CN101616017A - Method, equipment and system that network application apparatus is configured - Google Patents
Method, equipment and system that network application apparatus is configured Download PDFInfo
- Publication number
- CN101616017A CN101616017A CN200810126123A CN200810126123A CN101616017A CN 101616017 A CN101616017 A CN 101616017A CN 200810126123 A CN200810126123 A CN 200810126123A CN 200810126123 A CN200810126123 A CN 200810126123A CN 101616017 A CN101616017 A CN 101616017A
- Authority
- CN
- China
- Prior art keywords
- equipment
- register
- request
- configuration messages
- described request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of method, equipment and system that network application apparatus is configured, relate to communication technical field, use the WPS method versatility that network application apparatus is configured is invented for strengthening in reciprocity WLAN (wireless local area network).Wherein said method comprises: agent equipment receives the request configuration messages of requesting service; Described agent equipment sends to described Register equipment with the described request configuration messages, by described Register equipment described request equipment is configured.The embodiment of the invention is mainly used in the reciprocity WLAN (wireless local area network).
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method, equipment and system that network application apparatus in the reciprocity WLAN (wireless local area network) is configured.
Background technology
Utilize the WLAN (Wireless LAN, WLAN (wireless local area network)) that IEEE 802.11 agreements are set up that two kinds of forms are arranged: a kind of is the WLAN that AP (Access Point, access point) arranged, and another kind is ad hoc (special) WLAN that does not have AP.
In the WLAN of AP was arranged, the information between each network application apparatus in this net was all transmitted by AP.In ad hoc WLAN (wireless local area network), each network application apparatus is in the status of equity, each network application apparatus and other network application apparatus unicast communications, or cast communication, or broadcast communication need not transmitted through other network application apparatus.Therefore, described ad hoc WLAN (wireless local area network) is called reciprocity WLAN (wireless local area network) again.From secure context, have among the WLAN of AP, each network application apparatus all needs just can join network through the authentication of AP.And in reciprocity WLAN (wireless local area network), the process of authentication is the process that authenticates mutually between each network application apparatus.
In order to set up a WLAN easily and to add new network application apparatus to wlan security ground, WiFi alliance has developed WPS (WiFi Protected Setup, the shielded setting of WiFi) standard at the WLAN that AP is arranged.In this standard, define the Register logic entity and managed the installation of AP and the interpolation of network application apparatus.Accordingly, realize that by Register the method for the interpolation of the installation of AP and network application apparatus can have following several:
(1) input pin mode.When AP being installed or adding network application apparatus, the Register logic entity is found new AP or network application apparatus automatically, and the prompting user installs or the interpolation process.AP is being installed or is adding in the process of network application apparatus, the user only need input the password of AP or application apparatus, password is authenticated in layoutprocedure by the Register logic entity then.After authentication is passed through, by the Register logic entity new AP or network application apparatus are configured, also promptly finish the installation of new AP or the interpolation of network application apparatus.
(2) out-band channel mechanism.When adding new network application apparatus, the Register logic entity does not need to obtain the password of network application apparatus, and directly configuration data is passed to network application apparatus by out-band channel.Out-band channel can be wired modes such as Ethernet, USB, perhaps uses modes such as NFC (Near FieldCommunication, wireless near field communication) card.When utilizing the mode of NFC card, by the Register logic entity configuration data is write the NFC card, read configuration data by network application apparatus from the NFC card again.The process that out-band channel mechanism is transmitted configuration data is safe, does not therefore need to verify the password of network application apparatus and when transmitting configuration data described configuration data is encrypted.
(3) configuration button mode.A configuration button is set respectively on Register logic entity and network application apparatus, by in limiting time, successively pressing the configuration button on request configuration device and the Register logic entity, finish the layoutprocedure of Register logic entity to network application apparatus.
For the third mode,, for this application scenarios of reciprocity WLAN (wireless local area network) and be not very high scene to security requirement generally speaking, more suitable because it is simple and easy to usefulness.
In the network of AP was arranged, the Register logic entity can directly be realized on AP, also can realize on the application apparatus with enriching user interface such as mobile phone, computer or Special Equipment.But when realizing the WPS configuration in peer-to-peer network, be subjected to the restriction of application scenarios, the Register logic entity generally is implemented on the network application apparatus of some type, unlikelyly provides special registrar function entity device; In addition, limited by cost, also can on the network application apparatus of all support WPS, all not provide Register logic entity function.Below in order to compose a piece of writing conveniently, will provide the application apparatus of Register logic entity function to abbreviate Register equipment as.
Utilizing mode (3) to realize the network application apparatus in the reciprocity WLAN (wireless local area network) is configured in the process of this technology, the inventor finds that there are the following problems at least in the prior art:
When the network application apparatus that adds reciprocity WLAN (wireless local area network) when request was separated by far with Register equipment, the availability of WPS method was restricted.In this case, because obstacle appears in interpersonal interchange, the user of request configuration application apparatus can not consult to dispose the time started with the user of Register equipment and exchange necessary facility information safely, so that in layoutprocedure, before pressing configuration button, confirm display message, so the WPS method can't be used.That is to say, when the configuration button of the network application apparatus of asking to add is pressed by its user, far away owing to be separated by, Register equipment one side's user does not know it is which equipment is in this fact of request configuration in advance, therefore, Register equipment one side's user can not press the configuration button of Register logic entity rashly to accept the request of this request configuration device.Like this, the WPS collocation method just can't be used.
Summary of the invention
The embodiment of the invention provides a kind of method that network application apparatus is configured, equipment and system.Utilize the embodiment of the invention, can strengthen and in reciprocity WLAN (wireless local area network), use the versatility that the WPS method is configured network application apparatus.
On the one hand, the embodiment of the invention method that network application apparatus is configured is by the following technical solutions:
A kind of method that network application apparatus is configured comprises:
Agent equipment receives the request configuration messages of requesting service;
Described agent equipment sends to Register equipment with the described request configuration messages, so that described Register equipment is configured described request equipment.
The method that second aspect, the embodiment of the invention are configured network application apparatus is by the following technical solutions:
A kind of method that network application apparatus is configured comprises:
Register equipment receives the request configuration messages of the requesting service of being transmitted by agent equipment;
Described Register equipment is configured the described request network application apparatus according to the described request configuration messages.
The third aspect, embodiment of the invention agent equipment be by the following technical solutions:
A kind of agent equipment comprises:
First receiving element is used for when the Register equipment of reciprocity WLAN (wireless local area network) can't directly be configured requesting service, receives the request configuration messages of requesting service;
First retransmission unit is used for the described request configuration messages is sent to described Register equipment, by described Register equipment described request equipment is configured.
Fourth aspect, embodiment of the invention Register equipment be by the following technical solutions:
A kind of Register equipment comprises:
Second receiving element is used to receive the request configuration messages by the requesting service of agent equipment forwarding;
Dispensing unit is used for according to the described request configuration messages described request equipment being configured.
The system that the 5th aspect, the embodiment of the invention are configured network application apparatus is by the following technical solutions:
A kind of system that network application apparatus is configured comprises: at least one requesting service, at least one agent equipment and at least one Register equipment; Wherein, described agent equipment and Register equipment are arranged in the reciprocity WLAN of having set up;
Described request equipment is used for sending the request configuration messages to described agent equipment, and cooperates with described Register equipment and to finish layoutprocedure;
Described agent equipment is used to receive the request configuration messages of described request equipment, and the described request configuration messages is transmitted to described Register equipment;
Described Register equipment is used for according to the described request configuration messages described request equipment being configured.
The embodiment of the invention sends to agent equipment in the reciprocity WLAN (wireless local area network) by the request configuration messages with requesting service, and then will ask configuration messages to be transmitted to Register equipment in the reciprocity WLAN (wireless local area network) by described agent equipment.Therefore, even under requesting service and Register equipment are separated by situation far away, also can pass through the agent equipment in WLAN (wireless local area network), finish layoutprocedure, in reciprocity WLAN (wireless local area network), use the versatility that the WPS method is configured network application apparatus thereby can strengthen to requesting service.
Description of drawings
The schematic diagram of the system that Fig. 1 is configured for a pair of network application apparatus of the embodiment of the invention;
The flow chart of the method that Fig. 2 is configured for two pairs of network application apparatus of the embodiment of the invention;
The schematic diagram of the method that Fig. 3 is configured for two pairs of network application apparatus of the embodiment of the invention;
The flow chart of the method that Fig. 4 is configured for three pairs of network application apparatus of the embodiment of the invention;
The schematic diagram of the method that Fig. 5 is configured for three pairs of network application apparatus of the embodiment of the invention;
The flow chart of the method that Fig. 6 is configured for four pairs of network application apparatus of the embodiment of the invention;
Fig. 7 is the schematic diagram of the embodiment of the invention five agent equipments;
Fig. 8 is the structure chart of first retransmission unit in the embodiment of the invention five;
Fig. 9 is the structure chart of agent equipment in the embodiment of the invention five;
Figure 10 is the structure chart of the embodiment of the invention six Register equipment;
Figure 11 is the structure chart of dispensing unit in the embodiment of the invention six;
Figure 12 is the schematic diagram of the embodiment of the invention six Register equipment.
Embodiment
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done an introduction simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Describe for convenient, in an embodiment of the present invention, abbreviate network application apparatus to be configured as " requesting service ", and will be arranged in the reciprocity WLAN (wireless local area network) of having set up, the network application apparatus that can transmit the request configuration messages of described request equipment is called " WPS agent equipment " and abbreviates " agent equipment " as, will provide the network application apparatus of registrar function to abbreviate as in the reciprocity WLAN (wireless local area network) " Register equipment ".Simultaneously, because described agent equipment has been arranged in reciprocity WLAN (wireless local area network), thereby it has passed through the configuration of Register equipment.
Therefore, when requesting service far away from Register equipment, but from one when the agent equipment of no registrar function of net is very near, use the WPS collocation method for convenience, can on the agent equipment of no registrar function, realize the simple configuration agent capability, to be implemented under this occasion configuration to requesting service.The embodiment of the invention just is being based on this thought and is carrying out.
For improving the versatility of WPS collocation method in the reciprocity WLAN (wireless local area network), the embodiment of the invention one provides a kind of system that network application apparatus is configured.
As shown in Figure 1, the embodiment of the invention one described system comprises: at least one requesting service 11, at least one agent equipment 12 and at least one Register equipment 13; Wherein, described agent equipment and Register equipment are arranged in the reciprocity WLAN (wireless local area network) of having set up.
Described request equipment 11 is used for sending the request configuration messages to described agent equipment, and cooperates with described Register equipment and to finish layoutprocedure; Described agent equipment 12 is used to receive the request configuration messages of described request equipment, and the described request configuration messages is transmitted to described Register equipment; Described Register equipment 13 is used for according to the described request configuration messages described request equipment being configured.
As mentioned above, in the embodiment of the invention one, described agent equipment is arranged in the reciprocity WLAN (wireless local area network) of having set up, that is to say that described agent equipment is the network application apparatus that has carried out configuration through the Register equipment in the described reciprocity WLAN (wireless local area network), but this agent equipment does not provide registrar function.Therefore,, be separated by when far away, can transmit its corresponding request configuration messages, thereby finish configuration operation it by Register equipment by agent equipment when requesting service and Register equipment according to the embodiment of the invention one described system.Therefore, the embodiment of the invention one described system has improved the versatility of WPS method in reciprocity WLAN (wireless local area network).
Below, two, three, four describe the course of work of the embodiment of the invention one described system in detail in conjunction with the embodiments.
Embodiments of the invention two provide a kind of method that network application apparatus in the reciprocity WLAN (wireless local area network) is configured.As shown in Figure 2, the embodiment of the invention two described methods comprise the steps:
Wherein, described agent equipment and Register equipment all are arranged in the reciprocity WLAN (wireless local area network) of having set up.That is to say that described agent equipment is to have passed through the network application apparatus that the network application apparatus that has registrar function in the reciprocity WLAN (wireless local area network) is configured, therefore, this just lays a good foundation for the realization of the embodiment of the invention two.
Transmit in the process of described request configuration messages at described agent equipment, at first detect proxy configurations pattern triggering signal by described agent equipment.
Wherein, described proxy configurations pattern triggering signal is that WPS configuration button or other equivalent way that the user by this agent equipment presses on this equipment realizes.For example, other equivalent way can for, when described agent equipment through configuration, and in the short time (for example 1 second), received and the request configuration messages of other requesting service then directly entered the proxy configurations pattern.In addition, can also doublely press or for a long time (for example 3 seconds) press described configuration button, described agent equipment just enters the proxy configurations pattern.
Then, after detecting described proxy configurations pattern triggering signal, described agent equipment is according to the information of Register equipment of storage on it, the Register equipment that is configured for the described request choice of equipment.
Because described agent equipment has passed through configuration, can store the information that has the network application apparatus of Register ability in this equity WLAN (wireless local area network) on it, therefore, described agent equipment is after receiving the described request configuration messages, when information according to the Register equipment of storage on it, select a Register equipment arbitrarily, and the described request configuration messages is sent to the Register equipment of choosing.
During agent equipment was in the proxy configurations pattern, it can be transmitted to same Register equipment with the request configuration messages of a plurality of requesting services of receiving in during this period.
In addition, for the fail safe that guarantees to be configured between described request equipment and the Register equipment, after described step 201, as shown in Figure 3, the embodiment of the invention two described methods also can comprise:
Certainly after this device password also can be generated by Register equipment, send to described agent equipment, then by described agent equipment with this device password and the described Register equipment mark of choosing (ID), Media Access Control Address information such as (MAC Address) sends to described request equipment together.
But because communicating by letter between agent equipment and the Register equipment maintained secrecy, and there is not corresponding confidentiality agreement between agent equipment and the requesting service, therefore, under normal conditions, adopt the mode that generates device password by described agent equipment more can guarantee the fail safe of disposing.Certainly, when generating check key,, can also adopt corresponding safety measure in order to improve the fail safe of configuration by Register equipment.For example, can carry out key agreement by agent equipment and requesting service, with the key that negotiates described device password be encrypted, the device password after will being encrypted by agent equipment then sends to described request equipment.
As shown in Figure 3, after step 202, the embodiment of the invention two described methods also can comprise:
In order to economize on resources, described agent equipment can not be in the proxy configurations pattern always, and as shown in Figure 3, after described step 203, the embodiment of the invention two described methods also can comprise:
The mode that detects proxy configurations pattern end signal can have following several: (1) is provided with timer on agent equipment, when timing then, withdraw from the proxy configurations pattern.For example, timing that can described timer is set to 30 seconds, and after the timing at 30 seconds arrived, described agent equipment withdrawed from the proxy configurations pattern automatically.(2) finish message according to the configuration that receives, withdraw from the proxy configurations pattern by described Register equipment transmission.Certainly, also can realize detecting proxy configurations pattern end signal, not enumerate one by one at this by other modes.
Corresponding with the embodiment of the invention two described methods, the embodiment of the invention three provides a kind of method that network application apparatus in the reciprocity WLAN (wireless local area network) is configured equally.
As shown in Figure 4, the method that three pairs of network application apparatus of the embodiment of the invention are configured comprises the steps:
In this embodiment, the content that is comprised in the described request configuration messages is described identical with embodiment two, for example, can comprise requesting service ID, the collocation method that is adopted.
For the fail safe that guarantees to dispose, when generating device password, can also comprise information such as device password etc. by described agent equipment.
As shown in Figure 5, when generating device password by Register equipment, after described step 401, also can comprise as if employing:
After generating or obtaining described device password, by described Register equipment described request equipment is configured, roughly can comprise the steps:
Step 4021, parsing described request configuration messages obtain described request equipment mark and/or device password;
Step 4022, utilize described device password that described request equipment is authenticated; When Register equipment obtains described device password, verify described device password;
Simultaneously, after requesting service receives device password, in accepting layoutprocedure, also to verify described device password.
Step 4023, after the authentication of described request equipment is passed through, described request equipment is configured.Concrete layoutprocedure is exactly to described request devices allocation resource, and the process of parameter is set, and this does not repeat them here with of the prior art identical.
After layoutprocedure finished, after described step 402, the embodiment of the invention three described methods also can comprise:
For making those skilled in the art more clearly obtain the implementation procedure of the embodiment of the invention two and three described methods, be described in detail below in conjunction with embodiment four.In this embodiment, adopt the mode that generates device password by agent equipment.
As shown in Figure 6, the described method of method that is configured of the network application apparatus in four pairs of reciprocity WLAN (wireless local area network) of the embodiment of the invention comprises:
Step 601, requesting service detect request configuration mode enabling signal.This is that user by requesting service presses the configuration button on this network application apparatus, and the mode that makes this equipment enter the request configuration mode realizes.Certainly, also can use other equivalent way trigger request equipment to enter the request configuration mode.It is afterwards also passable that this step occurs in step 603.That is to say that requesting service and agent equipment are pressed the order of configuration button and do not fixed.
Step 602, this requesting service will periodically outwards send probe request message, in this probe request message indication its be equipment to be configured, and comprise the information such as sign (ID), collocation method of this requesting service.Wherein the push button collocation method is adopted in the indication of collocation method information.
This probe request message is actually in the request configuration, and sends out in the mode of broadcasting.According to IEEE 802.11 agreements, the BSSID in the message (basic service set identification, the i.e. sign of WLAN) message segment is used the wildcard mode, does not promptly specify concrete network identity.Certainly, if the user of requesting service can specify concrete network to be added, also can specify concrete BSSID in this probe request message.But generally speaking, the user can not remove to specify a BSSID, because the target of WPS configuration as far as possible simply and not need be grasped professional knowledge with regard to the operation that is to use the family configuration device, thereby the button arrangement mode only needs the user can finish layoutprocedure by configuration button next time.Below this comprised the probe request message of asking configuration messages abbreviate the request configuration messages as.
If Register equipment arranged near this requesting service, then this Register equipment then can probe response message of loopback, provides institute's information requested of indicating in the ability information of this Register equipment and the probe request message in response message.And at described Register equipment not under the situation at configuration status, expression refusal request configuration messages in the probe response message of loopback.Method of automatic configuration when the embodiment of the invention solves registrar application equipment and can not directly accept request the register requirement of equipment.
Near the step 603, this requesting service agent equipment does not need this request configuration messages is made response, but but accept the equipment of configuring request as a proxy registrar, detect whether proxy configurations pattern triggering signal is arranged.
This proxy configurations pattern triggering signal equally also is that configuration button or other equivalent way that the user by this agent equipment presses on it realizes.When the user pressed configuration button, agent equipment entered the proxy configurations pattern.Here, needn't be in order to support the proxy configurations pattern, and add a configuration button to agent equipment, also be feasible method though a configuration button is set separately.Can on the basis of the configuration button of disposing that originally just has, realize that the proxy configurations pattern triggers function as WPS.For example, when the equipment of acting on behalf of has obtained configuration, and in the short time (for example 1 second), received and the request configuration messages of other requesting service then after pressing configuration button, entered the proxy configurations pattern.Also can adopt double press or for a long time (for example 3 seconds) press the mode that configuration button enters the proxy configurations pattern.
Step 604, after detecting proxy configurations pattern triggering signal, accept this request configuration messages and begin subsequent processes.
Step 605, described agent equipment are according to the described request configuration messages, for requesting service generates the verification that device password is used for the subsequent configuration process.This device password generates according to the regulation of WPS, can also can be the binary system lint-long integer of 16 bytes by 8 digital PIN code of forming.But this step is a selection operation, and the inventor thinks that agent equipment is that requesting service generates device password, help improving the fail safe of subsequent configuration process, but do not have this device password, layoutprocedure also can be finished more safely, and this is by the characteristic decision of push button collocation method.
Step 606, because agent equipment is the network application apparatus that has been arranged in described reciprocity WLAN (wireless local area network), so store the information of all Register equipment of enabling in this equity WLAN (wireless local area network) on it.When the equipment of agency was in the proxy configurations pattern, it can select a Register equipment, and when receiving the request configuration messages, the described request configuration messages was sent to the Register equipment of choosing.The ID that in this request configuration messages, can comprise requesting service, the configuration mode that is adopted, information such as described device password.Here said configuration mode is meant the push button collocation method, when system supports the various configurations method, need use a field to show the collocation method of the desired employing of requesting service in the request configuration messages.Perhaps, agent equipment can send described request configuration messages and device password respectively by two message.
During the proxy configurations pattern, agent equipment is transmitted all accessible configuration request message of receiving to selected same Register equipment.
Step 607, after Register equipment is received the request configuration messages that agent equipment transmits, Register equipment just can switch to configuration mode.
If adopting agent equipment is the step that requesting service generates device password, then Register equipment should switch to configuration mode again after receiving device password.
Step 608, simultaneously, described agent equipment will send configuration response message to described request equipment, the configuring request of this requesting service is accepted in expression in this response message, and in this response message, include the mac address information that it selects the Register equipment of forwarding, and described device password etc.Or described device password is sent to requesting service by other reciprocal process.
Owing to do not set up cipher key relation between agent equipment and the requesting service, therefore will to send to the process of requesting service possible dangerous for the password that requesting service produces.But can take certain measure to improve fail safe between agent equipment and the requesting service, for example agent equipment reduction transmitting power sends response message to requesting service, this requires agent equipment and requesting service from must be closer, exactly because and the application scenarios requesting service that in fact the present invention is directed to is closer from agent equipment.
Perhaps, agent equipment also can adopt certain cryptographic key negotiation method to negotiate a key with requesting service, and with the described device password of the described secret key encryption that negotiates.
If agent equipment has display capabilities, and requesting service has input capability, can also the device password that generate be shown by agent equipment, and the user of requesting service will be input to the requesting service from the device password that the display screen of agent equipment is seen.
If agent equipment and requesting service all have band external tappings such as NFC, also can safely device password be delivered to requesting service from agent equipment by the band external tapping.Though the mode that adopts the user to input password or adopt out-band channel to transmit device password has improved the difficulty of using, and has increased the fail safe of layoutprocedure.
Adopt any mode to transmit between agent equipment and the requesting service into the interim device password that generates of requesting service, by reaching through consultation between them.According to 802.11 agreements, all carried the ability that network application apparatus had that sends message in probe request message and the probe response message, be not described in detail here.
Above agent equipment is that requesting service generates device password, and the process of carrying this device password in agent equipment is issued the configuration response message of requesting service is a kind of measure that increases the layoutprocedure fail safe, but not necessarily.
Step 609, the described request network equipment obtain the MAC Address of this Register agent equipment according to described configuration response message, and device password.As above a step is described, and the device password of requesting service also can obtain from agent equipment by other method.
Described request equipment after receiving the request response of described agent equipment, by step 610-step 623, carry out the layoutprocedure of the standard that defines in the WPS1.0h standard, finish and the Register of agent equipment appointment between layoutprocedure.
Step 610, described request equipment send EAPoL to Register equipment and begin message;
Step 611, described Register equipment send the EAP request message to requesting service, to its ID of described request device request;
Step 612, requesting service send to described Register equipment with its ID by the EAP response message;
Step 613, described Register equipment send the EAP request to described request equipment, carry the indication information that WPS begins, the beginning layoutprocedure;
Step 614-621, (M1~M8) finishes layoutprocedure to WPS by 8 message, wherein M1~M2 employing DH (Diffie-Hellman) dynamic key exchange algorithm negotiates one group of temporary key between requesting service and the Register equipment, be used for follow-up interactive messages is authenticated and significant data such as configuration data, certificate are encrypted, guarantee the fail safe of layoutprocedure; Wherein M1-M8 message is the standard message in the agreement, and its particular content does not repeat them here.
In the process of step 616 to 620, also need the device password of requesting service is verified.In the WPS1.0h technical specification, stipulate that for the collocation method of configuration button formula the device password of equipment to be configured is fixed as " 00000000 ", in fact this do not have the essence effect, only is in order to keep the consistency of agreement under any one collocation method.Can not utilize the device password of equipment to guarantee the reliability of layoutprocedure, this is the defective that configuration button formula collocation method can't overcome.In the embodiment of the invention, because layoutprocedure has been passed through an intermediate equipment, adopt configuration button formula collocation method can may cause the further reduction of layoutprocedure fail safe simply, therefore the suggestion employing is requesting service generation device password and the method that sends to Register equipment by agent equipment, assurance Register equipment is verified device password in the subsequent configuration process effectively, and security flaw only is retained in the process of agent equipment to requesting service transmission device password, make its fail safe reach identical with WPS1.0h or better effect.
Step 622, requesting service send the EAP response to described Register equipment, and the expression layoutprocedure is finished;
Step 623, described Register equipment send " EAP failure " message to described request equipment, it is meant and causes that requesting service carries out processes such as the authentication of network insertion needs, association again, and use the previous configuration information that obtains in new authentication, association process.
In the process that Register equipment is configured requesting service, seize the opportunity that swarming into tries to be the first and accept the configuration of Register equipment in order to prevent illegal network application apparatus, Register equipment should keep a period of time after entering configuration mode, just finish configuration mode then.
If previous acceptance configuration is an illegal network application apparatus, as long as guarantee that legal network application apparatus sends configuring request in official hour.Register equipment can find to have a plurality of requesting service requests configuration in the special time window, then Register equipment thinks that this situation is a mistake, has accepted the relevant information of the requesting service that disposes in this time period with stopping layoutprocedure or cancellation.So like this,, can not link in the reciprocity WLAN (wireless local area network) at Register equipment place, can make the push button collocation method safer like this even illegal network application apparatus has obtained configuration data because the configuration data of illegal network application apparatus is invalid.Same, requesting service is also set a time window, is registered to mistakenly on other network even the illegal Register preventing, is not described in detail here.
Behind step 624, the Register device end configuration mode, send configuration to agent equipment and finish message, notify its configuration mode that is through with.
Step 625, after receiving that the Register equipment disposition is finished message, agent equipment also finishes the proxy configurations pattern.As previously mentioned, agent equipment may be have finished the proxy configurations pattern automatically after the regular hour, receive the end configuration mode message of Register this moment after, as long as simply ignore this message.
So far, described Register equipment has been finished the layoutprocedure to requesting service.
As shown in Figure 7, the embodiment of the invention five provides a kind of agent equipment.Comprise: first receiving element 701, and first retransmission unit 702.Wherein, described first receiving element 701 is used for when the Register equipment of reciprocity WLAN (wireless local area network) can't directly be configured requesting service, receives the request configuration messages of requesting service; First retransmission unit 702 is used for the described request configuration messages is sent to described Register equipment, by described Register equipment described request equipment is configured.
Wherein, as shown in Figure 8, described first retransmission unit 702 comprises: detection module 712 is used to detect proxy configurations pattern triggering signal; Select module 713, be used for when detecting described proxy configurations pattern triggering signal after, according to the information of the Register equipment of storing on it, the Register equipment that is configured for the described request choice of equipment; Forwarding module 714 is used for the described request configuration messages is sent to the Register equipment of choosing.
For the fail safe that guarantees that requesting service and Register equipment are configured, can generate device password by agency network application safety equipment, or generate the mode of device password by Register equipment, when being configured, utilize described device password to authenticate by requesting service and Register equipment.When employing generated the mode of device password by agency network application safety equipment, described first retransmission unit 702 also can comprise password generation module 715, was used for according to the described request configuration messages, was that described request equipment generates device password.714 of described forwarding modules can send to the Register equipment of choosing with the request configuration response message that includes described device password.
When employing generated the mode of device password by Register equipment, described first receiving element 701 also was used to receive the device password by the requesting service of described Register equipment transmission.
As shown in Figure 9, on the basis of Fig. 7 or agent equipment shown in Figure 8, when described forwarding module 714 after the described request configuration messages is sent to Register equipment, described agent equipment also comprises: first transmitting element 703, be used for sending request configuration response message, accept the configuring request of described request equipment to described request equipment.Include the ID of the Register equipment of choosing in described request configuration response message, MAC Address reaches information such as described device password.
As shown in figure 10, the embodiment of the invention six provides a kind of Register equipment.Comprise: second receiving element 1001, and dispensing unit 1002.
Wherein second receiving element 1001 is used to receive the request configuration messages by the requesting service of agent equipment forwarding; Dispensing unit 1002 is used for according to the described request configuration messages described request equipment being configured.
As shown in figure 11, described dispensing unit 1002 comprises: parsing module 1101, be used to resolve the described request configuration messages, and obtain described request equipment mark and/or device password; Authentication module 1102 is used for the requesting service with described sign is authenticated, and when Register equipment obtains described device password, verifies described device password; Operational module 1103 is used for after the authentication of described request equipment is passed through described request equipment being configured.
For the fail safe that guarantees that requesting service and Register equipment are configured, by the mode of Register equipment generation device password, as shown in figure 12, described Register equipment also can comprise:
The second password generation unit 1003 is used for according to the described request configuration messages, generates device password;
After layoutprocedure finished, described second transmitting element 1004 also was used for sending configuration to described agent equipment and finishes message.
The embodiment of the invention sends to agent equipment in the reciprocity WLAN (wireless local area network) by the request configuration messages with requesting service, and then is accepted this request and will be asked configuration messages to be transmitted to Register equipment in the reciprocity WLAN (wireless local area network) by described agent equipment.Therefore, even under requesting service and Register equipment are separated by situation far away, also can pass through the agent equipment in WLAN (wireless local area network), finish security configuration process, in reciprocity WLAN (wireless local area network), use the versatility that the WPS method is configured network application apparatus thereby can strengthen to requesting service.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.
Claims (26)
1, a kind of method that network application apparatus is configured is characterized in that, described method comprises the steps:
Agent equipment receives the request configuration messages of requesting service;
Described agent equipment sends to Register equipment with the described request configuration messages, so that described Register equipment is configured described request equipment.
2, the method that network application apparatus is configured according to claim 1 is characterized in that, described agent equipment comprises the step that the described request configuration messages sends to described Register equipment:
Described agent equipment detects proxy configurations pattern triggering signal;
After detecting described proxy configurations pattern triggering signal, the Register equipment that described agent equipment is configured for the described request choice of equipment;
The described request configuration messages is sent to the Register equipment of choosing.
3, the method that network application apparatus is configured according to claim 2 is characterized in that, before the described request configuration messages was sent to the step of the Register equipment of choosing, described method also comprised:
Described agent equipment is according to the described request configuration messages, for described request equipment generates device password;
The step that the described request configuration messages is sent to the Register equipment of choosing is specially:
The request configuration messages that will include described device password sends to the Register equipment of choosing.
4, the method that network application apparatus is configured according to claim 2 is characterized in that, the described request configuration messages is sent to the step of the Register equipment of choosing after, described method also comprises:
Reception is by the device password of the requesting service of described Register equipment transmission.
5, according to the described method that network application apparatus is configured of the arbitrary claim of claim 1-4, it is characterized in that described method also comprises the steps:
Described agent equipment sends request configuration response message to described request equipment, accepts the configuring request of described request equipment.
6, according to the described method that network application apparatus is configured of the arbitrary claim of claim 1-4, it is characterized in that, comprise in the described request configuration messages: the described request equipment mark.
7, the method that network application apparatus is configured according to claim 5, it is characterized in that, the Media Access Control Address that comprises the Register equipment that described agent equipment is selected in the described request configuration response message, and/or the device password that generates for described request equipment by described agent equipment or Register equipment.
8, the method that network application apparatus is configured according to claim 7, it is characterized in that, when comprising the device password that generates for described request equipment by described agent equipment or Register equipment in the described request configuration response message, before described request equipment sent the step of request configuration response message, described method also comprised at described agent equipment:
Described agent equipment and described request equipment arranging key;
The key that described agent equipment utilization negotiates is encrypted described device password when described request equipment sends described device password.
9, the method that network application apparatus is configured according to claim 5 is characterized in that, after described agent equipment sent the step of request configuration response message to described request equipment, described method also comprised:
Detect proxy configurations pattern end signal;
After detecting proxy configurations pattern end signal, described agent equipment withdraws from the proxy configurations pattern.
10, the method that network application apparatus is configured according to claim 9 is characterized in that, the step of described detection proxy configurations pattern end signal comprises:
Timer is set;
When the timing of timer then, described agent equipment withdraws from the proxy configurations pattern; Or
Reception is finished message by the configuration that described Register equipment sends, and withdraws from the proxy configurations pattern.
11, a kind of method that network application apparatus is configured is characterized in that, described method comprises the steps:
Register equipment receives the request configuration messages of the requesting service of being transmitted by agent equipment;
Described Register equipment is configured described request equipment according to the described request configuration messages.
12, the method that network application apparatus is configured according to claim 11 is characterized in that, after Register equipment received the request configuration messages of the requesting service of being transmitted by agent equipment, described method also comprised:
According to the described request configuration messages, generate device password;
Described device password is sent to described agent equipment.
13, according to claim 11 or the 12 described methods that network application apparatus is configured, it is characterized in that described Register equipment is according to the described request configuration messages, the step that described request equipment is configured comprises:
Resolve the described request configuration messages, obtain described request equipment mark and/or device password;
Requesting service with described sign is authenticated;
When Register equipment obtains described device password, verify described device password.
According to claim 11 or the 12 described methods that network application apparatus is configured, it is characterized in that 14, according to the described request configuration messages, after the step that described request equipment is configured, described method also comprises at described Register equipment:
Send configuration to described agent equipment and finish message.
15, a kind of agent equipment is characterized in that comprising:
First receiving element is used for when the Register equipment of reciprocity WLAN (wireless local area network) can't directly be configured requesting service, receives the request configuration messages of requesting service;
First retransmission unit is used for the described request configuration messages is sent to described Register equipment, by described Register equipment described request equipment is configured.
16, agent equipment according to claim 15 is characterized in that, described equipment also comprises:
First transmitting element is used for sending request configuration response message to described request equipment, accepts the configuring request of described request equipment.
17, agent equipment according to claim 15 is characterized in that, described first retransmission unit comprises:
Detection module is used to detect proxy configurations pattern triggering signal;
Select module, be used for after detecting described proxy configurations pattern triggering signal, the Register equipment that is configured for the described request choice of equipment;
Forwarding module is used for the described request configuration messages is sent to the Register equipment of choosing.
18, agent equipment according to claim 17 is characterized in that, described first retransmission unit also comprises:
The password generation module is used for according to the described request configuration messages, for described request equipment generates device password;
Described forwarding module, the request configuration response message that is used for including described device password sends to the Register equipment of choosing.
19, according to the described agent equipment of the arbitrary claim of claim 15-18, it is characterized in that,
Described first receiving element also is used to receive the device password by the requesting service of described Register equipment transmission.
20, a kind of Register equipment is characterized in that comprising:
Second receiving element is used to receive the request configuration messages by the requesting service of agent equipment forwarding;
Dispensing unit is used for according to the described request configuration messages described request equipment being configured.
21, Register equipment according to claim 20 is characterized in that also comprising:
The second password generation unit is used for according to the described request configuration messages, generates device password;
Second transmitting element is used for described device password is sent to described agent equipment.
22, according to claim 20 or 21 described Register equipment, it is characterized in that described dispensing unit comprises:
Parsing module is used to resolve the described request configuration messages, obtains described request equipment mark and/or device password;
Authentication module is used for the requesting service with described sign is authenticated, and when Register equipment obtains described device password, verifies described device password;
Operational module is used for after the authentication of described request equipment is passed through described request equipment being configured.
According to claim 20 or 21 described Register equipment, it is characterized in that 23, described second transmitting element also is used for sending configuration to described agent equipment and finishes message.
24, a kind of system that network application apparatus is configured is characterized in that, described system comprises: at least one requesting service, at least one agent equipment and at least one Register equipment; Wherein, described agent equipment and Register equipment are arranged in the reciprocity WLAN of having set up;
Described request equipment is used for sending the request configuration messages to described agent equipment, and cooperates with described Register equipment and to finish layoutprocedure;
Described agent equipment is used to receive the request configuration messages of described request equipment, and the described request configuration messages is transmitted to described Register equipment;
Described Register equipment is used for according to the described request configuration messages described request equipment being configured.
25, the system that network application apparatus is configured according to claim 24 is characterized in that, described agent equipment comprises:
First receiving element is used for when the Register equipment of reciprocity WLAN (wireless local area network) can't directly be configured requesting service, receives the request configuration messages of requesting service;
First retransmission unit is used for the described request configuration messages is sent to described Register equipment, by described Register equipment described request equipment is configured.
26, the system that network application apparatus is configured according to claim 24 is characterized in that, described Register equipment comprises:
Second receiving element is used to receive the request configuration messages by the requesting service of agent equipment forwarding;
Dispensing unit is used for according to the described request configuration messages described request equipment being configured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810126123A CN101616017A (en) | 2008-06-26 | 2008-06-26 | Method, equipment and system that network application apparatus is configured |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810126123A CN101616017A (en) | 2008-06-26 | 2008-06-26 | Method, equipment and system that network application apparatus is configured |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101616017A true CN101616017A (en) | 2009-12-30 |
Family
ID=41495444
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810126123A Pending CN101616017A (en) | 2008-06-26 | 2008-06-26 | Method, equipment and system that network application apparatus is configured |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101616017A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102204391A (en) * | 2011-05-27 | 2011-09-28 | 华为终端有限公司 | Repeater wps connection method and device |
| CN102833345A (en) * | 2012-09-05 | 2012-12-19 | 中兴通讯股份有限公司 | Method, apparatus and system for sharing content between devices |
| CN103796204A (en) * | 2012-11-02 | 2014-05-14 | 国基电子(上海)有限公司 | System and method for using button to set wireless local-area network |
| CN103974245A (en) * | 2013-02-01 | 2014-08-06 | 华为终端有限公司 | Device configuration method, devices and system |
| WO2014176743A1 (en) * | 2013-04-28 | 2014-11-06 | 华为终端有限公司 | Method, device and system for configuring wireless terminal |
| WO2015014307A1 (en) * | 2013-08-01 | 2015-02-05 | 华为终端有限公司 | Method, device and system for configuring multiple devices |
| CN104683195A (en) * | 2015-02-28 | 2015-06-03 | 大连鼎创科技开发有限公司 | Configuration method of equipment to be configured in intelligent household system |
| CN104735642A (en) * | 2013-12-18 | 2015-06-24 | 巴法络股份有限公司 | Wireless connecting device, replication method of wireless communication setting information and network system |
| WO2016033889A1 (en) * | 2014-09-01 | 2016-03-10 | 中兴通讯股份有限公司 | Terminal, wireless access device and triggering method, and system |
| CN107995216A (en) * | 2017-12-21 | 2018-05-04 | 北京东土军悦科技有限公司 | A kind of safety certifying method, device, certificate server and storage medium |
| CN108063689A (en) * | 2011-07-21 | 2018-05-22 | 英特尔公司 | The safe online registration and supply of the WI-FI hot spots of use device management agreement |
-
2008
- 2008-06-26 CN CN200810126123A patent/CN101616017A/en active Pending
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011144101A3 (en) * | 2011-05-27 | 2012-04-19 | 华为终端有限公司 | Method and apparatus for repeater wi-fi protected setup connections |
| CN102204391B (en) * | 2011-05-27 | 2013-06-05 | 华为终端有限公司 | Repeater wps connection method and device |
| CN102204391A (en) * | 2011-05-27 | 2011-09-28 | 华为终端有限公司 | Repeater wps connection method and device |
| US8929276B2 (en) | 2011-05-27 | 2015-01-06 | Huawei Device Co., Ltd. | Repeater WPS connection method and apparatus |
| CN108063689B (en) * | 2011-07-21 | 2021-10-22 | 英特尔公司 | Secure online registration and provisioning of WI-FI hotspots using device management protocol |
| CN108063689A (en) * | 2011-07-21 | 2018-05-22 | 英特尔公司 | The safe online registration and supply of the WI-FI hot spots of use device management agreement |
| CN102833345B (en) * | 2012-09-05 | 2016-12-07 | 中兴通讯股份有限公司 | A kind of equipment room shares the method for content, Apparatus and system |
| CN102833345A (en) * | 2012-09-05 | 2012-12-19 | 中兴通讯股份有限公司 | Method, apparatus and system for sharing content between devices |
| CN103796204A (en) * | 2012-11-02 | 2014-05-14 | 国基电子(上海)有限公司 | System and method for using button to set wireless local-area network |
| CN103974245A (en) * | 2013-02-01 | 2014-08-06 | 华为终端有限公司 | Device configuration method, devices and system |
| CN103974245B (en) * | 2013-02-01 | 2017-09-29 | 华为终端有限公司 | Equipment configuration method, equipment and system |
| US10091650B2 (en) | 2013-04-28 | 2018-10-02 | Huawei Device (Dongguan) Co., Ltd. | Wireless terminal configuration method, device, and system |
| WO2014176743A1 (en) * | 2013-04-28 | 2014-11-06 | 华为终端有限公司 | Method, device and system for configuring wireless terminal |
| WO2015014307A1 (en) * | 2013-08-01 | 2015-02-05 | 华为终端有限公司 | Method, device and system for configuring multiple devices |
| CN104735642A (en) * | 2013-12-18 | 2015-06-24 | 巴法络股份有限公司 | Wireless connecting device, replication method of wireless communication setting information and network system |
| CN104735642B (en) * | 2013-12-18 | 2018-07-10 | 巴法络股份有限公司 | Wireless connection device, the clone method of wireless communication setup information and network system |
| WO2016033889A1 (en) * | 2014-09-01 | 2016-03-10 | 中兴通讯股份有限公司 | Terminal, wireless access device and triggering method, and system |
| CN104683195A (en) * | 2015-02-28 | 2015-06-03 | 大连鼎创科技开发有限公司 | Configuration method of equipment to be configured in intelligent household system |
| CN107995216A (en) * | 2017-12-21 | 2018-05-04 | 北京东土军悦科技有限公司 | A kind of safety certifying method, device, certificate server and storage medium |
| CN107995216B (en) * | 2017-12-21 | 2022-09-27 | 北京东土军悦科技有限公司 | Security authentication method, device, authentication server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101616017A (en) | Method, equipment and system that network application apparatus is configured | |
| EP3223549B1 (en) | Wireless network access method and access apparatus, client and storage medium | |
| EP2617222B1 (en) | Dynamic account creation with secured hotspot network | |
| CN101375243B (en) | System and method for wireless network profile provisioning | |
| EP1886438B1 (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| US8925042B2 (en) | Connecting devices to an existing secure wireless network | |
| US20160219050A1 (en) | Dynamically generated ssid | |
| US20080141313A1 (en) | Authentication bootstrap by network support | |
| CN107529160B (en) | VoWiFi network access method and system, terminal and wireless access point equipment | |
| US20060111097A1 (en) | Communication apparatus, system, and method therefor | |
| US20110055409A1 (en) | Method For Network Connection | |
| CN103139768A (en) | Authentication method and authentication device in integrated wireless network | |
| CN102547701A (en) | Authentication method and wireless access point as well as authentication server | |
| CN102318386A (en) | Service-based authentication to a network | |
| JP6997886B2 (en) | Non-3GPP device access to core network | |
| CN106559785B (en) | Authentication method, device and system, access device and terminal | |
| CN104660405A (en) | Business equipment authentication method and equipment | |
| JP2023162296A (en) | Non-3GPP device access to core network | |
| US20080137553A1 (en) | Method of automatic certification and secure configuration of a wlan system and transmission device thereof | |
| CN102970680A (en) | Method and device for network switching | |
| JP5091963B2 (en) | Communication station, certificate authority, and authentication method | |
| CN113194476A (en) | Equipment activation and authentication binding method | |
| US20120120933A1 (en) | Method for enhanced radio resource management in a public land mobile network | |
| CN106453400A (en) | Authentication method and system | |
| CN101998382B (en) | Network configuration method, equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091230 |