CN101753293A - Network equipment and network equipment configuration method - Google Patents
Network equipment and network equipment configuration method Download PDFInfo
- Publication number
- CN101753293A CN101753293A CN200810175932A CN200810175932A CN101753293A CN 101753293 A CN101753293 A CN 101753293A CN 200810175932 A CN200810175932 A CN 200810175932A CN 200810175932 A CN200810175932 A CN 200810175932A CN 101753293 A CN101753293 A CN 101753293A
- Authority
- CN
- China
- Prior art keywords
- cipher key
- subscriber equipment
- network
- lifetimes
- key lifetimes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides network equipment and a network equipment configuration method. The method comprises the following steps: judging the user equipment type: configuring the key life cycle of the user equipment into a first key life cycle when the user equipment type is the first equipment type; and configuring the key life cycle of the user equipment into a second key life cycle when the user equipment type is the second equipment type, wherein the second key life cycle is shorter than the first key life cycle. Two key life cycles including one long life cycle and one short life cycle are configured according to different equipment types, so the configuration is more flexible, and the requirements of different user equipment can be met.
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method for a kind of network equipment and configure network devices.
Background technology
The shielded configuration of Wireless Fidelity (WPS, Wi-Fi Protected Setup) is the standard that the handy and safe configuration is provided for the wireless family networking, is proposed on January 8th, 2007 by Wi-Fi Alliance.The purpose of WPS agreement is to simplify the process of wireless network security configuration, and it adds the safety of subscriber equipment and easy method from the foundation of the conceptual design WLAN (wireless local area network) (WLAN, Wireless Local Area Network) of lock ﹠ key with to WLAN.Its basic thought is, uses a Register to manage the installation of access point (AP, Access Point) and the interpolation of subscriber equipment, the user only finish therein password input, press the button, compare the better simply work of display message geometric ratio.The WPS standard has been emphasized the problem of handled easily and two aspects of fail safe.The main method of WPS configuration comprises:
1, personal information sign indicating number (PIN, Personal Information Number) method: promptly (STA posts code-bar above Station) to the main frame that will newly add, and the user can therefrom read password the AP or the Register of fan-in network;
2, button arrangement (PBC, Push Button Configuration) method: promptly realize consulting configuration by on the AP and the subscriber equipment that will add, touching the button;
3, near-field communication tyre mechanism methods such as (NFC, Near Field Communication): be about to new STA near AP or Register in the network, consult configuration by both near field transmission realizations.
The purpose of negotiation in said method configuration is to obtain the credential issued to it by Register easily in order to allow subscriber equipment safety, and after this subscriber equipment can held the credential that is obtained and connects network.Credential is by a plurality of netkeys, network title (service set identifier, SSID, Service SetIdentifier), member device medium access control (MAC, Media Access Control) attribute such as address is formed, wherein the attribute of most critical is a netkey, credential lost efficacy in case netkey loses efficacy, and obtained credential and meaned and have available netkey.Consult layoutprocedure and include a series of extendible authentication protocol (EAP, Expansible Authentication Protocol) interacting message, these message are excited by user behavior at first, drive the further behavior of user by descriptor.Finish the identification of capacity of equipment at two ends after, the user artificially starts the actual session process of agreement by input password or mode such as press the button, and finishes the configuration for the treatment of configuration device automatically.
For in-band method, subscriber equipment and Register produce credential after consulting to finish in configuration file, and credential sends subscriber equipment by Register to by M8 message.For out-band method, credential can send subscriber equipment to by M2 message by Register.Cipher key lifetimes refers to from obtaining credential and lost efficacy during this period of time to credential.
WPS Standard Edition 1.0h allows the credential of user by an equipment of Register deletion at present, also can the credential of the subscriber equipment that is configured be deleted over time automatically because of cipher key lifetimes is expired by the expired mode of cipher key lifetimes.In the existing WPS technology is fixing cipher key lifetimes of user device configuration, just abrogates subscriber equipment to after date and connects network.
The inventor finds in the process that prior art is studied and put into practice: more rigid because the cipher key lifetimes of the setting in the existing WPS technology has only a fixed value, can't adapt to the complex situations in concrete the application.
Summary of the invention
Embodiment of the invention technical problem to be solved provides the method for a kind of network equipment and configure network devices, more neatly configuring cipher key life cycle.
The embodiment of the invention provides a kind of method of configure network devices, and this method comprises:
Judge user device type;
When described user device type is first device type, the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
When described user device type is second device type, the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, described second cipher key lifetimes is less than described first cipher key lifetimes.
The embodiment of the invention provides a kind of network equipment, and this equipment comprises: first judging unit, first dispensing unit, second dispensing unit, wherein:
First judging unit is used to judge user device type, if user device type is first device type, then triggers first dispensing unit; If user device type is second device type, then trigger second dispensing unit;
First dispensing unit is used for the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
Second dispensing unit is used for the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, and described second cipher key lifetimes is less than first cipher key lifetimes.
As can be seen from the above technical solutions, by the judgement user device type and when user device type is first device type, the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes, when user device type is second device type, the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, and second cipher key lifetimes is less than first cipher key lifetimes.Because configuration one is long and the other is short two cipher key lifetimes according to different device type, therefore configuration is more flexible, can satisfy the needs of different subscriber equipmenies.
Description of drawings
Fig. 1 is method one flow chart of configure network devices in the embodiment of the invention;
Fig. 2 is the method two flow chart of configure network devices in the embodiment of the invention;
Fig. 3 is method three flow charts of configure network devices in the embodiment of the invention;
Fig. 4 is the network negotiate flow chart behind the user equipment requests network away from keyboard in the embodiment of the invention;
Fig. 5 is the network equipment one structural representation in the embodiment of the invention;
Fig. 6 is the network equipment two structural representations in the embodiment of the invention;
Fig. 7 is the network equipment three structural representations in the embodiment of the invention;
Fig. 8 is the network equipment four structural representations in the embodiment of the invention;
Fig. 9 is the network equipment five structural representations in the embodiment of the invention.
Embodiment
The embodiment of the invention provides the method for the network equipment and configure network devices, by judging user device type, and different cipher key lifetimes is set according to different user device type, comprise: when described user device type is first device type, the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes; When described user device type is second device type, the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, second cipher key lifetimes is less than first cipher key lifetimes.This method can be provided with cipher key lifetimes as required more neatly.
For the purpose, technical scheme and the advantage that make the embodiment of the invention more cheer and bright, below with reference to accompanying drawing, the embodiment of the invention is elaborated:
With reference to Fig. 1, be method one flow chart of configure network devices in the embodiment of the invention, below be elaborated by concrete steps:
S101, judgement user device type are long-term connection device or short-term connection device, if long-term connection device, then execution in step S102; If short-term connection device, then execution in step S103;
Specifically can judge by AP or Register.
S102, the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
S103, the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, described second cipher key lifetimes is less than described first cipher key lifetimes.
For user device type in the infrastructure network is that the equipment of long-term connection device should be the long-term member in this network, so the cipher key lifetimes of this subscriber equipment should be long, for example, above-mentioned first cipher key lifetimes can be made as 3 months; And provide short cipher key lifetimes for the short-term connection device of temporary visit infrastructure network, i.e. second cipher key lifetimes, so that under the situation of user's nonintervention, just can make this interim subscriber equipment that adds network can't enter network once more over time automatically, for example can be provided with 4 hours.
For the subscriber equipment in the infrastructure may be long-term member in this network, it also may be the short-term connection device of this network of temporary visit, therefore come to be user device configuration one is long and the other is short two cipher key lifetimes according to these characteristics of subscriber equipment, for user device type is the subscriber equipment of long-term connection device, long cipher key lifetimes is set can be avoided network to remove in the long time and make in the network credential of any two equipment rooms invalid, and make the user have to reconfigure, be user-friendly to, can improve user experience; For user device type is the subscriber equipment of short-term connection device, because cipher key lifetimes is shorter, when network is removed, subscriber equipment is even without the announcement information of receiving that network is removed, equally can make credential invalid because of key is expired at short notice, can not cause producing from being dynamically connected once more between the equipment network security problem.Therefore present embodiment can improve user experience and guarantee network security.
The present inventor finds, under the peer-to-peer network model of interim networking always, as dedicated mode/telecommunication integrated service support system (ad hoc/IBSS, ad hoc/Independent Basic Service Set) under the model, credential between any two equipment should not be permanently effective, under the situation that network is removed, credential between any two equipment of original this network of adding should lose efficacy, and this can receive the notice that network is removed temporarily or detect network voluntarily and delete already present credential information when not existed automatically at equipment.Yet equipment also may detect network and not exist under the situation of interim deviated from network, and need reconfigure when deletion credential information can cause it to get back to network once more automatically this moment, uses inconvenience.And peer-to-peer network generally is made up of handheld devices such as portable terminals, the situation that interim deviated from network of equipment is got back to network then again is easy to take place, therefore the mode that can use the cipher key lifetimes automatically renewed and upgrade automatically is relatively more friendly for the user.Under the situation of using shorter cipher key lifetimes, after network is removed, all devices equally can make credential invalid because of key is expired even without the announcement information of receiving that network is removed at short notice, can not cause producing from being dynamically connected once more between the equipment safety problem.
When specific implementation, can adopt the cipher key lifetimes of button arrangement mode configure user equipment, " long-term connection device " and " short-term connection device " two for example can be set on Register join button, and respectively corresponding one is long and the other is short two default cipher key lifetimes (for example, long-term connection device is 3 months, and the short-term connection device is 3 hours).Long-term member's user presses " long-term connection device " button and carries out the WPS configuration, and the user of short-term connection device presses " short-term connection device " button and carries out the WPS configuration.For different WPS configuration, can adopt different cipher key lifetimes handling processes, below be elaborated with reference to Fig. 2 and Fig. 3 respectively:
With reference to Fig. 2, be the method two flow chart of configure network devices in the embodiment of the invention, when pressing " long-term connection device " button, can be according to steps of processing:
S201, receive and press " long-term connection device " button message;
S202, hold consultation with subscriber equipment, issue credential;
The cipher key lifetimes of S203, configure user equipment is the first cipher key lifetimes LT;
The first for example default cipher key lifetimes is 3 months.
S204, obtain the time status of the first cipher key lifetimes LT;
If the time status of S205, the judgement first cipher key lifetimes LT is first cipher key lifetimes LT timing end, then execution in step S206; If the first cipher key lifetimes LT timing does not finish, then re-execute step S204;
S206, judge whether subscriber equipment is online, if, execution in step S207 then; If not, execution in step 208 then;
S207, new key more, and execution in step S203 automatically;
When subscriber equipment is issued credential, can produce a plurality of netkeys at Register.General only need of subscriber equipment done follow-up network connection with one of them netkey.The way of Register acquiescence is to bring subscriber equipment a netkey in M8 message, and the netkey that has more generally abandons.But Register can be in M8 message brings subscriber equipment 2 or above netkey, and arranges call number to them, and one of them can be as the spare key of new key more automatically.Therefore, if in the EAP negotiations process, preserved backup keys, then can be the negotiation backup keys of preserving in advance with key updating.
S208, startup time-delay (DT, Delay Time) timing, and execution in step S209;
S209, obtain time-delay DT time status;
S210, judge whether the time-delay time status finishes, if, execution in step S211 then; If not, execution in step S212 then;
Credential and process ends that S211, deletion subscriber equipment connect;
S212, judge whether subscriber equipment is got back in the network, if, execution in step S207 then; If not, then re-execute step S209.
As seen, equipment is online when working as the first cipher key lifetimes timing end of being disposed in the present embodiment, perhaps subscriber equipment comes back in the network before the time-delay timing that is provided with finishes, automatically the key that upgrades described subscriber equipment helps maintaining network safety, and just can reconfigure and can add network, therefore relatively friendly to the user.And when the delay time that is provided with finished, the credential that the deletion subscriber equipment connects because the cipher key lifetimes of the subscriber equipment that is provided with is out of date, therefore can guarantee network security.
The cipher key lifetimes that delay time DT represents subscriber equipment postpones to delete automatically the time of the credential of this equipment to after date, by system's setting, be understandable that in the present embodiment, also can be by the User Defined setting, for example, the user is provided with delay time in request temporarily when leaving.Delay time DT specifically can be fixed as the first cipher key lifetimes LT or be 1/2nd of LT, the perhaps twice of LT, also can be by the User Defined setting, the embodiment of the invention is not made concrete regulation, but the inventor thinks should the such value of variation: can avoid belonging to long-term connection equipment credential cipher key lifetimes once overtime cause deleted, have to when networking once more reconfigure, its configuration information of equipment of also avoiding the user to abandon simultaneously for good and all is present in the network.Equipment is reached the standard grade and still can be used former credential to be connected to network before time-delay DT is overtime, but the key in the credential upgraded immediately automatically, if the overtime equipment afterwards of time-delay DT is not still reached the standard grade, then system deletes its configuration information automatically.
The handling process that the cipher key lifetimes of subscriber equipment is configured to the first long cryptographic key existence after date has more than been described, and under the situation for shorter cipher key lifetimes (for example 1 hour), the physical presence of peer-to-peer network may surpass second cipher key lifetimes that is provided with, this moment, key needed to upgrade, if upgrade credential, can make troubles to the user by the mode that reconfigures.In addition, in it leaves the period, may just cross over the original cipher key expiration time point of life cycle, after that time point, cipher key lifetimes is extended because of network exists for subscriber equipment away from keyboard in the peer-to-peer network.Subscriber equipment away from keyboard because think that network has not existed in cipher key lifetimes to the after date credential of deletion and miscellaneous equipment automatically.Equipment in the network interrupts because detect with being connected of equipment away from keyboard, can not upgrade cipher key lifetimes with the credential of equipment away from keyboard, and deleting the dependent credit shape automatically to after date with the cipher key lifetimes of equipment away from keyboard, at this moment, subscriber equipment can not return network, if want to get back to network, must reconfigure, this is friendly inadequately to the user.Followingly describe cipher key lifetimes with subscriber equipment with reference to Fig. 3 and be configured to the second short cryptographic key existence after date and specifically how handle and overcome the above problems:
With reference to Fig. 3, be method three flow charts of configure network devices in the embodiment of the invention, specify the handling process of short-term connection device member cipher key lifetimes:
S301, receive and press " short-term connection device " button message;
S302, hold consultation with subscriber equipment, issue credential;
The cipher key lifetimes of S303, configure user equipment is the second cipher key lifetimes ST;
For example, the second default cipher key lifetimes ST can be set to 3 hours.
S304, obtain the second cipher key lifetimes ST time status;
S305, judge whether the timing of the second cipher key lifetimes ST finishes, if, execution in step S306 then; If not, then re-execute step S304;
S306, judge whether subscriber equipment is online, if, execution in step S307 then; If not, execution in step S310 then;
S307, the cipher key lifetimes that automatically prolongs time are ST;
S308, judge cipher key lifetimes time expand length overall whether greater than the cipher key lifetimes upper limit time (Root Key) that is provided with, if, execution in step S309 then; If not, then re-execute S303;
In concrete the application, cipher key lifetimes upper limit time Root Key can be set to equate that with first cipher key lifetimes user also can be provided with as required voluntarily that as 2 months, the embodiment of the invention was not made concrete regulation.
S309, new key more, and execution in step 302 automatically;
S310, judge whether subscriber equipment has asked to leave temporarily, if, execution in step S311 then; If not, execution in step S312 then;
S311, delay time DT are set to the User Defined value;
The User Defined value is ST in the present embodiment, therefore delay time DT is made as ST, and particular user can carry out the adaptability setting time away from keyboard on the estimation.
S312, delay time DT are set to system default value ST;
S313, obtain the time-delay DT time status;
S314, judge whether the time-delay timing finishes, if, execution in step S315 then; If not, execution in step S316 then;
Credential and process ends that S315, deletion subscriber equipment connect;
S316, judge whether subscriber equipment is got back in the network, if, execution in step S317 then; If not, then re-execute step S313;
S317, use original cipher key reconnect network and execution in step S304.
As seen, because cipher key lifetimes is shorter, so fail safe is higher relatively, and when the second cipher key lifetimes timing finished, if the user is still online, the cipher key lifetimes of the described subscriber equipment that automatically prolongs was simple.And, in order further to improve security performance, the embodiment of the invention provides a cipher key lifetimes upper limit time, be that key can not infinitely prolong, when the cipher key lifetimes time expand length overall of using surpasses the cipher key lifetimes upper limit of this setting during the time, cipher key lifetimes can not prolong again, and new key more.
In concrete the application, in order to guarantee that subscriber equipment holds effective credential, can be in credential be about to lose efficacy the long credential of time delay life cycle of original key, also can in time upgrade the key in the credential automatically, if the latter, then cipher key lifetimes reclocking.
In addition, because equipment away from keyboard can be checked cipher key lifetimes remaining time when leaving, initiatively send message in case of necessity to network, informing network is away from keyboard and estimates how long leave, in this time period, if network exists not deletion and this device-dependent credential, therefore as long as in the default time period, get back in the network, just can avoid being configured again, improve user experience.And if the user is not provided with defer time when away from keyboard, then can be set to system default value.Be understandable that,, also can no longer delay time, directly delete the credential that subscriber equipment connects if defer time is not set when the user is away from keyboard.
With reference to Fig. 4, it is the network negotiate flow chart behind the user equipment requests network away from keyboard in the embodiment of the invention, for equipment away from keyboard, be called for short temporarily from equipment, when in the network temporarily when equipment is wanted this network away from keyboard, to current network broadcasting or to one of Register clean culture temporarily from message, carry this in this message and estimate temporary time D T from equipment temporarily from network.Concrete steps are as follows:
S401, receive the user and determine that this equipment is temporarily from the message of network;
S402, prompting user import the time away from keyboard;
Time D T away from keyboard can be imported when asking deviated from network by the user, also can remove a default value.If have the interface editing ability from equipment self temporarily, " temporarily from network " such button can be set on the equipment, it will allow the user to import the time that expectation is left after will pressing " temporarily from network " button the user, otherwise DT gets a default value, for example always 30 minutes.
S403, receive the time D T away from keyboard of user input;
S404, temporarily from equipment to resident device broadcasts equipment temporarily from message, carry general unique identification identifier (UUID, Universal Unique Identifier) in the message and estimate time D T away from keyboard;
S405, resident equipment temporarily from message, carry UUID and time D T away from keyboard to the Register forwarding unit in the message;
In the IBSS network, if send temporarily from message with broadcast mode from equipment temporarily, receiving temporary equipment from message can be with this forwards to Register.
S406, the Register resident equipment sending message in network, notice has equipment network away from keyboard, carries UUID and time D T away from keyboard in the message;
Register no matter directly receive temporary from message still from miscellaneous equipment receive there forwarding temporarily from message, all need this message is informed all devices in the network.
Temporarily when equipment returns network, can press WPS configuration button simply, perhaps reuse " temporarily from network " button, use processes such as original key authenticates to add network again from equipment this moment temporarily, and adopt and notify Register with temporary from the identical mode of message, step S407~S411 is temporary operating process after equipment returns network again:
S407, receive the user and determine that the equipment of the described UUID of being designated returns network;
The authentication and the association process of network got back in S408, execution;
S409, get back to message in the network once more from equipment temporarily temporarily, carry temporary UUID in the message from equipment from the resident equipment light of equipment all in network bag;
S410, resident equipment transmit to Register and get back to message in the network from equipment temporarily, carry temporary UUID from equipment in the message;
S411, the Register resident equipment sending message in network, notice comes back in the network from equipment temporarily, carries temporary UUID from equipment in the message.
Be understandable that, among the above embodiment by subscriber equipment being divided into two types, and be user device configuration one is long and the other is short two cipher key lifetimes according to different types, be understandable that, in concrete the application, also can be as required, subscriber equipment is divided into type more than three kinds or three kinds, and different cipher key lifetimes is set at dissimilar, illustrate no longer one by one here.
Except the mode that adopts button arrangement, also can adopt other mode that concrete device type is offered the user for user's selection, and be chosen as the different cipher key lifetimes of user device configuration according to the user.
More than the method that the network equipment is set in the embodiment of the invention is described in detail, for those skilled in the art being understood better and realize the embodiment of the invention, below with reference to accompanying drawing, the network equipment in the embodiment of the invention is carried out correspondence describes:
With reference to Fig. 5, be the network equipment one structural representation in the embodiment of the invention, this network equipment comprises: first judging unit 501, first dispensing unit 502, second dispensing unit 503, wherein:
First judging unit 501 is used to judge that user device type is long-term connection device or short-term connection device, if user device type is long-term connection device, then triggers first dispensing unit 502; If user device type is the short-term connection device, then trigger second dispensing unit 503;
First dispensing unit 502 is used for the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
For the subscriber equipment in the infrastructure may be long-term member in this network, it also may be the short-term connection device of this network of temporary visit, therefore the network equipment in the present embodiment comes to be user device configuration one is long and the other is short two cipher key lifetimes according to these characteristics of subscriber equipment, for user device type is the subscriber equipment of long-term connection device, the long cipher key lifetimes of setting can be avoided the network dismounting and make the credential of any two equipment rooms in the network invalid in the long time, and make the user have to reconfigure, be user-friendly to, can improve user experience; For user device type is the subscriber equipment of short-term connection device, because cipher key lifetimes is shorter, when network is removed, subscriber equipment is even without the announcement information of receiving that network is removed, equally can make credential invalid because of key is expired at short notice, can not cause producing from being dynamically connected once more between the equipment network security problem.Therefore present embodiment can improve user experience and guarantee network security.
With reference to Fig. 6, be the network equipment two structural representations in the embodiment of the invention, on the network equipment one basis, also can expand first timing unit 601, second judging unit 602 and first key updating units 603, wherein:
First key updating units 603 is used to upgrade the key of described subscriber equipment.
Delay time DT specifically can be by system's setting, for example be fixed as the first cipher key lifetimes LT or be 1/2nd of LT, the perhaps twice of LT, also can be by the User Defined setting, the embodiment of the invention is not made concrete regulation, but the inventor thinks should the such value of variation: the Device keys that can avoid belonging to long-term connection is deleted once the overtime configuration information that causes its life cycle, have to when networking once more reconfigure, its configuration information of equipment of also avoiding the user to abandon simultaneously for good and all is present in the network.Equipment is reached the standard grade and still can be used original cipher key to be connected to network before time-delay DT is overtime, but key upgraded immediately automatically, if the overtime equipment afterwards of time-delay DT is not still reached the standard grade, then system deletes its configuration information automatically.
As seen, for the network equipment described in the present embodiment, equipment is online when the first cipher key lifetimes timing of being disposed finishes, perhaps subscriber equipment comes back in the network before the time-delay timing that is provided with finishes, the mode of the key by the described subscriber equipment of automatic renewal helps maintaining network safety, and just need not reconfigure and can add network, therefore relatively friendly to the user.
Can on the network equipment one and the network equipment two bases, do further to optimize, with reference to Fig. 7, be the network equipment three structural representations in the embodiment of the invention, be the expansion of on the network equipment one basis, carrying out, be with the difference of the network equipment one, also comprise second timing unit 701, the 3rd judging unit 702 and cipher key lifetimes extension unit 703, wherein:
The 3rd judging unit 702 is used to judge whether subscriber equipment is online, and when subscriber equipment is online, triggers cipher key lifetimes extension unit 703;
Cipher key lifetimes extension unit 703, the cipher key lifetimes that is used to prolong subscriber equipment.
When the second cipher key lifetimes timing end and subscriber equipment when still online by prolonging cipher key lifetimes, can avoid reconfiguring the credential of subscriber equipment, improve user experience.
With reference to Fig. 8, be the network equipment four structural representations in the embodiment of the invention, on the network equipment four bases, also can expand time expand judging unit 801 and second key updating units 802, wherein:
Time expand judging unit 801, be used to judge whether cipher key lifetimes time expand of described subscriber equipment surpasses the cipher key lifetimes time expand that is provided with, and when surpassing, trigger second key updating units 802;
Second key updating units 802 is used to upgrade the key of described subscriber equipment.
Present embodiment can be avoided unlimited prolongation of cipher key lifetimes of subscriber equipment and bring network security problem, and cipher key lifetimes can not infinitely prolong.Can realize that also when surpassed described total cipher key lifetimes key service time of subscriber equipment, then cipher key lifetimes no longer prolonged, but upgrades the key of described subscriber equipment by a total cipher key lifetimes is set.
Can also be on the network equipment three or four bases, further expand, with reference to Fig. 9, be the network equipment five structural representations in the embodiment of the invention, be the schematic diagram of on the network equipment four bases, expanding, be with the difference of the network equipment four, also comprise the 4th judging unit 901 and network connection unit 902
Described the 3rd judging unit 702 also is used for triggering the 4th judging unit 901 when subscriber equipment is not online;
Described the 4th judging unit 901 is used for judging at the time-delay timing subscriber equipment that is provided with whether get back to network, and in getting back to network the time, trigger network linkage unit 902;
Described network connection unit 902 is used to use original cipher key to reconnect network.
For the described network equipment of present embodiment, when subscriber equipment during temporarily from network, if subscriber equipment turns back in the network in the delay time that is provided with, can use original cipher key to reconnect network, thereby can avoid reconfiguring the credential of subscriber equipment, therefore can further improve user experience.
In concrete the application, the above-mentioned network equipment specifically can be a Register, also can be AP.
More than the network equipment that the embodiment of the invention provided and the method for configure network devices are described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (14)
1. the method for a configure network devices is characterized in that, comprising:
Judge user device type;
When described user device type is first device type, the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
When described user device type is second device type, the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, described second cipher key lifetimes is less than described first cipher key lifetimes.
2. the method for configure network devices as claimed in claim 1 is characterized in that, described first device type specifically is long-term connection device, and described second device type specifically is the short-term connection device.
3. the method for configure network devices as claimed in claim 2 is characterized in that, when the cipher key lifetimes of described subscriber equipment is set to first cipher key lifetimes, further comprises:
Subscriber equipment is online when the described first cipher key lifetimes timing finishes, and when perhaps subscriber equipment is got back in the network before the time-delay timing that is provided with finishes, upgrades the key of described subscriber equipment.
4. the method for configure network devices as claimed in claim 3 is characterized in that, the time-delay of described setting is system's setting or User Defined setting when subscriber equipment leaves.
5. the method for configure network devices as claimed in claim 2 is characterized in that, when the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, further comprises:
When the described second cipher key lifetimes timing finishes,, then prolong the cipher key lifetimes of described subscriber equipment if subscriber equipment is online.
6. the method for configure network devices as claimed in claim 5 is characterized in that, further comprises: when the time expand of the cipher key lifetimes of described subscriber equipment length overall surpass the cipher key lifetimes upper limit that is provided with during the time, upgrade the key of described subscriber equipment.
7. as the method for claim 2,5 or 6 described configure network devices, it is characterized in that, further comprise:
Subscriber equipment is not online when the described second cipher key lifetimes timing finishes, and when subscriber equipment is got back in the network when the time-delay timing that is provided with does not finish, uses original cipher key to reconnect network.
8. the method for configure network devices as claimed in claim 7 is characterized in that, the time-delay of described setting is system's setting or User Defined setting when the subscriber equipment deviated from network.
9. a network equipment is characterized in that, comprising: first judging unit, first dispensing unit, second dispensing unit, wherein:
First judging unit is used to judge user device type, if user device type is first device type, then triggers first dispensing unit; If user device type is second device type, then trigger second dispensing unit;
First dispensing unit is used for the cipher key lifetimes of described subscriber equipment is configured to first cipher key lifetimes;
Second dispensing unit is used for the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, and described second cipher key lifetimes is less than first cipher key lifetimes.
10. the network equipment as claimed in claim 9 is characterized in that, described first device type is specially long-term connection device, and described second device type is specially the short-term connection device.
11. the network equipment as claimed in claim 10 is characterized in that, also comprises: first timing unit, second judging unit, first key updating units, wherein:
First timing unit is used for carrying out timing when the cipher key lifetimes of described subscriber equipment is set to first cipher key lifetimes, and when timing finishes, triggers second judging unit;
Second judging unit, be used for judging subscriber equipment whether online or before the time-delay timing that is provided with finishes subscriber equipment whether get back to network; If subscriber equipment is online or the preceding subscriber equipment of time-delay timing end is got back in the network, then trigger first key updating units;
First key updating units is used to upgrade the key of described subscriber equipment.
12. the network equipment as claimed in claim 10 is characterized in that, also comprises: second timing unit, the 3rd judging unit, cipher key lifetimes extension unit, wherein:
Second timing unit is used for carrying out timing when the cipher key lifetimes of described subscriber equipment is configured to second cipher key lifetimes, when timing finishes, triggers the 3rd judging unit;
The 3rd judging unit is used to judge whether subscriber equipment is online, and when subscriber equipment is online, triggers the cipher key lifetimes extension unit;
The cipher key lifetimes extension unit, the cipher key lifetimes that is used to prolong subscriber equipment.
13. the network equipment as claimed in claim 12 is characterized in that, also comprises: time expand judging unit, second key updating units, wherein:
Time expand judging unit, be used to judge whether cipher key lifetimes time expand of described subscriber equipment surpasses the cipher key lifetimes time expand that is provided with, and when surpassing, trigger second key updating units;
Second key updating units is used to upgrade the key of described subscriber equipment.
14. as the claim 12 or the 13 described network equipments, it is characterized in that, also comprise: the 4th judging unit, network connection unit,
Described the 3rd judging unit also is used for triggering the 4th judging unit when subscriber equipment is not online;
Described the 4th judging unit is used for judging at the time-delay timing subscriber equipment that is provided with whether get back to network, and in getting back to network the time, the trigger network linkage unit;
Described network connection unit is used to use original cipher key to reconnect network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810175932 CN101753293B (en) | 2008-10-30 | 2008-10-30 | Network equipment and network equipment configuration method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810175932 CN101753293B (en) | 2008-10-30 | 2008-10-30 | Network equipment and network equipment configuration method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101753293A true CN101753293A (en) | 2010-06-23 |
| CN101753293B CN101753293B (en) | 2013-06-05 |
Family
ID=42479737
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810175932 Active CN101753293B (en) | 2008-10-30 | 2008-10-30 | Network equipment and network equipment configuration method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101753293B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103124422A (en) * | 2012-12-04 | 2013-05-29 | 华为终端有限公司 | Device associating method, device and system |
| CN105744518A (en) * | 2015-04-24 | 2016-07-06 | 维沃移动通信有限公司 | Wireless connection authentication method and device |
-
2008
- 2008-10-30 CN CN 200810175932 patent/CN101753293B/en active Active
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103124422A (en) * | 2012-12-04 | 2013-05-29 | 华为终端有限公司 | Device associating method, device and system |
| CN103124422B (en) * | 2012-12-04 | 2016-05-25 | 华为终端有限公司 | The method of associate device, Apparatus and system |
| CN105744518A (en) * | 2015-04-24 | 2016-07-06 | 维沃移动通信有限公司 | Wireless connection authentication method and device |
| CN105744518B (en) * | 2015-04-24 | 2019-01-29 | 维沃移动通信有限公司 | A kind of wireless connection authentication method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101753293B (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103379477B (en) | The method of network configuration, device, wireless device and terminal are carried out to wireless device | |
| KR100658650B1 (en) | A process method about the service connection between the wireless local area network and user terminal | |
| JP7399318B2 (en) | Condition indicating methods, equipment and systems | |
| CN112399423B (en) | Method and equipment for communication through virtual customer identification module | |
| JP5844794B2 (en) | Group security in machine type communication | |
| EP2156609B1 (en) | System and method for controlling wireless network access information in using removable external modem | |
| CN103124422A (en) | Device associating method, device and system | |
| JP7383834B2 (en) | Device interaction methods and core network devices | |
| CN106686591B (en) | Method and device for accessing wireless network | |
| WO2013007220A1 (en) | Method, m2m terminal, ap, and system for implementing machine-to-machine service | |
| WO2017172381A1 (en) | Reusing a mobile network operator profile in an embedded smart card | |
| CN104640058A (en) | Communication apparatus and control method for communication apparatus | |
| CN101572885A (en) | Method and apparatus for setting wireless local area network by using button | |
| CN105451231A (en) | Proxy device Internet of Things configuration method with high safety and low power consumption, and system implementing method | |
| CN109792604A (en) | A kind of eUICC configuration file management method and relevant apparatus | |
| KR20150041022A (en) | Smart card personalization with local generation of keys | |
| EP2890205A1 (en) | Method, device, and system for device-to-device communication | |
| CN101990202A (en) | Method for updating user policy and application server | |
| JP2015211298A (en) | Wireless communication device, wireless lan system, and communication method | |
| CN101753293B (en) | Network equipment and network equipment configuration method | |
| JP2007336366A (en) | Telephone number sharing system, telephone number server and portable terminal | |
| WO2010133139A1 (en) | Short message network management realizing method, system and device | |
| CN103228062B (en) | The control method of communicator and communicator | |
| CN103108305A (en) | Terminal triggering message effective time control method and control system | |
| WO2005006791A1 (en) | Method and system for de-registering a broadcast/multicast service in a high-rate packet data system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee after: Huawei terminal (Shenzhen) Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: HUAWEI DEVICE Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181224 Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: HUAWEI DEVICE Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: Huawei terminal (Shenzhen) Co.,Ltd. |