WO2017121159A1 - Authentication method and system for accessing home gateway in wpa /wpa2 authentication mode - Google Patents

Authentication method and system for accessing home gateway in wpa /wpa2 authentication mode Download PDF

Info

Publication number
WO2017121159A1
WO2017121159A1 PCT/CN2016/102804 CN2016102804W WO2017121159A1 WO 2017121159 A1 WO2017121159 A1 WO 2017121159A1 CN 2016102804 W CN2016102804 W CN 2016102804W WO 2017121159 A1 WO2017121159 A1 WO 2017121159A1
Authority
WO
WIPO (PCT)
Prior art keywords
home gateway
authentication
access device
feature information
wpa
Prior art date
Application number
PCT/CN2016/102804
Other languages
French (fr)
Chinese (zh)
Inventor
王志军
李长春
Original Assignee
烽火通信科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 烽火通信科技股份有限公司 filed Critical 烽火通信科技股份有限公司
Publication of WO2017121159A1 publication Critical patent/WO2017121159A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of home gateway access authentication, and in particular to a method and system for authenticating a home gateway that accesses the WPA/WPA2 authentication mode.
  • the home gateway is a high-tech product brought to people by the information age. With the existing computer network technology, the home gateway can connect various home appliances and devices in the home and provide various services through the network. With the development of communication technology, home gateway products have been widely used in social families. Mobile phones, PADs, and intelligent OTTs (Over The Top, which provide various application services to users through the Internet) are all communication devices that people often use. These communication devices use wireless technologies such as WiFi to access the home gateway, thereby realizing the Internet.
  • the communication device needs to be authenticated when accessing the home gateway by wireless.
  • the authentication method is generally WPA/WPA2 (Wi-Fi Protected Access), which requires an input access password. Complete WPA/WPA2 authentication to access the communication device to the home gateway.
  • the authentication method can identify the identity of the accessor, and only allows legitimate persons to access the network, and the security is high.
  • the access device When the access device accesses the home gateway through the wireless network and authenticates, the access device needs to search for or enter the SSID (Service Set Identifier) of the home gateway, and then input the access password (for example, pop up the Web on the communication device).
  • the page allows the user to enter a username and password, the set-top box device needs to enter a password via the remote control, etc.).
  • the above certification The process is cumbersome and inconvenient for people to use.
  • the technical problem solved by the present invention is to simplify the authentication process when the device accesses the home gateway and ensure network security.
  • the invention not only has a simple implementation process, but also controls the use cost, and provides a good expandability for the authentication method of the home gateway in the future.
  • the present invention provides a method for authenticating a home gateway that accesses a WPA/WPA2 authentication mode, and the method includes the following steps:
  • S1 acquiring feature information of an access device that needs to access the home gateway, storing the feature information to the home gateway, and going to S2;
  • S2 After the access device that needs to access the home gateway is started, request the access authentication from the home gateway, and go to S3;
  • S3 The home gateway determines whether the feature information of the current access device is stored, and if yes, go to S4, otherwise go to S5;
  • S4 The home gateway authenticates the current access device successfully.
  • the home gateway fails to authenticate the current access device, and the home gateway re-authenticates the current access device by using WPA/WPA2 authentication.
  • the specific process of the S1 is: binding the mobile phone to the home gateway set with the WPA/WPA2 authentication mode, and obtaining the access device that needs to access the home gateway through the mobile phone.
  • the method for obtaining the feature information of the access device of the access device by using the mobile phone is: scanning or photographing the two-dimensional code label of the access device by using the mobile phone, and acquiring the characteristics of the access device information.
  • the two-dimensional code label is dynamically generated by an existing method.
  • the manner of obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: manually inputting the feature information of the access device on the mobile phone.
  • the manner of obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: establishing a remote server storing the feature information of the access device that needs to access the home gateway, by using the mobile phone Obtain the feature information of the access device from the remote server.
  • the specific process of the S2 is: after the access device is started, searching for the SSID of the home gateway, and requesting access authentication for the home gateway according to the SSID.
  • the home gateway in the S5 authenticates the current access device by using the WPA/WPA2 authentication mode, if the authentication succeeds, the current access device is accessed. If the authentication fails, the current access device is not accessed. Access device.
  • the present invention provides an authentication system for a home gateway that accesses a WPA/WPA2 authentication mode based on the above method, the system includes a feature information acquisition module, and a pre-authorization module and an authentication module disposed in the home gateway;
  • the feature information acquiring module is configured to: bind to a home gateway that is configured with a WPA/WPA2 authentication mode, acquire feature information of an access device that needs to access the home gateway, and send the feature information to the pre-authorization module;
  • the pre-authorization module is configured to: store feature information sent by the feature information acquiring module; and when receiving the feature information retrieval signal sent by the authentication module, retrieve corresponding feature information, and if the retrieval is successful, send a retrieval success signal to the authentication module, if If the retrieval fails, a retrieval failure signal is sent to the authentication module;
  • the authentication module is configured to: when the access device requests the access authentication from the home gateway, send the feature information retrieval signal to the pre-authorization module; when the retrieval success signal sent by the pre-authorization module is received, the current access device is authenticated and accessed. Current access device; received pre-authorization module When the search failure signal is sent, the current access device fails to be authenticated, and the current access device is re-authenticated through the WPA/WPA2 authentication mode.
  • the feature information acquiring module is disposed in a mobile phone.
  • the present invention stores the feature information code of the access device to the home gateway (ie, pre-authorization) before the access device accesses the home gateway, and the home gateway device can identify the access according to the feature information code of the access device. Whether the device has been pre-authorized. For an access device that has completed the pre-authorization, the user gateway can be accessed without inputting a password or inputting any password. Compared with the authentication method in the prior art that requires an access password, the authentication process of the present invention is compared. Simple and easy for people to use.
  • the present invention still needs to complete the password verification according to the traditional WPA/WPA2 authentication mode for the access device that has not completed the pre-authorization. After the password verification is passed, the Internet access right can be obtained, and the network security is ensured.
  • the authentication method and system proposed by the present invention are mainly directed to an embedded device in which the input password is inconvenient, a smart home device, etc., by modifying the key negotiation process in the wireless access protocol flow of the device, having a small change, the implementation process It's simpler and controls the cost of use.
  • the authentication method of the present invention can be applied not only to WiFi access but also to the home gateway to access various devices by other means, such as wired, Zigbee (low-power LAN protocol based on IEEE802.15.4 standard, That is, the purple bee protocol), Bluetooth, and the like. Therefore, the present invention is not only a supplement to the existing authentication method, but also provides a good expandability for the authentication method of the home gateway in the future.
  • Zigbee low-power LAN protocol based on IEEE802.15.4 standard, That is, the purple bee protocol
  • Bluetooth and the like. Therefore, the present invention is not only a supplement to the existing authentication method, but also provides a good expandability for the authentication method of the home gateway in the future.
  • FIG. 1 is a schematic diagram of a home gateway connected to a WPA/WPA2 authentication mode according to an embodiment of the present invention
  • the authentication method of the home gateway that accesses the WPA/WPA2 authentication mode in the embodiment of the present invention is implemented by using a mobile phone, and the method specifically includes the following steps:
  • S1 Binding the mobile phone to the home gateway that is configured with the WPA/WPA2 authentication mode; pre-authorization: obtaining the feature information of the access device that needs to access the home gateway through the mobile phone (the access device is the set-top box in this embodiment), and the feature information It may be a MAC (Media Access Control, Media Layer) address or other information of the access device; store the feature information to the home gateway, and go to S2.
  • pre-authorization obtaining the feature information of the access device that needs to access the home gateway through the mobile phone (the access device is the set-top box in this embodiment), and the feature information It may be a MAC (Media Access Control, Media Layer) address or other information of the access device; store the feature information to the home gateway, and go to S2.
  • MAC Media Access Control, Media Layer
  • the manner in which the feature information of the access device accessing the home gateway is obtained by using the mobile phone in the S1 includes:
  • the two-dimensional code label (the two-dimensional code label can be dynamically generated by the existing method) of the access device is scanned or photographed by the mobile phone to obtain the feature information of the access device; the method is mainly for the wireless access device, for example, In the present embodiment, mode 1 is used for PAD, mobile phone, and the like.
  • the pre-authorization link can be added in the absence of any access authentication, and the MAC address of the PC is manually stored as a feature information on the mobile phone to the home gateway.
  • the specific process of the S2 is: after the access device is started, searching for the SSID of the home gateway, and requesting access authentication for the home gateway according to the SSID.
  • S3 The home gateway determines whether the feature information of the current access device is stored, and if yes, go to S4, otherwise go to S5.
  • S4 The home gateway authenticates the current access device successfully, accesses the current access device, and the current access device works normally.
  • the home gateway fails to authenticate the current access device, and the home gateway re-authenticates the current access device by using WPA/WPA2 authentication. If the authentication is successful, the home gateway accesses the current access device in the WPA/WPA2 authentication mode. If the authentication fails, the current access device is not accessed.
  • the working method of the authentication method of the home gateway in the WPA/WPA2 authentication mode in the embodiment of the present invention is as follows: before the access device accesses the home gateway, the mobile phone has stored the feature information of the access device to the home gateway (ie, Authorization).
  • the home gateway device sets the encrypted WPA/WPA2 authentication mode, the home gateway performs key agreement with the feature information of the access device, and the process is related to the existing WPA.
  • the main difference between the encryption modes is that the access device uses its own feature information as the basis for key negotiation, thus completing the subsequent key negotiation process of WPA and establishing a secure encryption channel.
  • the home gateway device can identify whether the access device has been pre-authorized according to the feature information of the access device:
  • the home gateway stores the feature information of the (wired and wireless) access device, the access device has completed the pre-authorization.
  • the home gateway does not need to verify the password input by the user (that is, the user can input any password. ), directly authenticate the access device, And grant access to the device's Internet access.
  • the access device does not complete the pre-authorization.
  • the password verification is performed according to the WPA/WPA2 authentication mode. Get Internet access.
  • the authentication system of the home gateway that accesses the WPA/WPA2 authentication mode based on the above method in the embodiment of the present invention includes a feature information acquisition module installed in the mobile phone, and a pre-authorization module and an authentication module installed in the home gateway.
  • the feature information obtaining module is configured to: bind to the home gateway that is configured with the WPA/WPA2 authentication mode, obtain feature information of the access device that needs to access the home gateway, and send the feature information to the pre-authorization module.
  • the pre-authorization module is configured to: store the feature information sent by the feature information acquiring module; when receiving the feature information retrieval signal sent by the authentication module, retrieve the corresponding feature information, and if the retrieval is successful, send a retrieval success signal to the authentication module, if the retrieval fails , a search failure signal is sent to the authentication module.
  • the authentication module is configured to: when the access device requests the access authentication from the home gateway, send the feature information retrieval signal to the pre-authorization module; when the retrieval success signal sent by the pre-authorization module is received, the current access device is authenticated and accessed. If the current access device fails to receive the search failure signal sent by the pre-authorization module, the current access device fails to be authenticated, and the current access device is re-authenticated through the WPA/WPA2 authentication mode.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to the field of home gateway access authentication, and discloses an authentication method and system for accessing a home gateway in a WPA /WPA2 authentication mode. The method comprises the following steps: S1: acquiring feature information of an access device that needs to access a home gateway, and storing the feature information in the home gateway; S2: after the access device that needs to access the home gateway is turned on, requesting the home gateway to perform access authentication; and S3: determining, by the home gateway, whether the feature information of the current access device is stored therein, if so, determining, by the home gateway, that authentication of the current access device succeeds, and otherwise, determining, by the home gateway, that authentication of the current access device fails, and performing again, by the home gateway and using WPA/WPA2 authentication, authentication on the current access device. The present invention can ensure network security while simplifying an authentication process when a device accesses a home gateway, so that an implementation process is simple and use costs are controlled, providing good extensibility of an authentication method for a home gateway.

Description

接入WPA/WPA2认证模式的家庭网关的认证方法及系统Home gateway authentication method and system for accessing WPA/WPA2 authentication mode 技术领域Technical field
本发明涉及家庭网关接入认证领域,具体涉及一种接入WPA/WPA2认证模式的家庭网关的认证方法及系统。The present invention relates to the field of home gateway access authentication, and in particular to a method and system for authenticating a home gateway that accesses the WPA/WPA2 authentication mode.
背景技术Background technique
家庭网关是信息时代带给人们的高科技产物,家庭网关借助现有的计算机网络技术,能够将家庭内各种家电和设备连网,通过网络为人们提供各种服务。随着通信技术的发展,家庭网关产品已经广泛应用于社会家庭之中。手机、PAD、智能OTT(Over The Top,通过互联网向用户提供各种应用服务)设备均属于人们经常使用的通信设备,上述通信设备均采用WiFi等无线技术接入至家庭网关,从而实现互联网的功能。The home gateway is a high-tech product brought to people by the information age. With the existing computer network technology, the home gateway can connect various home appliances and devices in the home and provide various services through the network. With the development of communication technology, home gateway products have been widely used in social families. Mobile phones, PADs, and intelligent OTTs (Over The Top, which provide various application services to users through the Internet) are all communication devices that people often use. These communication devices use wireless technologies such as WiFi to access the home gateway, thereby realizing the Internet. Features.
目前,通信设备通过无线方式接入家庭网关时需要认证,认证方法一般为WPA/WPA2(Wi-Fi Protected Access,保护无线电脑网络安全系统)认证方式,该认证方式需要输入接入密码,才能够完成WPA/WPA2认证,以此接入通信设备至家庭网关。该认证方法能够识别接入者的身份,只允许合法者接入至网络中,安全性较高。At present, the communication device needs to be authenticated when accessing the home gateway by wireless. The authentication method is generally WPA/WPA2 (Wi-Fi Protected Access), which requires an input access password. Complete WPA/WPA2 authentication to access the communication device to the home gateway. The authentication method can identify the identity of the accessor, and only allows legitimate persons to access the network, and the security is high.
但是,上述认证方法使用时,存在以下不足:However, when the above authentication method is used, there are the following disadvantages:
接入设备通过无线网络接入家庭网关并认证时,接入设备需要先搜索、或者输入家庭网关的SSID(Service Set Identifier,服务集标识),然后输入接入密码(例如在通信设备上弹出Web页面让用户输入用户名和密码、机顶盒设备需要通过遥控器输入密码等)。上述认证过 程比较繁琐,不便于人们使用。When the access device accesses the home gateway through the wireless network and authenticates, the access device needs to search for or enter the SSID (Service Set Identifier) of the home gateway, and then input the access password (for example, pop up the Web on the communication device). The page allows the user to enter a username and password, the set-top box device needs to enter a password via the remote control, etc.). The above certification The process is cumbersome and inconvenient for people to use.
发明内容Summary of the invention
针对现有技术中存在的缺陷,本发明解决的技术问题为:简化设备接入家庭网关时的认证过程的同时,保证网络安全。本发明不仅实施过程比较简单,而且控制了使用成本,为以后家庭网关的认证方法提供了良好的拓展性。The technical problem solved by the present invention is to simplify the authentication process when the device accesses the home gateway and ensure network security. The invention not only has a simple implementation process, but also controls the use cost, and provides a good expandability for the authentication method of the home gateway in the future.
为达到以上目的,本发明提供的接入WPA/WPA2认证模式的家庭网关的认证方法,该方法包括以下步骤:To achieve the above objective, the present invention provides a method for authenticating a home gateway that accesses a WPA/WPA2 authentication mode, and the method includes the following steps:
S1:获取需要接入家庭网关的接入设备的特征信息,将特征信息存储至家庭网关,转到S2;S1: acquiring feature information of an access device that needs to access the home gateway, storing the feature information to the home gateway, and going to S2;
S2:需要接入家庭网关的接入设备启动后,向家庭网关请求接入认证,转到S3;S2: After the access device that needs to access the home gateway is started, request the access authentication from the home gateway, and go to S3;
S3:家庭网关判断是否储存有当前接入设备的特征信息,若是,转到S4,否则转到S5;S3: The home gateway determines whether the feature information of the current access device is stored, and if yes, go to S4, otherwise go to S5;
S4:家庭网关认证当前接入设备成功;S4: The home gateway authenticates the current access device successfully.
S5:家庭网关认证当前接入设备失败,家庭网关通过WPA/WPA2认证方式重新对当前接入设备进行认证。S5: The home gateway fails to authenticate the current access device, and the home gateway re-authenticates the current access device by using WPA/WPA2 authentication.
在上述技术方案的基础上,S1的具体流程为:将手机与设置有WPA/WPA2认证模式的家庭网关绑定,通过手机获取需要接入家庭网关的接入设备。On the basis of the foregoing technical solution, the specific process of the S1 is: binding the mobile phone to the home gateway set with the WPA/WPA2 authentication mode, and obtaining the access device that needs to access the home gateway through the mobile phone.
在上述技术方案的基础上,所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:通过手机对接入设备的二维码标签进行扫描或者拍照,获取接入设备的特征信息。On the basis of the foregoing technical solution, the method for obtaining the feature information of the access device of the access device by using the mobile phone is: scanning or photographing the two-dimensional code label of the access device by using the mobile phone, and acquiring the characteristics of the access device information.
在上述技术方案的基础上,所述二维码标签通过现有的方式动态生成。 Based on the above technical solution, the two-dimensional code label is dynamically generated by an existing method.
在上述技术方案的基础上,所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:在手机上手动输入接入设备的特征信息。On the basis of the foregoing technical solution, the manner of obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: manually inputting the feature information of the access device on the mobile phone.
在上述技术方案的基础上,所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:建立存储有需要接入家庭网关的接入设备的特征信息的远端服务器,通过手机从远端服务器获取接入设备的特征信息。On the basis of the foregoing technical solution, the manner of obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: establishing a remote server storing the feature information of the access device that needs to access the home gateway, by using the mobile phone Obtain the feature information of the access device from the remote server.
在上述技术方案的基础上,S2的具体流程为:接入设备启动后,搜索家庭网关的SSID,根据该SSID对该家庭网关请求接入认证。On the basis of the foregoing technical solution, the specific process of the S2 is: after the access device is started, searching for the SSID of the home gateway, and requesting access authentication for the home gateway according to the SSID.
在上述技术方案的基础上,S5中所述家庭网关通过WPA/WPA2认证方式对当前接入设备进行认证时,若认证成功,则接入当前接入设备,若认证失败,则不接入当前接入设备。On the basis of the foregoing technical solution, when the home gateway in the S5 authenticates the current access device by using the WPA/WPA2 authentication mode, if the authentication succeeds, the current access device is accessed. If the authentication fails, the current access device is not accessed. Access device.
本发明提供的基于上述方法的接入WPA/WPA2认证模式的家庭网关的认证系统,该系统包括特征信息获取模块、以及设置于家庭网关中的预授权模块和认证模块;The present invention provides an authentication system for a home gateway that accesses a WPA/WPA2 authentication mode based on the above method, the system includes a feature information acquisition module, and a pre-authorization module and an authentication module disposed in the home gateway;
所述特征信息获取模块用于:与设置有WPA/WPA2认证模式的家庭网关绑定,获取需要接入家庭网关的接入设备的特征信息,将特征信息发送至预授权模块;The feature information acquiring module is configured to: bind to a home gateway that is configured with a WPA/WPA2 authentication mode, acquire feature information of an access device that needs to access the home gateway, and send the feature information to the pre-authorization module;
所述预授权模块用于:储存特征信息获取模块发送的特征信息;收到认证模块发送的特征信息检索信号时,检索相应的特征信息,若检索成功,则向认证模块发送检索成功信号,若检索失败,则向认证模块发送检索失败信号;The pre-authorization module is configured to: store feature information sent by the feature information acquiring module; and when receiving the feature information retrieval signal sent by the authentication module, retrieve corresponding feature information, and if the retrieval is successful, send a retrieval success signal to the authentication module, if If the retrieval fails, a retrieval failure signal is sent to the authentication module;
认证模块用于:当接入设备向家庭网关请求接入认证时,向预授权模块发送特征信息检索信号;收到预授权模块发送的检索成功信号时,则认证当前接入设备成功,接入当前接入设备;收到预授权模块 发送的检索失败信号时,则认证当前接入设备失败,通过WPA/WPA2认证方式重新对当前接入设备进行认证。The authentication module is configured to: when the access device requests the access authentication from the home gateway, send the feature information retrieval signal to the pre-authorization module; when the retrieval success signal sent by the pre-authorization module is received, the current access device is authenticated and accessed. Current access device; received pre-authorization module When the search failure signal is sent, the current access device fails to be authenticated, and the current access device is re-authenticated through the WPA/WPA2 authentication mode.
在上述技术方案的基础上,所述特征信息获取模块设置于手机中。Based on the foregoing technical solution, the feature information acquiring module is disposed in a mobile phone.
与现有技术相比,本发明的优点在于:The advantages of the present invention over the prior art are:
(1)本发明在接入设备接入家庭网关之前,已经将接入设备的特征信息码存储至家庭网关(即预授权),家庭网关设备能够根据接入设备的特征信息码,识别接入设备是否已经预授权。对于已经完成预授权的接入设备,则无需输入密码或输入任意密码均能够接入家庭网关,与现有技术中需要输入接入密码的认证方法相比,本发明接入时的认证过程比较简单,便于人们使用。(1) The present invention stores the feature information code of the access device to the home gateway (ie, pre-authorization) before the access device accesses the home gateway, and the home gateway device can identify the access according to the feature information code of the access device. Whether the device has been pre-authorized. For an access device that has completed the pre-authorization, the user gateway can be accessed without inputting a password or inputting any password. Compared with the authentication method in the prior art that requires an access password, the authentication process of the present invention is compared. Simple and easy for people to use.
与此同时,本发明对于未完成预授权的接入设备,依然需要根据传统的WPA/WPA2认证方式完成密码校验,当密码校验通过后,才能获得Internet访问权限,保证了网络安全。At the same time, the present invention still needs to complete the password verification according to the traditional WPA/WPA2 authentication mode for the access device that has not completed the pre-authorization. After the password verification is passed, the Internet access right can be obtained, and the network security is ensured.
(2)本发明提出的认证方法和系统主要针对输入密码不方便的嵌入式设备,智能家居设备等,通过修改该设备的无线接入协议流程中的密钥协商过程,具有改动小,实现过程比较简单,而且控制了使用成本。(2) The authentication method and system proposed by the present invention are mainly directed to an embedded device in which the input password is inconvenient, a smart home device, etc., by modifying the key negotiation process in the wireless access protocol flow of the device, having a small change, the implementation process It's simpler and controls the cost of use.
(3)本发明的认证发法可不仅局限于WiFi接入,还可应用于家庭网关通过其他方式来接入各种设备,例如有线、Zigbee(基于IEEE802.15.4标准的低功耗局域网协议,即紫蜂协议)、蓝牙等。因此,本发明既是现有认证方式的一种补充,也为以后家庭网关的认证方法提供了良好的拓展性。(3) The authentication method of the present invention can be applied not only to WiFi access but also to the home gateway to access various devices by other means, such as wired, Zigbee (low-power LAN protocol based on IEEE802.15.4 standard, That is, the purple bee protocol), Bluetooth, and the like. Therefore, the present invention is not only a supplement to the existing authentication method, but also provides a good expandability for the authentication method of the home gateway in the future.
附图说明DRAWINGS
图1为本发明实施例中接入WPA/WPA2认证模式的家庭网关的 认证方法的流程图。FIG. 1 is a schematic diagram of a home gateway connected to a WPA/WPA2 authentication mode according to an embodiment of the present invention; Flow chart of the authentication method.
具体实施方式detailed description
以下结合附图及实施例对本发明作进一步详细说明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments.
参见图1所示,本发明实施例中的接入WPA/WPA2认证模式的家庭网关的认证方法,以手机来实现,该方法具体包括以下步骤:As shown in FIG. 1 , the authentication method of the home gateway that accesses the WPA/WPA2 authentication mode in the embodiment of the present invention is implemented by using a mobile phone, and the method specifically includes the following steps:
S1:将手机与设置有WPA/WPA2认证模式的家庭网关绑定;预授权:通过手机获取需要接入家庭网关的接入设备(本实施例中接入设备为机顶盒)的特征信息,特征信息可以为接入设备的MAC(Media Access Control,媒体介入控制层,即物理层)地址或其他信息;将特征信息存储至家庭网关,转到S2。S1: Binding the mobile phone to the home gateway that is configured with the WPA/WPA2 authentication mode; pre-authorization: obtaining the feature information of the access device that needs to access the home gateway through the mobile phone (the access device is the set-top box in this embodiment), and the feature information It may be a MAC (Media Access Control, Media Layer) address or other information of the access device; store the feature information to the home gateway, and go to S2.
在实际应用中,S1中通过手机获取接入家庭网关的接入设备的特征信息的方式包括:In an actual application, the manner in which the feature information of the access device accessing the home gateway is obtained by using the mobile phone in the S1 includes:
1、通过手机对接入设备的二维码标签(二维码标签可通过现有的方式动态生成)进行扫描或者拍照,获取接入设备的特征信息;该方式主要针对无线接入设备,例如PAD、手机等,本实施例中使用方式1。1. The two-dimensional code label (the two-dimensional code label can be dynamically generated by the existing method) of the access device is scanned or photographed by the mobile phone to obtain the feature information of the access device; the method is mainly for the wireless access device, for example, In the present embodiment, mode 1 is used for PAD, mobile phone, and the like.
2、在手机上手动输入接入设备的特征信息,该方式主要针对有线接入设备。以PC(个人计算机)为例,可以在原有无任何接入认证的情况,增加预授权环节,在手机上手动将PC的MAC地址作为特征信息存储至家庭网关。2. Manually input the feature information of the access device on the mobile phone, and the method is mainly for the wired access device. Taking a PC (Personal Computer) as an example, the pre-authorization link can be added in the absence of any access authentication, and the MAC address of the PC is manually stored as a feature information on the mobile phone to the home gateway.
3、建立存储有需要接入家庭网关的接入设备的特征信息的远端服务器,通过手机从远端服务器获取接入设备的特征信息,该方式主要针对于一些应用场合中。例如手机无法通过上述方式1和2获取特征信息时,手机从接入设备的远端服务器直接获得该接入设备的特征信息,以便后续进行快速授权和认证。 3. Establish a remote server that stores the feature information of the access device that needs to access the home gateway, and obtain the feature information of the access device from the remote server through the mobile phone, which is mainly used in some applications. For example, when the mobile phone cannot obtain the feature information in the foregoing manners 1 and 2, the mobile phone directly obtains the feature information of the access device from the remote server of the access device, so as to perform fast authorization and authentication.
S2:需要接入家庭网关的接入设备启动后,向家庭网关请求接入认证,转到S3。S2: After the access device that needs to access the home gateway is started, request the access authentication from the home gateway, and go to S3.
S2的具体流程为:接入设备启动后,搜索家庭网关的SSID,根据该SSID对该家庭网关请求接入认证。The specific process of the S2 is: after the access device is started, searching for the SSID of the home gateway, and requesting access authentication for the home gateway according to the SSID.
S3:家庭网关判断是否储存有当前接入设备的特征信息,若是,转到S4,否则转到S5。S3: The home gateway determines whether the feature information of the current access device is stored, and if yes, go to S4, otherwise go to S5.
S4:家庭网关认证当前接入设备成功,接入当前接入设备,当前接入设备正常工作。S4: The home gateway authenticates the current access device successfully, accesses the current access device, and the current access device works normally.
S5:家庭网关认证当前接入设备失败,家庭网关通过WPA/WPA2认证方式重新对当前接入设备进行认证。S5中家庭网关通过WPA/WPA2认证方式若认证成功,则接入当前接入设备,若认证失败,则不接入当前接入设备。S5: The home gateway fails to authenticate the current access device, and the home gateway re-authenticates the current access device by using WPA/WPA2 authentication. If the authentication is successful, the home gateway accesses the current access device in the WPA/WPA2 authentication mode. If the authentication fails, the current access device is not accessed.
本发明实施例中的接入WPA/WPA2认证模式的家庭网关的认证方法的工作原理如下:在接入设备接入家庭网关之前,手机已经将接入设备的特征信息存储至家庭网关(即预授权)。当接入设备向家庭网关请求接入认证时,由于家庭网关设备设置的是加密的WPA/WPA2认证方式,因此家庭网关会与接入设备的特征信息进行密钥协商,该过程与现有WPA加密方式的主要不同在于,接入设备以自身的特征信息作为密钥协商的依据,从而完成WPA的后续密钥协商过程,建立安全的加密通道。The working method of the authentication method of the home gateway in the WPA/WPA2 authentication mode in the embodiment of the present invention is as follows: before the access device accesses the home gateway, the mobile phone has stored the feature information of the access device to the home gateway (ie, Authorization). When the access device requests the access authentication from the home gateway, since the home gateway device sets the encrypted WPA/WPA2 authentication mode, the home gateway performs key agreement with the feature information of the access device, and the process is related to the existing WPA. The main difference between the encryption modes is that the access device uses its own feature information as the basis for key negotiation, thus completing the subsequent key negotiation process of WPA and establishing a secure encryption channel.
由于家庭网关已经存储了接入设备的特征信息,因此家庭网关设备能够根据接入设备的特征信息,识别接入设备是否已经预授权:Since the home gateway has stored the feature information of the access device, the home gateway device can identify whether the access device has been pre-authorized according to the feature information of the access device:
若家庭网关存储有(有线和无线)接入设备的特征信息,则接入设备已经完成预授权,对于该接入设备认证时,家庭网关无需校验用户输入的密码(即用户可以输入任意密码),直接认证接入设备通过、 并许可接入设备的Internet访问权限。If the home gateway stores the feature information of the (wired and wireless) access device, the access device has completed the pre-authorization. When the access device is authenticated, the home gateway does not need to verify the password input by the user (that is, the user can input any password. ), directly authenticate the access device, And grant access to the device's Internet access.
若家庭网关未存储有接入设备的特征信息,则接入设备未完成预授权,对于该接入设备认证时,需要根据WPA/WPA2认证方式完成密码校验,当密码校验通过后,才能获得Internet访问权限。If the home gateway does not store the feature information of the access device, the access device does not complete the pre-authorization. For the authentication of the access device, the password verification is performed according to the WPA/WPA2 authentication mode. Get Internet access.
本发明实施例中的基于上述方法的接入WPA/WPA2认证模式的家庭网关的认证系统,包括设置于手机中的特征信息获取模块、以及设置于家庭网关中的预授权模块和认证模块。The authentication system of the home gateway that accesses the WPA/WPA2 authentication mode based on the above method in the embodiment of the present invention includes a feature information acquisition module installed in the mobile phone, and a pre-authorization module and an authentication module installed in the home gateway.
特征信息获取模块用于:与设置有WPA/WPA2认证模式的家庭网关绑定,获取需要接入家庭网关的接入设备的特征信息,将特征信息发送至预授权模块。The feature information obtaining module is configured to: bind to the home gateway that is configured with the WPA/WPA2 authentication mode, obtain feature information of the access device that needs to access the home gateway, and send the feature information to the pre-authorization module.
预授权模块用于:储存特征信息获取模块发送的特征信息;收到认证模块发送的特征信息检索信号时,检索相应的特征信息,若检索成功,则向认证模块发送检索成功信号,若检索失败,则向认证模块发送检索失败信号。The pre-authorization module is configured to: store the feature information sent by the feature information acquiring module; when receiving the feature information retrieval signal sent by the authentication module, retrieve the corresponding feature information, and if the retrieval is successful, send a retrieval success signal to the authentication module, if the retrieval fails , a search failure signal is sent to the authentication module.
认证模块用于:当接入设备向家庭网关请求接入认证时,向预授权模块发送特征信息检索信号;收到预授权模块发送的检索成功信号时,则认证当前接入设备成功,接入当前接入设备;收到预授权模块发送的检索失败信号时,则认证当前接入设备失败,通过WPA/WPA2认证方式重新对当前接入设备进行认证。The authentication module is configured to: when the access device requests the access authentication from the home gateway, send the feature information retrieval signal to the pre-authorization module; when the retrieval success signal sent by the pre-authorization module is received, the current access device is authenticated and accessed. If the current access device fails to receive the search failure signal sent by the pre-authorization module, the current access device fails to be authenticated, and the current access device is re-authenticated through the WPA/WPA2 authentication mode.
本发明不局限于上述实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围之内。本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。 The present invention is not limited to the above embodiments, and those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings are also considered as protection of the present invention. Within the scope. The contents not described in detail in the present specification belong to the prior art well known to those skilled in the art.

Claims (10)

  1. 一种接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于,该方法包括以下步骤:A method for authenticating a home gateway accessing a WPA/WPA2 authentication mode, the method comprising the steps of:
    S1:获取需要接入家庭网关的接入设备的特征信息,将特征信息存储至家庭网关,转到S2;S1: acquiring feature information of an access device that needs to access the home gateway, storing the feature information to the home gateway, and going to S2;
    S2:需要接入家庭网关的接入设备启动后,向家庭网关请求接入认证,转到S3;S2: After the access device that needs to access the home gateway is started, request the access authentication from the home gateway, and go to S3;
    S3:家庭网关判断是否储存有当前接入设备的特征信息,若是,转到S4,否则转到S5;S3: The home gateway determines whether the feature information of the current access device is stored, and if yes, go to S4, otherwise go to S5;
    S4:家庭网关认证当前接入设备成功;S4: The home gateway authenticates the current access device successfully.
    S5:家庭网关认证当前接入设备失败,家庭网关通过WPA/WPA2认证方式重新对当前接入设备进行认证。S5: The home gateway fails to authenticate the current access device, and the home gateway re-authenticates the current access device by using WPA/WPA2 authentication.
  2. 如权利要求1所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于,S1的具体流程为:将手机与设置有WPA/WPA2认证模式的家庭网关绑定,通过手机获取需要接入家庭网关的接入设备。The authentication method of the home gateway accessing the WPA/WPA2 authentication mode according to claim 1, wherein the specific process of the S1 is: binding the mobile phone to the home gateway set with the WPA/WPA2 authentication mode, and obtaining the mobile phone through the mobile phone. An access device that needs to access the home gateway.
  3. 如权利要求2所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于:所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:通过手机对接入设备的二维码标签进行扫描或者拍照,获取接入设备的特征信息。The authentication method of the home gateway accessing the WPA/WPA2 authentication mode according to claim 2, wherein the method for obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: accessing through the mobile phone The QR code label of the device is scanned or photographed to obtain the feature information of the access device.
  4. 如权利要求3所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于:所述二维码标签通过现有的方式动态生成。The method for authenticating a home gateway accessing the WPA/WPA2 authentication mode according to claim 3, wherein the two-dimensional code label is dynamically generated by an existing method.
  5. 如权利要求2所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于:所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:在手机上手动输入接入设备的特征信息。 The authentication method of the home gateway accessing the WPA/WPA2 authentication mode according to claim 2, wherein the method for obtaining the feature information of the access device accessing the home gateway by using the mobile phone is: manually inputting on the mobile phone Characteristic information of the access device.
  6. 如权利要求2所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于:所述通过手机获取接入家庭网关的接入设备的特征信息的方式为:建立存储有需要接入家庭网关的接入设备的特征信息的远端服务器,通过手机从远端服务器获取接入设备的特征信息。The authentication method of the home gateway accessing the WPA/WPA2 authentication mode according to claim 2, wherein the method for obtaining the feature information of the access device accessing the home gateway by using the mobile phone is as follows: The remote server that enters the feature information of the access device of the home gateway obtains the feature information of the access device from the remote server by using the mobile phone.
  7. 如权利要求1所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于,S2的具体流程为:接入设备启动后,搜索家庭网关的SSID,根据该SSID对该家庭网关请求接入认证。The method for authenticating a home gateway that accesses the WPA/WPA2 authentication mode according to claim 1, wherein the specific process of S2 is: after the access device is started, searching for the SSID of the home gateway, and the home gateway according to the SSID Request access authentication.
  8. 如权利要求1所述的接入WPA/WPA2认证模式的家庭网关的认证方法,其特征在于:S5中所述家庭网关通过WPA/WPA2认证方式对当前接入设备进行认证时,若认证成功,则接入当前接入设备,若认证失败,则不接入当前接入设备。The authentication method of the home gateway that accesses the WPA/WPA2 authentication mode according to claim 1, wherein when the home gateway is authenticated by the WPA/WPA2 authentication mode in the S5, if the authentication succeeds, The current access device is accessed. If the authentication fails, the current access device is not accessed.
  9. 一种基于权利要求1至8任一项所述方法的接入WPA/WPA2认证模式的家庭网关的认证系统,其特征在于:该系统包括特征信息获取模块、以及设置于家庭网关中的预授权模块和认证模块;An authentication system for a home gateway accessing a WPA/WPA2 authentication mode according to the method of any one of claims 1 to 8, characterized in that the system comprises a feature information acquisition module and a pre-authorization set in the home gateway Module and authentication module;
    所述特征信息获取模块用于:与设置有WPA/WPA2认证模式的家庭网关绑定,获取需要接入家庭网关的接入设备的特征信息,将特征信息发送至预授权模块;The feature information acquiring module is configured to: bind to a home gateway that is configured with a WPA/WPA2 authentication mode, acquire feature information of an access device that needs to access the home gateway, and send the feature information to the pre-authorization module;
    所述预授权模块用于:储存特征信息获取模块发送的特征信息;收到认证模块发送的特征信息检索信号时,检索相应的特征信息,若检索成功,则向认证模块发送检索成功信号,若检索失败,则向认证模块发送检索失败信号;The pre-authorization module is configured to: store feature information sent by the feature information acquiring module; and when receiving the feature information retrieval signal sent by the authentication module, retrieve corresponding feature information, and if the retrieval is successful, send a retrieval success signal to the authentication module, if If the retrieval fails, a retrieval failure signal is sent to the authentication module;
    认证模块用于:当接入设备向家庭网关请求接入认证时,向预授权模块发送特征信息检索信号;收到预授权模块发送的检索成功信号时,则认证当前接入设备成功,接入当前接入设备;收到预授权模块 发送的检索失败信号时,则认证当前接入设备失败,通过WPA/WPA2认证方式重新对当前接入设备进行认证。The authentication module is configured to: when the access device requests the access authentication from the home gateway, send the feature information retrieval signal to the pre-authorization module; when the retrieval success signal sent by the pre-authorization module is received, the current access device is authenticated and accessed. Current access device; received pre-authorization module When the search failure signal is sent, the current access device fails to be authenticated, and the current access device is re-authenticated through the WPA/WPA2 authentication mode.
  10. 如权利要求9所述的接入WPA/WPA2认证模式的家庭网关的认证系统,其特征在于:所述特征信息获取模块设置于手机中。 The authentication system of the home gateway accessing the WPA/WPA2 authentication mode according to claim 9, wherein the feature information acquiring module is disposed in the mobile phone.
PCT/CN2016/102804 2016-01-14 2016-10-21 Authentication method and system for accessing home gateway in wpa /wpa2 authentication mode WO2017121159A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610023965.1 2016-01-14
CN201610023965.1A CN105554023B (en) 2016-01-14 2016-01-14 Access the authentication method and system of the home gateway of WPA/WPA2 certification mode

Publications (1)

Publication Number Publication Date
WO2017121159A1 true WO2017121159A1 (en) 2017-07-20

Family

ID=55832957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/102804 WO2017121159A1 (en) 2016-01-14 2016-10-21 Authentication method and system for accessing home gateway in wpa /wpa2 authentication mode

Country Status (2)

Country Link
CN (1) CN105554023B (en)
WO (1) WO2017121159A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105554023B (en) * 2016-01-14 2019-01-04 烽火通信科技股份有限公司 Access the authentication method and system of the home gateway of WPA/WPA2 certification mode

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040090930A1 (en) * 2002-11-13 2004-05-13 Lee Hyun-Woo Authentication method and system for public wireless local area network system
CN103974256A (en) * 2014-05-15 2014-08-06 浙江宇视科技有限公司 Wireless network access method and device
CN104320780A (en) * 2014-11-17 2015-01-28 上海斐讯数据通信技术有限公司 Authentication sharing method and module for wireless routers inside local area network
CN105554023A (en) * 2016-01-14 2016-05-04 烽火通信科技股份有限公司 Authentication method and system of home gateway in access WPA/WPA2 authentication mode

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104581722A (en) * 2014-12-10 2015-04-29 杭州赫智电子科技有限公司 Network connection method and device based on WPS (Wireless Fidelity Protected Setup)
CN104581723A (en) * 2014-12-10 2015-04-29 杭州赫智电子科技有限公司 Application method and device for networking information data of client equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040090930A1 (en) * 2002-11-13 2004-05-13 Lee Hyun-Woo Authentication method and system for public wireless local area network system
CN103974256A (en) * 2014-05-15 2014-08-06 浙江宇视科技有限公司 Wireless network access method and device
CN104320780A (en) * 2014-11-17 2015-01-28 上海斐讯数据通信技术有限公司 Authentication sharing method and module for wireless routers inside local area network
CN105554023A (en) * 2016-01-14 2016-05-04 烽火通信科技股份有限公司 Authentication method and system of home gateway in access WPA/WPA2 authentication mode

Also Published As

Publication number Publication date
CN105554023A (en) 2016-05-04
CN105554023B (en) 2019-01-04

Similar Documents

Publication Publication Date Title
US11483708B2 (en) Network access tokens for accessories
US20240098074A1 (en) Network device proximity-based authentication
US20180248694A1 (en) Assisted device provisioning in a network
US10855668B2 (en) Wireless device authentication and service access
US8549658B2 (en) Provisioning credentials for embedded wireless devices
RU2409853C2 (en) Management of access control in wireless networks
US8543814B2 (en) Method and apparatus for using generic authentication architecture procedures in personal computers
DK2924944T3 (en) Presence authentication
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
CN101651682A (en) Method, system and device of security certificate
US20060161770A1 (en) Network apparatus and program
WO2016201811A1 (en) Identity authentication method, apparatus and system
JP2005323070A (en) Authentication method for home information appliance by portable telephone
WO2016115807A1 (en) Wireless router access processing method and device, and wireless router access method and device
WO2017054617A1 (en) Wifi network authentication method, device and system
US11025592B2 (en) System, method and computer-accessible medium for two-factor authentication during virtual private network sessions
CN101986598B (en) Authentication method, server and system
US20210243188A1 (en) Methods and apparatus for authenticating devices
WO2017121159A1 (en) Authentication method and system for accessing home gateway in wpa /wpa2 authentication mode
WO2017000680A1 (en) Connection establishment method and apparatus
KR101745482B1 (en) Communication method and apparatus in smart-home system
JP6093576B2 (en) Wireless LAN connection automation method and wireless LAN connection automation system
US20220109671A1 (en) Biometrics based access controls for network features
JP6318640B2 (en) Wireless connection apparatus, method for controlling wireless connection apparatus, and network system
WO2009155812A1 (en) Terminal access method, access management method, network equipment and communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16884713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16884713

Country of ref document: EP

Kind code of ref document: A1