CN102547695B - Security authentication method for wireless network - Google Patents
Security authentication method for wireless network Download PDFInfo
- Publication number
- CN102547695B CN102547695B CN201210061162.7A CN201210061162A CN102547695B CN 102547695 B CN102547695 B CN 102547695B CN 201210061162 A CN201210061162 A CN 201210061162A CN 102547695 B CN102547695 B CN 102547695B
- Authority
- CN
- China
- Prior art keywords
- wifi
- client
- service end
- wifi service
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to a security authentication method for a wireless network. A wireless fidelity (WiFi) server and a client are involved, and the security authentication method comprises the following steps that: a, an authentication service program is deployed in the client, and the client is connected to a public open system of the WiFi server to acquire a corresponding internet protocol (IP) address; b, according to the IP address, the client acquires and accesses an IP address of a security authentication system of the WiFi server; c, the WiFi server authenticates a client certificate; d, the client which passes the authentication establishes first security connection with the WiFi server and acquires encryption parameters; e, the client establishes a second security connection with the security authentication system of the WiFi server according to the encryption parameters; and f, the client and the WiFi server communicate and are updated through the second security connection. By the security authentication method, the client and the WiFi server can be connected easily and quickly by using a complex key and a complex encryption way; and meanwhile, the security during connecting can be guaranteed by using a method of updating the key regularly to ensure that brute force-based cracking and possibility of key leakage are avoided.
Description
Technical field
The present invention relates to the method for safety certification, is the method for wireless network secure certification concretely.
Background technology
WiFi (Wireless Fidelity) technology is current in the conventional a kind of wireless network access way of the environment such as family, enterprise and many more common places, and it can replace Ethernet Ethernet wired connection gradually, has good development prospect.But there is obvious safety problem in current WiFi wireless system.In the wireless system of WiFi, WEP (Wired Equivalent Privacy, Wired Equivalent Privacy) and WPA (WiFi Protected Access, the access of WiFi network security) system to key Cipher Strength very weak, and in WPA2 (the another kind of standard of WPA) system and WAPI (a kind of agreement of Chinese wireless LAN safety mandatory standard) use be PSK (Pre-shared Key, wildcard), if therefore use weak key also can have the problem of being cracked.And if use too complicated key, user inputs key and can bother very much in the time using WiFi.Therefore all there is larger problem in privacy protection and the data security protecting to user in current WiFi wireless system.
Summary of the invention
For above problem, the invention provides a kind of method of wireless network secure certification, make user can use complicated key to be connected WiFi network with cipher mode, improve the fail safe of transmission data, and simple and fast while connection adopts fail safe when regularly more the mode of new key ensures to connect simultaneously.
The method of wireless network secure certification of the present invention, has WiFi service end and client, and step comprises:
A. in client deployment authentication service program, client scan wireless network, and automatically access the public open system of WiFi service end, get corresponding IP address;
B. client, according to the IP address of described public open system, obtains the IP address of the security certification system of WiFi service end, and accesses this address by the authentication port of described security certification system;
The security certification system of c.WiFi service end requires certificate verification to the client of access;
D. set up first by the client of described certificate verification with the security certification system of WiFi service end and be connected safely, and connect and obtain corresponding encryption parameter safely by described first;
E. after client writes the encryption parameter obtaining in self WiFi configuration, disconnect first being connected safely between WiFi service end, set up second by described encryption parameter and the security certification system of WiFi service end and be connected safely;
F. client and WiFi service end are connected and communicate safely by described second; The change that WiFi service end is regularly configured, and client connects and synchronously obtains the configuration change of WiFi service end safely by second, sets up new being connected according to information after changing with WiFi service end.
The form that method of the present invention is combined with client software by certificate has substituted the configuration of existing WiFi safe key, thereby has realized the simple and easy configuration of wireless key, also therefore the fail safe of WiFi is risen to the rank of certificate.Because be the configuration that system is carried out key automatically, therefore can strengthen with the key of super complexity the fail safe of transmission simultaneously.Simultaneously by configuration informations such as the automatic regular update WiFi keys of WiFi service end, as wireless key and certificate changed automatically every 1 day or fixed time, as long as client certificate effectively can again authenticate automatically and be connected, so not only avoid the possibility of Brute Force and key exposure, also can not increase user's input and the burden being repeatedly connected.
Concrete, the local certificate that the certificate verification described in step c is client or USBkey certificate, wherein USBkey certificate preferably.USBkey is called as " U shield ", is a kind of hardware device of USB interface.Its built-in single-chip microcomputer or intelligent card chip, has certain memory space, can store user's private key and digital certificate, utilizes the built-in public key algorithm of USBkey to realize the certification to user identity.Because private key for user is kept in coded lock, make in theory all cannot read in any way, therefore ensure the fail safe that user authenticates.The fail safe that uses USBkey certificate can make to transmit data has reached the level of security of bank " Net silver ".
A kind of optional scheme is, the IP address of security certification system is the gateway address of described public open system IP address described in step b.
Concrete, the encryption parameter described in steps d comprises WiFi SSID (No. ID, wireless network), WiFi cipher mode and WiFi key.By these encryption parameters, can make WiFi service end and client corresponding one by one, each client is only used by corresponding encryption parameter and WiFi service end and is communicated, and other software also cannot be accessed this encryption parameter, independence and the fail safe of guarantee communication.
On the basis of such scheme, the configuration change of the WiFi service end described in step f can comprise:
Keeper revises the WiFi configuration of the security certification system of WiFi service end;
WiFi service end connects safely to the client being connected with security certification system and sends new WiFi configuration information by described second;
The security certification system of WiFi service end disconnects second being connected safely between all clients, enables new WiFi and configures;
Client is set up new second according to the new WiFi configuration receiving and the security certification system of WiFi service end and is connected safely.
After keeper has revised the access authentication key of WiFi service end, as long as the certification of the certificate of client is passed through, client can be updated to the encryption parameters such as up-to-date key automatically, thereby realizes the real-time binding of wireless authentication and certificate, does not need client user's configuration voluntarily again.
Preferably, the authentication port described in step b is SSH port.
The method of wireless network secure certification of the present invention, between client and WiFi service end, can use the key of super complexity to be connected with cipher mode, and make to realize between WiFi service end and client unique correspondence by certificate verification, obviously improve the fail safe of transmission data, and the encryption configuration of client is automatically to be completed by system, simple and fast when connection, adopt fail safe when regularly more the mode of new key ensures to connect simultaneously, avoided the possibility of Brute Force and key exposure.
Below in conjunction with the embodiment of accompanying drawing illustrated embodiment, foregoing of the present invention is described in further detail again.But this should be interpreted as to the scope of the above-mentioned theme of the present invention only limits to following example.Without departing from the idea case in the present invention described above, various replacements or the change made according to ordinary skill knowledge and customary means, all should comprise within the scope of the invention.
Brief description of the drawings
Fig. 1 is the flow chart of the method for wireless network secure certification of the present invention.
Embodiment
The method of wireless network secure certification of the present invention, has WiFi service end and client as shown in Figure 1, and step comprises:
A. in client deployment authentication service program, client scan wireless network, and automatically access the public open system of WiFi service end, get corresponding IP address;
B. client, according to the IP address of described public open system, obtains the IP address of the security certification system of WiFi service end, and this IP address can be the gateway address of described public open system IP address.Client is also accessed this address by the SSH authentication port of described security certification system, attempts connecting;
The security certification system of c.WiFi service end requires certificate verification to the client of access.Client authenticates by reading local certificate or USBkey certificate and described security certification system, wherein preferably uses USBkey certificate, can further improve the fail safe of communication data;
D. setting up first by the client of described certificate verification with the security certification system of WiFi service end is connected safely, and connect and obtain the encryption parameters such as WiFi SSID (No. ID, wireless network), WiFi cipher mode and WiFi key safely by described first, by these encryption parameters, can make WiFi service end and client corresponding one by one, each client is only used by corresponding encryption parameter and WiFi service end and is communicated, and other software also cannot be accessed this encryption parameter, ensure independence and the fail safe of communication;
E. after client writes the encryption parameter obtaining in self WiFi configuration, disconnect first being connected safely between WiFi service end, set up second by described encryption parameter and the security certification system of WiFi service end and be connected safely;
F. client and WiFi service end are connected and communicate safely by described second; The change that WiFi service end is regularly configured, and client connects and synchronously obtains the configuration change of WiFi service end safely by second, sets up new being connected according to information after changing with WiFi service end.The configuration change of wherein said WiFi service end comprises:
Keeper revises the WiFi configuration of the security certification system of WiFi service end;
WiFi service end connects safely to the client being connected with security certification system and sends new WiFi configuration information by described second;
The security certification system of WiFi service end disconnects second being connected safely between all clients, enables new WiFi and configures;
Client is set up new second according to the new WiFi configuration receiving and the security certification system of WiFi service end and is connected safely, realizes the real-time binding of wireless authentication and certificate, and does not need client user to configure voluntarily again.
Because the system of client is automatically and carries out the configuration of key between WiFi service end, therefore can strengthen with the key of super complexity the fail safe of transmission.Simultaneously by configuration informations such as the automatic regular update WiFi keys of WiFi service end, as wireless key and certificate changed automatically every 1 day or fixed time, as long as client certificate effectively can again authenticate automatically and be connected, so not only avoid the possibility of Brute Force and key exposure, also can not increase user's input and the burden being repeatedly connected.By method of the present invention, make the communication data of WiFi can reach the level of security of bank " Net silver ", protect greatly user's privacy and Information Security.
Claims (5)
1. the method for wireless network secure certification, has WiFi service end and client, it is characterized by step and comprises:
A. in client deployment authentication service program, client scan wireless network, and automatically access the public open system of WiFi service end, get corresponding IP address;
B. client, according to the IP address of described public open system, obtains the IP address of the security certification system of WiFi service end, and accesses this address by the authentication port of described security certification system;
The security certification system of c.WiFi service end requires certificate verification to the client of access;
D. set up first by the client of described certificate verification with the security certification system of WiFi service end and be connected safely, and connect and obtain corresponding encryption parameter safely by described first;
E. after client writes the encryption parameter obtaining in self WiFi configuration, disconnect first being connected safely between WiFi service end, set up second by described encryption parameter and the security certification system of WiFi service end and be connected safely;
F. client and WiFi service end are connected and communicate safely by described second; The change that WiFi service end is regularly configured, and client connects and synchronously obtains the configuration change of WiFi service end safely by second, sets up new being connected according to information after changing with WiFi service end; The configuration change of described WiFi service end comprises:
Keeper revises the WiFi configuration of the security certification system of WiFi service end;
WiFi service end connects safely to the client being connected with security certification system and sends new WiFi configuration information by described second;
The security certification system of WiFi service end disconnects second being connected safely between all clients, enables new WiFi and configures;
Client is set up new second according to the new WiFi configuration receiving and the security certification system of WiFi service end and is connected safely.
2. the method for wireless network secure certification as claimed in claim 1, is characterized by: the local certificate that the certificate verification described in step c is client or USBkey certificate.
3. the method for wireless network secure certification as claimed in claim 1, is characterized by: described in step b, the IP address of security certification system is the gateway address of described public open system IP address.
4. the method for wireless network secure certification as claimed in claim 1, is characterized by: the encryption parameter described in steps d comprises WiFi SSID, WiFi cipher mode and WiFi key.
5. the method for wireless network secure certification as claimed in claim 1, is characterized by: the authentication port described in step b is SSH port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210061162.7A CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210061162.7A CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102547695A CN102547695A (en) | 2012-07-04 |
| CN102547695B true CN102547695B (en) | 2014-11-26 |
Family
ID=46353402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210061162.7A Active CN102547695B (en) | 2012-03-09 | 2012-03-09 | Security authentication method for wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102547695B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014026344A1 (en) | 2012-08-16 | 2014-02-20 | Oplink Communications, Inc. | Self-configuring wireless network |
| CN102843687B (en) | 2012-09-18 | 2016-01-27 | 惠州Tcl移动通信有限公司 | The method and system of the portable focus secure accessing of smart mobile phone |
| CN103167488B (en) | 2013-03-25 | 2016-07-06 | 北京奇虎科技有限公司 | The method that Wi-Fi signal is pointed out and device |
| CN103354669A (en) * | 2013-06-26 | 2013-10-16 | 上海斐讯数据通信技术有限公司 | Internet access configuration method for wireless router |
| CN108667699B (en) * | 2013-08-06 | 2021-07-20 | 华为终端(深圳)有限公司 | Method and device for interconnecting terminal equipment and gateway equipment |
| CN104902470B (en) * | 2015-05-05 | 2018-10-30 | 中国科学院信息工程研究所 | A kind of connection control method and system of the hotspot based on dynamic key |
| CN104853355A (en) * | 2015-05-23 | 2015-08-19 | 桂林航天工业学院 | Wireless local area network access identity verification method based on near field communication point-to-point technology |
| CN104994118A (en) * | 2015-08-11 | 2015-10-21 | 吴培希 | WiFi authentication system and method based on dynamic password |
| CN105263177B (en) * | 2015-09-06 | 2019-03-01 | 珠海全志科技股份有限公司 | A kind of nothing is physically entered Android device WiFi networking method and device |
| CN105187452A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Wireless network authentication method and system based on APP control |
| CN105611249A (en) * | 2015-12-31 | 2016-05-25 | 深圳市磊科实业有限公司 | Wireless connection configuration method for NVR (Network Video Recorder) and IPC (IP Camera) |
| CN105978682A (en) * | 2016-06-27 | 2016-09-28 | 武汉斗鱼网络科技有限公司 | Mobile terminal token generation system and method thereof for judging identity of login user |
| CN111865962B (en) * | 2020-07-16 | 2022-04-08 | 国网山东省电力公司青岛供电公司 | WiFi (Wireless Fidelity) secure login authentication system and method |
| CN113722095A (en) * | 2021-08-18 | 2021-11-30 | 江苏电力信息技术有限公司 | Data API dynamic configuration method of electric power data transaction platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030908A (en) * | 2007-02-06 | 2007-09-05 | 西安西电捷通无线网络通信有限公司 | Method for applying for certificate in wireless LAN WAPI safety mechanism |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100494558B1 (en) * | 2002-11-13 | 2005-06-13 | 주식회사 케이티 | The method and system for performing authentification to obtain access to public wireless LAN |
-
2012
- 2012-03-09 CN CN201210061162.7A patent/CN102547695B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030908A (en) * | 2007-02-06 | 2007-09-05 | 西安西电捷通无线网络通信有限公司 | Method for applying for certificate in wireless LAN WAPI safety mechanism |
| CN101931532A (en) * | 2009-09-08 | 2010-12-29 | 北京握奇数据系统有限公司 | Telecommunication smart card-based digital certificate management method and telecommunication smart card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102547695A (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102547695B (en) | Security authentication method for wireless network | |
| Santoso et al. | Securing IoT for smart home system | |
| CN103441984B (en) | Dynamic authentication in safety wireless network | |
| TWI468032B (en) | Method and apparatus for relay node management and authorization | |
| US9980194B2 (en) | Bootstrapping secure connections for deployable networks | |
| TWI433556B (en) | Wireless network authentication apparatus and methods | |
| JP6668407B2 (en) | Terminal authentication method and apparatus used in mobile communication system | |
| US20170063807A1 (en) | Method for automatically establishing wireless connection, gateway device and client device for internet of things using the same | |
| JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
| CN107667554A (en) | Decentralized configuration device entity | |
| CN103596173A (en) | Wireless network authentication method, client wireless network authentication device, and server wireless network authentication device | |
| CN104105096B (en) | A kind of radio switch-in method of IPC equipment | |
| CN104994118A (en) | WiFi authentication system and method based on dynamic password | |
| US20150181424A1 (en) | Mobile wireless access | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| US11711693B2 (en) | Non-3GPP device access to core network | |
| CN103297968A (en) | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system | |
| US20210329461A1 (en) | Non-3gpp device access to core network | |
| CA3152918A1 (en) | Wireless network provisioning using a pre-shared key | |
| CN107566112A (en) | Dynamic encryption and decryption method and server | |
| JP5721183B2 (en) | Wireless LAN communication system, wireless LAN base unit, communication connection establishment method, and program | |
| CN105812218A (en) | Method for realizing multi-VPN-protocol application access, middleware and mobile terminal | |
| CN104581723A (en) | Application method and device for networking information data of client equipment | |
| CN103974455B (en) | Fast and safely WIFI network connection method | |
| CN104053153A (en) | Wireless Mesh network access authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant after: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION Address before: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant before: Chengdu VOLANS Technology Development Corporation. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: CHENGDU VOLANS TECHNOLOGY DEVELOPMENT CORPORATION. TO: CHENGDU FEIYUXING TECHNOLOGY CO., LTD. |
|
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: The middle high tech Zone Yizhou road in Chengdu city of Sichuan province 610041 No. 1800 Tianfu Software Park G District 4 Building 7-8F Applicant after: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION Address before: 610041, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Applicant before: VOLANS TECHNOLOGY DEVELOPMENT CORPORATION |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Fan Haipeng Inventor after: Zhou Long Inventor after: Chen Bei Inventor before: Fan Haipeng Inventor before: Zhou Long |
|
| COR | Change of bibliographic data |