CN102014378A - Method and system for detecting rogue access point device and access point device - Google Patents
Method and system for detecting rogue access point device and access point device Download PDFInfo
- Publication number
- CN102014378A CN102014378A CN201010564229XA CN201010564229A CN102014378A CN 102014378 A CN102014378 A CN 102014378A CN 201010564229X A CN201010564229X A CN 201010564229XA CN 201010564229 A CN201010564229 A CN 201010564229A CN 102014378 A CN102014378 A CN 102014378A
- Authority
- CN
- China
- Prior art keywords
- equipment
- neighbor
- authorization message
- access point
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method and system for detecting a rogue access point device and the access point (AP) device. The method provided by the invention comprises the following steps: the authorization messages of the successfully authorized AP devices, which are issued by an access controller periodically are received; the authorization message of the AP device is sent to a neighbor AP device according to a set sending period; if the authorization message sent by the neighbor AP device is received in a set receiving period and matched with the authorization message of the neighbor AP device in the authorization messages of the successfully authorized AP devices, the neighbor AP device is judged to be a legal AP devices; and if the authorization message sent by the neighbor AP device is not received in the receiving period, or the received authorization message is not matched with the authorization message of the neighbor AP device in the authorization messages of the successfully authorized AP devices, the neighbor AP device is judged to be a rogue AP device. By adopting the method provided by the invention, the detection rule can not be configured manually, the investment in human resources can be reduced and the accuracy and timeliness of the detection can be increased.
Description
Technical field
The present invention relates to field of computer technology, refer to detect in a kind of wireless network method, system and the access point apparatus of rogue access point equipment especially.
Background technology
Along with the extensive use of WLAN (wireless local area network), the Wireless Communication Equipment that can transmit and receive wireless network signal is more and more.Wireless client in the wireless network of use 802.1x agreement, (Access Point, AP) equipment connects can to select near the best WAP (wireless access point) of signal automatically.Therefore when the undelegated AP equipment of appearance near the network, wireless client also might connect nearby, thereby is easy to cause the leakage of sensitive data.In order to ensure the safety of wireless communication, avoid stealing the potential threat of the assailant of attempt confidential information to the wireless network user, access point AP equipment in the wireless network is carried out authorization configuration and effectively management, the rogue access point equipment that detects promptly and accurately is that external assailant opens convenience and is very important to avoid do not have authorizing AP equipment.
The rogue access point DeviceMode generally all is that the access point apparatus with measuring ability is set in WLAN (wireless local area network) in the existing detection WLAN (wireless local area network), the network manager is by access controller (Access Controller, AC) be provided with one or more and detect rule, the detection rule downloading that AC will be provided with is given the access point apparatus with measuring ability, according to detecting rule, other access point apparatus that insert WLAN (wireless local area network) are filtered detection by it.Thereby detect rogue access point equipment such as whether having unauthorized AP, AP assailant, rogue AP, client side attack person in the wireless network.
When detecting illegality equipment and exist, take certain blocking-up measure to block rogue access point equipment access of radio network, prevent that authorized client from connecting it.
For example: the process of judgement rogue AP equipment as shown in Figure 1.At first configuring static is attacked medium access control (the Media Access Control of address list, permission, MAC) address list, legal BSSID (Basic Service Set Identifier, BSSID) tabulation etc., be handed down to AP with measuring ability, with the IP address of access point apparatus, MAC Address, BBSID etc. successively with tabulation in respective items compare, if the IP address is the address in the static attack address list, then think rogue access point equipment; If not comparing MAC Address again, if the MAC Address that allows is then thought legal access point apparatus; Then continue comparison BSSID if not the MAC Address that allows, then think rogue access point equipment if not legal BSSID; Otherwise think legal access point apparatus.
The list of rules that detects other can also be set certainly, and for example: whether the production firm of coupling access point apparatus is manufacturer corresponding during legal manufacturer tabulates or the like.
Generally speaking, detect the mode of rogue access point equipment in the prior art, all be by list of rules is set, registration entries corresponding in the registration entries information of access point apparatus and the list of rules is carried out matching ratio, to determine whether the being access point apparatus that allows or refuse in the list of rules, this mode needs the manually tabulation of configuration and update rule, troublesome poeration and human resources input that need be more on AC equipment.Owing to must rely on pre-configured detection rule, detect the legitimacy of other AP equipment in the wireless network and can not realize detecting regular automatic renewal and configuration by the AP equipment that is provided with measuring ability, therefore can not detect rogue AP equipment in time, accurately detecting untimely then can causing of Policy Updates, cause the accuracy that detects lower.
Summary of the invention
The embodiment of the invention provides a kind of method, system and access point apparatus that detects rogue access point equipment, in order to solving the more human resources input of detection rule, needs that exists the rogue access point Equipment Inspection must rely on configuration in the prior art, and the regular problem that the detection promptness is poor, accuracy rate is low that is caused of config update detection automatically.
A kind of method that detects rogue access point equipment comprises:
The authorization message of the access point AP equipment of the successful mandate that the reception access controller periodically issues;
According to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self, request neighbor AP devices exchange authorization message;
If in setting receiving cycle, receive the authorization message that neighbor AP equipment sends, and the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment that authorization message that described neighbor AP equipment sends and described success are authorized is complementary, and confirms that this neighbor AP equipment is legal access point apparatus;
If in receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate do not match, and confirms that this neighbor AP equipment is illegal access point apparatus.
A kind of device that detects rogue access point equipment comprises: receiver module, sending module and affirmation module;
Described receiver module is used to receive the authorization message of the access point AP equipment of the successful mandate that access controller periodically issues, and receives the authorization message that neighbor AP equipment sends;
Sending module is used for according to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self request neighbor AP devices exchange authorization message;
Confirm module, be used for if in setting receiving cycle, receive the authorization message that neighbor AP equipment sends, and the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment that authorization message that described neighbor AP equipment sends and described success are authorized is complementary, and confirms that this neighbor AP equipment is legal access point apparatus; If in receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate do not match, and confirms that this neighbor AP equipment is illegal access point apparatus.
A kind of access point apparatus comprises: the device of above-mentioned detection rogue access point equipment.
A kind of system that detects rogue access point equipment comprises: access controller and above-mentioned access point AP equipment;
Beneficial effect of the present invention is as follows:
Method, system and the access point apparatus of the detection rogue access point equipment that the embodiment of the invention provides, issue the authorization message of all AP equipment of successfully authorizing to the AP equipment of success mandate by access controller, carry out the authorization message exchange between the authorization message of AP equipment use self and the neighbor AP equipment, and the authorization message of this path A P equipment of whether issuing with access controller of the authorization message of the neighbor AP equipment that receives of checking is complementary, and thinks that when being complementary neighbor AP equipment is legal AP equipment; Otherwise think that neighbor AP equipment is illegal AP equipment.This method is by the detection of the exchange of the authorization message between AP equipment realization to rogue AP equipment, this method does not need to be provided with the detection rule, only need to utilize the legal existence of the authorization message exchange declaration the other side between the AP that successfully authorizes, can realize dynamically finding and detecting rogue AP equipment, owing to do not need manual configuration to detect rule, reduced the human resources input, and owing to adopted the detection authentication mode of dynamic interaction authorization message, avoided detecting the untimely detection promptness that causes of Policy Updates and the problem of poor accuracy, improved the promptness and the accuracy that detect.
Description of drawings
Fig. 1 is the flow chart of rogue access point equipment detection method in the prior art;
Fig. 2 is the structural representation that detects the rogue access point system in the embodiment of the invention;
Fig. 3 is the method flow diagram that detects rogue access point equipment in the embodiment of the invention one;
Fig. 4 is the method flow diagram that detects rogue access point equipment in the embodiment of the invention two;
Fig. 5 is the method flow diagram that detects rogue access point equipment in the embodiment of the invention three;
Fig. 6 is the method flow diagram that detects rogue access point equipment in the embodiment of the invention four;
Fig. 7 is the method flow diagram that detects rogue access point equipment in the embodiment of the invention five;
Fig. 8 is the apparatus structure schematic diagram that detects rogue access point equipment in the embodiment of the invention.
Embodiment
Must rely on the detection rule of configuration at the rogue access point Equipment Inspection that exists in the prior art, cause human resources to have high input, automatically config update detection rule causes detecting problems such as promptness is poor, accuracy rate is low, the embodiment of the invention provides a kind of method that detects rogue access point equipment, by the detection of the exchange of the authorization message between access point apparatus realization to rogue access point equipment, do not need manual configuration and upgrade the detection rule, can dynamically realize in time, detect accurately the illegal access point apparatus that inserts.
The embodiment of the invention provides a kind of system that detects rogue access point equipment, and this system is a wireless access system, and its structure comprises as shown in Figure 2: access controller AC and some access point AP equipment.
Wherein, access controller issues the authorization message of the access point AP equipment of successfully authorizing to the AP equipment periodic.AP equipment receives the authorization message of the access point AP equipment of the successful mandate that access controller periodically issues, and exchanges authorization message with neighbor AP and declares each other legitimacy.
Preferably, this system can also comprise an AP checkout equipment.Above-mentioned access controller can also the configuration detection list of rules, and issues to this AP checkout equipment, and this AP checkout equipment receives the detection list of rules that access controller issues, and detects according to detecting the legitimacy of list of rules to AP equipment in the system.
Embodiment one:
The method of the detection rogue access point equipment that the embodiment of the invention one provides, its flow process as shown in Figure 3, execution in step is as follows:
Step S11: access controller issues the authorization message of the access point AP equipment of successfully authorizing to the AP equipment periodic.
In wireless network, when an AP equipment successfully is registered on the access controller, expression AP equipment is successfully authorized, AC at first can be handed down to the authorization message of this AP equipment self AP equipment, after this, access controller just can issue the authorization message of the AP equipment of success mandate to AP equipment.What access controller issued to AP equipment is the authorization message of all AP equipment that success is registered on access controller in the wireless network.Preferably, the authorization message of the AP equipment of the successful mandate of transmission can be an authorization message tabulation, comprises the title or the sign of all AP equipment of successfully authorizing in this tabulation, and the mandate character string of all each AP equipment of successfully authorizing.The form of collection information tabulation can be as shown in table 1 below:
Table 1
| Title or sign | Authorize character string |
| AP-A | ^89J;asjfhuiwehn |
| AP-B | 439yvjksdfo9374 |
| AP-C | a7jkdfnipqwo8t49 |
| ...... | ...... |
Step S12:AP equipment sends the authorization message of self to neighbor AP equipment according to the transmission cycle of setting.
AP equipment is asked neighbor AP devices exchange authorization message according to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self.
Step S13: monitoring receives the authorization message that neighbor AP equipment sends.
The authorization message of self that neighbor AP equipment can initiatively send, request exchange authorization message; Also can after the authorization message that receives the transmission of AP equipment, respond and send authorization message.
Step S14: whether in the receiving cycle of setting, receive the authorization message that neighbor AP equipment sends.
If in setting receiving cycle, receive the authorization message execution in step S15 that neighbor AP equipment sends; Otherwise execution in step S17.
Step S15: whether the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment of the successful mandate that authorization message that the neighbor AP equipment that receives sends and access controller issue is complementary.
If, execution in step S16; Otherwise execution in step S17.
Because AP equipment has received the authorization message of the AP equipment of the successful mandate that access controller issues, the authorization message of this neighbor AP equipment that authorization message that therefore, can be directly the neighbor AP equipment that receives be sent and controller issue is carried out matching ratio.Generally be whether the mandate character string that comprises in mandate character string in the authorization message that sends of comparison neighbours Ap equipment and the access controller distributing authentication information is complementary.
When not comprising the authorization message of this neighbor AP equipment in the authorization message that controller issues or the authorization message that sends of the authorization message of this neighbor AP equipment that comprises and the neighbor AP equipment that receives when inequality, think that the authorization message of this neighbor AP equipment of comprising in the authorization message of AP equipment of the successful mandate that authorization message that the neighbor AP equipment that receives sends and access controller issue does not match.When the authorization message that the authorization message of this neighbor AP equipment that comprises in the authorization message that controller issues and the neighbor AP equipment that receives send is identical, think that the authorization message of this neighbor AP equipment of comprising in the authorization message of AP equipment of the successful mandate that authorization message that the neighbor AP equipment that receives sends and access controller issue is mated.
Step S16: confirm that this neighbor AP equipment is legal access point apparatus.
If self authorization message that AP equipment receives in setting receiving cycle that neighbor AP equipment sends, and the authorization message that authorization message that neighbor AP equipment sends and access controller issue this neighbor AP equipment that comprises in the authorization message of the AP equipment of successfully authorizing is complementary, and confirms that this neighbor AP equipment is legal access point apparatus.
Step S17: confirm that this neighbor AP equipment is illegal access point apparatus.
If AP does not receive the authorization message that neighbor AP equipment sends in receiving cycle, or the authorization message of this AP equipment that comprises in the authorization message of the AP equipment of the successful mandate that issues of the authorization message that sends of the neighbor AP equipment that receives and access controller is not complementary, and confirms that this neighbor AP equipment is illegal access point apparatus.
Wherein illegal access point apparatus may comprise the AP equipment of illegal access of radio network such as unwarranted access point apparatus, Ad-hoc network attack person, denial of service type assailant.
Preferably, AP equipment can be provided with a frequency threshold value, when the authorization message request authorization message exchange that sends self, the number of times that does not receive the authorization message of neighbor AP equipment response surpasses the frequency threshold value that is provided with, or the number of times that is not complementary of the authorization message of this AP equipment that comprises in the authorization message of the AP equipment of the successful mandate that issues of the authorization message that sends of the neighbor AP equipment that receives and access controller judges that again neighbor AP is a rogue AP equipment during above the frequency threshold value of setting.
Embodiment two:
The method of the detection rogue access point equipment that the embodiment of the invention two provides, with different among the embodiment one what be that access controller issues is authorization message after encrypting, the decipherment algorithm that AP equipment need use access controller to issue is decrypted processing to the authorization message after encrypting, to obtain the unencrypted mandate character string that comprises in the authorization message.This method flow as shown in Figure 4, execution in step is as follows:
Step S21: access controller issues successfully authorization message and the decipherment algorithm after the encryption of the access point AP equipment of authorizing to the AP equipment periodic.
The authorization message of the access point AP equipment of the successful mandate that access controller issues this moment is after access controller adopts the cryptographic algorithm of setting to encrypt to the mandate character string in the authorization message among the step S11, the authorization message after the encryption that obtains.
Step S22:AP equipment is according to the authorization message of the transmission cycle of setting after the encryption of neighbor AP equipment transmission self.
Because access controller issues is authorization message after encrypting, so AP equipment can be directly sends authorization message after self the encryption according to the transmission cycle of setting to neighbor AP equipment, ask neighbor AP devices exchange authorization message.
Step S23: the authorization message after the encryption of self that monitoring receives that neighbor AP equipment sends.
Because neighbor AP equipment receives also is authorization message after the encryption that issues of access controller, so neighbor AP equipment can directly send the authorization message after the encryption.
Step S24: whether in the receiving cycle of setting, receive the authorization message after the encryption that neighbor AP equipment sends.
As if the authorization message execution in step S25 after the encryption that in setting receiving cycle, receives the transmission of neighbor AP equipment; Otherwise execution in step S28.
Step S25: the authorization message after the encryption of this neighbor AP equipment that the authorization message after the encryption that the neighbor AP equipment that receives is sent is decrypted and access controller is issued is decrypted.
Adopt the authorization message after the encryption that decipherment algorithm that access controller issues sends the neighbor AP equipment that receives to be decrypted, obtain the mandate character string that wherein comprises.
Adopt authorization message after the encryption of this AP equipment that decipherment algorithm that access controller issues issues the access controller that receives to be decrypted simultaneously and obtain the mandate character string that wherein comprises.
Step S26: judge whether the authorization message of the neighbor AP equipment that obtains after the deciphering and the authorization message of this neighbor AP equipment that access controller issues are complementary.
If, execution in step S27; Otherwise execution in step S28.
Step S27: confirm that this neighbor AP equipment is legal access point apparatus.
If AP equipment receives the authorization message after the encryption that neighbor AP equipment sends in setting receiving cycle, and the authorization message that the access controller after the authorization message of the neighbor AP equipment that obtains after the deciphering and the deciphering issues this neighbor AP equipment is complementary, and confirms that this neighbor AP equipment is legal access point apparatus.
Step S28: confirm that this neighbor AP equipment is illegal access point apparatus.
If AP does not receive the authorization message after the encryption that neighbor AP equipment sends in receiving cycle, or after the encryption that sends of the neighbor AP equipment that receives and deciphering after access controller after authorization message and the deciphering of the neighbor AP equipment that the obtains authorization message that issues this neighbor AP equipment be not complementary, confirm that this neighbor AP equipment is illegal access point apparatus.
Issue authorization message after the encryption by controller, what carry out between AP equipment that authorization message when exchange send also is authorization message after encrypting, carry out matching ratio again after after AP equipment receives authorization message, it being decrypted, improved the fail safe and the reliability of authorization message exchange process.
Embodiment three:
The method of the detection rogue access point equipment that the embodiment of the invention three provides, with different among the embodiment one what be that access controller issues is authorization message, cryptographic algorithm and the corresponding decipherment algorithm of the AP equipment of successfully authorizing, AP equipment sends to neighbor AP equipment after using cryptographic algorithm that authorization message is encrypted, when receiving the authorization message after the encryption that neighbor AP equipment sends, get access to the unencrypted mandate character string that comprises in the authorization message after adopting corresponding decipherment algorithm to be decrypted.This method flow as shown in Figure 5, execution in step is as follows:
Step S31: access controller issues authorization message, cryptographic algorithm and the corresponding decipherment algorithm of the access point AP equipment of successfully authorizing to the AP equipment periodic.
Identical among the authorization message that issues successfully the access point AP equipment of authorizing this moment and the step S11 also issues simultaneously and is used for cryptographic algorithm that authorization message is encrypted and decipherment algorithm accordingly.
Step S32:AP equipment adopts the cryptographic algorithm that receives that the authorization message of self is encrypted.
When general AP equipment is encrypted the authorization message of self, be that the mandate character string that wherein comprises is encrypted.
Step S33:AP equipment is according to the authorization message of the transmission cycle of setting after neighbor AP equipment sends encryption.
AP sends to neighbor AP equipment after the authorization message of self is encrypted, request neighbor AP devices exchange authorization message.
Step S34: the authorization message after the encryption that monitoring reception neighbor AP equipment sends.
Because what neighbor AP equipment received also is authorization message and the cryptographic algorithm that access controller issues, so neighbor AP equipment also can be with the authorization message encryption back transmission of self, to ensure the fail safe of the information that sends.
Step S35: whether in the receiving cycle of setting, receive the authorization message after the encryption that neighbor AP equipment sends.
As if the authorization message execution in step S36 after the encryption that in setting receiving cycle, receives the transmission of neighbor AP equipment; Otherwise execution in step S39.
Step S36: adopt the authorization message after the encryption that decipherment algorithm that access controller issues sends the neighbor AP equipment that receives to be decrypted.
Step S37: judge whether the authorization message of the neighbor AP equipment that obtains after the deciphering and the authorization message of this neighbor AP equipment that access controller issues are complementary.
If, execution in step S38; Otherwise execution in step S39.
This moment is because the time unencrypted authorization message that access controller issues, and therefore the authorization message of the neighbor AP equipment that obtains after the deciphering and the authorization message of this neighbor AP equipment that access controller issues can be mated.
Step S38: confirm that this neighbor AP equipment is legal access point apparatus.
If AP equipment receives the authorization message after the encryption that neighbor AP equipment sends in setting receiving cycle, and the authorization message of the neighbor AP equipment that obtains after the deciphering and the authorization message that access controller issues this neighbor AP equipment are complementary, and confirm that this neighbor AP equipment is legal access point apparatus.
Step S39: confirm that this neighbor AP equipment is illegal access point apparatus.
If AP does not receive the authorization message after the encryption that neighbor AP equipment sends in receiving cycle, or after the encryption that sends of the neighbor AP equipment that receives and deciphering after the authorization message of the neighbor AP equipment that obtains and the authorization message that access controller issues this neighbor AP equipment be not complementary, confirm that this neighbor AP equipment is illegal access point apparatus.
Issue cryptographic algorithm by controller, encrypt the authorization message that sends again after encrypting when between AP equipment, carrying out the authorization message exchange earlier, carry out matching ratio again after after AP equipment receives authorization message, it being decrypted, also improved the fail safe and the reliability of authorization message exchange process.
Embodiment four:
The method of the detection rogue access point equipment that the embodiment of the invention four provides, when the foregoing description one, two or three thinks that neighbor AP equipment is illegal access point apparatus, classify this neighbor AP equipment as suspicious rogue access point equipment earlier, then further to other this neighbor AP equipment validity of neighbor AP device authentication.This method flow as shown in Figure 6, execution in step is as follows:
Step S41: send suspicious authorization information to other neighbor AP equipment.
Send suspicious authorization information to other neighbor AP equipment and come demonstration validation is whether the neighbor AP equipment of suspicious rogue access point equipment is illegal access point apparatus really.
The neighbor AP equipment mark information that comprises the needs checking in the suspicious authorization information that sends.
Step S42: receive the suspicious confirmation that other neighbor AP equipment return.
After other AP equipment receive suspicious authorization information,, confirm self whether to think that this neighbor AP equipment is rogue access point equipment or suspicious rogue access point equipment according to the neighbor AP equipment mark information to be verified that wherein comprises.And return suspicious confirmation to the AP equipment that sends suspicious authorization information, comprising neighbor AP equipment to be verified in this suspicious confirmation is suspicious, legal or illegal identification information.
Step S43: whether the suspicious confirmation that other neighbor AP equipment are responded confirms that neighbor AP equipment to be verified is rogue access point equipment or suspicious rogue access point equipment.
AP equipment is that legal or illegal identification information confirms whether AP equipment to be verified is rogue access point equipment really according to comprising neighbor AP equipment to be verified in the suspicious confirmation that receives.
If execution in step S44, otherwise execution in step S45.
Step S44: confirm that this neighbor AP equipment is rogue access point equipment
Step S45: do not handle.
The time cycle AP equipment of waiting for next setting this moment and neighbor AP equipment to be confirmed carry out confirming whether it is illegal access point apparatus after authorization message exchanges again.
Embodiment five:
The method of the detection rogue access point equipment that the embodiment of the invention four provides, on the foregoing description one, two, three or four basis, increase and the AP checkout equipment to be set to realize adopting the rule set that the legitimacy of AP equipment is detected, access controller can detect rule list according to the foregoing description one, two, three or four testing result foundation or upgrade and detect rule list, and is handed down to the foundation of AP checkout equipment and upgrades its detection rule list.Thereby realize that dual detection filters, more promptly and accurately detect illegal access device.This method flow as shown in Figure 7, execution in step is as follows:
Step S51:, report access controller when confirming that neighbor AP equipment is rogue access point equipment.
Optionally, when confirming that neighbor AP equipment is legal access point apparatus, also can report access controller.
Step S52: it is rogue access point equipment that access controller identifies this neighbor AP equipment, and obtains the attribute information of this neighbor AP equipment correspondence.
Access controller can will receive neighbor AP equipment that AP equipment reports when being the information of rogue access point equipment, and promptly confirming and identifying this neighbor AP equipment is rogue access point equipment.Preferably, also can be provided with one and confirm threshold value, when reporting this neighbor AP equipment is the quantity of the number of times of rogue access point equipment or the AP equipment that to report this neighbor AP equipment be rogue access point equipment when surpassing the affirmation threshold value of this setting, and confirming and identifying this neighbor AP equipment is rogue access point equipment.
The attribute information of this neighbor AP equipment that obtains comprises at least a in the following message: IP address, media access control MAC address, manufacturer's information and BSSID BSSID.
Step S53: the detection list of rules of setting up or upgrade this locality.
Access controller receives after neighbor AP equipment that AP equipment reports is the information of rogue access point equipment, if this locality do not detect rule list and then can set up the detection rule list, or upgrades local existing detection rule list.
Detect list of rules and can comprise one of following tabulation or combination: legal access point apparatus or rogue access point list of devices, legal IP address or illegal IP address list, MAC Address or the tabulation of unallowed MAC Address, the BSSID that allows or the unallowed BSSID tabulation etc. of permission.
Wherein, legal access point apparatus, the MAC Address of legal IP address, permission, the BSSID of permission etc. also can be obtained when each AP equipment is successfully registered and be upgraded.
After the detection list of rules that access controller is set up or renewal is local, also comprise:
Step S54: the detection list of rules after will setting up or upgrade sends to the AP checkout equipment of setting.
Access controller upgrades automatically and detects list of rules and be handed down to the AP checkout equipment, has realized automatic foundation or has upgraded the detection list of rules need not manually to upgrade and configuration, thereby reduced manual operation.
Step S55:AP checkout equipment detects according to detecting the legitimacy of list of rules to AP equipment.
The AP checkout equipment is same as the prior art according to the implementation procedure of the legitimacy that detects list of rules filtration detection AP equipment, repeats no more herein.
That is to say that the system of detection rogue access point equipment shown in Figure 1 is except comprising: access controller and several A P equipment are realized the foregoing description one, two, three, four described mutual authorization messages, detect outside the rogue AP equipment.Access controller, also being used to receive the affirmation neighbor AP equipment that AP equipment reports is the information of rogue access point equipment, and identifying these neighbours for rogue access point equipment, and the attribute information that obtains this neighbor AP equipment correspondence is set up or is upgraded local detection list of rules.
The AP checkout equipment that is provided with in this system, foundation that the reception access controller issues or the detection list of rules after the renewal detect according to detecting the legitimacy of list of rules to AP equipment.
The method of the detection rogue access point equipment that provides according to the embodiment of the invention can make up a kind of detection rogue access point equipment, and this device is arranged in the access point apparatus that comprises in the system of detection rogue access point equipment shown in Figure 1.The structure of this device comprises as shown in Figure 8: receiver module 10, sending module 20 and affirmation module 30.
Sending module 20 is used for according to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self request neighbor AP devices exchange authorization message.
Preferably, above-mentioned receiver module 10, also be used for: receive the decipherment algorithm that access controller periodically issues, the authorization message of the AP equipment of the successful mandate after receiving the cryptographic algorithm of pass through to set that access controller periodically issues and encrypting, and receive authorization message after the encryption of neighbor AP equipment transmission.
Above-mentioned sending module 20 also is used for the authorization message after the encryption of self is sent to neighbor AP equipment.
Above-mentioned affirmation module 30, after also being used to receive the authorization message after the encryption that neighbor AP equipment sends, adopt authorization message after the encryption that decipherment algorithm that access controller issues sends the neighbor AP equipment that receives to be decrypted and the authorization message of this neighbor AP equipment that access controller is issued is decrypted.
Preferably, above-mentioned receiver module 10 also is used to receive cryptographic algorithm and corresponding decipherment algorithm that access controller periodically issues, and receives the authorization message after the encryption that neighbor AP equipment sends.
Above-mentioned sending module 20 specifically is used for: after the cryptographic algorithm that adopts access controller to issue is encrypted the authorization message of self, the authorization message after encrypting is sent to neighbor AP equipment.
Above-mentioned affirmation module 30, also be used to receive the authorization message after the encryption that neighbor AP equipment sends after, adopt the authorization message after the encryption that decipherment algorithm that access controller issues sends the neighbor AP equipment that receives to be decrypted.
Preferable, state the device that detects rogue access point equipment, also comprise: authentication module 40.
Above-mentioned affirmation module 30, also be used in receiving cycle, not receiving the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate thinks that neighbor AP equipment is suspicious rogue access point equipment when not matching;
When confirming that module 30 confirms that the neighbor AP equipment are suspicious rogue access point equipment, indication sending module 20 sends to other neighbor AP equipment whether these neighbor AP equipment of checking are the suspicious authorization information of rogue access point equipment; Confirm that this neighbor AP equipment is rogue access point equipment or suspicious rogue access point equipment if receiver module 10 receives the suspicious confirmation of other neighbor AP equipment responses, confirm that then this neighbor AP equipment is rogue access point equipment.
Above-mentioned sending module 20 also is used to send suspicious authorization information to other neighbor AP equipment.
Above-mentioned receiver module 10 also is used to receive the suspicious confirmation that other neighbor AP equipment send.
Preferably, the device of above-mentioned detection rogue access point equipment also comprises: reporting module 50 is used for reporting access controller when confirming that neighbor AP equipment is rogue access point equipment.
The method of the detection rogue access point equipment that the embodiment of the invention provides, issue the authorization message of all AP equipment of successfully authorizing to the AP equipment of success mandate by access controller, carry out the authorization message exchange between the authorization message of AP equipment use self and the neighbor AP equipment, confirm whether neighbor AP equipment is illegal AP equipment.Do not need to be provided with the detection rule, utilize the legal existence of the authorization message exchange declaration the other side between the successful AP that authorizes, can realize dynamically finding and detecting rogue AP equipment, owing to do not need manual configuration to detect rule, reduced the human resources input, and owing to adopted the detection authentication mode of dynamic interaction authorization message, avoided detecting the untimely detection promptness that causes of Policy Updates and the problem of poor accuracy, ensured that wireless network is in health status.
This method can also be passed through the encryption to the authorization message of needs exchange, guarantees the fail safe of the authorization message of transmission.And issue after can having access controller to encrypt, also can be encrypted voluntarily by AP equipment, implementation is flexible.
When confirming that by the authorization message between the AP equipment exchange neighbor AP is suspicious rogue access point equipment, further verify by other AP, when if other neighbor AP confirm that also this neighbor AP is rogue access point equipment or suspicious rogue access point equipment, judge its illegal property, thereby making the accuracy to the rogue AP Equipment Inspection further improve.
In addition, can also be when the exchange authorization message detects rogue AP equipment, a special AP checkout equipment is set in wireless network, legitimacy to AP equipment is further checked, and by reporting the mode of access controller behind the exchange authorization message affirmation rogue access point equipment, detection list of rules in the renewal access controller is so that the detection list of rules in the renewal AP checkout equipment, need not manual configuration and detect rule, and can realize detecting the automatic renewal of rule, reduce the manually-operated accuracy that has improved detection simultaneously, and further ensured the fail safe and the reliability of network by double check.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (15)
1. a method that detects rogue access point equipment is characterized in that, comprising:
The authorization message of the access point AP equipment of the successful mandate that the reception access controller periodically issues;
According to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self, request neighbor AP devices exchange authorization message;
If in setting receiving cycle, receive the authorization message that neighbor AP equipment sends, and the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment that authorization message that described neighbor AP equipment sends and described success are authorized is complementary, and confirms that this neighbor AP equipment is legal access point apparatus;
If in receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate do not match, and confirms that this neighbor AP equipment is illegal access point apparatus.
2. the method for claim 1 is characterized in that, also comprises: receive the decipherment algorithm that access controller periodically issues;
The authorization message of the access point AP equipment of the successful mandate that described reception access controller periodically issues specifically comprises: the authorization message of the AP equipment of the successful mandate after the cryptographic algorithm of passing through to set that the reception access controller periodically issues is encrypted
Described described authorization message to neighbor AP equipment transmission self specifically comprises: the authorization message after the encryption of self is sent to neighbor AP equipment;
Describedly receive the authorization message that neighbor AP equipment sends, specifically comprise: receive the authorization message after the encryption that neighbor AP equipment sends;
After the described authorization message that receives after the encryption that neighbor AP equipment sends, also comprise: adopt authorization message after the encryption that described decipherment algorithm sends the neighbor AP equipment that receives to be decrypted and the authorization message of this neighbor AP equipment that access controller is issued is decrypted.
3. the method for claim 1 is characterized in that, also comprises: receive cryptographic algorithm and corresponding decipherment algorithm that access controller periodically issues;
Described described authorization message to neighbor AP equipment transmission self specifically comprises: after adopting described cryptographic algorithm that the authorization message of self is encrypted, the authorization message after encrypting is sent to neighbor AP equipment;
Describedly receive the authorization message that neighbor AP equipment sends, specifically comprise: receive the authorization message after the encryption that neighbor AP equipment sends;
After the described authorization message that receives after the encryption that neighbor AP equipment sends, also comprise: adopt the authorization message after the encryption that described decipherment algorithm sends the neighbor AP equipment that receives to be decrypted.
4. the method for claim 1, it is characterized in that, described if in receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment of the authorization message of the neighbor AP equipment that receives transmission and described success mandate does not match, confirm that this neighbor AP equipment is illegal access point apparatus, specifically comprise:
In receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate thinks that neighbor AP equipment is suspicious rogue access point equipment when not matching;
Send to other neighbor AP equipment whether this neighbor AP equipment of checking is the suspicious authorization information of rogue access point equipment;
If the suspicious confirmation that other neighbor AP equipment are responded confirms that this neighbor AP equipment is rogue access point equipment or suspicious rogue access point equipment, confirm that then this neighbor AP equipment is rogue access point equipment.
5. as the arbitrary described method of claim 1-4, it is characterized in that, also comprise:
When confirming that neighbor AP equipment is rogue access point equipment, report access controller; Described access controller identifies these neighbours and is rogue access point equipment, and obtains the attribute information of this neighbor AP equipment correspondence, sets up or upgrade the detection list of rules of this locality;
Described attribute information comprises at least a in the following message: IP address, media access control MAC address, manufacturer's information and BSSID BSSID.
6. method as claimed in claim 5 is characterized in that, after the detection list of rules that described access controller is set up or renewal is local, also comprises:
With set up or upgrade after the detection list of rules send to the AP checkout equipment of setting, described AP checkout equipment detects according to the legitimacy of described detection list of rules to AP equipment.
7. a device that detects rogue access point equipment is characterized in that, comprising: receiver module, sending module and affirmation module;
Described receiver module is used to receive the authorization message of the access point AP equipment of the successful mandate that access controller periodically issues, and receives the authorization message that neighbor AP equipment sends;
Sending module is used for according to the authorization message of the transmission cycle of setting to neighbor AP equipment transmission self request neighbor AP devices exchange authorization message;
Confirm module, be used for if in setting receiving cycle, receive the authorization message that neighbor AP equipment sends, and the authorization message of this neighbor AP equipment that comprises in the authorization message of the AP equipment that authorization message that described neighbor AP equipment sends and described success are authorized is complementary, and confirms that this neighbor AP equipment is legal access point apparatus; If in receiving cycle, do not receive the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate do not match, and confirms that this neighbor AP equipment is illegal access point apparatus.
8. device as claimed in claim 7, it is characterized in that, described receiver module, also be used for: receive the decipherment algorithm that access controller periodically issues, the authorization message of the AP equipment of the successful mandate after receiving the cryptographic algorithm of pass through to set that access controller periodically issues and encrypting, and receive authorization message after the encryption of neighbor AP equipment transmission;
Described sending module also is used for the authorization message after the encryption of self is sent to neighbor AP equipment;
Described affirmation module, after also being used to receive the authorization message after the encryption that neighbor AP equipment sends, adopt authorization message after the encryption that described decipherment algorithm sends the neighbor AP equipment that receives to be decrypted and the authorization message of this neighbor AP equipment that access controller is issued is decrypted.
9. device as claimed in claim 7 is characterized in that, described receiver module also is used for: receive cryptographic algorithm and corresponding decipherment algorithm that access controller periodically issues, and receive the authorization message after the encryption that neighbor AP equipment sends;
Described sending module specifically is used for: after adopting described cryptographic algorithm that the authorization message of self is encrypted, the authorization message after encrypting is sent to neighbor AP equipment;
Described affirmation module, also be used to receive the authorization message after the encryption that neighbor AP equipment sends after, adopt the authorization message after the encryption that described decipherment algorithm sends the neighbor AP equipment that receives to be decrypted.
10. as the arbitrary described device of claim 7-9, it is characterized in that, also comprise: authentication module;
Described affirmation module, also be used in receiving cycle, not receiving the authorization message that neighbor AP equipment sends, or the authorization message of this neighbor AP equipment that comprises in the authorization message of the authorization message that sends of the neighbor AP equipment that receives and the AP equipment of described success mandate thinks that neighbor AP equipment is suspicious rogue access point equipment when not matching;
Described authentication module is used for when described affirmation neighbor AP equipment is suspicious rogue access point equipment, indicates described sending module to send to other neighbor AP equipment whether these neighbor AP equipment of checking are the suspicious authorization information of rogue access point equipment; Confirm that this neighbor AP equipment is rogue access point equipment or suspicious rogue access point equipment if described receiver module receives the suspicious confirmation of other neighbor AP equipment responses, confirm that then this neighbor AP equipment is rogue access point equipment.
Described sending module also is used to send described suspicious authorization information;
Described receiver module also is used to receive described suspicious confirmation.
11. device as claimed in claim 10 is characterized in that, also comprises:
Reporting module is used for reporting access controller when confirming that neighbor AP equipment is rogue access point equipment.
12. an access point apparatus is characterized in that, comprising: as the device of the arbitrary described detection rogue access point equipment of claim 7-11.
13. a system that detects rogue access point equipment is characterized in that, comprising: access controller and some access point AP equipment as claimed in claim 12;
14. system as claimed in claim 13 is characterized in that, described access controller also is used for:
Receiving the affirmation neighbor AP equipment that described AP equipment reports is the information of rogue access point equipment, and identifies these neighbours and be rogue access point equipment, and the attribute information that obtains this neighbor AP equipment correspondence, sets up or upgrades local detection list of rules; Described attribute information comprises at least a in the following message: IP address, media access control MAC address, manufacturer's information and BSSID BSSID.
15. system as claimed in claim 13 is characterized in that, also comprises: the AP checkout equipment;
Receive the foundation that described access controller issues or upgrade after the detection list of rules, detect according to the legitimacy of described detection list of rules AP equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010564229.XA CN102014378B (en) | 2010-11-29 | 2010-11-29 | Method and system for detecting rogue access point device and access point device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010564229.XA CN102014378B (en) | 2010-11-29 | 2010-11-29 | Method and system for detecting rogue access point device and access point device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102014378A true CN102014378A (en) | 2011-04-13 |
| CN102014378B CN102014378B (en) | 2014-04-02 |
Family
ID=43844348
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010564229.XA Active CN102014378B (en) | 2010-11-29 | 2010-11-29 | Method and system for detecting rogue access point device and access point device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102014378B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752756A (en) * | 2012-06-08 | 2012-10-24 | 深信服网络科技(深圳)有限公司 | Method and device for preventing surfing the Internet by privately connecting wireless access point (AP) |
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| CN103037373A (en) * | 2012-12-21 | 2013-04-10 | 成都科来软件有限公司 | Wireless node blocking system |
| CN103067922A (en) * | 2013-01-24 | 2013-04-24 | 中兴通讯股份有限公司 | Method and system for preventing illegal access point in wireless local area network |
| CN103888949A (en) * | 2012-12-19 | 2014-06-25 | 杭州华三通信技术有限公司 | Illegal AP prevention method and device |
| CN104580141A (en) * | 2013-10-29 | 2015-04-29 | 三星Sds株式会社 | Method and apparatus for detecting unauthorized access point |
| CN104703181A (en) * | 2013-12-09 | 2015-06-10 | 重庆重邮信科通信技术有限公司 | Access node authentication method and terminal |
| CN104754651A (en) * | 2013-12-25 | 2015-07-01 | 任子行网络技术股份有限公司 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
| WO2015106548A1 (en) * | 2014-01-20 | 2015-07-23 | 华为技术有限公司 | Method and apparatus for monitoring network device |
| CN106131849A (en) * | 2016-06-23 | 2016-11-16 | 深圳市百米生活股份有限公司 | The detection of a kind of rogue AP in wireless network and blocking-up method |
| CN107950043A (en) * | 2015-09-11 | 2018-04-20 | 华为技术有限公司 | Verify method, terminal, service platform, access point and the access point backstage of wireless local network connecting point |
| CN109286947A (en) * | 2018-10-10 | 2019-01-29 | 锐捷网络股份有限公司 | Detection method, device and the electronic equipment of radio reception device |
| CN109347784A (en) * | 2018-08-10 | 2019-02-15 | 锐捷网络股份有限公司 | Terminal admittance control method, controller, management and control devices and system |
| WO2023016103A1 (en) * | 2021-08-11 | 2023-02-16 | 华为技术有限公司 | Method and apparatus for managing integrated access and backhaul node |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1841999A (en) * | 2005-03-30 | 2006-10-04 | 华为技术有限公司 | Realization method for information interaction between entitys in separate loaded control layer network |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
| WO2007105911A1 (en) * | 2006-03-15 | 2007-09-20 | Posdata Co., Ltd. | Apparatus and method for detecting duplication of portable subscriber station in portable internet system |
-
2010
- 2010-11-29 CN CN201010564229.XA patent/CN102014378B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1841999A (en) * | 2005-03-30 | 2006-10-04 | 华为技术有限公司 | Realization method for information interaction between entitys in separate loaded control layer network |
| WO2007105911A1 (en) * | 2006-03-15 | 2007-09-20 | Posdata Co., Ltd. | Apparatus and method for detecting duplication of portable subscriber station in portable internet system |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| CN102752756A (en) * | 2012-06-08 | 2012-10-24 | 深信服网络科技(深圳)有限公司 | Method and device for preventing surfing the Internet by privately connecting wireless access point (AP) |
| CN103888949A (en) * | 2012-12-19 | 2014-06-25 | 杭州华三通信技术有限公司 | Illegal AP prevention method and device |
| CN103037373A (en) * | 2012-12-21 | 2013-04-10 | 成都科来软件有限公司 | Wireless node blocking system |
| CN103037373B (en) * | 2012-12-21 | 2015-04-15 | 成都科来软件有限公司 | Wireless node blocking system |
| CN103067922A (en) * | 2013-01-24 | 2013-04-24 | 中兴通讯股份有限公司 | Method and system for preventing illegal access point in wireless local area network |
| CN104580141A (en) * | 2013-10-29 | 2015-04-29 | 三星Sds株式会社 | Method and apparatus for detecting unauthorized access point |
| CN104703181A (en) * | 2013-12-09 | 2015-06-10 | 重庆重邮信科通信技术有限公司 | Access node authentication method and terminal |
| CN104754651A (en) * | 2013-12-25 | 2015-07-01 | 任子行网络技术股份有限公司 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
| WO2015106548A1 (en) * | 2014-01-20 | 2015-07-23 | 华为技术有限公司 | Method and apparatus for monitoring network device |
| US9485659B2 (en) | 2014-01-20 | 2016-11-01 | Huawei Technologies Co., Ltd. | Method and apparatus for monitoring network device |
| CN107950043A (en) * | 2015-09-11 | 2018-04-20 | 华为技术有限公司 | Verify method, terminal, service platform, access point and the access point backstage of wireless local network connecting point |
| CN107950043B (en) * | 2015-09-11 | 2020-07-14 | 华为技术有限公司 | Method, terminal, service platform, access point and access point background for verifying wireless local area network access point |
| CN106131849A (en) * | 2016-06-23 | 2016-11-16 | 深圳市百米生活股份有限公司 | The detection of a kind of rogue AP in wireless network and blocking-up method |
| CN109347784A (en) * | 2018-08-10 | 2019-02-15 | 锐捷网络股份有限公司 | Terminal admittance control method, controller, management and control devices and system |
| CN109286947A (en) * | 2018-10-10 | 2019-01-29 | 锐捷网络股份有限公司 | Detection method, device and the electronic equipment of radio reception device |
| CN109286947B (en) * | 2018-10-10 | 2022-05-20 | 锐捷网络股份有限公司 | Detection method and device of wireless access equipment and electronic equipment |
| WO2023016103A1 (en) * | 2021-08-11 | 2023-02-16 | 华为技术有限公司 | Method and apparatus for managing integrated access and backhaul node |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102014378B (en) | 2014-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102014378B (en) | Method and system for detecting rogue access point device and access point device | |
| US10581913B2 (en) | Spoofing detection | |
| CN100366015C (en) | Cipher key setting system, access point, and cipher key setting method | |
| KR101211477B1 (en) | Method for mobile-key service | |
| CN110958142A (en) | Device maintenance method, maintenance device, storage medium, and computer program product | |
| US20100299730A1 (en) | User authentication method, wireless communication apparatus, base station, and account management apparatus | |
| CN103716795A (en) | Wireless network safe access method, apparatus and system | |
| CN104380775B (en) | Method and apparatus for network node and isomery or isomorphism wireless network for the operation for controlling the technology specific button configuration session in isomery or isomorphism wireless network | |
| US20110243112A1 (en) | Wireless lan terminal, a wireless lan access point and a wireless lan system | |
| CN102075934A (en) | AP (Access Point) monitor and method and system for monitoring illegal APs | |
| CN103634795B (en) | Radio communication device and method | |
| CN101690144A (en) | Wireless device monitoring methods, wireless device monitoring system and manufacture | |
| CN105119776B (en) | A kind of WiFi connection failures reason detection method and system | |
| CN100502300C (en) | Method for detecting illegally cut-in point in radio local network | |
| CN106789986A (en) | Monitoring device authentication method and device | |
| US20140298436A1 (en) | Cloud control system and method for lan-based controlled apparatus | |
| CN103874067A (en) | Authentication and Data Security for Wireless Networks | |
| CN101938741A (en) | Method, system and device for mutual authentication | |
| CN101192929B (en) | An access method, system and device for short distance wireless network | |
| CN101247618B (en) | Terminal validity detecting method and system | |
| US20060058053A1 (en) | Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method | |
| JP6621146B2 (en) | COMMUNICATION DEVICE, COMMUNICATION TERMINAL, COMMUNICATION SYSTEM, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL PROGRAM | |
| US9100429B2 (en) | Apparatus for analyzing vulnerability of wireless local area network | |
| CN106878989B (en) | Access control method and device | |
| WO2005071922A1 (en) | Method for authentication of external apparatuses in home or wireless networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |