CN102547695A - Security authentication method for wireless network - Google Patents
Security authentication method for wireless network Download PDFInfo
- Publication number
- CN102547695A CN102547695A CN2012100611627A CN201210061162A CN102547695A CN 102547695 A CN102547695 A CN 102547695A CN 2012100611627 A CN2012100611627 A CN 2012100611627A CN 201210061162 A CN201210061162 A CN 201210061162A CN 102547695 A CN102547695 A CN 102547695A
- Authority
- CN
- China
- Prior art keywords
- wifi
- client
- service end
- wifi service
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a security authentication method for a wireless network. A wireless fidelity (WiFi) server and a client are involved, and the security authentication method comprises the following steps that: a, an authentication service program is deployed in the client, and the client is connected to a public open system of the WiFi server to acquire a corresponding internet protocol (IP) address; b, according to the IP address, the client acquires and accesses an IP address of a security authentication system of the WiFi server; c, the WiFi server authenticates a client certificate; d, the client which passes the authentication establishes first security connection with the WiFi server and acquires encryption parameters; e, the client establishes a second security connection with the security authentication system of the WiFi server according to the encryption parameters; and f, the client and the WiFi server communicate and are updated through the second security connection. By the security authentication method, the client and the WiFi server can be connected easily and quickly by using a complex key and a complex encryption way; and meanwhile, the security during connecting can be guaranteed by using a method of updating the key regularly to ensure that brute force-based cracking and possibility of key leakage are avoided.
Description
Technical field
The present invention relates to the method for safety certification, is the method for wireless network secure authentication concretely.
Background technology
WiFi (Wireless Fidelity) technology is current in environment a kind of wireless network access waies commonly used such as family, enterprise and many places more altogether, and it can replace Ethernet Ethernet wired connection gradually, has good development prospect.But there is tangible safety problem in present WiFi wireless system.In the wireless system of WiFi; WEP (Wired Equivalent Privacy; Wired Equivalent Privacy) and WPA (WiFi Protected Access, the access of WiFi network security) system to key Cipher Strength very a little less than, and that in WPA2 (the another kind of standard of WPA) system and WAPI (a kind of agreement of Chinese wireless LAN safety compulsory standard), use is PSK (Pre-shared Key; Wildcard), if therefore use more weak key also can have the problem of being cracked.And if use too complicated key, user's input key when using WiFi then can bother very much.Therefore all there is bigger problem in privacy protection and the data security protecting to the user in present WiFi wireless system.
Summary of the invention
To above problem; The invention provides a kind of method of wireless network secure authentication; Make the user can use complicated key to be connected the WiFi network with cipher mode; Improve the transmission safety of data, and simple and fast when connecting, the fail safe when regularly more the mode of new key guarantees to connect adopted simultaneously.
The method of wireless network secure authentication of the present invention has WiFi service end and client, and step comprises:
A. in client deployment authentication service program, the client scan wireless network, and insert the public open system of WiFi service end automatically, get access to corresponding IP address;
B. client obtains the IP address of the security certification system of WiFi service end according to the IP address of said public open system, and visits this address through the authentication port of said security certification system;
The security certification system of c.WiFi service end requires certificate verification to the client of visit;
D. set up first safety through the client of said certificate verification with the security certification system of WiFi service end and be connected, and obtain corresponding encryption parameter through the described first safety connection;
E. after client writes the encryption parameter that obtains in self the WiFi configuration, break off with the WiFi service end between first safety be connected, set up for second safe the connection through the described encryption parameter and the security certification system of WiFi service end;
F. client communicates through described second safe the connection with the WiFi service end; The change that the WiFi service end regularly is configured, and client is set up new be connected according to information after changing with the WiFi service end through the second safe configuration change that obtains the WiFi service end synchronously that connects.
The form that method of the present invention combines with client software through certificate has substituted the configuration of existing WiFi safe key, thereby has realized the simple and easy configuration of wireless key, also therefore the fail safe of WiFi is risen to the rank of certificate.Because be the configuration that system carries out key automatically, therefore can use the key of super complicacy to strengthen safety of transmission simultaneously.Simultaneously through configuration informations such as the automatic regular update WiFi keys of WiFi service end; As whenever wireless key and certificate being changed automatically at a distance from 1 day or fixed time; As long as client certificate effectively can carry out authentication again and be connected automatically; The possibility of so not only having avoided Brute Force and key to leak can not increase user's input and the burden that repeatedly is connected yet.
Concrete, the certificate verification described in the step c is the local certificate or the USBkey certificate of client, wherein USBkey certificate preferably.USBkey is called as " U shield ", is a kind of hardware device of USB interface.Its built-in single-chip microcomputer or intelligent card chip has certain memory space, can store user's private key and digital certificate, utilizes the built-in public key algorithm of USBkey to realize the authentication to user identity.Because private key for user is kept in the coded lock, uses any way all can't read in theory, therefore guaranteed the fail safe of authentification of user.Use the USBkey certificate can make the transmission safety of data reach the level of security of bank " Net silver ".
A kind of optional scheme is that the IP address of the said security certification system of step b is the gateway address of said public open system IP address.
Concrete, the described encryption parameter of steps d comprises WiFi SSID (wireless network ID number), WiFi cipher mode and WiFi key.Through these encryption parameters; Can make WiFi service end and client corresponding one by one; Each client is only used through the encryption parameter of correspondence and WiFi service end and is communicated, and other software also can't be visited this encryption parameter, the independence and the fail safe of assurance communication.
On the basis of such scheme, the configuration change of the described WiFi service end of step f can comprise:
The keeper revises the WiFi configuration of the security certification system of WiFi service end;
The WiFi service end connects to the client that is connected with security certification system through described second safety sends new WiFi configuration information;
The security certification system of WiFi service end break off with all clients between second safety be connected, launch new WiFi and dispose;
Client is set up the second new safety according to the new WiFi configuration that receives and the security certification system of WiFi service end and is connected.
After the keeper has revised the access authentication key of WiFi service end; As long as the certificate of client is that authentication is passed through; Client can be updated to up-to-date encryption parameters such as key automatically, thereby realizes the real-time binding of wireless authentication and certificate, does not need client user's configuration voluntarily again.
Preferably, the described authentication port of step b is the SSH port.
The method of wireless network secure authentication of the present invention; Can use the key of super complicacy to be connected between client and the WiFi service end with cipher mode; And make the unique correspondence of realization between WiFi service end and the client through certificate verification; Obviously improved the transmission safety of data, and the encryption configuration of client is to be accomplished automatically by system, simple and fast during connection; Adopt the fail safe when regularly more the mode of new key guarantees to connect simultaneously, the possibility of having avoided Brute Force and key to leak.
Below in conjunction with the embodiment of accompanying drawing illustrated embodiment, foregoing of the present invention is remake further detailed description.But should this be interpreted as that the scope of the above-mentioned theme of the present invention only limits to following instance.Do not breaking away under the above-mentioned technological thought situation of the present invention, various replacements or change according to ordinary skill knowledge and customary means are made all should comprise within the scope of the invention.
Description of drawings
Fig. 1 is the flow chart of the method for wireless network secure authentication of the present invention.
Embodiment
The method of wireless network secure authentication of the present invention as shown in Figure 1 has WiFi service end and client, and step comprises:
A. in client deployment authentication service program, the client scan wireless network, and insert the public open system of WiFi service end automatically, get access to corresponding IP address;
B. client obtains the IP address of the security certification system of WiFi service end according to the IP address of said public open system, and this IP address can be the gateway address of said public open system IP address.Client also through this address of SSH authentication port visit of said security certification system, attempts connecting;
The security certification system of c.WiFi service end requires certificate verification to the client of visit.Client is carried out authentication through reading local certificate or USBkey certificate and said security certification system, wherein preferably uses the USBkey certificate, can further improve the fail safe of communication data;
D. setting up first safety through the client of said certificate verification with the security certification system of WiFi service end is connected; And through described first safe the connection obtaining encryption parameters such as WiFi SSID (wireless network ID number), WiFi cipher mode and WiFi key; Through these encryption parameters; Can make WiFi service end and client corresponding one by one; Each client is only used through the encryption parameter of correspondence and WiFi service end and is communicated, and other software also can't be visited this encryption parameter, the independence and the fail safe of assurance communication;
E. after client writes the encryption parameter that obtains in self the WiFi configuration, break off with the WiFi service end between first safety be connected, set up for second safe the connection through the described encryption parameter and the security certification system of WiFi service end;
F. client communicates through described second safe the connection with the WiFi service end; The change that the WiFi service end regularly is configured, and client is set up new be connected according to information after changing with the WiFi service end through the second safe configuration change that obtains the WiFi service end synchronously that connects.The configuration change of wherein said WiFi service end comprises:
The keeper revises the WiFi configuration of the security certification system of WiFi service end;
The WiFi service end connects to the client that is connected with security certification system through described second safety sends new WiFi configuration information;
The security certification system of WiFi service end break off with all clients between second safety be connected, launch new WiFi and dispose;
Client is set up the second new safety according to the new WiFi configuration that receives and the security certification system of WiFi service end and is connected, and realizes the real-time binding of wireless authentication and certificate, and does not need client user's configuration voluntarily again.
Because the system of client is automatically and carries out the configuration of key between the WiFi service end, therefore can use the key of super complicacy to strengthen safety of transmission.Simultaneously through configuration informations such as the automatic regular update WiFi keys of WiFi service end; As whenever wireless key and certificate being changed automatically at a distance from 1 day or fixed time; As long as client certificate effectively can carry out authentication again and be connected automatically; The possibility of so not only having avoided Brute Force and key to leak can not increase user's input and the burden that repeatedly is connected yet.Through method of the present invention, make the communication data of WiFi can reach the level of security of bank " Net silver ", protected user's privacy and Information Security greatly.
Claims (6)
1. the method for wireless network secure authentication has WiFi service end and client, it is characterized by step and comprises:
A. in client deployment authentication service program, the client scan wireless network, and insert the public open system of WiFi service end automatically, get access to corresponding IP address;
B. client obtains the IP address of the security certification system of WiFi service end according to the IP address of said public open system, and visits this address through the authentication port of said security certification system;
The security certification system of c.WiFi service end requires certificate verification to the client of visit;
D. set up first safety through the client of said certificate verification with the security certification system of WiFi service end and be connected, and obtain corresponding encryption parameter through the described first safety connection;
E. after client writes the encryption parameter that obtains in self the WiFi configuration, break off with the WiFi service end between first safety be connected, set up for second safe the connection through the described encryption parameter and the security certification system of WiFi service end;
F. client communicates through described second safe the connection with the WiFi service end; The change that the WiFi service end regularly is configured, and client is set up new be connected according to information after changing with the WiFi service end through the second safe configuration change that obtains the WiFi service end synchronously that connects.
2. the method for wireless network secure authentication as claimed in claim 1 is characterized by: the certificate verification described in the step c is the local certificate or the USBkey certificate of client.
3. the method for wireless network secure authentication as claimed in claim 1 is characterized by: the IP address of the said security certification system of step b is the gateway address of said public open system IP address.
4. the method for wireless network secure authentication as claimed in claim 1 is characterized by: the described encryption parameter of steps d comprises WiFi SSID, WiFi cipher mode and WiFi key.
5. like the method for the described wireless network secure authentication of one of claim 1 to 4, it is characterized by: the configuration change of the described WiFi service end of step f comprises:
The keeper revises the WiFi configuration of the security certification system of WiFi service end;
The WiFi service end connects to the client that is connected with security certification system through described second safety sends new WiFi configuration information;
The security certification system of WiFi service end break off with all clients between second safety be connected, launch new WiFi and dispose;
Client is set up the second new safety according to the new WiFi configuration that receives and the security certification system of WiFi service end and is connected.
6. the method for wireless network secure authentication as claimed in claim 5 is characterized by: the described authentication port of step b is the SSH port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210061162.7A CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210061162.7A CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102547695A true CN102547695A (en) | 2012-07-04 |
| CN102547695B CN102547695B (en) | 2014-11-26 |
Family
ID=46353402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210061162.7A Active CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102547695B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843687A (en) * | 2012-09-18 | 2012-12-26 | 惠州Tcl移动通信有限公司 | Smartphone portable point safe access system and method |
| CN103167488A (en) * | 2013-03-25 | 2013-06-19 | 北京奇虎科技有限公司 | Method and device for prompting Wi-Fi signals |
| CN103354669A (en) * | 2013-06-26 | 2013-10-16 | 上海斐讯数据通信技术有限公司 | Internet access configuration method for wireless router |
| WO2014026344A1 (en) * | 2012-08-16 | 2014-02-20 | Oplink Communications, Inc. | Self-configuring wireless network |
| CN104853355A (en) * | 2015-05-23 | 2015-08-19 | 桂林航天工业学院 | Wireless local area network access identity verification method based on near field communication point-to-point technology |
| CN104902470A (en) * | 2015-05-05 | 2015-09-09 | 中国科学院信息工程研究所 | Access control method and system for wireless hotspot based on dynamic keys |
| CN104994118A (en) * | 2015-08-11 | 2015-10-21 | 吴培希 | WiFi authentication system and method based on dynamic password |
| CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
| CN105263177A (en) * | 2015-09-06 | 2016-01-20 | 珠海全志科技股份有限公司 | WiFi (Wireless Fidelity) networking method and device for physical-input-free Android equipment |
| CN105611249A (en) * | 2015-12-31 | 2016-05-25 | 深圳市磊科实业有限公司 | Wireless connection configuration method for NVR (Network Video Recorder) and IPC (IP Camera) |
| CN105978682A (en) * | 2016-06-27 | 2016-09-28 | 武汉斗鱼网络科技有限公司 | Mobile terminal token generation system and method thereof for judging identity of login user |
| CN108667699A (en) * | 2013-08-06 | 2018-10-16 | 华为终端有限公司 | Interconnected method and device between a kind of terminal device and gateway device |
| CN111865962A (en) * | 2020-07-16 | 2020-10-30 | 国网山东省电力公司青岛供电公司 | WiFi (Wireless Fidelity) secure login authentication system and method |
| CN113722095A (en) * | 2021-08-18 | 2021-11-30 | 江苏电力信息技术有限公司 | Data API dynamic configuration method of electric power data transaction platform |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040042247A (en) * | 2002-11-13 | 2004-05-20 | 한국전자통신연구원 | The method and system for performing authentification to obtain access to public wireless LAN |
| CN101030908A (en) * | 2007-02-06 | 2007-09-05 | 西安西电捷通无线网络通信有限公司 | Method for applying for certificate in wireless LAN WAPI safety mechanism |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
-
2012
- 2012-03-09 CN CN201210061162.7A patent/CN102547695B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040042247A (en) * | 2002-11-13 | 2004-05-20 | 한국전자통신연구원 | The method and system for performing authentification to obtain access to public wireless LAN |
| CN101030908A (en) * | 2007-02-06 | 2007-09-05 | 西安西电捷通无线网络通信有限公司 | Method for applying for certificate in wireless LAN WAPI safety mechanism |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9401901B2 (en) | 2012-08-16 | 2016-07-26 | Mivalife Mobile Technology, Inc. | Self-configuring wireless network |
| WO2014026344A1 (en) * | 2012-08-16 | 2014-02-20 | Oplink Communications, Inc. | Self-configuring wireless network |
| US9344895B2 (en) | 2012-09-18 | 2016-05-17 | Huizhou TC Mobile Communication Co., Ltd | Method and system for securely accessing portable hotspot for intelligent mobile phones |
| CN102843687A (en) * | 2012-09-18 | 2012-12-26 | 惠州Tcl移动通信有限公司 | Smartphone portable point safe access system and method |
| WO2014044065A1 (en) * | 2012-09-18 | 2014-03-27 | 惠州Tcl移动通信有限公司 | Method and system for securely accessing portable hotspot of smart phones |
| US9769688B2 (en) | 2013-03-25 | 2017-09-19 | Beijing Qihoo Technology Company Limited | Device and method for prompting information about Wi-Fi signal |
| CN103167488A (en) * | 2013-03-25 | 2013-06-19 | 北京奇虎科技有限公司 | Method and device for prompting Wi-Fi signals |
| CN103167488B (en) * | 2013-03-25 | 2016-07-06 | 北京奇虎科技有限公司 | The method that Wi-Fi signal is pointed out and device |
| CN103354669A (en) * | 2013-06-26 | 2013-10-16 | 上海斐讯数据通信技术有限公司 | Internet access configuration method for wireless router |
| CN108667699B (en) * | 2013-08-06 | 2021-07-20 | 华为终端(深圳)有限公司 | Method and device for interconnecting terminal equipment and gateway equipment |
| CN108667699A (en) * | 2013-08-06 | 2018-10-16 | 华为终端有限公司 | Interconnected method and device between a kind of terminal device and gateway device |
| CN104902470A (en) * | 2015-05-05 | 2015-09-09 | 中国科学院信息工程研究所 | Access control method and system for wireless hotspot based on dynamic keys |
| CN104902470B (en) * | 2015-05-05 | 2018-10-30 | 中国科学院信息工程研究所 | A kind of connection control method and system of the hotspot based on dynamic key |
| CN104853355A (en) * | 2015-05-23 | 2015-08-19 | 桂林航天工业学院 | Wireless local area network access identity verification method based on near field communication point-to-point technology |
| CN104994118A (en) * | 2015-08-11 | 2015-10-21 | 吴培希 | WiFi authentication system and method based on dynamic password |
| CN105263177B (en) * | 2015-09-06 | 2019-03-01 | 珠海全志科技股份有限公司 | A kind of nothing is physically entered Android device WiFi networking method and device |
| CN105263177A (en) * | 2015-09-06 | 2016-01-20 | 珠海全志科技股份有限公司 | WiFi (Wireless Fidelity) networking method and device for physical-input-free Android equipment |
| CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
| CN105611249A (en) * | 2015-12-31 | 2016-05-25 | 深圳市磊科实业有限公司 | Wireless connection configuration method for NVR (Network Video Recorder) and IPC (IP Camera) |
| CN105978682A (en) * | 2016-06-27 | 2016-09-28 | 武汉斗鱼网络科技有限公司 | Mobile terminal token generation system and method thereof for judging identity of login user |
| CN111865962A (en) * | 2020-07-16 | 2020-10-30 | 国网山东省电力公司青岛供电公司 | WiFi (Wireless Fidelity) secure login authentication system and method |
| CN111865962B (en) * | 2020-07-16 | 2022-04-08 | 国网山东省电力公司青岛供电公司 | WiFi (Wireless Fidelity) secure login authentication system and method |
| CN113722095A (en) * | 2021-08-18 | 2021-11-30 | 江苏电力信息技术有限公司 | Data API dynamic configuration method of electric power data transaction platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102547695B (en) | 2014-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102547695B (en) | Security authentication method for wireless network | |
| US11616775B2 (en) | Network access authentication method, apparatus, and system | |
| AU2006211768B2 (en) | Wireless network system and communication method for external device to temporarily access wireless network | |
| TWI433556B (en) | Wireless network authentication apparatus and methods | |
| JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
| US20170063807A1 (en) | Method for automatically establishing wireless connection, gateway device and client device for internet of things using the same | |
| EP3425842B1 (en) | Communication system and communication method for certificate generation | |
| CN104469765B (en) | Terminal authentication method and apparatus for use in mobile communication system | |
| WO2019056957A1 (en) | Data processing and identity authentication methods and systems, and terminal | |
| CN103596173A (en) | Wireless network authentication method, client wireless network authentication device, and server wireless network authentication device | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN104660567B (en) | D2D terminal access authentications method, D2D terminals and server | |
| US20150181424A1 (en) | Mobile wireless access | |
| US20230328524A1 (en) | Non-3gpp device access to core network | |
| US20240171982A1 (en) | Non-3gpp device acess to core network | |
| CN104202299A (en) | System and method of identity authentication based on Bluetooth | |
| US20210243188A1 (en) | Methods and apparatus for authenticating devices | |
| CN108848495A (en) | A kind of user identity update method using preset key | |
| CN107566112A (en) | Dynamic encryption and decryption method and server | |
| CN109841273B (en) | One-stop integration method and device of medical diagnosis software | |
| CN106060087A (en) | Multi-factor host security access control system and method | |
| CN101454767B (en) | Dynamic authentication in secured wireless networks | |
| JP2014135558A (en) | Information transfer system, information transfer method, information transfer program | |
| WO2017020546A1 (en) | Network access device verifying method and apparatus | |
| CN107529170A (en) | A kind of method and system of management router guest network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant after: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION Address before: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant before: Chengdu VOLANS Technology Development Corporation. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: CHENGDU VOLANS TECHNOLOGY DEVELOPMENT CORPORATION. TO: CHENGDU FEIYUXING TECHNOLOGY CO., LTD. |
|
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: The middle high tech Zone Yizhou road in Chengdu city of Sichuan province 610041 No. 1800 Tianfu Software Park G District 4 Building 7-8F Applicant after: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION Address before: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant before: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Fan Haipeng Inventor after: Zhou Long Inventor after: Chen Bei Inventor before: Fan Haipeng Inventor before: Zhou Long |
|
| COR | Change of bibliographic data |