组接入技术(High-Speed Packet Access,简称为HSPA)、高速分组接入技术演进版(HSPA+)、第四代移动通信技术(4G)的无线数据通信网络,以及后续演进的无线数据通信网络。Optionally, in a case that the security level of the first wireless hotspot accessed by the user equipment is a low security level, if the process of the user equipment initiates the networking request, the user equipment determines whether the security level of the first wireless hotspot is lower than The security level required by the process; in the case that the security level is lower than the security level required by the process, the user equipment can switch to the cellular network to network the process to implement information exchange between the process and the network through the cellular network. When switching to a cellular network, you can turn off the wireless hotspot and then enable the data transfer function of the cellular network. The cellular network includes, but is not limited to, a general packet radio service (General Packet Radio Service, GPRS for short), an enhanced data rate (GSM), and an enhanced data rate (Enhanced Date Rate for GSM Evolution, EDGE for short). High-Speed Packet Access (HSPA), High-Speed Packet Access Technology Evolution (HSPA+), fourth-generation mobile communication technology (4G) wireless data communication network, and subsequent evolution of wireless data communication networks .
可选地,在将用户设备接入第一无线热点之后,用户设备还可以发送第一无线热点的安全性评价至服务器。其中,安全性评价是由用户输入用户设备的。用户输入安全性评价时,可以是主动输入的,例如,用户在使用第一无线热点过程中,或者在使用第一无线热点之后,根据使用体验、用户账户的安全状况,通过调用用户设备提供的一个用户接口,输入安全性评价。用户输入安全性评价也可以是被动的,例如,在用户设备终止第一无线热点的接入时,用户界面向用户提供一个界面,用于用户输入安全性评价。其中,安全性评价可以是文字评论,也可以是一个供服务器参考的安全等级描述。Optionally, after the user equipment is connected to the first wireless hotspot, the user equipment may further send a security evaluation of the first wireless hotspot to the server. Among them, the security evaluation is input by the user to the user equipment. When the user inputs the security evaluation, it may be actively input, for example, when the user uses the first wireless hotspot or after using the first wireless hotspot, according to the usage experience and the security status of the user account, by calling the user equipment. A user interface that enters a security rating. The user input security evaluation may also be passive. For example, when the user equipment terminates the access of the first wireless hotspot, the user interface provides an interface for the user to input the security evaluation. The security evaluation may be a text comment or a security level description for the server.
对于服务器而言,可以根据安全性评价确定或者更新第一无线热点的安全等级;例如,在服务器接收到预定数量/预定比例的第一无线热点的不安全等级的安全性评价时,可以将第一无线热点的安全等级更新为不安全。作为一种辅助手段,服务器还可以通过蜂窝网络向用户设备提供第一无线热点的安全性信息。For the server, the security level of the first wireless hotspot may be determined or updated according to the security evaluation; for example, when the server receives a predetermined number/predetermined proportion of the security rating of the unsecured level of the first wireless hotspot, The security level of a wireless hotspot is updated to be unsecure. As an auxiliary means, the server may also provide security information of the first wireless hotspot to the user equipment through the cellular network.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。 Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
在本实施例中还提供了一种无线热点安全性检测装置,该装置用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a wireless hotspot security detection device is also provided, which is used to implement the above-mentioned embodiments and optional embodiments, and has not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图2是根据本发明实施例的无线热点安全性检测装置的结构框图,如图2所示,该装置包括:接收模块22和确定模块24,其中,接收模块22,设置为接收至少一个无线热点的广播消息,其中,广播消息包括:第一无线热点的安全性信息;确定模块24,连接至接收模块22,设置为根据安全性信息,判断第一无线热点的安全性。2 is a structural block diagram of a wireless hotspot security detecting apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes: a receiving module 22 and a determining module 24, wherein the receiving module 22 is configured to receive at least one wireless hotspot. The broadcast message includes: the security information of the first wireless hotspot; the determining module 24 is connected to the receiving module 22, and is configured to determine the security of the first wireless hotspot according to the security information.
可选地,确定模块24包括:第一确定单元,设置为在安全性信息指示第一无线热点的安全性为非安全的情况下,确定第一无线热点的安全性为非安全;和/或第二确定单元,设置为在安全性信息指示第一无线热点的安全性为安全的情况下,确定第一无线热点的安全性为安全。Optionally, the determining module 24 includes: a first determining unit, configured to determine that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and/or The second determining unit is configured to determine that the security of the first wireless hotspot is safe if the security information indicates that the security of the first wireless hotspot is secure.
可选地,装置还包括:处理模块,设置为在确定第一无线热点的安全性为非安全之后:在尚未请求将用户设备接入第一无线热点的情况下,不再执行请求将用户设备接入第一无线热点的操作;和/或在已请求将用户设备接入第一无线热点的情况下,终止执行请求将用户设备接入第一无线热点的操作。Optionally, the device further includes: a processing module, configured to: after determining that the security of the first wireless hotspot is non-secure: if the user equipment is not requested to access the first wireless hotspot, the request is no longer performed. The operation of accessing the first wireless hotspot; and/or the operation of requesting the user equipment to access the first wireless hotspot if the user equipment has been requested to access the first wireless hotspot.
可选地,装置还包括:广播模块,连接至第一确定单元,设置为启动用户设备的热点广播,并广播广播消息。Optionally, the device further includes: a broadcast module, connected to the first determining unit, configured to start a hotspot broadcast of the user equipment, and broadcast a broadcast message.
可选地,装置还包括:接入模块,连接至第二确定单元,设置为将用户设备接入第一无线热点。Optionally, the device further includes: an access module, connected to the second determining unit, configured to access the user equipment to the first wireless hotspot.
可选地,装置还包括:预关联请求发送模块,通过第一无线热点提供的连接与第一无线热点连接,设置为发送预关联请求至第一无线热点,其中,预关联请求用于请求第一无线热点的身份信息;预关联响应接收模块,通过第一无线热点提供的连接与第一无线热点连接,设置为接收第一无线热点响应于预关联请求的预关联响应,其中,预关联响应中携带有第一无线热点的身份信息,身份信息用于确定第一无线热点的安全等级。Optionally, the device further includes: a pre-association request sending module, where the connection provided by the first wireless hotspot is connected to the first wireless hotspot, and is configured to send a pre-association request to the first wireless hotspot, where the pre-association request is used for the request a pre-association response receiving module, configured to receive a pre-association response of the first radio hotspot in response to the pre-association request, wherein the pre-association response is connected by the connection provided by the first wireless hotspot to the first wireless hotspot The identity information of the first wireless hotspot is carried in the identity information, and the identity information is used to determine the security level of the first wireless hotspot.
可选地,预关联请求发送模块还设置为:在发送预关联请求时,启动计时器;其中,装置还包括:预关联响应判断模块,与预关联请求发送模块连接,设置为在发送预关联请求至第一无线热点之后,判断在计时器超时后,是否收到预关联响应;安全等级确定模块,与预关联响应判断模块连接,在计时器超时且未收到预关联响应的情况下,确定第一无线热点的安全等级为低安全等级。Optionally, the pre-association request sending module is further configured to: when the pre-association request is sent, start a timer; wherein the device further includes: a pre-association response determining module, connected to the pre-association request sending module, and configured to send the pre-association After requesting to the first wireless hotspot, determining whether a pre-association response is received after the timer expires; the security level determining module is connected to the pre-association response determining module, and when the timer expires and the pre-association response is not received, It is determined that the security level of the first wireless hotspot is a low security level.
可选地,装置还包括:安全等级判断模块,设置为在用户设备接入的第一无线热点的安全等级为低安全等级的情况下,且在用户设备的进程发起联网请求的情况下,判断第一无线热点的安全等级是否低于进程所要求的安全等级;联网模块,与安全等级判断模块连接,设置为在安全等级低于进程所要求的安全等级的情况下,通过蜂窝网络对进程进行联网。 Optionally, the device further includes: a security level determining module, configured to determine that the security level of the first wireless hotspot accessed by the user equipment is a low security level, and in the case that the process of the user equipment initiates the networking request, Whether the security level of the first wireless hotspot is lower than the security level required by the process; the networking module is connected with the security level determining module, and is set to perform the process through the cellular network when the security level is lower than the security level required by the process. networking.
可选地,装置还包括:安全性评价发送模块,设置为在将用户设备接入第一无线热点之后,发送第一无线热点的安全性评价至服务器。Optionally, the device further includes: a security evaluation sending module, configured to send the security evaluation of the first wireless hotspot to the server after the user equipment accesses the first wireless hotspot.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
本发明的实施例还提供了一种用户设备,包括上述的无线热点安全性检测装置,用于实现上述的无线热点安全性检测方法。The embodiment of the present invention further provides a user equipment, including the above-mentioned wireless hotspot security detecting apparatus, for implementing the above wireless hotspot security detecting method.
本发明的实施例还提供了一种软件,该软件用于执行上述实施例及可选实施方式中描述的技术方案。Embodiments of the present invention also provide a software for performing the technical solutions described in the foregoing embodiments and optional embodiments.
本发明的实施例还提供了一种存储介质。在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. In this embodiment, the above storage medium may be configured to store program code for performing the following steps:
S1,接收至少一个无线热点的广播消息,其中,广播消息包括:热点标识、具有热点标识的第一无线热点的安全性信息;S1. The broadcast message of the at least one wireless hotspot is received, where the broadcast message includes: a hotspot identifier, and security information of the first wireless hotspot with the hotspot identifier;
S2,根据安全性信息,判断第一无线热点的安全性。S2. Determine security of the first wireless hotspot according to the security information.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in the embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM). A variety of media that can store program code, such as a hard disk, a disk, or an optical disk.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
为了使本发明实施例的描述更加清楚,下面结合可选实施例进行描述和说明。In order to make the description of the embodiments of the present invention more clear, the following description and description are made in conjunction with the exemplary embodiments.
在相关技术中,尤其是在非法的WIFI热点对客户端进行攻击之前无法对WIFI热点的安全性进行检测,更无法将不法WIFI热点及时共享给其它客户端(在本发明可选实施例中又称为站(Station,简称为STA))。In the related art, the security of the WIFI hotspot cannot be detected before the attack of the client by the illegal WIFI hotspot, and the illegal WIFI hotspot cannot be shared to other clients in time (in the optional embodiment of the present invention) Called Station (referred to as STA).
针对这些不足,以WIFI热点为例,在本发明可选实施例中提出一种安全接入WIFI热点的方法和装置,其中,安全接入WIFI热点的方法,包括如下步骤:For the deficiencies of the WIFI hotspot, in the optional embodiment of the present invention, a method and a device for securely accessing a WIFI hotspot are provided. The method for securely accessing a WIFI hotspot includes the following steps:
步骤1,客户端接收来自目标WIFI热点(相当于上述第一无线热点)的广播消息以及来自周围其它热点的广播消息; Step 1. The client receives a broadcast message from a target WIFI hotspot (corresponding to the first wireless hotspot) and a broadcast message from other hotspots around;
步骤2,客户端解析广播消息,并提取其中的高危热点预警信息。Step 2: The client parses the broadcast message and extracts the high-risk hotspot warning information therein.
需要说明的是,在该步骤之外,客户端还可以通过云端服务器对目标热点的信用等级进行查询,以作为目标接入点(Access Point,简称为AP,即热点)安全性诊断的一个补充来源。It should be noted that, in addition to this step, the client can also query the credit rating of the target hotspot through the cloud server as a supplement to the security diagnosis of the target access point (AP, ie, hotspot). source.
步骤3,客户端根据步骤1查询到的高危热点预警信息,进行判断,如果该目标WIFI热 点属于高危热点,转向步骤4;否则转向步骤5。Step 3: The client performs the judgment according to the high-risk hotspot warning information queried in step 1, if the target WIFI is hot Point to a high-risk hot spot, go to step 4; otherwise, go to step 5.
步骤4,客户端拒绝接入目标WIFI热点,停止认证请求,并启动高危热点广播,通过发送广播信息向附近的其它客户端举报此高危热点。Step 4: The client refuses to access the target WIFI hotspot, stops the authentication request, and starts the high-risk hotspot broadcast, and reports the high-risk hotspot to other nearby clients by sending the broadcast information.
步骤5,客户端向目标WIFI热点发起认证请求;Step 5: The client initiates an authentication request to the target WIFI hotspot;
步骤6,客户端收到来自目标WIFI热点的认证响应后,向目标WIFI热点发起预关联请求,其中向目标WIFI热点请求关键信息,其中,关键信息是指可以有效代表WIFI热点设备及持有人身份的信息,例如,WIFI热点的移动设备国际身份码(International Mobile Equipment Identity,简称为IMEI)、持有人有效证件号码等;Step 6: After receiving the authentication response from the target WIFI hotspot, the client initiates a pre-association request to the target WIFI hotspot, where the key information is requested from the target WIFI hotspot, wherein the key information refers to the WIFI hotspot device and the holder. Identity information, for example, the International Mobile Equipment Identity (IMEI) of the WIFI hotspot, the valid ID number of the holder, etc.;
步骤7,客户端等待来自目标WIFI热点的预关联响应,并启动定时器,如果在定时器超时前收到来自目标WIFI热点的有效预关联响应,转向步骤8;否则转向步骤9。Step 7. The client waits for a pre-association response from the target WIFI hotspot and starts a timer. If a valid pre-association response from the target WIFI hotspot is received before the timer expires, the process proceeds to step 8; otherwise, the process proceeds to step 9.
步骤8,客户端在定时器超时前收到来自目标WIFI热点的有效预关联响应,并提取认证响应信息中的关键信息,保存至本地数据库。并根据此关键信息对此目标WIFI热点的安全属性进行定义,并上传至云端服务器。In step 8, the client receives a valid pre-association response from the target WIFI hotspot before the timer expires, and extracts key information in the authentication response information, and saves the information to the local database. According to this key information, the security attributes of the target WIFI hotspot are defined and uploaded to the cloud server.
步骤9,客户端在定时器超时前未能收到来自目标WIFI热点的有效预关联响应,将此目标WIFI热点安全属性定义为中级安全,转向步骤10。Step 9: The client fails to receive a valid pre-association response from the target WIFI hotspot before the timer expires, and defines the target WIFI hotspot security attribute as intermediate security, and proceeds to step 10.
步骤10,客户端对需要联网的应用程序进行安全级别定义;Step 10: The client defines a security level for an application that needs to be networked;
步骤11,当客户端发起联网请求时,通过进程判断本次联网请求对应的进程是否属于敏感进程;其中,敏感进程是指对安全性能要求高的进程。Step 11: When the client initiates the networking request, the process determines whether the process corresponding to the networking request belongs to a sensitive process; wherein the sensitive process refers to a process that requires high security performance.
步骤12,对步骤11的应用程序进行判定,当客户端的联网请求来自敏感应用程序,断开与目标WIFI热点的连接,切换至蜂窝移动网络,否则将应用程序的联网请求透传至目标WIFI热点。Step 12: Determine the application of the step 11, when the client's networking request comes from the sensitive application, disconnect the target WIFI hotspot, and switch to the cellular mobile network, otherwise the application's networking request is transparently transmitted to the target WIFI hotspot. .
步骤13,当客户端结束与目标WIFI热点的连接时,客户端通过显示模块向用户提示对本次连接的安全性进行评价。Step 13: When the client ends the connection with the target WIFI hotspot, the client prompts the user to evaluate the security of the connection through the display module.
步骤14,客户端结合步骤13中用户的安全性评价,对此目标WIFI热点的信用等级进行定义,并上传至云端服务器。In step 14, the client combines the security evaluation of the user in step 13, defines the credit level of the target WIFI hotspot, and uploads it to the cloud server.
需要说明的是,客户端对目标WIFI热点的安全性评价,是可以由用户主动发起的,即当用户在之后的某时间里发现在连接此目标AP期间本身的安全曾经被侵害,可以主动发起上传目标热点的安全性,以更新之前上传的对目标AP的安全性评价。It should be noted that the security evaluation of the target WIFI hotspot by the client may be initiated by the user actively, that is, when the user finds that the security of the target AP has been compromised during the connection to the target AP at a later time, the user may initiate the security. Upload the security of the target hotspot to update the previously uploaded security evaluation of the target AP.
相应的,本发明实施例还提供了一种安全接入WIFI热点的装置(以下称为客户端装置),该客户端装置包括:Correspondingly, the embodiment of the present invention further provides a device for securely accessing a WIFI hotspot (hereinafter referred to as a client device), and the client device includes:
收发模块:设置为与服务器、WIFI热点或其它的客户端进行消息发送和接收。 Transceiver module: set to send and receive messages with servers, WIFI hotspots or other clients.
解析模块:设置为解析来自服务器、WIFI热点或其它的客户端消息进行发送和接收。Parsing module: Set to parse client messages from the server, WIFI hotspot or other for sending and receiving.
控制模块:设置为控制本地进程访问网络,根据当前所连接WIFI热点的安全级别,控制部分敏感进程通过WIFI访问网络;或者切换到蜂窝移动网络,控制该敏感进程通过蜂窝移动网络访问互联网。其中,敏感进程是指对安全性能要求高的进程。Control module: set to control the local process to access the network, according to the security level of the currently connected WIFI hotspot, control some sensitive processes to access the network through WIFI; or switch to the cellular mobile network to control the sensitive process to access the Internet through the cellular mobile network. Among them, the sensitive process refers to the process that requires high security performance.
显示模块:设置为向用户显示WIFI热点的安全级别;设置为向用户收集相关WIFI热点的安全信息。Display module: set to display the security level of the WIFI hotspot to the user; set to collect the security information of the relevant WIFI hotspot to the user.
通过本发明可选实施例提供的上述方案,能够根据即将接入的WIFI热点的安全级别,智能选择最优的接入和数据传输策略,有效的保护客户端用户的隐私和安全,提高产品的安全性。The foregoing solution provided by the optional embodiment of the present invention can intelligently select an optimal access and data transmission policy according to the security level of the WIFI hotspot to be accessed, effectively protect the privacy and security of the client user, and improve the product. safety.
下面结合附图对本发明可选实施例进行描述和说明。The optional embodiments of the present invention are described and illustrated below with reference to the accompanying drawings.
图3是本发明可选地实施例中安全接入WIFI热点的方法流程示意图。如图3所示,该方法包括:3 is a schematic flow chart of a method for securely accessing a WIFI hotspot in an alternative embodiment of the present invention. As shown in FIG. 3, the method includes:
步骤S3001,STA接收本机周围的热点发出的信标帧(Beacon)报文以及预警报文,以检测本STA周围可用的AP。In step S3001, the STA receives a beacon frame (Beacon) message and a pre-alarm message sent by the hotspot around the local device to detect an AP that is available around the STA.
步骤S3002,STA解析步骤S3001中接收到的Beacon报文以及预警报文提取其中的高危热点预警信息,并判定所指的AP是否是目标AP。Step S3002: The STA parses the Beacon message received in step S3001 and the pre-alert message to extract the high-risk hot spot warning information therein, and determines whether the pointed AP is the target AP.
图4是本发明可选实施例中高危热点预警信息的预警帧结构,如图4所示,包括:4 is an early warning frame structure of a high-risk hotspot warning information in an alternative embodiment of the present invention, as shown in FIG. 4, including:
帧控制(Frame Control)字段:对标准帧的Frame Control字段进行改进,从该字段的Type=00可以看到,此帧属于管理帧;Frame Control field: The Frame Control field of the standard frame is improved. As can be seen from the Type=00 of the field, the frame belongs to the management frame.
标准管理帧中各字段的标准定义:Standard definition of each field in the standard management frame:
Frame Control字段中包括:协议版本(Protocol)位、分布式系统上行(To DS)位与分布式系统下行(From DS)位、更多分段(More Fragment)位、重试(Retry)位、电源管理(Power Management)位、更多数据(More Data)位、保护帧(Protected Frame)位及顺序(Order)位;时长(Duration/ID)字段、地址1(Address1)字段、地址2(Address2)字段、地址3(Address3)字段、顺序控制(Sequence Control)字段地址4(Address4)字段、帧校验序列(FCS)字段。The Frame Control field includes: protocol version (Protocol) bit, distributed system uplink (To DS) bit and distributed system downlink (From DS) bit, more Fragment bit, retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address 1 field, Address 2 (Address2) Field, Address 3 field, Sequence Control field Address 4 (Address 4) field, Frame Check Sequence (FCS) field.
上述各字段的定义同现有标准,在此不再进行赘述。The definitions of the above fields are the same as the existing standards, and are not described here.
在本发明可选实施例中修改了标准管理帧,以实现高危热点预警信息的广播。修改后管理帧包括:In an alternative embodiment of the present invention, a standard management frame is modified to enable broadcast of high-risk hotspot warning information. The modified management frame includes:
子类型(Sub Type)字段:对标准帧的Sub Type字段进行改进,构成本实施例的特殊帧,设置为广播无线AP本身的连接信息,而收到此无线帧的无线AP也能够对其进行解析。由于标准协议中管理帧的Sub Type值0110~0111与1101~1111未被定义,此处可使用其中的任意一个值,与其它的标准值相区分。可选的,本实施例可以为Sub Type赋值为0110,表明此 管理帧是高危预警帧。Sub Type field: The Sub Type field of the standard frame is modified to form a special frame of the embodiment, which is set as the connection information of the broadcast wireless AP itself, and the wireless AP that receives the radio frame can also perform the same. Analysis. Since the Sub Type values 0110 to 0111 and 1101 to 1111 of the management frame in the standard protocol are not defined, any one of them can be used here to distinguish it from other standard values. Optionally, this embodiment may assign a value of 0110 to the Sub Type, indicating that the The management frame is a high risk alert frame.
帧主体(Frame body)字段:Frame body字段是帧的数据字段,在本可选实施例中将高危AP的身份标识,例如,媒体接入控制(Media Access Control,简称为MAC)地址、服务集标识符(Service Set Identifier,简称为SSID)信息封装在该字段中。Frame body field: The frame body field is the data field of the frame. In this alternative embodiment, the identity of the high-risk AP, for example, Media Access Control (MAC) address, service set An Service Set Identifier (SSID) information is encapsulated in this field.
步骤S3003,STA向云端服务器查询目标热点的安全信用等级。In step S3003, the STA queries the cloud server for the security credit rating of the target hotspot.
其中,安全信用等级,是根据曾经连接到此AP的STA生成并上传到服务器的数据。可选的,以STA1为例,曾经连接到目标AP并通过此AP连接到互联网,完成使用后,用户通过STA1对目标AP的安全性进行客观评价,认为此目标AP的安全信用等级是某个级别Security_Level_STA1,同时STA1将此安全信用等级上传至云端服务器,如果该STA之前已经上传过该目标AP的安全信用等级,则新上传的安全信用等级覆盖之前的旧安全信用等级。The security credit rating is data generated and uploaded to the server according to the STA that has been connected to the AP. Optionally, STA1 is used as an example. Once connected to the target AP and connected to the Internet through the AP, after the user completes the use, the user objectively evaluates the security of the target AP through STA1, and considers that the security credit rating of the target AP is some Level Security_Level_STA1, at the same time STA1 uploads this security credit rating to the cloud server. If the STA has previously uploaded the security credit rating of the target AP, the newly uploaded security credit rating overwrites the previous old security credit rating.
可选的,安全信用等级可设置为0,1,2,其中0表示此目标AP的安全信用等级为低,1表示此目标AP的安全信用等级为中,2表示此目标AP的安全信用等级为高。Optionally, the security credit rating may be set to 0, 1, 2, where 0 indicates that the security credit level of the target AP is low, 1 indicates that the security credit level of the target AP is medium, and 2 indicates the security credit rating of the target AP. High.
需要说明的是,本步骤中STA向云端服务器查询目标AP的安全信用等级时,是提取标准Beacon帧中的MAC地址,以此为索引向云端服务器请求此MAC代表的设备的安全信用等级。It should be noted that, in this step, when the STA queries the cloud server for the security credit level of the target AP, the STA extracts the MAC address in the standard Beacon frame, and uses the index as the index to request the cloud server to obtain the security credit rating of the device represented by the MAC.
步骤S3004,STA对目标AP的安全属性进行判断,判定此目标AP是否属于高危AP。当STA判定目标AP不属于高危AP,转向步骤S3101,否则转向步骤S3201。In step S3004, the STA determines the security attribute of the target AP, and determines whether the target AP belongs to the high-risk AP. When the STA determines that the target AP does not belong to the high-risk AP, the process goes to step S3101, otherwise to step S3201.
需要说明的是,此处对AP安全属性进行判定时,输入分别是步骤S3002中的高危预警信息和步骤S3003中的安全信用等级。即一旦步骤S3002中检测到高危预警信息或步骤S3003中查询到目标AP的信用安全等级为低级别,即可判定此目标AP为高危AP,安全属于定义为低级安全。It should be noted that, when determining the AP security attribute here, the input is the high-risk warning information in step S3002 and the security credit level in step S3003. That is, once the high-risk warning information is detected in step S3002 or the credit security level of the target AP is low in step S3003, the target AP is determined to be a high-risk AP, and the security is defined as low-level security.
步骤S3101,STA向目标AP发起认证请求;Step S3101: The STA initiates an authentication request to the target AP.
步骤S3102,STA收到来自目标AP的认证响应消息;Step S3102: The STA receives an authentication response message from the target AP.
步骤S3103,STA向目标AP发起预关联请求,并设置定时器(Timer)。In step S3103, the STA initiates a pre-association request to the target AP, and sets a timer.
预关联请求是指STA向目标AP请求关于目标AP的关键信息。关键信息是指能够有效识别该目标AP设备或其持有人。例如,该AP设备的IMEI信息或关于该AP持有人的传统意义上的有效证件信息。The pre-association request means that the STA requests key information about the target AP from the target AP. The key information refers to the ability to effectively identify the target AP device or its holder. For example, the IMEI information of the AP device or valid document information in the traditional sense of the AP holder.
图5是本发明可选实施例中预关联请求信息的帧结构,如图5所示,包括:5 is a frame structure of pre-association request information in an alternative embodiment of the present invention, as shown in FIG. 5, including:
Frame Control字段:对标准帧的Frame Control字段进行改进,从该字段的Type=00可以看到,此帧属于管理帧;Frame Control field: Improves the Frame Control field of the standard frame. As can be seen from Type=00 of the field, this frame belongs to the management frame.
标准管理帧中各字段的标准定义: Standard definition of each field in the standard management frame:
Frame Control字段中包括:Protocol位、To DS与From DS位、More Fragment位、Retry位、Power Management位、More Data位、Protected Frame位及Order位;Duration/ID字段、Address1字段、Address2字段、Address3字段、Sequence Control字段Address4字段、FCS字段。The Frame Control field includes: Protocol bit, To DS and From DS bits, More Fragment bit, Retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address1 field, Address2 field, Address3 Field, Sequence Control field Address4 field, FCS field.
上述各字段的定义同现有标准,在此不再进行赘述。The definitions of the above fields are the same as the existing standards, and are not described here.
以下为本发明可选实施例中对标准管理帧进行修改的字段,包括:The following is a field for modifying a standard management frame in an optional embodiment of the present invention, including:
Sub Type:对标准帧的Sub Type字段进行改进,构成本可选实施例的特殊帧,以完成STA向AP发送预关联请求;Sub Type: The Sub Type field of the standard frame is modified to form a special frame of the optional embodiment, so that the STA sends a pre-association request to the AP.
由于标准协议中管理帧的Sub Type值0110~0111与1101~1111未被定义,此处可使用其中的任意一个值,与其它的标准值相区分。可选的,本可选实施例中为Sub Type赋值为0111,表明此管理帧是预关联请求帧。Since the Sub Type values 0110 to 0111 and 1101 to 1111 of the management frame in the standard protocol are not defined, any one of them can be used here to distinguish it from other standard values. Optionally, in this alternative embodiment, the Sub Type is assigned a value of 0111, indicating that the management frame is a pre-association request frame.
步骤S3104,STA判断是否在Timer超时前收到了来自目标AP的有效的预关联响应信息。如果STA未在Timer超时前有收到了来自目标AP的有效二次响应信息,转向步骤S3111,否则转向步骤S3121。其中,有效的预关联响应信息是指预关联响应信息中包括了关于目标AP的关键信息。In step S3104, the STA determines whether valid pre-association response information from the target AP is received before the Timer expires. If the STA does not receive the valid secondary response information from the target AP before the Timer expires, the process goes to step S3111, otherwise to step S3121. The valid pre-association response information means that the pre-association response information includes key information about the target AP.
图6是根据本发明可选实施例的预关联响应信息的帧结构,如图6所示,包括:FIG. 6 is a frame structure of pre-association response information according to an alternative embodiment of the present invention. As shown in FIG. 6, the method includes:
Frame Control字段:对标准帧的Frame Control字段进行改进,从该字段的Type=00可以看到,此帧属于管理帧;Frame Control field: Improves the Frame Control field of the standard frame. As can be seen from Type=00 of the field, this frame belongs to the management frame.
标准管理帧中各字段的标准定义:Standard definition of each field in the standard management frame:
Frame Control字段中包括:Protocol位、To DS与From DS位、More Fragment位、Retry位、Power Management位、More Data位、Protected Frame位及Order位;Duration/ID字段、Address1字段、Address2字段、Address3字段、Sequence Control字段Address4字段、FCS字段。The Frame Control field includes: Protocol bit, To DS and From DS bits, More Fragment bit, Retry bit, Power Management bit, More Data bit, Protected Frame bit and Order bit; Duration/ID field, Address1 field, Address2 field, Address3 Field, Sequence Control field Address4 field, FCS field.
上述各字段的定义同现有标准,在此不再进行赘述。The definitions of the above fields are the same as the existing standards, and are not described here.
以下为本发明可选实施例中对标准管理帧进行修改的字段,包括:The following is a field for modifying a standard management frame in an optional embodiment of the present invention, including:
Sub Type:对标准帧的Sub Type字段进行改进,构成本可选实施例的特殊帧,设置为广播无线AP本身的连接信息,而收到此无线帧的无线AP也能够对其进行解析;Sub Type: The Sub Type field of the standard frame is modified to form a special frame of the alternative embodiment, which is set to the connection information of the broadcast wireless AP itself, and the wireless AP that receives the radio frame can also parse it;
由于标准协议中管理帧的Sub Type值0110~0111与1101~1111未被定义,此处可使用其中的任意一个值,与其它的标准值相区分。可选的,本可选实施例为Sub Type赋值为0110,表明此管理帧是预关联响应帧。Since the Sub Type values 0110 to 0111 and 1101 to 1111 of the management frame in the standard protocol are not defined, any one of them can be used here to distinguish it from other standard values. Optionally, the optional embodiment assigns a value of 0110 to the Sub Type, indicating that the management frame is a pre-association response frame.
Frame body字段:Frame body字段是帧的数据字段,本可选实施例中将关键信息封装在此字段中。关键信息是指能够有效识别该目标AP设备或其持有人。例如,该AP设备的IMEI 信息或关于该AP持有人的传统意义上的有效证件信息。Frame body field: The Frame body field is a data field of a frame. In this alternative embodiment, key information is encapsulated in this field. The key information refers to the ability to effectively identify the target AP device or its holder. For example, the IMEI of the AP device Information or valid document information in the traditional sense of the AP holder.
步骤S3111,STA将目标AP的安全属性定义为中级安全。In step S3111, the STA defines the security attribute of the target AP as intermediate security.
步骤S3112,转向图7所示的流程。In step S3112, the flow shown in FIG. 7 is turned.
步骤S3121,STA将目标AP的安全属性定义为高级安全;并将此安全属性上传至云端服务器。In step S3121, the STA defines the security attribute of the target AP as advanced security; and uploads the security attribute to the cloud server.
步骤S3122,STA向目标AP发起连接请求,按照现有WIFI技术规定,与目标AP之间完成数据传输。Step S3122: The STA initiates a connection request to the target AP, and completes data transmission with the target AP according to the existing WIFI technical specification.
需要说明的是,上传至云端服务器的数据,也包括STA的MAC地址、IMEI信息。It should be noted that the data uploaded to the cloud server also includes the MAC address and IMEI information of the STA.
步骤S3201,STA拒绝接入目标AP,停止发起认证请求。同时STA关闭自身WIFI,并启动本机热点功能。In step S3201, the STA refuses to access the target AP and stops initiating the authentication request. At the same time, the STA turns off its own WIFI and activates the local hotspot function.
步骤S3202,STA通过Beacon帧广播高危热点预警信息。需要说明的是,广播高危热点信息可以是周期性的。In step S3202, the STA broadcasts the high-risk hotspot warning information through the Beacon frame. It should be noted that the broadcast high-risk hotspot information may be periodic.
图7是本发明可选实施例中安全接入WIFI热点的方法中,目标AP的安全属性为中级安全时,STA通过目标AP访问互联网的方法流程图,如图7所示,包括如下步骤:FIG. 7 is a flowchart of a method for a STA to access an Internet through a target AP in a method for securely accessing a WIFI hotspot in an alternative embodiment of the present invention.
步骤S701,当某进程通过STA访问互联网时,STA对此进程的安全敏感度进行判断,判定此进程是否属于安全敏感进程。Step S701: When a process accesses the Internet through the STA, the STA determines the security sensitivity of the process, and determines whether the process belongs to the security-sensitive process.
其中,安全敏感进程,是指进程所属的应用对安全级别要求较高,例如邮件等应用,或用户临时指定的应用程序,例如用户认为某时间某应用对安全级别要求高,那么此应用对应的进程即属于安全敏感进程。The security-sensitive process refers to a service that belongs to an application that requires a higher security level, such as an application such as an email, or an application that is temporarily specified by the user. For example, if the user considers that an application has a high security level at a certain time, the application corresponds to A process is a security-sensitive process.
步骤S702,当步骤S701判定请求互联网访问的进程属于安全敏感进程,转向步骤S711,否则转向步骤S721。Step S702, when it is determined in step S701 that the process requesting the Internet access belongs to the security-sensitive process, the process goes to step S711, otherwise to step S721.
步骤S711,STA将访问互联网的方式从WIFI方式切换为蜂窝网络方式,待此进程访问互联网完成后,恢复为WIFI方式。In step S711, the STA switches the mode of accessing the Internet from the WIFI mode to the cellular network mode, and after the process accesses the Internet, the STA is restored to the WIFI mode.
步骤S721,STA将请求互联网访问的进程数据透传至目标AP。In step S721, the STA transparently transmits the process data requesting the Internet access to the target AP.
图8是本发明可选实施例所提供的安全接入WIFI热点的装置的组成示意图,如图8所示,装置包括:FIG. 8 is a schematic structural diagram of an apparatus for securely accessing a WIFI hotspot according to an alternative embodiment of the present invention. As shown in FIG. 8, the apparatus includes:
解析模块801:设置为解析来自服务器、WIFI热点或其它的客户端消息进行发送和接收。Parsing module 801: configured to parse client messages from servers, WIFI hotspots, or others for transmission and reception.
控制模块802:设置为控制本地进程访问网络,根据当前所连接WIFI热点的安全级别,控制部分敏感进程通过WIFI访问网络,切换到蜂窝移动网络,控制该敏感进程通过蜂窝移动网络访问互联网。 The control module 802 is configured to control the local process to access the network, and according to the security level of the currently connected WIFI hotspot, control some sensitive processes to access the network through the WIFI, switch to the cellular mobile network, and control the sensitive process to access the Internet through the cellular mobile network.
显示模块803:设置为向用户显示WIFI热点的安全级别;设置为向用户收集相关WIFI热点的安全信息。The display module 803 is configured to display a security level of the WIFI hotspot to the user, and is configured to collect security information about the related WIFI hotspot from the user.
收发模块804:设置为与服务器、WIFI热点或其它的客户端进行消息发送和接收。The transceiver module 804 is configured to send and receive messages with a server, a WIFI hotspot or other clients.
综上所述,通过本发明的上述实施例或可选实施例,能够有效的检测客户端即将接入的目标WIFI热点的安全属性,并根据目标AP的安全属性,智能接入该目标热点并通过该WIFI热点访问互联网,同时对于安全级别不够高的WIFI热点,能够保证安全敏感应用安全的访问互联网。另外,当客户端检测到不安全的WIFI热点,也能够及时将此信息共享给周围的其它客户端。较大程度的保护了客户端的网络安全,保护了用户的隐私安全。In summary, the foregoing embodiment or the optional embodiment of the present invention can effectively detect the security attribute of the target WIFI hotspot that the client is about to access, and intelligently access the target hotspot according to the security attribute of the target AP. The WIFI hotspot accesses the Internet, and at the same time, for a WIFI hotspot with a low security level, it is possible to securely access the Internet for security-sensitive applications. In addition, when the client detects an unsafe WIFI hotspot, it can also share this information to other surrounding clients in time. The network security of the client is protected to a large extent, and the privacy of the user is protected.
工业实用性:通过上述描述可知,本发明可以通过至少一个无线热点的广播消息获取无线热点的安全性信息,进而根据该安全性信息确定第一无线热点的安全性,解决了相关技术中无法检测无线热点的安全性的问题,实现了无线热点安全性的检测。Industrial Applicability: It can be seen from the above description that the security information of the wireless hotspot can be obtained by using the broadcast message of the at least one wireless hotspot, and the security of the first wireless hotspot is determined according to the security information, and the related technology cannot be detected. The security of wireless hotspots enables the detection of wireless hotspot security.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (19)

  1. 一种无线热点安全性检测方法,包括:A wireless hotspot security detection method includes:
    接收至少一个无线热点的广播消息,其中,所述广播消息包括:第一无线热点的安全性信息;Receiving a broadcast message of the at least one wireless hotspot, where the broadcast message includes: security information of the first wireless hotspot;
    根据所述安全性信息,确定所述第一无线热点的安全性。Determining the security of the first wireless hotspot according to the security information.
  2. 根据权利要求1所述的方法,其中,根据所述安全性信息,确定所述第一无线热点的安全性包括:The method of claim 1, wherein determining the security of the first wireless hotspot according to the security information comprises:
    在所述安全性信息指示所述第一无线热点的安全性为非安全的情况下,确定所述第一无线热点的安全性为非安全;和/或Determining that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and/or
    在所述安全性信息指示所述第一无线热点的安全性为安全的情况下,确定所述第一无线热点的安全性为安全。And determining that the security of the first wireless hotspot is safe if the security information indicates that the security of the first wireless hotspot is secure.
  3. 根据权利要求2所述的方法,其中,在确定所述第一无线热点的安全性为非安全之后,所述方法还包括:The method of claim 2, wherein after determining that the security of the first wireless hotspot is non-secure, the method further comprises:
    在尚未请求将用户设备接入所述第一无线热点的情况下,不再执行请求将所述用户设备接入所述第一无线热点的操作;和/或If the user equipment is not requested to access the first wireless hotspot, the operation of requesting the user equipment to access the first wireless hotspot is not performed; and/or
    在已请求将用户设备接入所述第一无线热点的情况下,终止执行请求将所述用户设备接入所述第一无线热点的操作。In the case that the user equipment is requested to access the first wireless hotspot, the operation of requesting the user equipment to access the first wireless hotspot is terminated.
  4. 根据权利要求2所述的方法,其中,在确定所述第一无线热点的安全性为非安全之后,所述方法还包括:The method of claim 2, wherein after determining that the security of the first wireless hotspot is non-secure, the method further comprises:
    启动用户设备的热点广播,并广播所述广播消息。A hotspot broadcast of the user equipment is initiated and the broadcast message is broadcast.
  5. 根据权利要求2至4中任一项所述的方法,其中,在确定所述第一无线热点的安全性为安全之后,所述方法还包括:The method according to any one of claims 2 to 4, wherein after determining that the security of the first wireless hotspot is secure, the method further comprises:
    将用户设备接入所述第一无线热点。The user equipment is accessed to the first wireless hotspot.
  6. 根据权利要求5所述的方法,其中,在将所述用户设备接入所述第一无线热点之前或者之后,所述方法还包括:The method of claim 5, wherein before or after the user equipment is connected to the first wireless hotspot, the method further comprises:
    发送预关联请求至所述第一无线热点,其中,所述预关联请求用于请求所述第一无线热点的身份信息;Sending a pre-association request to the first wireless hotspot, where the pre-association request is used to request identity information of the first wireless hotspot;
    接收所述第一无线热点响应于所述预关联请求的预关联响应,其中,所述预关联响应中携带有所述第一无线热点的所述身份信息,所述身份信息用于确定所述第一无线热点的安全等级。Receiving, by the first wireless hotspot, a pre-association response in response to the pre-association request, wherein the pre-association response carries the identity information of the first wireless hotspot, and the identity information is used to determine the The security level of the first wireless hotspot.
  7. 根据权利要求6所述的方法,其中, The method of claim 6 wherein
    发送所述预关联请求至所述第一无线热点还包括:在发送所述预关联请求时,启动计时器;The sending the pre-association request to the first wireless hotspot further includes: starting a timer when sending the pre-association request;
    其中,在发送所述预关联请求至所述第一无线热点之后,所述方法还包括:判断在所述计时器超时后,是否收到所述预关联响应;在所述计时器超时且未收到所述预关联响应的情况下,确定所述第一无线热点的所述安全等级为低安全等级。After the sending the pre-association request to the first wireless hotspot, the method further includes: determining whether the pre-association response is received after the timer expires; when the timer expires and not When the pre-association response is received, determining that the security level of the first wireless hotspot is a low security level.
  8. 根据权利要求7所述的方法,其中,在所述用户设备接入的所述第一无线热点的所述安全等级为所述低安全等级的情况下,所述方法还包括:The method of claim 7, wherein, in a case that the security level of the first wireless hotspot accessed by the user equipment is the low security level, the method further comprises:
    在所述用户设备的进程发起联网请求的情况下,判断所述第一无线热点的所述安全等级是否低于所述进程所要求的安全等级;If the process of the user equipment initiates a network connection request, determining whether the security level of the first wireless hotspot is lower than a security level required by the process;
    在所述安全等级低于所述进程所要求的安全等级的情况下,通过蜂窝网络对所述进程进行联网。The process is networked over the cellular network if the security level is lower than the security level required by the process.
  9. 根据权利要求5所述的方法,其中,在将所述用户设备接入所述第一无线热点之后,所述方法还包括:The method of claim 5, wherein after the user equipment is connected to the first wireless hotspot, the method further comprises:
    发送所述第一无线热点的安全性评价至服务器。Sending a security evaluation of the first wireless hotspot to the server.
  10. 一种无线热点安全性检测装置,包括:A wireless hotspot security detecting device includes:
    接收模块,设置为接收至少一个无线热点的广播消息,其中,所述广播消息包括:热点标识、具有所述热点标识的第一无线热点的安全性信息;a receiving module, configured to receive a broadcast message of the at least one wireless hotspot, where the broadcast message includes: a hotspot identifier, and security information of the first wireless hotspot having the hotspot identifier;
    确定模块,设置为根据所述安全性信息,确定所述第一无线热点的安全性。And a determining module, configured to determine security of the first wireless hotspot according to the security information.
  11. 根据权利要求10所述的装置,其中,所述确定模块设置为:The apparatus of claim 10 wherein said determining module is configured to:
    在所述安全性信息指示所述第一无线热点的安全性为非安全的情况下,确定所述第一无线热点的安全性为非安全;和/或Determining that the security of the first wireless hotspot is non-secure if the security information indicates that the security of the first wireless hotspot is non-secure; and/or
    在所述安全性信息指示所述第一无线热点的安全性为安全的情况下,确定所述第一无线热点的安全性为安全。And determining that the security of the first wireless hotspot is safe if the security information indicates that the security of the first wireless hotspot is secure.
  12. 根据权利要求11所述的装置,其中,所述装置还包括:The apparatus of claim 11 wherein said apparatus further comprises:
    处理模块,设置为在确定所述第一无线热点的安全性为非安全之后:在尚未请求将用户设备接入所述第一无线热点的情况下,不再执行请求将所述用户设备接入所述第一无线热点的操作;和/或在已请求将用户设备接入所述第一无线热点的情况下,终止执行请求将所述用户设备接入所述第一无线热点的操作。a processing module, configured to: after determining that the security of the first wireless hotspot is non-secure: if the user equipment is not requested to access the first wireless hotspot, the request is not performed to access the user equipment The operation of the first wireless hotspot; and/or the operation of requesting the user equipment to access the first wireless hotspot if the user equipment has been requested to access the first wireless hotspot.
  13. 根据权利要求11所述的装置,其中,所述装置还包括:The apparatus of claim 11 wherein said apparatus further comprises:
    广播模块,设置为在确定所述第一无线热点的安全性为非安全之后,启动用户设备的热点广播,并广播所述广播消息。 And a broadcast module, configured to: after determining that the security of the first wireless hotspot is non-secure, initiate a hotspot broadcast of the user equipment, and broadcast the broadcast message.
  14. 根据权利要求11至13中任一项所述的装置,其中,所述装置还包括:The device according to any one of claims 11 to 13, wherein the device further comprises:
    接入模块,设置为在确定所述第一无线热点的安全性为安全之后,将用户设备接入所述第一无线热点。The access module is configured to: after determining that the security of the first wireless hotspot is secure, access the user equipment to the first wireless hotspot.
  15. 根据权利要求14所述的装置,其中,所述装置还包括:The apparatus of claim 14 wherein said apparatus further comprises:
    预关联请求发送模块,设置为在将所述用户设备接入所述第一无线热点之前或者之后,发送预关联请求至所述第一无线热点,其中,所述预关联请求用于请求所述第一无线热点的身份信息;a pre-association request sending module, configured to send a pre-association request to the first wireless hotspot before or after the user equipment accesses the first wireless hotspot, wherein the pre-association request is used to request the Identity information of the first wireless hotspot;
    预关联响应接收模块,设置为接收所述第一无线热点响应于所述预关联请求的预关联响应,其中,所述预关联响应中携带有所述第一无线热点的所述身份信息,所述身份信息用于确定所述第一无线热点的安全等级。a pre-association response receiving module, configured to receive a pre-association response of the first wireless hotspot in response to the pre-association request, where the pre-association response carries the identity information of the first wireless hotspot, The identity information is used to determine a security level of the first wireless hotspot.
  16. 根据权利要求15所述的装置,其中,The device according to claim 15, wherein
    所述预关联请求发送模块还设置为:在发送所述预关联请求时,启动计时器;The pre-association request sending module is further configured to: when the pre-association request is sent, start a timer;
    其中,所述装置还包括:预关联响应判断模块,设置为在发送所述预关联请求至所述第一无线热点之后,判断在所述计时器超时后,是否收到所述预关联响应;安全等级确定模块,设置为在所述计时器超时且未收到所述预关联响应的情况下,确定所述第一无线热点的所述安全等级为低安全等级。The device further includes: a pre-association response determining module, configured to determine whether the pre-association response is received after the timer expires after sending the pre-association request to the first wireless hotspot; The security level determining module is configured to determine that the security level of the first wireless hotspot is a low security level if the timer expires and the pre-association response is not received.
  17. 根据权利要求16所述的装置,其中,所述装置还包括:The apparatus of claim 16 wherein said apparatus further comprises:
    安全等级判断模块,设置为在所述用户设备接入的所述第一无线热点的所述安全等级为所述低安全等级且所述用户设备的进程发起联网请求的情况下,判断所述第一无线热点的所述安全等级是否低于所述进程所要求的安全等级;a security level determining module, configured to determine that the security level of the first wireless hotspot accessed by the user equipment is the low security level and the process of the user equipment initiates a networking request Whether the security level of a wireless hotspot is lower than a security level required by the process;
    联网模块,设置为在所述安全等级低于所述进程所要求的安全等级的情况下,通过蜂窝网络对所述进程进行联网。A networking module is arranged to network the process over a cellular network if the security level is lower than a security level required by the process.
  18. 根据权利要求14所述的装置,其中,所述装置还包括:The apparatus of claim 14 wherein said apparatus further comprises:
    安全性评价发送模块,设置为在将所述用户设备接入所述第一无线热点之后,发送所述第一无线热点的安全性评价至服务器。The security evaluation sending module is configured to send the security evaluation of the first wireless hotspot to the server after the user equipment is accessed by the first wireless hotspot.
  19. 一种用户设备,包括:如权利要求10至18中任一项所述的无线热点安全性检测装置。 A user equipment comprising: the wireless hotspot security detecting apparatus according to any one of claims 10 to 18.
PCT/CN2015/092218 2015-07-28 2015-10-19 Method, device and user equipment for testing security of wireless hotspot WO2016131289A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510451434.8 2015-07-28
CN201510451434.8A CN106385683A (en) 2015-07-28 2015-07-28 Wireless hot spot safety detection method, apparatus and user equipment thereof

Publications (1)

Publication Number Publication Date
WO2016131289A1 true WO2016131289A1 (en) 2016-08-25

Family

ID=56688686

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/092218 WO2016131289A1 (en) 2015-07-28 2015-10-19 Method, device and user equipment for testing security of wireless hotspot

Country Status (2)

Country Link
CN (1) CN106385683A (en)
WO (1) WO2016131289A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE1025148B1 (en) * 2017-09-12 2018-11-20 Telenet Besloten Vennootschap Met Beperkte Aansprakelijkheid METHOD FOR CONNECTING TO AN ACCESS POINT EQUIPPED WITH A PUBLIC AND PRIVATE WIRELESS NETWORK CONNECTION
CN108848066A (en) * 2018-05-25 2018-11-20 上海思愚智能科技有限公司 A kind of communication means of terminal, terminal and storage medium
CN110022560A (en) * 2019-01-16 2019-07-16 阿里巴巴集团控股有限公司 Network environment monitoring method, system, device and electronic equipment
CN111698693A (en) * 2020-06-08 2020-09-22 浙江大华技术股份有限公司 Wireless network distribution method, device and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107182055B (en) * 2017-06-22 2021-01-26 深圳传音通讯有限公司 Mobile terminal network connection processing method and mobile terminal
CN111148103A (en) * 2018-11-06 2020-05-12 奇酷互联网络科技(深圳)有限公司 Method for detecting safety connectivity of Bluetooth device, mobile terminal and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140165180A1 (en) * 2012-12-06 2014-06-12 Mark Sauther Secure Identification of Internet Hotspots for the Passage of Sensitive Information
WO2015042917A1 (en) * 2013-09-29 2015-04-02 华为技术有限公司 Wireless secure access method, apparatus and system
CN104506561A (en) * 2015-01-13 2015-04-08 深圳市中兴移动通信有限公司 Terminal data access control method and device
CN104519490A (en) * 2013-09-27 2015-04-15 中兴通讯股份有限公司 WIFI (wireless fidelity) connection method, WIFI connection device, mobile terminal and system
CN104540183A (en) * 2014-12-03 2015-04-22 北京奇虎科技有限公司 Control method and control device for wireless hotspots

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140165180A1 (en) * 2012-12-06 2014-06-12 Mark Sauther Secure Identification of Internet Hotspots for the Passage of Sensitive Information
CN104519490A (en) * 2013-09-27 2015-04-15 中兴通讯股份有限公司 WIFI (wireless fidelity) connection method, WIFI connection device, mobile terminal and system
WO2015042917A1 (en) * 2013-09-29 2015-04-02 华为技术有限公司 Wireless secure access method, apparatus and system
CN104540183A (en) * 2014-12-03 2015-04-22 北京奇虎科技有限公司 Control method and control device for wireless hotspots
CN104506561A (en) * 2015-01-13 2015-04-08 深圳市中兴移动通信有限公司 Terminal data access control method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE1025148B1 (en) * 2017-09-12 2018-11-20 Telenet Besloten Vennootschap Met Beperkte Aansprakelijkheid METHOD FOR CONNECTING TO AN ACCESS POINT EQUIPPED WITH A PUBLIC AND PRIVATE WIRELESS NETWORK CONNECTION
CN108848066A (en) * 2018-05-25 2018-11-20 上海思愚智能科技有限公司 A kind of communication means of terminal, terminal and storage medium
CN108848066B (en) * 2018-05-25 2021-07-13 上海芯爱智能科技有限公司 Terminal communication method, terminal and storage medium
CN110022560A (en) * 2019-01-16 2019-07-16 阿里巴巴集团控股有限公司 Network environment monitoring method, system, device and electronic equipment
CN111698693A (en) * 2020-06-08 2020-09-22 浙江大华技术股份有限公司 Wireless network distribution method, device and storage medium
CN111698693B (en) * 2020-06-08 2023-08-01 浙江大华技术股份有限公司 Wireless distribution network method, device and storage medium

Also Published As

Publication number Publication date
CN106385683A (en) 2017-02-08

Similar Documents

Publication Publication Date Title
WO2016131289A1 (en) Method, device and user equipment for testing security of wireless hotspot
WO2016078301A1 (en) Wireless network access method and access apparatus, client and storage medium
RU2546610C1 (en) Method of determining unsafe wireless access point
CN102017677B (en) Access through non-3GPP access networks
US9553897B2 (en) Method and computer device for monitoring wireless network
US8594632B1 (en) Device to-device (D2D) discovery without authenticating through cloud
EP3122144B1 (en) Device and method for accessing wireless network
JP5523632B2 (en) WiFi communication implementation method, user equipment, and wireless router
KR101743195B1 (en) Method and apparatus for providing information, program and recording medium
US10405363B2 (en) D2D mode B discovery security method, terminal and system, and storage medium
KR20160114620A (en) Methods, devices and systems for dynamic network access administration
WO2017125025A1 (en) Call method, device, system, and storage medium
CN107979864B (en) Access method, device and system of access point
US10750369B2 (en) Method, apparatus, and platform for sharing wireless local area network
WO2017219748A1 (en) Method and device for access permission determination and page access
CN106792694B (en) Access authentication method and access equipment
CN108293259A (en) A kind of processing of NAS message, cell list update method and equipment
WO2013185709A1 (en) Call authentication method, device, and system
CN107659935B (en) Authentication method, authentication server, network management system and authentication system
US20150026787A1 (en) Authentication method, device and system for user equipment
US20170164189A1 (en) Mic Verification Method in D2D Communications and D2D Communications System
CN111031545A (en) Wireless network access control method and device, relay equipment and electronic equipment
CN111770094B (en) Access control method of wireless network and related device
WO2018196463A1 (en) Method and apparatus for network access, storage medium, and processor
US20220408253A1 (en) Method and System for Authenticating a Base Station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15882428

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15882428

Country of ref document: EP

Kind code of ref document: A1