CN101431409B - Method for implementing secret communication in different wireless local area network - Google Patents
Method for implementing secret communication in different wireless local area network Download PDFInfo
- Publication number
- CN101431409B CN101431409B CN2007101771020A CN200710177102A CN101431409B CN 101431409 B CN101431409 B CN 101431409B CN 2007101771020 A CN2007101771020 A CN 2007101771020A CN 200710177102 A CN200710177102 A CN 200710177102A CN 101431409 B CN101431409 B CN 101431409B
- Authority
- CN
- China
- Prior art keywords
- key
- access point
- wap
- wireless access
- encryption device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention discloses a method to realize secure communication in different wireless LAN which comprising the following steps: (1) presetting identification information and key management information table in encryption device, wherein key management information table stores all keys in each key management server and can call the corresponding key according to key distribution information; (2) installing and running special driver in communication terminal; (3) transmitting verification request to wireless access point by encryption device; (4) verification according to identification information included in verification request by wireless access point and if verification successful, generating key distribution information, calling the corresponding the key which will be transmitted to wireless access point and transmitting the key distribution information to encryption device; (5) calling the corresponding key by using the received key distribution information by encryption device; (6) using the acquired key to encrypt and decrypt data transmitted in wireless channel separately by wireless access point and encryption device.
Description
[technical field]
The present invention relates to the secret communication method of WAP (wireless access point) in communication terminal and the WLAN (wireless local area network), the particularly a kind of wireless access that encryption device realizes that communication terminal can be in different wireless local area network and method of secure communication utilized.
[background technology]
At present, WLAN (Wireless Local Area Network, WLAN (wireless local area network)) wireless access system is normally by wireless network card, WAP (wireless access point) (AP, Access Point), wireless access gateway (AG, Access Server) and wireless access server various pieces such as (AS, Access Server) form.Comparatively common networking mode is to link to each other with terminal equipments such as computer, PDA by wireless network card, replace original wired network adapter in the above equipment, thereby the wireless connections between the realization terminal equipment, between terminal equipment and WAP (wireless access point), finish detection, selection, control and management, and can realize the gain controlling of wireless receiving, the functions such as power control of transmitting terminal wireless channel.
Therefore compare with wire transmission, the confidentiality of wireless transmission is relatively poor, needs some extra safety measures to guarantee communication security between WAP (wireless access point) and each communication terminal, such as authentification of user, information encryption etc.Existing cipher mode has had a variety of, and stack up comprises software cryptography and hardware encipher.Software cryptography is to add a software module of being responsible for encryption, deciphering specially in the application layer of communication system.Because the data that occur in encryption, decruption key and the encryption of this cipher mode, the decrypting process all will occur in the internal memory of this machine, thereby are decrypted easily.In addition, because the operand of cryptographic algorithm is very big, so add, decrypting process is to can not put up with occupying also in a large number of system resource.Hardware encipher is exactly Crypted password algorithm and key to be stored in the special-purpose hardware go, this specialized hardware is connected with communication terminal by communication interface, encryption, decrypting process are at first data to be transferred to specialized hardware by communication interface, finish encryption, deciphering by the microprocessor in the hardware again.Though above-mentioned hardware encipher has fundamentally overcome the shortcoming of above-mentioned software cryptography, if but all data and the data after all processing to be encrypted, decryption processing all need transmit between communication terminal and specialized hardware by communication interface, then the transmission speed of communication interface will influence the transmission speed of communication terminal in WLAN (wireless local area network), and the frequent simultaneously transfer of data between communication terminal and specialized hardware also can take a large amount of system resource.
WLAN standard IEEE802.11 adopts wired equity encryption, and (Wired EquivalentPrivacy, WEP) technology is encrypted information.WEP is a kind of symmetric cryptosystem, and promptly the coded communication both sides use identical key to carry out encryption and decryption.In actual applications, for the consideration of fail safe, different user should use different keys.Usually key is distributed by network manager, and is stored in communicating pair, promptly on communication terminal and the WAP (wireless access point) (AP).There are a lot of drawbacks in this key management method.At first, under this key management mode, in order to support user's roaming, each WAP (wireless access point) (AP) all should be stored all users' key, and increase at every turn or revise user's key, network manager will increase or revise this user's key on all WAP (wireless access point) (AP), make the key management task quite heavy, and the storage capacity of WAP (wireless access point) (AP) may not reach requirement yet.In addition, because key is stored in respectively in user's communications terminal and the WAP (wireless access point), and the key that is stored in communication terminal obviously is unsafe, and this provides opportunity for other people steal key.
[summary of the invention]
The invention provides a kind of method that can in different wireless local area network, realize secure communication, technical problem to be solved is to make communication terminal not participate in communication security and handles, and can realize itself and the encryption that is connected and transmits data, the decryption processing of different wireless local area network, thereby effectively ensure communication safety by external encryption device.
The present invention is about a kind of method that can realize secure communication in different wireless local area network, be provided with a plurality of WAP (wireless access point) (AP), and each WAP (wireless access point) belongs to a plurality of different Key Management servers, said method comprising the steps of: (1) presets identification information and key management information table uniquely in having the encryption device of wireless network card function, this key management information table stores the whole keys in each Key Management server, and can transfer corresponding key by encryption key distribution information; (2) encryption device with wireless network card function is connected with communication terminal and obtains power supply, on communication terminal, install and the wireless network card specific drivers of operation encryption device; (3) utilize the wireless network card function foundation of encryption device and the wireless channel of WAP (wireless access point), encryption device sends the authentication request that comprises identification information to WAP (wireless access point); (4) WAP (wireless access point) authenticates encryption device according to the identification information that comprises in the authentication request, if authentication success, then Key Management server generates encryption key distribution information, transfer corresponding key according to this encryption key distribution information, this key of transferring is sent to WAP (wireless access point), and make the encryption key distribution information of this generation be sent to encryption device through WAP (wireless access point); (5) WAP (wireless access point) directly receives key from authenticate device, and encryption device receives encryption key distribution information, and utilizes this encryption key distribution information to transfer corresponding key in the key management information table; (6) WAP (wireless access point) and encryption device use respectively the key that obtained to the data of in wireless channel, transmitting encrypt, decryption processing.
The aforesaid method that can realize secure communication in different wireless local area network is provided with different service groups information in each described WAP (wireless access point); Be provided with the key database of storage key in the described Key Management server, and in the key management information table, store the key database identical and the service groups information of each WAP (wireless access point), and service groups information is set up and the key database corresponding relation according to the Key Management server under the WAP (wireless access point) with each Key Management server; Encryption device is by knowing the service groups information of the WAP (wireless access point) that is connected with the wireless channel that WAP (wireless access point) is set up, and makes encryption device search the key corresponding with encryption key distribution information in the key database corresponding with this service groups information.
The aforesaid method that can realize secure communication in different wireless local area network, described service groups information is the service set identifier for this WAP (wireless access point).
The aforesaid method that can realize secure communication in different wireless local area network, behind the authentication success of WAP (wireless access point), WAP (wireless access point) sends the service groups information of this WAP (wireless access point) to encryption device at encryption device.
The aforesaid method that can in different wireless local area network, realize secure communication, described communication terminal will export encryption device to by communication interface modules to the data that WLAN (wireless local area network) sends, and this encryption device sends to WAP (wireless access point) by Wireless LAN module after with this data encryption; Described encryption device receives the enciphered data that WAP (wireless access point) sends by Wireless LAN module, and exports communication terminal to by communication interface modules after to this data decryption.
The aforesaid method that can realize secure communication in different wireless local area network, described communication interface modules are to be usb interface module, SATA interface module, ISA interface module, pci interface module or pcmcia interface module.
The aforesaid method that can realize secure communication in different wireless local area network, described encryption device are by the electric connection of the power output terminal of the power supply terminal that is provided with in the communication interface modules and communication terminal, thus the power supply that obtains.
As mentioned above, the present invention can realize in different wireless local area network that the method for secure communication has following beneficial effect:
The present invention can realize in different wireless local area network that the method for secure communication is by the be connected wireless connections that realize between communication terminal and WAP (wireless access point) of external encryption device with communication terminal, the data of transmitting between communication terminal and WLAN (wireless local area network) all receive and send by encryption device, and avoided making encryption, decryption work to finish at communication terminal, thus, both can ensure safety in radio communication, significant raising has also been arranged on Information Security, and finish the encryption and decryption work of radio communication by encryption device, saved system resource greatly.What is more important by connecting encryption device and install driver, can insert in the WLAN (wireless local area network) more communication terminal more easily.
Communication means of the present invention need be by the key distribution process of WAP (wireless access point) to communication terminal, but by the Key Management server distributing key, again the key that distributes is sent to WAP (wireless access point), encryption key distribution information is sent to encryption device, transfer corresponding key by encryption device, utilize the function of keeping secret of encryption device, make the safety of encryption key, key schedule obtain effective guarantee, thereby can guarantee communication security stored information.
The present invention utilizes the kept secure function of encryption device to data, the key kept secure of storing in the Key Management server with a plurality of WLAN (wireless local area network) is in wherein, therefore, the communication terminal user can be in greater than the Key Management server coverage trans-regional roaming, in addition, because the Unsupervised user profile of WAP (wireless access point), thereby the structure of having simplified WAP (wireless access point) has reduced cost.
[description of drawings]
Fig. 1 is the structured flowchart of encryption device of the present invention.
Fig. 2 is the present invention can realize the method for secure communication in different wireless local area network a schematic diagram.
[embodiment]
Reach technological means and the effect that predetermined purpose is taked for further setting forth the present invention,, be described in detail as follows below in conjunction with drawings and Examples.
Seeing also shown in Figure 1ly, is the structured flowchart of encryption device of the present invention, and this encryption device comprises:
Microprocessor module: be responsible for data operation, by calling data and the program in data memory module and the program storage block, encrypt, decrypt operation, finish transmitting encryption, the decryption work of information data in the communication, the data that are about to prepare by Wireless LAN module sends are encrypted, and will be decrypted by the data that Wireless LAN module obtains.
Program storage block: be connected with microprocessor module, main storage encryption, protection algorithm integrallty can be deposited with the form of ciphertext, after powering up, load in the crypto-operation device, and decryption restoration goes out ciphertext and reruns.
Data memory module: it is right to be used for all master keys, rivest, shamir, adelman key that safety preserves in a plurality of Key Management servers, according to encryption key distribution information corresponding master key, key is participated in computing to being called in by data memory module in the microprocessor module powering up the back.
Communication interface modules: be connected with microprocessor module by data wire, be used for being connected with needing encryption terminal (being communication terminal).
Wireless LAN module: be connected with microprocessor module, be used to set up being connected of WLAN (wireless local area network) and microprocessor, the data of described microprocessor module after with encryption outwards send by Wireless LAN module, and transmit to the need communication terminal by communication interface modules behind the data decryption that will receive from WLAN (wireless local area network).
Above-mentioned communication interface modules is advisable with usb interface module, because USB interface plug and play, and support very high message transmission rate, therefore the communication terminal that is not equipped with wireless network card can be connected, and have the advantage of transmission speed height and communication security concurrently with WLAN (wireless local area network).
Particularly, above-mentioned Wireless LAN module comprises Base Band Unit and RF unit, and described Base Band Unit carries out modulating/demodulating to the data of microprocessor module; Described RF unit is that high-frequency signal transmits with the data processing of Base Band Unit, also receives and handle high-frequency signal.Above-mentioned microprocessor module also have the data that are used for the access input and output, and results of intermediate calculations, with the data of external memory storage exchange and the RAM module of temporal data.
For security needs, want and to upgrade and manage key, and also might upgrade operation to cryptographic algorithm, therefore, in microprocessor module, also comprise key management module and the renewal of responsible cryptographic algorithm and the algorithm management module of management of being responsible for key updating and management.
Seeing also shown in the accompanying drawing 2, is the flow chart that can realize the method for secure communication in different wireless local area network of the present invention.Each WLAN (wireless local area network) is provided with a WAP (wireless access point) (AP), and each WAP (wireless access point) belongs to a Key Management server management, and a plurality of WAP (wireless access point) belong to a plurality of different Key Management servers management.The present invention can realize in different wireless local area network that the method for secure communication may further comprise the steps:
(1) preset uniquely identification information and key management information table in having the encryption device of wireless network card function, this key management information table stores the whole keys in each Key Management server, and can transfer corresponding key by encryption key distribution information;
(2) encryption device with wireless network card function is connected with communication terminal and obtains power supply, on communication terminal, install and the wireless network card specific drivers of operation encryption device;
(3) wireless channel of foundation of the wireless network card function of encryption device and WAP (wireless access point), encryption device sends the authentication request that comprises identification information to WAP (wireless access point);
(4) WAP (wireless access point) authenticates encryption device according to the identification information that comprises in the authentication request, if authentication success, then Key Management server generates encryption key distribution information, transfer corresponding key according to this encryption key distribution information, this key of transferring is sent to WAP (wireless access point), and make the encryption key distribution information of this generation be sent to encryption device through WAP (wireless access point);
(5) WAP (wireless access point) directly receives key from authenticate device, and encryption device receives encryption key distribution information, and utilizes this encryption key distribution information to transfer corresponding key in the key management information table;
(6) WAP (wireless access point) and encryption device use respectively the key that obtained to the data of in wireless channel, transmitting encrypt, decryption processing.
In above-mentioned steps, difference should be set in each WAP (wireless access point), can represent the service groups information of its identity; Be provided with the key database of storage key in the Key Management server, and in the key management information table, store the key database identical and the service groups information of each WAP (wireless access point), and service groups information is set up and the key database corresponding relation according to the Key Management server under the WAP (wireless access point) with each Key Management server; Encryption device is by knowing the service groups information of the WAP (wireless access point) that is connected with the wireless channel that WAP (wireless access point) is set up, and makes encryption device search the key corresponding with encryption key distribution information in the key database corresponding with this service groups information.Above-mentioned service groups information is the service set identifier for this WAP (wireless access point).
WAP (wireless access point) can send the service groups information of this WAP (wireless access point) to encryption device at encryption device behind the authentication success of WAP (wireless access point).
Particularly, in above-mentioned steps (6), communication terminal will export encryption device to by communication interface modules to the data that WLAN (wireless local area network) sends, and this encryption device sends to WAP (wireless access point) by Wireless LAN module after with this data encryption; Described encryption device receives the enciphered data that WAP (wireless access point) sends by Wireless LAN module, and exports communication terminal to by communication interface modules after to this data decryption.
Above-mentioned communication interface modules is to be usb interface module, SATA interface module, ISA interface module, pci interface module or pcmcia interface module.Encryption device is by the electric connection of the power output terminal of the power supply terminal that is provided with in the communication interface modules and communication terminal, thus the power supply that obtains.
Claims (7)
1. the method that can realize secure communication in different wireless local area network is provided with a plurality of WAP (wireless access point) (AP), and each WAP (wireless access point) belongs to a plurality of different Key Management servers, it is characterized in that said method comprising the steps of:
(1) preset unique identification information and key management information table in having the encryption device of wireless network card function, this key management information table stores the whole keys in each Key Management server, and can transfer corresponding key by encryption key distribution information;
(2) encryption device with wireless network card function is connected with communication terminal and obtains power supply, on communication terminal, install and the wireless network card specific drivers of operation encryption device;
(3) utilize the wireless network card function foundation of encryption device and the wireless channel of WAP (wireless access point), encryption device sends the authentication request that comprises identification information to WAP (wireless access point);
(4) WAP (wireless access point) authenticates encryption device according to the identification information that comprises in the authentication request, if authentication success, then Key Management server generates encryption key distribution information, transfer corresponding key according to this encryption key distribution information, this key of transferring is sent to WAP (wireless access point), and make the encryption key distribution information of this generation be sent to encryption device through WAP (wireless access point);
(5) WAP (wireless access point) directly receives key from authenticate device, and encryption device receives encryption key distribution information, and utilizes this encryption key distribution information to transfer corresponding key in the key management information table;
(6) WAP (wireless access point) and encryption device use respectively the key that obtained to the data of in wireless channel, transmitting encrypt, decryption processing.
2. the method that can realize secure communication in different wireless local area network according to claim 1 is characterized in that being provided with different service groups information in each described WAP (wireless access point); Be provided with the key database of storage key in the described Key Management server, and in the key management information table, store the key database identical and the service groups information of each WAP (wireless access point), and set up the corresponding relation of service groups information and key database according to the Key Management server under the WAP (wireless access point) with each Key Management server; Encryption device is by knowing the service groups information of the WAP (wireless access point) that is connected with the wireless channel that WAP (wireless access point) is set up, and makes encryption device search the key corresponding with encryption key distribution information in the key database corresponding with this service groups information.
3. the method that can realize secure communication in different wireless local area network according to claim 2 is characterized in that the service set identifier of described service groups information for this WAP (wireless access point).
4. the method that can realize secure communication in different wireless local area network according to claim 2 is characterized in that at encryption device that behind the authentication success of WAP (wireless access point) WAP (wireless access point) sends the service groups information of this WAP (wireless access point) to encryption device.
5. the method that can in different wireless local area network, realize secure communication according to claim 1, it is characterized in that described communication terminal will export encryption device to by the communication interface modules that encryption device comprised to the data that WLAN (wireless local area network) sends, this encryption device sends to WAP (wireless access point) by the Wireless LAN module that self comprised after with this data encryption; Described encryption device receives the enciphered data that WAP (wireless access point) sends by described Wireless LAN module, and this enciphered data deciphering back is being exported to communication terminal by communication interface modules.
6. the method that can realize secure communication in different wireless local area network according to claim 5 is characterized in that described communication interface modules is to be usb interface module, SATA interface module, ISA interface module, pci interface module or pcmcia interface module.
7. the method that can in different wireless local area network, realize secure communication according to claim 5, it is characterized in that of the electric connection of described encryption device by the power output terminal of the power supply terminal that is provided with in the described communication interface modules and communication terminal, thus the power supply that obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101771020A CN101431409B (en) | 2007-11-09 | 2007-11-09 | Method for implementing secret communication in different wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101771020A CN101431409B (en) | 2007-11-09 | 2007-11-09 | Method for implementing secret communication in different wireless local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101431409A CN101431409A (en) | 2009-05-13 |
| CN101431409B true CN101431409B (en) | 2011-04-27 |
Family
ID=40646590
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101771020A Expired - Fee Related CN101431409B (en) | 2007-11-09 | 2007-11-09 | Method for implementing secret communication in different wireless local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101431409B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101959188B (en) * | 2009-07-16 | 2012-11-14 | 北京中电华大电子设计有限责任公司 | Key management method for wireless local area network (WLAN) card chip |
| CN105722070B (en) * | 2016-05-10 | 2019-06-21 | 苏州磐网通信技术有限公司 | A kind of WLAN encryption and authentication method and system |
| CN106411939A (en) * | 2016-11-21 | 2017-02-15 | 国网四川省电力公司信息通信公司 | Enterprise information intranet WI-FI access security reinforcing authentication method |
| CN107733639B (en) * | 2017-08-24 | 2020-08-04 | 深圳壹账通智能科技有限公司 | Key management method, device and readable storage medium |
| CN111614683B (en) * | 2020-05-25 | 2023-01-06 | 成都卫士通信息产业股份有限公司 | Data processing method, device and system and network card |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1379052A2 (en) * | 2002-07-06 | 2004-01-07 | Samsung Electronics Co., Ltd. | Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefore |
| EP1484856A1 (en) * | 2002-03-08 | 2004-12-08 | Huawei Technologies Co., Ltd. | The method for distributes the encrypted key in wireless lan |
| CN1599338A (en) * | 2003-09-19 | 2005-03-23 | 皇家飞利浦电子股份有限公司 | Method of improving safety, for radio local network |
-
2007
- 2007-11-09 CN CN2007101771020A patent/CN101431409B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1484856A1 (en) * | 2002-03-08 | 2004-12-08 | Huawei Technologies Co., Ltd. | The method for distributes the encrypted key in wireless lan |
| EP1379052A2 (en) * | 2002-07-06 | 2004-01-07 | Samsung Electronics Co., Ltd. | Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefore |
| CN1489338A (en) * | 2002-07-06 | 2004-04-14 | ���ǵ�����ʽ���� | Enciphering method using double keys and its wireless local network system |
| CN1599338A (en) * | 2003-09-19 | 2005-03-23 | 皇家飞利浦电子股份有限公司 | Method of improving safety, for radio local network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101431409A (en) | 2009-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103036867B (en) | Based on virtual private network services equipment and the method for mutual certification | |
| CN108510270B (en) | Mobile transfer method with safe quantum | |
| EP0977396B1 (en) | Method for establishing a key using over-the-air communication and password protocol | |
| CN101094065B (en) | Method and system for distributing cipher key in wireless communication network | |
| CN109842485B (en) | Centralized quantum key service network system | |
| CN103491531A (en) | Method for using quantum keys to improve safety of electric power information transmission in power system WiMAX wireless communication network | |
| CN101431453B (en) | Method for implementing secret communication between communication terminal and wireless access point | |
| CN101340443A (en) | Session key negotiating method, system and server in communication network | |
| CN101420686B (en) | Industrial wireless network security communication implementation method based on cipher key | |
| CN102571702A (en) | Key generation method, system and equipment in Internet of things | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN101431455B (en) | Method for implementing secret communication of wireless local area network | |
| CN101707767B (en) | Data transmission method and devices | |
| CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| CN101431404B (en) | Encryption apparatus capable of implementing soft access point function of communication terminal | |
| CN101431409B (en) | Method for implementing secret communication in different wireless local area network | |
| CN113612608A (en) | Method and system for realizing cluster encryption of dual-mode interphone based on public network | |
| CN101431408B (en) | Encryption apparatus capable of implementing connection between communication terminal and wireless local area network | |
| EP3229512B1 (en) | Method for device having wlan function to access network and device for implementing method | |
| CN101959189B (en) | Method and system for managing access password and basic key | |
| CN211063620U (en) | Quantum key distribution site and system based on post-quantum cryptography | |
| CN101431454B (en) | Wireless local area network building method | |
| CN101420687B (en) | Identity verification method based on mobile terminal payment | |
| CN101431752B (en) | Secret communication method for implementing wireless local area network by using multi-algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110427 Termination date: 20151109 |
|
| EXPY | Termination of patent right or utility model |