CN101454767A - Dynamic authentication in secured wireless networks - Google Patents
Dynamic authentication in secured wireless networks Download PDFInfo
- Publication number
- CN101454767A CN101454767A CNA2007800193892A CN200780019389A CN101454767A CN 101454767 A CN101454767 A CN 101454767A CN A2007800193892 A CNA2007800193892 A CN A2007800193892A CN 200780019389 A CN200780019389 A CN 200780019389A CN 101454767 A CN101454767 A CN 101454767A
- Authority
- CN
- China
- Prior art keywords
- password
- user
- wave point
- wireless network
- access profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 46
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000009795 derivation Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 244000025254 Cannabis sativa Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Abstract
Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.
Description
The cross reference of related application
The application requires in the U.S. Provisional Patent Application 60/794 that is entitled as " Mechanisms andApparatus to Provide Pre-Shared Key Authentication with DynamicSecret on Wireless Networks " of submission on April 24th, 2006,625 and the right of priority of the U.S. Provisional Patent Application 60/796,845 that is entitled as " Mechanisms and Apparatus for AutomaticWireless Connection Based on Provisioned Configuration " submitted on May 2nd, 2006.The open of these two applications merges to this by reference.
Technical field
The present invention relates in general to information network security.More particularly, the present invention relates to be used for the user-friendly low maintainability authentication of safety wireless network.
Background technology
A lot of professional associations it was suggested various authentification of users and the security measures that is used for wireless network.These professional associations comprise Institute of Electrical and Electric Engineers (IEEE) 802.11 working groups, Wi-Fi Alliance, internet engineering duty group (IETF).Realize that these proposals are very complicated usually, be difficult to safeguard, and need those to realize the concrete people's who proposes technical knowledge.Therefore, because a lot of establishment (for example small company and medium-sized company) lacks expert and/or full-time professional technique support, so they can't dispose such measure.
In the wireless network in early days (for example IEEE 802.11 or Wi-Fi), system realizes security by Wired Equivalent Privacy (WEP).Disposing the WEP system only needs the network manager at access point or access device place definition wep encryption key collection.The user can visit the WEP safety wireless network by the identical wep encryption key collection that has manual configuration in the client computer station (for example laptop devices or mobile device) this user arbitrarily.To use shared wep encryption key collection to come the wireless data communications between client computer station and the access point is encrypted by the cryptographic algorithm of definition.
Although WEP can prevent accidental invador and visit wireless network that WEP can not keep out more serious security attack.For example, by using publicly available software can find wep encryption key at an easy rate.In addition, because all users share same key, so WEP can not the protecting network user avoids attack each other.Because based on these defectives in the security ststem of WEP, the security measures that substitutes so develop.These new measures need wireless network user certified at first in some way usually, then key derivation collection and be used for wireless traffic encryption.These authentication measures of having proposed can be divided into two groups usually: Extensible Authentication Protocol (EAP) and wildcard (PSK).
The security measures of EAP group adopts IEEE 802.1x standard usually, and it uses Extensible Authentication Protocol.Security ststem based on EAP makes it possible to authenticate mutually between certificate server and its user.Certificate server can reside in access point, base station or the external unit.Usually, certificate server provides the pairwise master key of deriving, to share between access point and user's client computer station.Pairwise master key can be used for the key derivation collection, and key set can be used for data encryption.
Realization is their complicacy based on the major obstacle of the security ststem of EAP or IEEE 802.1x.Disposing such system needs the advanced techniques expert and the user is continued technical support.For example, a lot of systems based on EAP need be installed to certificate server with security certificates.Really be essential according to the system based on EAP and ask, the client computer station may also need to be authorized to establish certificate update, and/or pre-installs security certificates before can going through to visit wireless network.
Contrast with it, PSK security ststem are based on the client computer station and access point is that share between the two and password that store on client computer station and access point.This password can be for example long bit stream (phrase that for example reaches a standard, password, sexadecimal string or the like).Be used for also can being used to generate encryption key set by client computer station and access point to the password that authenticates each other.
Major defect based on the system of PSK is, password manually must be input to the client computer station, and shares this password by the All Clients station.In case the password of sharing is known by undelegated personnel, then jeopardizes the security of whole network.This may have problems need access to netwoks being provided or having in labour's the tissue of high fluidity to the grass hand.In order to safeguard security based on the system of PSK, leave tissue or no longer be authorized to accesses network as long as know the people of password, all must change the password on the All Clients station.
Though a lot of measures can be used for guaranteeing wireless network secure, realize in these measures any one all may be very complicated, difficult, and/or need a large amount of the maintenance.Therefore, this area needs improved method and system, and it provides security to user-friendly and easy maintenance for wireless network, and does not need advanced techniques expert and lasting technical support.
Summary of the invention
Example system of the present invention and method are provided in the safety wireless network matches to dynamic password.Generate random cipher for each authenticated.This password is unique to described user, and other user in the network cannot use this password to visit network.In addition, or the binding related with described password with the wave point that belongs to described user, thus other wave point that belongs to other user cannot use this password to visit network.
Each embodiment of the present invention comprises and is used for described dynamic password is carried out method of matching.Generate described password and/or with it with after access profile is related, password is promptly related with wave point, perhaps password is related with described wave point afterwards postponing.Some embodiment is by generating executable instruction and disposing wave point visit wireless network and password is related with wave point.Configuration can comprise: any security key derived together with the copy of described password, from described password and user's access profile are sent to described wave point with the copy of described executable instruction.Each embodiment of the present invention further comprises: upgrade described key, this need authenticate described wave point before to the connection of described wireless network again allowing described wave point to reconnect to described wireless network or continue it.
Embodiments of the invention comprise and are used for the system of dynamic password being matched at safety wireless network.Described system can comprise: password generation module, binding module, password database.Described password is generated by the password generation module, and by binding module with its related with wave point (binding).Described code data library storage about password, with the incidence relation of user profiles, with the information of incidence relation of wave point or the like.Some embodiment further comprises: access profile generation module, executable instruction generation module or the like.Described access profile generation module generates the access profile that is used for the user.Described executable instruction generation module generates and is used to dispose wave point so that the executable instruction of visit wireless network.
Certain embodiments of the invention comprise: computer media and instruction, it is used at safety wireless network dynamic password being matched.Some embodiment further comprises: the instruction that is used to upgrade described password and requires wave point is authenticated again.
Description of drawings
Fig. 1 is the diagrammatic sketch that is used for the Verification System of safety wireless network according to an exemplary embodiment of the present invention.
Fig. 2 is illustrated in the process flow diagram that uses the method for paired password in the safety wireless network.
Fig. 3 is illustrated in the process flow diagram that uses the alternative method of paired password in the safety wireless network.
Fig. 4 is the process flow diagram that is illustrated in the method for safety in utilization key in the safety wireless network.
Embodiment
The present invention includes by using dynamic password in safety wireless network, to use the system and method that user-friendly low maintainability is authenticated.Password is shared between client computer station and access point in pairs.Dynamically generate these passwords at each authenticated, and these passwords are related with user's access profile.These passwords can also be related with the specific client station or the wave point that belong to this user.In certain embodiments of the invention, at the expired time point of password, the user must authenticate again, to continue the visit wireless network.
Fig. 1 is the diagrammatic sketch that is used for the Verification System 100 of safety wireless network 170 according to an exemplary embodiment of the present invention.Certificate server 100 shown in Figure 1 comprises: authentication module 110, access profile generation module 120, password generation module 130, password database 140, binding module 150, executable instruction generation module 160.Certificate server 100 can be used for the security of maintaining network 170.Various client devices (for example wireless stations 180a, laptop computer 180b and mobile device 180c) belong to the potential user of network 170.
The module of indication among the present invention (or application) should be broadly interpreted as the set of the program of carrying out various system level functions, and can dynamically be loaded or be unloaded by hardware and equipment as required.Modular software parts described herein also can be merged into the part of bigger software platform, or are integrated into a part of using specific features.
110 couples of users of authentication module (for example laptop computer 180b) authenticate, and verify whether this user is the user that they claim, otherwise verify whether they are authorized to accesses network 170.Authentication module 110 can be used to the user name and password of verifying that the user provides.Can by with authentication database in the user name and password stored compare and verify that authentication database can be independent of authentication module 110, perhaps be integrated into authentication module 110.In certain embodiments, authentication database can be integrated with password database 140 as described below.In case authenticate by authentication module 110, the user just can based on by network manager definition and security clearance rank that can further be subjected to the user of paired password or key derivation control, the role of user in tissue parameter network 170 in visit data and carry out and move.
Access profile generation module 120 generates access profile at the user that authentication module 110 is authenticated.User access profile can comprise at random password and executable instruction in pairs at least, further describes at this.Access profile may further include the information about the user, for example authentication information, security information, consumer taste or the like.For accesses network 170, the user is with user access profile copy, download or be sent to user's client devices (for example laptop computer 180b) in addition.Can obtain access profile safely by utilizing public web browser based on the HTML (Hypertext Markup Language) (HTTPS) of Secure Socket Layer (SSL).Executable instruction disposes wireless device automatically, thereby they can visit wireless network 170.
Password database 140 is stored the information about the various passwords that generated by password generation module 130.Password database 140 can also be stored the information about following aspect: if which user and specific cryptosystem, any security key of deriving from password are related any wireless device arranged, then which wireless device and user's password or security key are related or the like.Password database 140 can further be stored the information about user name, password, safety approval rank or the like.Password database 140 can be operated in conjunction with authentication module 110, with to the user and belong to this user the interface of network 170 is authenticated.
Executable instruction generation module 160 generates can carry out application, and its configuration is used to visit the wave point of wireless network 170.The executable instruction that is generated by executable instruction generation module 160 can be copied, downloads or be sent in addition the wave point that belongs to the user then.Executable instruction can boundly be the part of access profile.Executable instruction will be installed to wireless device by the access profile of access profile generation module 120 generations and the password that is generated by password generation module 130.Further disclose the generation of this executable instruction and aforementioned access profile in U.S. Provisional Patent Application 60/796,845, the disclosure had before merged to this by reference.
Network 170 can be configured to: send various electromagnetic waves (comprising for example radio signal).Network 170 can be IEEE 802.11 (Wi-Fi or WLAN) network, IEEE 802.16 (WiMax) network, IEEE 802.16c network or the like.Network 170 can send various information to interfacing equipment (for example client interface 180a-180c).Network 170 can be local private network, perhaps can be the part of bigger wide area network.Various auxiliary networks can reside in the field than macroreticular 170 (for example peer-to-peer network or wireless mesh network).
Can be periodically or upgrade user's password in response to network manager's request.Can generate the new password that is used for the user by password generation module 130, this password is related with user's access profile, and is saved to password database 140.If previous password is expired, then must authenticate again wave point.The user must or authenticate immediately again, or authenticates again when next wireless connections.Wireless device is authenticated again and can comprise: the user is authenticated again, transmit the copy of user's new password, access profile and/or new executable instruction, and use binding module 140, form the new incidence relation between wave point and the new password.
Fig. 2 is illustrated in the process flow diagram that uses the method 200 of paired password in the safety wireless network 170.In method 200, the user is authenticated, generate at random and unique paired password at the user, password is related with the access profile that belongs to the user, and it is password is further related with the wave point that belongs to this user, and further related with particular access profile.
In step 210, utilize 110 couples of users of authentication module to authenticate.Initial authentication can comprise: provide the user name and password of user ID for the specific user.This user can be authorized to accesses network 170, perhaps can not be authorized to accesses network 170, as determining with respect to paired password.If can not authenticate the user by simple user name and password match (perhaps follow-up), then can not allow user capture wireless network 170 about paired password.
In step 220, generate password at the interim user who authenticated.Can determine the password that generates by password generation module 130 by various algorithms and formula, thereby be user's generation of authenticate password of generation at random.In addition, in network 170, password is unique for each user.Password provides each user of protection to avoid all other users' interference in the network 170 for each user's uniqueness.Because each user has unique password that is tied to this specific user (or their profile and/or interfacing equipment), so this user can't use another user's password.In addition, when no longer authorizing the specific user to use network 170, user's releasing mandate is not influenced the ability that other user continues to use network 170, as the situation in a lot of prior art internet security solutions.Further, specific user's releasing mandate is come the security of maintaining network 170 without any need for particular technology expert or technical support.In addition, in step 220, can generate and the related out of Memory entity (for example certificate of authority) of wireless authentication mechanism.
In step 230, will be related with this user's access profile for the password that authenticated generates, it can also be further and the special interface device association.Information about the incidence relation between password and the user access profile can be kept in the password database 150.
In step 240, this password with belong to the wave point of this authenticated, their profile and/or device association (binding).This incidence relation can be formed by binding module 140, and allows radio interface equipment visit wireless network 170.Described incidence relation or binding can comprise: download access profile, the in pairs security key of password and related derivation, and executable instruction, and to be used to dispose radio interface equipment and with itself and cryptographic association.Can be by password is related and password and wave point is related with the particular radio of wave point, MAC Address of wave point or the like.Information about the incidence relation between paired password and the wave point can be kept in the password database 150.
Fig. 3 is the process flow diagram that is illustrated in the alternative method that accesses to your password in the safety wireless network 170.In described method 300, as generable, the user is authenticated by initial username and password verification process, generate access profile, and generate password.If known wave point is connected to network 170, then this wave point and cryptographic association (binding).If current do not have known wave point to be connected to network 170, then can preserve not related password, and can be after a while that it is related with wave point.
In step 310,110 couples of users authenticate by authentication module.Can carry out this authentication by the mode similar to the authentication operation of in step 210, carrying out.
In step 320, generate access profile at authenticated.The access profile that is generated by access profile generation module 120 can be used to dispose the wave point that belongs to the user, makes that they can accesses network 170.
In step 330, generate password at the user.Can carry out the generation of password by the mode similar to the step 220 of Fig. 2.
In step 340, determine whether current network connects is by known wave point.Thisly determine to be based on authentication information, user's input or the like.
In step 350, determine that (for example) connection is not to have had under the situation of the known wireless interface of bound secret, the password that generates recently is saved in the table.This table can be included in the password database 150.Under following situation, password can be saved in the described table for using after a while: the user is not using wave point, this wave point is not the expectation interface that will use in many wave points (radio) equipment, the user is not using user's self radio interface, and perhaps the user does not prepare wave point and cryptographic association..
In step 360, being confirmed as when this connection is not have bound secret, have expired password or need under the situation of known wireless interface of bound secret, with password and wave point binding.Can form this incidence relation by the mode similar to the incidence relation that in step 240, forms.
Fig. 4 is the process flow diagram that is illustrated in the method 400 of safety in utilization key in the safety wireless network 170.In the method, receive authentication request from wave point, determine then security key whether with interface conjunctionn, if related, determine then whether this security key effective.If security key is effective, then wave point is by success identity.If security key is invalid, then refuse authentication request.If, then do not determine whether any not related security key at the user with the security key of interface conjunctionn.If there is not related security key, then obtain next not related security key, determine then whether security key is effective.If security key is invalid, then determine whether to exist not related security key arbitrarily once more.If do not stay not related security key, then refuse authentication request.If exist available not related security key and its effective, then security key be tied to interface, and successfully authenticated wave point.
In step 410, receive authentication request from the wave point that belongs to the user.Wave point that is terminated at the expired wave point of security key, at connection or the like when wave point when being new for network 170, can produce this request.
In step 420, determine whether to exist the security key related with wave point.Can determine according to the information in the wave point authentication processing.If there is related security key, then this method enters step 430.If there is no related security key, then this method enters step 440.
In step 430, determining under the security key situation related with wave point, determine and then whether this security key is effective.Determine by comparing from the security key information of authentication request and the security key in the password database 150.
In step 440, under the situation of not related security key, determine whether to be useful on any not related security key of user with wireless network 170.Can be based on determining from the information of authentication request, security key information related or the like with the user access profile of preservation in the password database 150.If there is available not related security key, then this method enters step 450.If there is no available not related security key, then this method enters step 490.
In step 450, exist under the situation of available not related security key determining, obtain next not related security key.The security key that all are not related is saved in table, as described in the step 350.In certain embodiments, described table is included in the password database 150.In step 450, consider next available not related security key from this table.
In step 460, determine whether the security key under considering is effective.Whether security key is effectively determined and is carried out really phasing in step 430 seemingly.If security key is invalid, then this method is returned step 440.If security key is effective, then this method enters step 470.
In step 470, security key is tied to wave point.Be similarly constructed described binding or incidence relation with the incidence relation that in step 240 and 360, forms.
In step 480, the authentication of the wave point that is undertaken by security key is successful.In certain embodiments, this method can continue further authenticating step.For example, in step 500, can determine whether relevant security key is expired.If key is expired, the then processing that can produce key again in step 520 beginning.Yet at interim, the user may stand limited visit or without any visit.In certain embodiments, when the user had limited access rights or do not have access rights, the processing that produces key again can be the part of different disposal.Yet in step 510, if key is still effective, the user can enjoy whole service access.Yet, wave point is authenticated permission wave point visit wireless network 170.
In step 490, the refusal authentication request.Do not allow wave point visit wireless network 170, perhaps,, then can stop this connection if there is existing connection.
Though described the present invention in conjunction with a series of preferred embodiments, these descriptions are not to be intended to limit the scope of the present invention to the particular form of setting forth at this.On the contrary, this invention is intended to cover by claims limited and other the spirit and scope of the present invention understood by one of ordinary skill in the art in included these replacements, modification and equivalent.
Claims (22)
1. one kind is carried out method of matching to password in safety wireless network, comprising:
Generation is at the random cipher of authenticated, and wherein, described password is unique to described user;
Described password is related with the access profile that belongs to described user; And
With described password with belong to described user and further related with the related radio interface equipment of described access profile, wherein, use the described wireless network of described cryptographic acess to be limited to related radio interface equipment, this radio interface equipment belongs to the user who is identified by described access profile.
2. the method for claim 1, wherein described password is comprised with described radio interface equipment is related:
Generation is used to dispose described radio interface equipment to visit the executable instruction of described wireless network;
Described executable instruction and described password are sent to the part of wave point as described access profile; And
Carry out described executable instruction on described radio interface equipment, wherein, described executable instruction uses described access profile and described password to dispose described wave point with the visit wireless network.
3. the method for claim 1, wherein described password is comprised with described wave point is related: derive one or more security key from described password.
4. method as claimed in claim 3, wherein, described password is also comprised with described wave point is related: at least one security key and described radio interface equipment is related, wherein, use described at least one security key to visit wireless network and be limited to described wave point.
5. method as claimed in claim 3, also comprise: one or more keys are saved in table, wherein, described table comprises about following information: whether each key, each key be related with radio interface equipment and related for which radio interface equipment of each key and its.
6. the method for claim 1, wherein described password is comprised with described wave point is related: the sign of described password and described wave point is related.
7. method as claimed in claim 6, wherein, described wave point sign comprises MAC Address.
8. the method for claim 1, wherein described password is comprised with described wave point is related: the radio of described password and described radio interface equipment is related.
9. the method for claim 1 also comprises: upgrade described password.
10. method as claimed in claim 9 wherein, is upgraded described password at the fixed time after the section.
11. method as claimed in claim 9 wherein, is upgraded described password when the system manager asks.
12. method as claimed in claim 9 wherein, is upgraded described password and is comprised:
The new random cipher that generation is unique to described user;
New password is related with the access profile that belongs to described user;
Before described new cryptographic association is arrived described wave point, require described wave point to be authenticated again by described user.
13. method as claimed in claim 12, wherein, requirement authenticates again described wave point and comprises: stop the wireless connections between described wave point and the described wireless network.
14. a system of in safety wireless network password being matched comprises:
The password generation module, it is configured to: generate the random cipher unique to authenticated;
Binding module, it is configured to: described password is related with the radio interface equipment that belongs to described authenticated, wherein, use described cryptographic acess wireless network to be limited to and belong to radio interface equipment described user, related; And
Password database, it is configured to: storage is about the information of at least one password and associated radio interface equipment.
15. system as claimed in claim 14 also comprises: the access profile generation module, it is configured to: generate the access profile that is used for described authenticated.
16. system as claimed in claim 15, wherein, described binding module also is configured to: with described access profile and described cryptographic association.
17. system as claimed in claim 14 also comprises: the executable instruction generation module, it is configured to: generate and use described access profile and described password to dispose described wave point to visit the executable instruction of described wireless network.
18. system as claimed in claim 14, wherein, described password generation module also is configured to: by generating the unique new random cipher of described user is upgraded described password.
19. system as claimed in claim 18, wherein, described password generation module also is configured to: after the section, upgrade described password at the fixed time.
20. system as claimed in claim 18, wherein, described password generation module also is configured to: when the system manager asks, upgrade described password.
21. a computer-readable recording medium includes program on it, described program can be carried out by computer processor, is used at safety wireless network password being carried out method of matching with execution, and described method comprises:
Generation is at the random cipher of authenticated, and wherein, described password is unique to described user;
Described password is related with the access profile that belongs to described user;
Described password is related with the wave point that belongs to described user, wherein, use described password to visit described wireless network and be limited to and belong to wave point described user, related.
22. computer-readable recording medium as claimed in claim 21, wherein, described program also comprises: be used to upgrade the executable instruction of described password, wherein, described wave point must be authenticated again by described user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310291285.4A CN103441984B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in safety wireless network |
Applications Claiming Priority (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US79462506P | 2006-04-24 | 2006-04-24 | |
| US60/794,625 | 2006-04-24 | ||
| US79684506P | 2006-05-02 | 2006-05-02 | |
| US60/796,845 | 2006-05-02 | ||
| US11/788,371 | 2007-04-18 | ||
| PCT/US2007/009503 WO2007127120A2 (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
| US11/788,371 US7788703B2 (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310291285.4A Division CN103441984B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in safety wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101454767A true CN101454767A (en) | 2009-06-10 |
| CN101454767B CN101454767B (en) | 2013-08-14 |
Family
ID=40735930
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200780019389.2A Active CN101454767B (en) | 2006-04-24 | 2007-04-18 | Dynamic authentication in secured wireless networks |
| CN2007800190748A Active CN101455063B (en) | 2006-04-24 | 2007-04-23 | Provisioned configuration for automatic wireless connection |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007800190748A Active CN101455063B (en) | 2006-04-24 | 2007-04-23 | Provisioned configuration for automatic wireless connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN101454767B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102550060A (en) * | 2009-06-18 | 2012-07-04 | 集怡嘉通讯设备有限公司 | Default encoding |
| CN112511558A (en) * | 2020-12-01 | 2021-03-16 | 河南东方世纪交通科技股份有限公司 | Electromechanical device measurement and control system based on Internet of things |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1759550A (en) * | 2003-03-14 | 2006-04-12 | 汤姆森特许公司 | WLAN session management techniques with secure rekeying and logoff |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7266369B2 (en) * | 2000-04-04 | 2007-09-04 | Samsung Electronics Co., Ltd. | System and method for provisioning or updating a mobile station using over-the-air transfer of interpreted byte-code program |
| CN100438681C (en) * | 2004-06-04 | 2008-11-26 | 上海环达计算机科技有限公司 | Identification method and system for mobile equipment |
-
2007
- 2007-04-18 CN CN200780019389.2A patent/CN101454767B/en active Active
- 2007-04-23 CN CN2007800190748A patent/CN101455063B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1759550A (en) * | 2003-03-14 | 2006-04-12 | 汤姆森特许公司 | WLAN session management techniques with secure rekeying and logoff |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102550060A (en) * | 2009-06-18 | 2012-07-04 | 集怡嘉通讯设备有限公司 | Default encoding |
| CN102550060B (en) * | 2009-06-18 | 2016-02-10 | 集怡嘉通讯设备有限公司 | For the method for fast and safely traffic encryption key |
| CN112511558A (en) * | 2020-12-01 | 2021-03-16 | 河南东方世纪交通科技股份有限公司 | Electromechanical device measurement and control system based on Internet of things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101454767B (en) | 2013-08-14 |
| CN101455063B (en) | 2012-07-25 |
| CN101455063A (en) | 2009-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9131378B2 (en) | Dynamic authentication in secured wireless networks | |
| US9769655B2 (en) | Sharing security keys with headless devices | |
| CN1685694B (en) | Session key management for public wireless lan supporitng multiple virtual operators | |
| JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
| CN100456725C (en) | Network system and method for obtaining the public key certificate for WAPI | |
| WO2011017924A1 (en) | Method, system, server, and terminal for authentication in wireless local area network | |
| US20070165582A1 (en) | System and method for authenticating a wireless computing device | |
| CA2407482A1 (en) | Security link management in dynamic networks | |
| US8498617B2 (en) | Method for enrolling a user terminal in a wireless local area network | |
| KR101319586B1 (en) | Cloud computing network system and method for authenticating client | |
| KR101572598B1 (en) | Secure User Authentication Scheme against Credential Replay Attack | |
| JP4574122B2 (en) | Base station and control method thereof | |
| CN101454767B (en) | Dynamic authentication in secured wireless networks | |
| JP4018584B2 (en) | Wireless connection device authentication method and wireless connection device | |
| CN100474825C (en) | Method and system for unified process of domain authentication and user network authority control | |
| CN101742507B (en) | System and method for accessing Web application site for WAPI terminal | |
| Tsitaitse et al. | Secure roaming authentication mechanism for WI-FI based networks | |
| Lee et al. | A secure wireless lan access technique for home network | |
| US20040225709A1 (en) | Automatically configuring security system | |
| KR100924315B1 (en) | Authentification system of wireless-lan with enhanced security and authentifiaction method thereof | |
| KR100958615B1 (en) | Integrated wireless communication device and operation method thereof | |
| Kou et al. | An efficient Authentication Scheme Using Token Distribution for Cloud-based Smart Home | |
| Hemad et al. | An eap authentication method using one time identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |