CN103079200A - Wireless access authentication method, system and wireless router - Google Patents
Wireless access authentication method, system and wireless router Download PDFInfo
- Publication number
- CN103079200A CN103079200A CN2011103292099A CN201110329209A CN103079200A CN 103079200 A CN103079200 A CN 103079200A CN 2011103292099 A CN2011103292099 A CN 2011103292099A CN 201110329209 A CN201110329209 A CN 201110329209A CN 103079200 A CN103079200 A CN 103079200A
- Authority
- CN
- China
- Prior art keywords
- information
- verified
- wireless access
- access terminal
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a wireless access authentication method, a wireless access authentication system and a wireless router. The method comprises the following steps that to-be-authenticated information transmitted by a wireless access terminal is authenticated by the wireless router, and after authentication passes, the wireless access terminal is permitted to access. The wireless router comprises a first information receiving and transmitting module, an authentication module and an access module, wherein the first information receiving and transmitting module is used for receiving the to-be-authenticated information transmitted by the wireless access terminal, the authentication module is used for authenticating the to-be-authenticated information received by the first information receiving and transmitting module, and the access module is used for permitting the wireless access terminal to access after authentication passes. The system comprises the wireless router and at least one wireless access terminal, wherein the wireless access terminal is used for transmitting the to-be-authenticated information to the wireless router, and the wireless router is used for authenticating the to-be-authenticated information transmitted by the wireless access terminal and permitting the wireless access terminal to access after authentication passes. According to the method, the system and the wireless router, through the technical scheme, the safety problem of wireless networks is solved.
Description
Technical field
The present invention relates to communication field, relate in particular to a kind of Verification System of authentication method, wireless router and wireless access of wireless access.
Background technology
The use of wireless network is more and more general, and the appearance of wireless network has also brought new information security issue to IT industry simultaneously.Because present existing attack protection technology can not effectively be applied to wireless network, such as the employed fire compartment wall of traditional cable network and this class border prevention device of acting server, wireless network is because being difficult to the access by this class border prevention device control user.A common radio access point all is disclosed to all users of its inside, and the invader is access of radio network easily, accesses various resources.Along with the technical merit of hacker attacks improves constantly, attack the scale expanding day, the safety problem of wireless network becomes the key issue of communication field gradually.
Summary of the invention
The invention provides a kind of Verification System of authentication method, wireless router and wireless access of wireless access, solve the safety problem of wireless network.
For solving the problems of the technologies described above, the present invention by the following technical solutions:
A kind of authentication method of wireless access comprises:
Wireless router is verified the information to be verified that the wireless access terminal sends;
After checking is passed through, allow the access of described wireless access terminal.
Before the information to be verified that described wireless router sends the wireless access terminal was verified, also comprise: a symmetrical key was consulted in wireless router and wireless access terminal; Wireless router is decrypted the information to be verified behind the described symmetric key encryption of utilizing that the wireless access terminal sends; The information to be verified that described wireless router sends the wireless access terminal is verified and is specially: the information to be verified after the deciphering is verified.
Described information to be verified is that PIK (Platform Identity Key is used in described wireless access terminal, the platform identity key) signing messages that obtains after certificate or PEK (Platform Encryption Key, platform encryption key) certificate eap-message digest that terminal feature information is produced is signed; After described signing messages checking is passed through, allow the access of described wireless access terminal; Perhaps,
Described information to be verified comprises the signing messages that obtains after mac address information and described wireless access terminal use PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; After described mac address information and described signing messages are all verified and passed through, allow the access of described wireless access terminal.
The process that wireless router is verified described signing messages comprises:
Wireless router receives the characteristic information that the wireless access terminal sends;
Wireless router obtains PIK certificate or the PEK certificate of described wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert according to described characteristic information, and utilizes described PIK certificate or the described signing messages of PEK certification authentication.
The process that wireless router is verified described mac address information comprises: wireless router judges whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation of default permission access; If exist, then described mac address information checking is passed through.
A kind of wireless router comprises first information transceiver module, authentication module and access module, wherein,
Described first information transceiver module is used for receiving the information to be verified that the wireless access terminal sends;
Described authentication module is used for the information to be verified that described first information transceiver module receives is verified;
After described access module is passed through for described checking, allow the access of described wireless access terminal.
Also comprise the first creditable calculation modules and deciphering module, wherein,
Described the first creditable calculation modules is for generation of a symmetrical key of consulting with described wireless access terminal;
Described first information transceiver module is used for specifically receiving that described wireless access terminal sends utilizes information to be verified behind the described symmetric key encryption;
Described deciphering module is used for the described symmetric key utilize described the first creditable calculation modules to produce, and the information to be verified after the encryption that described first information transceiver module is received is decrypted;
Described authentication module specifically is used for the information to be verified after the described deciphering module deciphering is verified.
Described first information transceiver module specifically is used for receiving the signing messages that the wireless access terminal sends, and perhaps described first information transceiver module specifically is used for receiving mac address information and the described signing messages that the wireless access terminal sends;
Described authentication module is specifically for verifying described signing messages, and perhaps described authentication module specifically is used for described mac address information and described signing messages are verified;
After described access module is specifically passed through for described signing messages checking, allow the access of described wireless access terminal, perhaps described access module specifically be used for described mac address information and described signing messages all verify pass through after, allow the access of described wireless access terminal;
Described signing messages is to obtain after described wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed.
The process that described authentication module is used for described signing messages is verified comprises: the characteristic information that the wireless access terminal that receives according to described first information transceiver module sends, obtain PIK certificate or the PEK certificate of described wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert, and utilize described PIK certificate or the described signing messages of PEK certification authentication.
The process that described authentication module is used for described mac address information is verified comprises: judge whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation that default permission accesses; If exist, then described mac address information checking is passed through.
A kind of Verification System of wireless access comprises wireless router and at least one wireless access terminal, wherein,
Described wireless access terminal is used for sending information to be verified to described wireless router;
Described wireless router is used for the information to be verified that described wireless access terminal sends is verified, and after checking is passed through, allows the access of described wireless access terminal.
Described wireless router comprises the first creditable calculation modules, first information transceiver module, deciphering module, authentication module and access module, and described wireless access terminal comprises the second creditable calculation modules, encrypting module and the second signal dispatcher module, wherein,
Described the second creditable calculation modules is for generation of a symmetrical key of consulting with described the first creditable calculation modules;
Described encrypting module is used for utilizing the described symmetric key of described the second creditable calculation modules generation, and the information to be verified that is sent to described first information transceiver module is encrypted;
Described the second signal dispatcher module is for the information to be verified that sends to described first information transceiver module after described encrypting module is encrypted;
Described the first creditable calculation modules is for generation of the described symmetric key of consulting with described the second creditable calculation modules;
Information to be verified after described first information transceiver module is encrypted for the described encrypting module that receives described the second signal dispatcher module transmission;
Described deciphering module is used for the described symmetric key utilize described the first creditable calculation modules to produce, and the information to be verified after the described encryption that described first information transceiver module is received is decrypted;
Described authentication module is used for the information to be verified after the described deciphering module deciphering is verified;
After described access module is passed through for described checking, allow the access of described wireless access terminal.
Described information to be verified is the signing messages that obtains after described wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed, and perhaps described information to be verified comprises the signing messages that obtains after mac address information and described wireless access terminal use PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; Described access module allows the access of described wireless access terminal after specifically passing through for described signing messages checking; Perhaps described access module specifically be used for described mac address information and described signing messages all verify pass through after, allow the access of described wireless access terminal.
The invention provides a kind of Verification System of authentication method, wireless router and wireless access of wireless access, by the verification process between wireless router and the wireless access terminal, solve the safety problem of wireless network.
Description of drawings
Fig. 1 is the flow chart of the authentication method of a kind of wireless access of the embodiment of the invention;
Fig. 2 is the flow chart of flow process of the authentication method of a kind of wireless access of another embodiment of the present invention;
Fig. 3 is the flow chart of flow process of the authentication method of a kind of wireless access of another embodiment of the present invention;
Fig. 4 is the frame diagram of a kind of wireless router of the embodiment of the invention;
Fig. 5 is the frame diagram of the Verification System of a kind of wireless access of the embodiment of the invention.
Embodiment
Fig. 1 is the flow chart of the authentication method of a kind of wireless access of the embodiment of the invention, please refer to Fig. 1:
S11, wireless router are verified the information to be verified that the wireless access terminal sends;
After S12, checking are passed through, allow the access of described wireless access terminal.
When checking is passed through, the access of refusal wireless access terminal, all right number of times of further adding up authentification failure when this number of times reaches a preset value, is charged to malice with this wireless access terminal and is accessed blacklist.
The information to be verified that wireless router is verified comprises multiple, can be the signing messages of wireless access terminal, the signing messages that is somebody's turn to do can be the signing messages that obtains after the wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; Can also be mac address information and this signing messages of wireless access terminal.In order further to guarantee the safety of wireless access, the information to be verified that wireless router is verified can be to encrypt through the wireless access terminal first, again through the authorization information after the wireless router deciphering.
The signing messages of the below take information to be verified as the wireless access terminal is example, by reference to the accompanying drawings the present invention is described in further detail by embodiment.
Fig. 2 is the flow chart of flow process of the authentication method of a kind of wireless access of another embodiment of the present invention, please refer to Fig. 2:
A symmetrical key is consulted in S21, wireless router and wireless access terminal;
S22, wireless access terminal obtain terminal feature information, such as information such as terminal name, user name, current time, the trusted computing chip of wireless access terminal carries out Hash to this characteristic information and produces summary info, and utilize the PIK certificate of wireless access terminal or PEK certificate that this summary info is signed to obtain signing messages, then the wireless access terminal utilizes the symmetric key of consulting that terminal feature information and signing messages are encrypted, and the information after encrypting is sent to wireless router;
The symmetric key that S23, wireless router utilization are consulted is decrypted enciphered message, characteristic information and the signing messages of the wireless access terminal after obtaining deciphering;
S24, wireless router are verified this signing messages, if the signing messages checking is passed through, then enter step S25, otherwise, enter step S26;
The method of verifying this signing messages can be: wireless router obtains PIK certificate or the PEK certificate of this wireless access terminal from default the permission the P IK certificate that accesses terminal or the PEK list of cert according to this characteristic information, and utilizes this PIK certificate or this signing messages of PEK certification authentication.
The access of S25, permission wireless access terminal accesses successfully.
The access of S26, refusal wireless access terminal adds up, malice to be charged in this wireless access terminal access blacklist when this number of times reaches a preset value not by the number of times of checking simultaneously.
Mac address information and the signing messages of the below take information to be verified as the wireless access terminal is example, and Fig. 3 is the flow chart of flow process of the authentication method of a kind of wireless access of another embodiment of the present invention, please from reference to figure 3:
A symmetrical key is consulted in S31, wireless router and wireless access terminal;
S32, wireless access terminal obtain terminal feature information, such as information such as terminal name, user name, current time, the trusted computing chip of wireless access terminal carries out Hash to this characteristic information and produces summary info, and utilize the PIK certificate of wireless access terminal or PEK certificate that this summary info is signed to obtain signing messages, then the wireless access terminal utilizes the symmetric key of consulting that terminal feature information, signing messages and mac address information are encrypted, and the information after encrypting is sent to wireless router;
The symmetric key that S33, wireless router utilization are consulted is decrypted enciphered message, characteristic information, signing messages and the mac address information of the wireless access terminal after obtaining deciphering;
S34, wireless router are verified this signing messages and mac address information, pass through if signing messages and mac address information are all verified, then enter step S35, otherwise, enter step S36;
The method of verifying this signing messages can comprise: wireless router obtains PIK certificate or the PEK certificate of this wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert according to this characteristic information, and utilizes this PIK certificate or this signing messages of PEK certification authentication; The method of verifying this mac address information can comprise: wireless router judges whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation of default permission access; If exist, then this mac address information checking is passed through, otherwise, this mac address information authentication failed.
The checking of signing messages and mac address information can be carried out simultaneously, also can verify first mac address information, and when the mac address information checking was passed through, the refusal access was verified under the condition of passing through at mac address information, certifying signature information again; Perhaps also can first certifying signature information, the signing messages checking by the time, the refusal access under the condition that the signing messages checking is passed through, is verified mac address information again;
The access of S35, permission wireless access terminal accesses successfully.
The access of S36, refusal wireless access terminal adds up unverified failed number of times simultaneously, when this number of times reaches a preset value, malice is charged in this wireless access terminal access blacklist.
The present invention also comprises a kind of wireless router, comprises first information transceiver module, authentication module and access module, and wherein, first information transceiver module is used for receiving the information to be verified that the wireless access terminal sends; Authentication module is used for the information to be verified that described first information transceiver module receives is verified; After access module is passed through for described checking, allow the access of described wireless access terminal.
Fig. 4 is the frame diagram of a kind of wireless router of the embodiment of the invention, please refer to Fig. 4:
A kind of wireless router comprises first information transceiver module 41, the first creditable calculation modules 42, deciphering module 43, authentication module 44 and access module 45, and wherein, the first creditable calculation modules 42 is for generation of a symmetrical key of consulting with the wireless access terminal; First information transceiver module 41 is used for receiving the information to be verified behind the symmetric key encryption that utilizes this negotiation that the wireless access terminal sends; Deciphering module 43 is used for this symmetric key of utilizing the first creditable calculation modules 42 to produce, and the information to be verified after the encryption that first information transceiver module 41 is received is decrypted; Authentication module 44 is used for the information to be verified after deciphering module 43 deciphering is verified; After the checking that access module 45 is used for authentication module 44 is passed through, allow this wireless access terminal access.
Further, information to be verified is the signing messages that the wireless access terminal sends, the mac address information and the signing messages that perhaps send for the wireless access terminal, signing messages are to obtain after the wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; The first information transceiver module 41 concrete signing messages that are used for receiving the wireless access terminal transmission perhaps receive mac address information and signing messages that the wireless access terminal sends; Authentication module 44 is concrete for this signing messages is verified, perhaps, mac address information and signing messages is all verified; Access module allows the wireless access terminal access after specifically passing through for the signing messages checking, after perhaps mac address information and signing messages are all verified and passed through, allows the wireless access terminal to access;
Further, the process that authentication module 44 is used for signing messages is verified comprises: the characteristic information that the wireless access terminal that receives according to first information transceiver module 41 sends, obtain PIK certificate or the PEK certificate of described wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert, and utilize this PIK certificate or this signing messages of PEK certification authentication.The process that authentication module is used for mac address information is verified comprises: judge whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation that default permission accesses; If exist, then the mac address information checking is passed through, otherwise, the mac address information authentication failed.
The present invention also comprises a kind of Verification System of wireless access, comprises wireless router and at least one wireless access terminal, and wherein, the wireless access terminal is used for sending information to be verified to wireless router; Wireless router is used for the information to be verified that the wireless access terminal sends is verified, and after checking is passed through, allows this wireless access terminal access.
Take wireless router and a wireless access terminal as example, Fig. 5 is the frame diagram of the Verification System of a kind of wireless access of the embodiment of the invention, please refer to Fig. 5:
A kind of Verification System of wireless access, comprise wireless router and a wireless access terminal, the wireless access terminal comprises the second creditable calculation modules 51, encrypting module 52 and the second signal dispatcher module 53, wireless router comprises first information transceiver module 41, the first creditable calculation modules 42, deciphering module 43, authentication module 44 and access module 45, wherein, the second creditable calculation modules 51 is for generation of a symmetrical key of consulting with the first creditable calculation modules 42; Encrypting module 52 is used for utilizing the described symmetric key of the second creditable calculation modules 51 generations, and the information to be verified that is sent to first information transceiver module 41 is encrypted; The second signal dispatcher module 53 is for the information to be verified that sends to first information transceiver module 41 after encrypting modules 52 are encrypted; The first creditable calculation modules 42 is for generation of the described symmetric key of consulting with the second creditable calculation modules 51; Information to be verified after first information transceiver module 41 is encrypted for the encrypting module 52 that receives 53 transmissions of the second signal dispatcher module; Deciphering module 43 is used for the described symmetric key that utilizes the first creditable calculation modules 42 to produce, and the information to be verified after the described encryption that first information transceiver module 41 is received is decrypted; Authentication module 44 is used for the information to be verified after deciphering module 43 deciphering is verified; After access module 45 is passed through for checking, allow this wireless access terminal access.
Further, information to be verified is the signing messages that obtains after the wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed, and perhaps information to be verified comprises the signing messages that obtains after mac address information and described wireless access terminal use PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; Encrypting module 52 is used for utilizing the described symmetric key of the second creditable calculation modules 51 generations, the signing messages that is sent to first information transceiver module 41 is encrypted, perhaps mac address information and the signing messages that is sent to first information transceiver module 41 is encrypted; The second signal dispatcher module 53 is used for sending signing messages after encrypting modules 52 are encrypted to first information transceiver module 41, perhaps sends mac address information and signing messages after encrypting modules 52 are encrypted to first information transceiver module 41; Deciphering module 43 is used for utilizing the described symmetric key of the first creditable calculation modules 42 generations, signing messages after the described encryption that first information transceiver module 41 is received is decrypted, and mac address information and signing messages after the described encryption of perhaps first information transceiver module 41 being received are decrypted; Authentication module 44 is used for the signing messages after deciphering module 43 deciphering is verified, perhaps mac address information and signing messages after deciphering module 43 deciphering is verified; Access module 45 allows this wireless access terminal access after passing through for this signing messages checking; Perhaps access module 45 be used for this mac address information and this signing messages all verify pass through after, allow this wireless access terminal access.
Because creditable calculation modules has high security at the aspects such as safe storage of data encrypting and deciphering, data, the present invention can utilize creditable calculation modules to strengthen the fail safe of wireless access, cracks after the data that prevent wireless router are intercepted and captured and Replay Attack etc.For further improving the fail safe of wireless network, the present invention can also be kept at symmetric key the nonvolatile storage space of trusted computing chip, prevents losing of key; Can also be with the PIK certificate that allows to access terminal or PEK list of cert, allow the mac address information tabulation of access to be kept at the nonvolatile storage space of the trusted computing chip of wireless router, prevent from illegally distorting.
Above content is in conjunction with concrete execution mode further description made for the present invention, can not assert that implementation of the present invention is confined to these explanations.For the general technical staff of the technical field of the invention, without departing from the inventive concept of the premise, can also make some simple deduction or replace, all should be considered as belonging to protection scope of the present invention.
Claims (13)
1. the authentication method of a wireless access is characterized in that, comprising:
Wireless router is verified the information to be verified that the wireless access terminal sends;
After checking is passed through, allow the access of described wireless access terminal.
2. the method for claim 1 is characterized in that, before the information to be verified that described wireless router sends the wireless access terminal was verified, also comprise: a symmetrical key was consulted in wireless router and wireless access terminal; Wireless router is decrypted the information to be verified behind the described symmetric key encryption of utilizing that the wireless access terminal sends; The information to be verified that described wireless router sends the wireless access terminal is verified and is specially: the information to be verified after the deciphering is verified.
3. method as claimed in claim 1 or 2 is characterized in that, described information to be verified is the signing messages that obtains after described wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; After described signing messages checking is passed through, allow the access of described wireless access terminal; Perhaps,
Described information to be verified comprises the signing messages that obtains after mac address information and described wireless access terminal use PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; After described mac address information and described signing messages are all verified and passed through, allow the access of described wireless access terminal.
4. method as claimed in claim 3 is characterized in that, the process that wireless router is verified described signing messages comprises:
Wireless router receives the characteristic information that the wireless access terminal sends;
Wireless router obtains PIK certificate or the PEK certificate of described wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert according to described characteristic information, and utilizes described PIK certificate or the described signing messages of PEK certification authentication.
5. method as claimed in claim 3, it is characterized in that, the process that wireless router is verified described mac address information comprises: wireless router judges whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation of default permission access; If exist, then described mac address information checking is passed through.
6. a wireless router is characterized in that, comprises first information transceiver module, authentication module and access module, wherein,
Described first information transceiver module is used for receiving the information to be verified that the wireless access terminal sends;
Described authentication module is used for the information to be verified that described first information transceiver module receives is verified;
After described access module is passed through for described checking, allow the access of described wireless access terminal.
7. wireless router as claimed in claim 6 is characterized in that, also comprises the first creditable calculation modules and deciphering module, wherein,
Described the first creditable calculation modules is for generation of a symmetrical key of consulting with described wireless access terminal;
Described first information transceiver module is used for specifically receiving that described wireless access terminal sends utilizes information to be verified behind the described symmetric key encryption;
Described deciphering module is used for the described symmetric key utilize described the first creditable calculation modules to produce, and the information to be verified after the encryption that described first information transceiver module is received is decrypted;
Described authentication module specifically is used for the information to be verified after the described deciphering module deciphering is verified.
8. such as claim 6 or 7 described wireless routers, it is characterized in that, described first information transceiver module specifically is used for receiving the signing messages that the wireless access terminal sends, and perhaps described first information transceiver module specifically is used for receiving mac address information and the described signing messages that the wireless access terminal sends;
Described authentication module is specifically for verifying described signing messages, and perhaps described authentication module specifically is used for described mac address information and described signing messages are verified;
After described access module is specifically passed through for described signing messages checking, allow the access of described wireless access terminal, perhaps described access module specifically be used for described mac address information and described signing messages all verify pass through after, allow the access of described wireless access terminal;
Described signing messages is to obtain after described wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed.
9. wireless router as claimed in claim 8, it is characterized in that, the process that described authentication module is used for described signing messages is verified comprises: the characteristic information that the wireless access terminal that receives according to described first information transceiver module sends, obtain PIK certificate or the PEK certificate of described wireless access terminal from default the permission the PIK certificate that accesses terminal or the PEK list of cert, and utilize described PIK certificate or the described signing messages of PEK certification authentication.
10. wireless router as claimed in claim 8, it is characterized in that, the process that described authentication module is used for described mac address information is verified comprises: judge whether the mac address information that the wireless access terminal sends is present in the mac address information tabulation that default permission accesses; If exist, then described mac address information checking is passed through.
11. the Verification System of a wireless access is characterized in that, comprises wireless router and at least one wireless access terminal, wherein,
Described wireless access terminal is used for sending information to be verified to described wireless router;
Described wireless router is used for the information to be verified that described wireless access terminal sends is verified, and after checking is passed through, allows the access of described wireless access terminal.
12. system as claimed in claim 11, it is characterized in that, described wireless router comprises the first creditable calculation modules, first information transceiver module, deciphering module, authentication module and access module, described wireless access terminal comprises the second creditable calculation modules, encrypting module and the second signal dispatcher module, wherein
Described the second creditable calculation modules is for generation of a symmetrical key of consulting with described the first creditable calculation modules;
Described encrypting module is used for utilizing the described symmetric key of described the second creditable calculation modules generation, and the information to be verified that is sent to described first information transceiver module is encrypted;
Described the second signal dispatcher module is for the information to be verified that sends to described first information transceiver module after described encrypting module is encrypted;
Described the first creditable calculation modules is for generation of the described symmetric key of consulting with described the second creditable calculation modules;
Information to be verified after described first information transceiver module is encrypted for the described encrypting module that receives described the second signal dispatcher module transmission;
Described deciphering module is used for the described symmetric key utilize described the first creditable calculation modules to produce, and the information to be verified after the described encryption that described first information transceiver module is received is decrypted;
Described authentication module is used for the information to be verified after the described deciphering module deciphering is verified;
After described access module is passed through for described checking, allow the access of described wireless access terminal.
13. such as claim 11 or 12 described systems, it is characterized in that, described information to be verified is the signing messages that obtains after described wireless access terminal uses PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed, and perhaps described information to be verified comprises the signing messages that obtains after mac address information and described wireless access terminal use PIK certificate or PEK certificate that the eap-message digest of terminal feature information generation is signed; Described access module allows the access of described wireless access terminal after specifically passing through for described signing messages checking; Perhaps described access module specifically be used for described mac address information and described signing messages all verify pass through after, allow the access of described wireless access terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110329209.9A CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110329209.9A CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103079200A true CN103079200A (en) | 2013-05-01 |
| CN103079200B CN103079200B (en) | 2016-08-03 |
Family
ID=48155584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110329209.9A Active CN103079200B (en) | 2011-10-26 | 2011-10-26 | The authentication method of a kind of wireless access, system and wireless router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103079200B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415016A (en) * | 2013-07-05 | 2013-11-27 | 惠州Tcl移动通信有限公司 | Mobile WIFI hotspot connection processing method and system |
| CN103475505A (en) * | 2013-08-27 | 2013-12-25 | 北京智谷睿拓技术服务有限公司 | Mobile equipment and method for setting external network service through mobile equipment |
| CN104270759A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Equipment for detecting wireless network invasion |
| CN104320781A (en) * | 2014-11-27 | 2015-01-28 | 上海斐讯数据通信技术有限公司 | Verifying method and system for mobile terminal |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| CN104836785A (en) * | 2014-02-07 | 2015-08-12 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN105007579A (en) * | 2014-04-24 | 2015-10-28 | 中国移动通信集团广东有限公司 | Wireless local area network access authentication method and terminal |
| WO2016045359A1 (en) * | 2014-09-26 | 2016-03-31 | 中兴通讯股份有限公司 | Authentication method, wireless router and computer storage medium |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| WO2016184208A1 (en) * | 2015-11-10 | 2016-11-24 | 中兴通讯股份有限公司 | Limited terminal identification and processing method, apparatus, and wireless access point device |
| CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
| CN106451629A (en) * | 2016-10-31 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Method for router wireless charging with specified MAC address and router device |
| CN108471613A (en) * | 2018-03-28 | 2018-08-31 | 湖南东方华龙信息科技有限公司 | The verification method of wireless router |
| CN108900306A (en) * | 2018-07-02 | 2018-11-27 | 四川斐讯信息技术有限公司 | A kind of production method and system of wireless router digital certificate |
| CN111010371A (en) * | 2019-11-15 | 2020-04-14 | 广东电力信息科技有限公司 | Method for realizing stable terminal access based on ipv6 automatic configuration |
| CN112468356A (en) * | 2019-09-09 | 2021-03-09 | 北京奇虎科技有限公司 | Router interface testing method and device, electronic equipment and storage medium |
| CN112637128A (en) * | 2020-11-25 | 2021-04-09 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN113630405A (en) * | 2021-07-30 | 2021-11-09 | 北京达佳互联信息技术有限公司 | Network access authentication method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101455025A (en) * | 2006-05-26 | 2009-06-10 | 卢森特技术有限公司 | Encryption method for secure packet transmission |
| CN201498001U (en) * | 2009-09-04 | 2010-06-02 | 瑞达信息安全产业股份有限公司 | Credible calculation platform based on symmetrical key codes |
| CN101867929A (en) * | 2010-05-25 | 2010-10-20 | 北京星网锐捷网络技术有限公司 | Authentication method, system, authentication server and terminal equipment |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
-
2011
- 2011-10-26 CN CN201110329209.9A patent/CN103079200B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101455025A (en) * | 2006-05-26 | 2009-06-10 | 卢森特技术有限公司 | Encryption method for secure packet transmission |
| CN201498001U (en) * | 2009-09-04 | 2010-06-02 | 瑞达信息安全产业股份有限公司 | Credible calculation platform based on symmetrical key codes |
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN101867929A (en) * | 2010-05-25 | 2010-10-20 | 北京星网锐捷网络技术有限公司 | Authentication method, system, authentication server and terminal equipment |
| CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415016A (en) * | 2013-07-05 | 2013-11-27 | 惠州Tcl移动通信有限公司 | Mobile WIFI hotspot connection processing method and system |
| CN103475505A (en) * | 2013-08-27 | 2013-12-25 | 北京智谷睿拓技术服务有限公司 | Mobile equipment and method for setting external network service through mobile equipment |
| WO2015070638A1 (en) * | 2013-11-18 | 2015-05-21 | 宽兆科技(深圳)有限公司 | Wireless router, and rapid access control method and connection authentication method thereof |
| CN104836785A (en) * | 2014-02-07 | 2015-08-12 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN104836785B (en) * | 2014-02-07 | 2019-09-27 | 现代自动车株式会社 | Terminal authentication system and method for vehicle network connection |
| CN105007579A (en) * | 2014-04-24 | 2015-10-28 | 中国移动通信集团广东有限公司 | Wireless local area network access authentication method and terminal |
| CN105007579B (en) * | 2014-04-24 | 2019-03-15 | 中国移动通信集团广东有限公司 | A kind of access authentication of WLAN method and terminal |
| WO2016045359A1 (en) * | 2014-09-26 | 2016-03-31 | 中兴通讯股份有限公司 | Authentication method, wireless router and computer storage medium |
| CN104270759A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Equipment for detecting wireless network invasion |
| CN104320781A (en) * | 2014-11-27 | 2015-01-28 | 上海斐讯数据通信技术有限公司 | Verifying method and system for mobile terminal |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| CN106686590A (en) * | 2015-11-10 | 2017-05-17 | 中兴通讯股份有限公司 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
| WO2016184208A1 (en) * | 2015-11-10 | 2016-11-24 | 中兴通讯股份有限公司 | Limited terminal identification and processing method, apparatus, and wireless access point device |
| CN106451629A (en) * | 2016-10-31 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Method for router wireless charging with specified MAC address and router device |
| CN106451629B (en) * | 2016-10-31 | 2019-10-25 | 上海斐讯数据通信技术有限公司 | The method and router apparatus of the router wireless charging of specified MAC Address |
| CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
| CN108471613A (en) * | 2018-03-28 | 2018-08-31 | 湖南东方华龙信息科技有限公司 | The verification method of wireless router |
| CN108900306A (en) * | 2018-07-02 | 2018-11-27 | 四川斐讯信息技术有限公司 | A kind of production method and system of wireless router digital certificate |
| CN112468356A (en) * | 2019-09-09 | 2021-03-09 | 北京奇虎科技有限公司 | Router interface testing method and device, electronic equipment and storage medium |
| CN112468356B (en) * | 2019-09-09 | 2023-11-03 | 北京奇虎科技有限公司 | Router interface testing method, device, electronic equipment and storage medium |
| CN111010371A (en) * | 2019-11-15 | 2020-04-14 | 广东电力信息科技有限公司 | Method for realizing stable terminal access based on ipv6 automatic configuration |
| CN112637128A (en) * | 2020-11-25 | 2021-04-09 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN112637128B (en) * | 2020-11-25 | 2022-07-08 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN113630405A (en) * | 2021-07-30 | 2021-11-09 | 北京达佳互联信息技术有限公司 | Network access authentication method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103079200B (en) | 2016-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103079200B (en) | The authentication method of a kind of wireless access, system and wireless router | |
| CN102594558B (en) | Anonymous digital certificate system and verification method of trustable computing environment | |
| CN104735068B (en) | Method based on the close SIP safety certification of state | |
| CN103532713B (en) | Sensor authentication and shared key production method and system and sensor | |
| CN101212293B (en) | Identity authentication method and system | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN105281909A (en) | Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism | |
| CN101610150B (en) | Third-party digital signature method and data transmission system | |
| CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
| CN103095696A (en) | Identity authentication and key agreement method suitable for electricity consumption information collection system | |
| CN109729523A (en) | A kind of method and apparatus of terminal networking certification | |
| CN101588245A (en) | A kind of method of authentication, system and memory device | |
| CN102036238A (en) | Method for realizing user and network authentication and key distribution based on public key | |
| CN101783800A (en) | Embedded system safety communication method, device and system | |
| CN106027251A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| CN103023911A (en) | Authentication method for access of trusted network devices to trusted network | |
| CN101145915B (en) | An authentication system and method of trustable router | |
| CN112417494A (en) | Power block chain system based on trusted computing | |
| CN111711625A (en) | Power system information security encryption system based on power distribution terminal | |
| CN103905384A (en) | Embedded inter-terminal session handshake realization method based on security digital certificate | |
| WO2015158228A1 (en) | Server, user equipment, and method for user equipment to interact with server | |
| CN104243452A (en) | Method and system for cloud computing access control | |
| Wang et al. | Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy | |
| WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system | |
| CN103944721A (en) | Method and device for protecting terminal data security on basis of web |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |