CN103313242B - The verification method and device of key - Google Patents

The verification method and device of key Download PDF

Info

Publication number
CN103313242B
CN103313242B CN201210071034.0A CN201210071034A CN103313242B CN 103313242 B CN103313242 B CN 103313242B CN 201210071034 A CN201210071034 A CN 201210071034A CN 103313242 B CN103313242 B CN 103313242B
Authority
CN
China
Prior art keywords
sta
request message
message
mic
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210071034.0A
Other languages
Chinese (zh)
Other versions
CN103313242A (en
Inventor
冯成燕
朱李
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201210071034.0A priority Critical patent/CN103313242B/en
Publication of CN103313242A publication Critical patent/CN103313242A/en
Application granted granted Critical
Publication of CN103313242B publication Critical patent/CN103313242B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses the verification methods and device of a kind of key.Wherein, this method includes:AP receives STA and secondary association or re-associates to the first request message sent during the AP again, wherein, above-mentioned first request message carries STA on secondary association or re-associates to corresponding safe context during the AP and identifies;The safe context of above-mentioned STA that AP is locally preserved according to above-mentioned safe context identification retrieval, and judge whether the safe context retrieved is effective;If effectively, AP directly carries out key authentication processing with the STA.It by the present invention, simplifies STA and AP and re-establishes the safety verification flow of link, avoid the problem of causing networking time delay longer due to flow complexity.

Description

The verification method and device of key
Technical field
The present invention relates to the communications field, in particular to the verification method and device of a kind of key.
Background technology
Institute of Electrical and Electric Engineers (Institute for Electrical and Electronic Engineers, referred to as IEEE) 802.11 be first generation WLAN (Wireless Local Area Networks, letter One of referred to as WLAN) standard.As shown in Figure 1,802.11 network of IEEE includes:Work station (Station, referred to as STA), wireless access point (Access Point, referred to as AP).Wherein, STA can be any matchmaker for having IEEE 802.11 Body access control (Media Access Control, referred to as MAC) layer and physical layer (Physical Layer, referred to as PHY) the equipment of interface, usually by a personal computer (Personal Computer, referred to as PC) or notebook computer In addition wireless network card is formed.In addition, STA can also be the embedded device that can provide wireless connection in non-computer terminal (for example, 802.11 mobile phones).AP can regard a wireless Hub as, for providing the bridge between STA and existing backbone network It connects, which can be wired or wireless.One AP and one or more STA in its coverage area Form a Basic Service Set (Basic Service Set, referred to as BSS).BSS passes through basic service set identification (BSSID) Unique mark is carried out, BSSID is the MAC Address of AP.Terminal can communicate in a BSS.Using identical clothes Be engaged in the more massive virtual BSS that multiple BSS of set identifier SSID are formed, and is defined as extended service set (Extended Service Set, referred to as ESS).Terminal can communicate in same ESS and can be moved between multiple BSS of subordinate. Connect the network of multiple BSS in ESS and cable network be known as distributed system (Distribution System, referred to as DS).Wirelessly or non-wirelessly technology, generally use ethernet technology may be used in DS.
When STA accesses 802.11 networks of IEEE, in order to complete certification and Internet protocol (Internet Protocol, referred to as IP) address allocation function, as shown in Fig. 2, wlan network further includes certificate server (Authentication Server, referred to as AS) and Dynamic Host Configuration Protocol server (Dynamic Host Configuration protocol Server, referred to as Dynamic Host Configuration Protocol server).AS is the entity that authentication service is provided for STA, 802.11 networks of access only could be authorized to by the STA of certification.AS can also be embedded in AP, and Dynamic Host Configuration Protocol server is then STA distributes IP address, and STA can access internet (Internet) by the wlan network.
Fig. 3 is according to the schematic diagram of the key code system framework of the safety of the IEEE 802.11i of the relevant technologies, such as Fig. 3 institutes Show, pairwise master key (Pairwise Master Key, referred to as PMK) is STA and AS in Extensible Authentication Protocol The key of each self-generating, length are in (Extensible Authentication Protocol, referred to as EAP) verification process 256, (PMKID) is identified by PMK and is identified.Pair temporal key (Pairwise Transient Key, referred to as PTK) It is the random number ANonce that STA and AP are generated respectively according to random number SNonce and AP that PMK and STA is generated, respectively derives The key gone out.Low 128 of PTK are Key Confirmation Key (Key Confirmation Key, referred to as KCK), 128 intermediate For key-encrypting key (Key Encryption Key, referred to as KEK), remaining most significant bit (Most Significant Bit, referred to as MSB are temporary key (Temporal Key, referred to as TK).Wherein, KCK is used to be 4 times EAPOL-KEY (Extensible Authentication Protocol OVER in handshake procedure and group key handshake procedure LAN KEY) message offer data source authentication;KEK is used for as 4 key information frame EAPOL-KEY to shake hands with group key that shake hands Message provides Confidentiality protection;TK user protects the transmission of the data message between STA and AP.
In addition, IEEE 802.11 also defines a group temporary key (Group Temporal Key, referred to as GTK).GTK It is a random number of AP generations, in group key handshake procedure, after AP encrypts GTK with KEK, is transferred to STA.
The flow chart that Fig. 4 is established safely when being and accessing 802.11 networks of IEEE according to the STA of the relevant technologies, such as Fig. 4 institutes Show, specifically include following steps (step S401- step S416):
Step S401-S402 broadcasts beacon (Beacon) message by AP or STA actively sends probe requests thereby to AP (Probe Request) message, AP respond (Probe Response) message to STA echo probes, inform energy of the STA about AP The information such as power, parameter and security parameter.
Step S403-S404 carries out open system authentication between STA and AP.Wherein, open system authentication process is not Establish really safety.
Step S405-S406, is associated between STA and AP.STA sends association request to AP, and AP receives association please After asking associated response is sent to STA.By the step, 802.11 channel of IEEE is established between STA and AP.
Step S407 carries out EAP authentication between STA and AS.After the completion of the process, STA and 802.11 networks of IEEE are complete Into two-way authentication, and PMK is generated respectively.
Step S408, AS pass through remote customer dialing authentication system (Remote Authentication Dial In User Service, referred to as RADIUS) access acceptance (Access Accept) message is sent, inform AP certifications success, and will The PMK generated during EAP is sent to AP.
Step S409, AP send 802.1X message to STA, wherein, 802.1X message is packaged with EAP successes (EAP- Success) message.
Step S410 proceeds by 4-Way Handshake process between AP and STA, verify the key of both sides' generation.AP generation with The several first random number ANonce of machine, and be carried in key information frame (EAPOL-Key) message, it is sent to STA.
Step S411, STA generate the second random number SNonce, and according to SNonce and the ANonce and EAP that receive The PMK generation PTK generated in the process, and intercept PTK and obtain Key Confirmation Key KCK, KEK and temporary key TK;STA is sent out to AP EAPOL-Key message is sent, wherein carrying the second random number SNonce.The message integrity verification that message carrying is calculated with KCK Code (Message Integrity Code, referred to as MIC).
Step S412, AP are according to generation during the SNonce received and the ANonce and EAP that oneself generate PMK, according to the same algorithms of STA, derive PTK, and intercept PTK obtain KCK, KEK and TK.The KCK docking of AP generations The EAPOL-Key message received is verified.If be proved to be successful, AP sends EAPOL-Key message to STA, which carries Random number ANonce, and carry the MIC calculated with KCK.
Step S413, STA verify the EAPOL-Key message received.If be proved to be successful, STA installation bases The temporary key TK that PTK is obtained is intercepted, and EAPOL-Key message is sent to AP.The MIC that message carrying is calculated with KCK.Extremely This, 4 handshake procedures between STA and AP terminate.
Step S414 carries out group key handshake procedure between STA and AP.AP optionally generates third random number GNonce, And random selection group temporary key GTK, GTK is encrypted with KEK, encrypted GTK and/or random number GNonce are carried on EAPOL- In Key message, it is sent to STA.EAPOL-Key message equally also carries the MIC calculated with KCK.
Step S415:STA verifies the EAPOL-Key message received, is obtained if it is successful, being decrypted with KCK GTK;STA sends EAPOL-Key message to AP, carries the MIC calculated with KCK.AP verifies the message received.Extremely This, STA completes the foundation of initial connection, can carry out the transmitting-receiving of data packet.
Step S416, STA and wlan network carry out dhcp process, obtain IP address.
Mobile subscriber constantly enters or leaves the overlay area of an ESS.Every time when mobile equipment enters an ESS When, mobile equipment must carry out the process that initial link circuit is established in STA networkings as shown in Figure 4.If STA was associated in the past Associated safety context before may being cached at the AP, STA and AP during once connection.At this point, according to IEEE The definition of 802.11 agreements, AP can omit EAP authentication process after associated steps, directly initiate 4-Way Handshake process.It but should Flow still has the problem of security step is more, longer so as to cause the time delay of STA networkings.When a large number of users is simultaneously shorter (such as in subway station, a large number of users, which has descended after subway to need to connect wlan network, to be obtained when needing to access wlan network in the time Relevant route information), the problem of networking time delay is longer, can be more serious.
For in the relevant technologies, during STA and AP re-establishes link, safety verification flow is complicated, and cause into The problem of net time delay is longer, currently no effective solution has been proposed.
Invention content
During re-establishing link for STA in the relevant technologies and AP, safety verification flow is complicated, and causes to network The problem of time delay is longer, the present invention provides the verification method and device of a kind of key, at least to solve the above problems.
According to an aspect of the invention, there is provided a kind of verification method of key, including:AP receives STA secondary associations again Or the first request message sent during the AP is re-associated to, wherein, above-mentioned first request message carries on STA secondary association or again It is associated with corresponding safe context mark during the AP;AP locally preserves above-mentioned according to above-mentioned safe context identification retrieval The safe context of STA, and judge whether the safe context retrieved is effective;If effectively, AP is directly carried out close with the STA Key verification processing.
Preferably, the safe context mark, including at least one of:Pairwise master key mark PMKID, in pairs master Re-authentication root key (rRK) in key PMK sequence numbers and Extensible Authentication Protocol (EAP) re-authentication agreement (EAP-RP) Mark or certification master session key (rMSK) mark.
Preferably, first request message also carries the random number SNonce of the STA generations.
Preferably, the AP directly carries out key authentication processing with the STA, including:The AP generates random number ANonce, according to the safe context and the SNonce and the ANonce derivation pair temporal key PTK, and according to The PTK generation Key Confirmation Keys KCK;The AP calculates the first of first request message using the KCK of generation The message integrity verification code MIC of response message, and first response message is sent to the STA, wherein, first sound Message is answered to carry the MIC of first response message;The AP receives the STA after first response message is received The second request message returned, and verify the MIC that second request message carries.
Preferably, if the verification passes, it after verifying the MIC that second request message carries, further includes:The AP makes The MIC of the second response message of second request message calculated with the KCK of generation, and to described in STA transmissions Second response message, wherein, second response message carries the MIC of second response message.
Preferably, the AP receives the second request message that the STA is returned after first response message is received Before, it further includes:The STA derives PTK according to the safe context and the ANonce that locally preserve and the SNonce, And KCK is generated according to the PTK;If the verification passes, the STA sends second request message to the AP, wherein, institute It states the second request message and carries the MIC of second request message that the STA is calculated using the KCK of generation.
Preferably, the AP directly carries out key authentication processing with the STA, including:The AP generates random number ANonce, and to the STA transmission carry the ANonce first request message the first response message;The AP The second request message that the STA is returned is received, wherein, second request message carries second request message MIC;The AP derives PTK, and give birth to according to the PTK according to the safe context and the ANonce and the SNonce Into KCK;The AP verifies the MIC of second request message using the KCK of generation, and if the verification passes, the AP makes The MIC of the second response message of second request message is calculated with the KCK of generation, and the second sound is sent to the STA Message is answered, wherein, second response message carries the MIC of second response message.
Preferably, the AP directly carries out key authentication processing with the STA, including:The AP generates random number ANonce, and to the STA transmission carry the ANonce first request message the first response message;The AP PTK is derived, and generate KCK according to the PTK according to the safe context and the ANonce and the SNonce;It is described AP receives the second request message that the STA is returned, wherein, second request message carries second request message MIC;The AP verifies the MIC of second request message using the KCK of generation, and if the verification passes, the AP is used The KCK of generation calculates the MIC of the second response message of second request message, and sends the second response to the STA Message, wherein, second response message carries the MIC of second response message.
Preferably, it before the AP receives the second request message that the STA is returned, further includes:Described in the STA is received First response message, according to the safe context and the ANonce that locally preserve and SNonce derivation PTK, and according to The PTK generates KCK;The STA calculates the MIC of second request message using the KCK of generation;The STA is to institute It states AP and sends second request message, wherein, second request message carries the MIC of second request message.
Preferably, the AP directly carries out key authentication processing with the STA, including:The AP generates random number ANonce, and to the STA transmission carry the ANonce first request message the first response message;The AP The second request message that the STA is returned is received, wherein, second request message carries the random number of the STA generations The MIC of SNonce and second request message;The AP is according to the safe context and the SNonce and described ANonce derives PTK, and generates Key Confirmation Key KCK according to the PTK;The AP verifies institute using the KCK of generation The MIC of the second request message is stated, if the verification passes, the AP calculates second request message using the KCK of generation The second response message MIC, and send second response message to the STA, wherein, second response message carries There is the MIC of second response message.
Preferably, before the AP receives the second request message that the STA is returned, the method further includes:The STA SNonce is generated, PTK is derived, and according to institute according to the safe context and the SNonce that locally preserve and the ANonce State PTK generation Key Confirmation Keys KCK;The STA calculates the MIC of second request message according to the KCK of generation;Institute It states STA and sends second request message to the AP, wherein, second request message carries second request message MIC.
Preferably, it before AP receives STA the first request messages that secondary association or while re-associating to the AP send again, also wraps It includes:The AP receives the second request message that the STA is sent, and generates random number ANonce, and sends described the to the STA Second response message of two request messages, wherein, the ANonce of generation is carried in second response message;It is described STA receives second response message, generates random number SNonce, according to the safe context of preservation and receive described in The ANonce and SNonce derives PTK, and KCK is generated, and return to first request message to the AP according to the PTK, Wherein, the MIC of first request message that the STA is calculated using the KCK is also carried in first request message With the SNonce.
Preferably, the AP directly carries out key authentication processing with the STA, including:The AP is according to the peace retrieved Full context and the SNonce received the and ANonce derive PTK, and KCK is generated according to the PTK;The AP makes The MIC of second request message is verified with the KCK of generation, and if the verification passes, the AP uses the KCK generated The MIC of the first response message of first request message is calculated, and first response message is sent to the STA, wherein, First response message carries the MIC of first response message.
Preferably, first request message starts for authentication request message or the Extensible Authentication Protocol based on LAN EAPOL-Start message, second request message are association request message;Alternatively, first request message please for association Message is sought, second request message is authentication request message or the Extensible Authentication Protocol key EAPOL-KEY based on LAN Message.
Preferably, first response message is authentication response message or EAP Request/mark message, and described second responds Message is associate response message;Alternatively, first response message is associate response message, second request message is certification Response message or the Extensible Authentication Protocol key eapol-key message based on LAN.
Preferably, if the AP do not retrieve the safe context of the STA or the safe context that detects without Effect then carries the parameter that instruction STA carries out complete EAP authentication or EAP re-authentication in first response message.
Preferably, the safe context, including:Pairwise master key (PMK).
According to another aspect of the present invention, a kind of verification device of key is provided, including:Receiving module, for receiving STA the first request messages that secondary association or while re-associating to AP send again, wherein, above-mentioned first request message carries the STA Upper secondary association or while re-associating to AP corresponding safe context mark;Module is retrieved, for according to above-mentioned safe context mark Know the safe context of above-mentioned STA that retrieval locally preserves;Judgment module, for judging whether the safe context retrieved has Effect;Authentication module, for when the judging result of judgment module is effective, directly carrying out key authentication processing with above-mentioned STA.
Preferably, the safe context mark, including at least one of:Pairwise master key mark PMKID, in pairs master Key PMK sequence numbers and rRK marks or rMSK marks in Extensible Authentication Protocol EAP re-authentication agreements EAP-RP.
Preferably, first request message also carries the random number SNonce of the STA generations.
Preferably, the authentication module, including:First generation unit, for generating random number ANonce, according to the peace Full context and the SNonce and the ANonce derive pair temporal key PTK, and true according to PTK generation keys Recognize key KCK;First computing unit, the first response for being calculated first request message using the KCK of generation are disappeared The message integrity verification code MIC of breath;First transmitting element, for sending first response message to the STA, wherein, First response message carries the MIC of first response message;First receiving unit is connecing for receiving the STA Receive the second request message returned after first response message;First authentication unit, for verifying that second request disappears Cease the MIC carried.
Preferably, if first authentication unit is verified, the KCK meters of the computing unit generation are triggered The MIC of second response message of second request message calculated, and send second response from transmitting element to the STA Message, wherein, second response message carries the MIC of second response message.
Preferably, the authentication module, including:Second generation unit, for generating random number ANonce;Second sends list Member, for carrying the first response message of first request message of the ANonce to STA transmissions;Second receives Unit, for receiving the second request message that the STA is returned, wherein, second request message carries described second please Seek the MIC of message;Second generation unit is additionally operable to according to the safe context and the ANonce and described SNonce derives PTK, and generates KCK according to the PTK;Second authentication unit, for using described in the KCK of generation verifications The MIC of second request message if the verification passes, triggers the generation unit and calculates described second using the KCK of generation The MIC of second response message of request message, and the second response message is sent from the transmitting element to the STA, wherein, institute State the MIC that the second response message carries second response message.
Preferably, the authentication module, including:Third generation unit, for generating random number ANonce;Third sends single Member, for carrying the first response message of first request message of the ANonce to STA transmissions;Third receives Unit, for receiving the second request message that the STA is returned, wherein, second request message carries the STA generations Random number SNonce and second request message MIC;The third generation unit, is additionally operable to according to above and below the safety The literary and described SNonce and ANonce derives PTK, and generates Key Confirmation Key KCK according to the PTK;Third is verified Unit, for the KCK of generation to be used to verify the MIC of second request message;Third computing unit, for logical in verification It is out-of-date, the MIC of the second response message of second request message is calculated using the KCK of generation;The third sends single Member is additionally operable to send second response message to the STA, wherein, second response message carries second sound Answer the MIC of message.
Preferably, first request message is authentication request message, and second request message is association request message; Alternatively, first request message is association request message, second request message is authentication request message or EAPOL-KEY Message.
By the present invention, STA secondary associations or when re-associating to AP again, AP is according to the safe context identification retrieval sheet of STA Secondary association or safe context when re-associating to the AP on the STA that ground preserves, and the safe context of the STA retrieved has It imitates, then AP directly carries out key authentication processing with the STA, simplifies STA and AP and re-establishes the safety verification flow of link, keeps away The problem of having exempted to cause networking time delay longer due to flow complexity.
Description of the drawings
Attached drawing described herein is used to provide further understanding of the present invention, and forms the part of the application, this hair Bright illustrative embodiments and their description do not constitute improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram according to a kind of 802.11 network of the relevant technologies;
Fig. 2 is the schematic diagram according to a kind of wlan network of the relevant technologies;
Fig. 3 is the schematic diagram according to the key code system framework of the safety of the IEEE 802.11i of the relevant technologies;
The flow chart that Fig. 4 is established safely when being and accessing 802.11 networks of IEEE according to the STA of the relevant technologies;
Fig. 5 is the flow chart of the verification method of key according to embodiments of the present invention;
Fig. 6 is the flow chart according to the verification method of the key of the preferred embodiment of the present invention one;
Fig. 7 is the flow chart according to the verification method of the key of the preferred embodiment of the present invention two;
Fig. 8 is the flow chart according to the verification method of the key of the preferred embodiment of the present invention three;
Fig. 9 is the flow chart according to the verification method of the key of the preferred embodiment of the present invention four;
Figure 10 is the schematic diagram of the verification device of key according to embodiments of the present invention;
Figure 11 is a kind of schematic diagram of preferred authentication module according to embodiments of the present invention;
Figure 12 is the schematic diagram of another preferred authentication module according to embodiments of the present invention;
Figure 13 is the schematic diagram of another preferred authentication module according to embodiments of the present invention.
Specific embodiment
Come that the present invention will be described in detail below with reference to attached drawing and in conjunction with the embodiments.It should be noted that do not conflicting In the case of, the feature in embodiment and embodiment in the application can be combined with each other.
A kind of verification method of key is provided according to embodiments of the present invention, is simplified STA and AP and is re-established link Safety verification flow, avoid because flow complexity due to cause networking time delay longer the problem of.
Fig. 5 is the flow chart of the verification method of key according to embodiments of the present invention, as shown in figure 5, this method can wrap Include following steps (step S502- step S506):
Step S502, AP receive STA the first request messages that secondary association or while re-associating to AP send again, wherein, first Request message corresponding safe context mark when carrying secondary association on STA or re-associating to AP.
The safe context of STA that step S504, AP are locally preserved according to safe context identification retrieval, and judge to retrieve Whether the safe context arrived is effective;
Step S506, if effectively, AP directly carries out key authentication processing with STA.
Through the embodiment of the present invention, STA secondary associations or when re-associating to AP again, AP is identified according to the safe context of STA The STA last time that retrieval locally preserves is associated with the safe context during AP, and the safe context of the STA retrieved has It imitates, then AP directly carries out key authentication processing with the STA, simplifies STA and AP and re-establishes the safety verification flow of link, keeps away The problem of having exempted to cause networking time delay longer due to flow complexity.
STA and AP can cache the safe context of secondary association or re-association generation, and can pass through different safety Context identifier is identified.In a preferred embodiment of the embodiment of the present invention, above-mentioned safe context mark, including But it is not limited at least one of:Pairwise master key mark (PMKID), pairwise master key (PMK) sequence number and expansible recognize Demonstrate,prove re-authentication root key (re-authentication Root Key, the abbreviation in agreement (EAP) re-authentication agreement (EAP-RP) For rRK) mark or re-authentication master session key (re-authentication Master Session Key, referred to as rMSK) Mark.Correspondingly, safe context can include at least one of:PMK, rRK and rMSK.
In a preferred embodiment of the invention, by safe context to be illustrated for PMK.AP receives STA secondary associations again Or the first request message sent during AP is re-associated to, secondary association on STA is carried in first request message or is re-associated to The PMK of STA that corresponding PMKID during AP, AP are locally preserved according to PMKID retrievals, and the safe context for judging to retrieve is It is no effective.If the PMK retrieved is effective, AP directly carries out key authentication processing with STA.Wherein, the first request message is Authentication request message, then the second request message is association request message;Alternatively, the first request message is association request message, then Second request message is authentication request message or eapol-key message.Correspondingly, the first response message is authentication response message, Second response message is associate response message;Alternatively, the first response message is associate response message, the second request message is certification Response message or eapol-key message.
The verification method of the key of the embodiment of the present invention is described below by specific embodiment.
Preferred embodiment one
According to the preferred embodiment of the present invention, STA generates random number SNonce before the first request message is sent to AP, And PMKID of STA last time when being associated with AP is obtained, and the SNonce of generation and the PMKID got are carried in the first request AP is sent in message.After AP receives the first request message, according to the corresponding PMK of PMKID, and judge that the PMK retrieved is It is no effective.If the PMK retrieved is effective, AP directly carries out key authentication processing with STA.
In a preferred embodiment of the embodiment of the present invention, AP directly carries out key authentication processing with STA to be wrapped It includes:AP generates random number ANonce, and PTK is derived according to the PMK retrieved the and SNonce received and the ANonce of generation, And KCK is generated according to the PTK derived.AP calculates the MIC of the first response message of the first request message using the KCK of generation, And the first response message is sent to STA, wherein, the first response message carries the MIC of the first response message.AP receives STA and exists The second request message returned after the first response message is received, and verifies the MIC that the second request message carries.Optionally, such as Fruit is verified, the MIC of the second response message of the second request message that AP is calculated using the KCK of generation, and sends institute to STA The second response message is stated, wherein, the second response message carries the MIC of the second response message.
Preferably, AP receive STA before the second request message returned after receiving the first response message, STA according to The ANonce and the SNonce of generation that the PMK and AP locally preserved is sent derive PTK, and generate KCK according to PTK.STA is used The KCK of generation verifies the MIC carried in the first response message.If the verification passes, STA sends the second request message to AP, In, the second request message carries the MIC of the second request message that STA is calculated using the KCK of generation.Specifically, STA can lead to It crosses in the following manner and verifies the MIC carried in the first response message:STA can use first responses of the KCK of generation to receiving Message calculates Hash (Hash) value MIC, and the MIC for calculating gained is compared with the MIC received, if the two is identical, It is verified;No person, authentication failed.
Fig. 6 be according to the flow chart of the verification method of the key of the preferred embodiment of the present invention one, as shown in fig. 6, not into In the case of the complete EAP authentication of row or re-authentication, the step of safe context is quickly established between STA and AP and is quickly networked, This method may comprise steps of (step S601- step S613):
Step S601, STA are associated with AP, carry out complete EAP authentication process.In this process, STA and AP are stored Relevant safe context.The safe context safe context mark of the STA is identified.Preferably, above and below the safety Text mark can be the rRK marks in PMK marks (PMKID) or PMK sequence numbers or EAP re-authentication agreement (EAP-RP), RMSK marks etc..
Step S602, STA go to be associated at the AP.At this point, STA and AP optionally carry out the caching of safe context respectively Work.
Step S603, after a period of time, STA is associated with the AP again.The beacon (Beacon) that STA receives AP transmissions disappears Breath or STA actively send probe requests thereby (Probe Request) message to AP, and AP sends probe response (Probe to STA Response) message.Wherein, AP is carried in Beacon or Probe Response message and supports what quick initial link circuit was established Ability indicates.
Last safe context when being associated with AP is cached at step S604, STA, and still effectively;STA generation with Machine number SNonce.
Step S605, STA to AP send authentication request message, the message carry STA generation random number SNonce and Safe context identifies.Preferably, which is identified as:PMKID or PMK sequence numbers or EAP re-authentication agreements (EAP-RP) the rRK marks in, rMSK marks etc..
Step S606, after AP receives authentication request message, this STA pairs of the safe context identification retrieval in message The safe context answered.If the safe context is still effective, AP continues step S607;If the safe context In vain or AP does not retrieve the corresponding safe contexts of the STA, then AP directly carries out step S608.
Step S607, AP generation random number ANonce;AP is derived according to the PMK and ANonce and SNonce of caching PTK;And KCK and/or KEK and/or TK is generated according to PTK.
Step S608, AP send authentication response message to STA.If in step S606, AP retrieves that the STA is corresponding to be had Safe context is imitated, then the message carries:Random number ANonce, message integrity verification code MIC and/or random number SNonce. Wherein, MIC is the message integrity verification code that AP calculates the authentication response message using the KCK derived.If step In S606, AP does not retrieve the corresponding effective and safe contexts of the STA, then the message carries instruction STA and carries out complete EAP authentication Or the parameter of EAP re-authentication.Optionally, AP can generate group key GTK and/or IGTK in this step, and in authentication response STA is sent in message.
Step S609, STA derive PTK according to the safe context PMK and ANonce and SNonce of caching;According to PTK Generate KCK and/or KEK and/or TK;STA verifies the MIC in the authentication response message that receives.
Step S610, if be proved to be successful, STA sends association request message to AP, which carries message integrity Identifying code (MIC) and/or ANonce and/or random number SNonce.Wherein, MIC is that STA uses the KCK derived to the pass The message integrity verification code that connection request message is calculated.
Step S611, AP verify the MIC in the association request message that receives.
Step S612, if the verification passes, AP send associate response message to STA, which carries message integrity Identifying code (MIC) and/or ANonce and/or SNonce.Wherein, MIC is that AP disappears to the associated response using the KCK derived The calculated message integrity verification code of breath.Optionally, AP can generate group key GTK and/or IGTK in this step, and STA is sent in authentication response message.
Step S613, STA verify the MIC in the associate response message that receives.If be proved to be successful, STA The foundation of initial link circuit is successfully completed between AP, it can safely transceiving data message.
Preferably, in above-mentioned steps, the association request in authentication request message or step S610 in step S605 disappears Upper layer message can be carried in breath simultaneously, for example, IP address specifies request message (for example, DHCP Discover message);Step The IP address assignment procedure between AP and Dynamic Host Configuration Protocol server can be carried out after S607 or S611;Authentication response in step S608 Upper layer message can be carried simultaneously in associate response message in message or S612, for example, IP address specified response message (DHCP ACK message) or DHCP Offer message etc..
Preferably, in above-mentioned steps, the authentication request message in step S605 can also be association request message;Step Authentication response message in S608 can also be associate response message;Association request message in step S610 can also be certification Request message or eapol-key message or the key authentication request message newly defined;Associate response message in step S612 Can also be authentication response message or eapol-key message or the key authentication response message newly defined.At this point, step S612 It is optional.
Optionally, in above-mentioned steps, the authentication request message in step S605 can also be association request message;Step Authentication response message in S608 can also be that authentication request message or eapol-key message or the key authentication newly defined please Seek message;Association request message in step S610 can also be authentication response message or eapol-key message or new definition Key authentication response message.
Preferred embodiment two
According to the preferred embodiment of the present invention, STA generates random number SNonce before the first request message is sent to AP, And PMKID of STA last time when being associated with AP is obtained, and the SNonce of generation and the PMKID got are carried in the first request AP is sent in message.After AP receives the first request message, according to the corresponding PMK of PMKID, whether the PMK retrieved is judged Effectively.If the PMK retrieved is effective, AP directly carries out key authentication processing with STA.
In a preferred embodiment of the embodiment of the present invention, AP directly carries out key authentication processing with STA to be wrapped It includes:AP generate random number ANonce, and to STA transmission carry generation ANonce the first request message first response disappear Breath.AP receives the second request message that STA is returned, wherein, the second request message carries the MIC of the second request message.AP roots PTK is derived, and KCK is generated according to PTK according to PMK and the ANonce and SNonce of generation.AP verifies second using the KCK of generation The MIC of request message if the verification passes, then calculates the second response message of the second request message using the KCK of generation MIC, and the second response message is sent to STA, wherein, the second response message carries the MIC of the second response message.Specifically, AP can verify the MIC carried in the second request message in the following manner:AP can use the KCK of generation to receive the Two request messages calculate cryptographic Hash MIC, and will calculate gained MIC with the MIC received compared with, if the two is identical, It is verified;No person, authentication failed.
Preferably, before AP receives the second request message that STA is returned, STA receives the first response message that AP is sent, root PTK is derived, and generate according to the PTK derived according to the PMK locally preserved the and ANonce received and the SNonce of generation KCK.STA calculates the MIC of the second request message using the KCK of generation, and sends the second request message to AP, wherein, second please Message is asked to carry the MIC of the second request message.
Fig. 7 be according to the flow chart of the verification method of the key of the preferred embodiment of the present invention two, as shown in fig. 7, not into In the case of the complete EAP authentication of row or re-authentication, safe context and the flow quickly to network are quickly established between STA and AP, This method can include following steps (step S701- step S713):
Step S701- steps S706 is the same as the step S601- steps S606 in preferred embodiment one.
Step S707, AP generation random number ANonce.
Step S708, AP send authentication response message to STA.If AP retrieves that the STA is corresponding to be had in step S706 Safe context is imitated, then the message carries:Random number ANonce and/or random number SNonce;If AP is not examined in step S706 Rope is to the corresponding effective and safe contexts of the STA, then the message carries instruction STA and carries out complete EAP authentication or EAP re-authentication Parameter.Optionally, AP can generate group key GTK and/or IGTK in this step, and be sent in authentication response message STA。
Step S709, STA derive PTK according to the safe context PMK and ANonce and SNonce of caching;According to PTK Generate KCK and/or KEK and/or TK;STA verifies the MIC in the authentication response message that receives.
Step S710, if be proved to be successful, STA sends association request message to AP, which carries message integrity Identifying code (MIC) and/or ANonce and/or random number SNonce.Wherein, MIC is that STA uses the KCK derived to the pass The message integrity verification code that connection request message is calculated.
Step S711, AP derive PTK according to the PMK and ANonce and SNonce of caching;And KCK is generated according to PTK, And/or KEK and/or TK;AP verifies the MIC in the association request message that receives.In this process, the derivation of PTK It can also be carried out after step S707.
Step S712, if the verification passes, AP send associate response message to STA, which carries message integrity Identifying code MIC and/or ANonce and/or SNonce.Wherein, MIC is that AP uses the KCK derived to the associate response message The message integrity verification code calculated.Optionally, AP can generate group key GTK and/or IGTK in this step, and recognize STA is sent in card response message.
Step S713, STA verify the MIC in the associate response message that receives.If be proved to be successful, STA The foundation of initial link circuit is successfully completed between AP, it can safely transceiving data message.
In above-mentioned flow, authentication request message in step S705 or it can be taken simultaneously in the association request message of S710 Band upper layer message:Such as IP address specifies request message (such as DHCP Discover message);It can after step S706 or S711 To carry out the IP address assignment procedure between AP and Dynamic Host Configuration Protocol server;The association of authentication response message or S712 in step S708 Upper layer message can be carried in response message simultaneously:Such as IP address specified response message (DHCP ACK messages) or DHCP Offer message etc..
In above-mentioned flow, the authentication request message in step S705 can also be association request message;In step S708 Authentication response message can also be associate response message;Association request message in step S710 can also disappear for certification request Breath or eapol-key message or the key authentication request message newly defined;Step S712) in associate response message can be with For authentication response message or eapol-key message or the key authentication response message newly defined.
Optionally, in above-mentioned flow, the authentication request message in step S705 can also be association request message;Step Authentication response message in S708 can also be that authentication request message or eapol-key message or the key authentication newly defined please Seek message;Association request message in step S710 can also be authentication response message or eapol-key message or new definition Key authentication response message.
Preferred embodiment three
According to the preferred embodiment of the present invention, before the first request message is sent to AP, acquisition STA last time is associated with STA PMKID during AP, and the PMKID got is carried and is sent to AP in the first request message.AP receives the first request and disappears After breath, according to the corresponding PMK of PMKID, and judge whether the PMK retrieved is effective.If the PMK retrieved is effective, AP is direct Key authentication processing is carried out with STA.Specifically, whether AP may determine that PMK also in effective life cycle, if, PMK is effective;Otherwise PMK is invalid.And/or AP can also judge the certification in PMK and key management (Authentication and Key Management, referred to as AKM) it is whether consistent with the AKM in the first request message, if unanimously, PMK is effective;It is no Then, PMK is invalid.
In a preferred embodiment of the embodiment of the present invention, AP directly carries out key authentication processing with STA, can wrap It includes:AP generates random number ANonce, and the first response message of the first request message for carrying ANonce is sent to STA;AP The second request message that STA is returned is received, wherein, the second request message carries the random number SNonce and second of STA generations The MIC of request message;AP derives PTK, and generate Key Confirmation Key according to PTK according to PMK and SNonce and ANonce KCK;AP verifies the MIC of the second request message using the KCK of generation, and AP calculates second using the KCK of generation if the verification passes The MIC of second response message of request message, and the second response message is sent to STA, wherein, the second response message carries the The MIC of two response messages.
Preferably, before AP receives the second request message that STA is returned, STA generation SNonce, according to what is locally preserved PMK and SNonce and ANonce derives PTK, and generates Key Confirmation Key KCK according to PTK;STA is counted according to the KCK of generation Calculate the MIC of the second request message;STA sends the second request message to AP, wherein, the second request message carries the second request and disappears The MIC of breath.
Fig. 8 be according to the flow chart of the verification method of the key of the preferred embodiment of the present invention three, as shown in figure 8, not into In the case of the complete EAP authentication of row or re-authentication, safe context and the flow quickly to network are quickly established between STA and AP, This method can include following steps (step S801- step S812):
Step S801, STA are associated with AP, carry out complete EAP authentication process.In this process, STA and AP are stored Relevant safe context.The safe context safe context mark of the STA is identified.Preferably, above and below the safety Text mark can be the rRK marks in PMK marks (PMKID) or PMK sequence numbers or EAP re-authentication agreement (EAP-RP), RMSK marks etc..
Step S802, STA go to be associated at the AP.At this point, STA and AP optionally carry out the caching of safe context respectively Work.
Step S803, after a period of time, STA secondary association or re-associates to the AP again.STA receives the beacon of AP transmissions (Beacon) message or STA actively send probe requests thereby (Probe Request) message to AP, and AP sends probe response to STA (Probe Response) message.Wherein, AP is carried in Beacon or Probe Response message and supports quick initial chain The ability instruction that road is established.
Last safe context when being associated with the AP is cached in step S804, STA, and the safe context is still Effectively.STA sends certification request (Authentication Request) message to AP, wherein, authentication request message carries Safe context identifies.Preferably, which is identified as:PMKID or PMK sequence numbers.Step S805, AP are received After authentication request message, the corresponding safe context of the safe context identification retrieval STA in message.If the safety Context is still effective, then AP continues step S806;If the safe context is invalid or AP does not retrieve this The corresponding safe contexts of STA, then AP directly carry out step S807.
Step S806, AP generation random number ANonce.
Step S807, AP send authentication response message to STA.If in step S805, AP retrieves the STA and is corresponding with The safe context of effect, then the message carry random number ANonce;If in step S805, AP does not retrieve STA correspondences Effective and safe context, then the message carry the parameter that instruction STA carries out complete EAP authentication or EAP re-authentication.Optionally, AP can generate group key GTK and/or IGTK in this step, and STA is sent in authentication response message.
Step S808, STA generation random number SNonce, and according to safe context PMK, ANonce and the SNonce of caching Derive PTK;KCK and/or KEK and/or TK is generated according to PTK.
Step S809, STA send association request message to AP, which carries random number SNonce, message integrity Identifying code (MIC) and/or ANonce.Wherein, MIC is that STA calculates the association request message using the KCK derived Message integrity verification code.
Step S810, AP derive PTK according to the PMK and ANonce and SNonce of caching;And KCK is generated according to PTK, And/or KEK and/or TK.AP verifies the MIC in the association request message that receives.
Step S811, if the verification passes, AP send associate response message to STA, which carries message integrity Identifying code (MIC) and/or ANonce and/or SNonce.Wherein, MIC is that AP disappears to the associated response using the KCK derived The calculated message integrity verification code of breath.Optionally, AP can generate group key GTK and/or IGTK in this step, and STA is sent in associate response message.
Step S812, STA verify the MIC in the associate response message that receives.If be proved to be successful, STA The foundation of initial link circuit is successfully completed between AP, it can safely transceiving data message.
In above-mentioned steps, it can be carried simultaneously in the authentication request message of step S804 or the association request message of S809 Upper layer message:Such as IP address specifies request message (for example, DHCP Discover message).It can after step S805 or S810 It can carry out the IP address assignment procedure between AP and Dynamic Host Configuration Protocol server;The pass in authentication response message or S811 in step S807 Upper layer message can be carried simultaneously in connection response message, for example, IP address specified response message (DHCP Ack message) or DHCP Offer message etc..
In above-mentioned steps, the authentication request message in step S804 can also be association request message or EAPOL- Start message;Authentication response message in step S807 can also be associate response message or EAP Request/mark (EAP- Req/Identity) message;Association request message in step S809 can also be that authentication request message or EAPOL-KEY disappear Breath or the key authentication request message newly defined;Associate response message in step S811 can also be authentication response message or Eapol-key message or the key authentication response message newly defined.
Optionally, in above-mentioned steps, the authentication request message in step S804 can also be association request message;Step Authentication response message in S807 can also be that authentication request message or eapol-key message or the key authentication newly defined please Seek message;Association request message in step S809 can also be authentication response message or eapol-key message or new definition Key authentication response message.
In above-mentioned steps, optionally, safe context mark can also carry in step S809.Step S805 at this time It is carried out after step S805 can be postponed till with before S810.
Preferred embodiment four
In embodiments of the present invention, it not only can start secondary association on phase AP transmissions STA in certification or re-associate to AP Safe context mark, above-mentioned safe context can also be sent to AP in the follow-up process and identified.For example, STA is to AP STA upper secondary associations are carried when sending association request or re-associate to the safe context of AP and are identified.
According to embodiments of the present invention, AP receives STA the first requests that secondary association or while re-associating to the AP send again and disappears Before breath, AP can also receive the second request message of STA transmissions, generate random number ANonce, and send the second request to STA Second response message of message, wherein, the ANonce of generation is carried in the second response message;STA receives the second response message, Random number SNonce is generated, PTK is derived according to the safe context of preservation and the ANonce received and the SNonce of generation, KCK is generated, and return to the first request message to AP according to PTK, wherein, STA is also carried in the first request message and is counted using KCK The random number SNonce of MIC and the STA generation for the first request message calculated.
In a preferred embodiment of the embodiment of the present invention, AP directly carries out key authentication processing with STA to be wrapped It includes:AP derives PTK according to the safe context retrieved and the SNonce received and the ANonce of generation, is given birth to according to PTK Into KCK;AP verifies the MIC of the second request message using the KCK of generation, and if the verification passes, AP calculates the using the KCK of generation The MIC of first response message of one request message, and the first response message is sent to STA, wherein, the first response message carries The MIC of first response message.
Fig. 9 be according to the flow chart of the verification method of the key of the preferred embodiment of the present invention four, as shown in figure 9, not into In the case of the complete EAP authentication of row or re-authentication, safe context and the flow quickly to network are quickly established between STA and AP, This method can include following steps (step S901- step S912):
Step S901- steps S903 is identical with the step S801- steps S803 in the preferred embodiment of the present invention three.
Step S904, STA send EAPOL-Start message to AP.
Step S905, AP receives the EAPOL-Start message that STA is sent, and generates random number ANonce.
Step S906, AP send certification message to STA, wherein, AP is carried in certification message and is generated in step S905 Random number ANonce.
Step S907, STA receives the certification message that AP is sent, and generates random number SNonce, according to the PMK locally preserved And the ANonce received and the SNonce of generation derive PTK, and KCK is generated according to PTK.
Step S908, STA send association request to AP, wherein, secondary association or re-association on STA are carried in association request The MIC that safe context during to AP is identified (being in embodiments of the present invention PMKID), calculated using KCK association request, with And the random number SNonce of STA generations.
Step S909, AP retrieve the safe context of the STA according to the PMKID received, and determine the safety retrieved Context is effective.
Step S910, AP derive PTK according to the PMK retrieved the and SNonce received and the ANonce of generation, and KCK is generated according to PTK, the MIC of association request received using the KCK calculating of generation verifies MIC.
Step S911, AP to STA send associated response, if the verification passes, in associated response carry AP generation with The MIC that machine number and AP calculate associated response according to the KCK of generation.
Step S912, STA receives associated response, and verifies the MIC carried in associated response.
Preferably, the association request message in step S908 can also be authentication request message or eapol-key message, Or the key authentication request message newly defined;Associate response message in step S911 can also be authentication response message or Eapol-key message or the key authentication response message newly defined.
Pass through the method for quick foundation safety of the present invention, it is convenient to omit EAP authentication or re-authentication process, greatly Fast terminal re-establishes the speed of link, reduces the time delay that terminal re-accesses wlan network.It is needed especially for a large number of users The scene of access wlan network, performance have great promotion in very short time.
According to embodiments of the present invention, a kind of verification device of key is additionally provided, STA and AP is simplified and re-establishes link Safety verification flow, avoid because flow complexity due to cause networking time delay longer the problem of.
Figure 10 is the schematic diagram of the verification device of key according to embodiments of the present invention, which is located at AP sides, such as Figure 10 Shown, which mainly includes:Receiving module 10, retrieval module 20, judgment module 30 and authentication module 40.Wherein, mould is received Block, for receiving STA the first request messages that secondary association or while re-associating to access point AP send again, wherein, the first request disappears Breath corresponding safe context mark when carrying secondary association on STA or re-associating to AP;Module 20 is retrieved, with receiving module 10 It is coupled, for the safe context of the STA locally preserved according to safe context identification retrieval;Judgment module 30, with retrieval Module 20 is coupled, for judging whether the safe context retrieved is effective;Authentication module is coupled with judgment module 30, For when the judging result of judgment module 30 is effective, directly carrying out key authentication processing with STA.
Through the embodiment of the present invention, STA secondary associations or when re-associating to AP again, the retrieval module 20 of AP is according to the peace of STA The STA last time that full Context identifier retrieval locally preserves is associated with the safe context during AP, and judgment module 30 judges inspection The safe context for the STA that rope arrives is effective, then the authentication module 40 of AP directly carries out key authentication processing with the STA, simplifies STA and AP re-establishes the safety verification flow of link, avoids the problem of causing the networking time delay longer due to flow complexity.
STA and AP can cache the safe context of secondary association generation, and can pass through different safe context marks Knowledge is identified.In a preferred embodiment of the embodiment of the present invention, above-mentioned safe context mark, including but not limited to At least one of:Pairwise master key mark (PMKID), pairwise master key (PMK) sequence number and Extensible Authentication Protocol (EAP) the rRK marks or rMSK marks in re-authentication agreement (EAP-RP).Correspondingly, safe context can include with down toward It is one of few:PMK, rRK and rMSK.
In a preferred embodiment of the invention, by safe context to be illustrated for PMK.AP receives STA secondary associations again Or the first request message sent during AP is re-associated to, secondary association on STA is carried in first request message or is re-associated to PMKID, the PMK of STA that AP is locally preserved according to PMKID retrievals are corresponded to during AP, and whether judges the safe context retrieved Effectively.If the PMK retrieved is effective, AP directly carries out key authentication processing with STA.Wherein, the first request message is recognizes Request message is demonstrate,proved, then the second request message is association request message;Alternatively, the first request message is association request message, then the Two request messages are authentication request message or eapol-key message.Correspondingly, the first response message is authentication response message, the Two response messages are associate response message;Alternatively, the first response message is associate response message, the second request message is rung for certification Answer message or eapol-key message.
The verification method of the key of the embodiment of the present invention is described below by specific embodiment.
Figure 11 is a kind of schematic diagram of preferred authentication module according to embodiments of the present invention, can be used to implement preferred implementation The method of example one, as shown in figure 11, authentication module 40 mainly include:First generation unit 402, for generating random number ANonce, the SNonce and the first generation unit 402 that the PMK and receiving module 10 retrieved according to retrieval module 20 is received give birth to Into ANonce derive PTK, and Key Confirmation Key KCK is generated according to PTK;First computing unit 404, with the first generation unit 402 are coupled, for using the MIC of the first response message of the KCK of generation the first request messages of calculating;First transmitting element 406, it is coupled with the first computing unit 404, for sending the first response message to STA, wherein, the first response message carries The MIC of first response message;First receiving unit 408, for receive that STA is returned after the first response message is received second Request message;First authentication unit 410 is coupled with the first receiving unit 408, for verifying the carrying of the second request message MIC.Optionally, if the verification passes, the first computing unit 404 of triggering uses the KCK of generation the second request messages calculated The MIC of second response message, and the second response message is sent from the first transmitting element 406 to STA, wherein, the second response message Carry the MIC of the second response message.
Preferably, the first receiving unit 408 receives the second request message that STA is returned after the first response message is received Before, STA derives PTK, and give birth to according to PTK according to the SNonce of the PMK and AP locally preserved the ANonce sent and generation Into KCK.STA verifies the MIC carried in the first response message using the KCK of generation.If the verification passes, STA sends the to AP Two request messages, wherein, the second request message carries the MIC of the second request message that STA is calculated using the KCK of generation.Tool Body, STA can verify the MIC carried in the first response message in the following manner:STA can use the KCK docking of generation The first response message received calculates hash value MIC, and the MIC for calculating gained is compared with the MIC received, if the two It is identical, then it is verified;No person, authentication failed.
Figure 12 is the schematic diagram of another preferred authentication module according to embodiments of the present invention, can be used to implement preferred reality The method for applying example two, as shown in figure 12, authentication module 40 mainly include:Second generation unit 412, for generating random number ANonce;Second transmitting element 414, for carrying the first response message of the first request message of ANonce to STA transmissions; Second receiving unit 416, for receiving the second request message of STA returns, wherein, the second request message carries the second request The MIC of message;Second generation unit 412 is additionally operable to derive PTK according to PMK and ANonce and SNonce, and give birth to according to PTK Into KCK;Second authentication unit 418, for the KCK of generation to be used to verify the MIC of the second request message.
Optionally, if the second authentication unit 418 is verified, the second generation unit 412 of triggering uses the KCK generated The MIC of the second response message of the second request message is calculated, and the second response message is sent from the second transmitting element 414 to STA, Wherein, the second response message carries the MIC of the second response message.
Preferably, before the second receiving unit 416 of AP receives the second request message that STA is returned, STA receives AP and sends The first response message, PTK, and root are derived according to the PMK locally preserved the and ANonce received and the SNonce of generation KCK is generated according to the PTK derived.STA calculates the MIC of the second request message using the KCK of generation, and sends the second request to AP Message, wherein, the second request message carries the MIC of the second request message.
Figure 13 is the schematic diagram of another preferred authentication module according to embodiments of the present invention, can be used to implement preferred reality The method for applying example three, as shown in figure 13, authentication module 40 mainly include:Third generation unit 420, for generating random number ANonce;Third transmitting element 422 is coupled with third generation unit 420, for carrying the of ANonce to STA transmissions First response message of one request message;Third receiving unit 424 is coupled with third transmitting element 422, for receiving STA The second request message returned, wherein, the second request message carries the random number SNonce of STA generations and second request The MIC of message;Third generation unit 420 is additionally operable to derive PTK according to PMK and SNonce and ANonce, and give birth to according to PTK Into Key Confirmation Key KCK;Third authentication unit 428, for the KCK of generation to be used to verify second request message MIC;Third computing unit 430 is coupled with third authentication unit 428, for when being verified, being counted using the KCK of generation Calculate the MIC of the second response message of the second request message;Third transmitting element 422 is additionally operable to send second to STA and respond to disappear Breath, wherein, the second response message carries the MIC of the second response message.
Preferably, before the third receiving unit 424 of AP receives the second request message that STA is returned, STA generations SNonce derives PTK, and generate Key Confirmation Key according to PTK according to the PMK and SNonce and ANonce locally preserved KCK;STA calculates the MIC of the second request message according to the KCK of generation;STA sends the second request message to AP, wherein, second please Message is asked to carry the MIC of the second request message.
It can be seen from the above description that the present invention realizes following technique effect:STA secondary association or re-associations again During to AP, secondary association or peace when re-associating to the AP on the STA that AP is locally preserved according to the safe context identification retrieval of STA Full context, and the safe context of the STA retrieved is effective, then AP directly carry out key authentication processing with the STA, can be with EAP authentication or re-authentication process are omitted, greatly speeds up the speed that terminal re-establishes link, terminal is reduced and re-accesses wlan network Time delay.The scene of the access wlan network in very short time is needed especially for a large number of users, performance has great promotion.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general Computing device realize that they can concentrate on single computing device or be distributed in multiple computing devices and be formed Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored It is performed in the storage device by computing device, and in some cases, it can be to be different from shown in sequence herein performs The step of going out or describing they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or Step is fabricated to single integrated circuit module to realize.It to be combined in this way, the present invention is not limited to any specific hardware and softwares.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, that is made any repaiies Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (20)

1. a kind of verification method of key, which is characterized in that including:
Access point AP receiving stations STA the first request messages that secondary association or while re-associating to the AP send again, wherein, it is described First request message corresponding safe context mark when carrying secondary association on the STA or re-associating to the AP;
The safe context of the STA that the AP is locally preserved according to the safe context identification retrieval, and judge to retrieve Whether the safe context arrived is effective;
If effectively, the AP directly carries out key authentication processing with the STA;
Wherein, first request message also carries the random number SNonce of the STA generations;
Wherein, the AP directly carries out key authentication processing with the STA, including:The AP generations random number ANonce, and to The STA transmissions carry the first response message of first request message of the ANonce;The AP receives the STA The second request message returned, wherein, second request message carries the MIC of second request message;The AP roots PTK is derived, and KCK is generated according to the PTK according to the safe context and the ANonce and the SNonce;The AP The MIC of second request message is verified using the KCK of generation, and if the verification passes, the AP is described using generation KCK calculates the MIC of the second response message of second request message, and sends the second response message to the STA, wherein, Second response message carries the MIC of second response message;Or
The AP directly carries out key authentication processing with the STA, including:The AP generates random number ANonce, and to described STA transmissions carry the first response message of first request message of the ANonce;The AP is according in the safety Hereafter and the ANonce and SNonce derives PTK, and generate KCK according to the PTK;The AP receives the STA The second request message returned, wherein, second request message carries the MIC of second request message;The AP makes The MIC of second request message is verified with the KCK of generation, and if the verification passes, the AP uses the KCK generated The MIC of the second response message of second request message is calculated, and the second response message is sent to the STA, wherein, it is described Second response message carries the MIC of second response message.
2. according to the method described in claim 1, it is characterized in that, the safe context identifies, including at least one of: Pairwise master key mark PMKID, pairwise master key PMK sequence numbers and Extensible Authentication Protocol EAP re-authentication agreements EAP-RP In re-authentication root key rRK mark or certification master session key rMSK mark.
3. according to the method described in claim 1, it is characterized in that, the AP directly with the STA carry out key authentication processing, Including:
The AP generates random number ANonce, according to the safe context and the SNonce and the ANonce derive into Key Confirmation Key KCK is generated to temporary key PTK, and according to the PTK;
The AP calculates the message integrity verification of the first response message of first request message using the KCK of generation Code MIC, and first response message is sent to the STA, wherein, first response message carries first response The MIC of message;
The AP receives the second request message that the STA is returned after first response message is received, and described in verification The MIC that second request message carries.
4. according to the method described in claim 3, it is characterized in that, if the verification passes, verify that second request message is taken After the MIC of band, further include:
The MIC of the second response message of second request message that the AP is calculated using the KCK of generation, and to described STA sends second response message, wherein, second response message carries the MIC of second response message.
5. according to the method described in claim 3, it is characterized in that, the AP, which receives the STA, is receiving first sound Before answering the second request message returned after message, further include:
The STA derives PTK according to the safe context and the ANonce that locally preserve and the SNonce, and according to institute State PTK generations KCK;
The STA verifies the MIC carried in first response message using the KCK of generation;
If the verification passes, the STA sends second request message to the AP, wherein, second request message is taken The MIC of second request message calculated with the STA using the KCK of generation.
6. according to the method described in claim 1, it is characterized in that, the AP receives the second request message that the STA is returned Before, it further includes:
The STA receives first response message, according to the safe context and the ANonce that locally preserve and described SNonce derives PTK, and generates KCK according to the PTK;
The STA calculates the MIC of second request message using the KCK of generation;
The STA sends second request message to the AP, wherein, second request message carries described second please Seek the MIC of message.
7. according to the method described in claim 2, it is characterized in that, the AP directly with the STA carry out key authentication processing, Including:
The AP generates random number ANonce, and first request message of the ANonce is carried to STA transmissions The first response message;
The AP receives the second request message that the STA is returned, wherein, second request message carries the STA lifes Into random number SNonce and second request message MIC;
The AP derives PTK, and give birth to according to the PTK according to the safe context and the SNonce and the ANonce Into Key Confirmation Key KCK;
The AP verifies the MIC of second request message using the KCK of generation, and if the verification passes, the AP is used The KCK of generation calculates the MIC of the second response message of second request message, and sends described second to the STA Response message, wherein, second response message carries the MIC of second response message.
8. the method according to the description of claim 7 is characterized in that the AP receives the second request message that the STA is returned Before, the method further includes:
The STA generates SNonce, is derived according to the safe context and the SNonce that locally preserve and the ANonce PTK, and Key Confirmation Key KCK is generated according to the PTK;
The STA calculates the MIC of second request message according to the KCK of generation;
The STA sends second request message to the AP, wherein, second request message carries described second please Seek the MIC of message.
9. according to the method described in claim 2, it is characterized in that, AP receives STA secondary associations or when re-associating to the AP again Before the first request message sent, further include:
The AP receives the second request message that the STA is sent, and generates random number ANonce, and to described in STA transmissions Second response message of the second request message, wherein, the ANonce of generation is carried in second response message;
The STA receives second response message, random number SNonce is generated, according to the safe context of preservation and reception The ANonce arrived the and SNonce derives PTK, and KCK is generated, and return to described first to the AP and ask according to the PTK Message is sought, wherein, the STA is also carried in first request message and is disappeared using first request that the KCK is calculated The MIC of the breath and SNonce.
10. according to the method described in claim 9, it is characterized in that, the AP is directly carried out with the STA at key authentication Reason, including:
The AP derives PTK, root according to the safe context retrieved and the SNonce received and the ANonce KCK is generated according to the PTK;
The AP verifies the MIC of second request message using the KCK of generation, and if the verification passes, the AP is used The KCK of generation calculates the MIC of the first response message of first request message, and sends described first to the STA Response message, wherein, first response message carries the MIC of first response message.
11. the method according to any one of claim 3 to 5,7 to 10, which is characterized in that first request message is Authentication request message or Extensible Authentication Protocol based on LAN start EAPOL-Start message, and second request message is Association request message;Alternatively, first request message is association request message, second request message disappears for certification request Breath or the Extensible Authentication Protocol key eapol-key message based on LAN.
12. the method according to any one of claim 3 to 5,7 to 10, which is characterized in that first response message is Authentication response message or EAP Request/mark message, second response message are associate response message;Alternatively, described first Response message is associate response message, extended authentication association of second request message for authentication response message or based on LAN Discuss key eapol-key message.
13. the method according to any one of claim 3 to 5,7 to 10, which is characterized in that if the AP is not retrieved The safe context of the STA or the safe context detected are invalid, then instruction STA is carried in first response message Carry out the parameter of complete EAP authentication or EAP re-authentication.
14. the method according to any one of claim 1 to 5,7 to 10, which is characterized in that the safe context, packet It includes:Pairwise master key PMK.
15. a kind of verification device of key, which is characterized in that including:
Receiving module, for receiving station STA the first request messages that secondary association or while re-associating to access point AP send again, In, corresponding safe context mark when first request message carries secondary association on the STA or re-associates to the AP Know;
Module is retrieved, for the safe context of the STA locally preserved according to the safe context identification retrieval;
Judgment module, for judging whether the safe context retrieved is effective;
Authentication module, for when the judging result of the judgment module is effective, directly being carried out at key authentication with the STA Reason;
Wherein, first request message also carries the random number SNonce of the STA generations;
Wherein, the authentication module includes:First generation unit, for generating random number ANonce, above and below the safety The literary and described SNonce and ANonce derives pair temporal key PTK, and generates Key Confirmation Key according to the PTK KCK;First computing unit, for calculating disappearing for the first response message of first request message using the KCK of generation Cease integrity verification code MIC;First transmitting element, for sending first response message to the STA, wherein, described the One response message carries the MIC of first response message;First receiving unit, for receiving the STA receiving State the second request message returned after the first response message;First authentication unit, for verifying that second request message carries MIC;Alternatively,
The authentication module, including:Second generation unit, for generating random number ANonce;
Second transmitting element, for carrying the first sound of first request message of the ANonce to STA transmissions Answer message;Second receiving unit, for receiving the second request message that the STA is returned, wherein, second request message is taken MIC with second request message;Second generation unit is additionally operable to according to the safe context and described The ANonce and SNonce derives PTK, and generates KCK according to the PTK;Second authentication unit, for using the institute of generation The MIC that KCK verifies second request message is stated, if the verification passes, triggers the KCK of the generation unit using generation The MIC of the second response message of second request message is calculated, and the second response is sent from the transmitting element to the STA Message, wherein, second response message carries the MIC of second response message.
16. device according to claim 15, which is characterized in that safe context mark, including it is following at least it One:Pairwise master key mark PMKID, pairwise master key PMK sequence numbers and Extensible Authentication Protocol EAP re-authentication agreements RRK marks or rMSK marks in EAP-RP.
17. device according to claim 15, which is characterized in that if first authentication unit is verified, triggering The MIC of the second response message of second request message that the KCK of the computing unit generation is calculated, and by sending Unit sends second response message to the STA, wherein, second response message carries second response message MIC.
18. device according to claim 15, which is characterized in that the authentication module, including:
Second generation unit, for generating random number ANonce;
Second transmitting element, for carrying the first sound of first request message of the ANonce to STA transmissions Answer message;
Second receiving unit, for receiving the second request message that the STA is returned, wherein, second request message carries There is the MIC of second request message;
Second generation unit is additionally operable to according to the safe context and the ANonce and the SNonce derivation PTK, and KCK is generated according to the PTK;
Second authentication unit, for the KCK of generation to be used to verify the MIC of second request message, if the verification passes, The generation unit is triggered using the MIC of the second response message of KCK calculating second request message generated, and by The transmitting element sends the second response message to the STA, wherein, second response message carries second response The MIC of message.
19. device according to claim 16, which is characterized in that the authentication module, including:
Third generation unit, for generating random number ANonce;
Third transmitting element, for carrying the first sound of first request message of the ANonce to STA transmissions Answer message;
Third receiving unit, for receiving the second request message that the STA is returned, wherein, second request message carries There are the random number SNonce of the STA generations and the MIC of second request message;
The third generation unit is additionally operable to according to the safe context and the SNonce and the ANonce derivation PTK, and Key Confirmation Key KCK is generated according to the PTK;
Third authentication unit, for the KCK of generation to be used to verify the MIC of second request message;
Third computing unit, for when being verified, the second of second request message to be calculated using the KCK of generation The MIC of response message;
The third transmitting element is additionally operable to send second response message to the STA, wherein, second response disappears Breath carries the MIC of second response message.
20. the device according to any one of claim 17 to 19, which is characterized in that first request message is certification Request message, second request message are association request message;Alternatively, first request message is association request message, Second request message is authentication request message or eapol-key message.
CN201210071034.0A 2012-03-16 2012-03-16 The verification method and device of key Active CN103313242B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210071034.0A CN103313242B (en) 2012-03-16 2012-03-16 The verification method and device of key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210071034.0A CN103313242B (en) 2012-03-16 2012-03-16 The verification method and device of key

Publications (2)

Publication Number Publication Date
CN103313242A CN103313242A (en) 2013-09-18
CN103313242B true CN103313242B (en) 2018-06-12

Family

ID=49137921

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210071034.0A Active CN103313242B (en) 2012-03-16 2012-03-16 The verification method and device of key

Country Status (1)

Country Link
CN (1) CN103313242B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4080987A4 (en) * 2020-01-21 2023-05-24 Huawei Technologies Co., Ltd. Data transmission method, and device

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9961545B2 (en) * 2014-06-03 2018-05-01 Qualcomm Incorporated Systems, methods, and apparatus for authentication during fast initial link setup
EP3257296B1 (en) * 2015-02-12 2018-08-15 Telefonaktiebolaget LM Ericsson (publ) Wireless communications involving a fast initial link setup, fils, discovery frame for network signaling
CN105188057B (en) * 2015-08-26 2018-07-06 上海斐讯数据通信技术有限公司 A kind of method and system for improving network access authentication safety
CN105792334A (en) * 2016-02-26 2016-07-20 北京联盛德微电子有限责任公司 Wireless local area network station, wireless local area network access point, and wireless local area network station access methods
US10623951B2 (en) 2016-03-09 2020-04-14 Qualcomm Incorporated WWAN-WLAN aggregation security
CN107666667B (en) * 2016-07-29 2019-09-17 电信科学技术研究院 A kind of data transmission method, the first equipment and the second equipment
CN106162645B (en) * 2016-09-27 2017-06-23 广州赛意信息科技股份有限公司 A kind of the quick of Mobile solution reconnects method for authenticating and system
EP3531750B1 (en) 2016-10-24 2022-05-18 Sony Group Corporation Communication apparatus and communication method
CN106941405A (en) * 2017-04-28 2017-07-11 北京星网锐捷网络技术有限公司 A kind of method and apparatus of terminal authentication in a wireless local area network
CN109150541B (en) * 2018-08-15 2020-05-19 飞天诚信科技股份有限公司 Authentication system and working method thereof
WO2020035009A1 (en) 2018-08-15 2020-02-20 飞天诚信科技股份有限公司 Authentication system and working method therefor

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243769A1 (en) * 2004-04-28 2005-11-03 Walker Jesse R Apparatus and method capable of pre-keying associations in a wireless local area network
WO2006093161A1 (en) * 2005-03-04 2006-09-08 Matsushita Electric Industrial Co., Ltd. Key distribution control apparatus, radio base station apparatus, and communication system
CN101111056B (en) * 2006-07-17 2010-05-12 西安电子科技大学 Fast switching method for wireless local area network
CN101119199A (en) * 2006-08-02 2008-02-06 西安电子科技大学 Safety fast switch method in wireless local area network
CN201409222Y (en) * 2009-05-22 2010-02-17 刘建 Terminal security relation establishing device for wireless local area network identification and confidentiality base structure
US8812833B2 (en) * 2009-06-24 2014-08-19 Marvell World Trade Ltd. Wireless multiband security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4080987A4 (en) * 2020-01-21 2023-05-24 Huawei Technologies Co., Ltd. Data transmission method, and device

Also Published As

Publication number Publication date
CN103313242A (en) 2013-09-18

Similar Documents

Publication Publication Date Title
CN103313242B (en) The verification method and device of key
JP4897215B2 (en) Key generation method and apparatus in communication system
US8094821B2 (en) Key generation in a communication system
JP5290323B2 (en) Integrated handover authentication method for next-generation network environment to which radio access technology and mobile IP-based mobility control technology are applied
JP2013066220A (en) Methods and apparatuses generating radio base station key in cellular radio system
CN107820239A (en) Information processing method and device
CN103096307A (en) Secret key verification method and device
CN109561431B (en) WLAN access control system and method based on multi-password identity authentication
CN101635922B (en) Safety communication method of wireless mesh network
CN106992866A (en) It is a kind of based on wireless network access methods of the NFC without certificate verification
CN108012269A (en) A kind of radio switch-in method, device and equipment
CN107211488A (en) It is used for the method to the business datum application safety of reception by what the WLAN node in integrated wireless communications network was performed
Zhu et al. Research on authentication mechanism of cognitive radio networks based on certification authority
CN103200004B (en) Send the method for message, the method for establishing secure connection, access point and work station
Haq et al. Towards Robust and Low Latency Security Framework for IEEE 802.11 Wireless Networks
Georgantas Fast initial authentication, a new mechanism to enable fast WLAN mobility
CN103139770A (en) Method for transmitting paired master cryptography keys in wireless local area network (WLAN) access network and system
Lin et al. Performance Evaluation of the Fast Authentication Schemes in GSM-WLAN Heterogeneous Networks.
CN105721403B (en) For providing the method, equipment and system of wireless network resource
Lee et al. A secure wireless lan access technique for home network
KR20060088806A (en) Method for authorization in wireless portable internet and system thereof
Marques et al. Fast, secure handovers in 802.11: back to the basis
TWI514189B (en) Network certification system and method thereof
Fanian et al. An Efficient Non-Repudiation Billing Protocol in Heterogeneous 3G-WLAN Networks.
Fanian et al. ISeCure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant