CN103813318B

CN103813318B - A kind of information configuring methods, equipment and system

Info

Publication number: CN103813318B
Application number: CN201210447087.8A
Authority: CN
Inventors: 庞高昆; 丁志明; 方平
Original assignee: Huawei Device Co Ltd
Current assignee: Huawei Device Co Ltd
Priority date: 2012-11-09
Filing date: 2012-11-09
Publication date: 2017-04-05
Anticipated expiration: 2032-11-09
Also published as: WO2014071886A1; CN103813318A

Abstract

The invention discloses a kind of information configuring methods, access device is consulted to generate after first key with terminal to be configured, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured is just set up with access device using the configuration information of first key encryption and is connected.This complete scheme interacted with each other to complete foundation connection by between equipment, compared with the mode for being manually input into PIN of the prior art carries out inbound information configuration, do not need user to be manually entered, reduce the operation difficulty of user, improve Consumer's Experience.

Description

A kind of information configuring methods, equipment and system

Technical field

The present invention relates to communication technical field, and in particular to a kind of information configuring methods, equipment and system.

Background technology

Prior wireless network is set up safely（WiFi protected setup, WPS）Primary operational include：1st, set up just Beginning wireless network；2nd, increase new equipment in the wireless network.The framework of WPS is by 3 parts：Application terminal（In WPS In be referred to as enrollee）, Register（registrar）, access point（AP, Access Point）；AP is the base of WLAN Infrastructure, i.e.,：Support the access point of 802.11 agreements；Register is to manage network foundation, addition/delete setting for application terminal Standby, Register can be integrated with access point, it is also possible to which the external equipment by as mobile phone, computer is serving as.

In prior art, it is possible to use personal identification number（Personal identifier number, PIN）Recognition methods The connection of wireless network is carried out, in actual applications, it is assumed that so one scene：User has a mobile phone（It is integrated with outside note Volume device and the role of application terminal）, an AP wants to build WLAN.After AP is electrified, mobile phone can be automatically detected AP, asks whether user will install AP；After user confirms to install, mobile phone points out the PIN of user input AP（One be attached on AP PIN is printed on individual label）, after user input PIN, between AP and mobile phone, start default configuration process, after the completion of configuration, mobile phone Show configuration successful；After originating wireless network is set up, user needs to add a wireless printer in the network, then exist On the wireless printer electricity after, mobile phone detects new wireless device, prompts the user whether to add it in network, with After family confirms addition, user needs the PIN that the wireless printer is input in mobile phone, and AP, mobile phone and wireless printer start The configuration process of acquiescence, last mobile phone and wireless printer all point out to add successfully.

It was found by the inventors of the present invention that carrying out inbound information configuration by way of being input into PIN in prior art so that use Family complex operation.

The content of the invention

The embodiment of the present invention provides a kind of information configuring methods, can reduce user operation difficulty, improves the experience of user.

Embodiment of the present invention first aspect provides a kind of information configuring methods, is applied to and accesses accessory device, to be configured In the access device of terminal communication, methods described includes：

Consult to generate first key by Diffie-Hellman with the terminal to be configured；

Descending first key authentication information is sent to the access accessory device, will be described by the access accessory device Descending first key authentication information is transmitted to the terminal to be configured, so that descending first described in the terminal authentication to be configured Key authentication information, the descending first key authentication information is the authentication information calculated using the first key；

Receive the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, test The up first key authentication information is demonstrate,proved, and is sent using the first key to the terminal to be configured after being verified The configuration information of encryption, so that the terminal to be configured sets up secure connection with the access device using the configuration information, The up first key authentication information is the authentication information calculated using the first key；Or,

The configuration information encrypted using the first key is sent to the terminal to be configured, and verifies the end to be configured Hold and the up first key authentication information that accessory device forwarding comes is accessed by described, if being verified, make described to match somebody with somebody confidence Breath comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or,

The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access annex The up first key authentication information that terminal to be configured described in device authentication sends, it is if being verified, attached by the access Part equipment makes the configuration information come into force, so that the terminal to be configured is set up with the access device using the configuration information Secure connection；Or,

The configuration information that accessory device transmission is encrypted using the first key is accessed to described, and it is attached by the access The up first key authentication information that terminal to be configured described in part device authentication sends, if being verified, by the access The configuration information is sent to the terminal to be configured by accessory device, so that the terminal to be configured uses the configuration information Secure connection is set up with the access device.

With reference in a first aspect, in the first possible implementation, the access device and the access accessory device Shared second key,

It is described to send descending first key authentication information to access accessory device, specifically include：

The descending first key authentication information using the encryption of the second key is sent to accessory device is accessed.

With reference to first aspect or first aspect the first possible implementation, in second possible implementation In, it is described to access the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, specifically Including：

To it is described access accessory device send expect up first key authentication information, make it is described access accessory device will The described up first key authentication information for receiving is matched with the up first key authentication information of the expectation, if institute When stating the up first key authentication information that up first key authentication information is the expectation, then the access accessory device is tested Demonstrate,prove the up first key authentication information to pass through.

With reference to first aspect, first aspect the first or second possible implementation, in the third possible reality In existing mode, it is described the configuration information is sent to by the access accessory device for the terminal to be configured after, also Including：

Checking is described to access the described up first key authentication information that accessory device forwarding comes, if being verified, makes The configuration information comes into force.

With reference to first aspect, first aspect the first, second or the third possible implementation, can at the 4th kind It is in the implementation of energy, described to consult to generate first key with the terminal to be configured, specifically include：

With the terminal to be configured pass through IKE Diffie-Hellman or public key encryption algorithm RSA agreements or Elliptic curve cryptography EIGamal protocol negotiations generate first key.

With reference to first aspect or first aspect the first to the 4th kind of any one possible implementation, at the 5th kind In possible implementation, communicated by wired mode between the access device and the access accessory device, it is described to wait to match somebody with somebody Put.

Embodiment of the present invention second aspect provides a kind of information configuring methods, is applied to set with access device, access annex In the terminal to be configured of standby communication, methods described includes：

Consult to generate first key by Diffie-Hellman with the access device；

Receive the access device by access accessory device forwarding come descending first key authentication information, it is described descending First key authentication information is the authentication information calculated using the first key；

Verify the descending first key authentication information；

Up first key authentication information is sent to the access accessory device, and by the accessory device that accesses by institute State up first key authentication information and be transmitted to the access device, so that the access device verifies that described up first is close Key authentication information, receives the use institute that the access device is sent after the checking up first key authentication information passes through The configuration information of first key encryption is stated, the up first key authentication information is using recognizing that the first key is calculated Card information；Or,

Receive the configuration information that the use first key that the access device sends is encrypted, and to it is described access it is attached Part equipment sends up first key authentication information, and believes the up first key certification by the access accessory device Breath is transmitted to the access device, so that the access device verifies the up first key authentication information, and in checking By after, make the configuration information come into force；Or,

Receive the configuration information that the use first key that the access device sends is encrypted, and to it is described access it is attached Part equipment sends up first key authentication information, so that the access accessory device checking up first key certification letter Breath, and after being verified, make the configuration information come into force；Or,

Up first key authentication information is sent to the access accessory device, so that the access accessory device checking institute Up first key authentication information is stated, the access accessory device is received and is passed through in the checking up first key authentication information The configuration information that the use first key for sending afterwards is encrypted, described is institute using the configuration information that the first key is encrypted State access device and be sent to the access accessory device in advance；

Secure connection is set up with the access device using the configuration information.

It is with reference to second aspect, in the first possible implementation, described so that the access accessory device checking institute Up first key authentication information is stated, is specifically included：

So that the up first key authentication information is recognized by the accessory device that accesses with the up first key expected Card information is matched, if the up first key authentication information is the up first key authentication information of the expectation, Then the access accessory device verifies that the up first key authentication information passes through；The up first key certification of the expectation Information is that the access device is sent to the access accessory device in advance.

With reference to second aspect or second aspect the first possible implementation, in second possible implementation In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described Enter.

The embodiment of the present invention third aspect provides a kind of information configuring methods, is applied to and access device, terminal to be configured In the access accessory device of communication, the access device is consulted to generate first by Diffie-Hellman with the terminal to be configured Key, methods described include：

Receive and forward the access device to be sent to the descending first key authentication information of the terminal to be configured, make institute Descending first key authentication information key described in terminal authentication to be configured is stated, the descending first key authentication information is using described The authentication information that first key is calculated；

Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that The access device verifies the up first key authentication information, and makes to the terminal transmission to be configured after being verified The configuration information encrypted with the first key, so that the terminal to be configured is set with the access using the configuration information Standby to set up secure connection, the up first key authentication information is the authentication information calculated using the first key；Or Person,

Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that The access device is verified on described after the configuration information encrypted using the first key is sent to the terminal to be configured Row first key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured is used The configuration information sets up secure connection with the access device；Or,

The up first key authentication information that the terminal to be configured sends is received and verified, after being verified, institute is made The configuration information for stating first key encryption comes into force, so that the terminal to be configured is receiving the institute that the access device sends State configuration information and after the configuration information comes into force, set up secure connection with the access device using the configuration information；Or Person,

The configuration information that the use first key that the access device sends is encrypted is received, receives and verify described The up first key authentication information that terminal to be configured sends, after being verified, makes the configuration information come into force, and to described Terminal to be configured sends the configuration information, so that the terminal to be configured uses the configuration information and the access device Set up secure connection.

It is with reference to the third aspect, in the first possible implementation, described to verify the upper of the terminal transmission to be configured Row first key authentication information, specifically includes：

Receive the up first key authentication information of the expectation that the access device sends, and by receive it is described on Row first key authentication information is matched with the up first key authentication information of the expectation, if the up first key When authentication information is the up first key authentication information of the expectation, then verify that the up first key authentication information leads to Cross.

With reference to the third aspect or the third aspect the first possible implementation, in second possible implementation In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described Enter.

Embodiment of the present invention fourth aspect provides a kind of access device, connects with access accessory device and terminal communication to be configured Connect, the access device includes：

First key signal generating unit, it is close for consulting generation first by Diffie-Hellman with the terminal to be configured Key；

First transmitting element, for sending descending first key authentication information to the access accessory device, by described Access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that the end to be configured The end checking descending first key authentication information, the descending first key authentication information is to be generated using the first key The authentication information that the first key that unit is generated is calculated；

First processing units, after sending the descending first key authentication information in first transmitting element, Receive the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, checking it is described on Row first key authentication information, and send using matching somebody with somebody that the first key is encrypted to the terminal to be configured after being verified Confidence ceases, so that the terminal to be configured sets up secure connection using the configuration information and the access device, it is described up First key authentication information is the authentication information calculated using the first key；Or,

The first processing units, for first transmitting element send the descending first key authentication information it Afterwards, the configuration information encrypted using the first key is sent to the terminal to be configured, and verifies that the terminal to be configured is led to Cross the accessory device that accesses and forward the up first key authentication information of coming, if being verified, make the configuration information life Effect, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or,

Second processing unit, after sending the descending first key authentication information in first transmitting element, The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access accessory device checking The up first key authentication information that the terminal to be configured sends, if being verified, is made by the access accessory device The configuration information comes into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect Connect；Or,

The second processing unit, for first transmitting element send the descending first key authentication information it Afterwards, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and set by the access annex The standby up first key authentication information for verifying that the terminal to be configured sends, if being verified, by the access annex The configuration information is sent to the terminal to be configured by equipment, so that the terminal to be configured uses the configuration information and institute State access device and set up secure connection.

With reference to fourth aspect, in the first possible implementation, the second processing unit includes the first subprocessing Unit,

The first subprocessing unit, specifically for recognizing to the up first key for accessing accessory device transmission expectation Card information, makes the accessory device that accesses by up the of the described up first key authentication information for receiving and the expectation One key authentication information is matched, if the up first key authentication information is the up first key certification of the expectation During information, then the access accessory device verifies that the up first key authentication information passes through.

With reference to fourth aspect or fourth aspect the first possible implementation, in second possible implementation In, the second processing unit is additionally operable to verify that the accessory device that accesses forwards the described up first key certification letter for coming Breath, if being verified, makes the configuration information come into force.

With reference to fourth aspect, fourth aspect the first or second possible implementation, in the third possible reality In existing mode, communicate by wired mode between the access device and the access accessory device, the terminal to be configured and Communicated by closely mode between the access accessory device or wired mode communication.

A kind of terminal to be configured is provided in terms of the embodiment of the present invention the 5th, with access device and access accessory device communication link Connect, the terminal to be configured includes：

Second Key generating unit, for consulting to generate first key by Diffie-Hellman with the access device；

First receiving unit, for receive the access device by access accessory device forwarding come descending first key Authentication information, the descending first key authentication information are the first key generated using second Key generating unit The authentication information for calculating；

First authentication unit, for verifying descending first key authentication information that first receiving unit is received；

3rd processing unit, after verifying the descending first key authentication information in first authentication unit, Up first key authentication information is sent to the access accessory device, and by the access accessory device by described up the One key authentication information is transmitted to the access device, so that the access device checking up first key certification letter Breath, receives the access device to verify the use that sends after the up first key authentication information passes through described first close The configuration information of key encryption, the up first key authentication information is the authentication information calculated using the first key； Or,

3rd processing unit, for first authentication unit verify the descending first key authentication information it Afterwards, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex Preparation serves row first key authentication information, and turns the up first key authentication information by the access accessory device The access device is issued, so that the access device verifies the up first key authentication information, and is being verified After make the configuration information come into force；Or,

Fourth processing unit, after verifying the descending first key authentication information in first authentication unit, The configuration information that the use first key that the access device sends is encrypted is received, and is sent out to the access accessory device Row first key authentication information is served, so that the access accessory device checking up first key authentication information, and The configuration information is made to come into force after being verified；Or,

The fourth processing unit, for first authentication unit verify the descending first key authentication information it Afterwards, up first key authentication information is sent to the access accessory device, so that on the access accessory device checking is described Row first key authentication information, receives the access accessory device and is verifying the up first key authentication information by rear The configuration information that the use first key sent is encrypted, it is described to be connect for described using the configuration information that the first key is encrypted Enter equipment and be sent to the access accessory device in advance；

First connection establishment unit, for matching somebody with somebody for being sent using the 3rd processing unit or the fourth processing unit Confidence breath sets up secure connection with the access device.

In terms of the 5th, in the first possible implementation, the fourth processing unit includes the second subprocessing Unit,

The second subprocessing unit, specifically for sending up first key certification letter to the access accessory device Breath, so that the accessory device that accesses is by the up first key authentication information and the up first key authentication information expected Matched, it is if the up first key authentication information is the up first key authentication information of the expectation, described Access accessory device and verify that the up first key authentication information passes through；The up first key authentication information of the expectation is The access device is sent to the access accessory device in advance.

With reference to the first possible implementation in terms of the 5th or in terms of the 5th, in second possible implementation In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described Enter.

A kind of access accessory device is provided in terms of the embodiment of the present invention the 6th, is connected with access device and terminal communication to be configured Connect, the access device is consulted to generate first key, the access annex by Diffie-Hellman with the terminal to be configured Equipment includes：

Second receiving unit, the descending first key that the terminal to be configured is sent to for receiving the access device are recognized Card information, the descending first key authentication information is the authentication information calculated using the first key；

Second transmitting element, for the described descending first key certification letter for forwarding second receiving unit to receive Breath, makes descending first key authentication information described in the terminal authentication to be configured；

5th processing unit, after forwarding the descending first key authentication information in second transmitting element, Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that the access Up first key authentication information described in device authentication, and send using described the to the terminal to be configured after being verified The configuration information of one key encryption, so that the terminal to be configured is set up with the access device using the configuration information pacifying Complete to connect, the up first key authentication information is the authentication information calculated using the first key；Or,

5th processing unit, for second transmitting element forward the descending first key authentication information it Afterwards, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that described Access device verifies described up the after the configuration information encrypted using the first key is sent to the terminal to be configured One key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device；Or,

6th processing unit, after forwarding the descending first key authentication information in second transmitting element, The up first key authentication information that the terminal to be configured sends is received and verified, after being verified, is made described first close The configuration information of key encryption comes into force, so that the terminal to be configured is being received described in the access device transmission with confidence Breath and after the configuration information comes into force, sets up secure connection with the access device using the configuration information；Or,

6th processing unit, for second transmitting element forward the descending first key authentication information it Afterwards, the configuration information that the use first key that the access device sends is encrypted is received, is received and is verified and described wait to match somebody with somebody The up first key authentication information of terminal transmission is put, after being verified, sends described with confidence to the terminal to be configured Breath, so that the terminal to be configured sets up secure connection with the access device using the configuration information.

In terms of the 6th, in the first possible implementation, the 6th processing unit includes the 3rd subprocessing Unit,

The 3rd subprocessing unit, the up first key specifically for receiving the expectation that the access device sends Authentication information, and by the up first key authentication information of the described up first key authentication information for receiving and the expectation Matched, if the up first key authentication information is the up first key authentication information of the expectation, verified The up first key authentication information passes through.

With reference to the first possible implementation in terms of the 6th or in terms of the 6th, in second possible implementation In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described Enter.

A kind of information configuration system is provided in terms of the embodiment of the present invention the 7th, including：Access device, access accessory device and Terminal to be configured, communicates to connect between the access device, access accessory device and terminal to be configured,

The access device is the access device described in above-mentioned technical proposal, and the terminal to be configured is above-mentioned technical proposal Described terminal to be configured, the access accessory device are the access accessory device described in above-mentioned technical proposal.

In terms of the 7th, in the first possible implementation, the access device and the access accessory device Communicated by wired mode.

With reference to the first possible implementation in terms of the 7th or in terms of the 7th, in second possible implementation In, the access accessory device is communicated by near radio mode or wired mode with the terminal to be configured.

Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured Just set up with access device using the configuration information of first key encryption and be connected.It is this to be come by interacting with each other between equipment completely Complete to set up the scheme of connection, compared with the mode for being manually input into PIN of the prior art carries out inbound information configuration, no Need user to be manually entered, reduce the operation difficulty of user, improve Consumer's Experience.

Description of the drawings

For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to making needed for embodiment description Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those skilled in the art, on the premise of not paying creative work, can be attached to obtain others according to these accompanying drawings Figure.

Fig. 1 is an embodiment schematic diagram of information configuring methods provided in an embodiment of the present invention；

Fig. 2 is another embodiment schematic diagram of information configuring methods provided in an embodiment of the present invention；

Fig. 3 is another embodiment schematic diagram of information configuring methods provided in an embodiment of the present invention；

Fig. 4 is an application scenarios embodiment schematic diagram in the embodiment of the present invention；

Fig. 5 is Another Application scene embodiment schematic diagram in the embodiment of the present invention；

Fig. 6 is Another Application scene embodiment schematic diagram in the embodiment of the present invention；

Fig. 7 is Another Application scene embodiment schematic diagram in the embodiment of the present invention；

Fig. 8 is an embodiment schematic diagram of access device in the embodiment of the present invention；

Fig. 9 is another embodiment schematic diagram of access device in the embodiment of the present invention；

Figure 10 is an embodiment schematic diagram of terminal to be configured in the embodiment of the present invention；

Figure 11 is another embodiment schematic diagram of terminal to be configured in the embodiment of the present invention；

Figure 12 is an embodiment schematic diagram of access accessory device in the embodiment of the present invention；

Figure 13 is another embodiment schematic diagram of access accessory device in the embodiment of the present invention；

Figure 14 is another embodiment schematic diagram of access device in the embodiment of the present invention；

Figure 15 is another embodiment schematic diagram of terminal to be configured in the embodiment of the present invention；

Figure 16 is another embodiment schematic diagram of access accessory device in the embodiment of the present invention；

Figure 17 is an embodiment schematic diagram of information configuration system in the embodiment of the present invention.

Specific embodiment

The embodiment of the present invention provides a kind of information configuring methods, can reduce user operation difficulty, improves internet security. It is described in detail individually below.

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on Embodiment in the present invention, the every other enforcement obtained under the premise of creative work is not made by those skilled in the art Example, belongs to the scope of protection of the invention.

Access device in the embodiment of the present invention can for router, modem, terminal to be configured can for mobile phone, The terminals such as computer, wireless printer, it can be the smart card with communication function to access accessory device, to be configured in the present invention Terminal can also have the function of access device, and access device can also have the function of terminal to be configured.

Access device, access accessory device and terminal communication to be configured connection in the multiple embodiments of present invention below, institute State access device to communicate by wired mode with the access accessory device, the access accessory device is to be configured with described Terminal can be communicated by near radio mode or wired mode, and the access device can pass through with the terminal to be configured Wireless communication mode；The wired mode communication can be by USB（USB, Universal Serial BUS） Mode communicates, and it can be near-field communication that the near radio mode communicates（NFC, Near field communication）Side Formula communicates, and the wireless communication mode can be by Wireless Fidelity（WirelessFidelity, WiFi）Mode communicates.It is described Access device is communicated by wired mode with the access accessory device, can prevent man-in-the-middle attack, while preventing access from setting Transmission data that is standby and accessing accessory device is eavesdropped by attacker, and prevents attacker from distorting letter to accessory device write is accessed Breath.Access accessory device and the terminal to be configured being communicated such as NFC communication using near radio mode, or can be reduced Power causes the WiFi communication mode that can only be communicated in the range of close distance such as 1 meter to be communicated, due to two equipment Exchange message is difficult to by man-in-the-middle attack in the close distance, can improve security.

Refering to Fig. 1, it is applied to and accesses in accessory device, the access device of terminal communication to be configured, the embodiment of the present invention One embodiment of the information configuring methods of offer includes：

101st, access device is consulted to generate first key by Diffie-Hellman with the terminal to be configured.

Access device can pass through Diffie-Hellman with the terminal to be configured, such as：Diffie-Hellman, i.e. DH are close Key exchange agreement, public key encryption algorithm（Such as：Ron Rivest, Adi Shamirh, LenAdleman, RSA）Agreement is oval bent Line encryption EIGamal agreements etc. consult to generate first key.

The first key only access device and terminal to be configured that several negotiating algorithms are generated above knows that other equipment is all The first key is not known.

102nd, access device sends descending first key authentication information to the access accessory device, attached by the access The descending first key authentication information is transmitted to the terminal to be configured by part equipment, so that the terminal authentication to be configured The descending first key authentication information, the descending first key authentication information is using recognizing that the first key is calculated Card information；Execution step 103,104,105 or 106 is distinguished after execution step 102.

Key authentication information can have various production methods, can encrypt a data with key, it is also possible to key pair One data makes an abstract computing etc..

When the descending first key authentication information verifies correct, illustrate that access device is held with terminal to be configured identical First key, so as to the equipment identities for confirming other side are real.

103rd, access device receive the terminal to be configured by it is described access accessory device forwarding come it is up first close Key authentication information, verifies the up first key authentication information, and makes to the terminal transmission to be configured after being verified The configuration information encrypted with the first key, so that the terminal to be configured uses the configuration information and the access device Secure connection is set up, the up first key authentication information is the authentication information calculated using the first key.

The process of step 103 is after terminal authentication to be configured descending first key authentication information, to access accessory device Send up first key authentication information, after the complete up first key authentication information of device authentication to be accessed, if on described Row first key authentication information is sent using the first key to the terminal to be configured by checking, the then access device The configuration information of encryption, so that the terminal to be configured sets up secure connection with the access device using the configuration information.

104th, access device sends the configuration information encrypted using the first key to the terminal to be configured, and verifies The terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified, The configuration information is made to come into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect Connect.

The process of step 104 is that access device can be when up first key authentication information not be received to end to be configured End sends the configuration information using first key encryption, is carried out to up after then receiving up first key authentication information again The checking of first key authentication information, when the up first key authentication information is after checking, makes the configuration information life Effect, after configuration information comes into force, terminal to be configured could set up secure connection with the access device using the configuration information.

105th, access device sends the configuration information encrypted using the first key to the terminal to be configured, and passes through It is described to access the up first key authentication information that the accessory device checking terminal to be configured sends, if being verified, lead to Cross it is described access accessory device make the configuration information come into force so that the terminal to be configured using the configuration information with it is described Access device sets up secure connection.

The process of step 105 is that access device passes through in descending first key authentication information described in terminal authentication to be configured Afterwards, directly the configuration information using first key encryption is sent to terminal to be configured, in step 105, access device is not verified up First key authentication information, but the up first key authentication information is verified by accessory device is accessed, after being verified, Configuration information is made to come into force by accessory device is accessed, so that terminal to be configured is built with the access device using the configuration information Vertical secure connection.

In fact, used as 105 deformation, the embodiment of the present invention can also be access device described in terminal authentication to be configured After descending first key authentication information passes through, to the configuration information that access accessory device transmission is encrypted using first key, then by Access accessory device and the configuration information is transmitted to into the terminal to be configured, other processes are identical with step 105, and here is not Repeat again.

106th, access device accesses the configuration information that accessory device transmission is encrypted using the first key to described, and leads to The up first key authentication information for accessing the accessory device checking terminal transmission to be configured is crossed, if being verified, The configuration information is sent to by the terminal to be configured by the access accessory device, so that the terminal to be configured is used The configuration information sets up secure connection with the access device.

The process of step 106 is that access device passes through in descending first key authentication information described in terminal authentication to be configured Afterwards, to configuration information of the accessory device transmission using first key encryption is accessed, access accessory device and receive terminal to be configured After the up first key authentication information for sending, the up first key authentication information is verified, and after being verified, makes institute State configuration information to come into force, and the configuration information for coming into force is sent to into the terminal to be configured.

The embodiment of the present invention, is applied to and accesses in accessory device, the access device of terminal communication to be configured, methods described Including：Consult to generate first key by Diffie-Hellman with the terminal to be configured；Send to the access accessory device The descending first key authentication information is transmitted to described by descending first key authentication information by the access accessory device Terminal to be configured, so that descending first key authentication information described in the terminal authentication to be configured, the descending first key Authentication information is the authentication information calculated using the first key；The terminal to be configured is received by the access annex The up first key authentication information that device forwards are come, verifies the up first key authentication information, and after being verified The configuration information encrypted using the first key is sent to the terminal to be configured, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device, and the up first key authentication information is using the first key The authentication information for calculating；Or, the configuration information encrypted using the first key is sent to the terminal to be configured, and is tested Demonstrate,prove the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified, The configuration information is then made to come into force, so that the terminal to be configured sets up safety with the access device using the configuration information Connection；Or, the configuration information encrypted using the first key is sent to the terminal to be configured, and it is attached by the access The up first key authentication information that terminal to be configured described in part device authentication sends, if being verified, by the access Accessory device makes the configuration information come into force, so that the terminal to be configured is built with the access device using the configuration information Vertical secure connection；Or, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and pass through institute The up first key authentication information for accessing that the accessory device checking terminal to be configured sends is stated, if being verified, is passed through The configuration information is sent to the terminal to be configured by the access accessory device, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device.

Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured Just set up with access device using the configuration information of first key encryption and be connected.It is provided in an embodiment of the present invention this completely by setting The scheme for interacting with each other to complete inbound information configuration and set up connection between standby, is manually input into of the prior art The mode of PIN carries out inbound information configuration and compares, it is not necessary to which user is manually entered, and is reduced the operation difficulty of user, is carried High Consumer's Experience；As PIN is very short in prior art, only it is made up of 8 bit digitals, it is easy to cracked by brute force attack, so Internet security is low, and the embodiment of the present invention after up-down bidirectional checking just makes configuration information come into force, further increases net The security of network.

Further, the step 101 specifically can receive the configuration of the terminal to be configured in the access device Occur after request.

Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 1, information configuring methods provided in an embodiment of the present invention In another embodiment, before first key is generated, it is close that the access device can share second with the access accessory device Key；

It is described to send descending first key authentication information to access accessory device, can specifically include：

The descending first key authentication information using second key encryption is sent to accessory device is accessed.

Alternatively, on the basis of the corresponding alternative embodiments of above-mentioned Fig. 1 and Fig. 1, information provided in an embodiment of the present invention In another embodiment of collocation method,

It is described to access the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, Can specifically include：

Used as the deformation of the embodiment, the up first key authentication information of the expectation can be and use first key The configuration information of encryption sends jointly to the access accessory device.

On the basis of the corresponding alternative embodiments of above-mentioned Fig. 1 and Fig. 1, information configuring methods provided in an embodiment of the present invention Another embodiment in, it is described by it is described access accessory device by the configuration information be sent to the terminal to be configured it Afterwards, also include：

The embodiment of the present invention is accessing after accessory device verifies the up first key authentication information, then to be set by access It is standby to verify once the first key authentication information again, so that network is safer.

Refering to Fig. 2, it is applied in the terminal to be configured communicated with access device, access accessory device, the embodiment of the present invention Another embodiment of the information configuring methods of offer includes：

201st, terminal to be configured consults to generate first key by Diffie-Hellman with the access device.

202nd, terminal to be configured receive the access device by access accessory device forwarding come descending first key recognize Card information, the descending first key authentication information is the authentication information calculated using the first key.

203rd, descending first key authentication information described in terminal authentication to be configured；Difference execution step after step 203 204th, 205,206 or 207, after having performed 204,205,206 or 207 these steps respectively, then perform 208.

204th, terminal to be configured sends up first key authentication information to the access accessory device, and is connect by described Enter accessory device and the up first key authentication information is transmitted to into the access device, so that access device checking The up first key authentication information, the reception access device is after verifying that the up first key authentication information passes through The configuration information that the use first key for sending is encrypted, the up first key authentication information are using described first The authentication information that cipher key calculation goes out.

The process of step 204 is：After the descending first key authentication information of terminal authentication to be configured, send out to accessory device is accessed Row first key authentication information is served, the up first key authentication information is transmitted to into the access by accessory device is accessed Equipment, after the up first key authentication information of device authentication to be accessed, then receives the use first key that access device sends The configuration information of encryption.

205th, the configuration information that the use first key that the terminal reception to be configured access device sends is encrypted, And up first key authentication information is sent to the access accessory device, and will be described up by the access accessory device First key authentication information is transmitted to the access device, so that the access device verifies the up first key certification Information, and after being verified, make the configuration information come into force.

The process of step 205 is：Terminal to be configured after descending first key authentication information has been verified, first receives access and sets The configuration information of the use first key encryption that preparation is sent, then sends up first key certification to access accessory device again The up first key authentication information is transmitted to the access device by accessory device is accessed, is tested by access device by information The up first key authentication information is demonstrate,proved, after being verified, access device makes the configuration information come into force.

206th, the configuration information that the use first key that the terminal reception to be configured access device sends is encrypted, And up first key authentication information is sent to the access accessory device, so that the access accessory device checking is described up First key authentication information, and after being verified, make the configuration information come into force.

The process of step 206 is：Terminal to be configured after descending first key authentication information has been verified, first receives access and sets The configuration information of the use first key encryption that preparation is sent, then sends up first key certification to access accessory device again Information, verifies the up first key authentication information by accessory device is accessed, after being verified, by the access accessory device The configuration information is made to come into force.

Used as the deformation of step 206, terminal to be configured is after descending first key authentication information has been verified, it is also possible to first connect The configuration information for accessing the use first key encryption that accessory device sends is received, then, then is sent to accessory device is accessed Row first key authentication information, verifies the up first key authentication information by accessory device is accessed, after being verified, by institute Stating access accessory device makes the configuration information come into force.

207th, terminal to be configured sends up first key authentication information to the access accessory device, so that the access Accessory device verifies the up first key authentication information, receives the access accessory device and is verifying that described up first is close The configuration information that key authentication information is encrypted by the use first key of rear transmission, it is described to be encrypted using the first key Configuration information be the access device be sent in advance it is described access accessory device.

The process of step 207 is：Access device is sent in advance gives access annex using the configuration information that first key is encrypted Equipment, terminal to be configured send up first key to accessory device is accessed after descending first key authentication information has been verified Authentication information, verifies the up first key authentication information by accessory device is accessed, after being verified, by access accessory device Configuration information is made to come into force.

208th, terminal to be configured sets up secure connection with the access device using the configuration information.

In the embodiment of the present invention, it is applied in the terminal to be configured communicated with access device, access accessory device, the side Method includes：Consult to generate first key by Diffie-Hellman with the access device；The access device is received by connecing Enter the descending first key authentication information that accessory device forwarding comes, the descending first key authentication information is using described first The authentication information that cipher key calculation goes out；Verify the descending first key authentication information；Send up to the access accessory device First key authentication information, and the up first key authentication information is transmitted to by described connecing by the access accessory device Enter equipment, so that the access device verifies the up first key authentication information, the access device is received in checking The configuration information that the use first key that the up first key authentication information is sent after passing through is encrypted, it is described up First key authentication information is the authentication information calculated using the first key；Or, receive the access device and send The configuration information that the use first key come is encrypted, and up first key certification letter is sent to the access accessory device Breath, and the up first key authentication information is transmitted to by the access device by the access accessory device, so that The access device verifies the up first key authentication information, and after being verified, make the configuration information come into force；Or Person, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex Preparation serves row first key authentication information, so that the access accessory device verifies the up first key authentication information, And after being verified, make the configuration information come into force；Or, up first key certification is sent to the access accessory device Information, so that the access accessory device verifies the up first key authentication information, receives the access accessory device and exists The configuration information that the up first key authentication information is encrypted by the use first key of rear transmission is verified, it is described to make The configuration information encrypted with the first key is that the access device is sent to the access accessory device in advance；Using institute State configuration information secure connection is set up with the access device.

Further, the step 201 specifically can be asked to the access device send configuration in the terminal to be configured Ask, and occur after the access device receives the configuring request of the terminal to be configured.

Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 2, another reality of the information configuring methods that the present invention is provided Apply in example,

It is described so that the access accessory device verifies the up first key authentication information, can specifically include：

Used as the deformation of the present embodiment, the up first key authentication information of the expectation can be with information to be configured simultaneously The access accessory device is sent to by access device.

Refering to Fig. 3, be applied to in access device, the access accessory device of terminal communication to be configured, the access device Consult to generate first key, information configuration side provided in an embodiment of the present invention by Diffie-Hellman with the terminal to be configured Another embodiment of method includes：

301st, access accessory device to receive and forward the access device to be sent to descending the first of the terminal to be configured Key authentication information, makes descending first key authentication information key described in the terminal authentication to be configured, the descending first key Authentication information is the authentication information calculated using the first key.After execution of step 301, difference execution step 302, 303rd, 304 or 305.

302nd, access accessory device to receive and forward the terminal to be configured to be sent to up the first of the access device Key authentication information, so that the access device verifies the up first key authentication information, and to institute after being verified State terminal to be configured and send the configuration information encrypted using the first key, so that the terminal to be configured is matched somebody with somebody using described Confidence breath sets up secure connection with the access device, and the up first key authentication information is using the first key meter The authentication information for calculating.

The process of step 302 is：The up first key that the access accessory device reception terminal to be configured sends is recognized Card information, then forwards the up first key authentication information to access device again, verifies described up first by access device Key authentication information, and after being verified, sent to the terminal to be configured from access device and added using the first key Close configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information, The up first key authentication information is the authentication information calculated using the first key.

303rd, access accessory device to receive and forward the terminal to be configured to be sent to up the first of the access device Key authentication information, so that the access device is in the configuration encrypted using the first key to the terminal transmission to be configured The up first key authentication information is verified after information, and after being verified, makes the configuration information come into force, so that institute State terminal to be configured and set up secure connection with the access device using the configuration information.

The process of step 303 is：The up first key that the access accessory device reception terminal to be configured sends is recognized Card information, then forwards the up first key authentication information to access device again, and access device is to the terminal to be configured The up first key authentication information is verified after sending the configuration information encrypted using the first key, after being verified, The configuration information is made to come into force by the access device, so that the terminal to be configured is connect with described using the configuration information Enter equipment and set up secure connection.

304th, access accessory device and receive and verify the up first key authentication information that the terminal to be configured sends, After being verified, make the configuration information of first key encryption come into force so that the terminal to be configured receive it is described After the configuration information and the configuration information that access device sends comes into force, using the configuration information and the access device Set up secure connection.

The process of step 304 is：Access accessory device and receive the up first key certification that the terminal to be configured sends After information, verify the up first key authentication information, and after being verified, make the first key encryption with confidence Breath comes into force, so that the terminal to be configured is in the configuration information for receiving the access device transmission and described with confidence After breath comes into force, secure connection is set up with the access device using the configuration information.

Used as the deformation of step 304, the up first key for accessing the accessory device reception terminal transmission to be configured is recognized Before card information, the configuration information that the use first key that sends of access device is encrypted first is received, and first described wait to match somebody with somebody The configuration information that terminal forwards the first key encryption is put, the up first key certification letter is then received and verify again Breath, and after being verified, make the configuration information of the first key encryption come into force, so that the terminal to be configured is being received After the configuration information and the configuration information sent to the access device comes into force, connect with described using the configuration information Enter equipment and set up secure connection.

305th, access that accessory device receives that the use first key that the access device sends encrypts with confidence Breath, receives and verifies the up first key authentication information that the terminal to be configured sends, after being verified, make the configuration Information comes into force, and sends the configuration information to the terminal to be configured, so that the terminal to be configured uses the configuration Information sets up secure connection with the access device.

The process of step 305 is：Accessing accessory device, first to receive use that the access device sends described first close The configuration information of key encryption, then receives and verifies the up first key authentication information that the terminal to be configured sends again, After being verified, make the configuration information come into force, and the configuration information is sent to the terminal to be configured, so that described treat Configurating terminal sets up secure connection with the access device using the configuration information.

Be applied in the embodiment of the present invention with access device, the access accessory device of terminal communication to be configured, the side Method includes, receives and forward the access device to be sent to the descending first key authentication information of the terminal to be configured, make institute Descending first key authentication information key described in terminal authentication to be configured is stated, the descending first key authentication information is using described The authentication information that first key is calculated；Receive and forward the terminal to be configured to be sent to up the first of the access device Key authentication information, so that the access device verifies the up first key authentication information, and to institute after being verified State terminal to be configured and send the configuration information encrypted using the first key, so that the terminal to be configured is matched somebody with somebody using described Confidence breath sets up secure connection with the access device, and the up first key authentication information is using the first key meter The authentication information for calculating；Or, receive and forward the terminal to be configured to be sent to the up first key of the access device Authentication information, so that the access device is in the configuration information encrypted using the first key to the terminal transmission to be configured After verify the up first key authentication information, and after being verified, make the configuration information come into force, so that described treat Configurating terminal sets up secure connection with the access device using the configuration information；Or, receive and verify described to be configured The up first key authentication information that terminal sends, after being verified, makes the configuration information of the first key encryption come into force, So that the terminal to be configured comes into force in the configuration information and the configuration information for receiving the access device transmission Afterwards, secure connection is set up with the access device using the configuration information；Or, what the reception access device sent makes The configuration information encrypted with the first key, receives and verifies the up first key certification letter that the terminal to be configured sends Breath, after being verified, makes the configuration information come into force, and sends the configuration information to the terminal to be configured, so that The terminal to be configured sets up secure connection with the access device using the configuration information.

Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 3, information configuring methods provided in an embodiment of the present invention In another embodiment,

The up first key authentication information for verifying that the terminal to be configured sends, can specifically include：

In the embodiment of the present invention, the up first key authentication information of the expectation can with encrypted using first key Configuration information is received simultaneously.

In order to make it easy to understand, below by taking several specific application scenarios as an example, describing information in the embodiment of the present invention in detail The detailed process of collocation method：

The detailed process of information configuration in the embodiment of the present invention is described in detail with reference to Fig. 4：

S100, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.

Several algorithms are common Diffie-Hellman above, in the case of no man-in-the-middle attack, consult what is generated First key only access device and terminal to be configured are known, even if the message of exchange process is listened to by miscellaneous equipment, other Equipment is also difficult to know the first key.

In fact, optional, before access device and terminal to be configured are consulted to generate first key, access device with connect Enter accessory device and can also share the second key, the sharing mode of second key is stored in access device when can be and dispatch from the factory With the key in access accessory device.The second key now is static state setting.The access accessory device of such case and connect Enter equipment and always match access accessory device one access device of correspondence of appearance, i.e.,.In this case can connect Enter equipment to the process for accessing accessory device the second key of transmission.If the second key is stored in access when not being and dispatching from the factory, annex sets In standby, it is also possible to pass through USB by access device（Universal Serial BUS, USB）Transmit Deng wired mode To accessory device is accessed, the second key now can be that dynamic is arranged, and always be inserted into access device in access accessory device USB or other wired modes on when by access device transmit update the second key.The step of the second key of this renewal, is not Must occur when starting and treating the configuration process of configurating terminal, can be when access accessory device turns back to access device Quarter is carried out.

Can also will access accessory device and access device is connected to by wired modes such as USB, that is, access accessory device When being inserted on access device, access device is interpreted as in forbidding deploying new equipment state, and accesses accessory device and set with access It is standby to disconnect wired connection, that is, when accessing accessory device and not being inserted on access device, access device is interpreted as in configurable new Equipment state.

S105, access device send descending first key authentication information to the access accessory device, and described descending first Key authentication information is the authentication information calculated using the first key.

Key authentication information can have various production methods, can encrypt a data with key, it is also possible to key pair One data makes an abstract computing etc..Those skilled in the art understand the computational methods of authentication information, here not concrete example.

Access accessory device and descending first key authentication information can be transmitted to accessory device is accessed by wired mode.Should Wired communication mode can be to be communicated by USB modes.

For example：When burst of data is for " today, weather was very good！", using the authentication information that first key is calculated can be " today is an auspicious day！”.So descending first key authentication information is just for " today is an auspicious day！”.

When accessory device is accessed with access device also shared second key, under access device is sent to access accessory device During row first key authentication information, it is also possible to encrypt the descending first key authentication information using second key.

S110, access accessory device send the descending first key authentication information to terminal to be configured.

Access accessory device to communicate by near radio mode with terminal room to be configured or wired mode communication, closely Apart from wireless communication mode, such as：NFC communication.Wired mode communicates, such as：USB modes communicate.

Descending first key authentication information described in S115, terminal authentication to be configured.

If terminal to be configured also holds first key, then terminal to be configured can just read descending first key certification Information, such as：Can read that " today is auspicious day！" this descending first key authentication information, if terminal to be configured does not have Hold first key, then terminal to be configured cannot read that " today is auspicious day！" this descending first key certification letter Breath.

If the first key that terminal to be configured is held is different from the first key of access device, decline in identical algorithms The authentication informations different from the descending first key authentication information for receiving are obtained, then terminal to be configured and access before can determine whether out The key exchange process of equipment malfunctions or by man-in-the-middle attack, and configuration process should terminate that.

When descending first key authentication information success described in terminal authentication to be configured, then can determine that access device is real Access device.

S120, terminal to be configured send up first key authentication information to accessory device is accessed, and described up first is close Key authentication information is the authentication information calculated using the first key.

S125, access accessory device forward the up first key authentication information to the access device.

S130, access device verify the up first key authentication information.

When access device verifies the up first key authentication information, then access device can know terminal to be configured For real terminal to be configured, configuration information can be sent to, the accessing terminal to network to be configured is made.

S135, access device send the configuration information using first key encryption to terminal to be configured, i.e. access device makes Configuration information is transmitted to terminal to be configured with first key, make the terminal to be configured use the configuration information and the access Equipment sets up secure connection.

Can also include that before S135 steps terminal to be configured asks the optional step of configuration information to access device.

S140, terminal to be configured set up secure connection using the configuration information and access device.

After being all proved to be successful for up-downgoing in the corresponding application scenarios of Fig. 4, access device is sent to terminal to be configured again matches somebody with somebody Confidence ceases, and the configuration information terminal to be configured of this scene directly can be used.In fact, under information configuration process can also be After row is proved to be successful, access device can send the configuration information encrypted using first key, concrete mistake to terminal to be configured Journey is understood refering to Fig. 5：

S200, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.

In the present embodiment, access device can also share the second key with accessory device is accessed, and detailed process is corresponding with Fig. 7 Scene embodiment it is identical, repeat no more here.

S205, access device send descending first key authentication information to the access accessory device, and described descending first Key authentication information is the authentication information calculated using the first key.

S210, access accessory device send the descending first key authentication information to terminal to be configured.

Descending first key authentication information described in S215, terminal authentication to be configured.

S220, access device send the configuration information using first key encryption to terminal to be configured, make described to be configured Terminal sets up secure connection with the access device using the configuration information.

Before step S220, can also include that terminal to be configured asks the optional step of configuration information to access device.

S225, terminal to be configured send up first key authentication information to accessory device is accessed, and described up first is close Key authentication information is the authentication information calculated using the first key.

S230, access accessory device forward the up first key authentication information to the access device.

S235, access device verify the up first key authentication information, and are verifying the first key certification letter After breath passes through, the configuration information is made to come into force.

S240, terminal to be configured set up secure connection using the configuration information and access device.

The information configuration process of the information configuration process scene corresponding with Fig. 4 of the corresponding scenes of Fig. 5 is essentially identical, simply After the descending first key authentication information of terminal authentication to be configured, first configuration information, equipment to be accessed is asked to be sent out to access device After carrying out the configuration information encrypted using first key, then up first key authentication information is sent to accessory device is accessed, but Terminal to be configured will be after access device verifies that the first key authentication information passes through, and access device makes the configuration information After coming into force, secure connection could be set up using the configuration information and access device.If the up first key certification letter Cease the checking not over access device, then configuration information would not come into force, terminal to be configured also cannot just be set up safety and connect Connect, in the corresponding application scenarios of Fig. 5, terminal to be configured can not be direct after the configuration information encrypted using first key is received Use, the configuration information will be made to use after coming into force when access device.

The detailed process of the information configuration of another embodiment in the embodiment of the present invention is described in detail with reference to Fig. 6：

S300, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.

In the present embodiment, access device can also share the second key with accessory device is accessed, and detailed process is corresponding with Fig. 7 Scene embodiment it is identical, be not described in detail here.

S305, access device are close to access the descending first key authentication information of accessory device transmission and expectation up first Key authentication information.

In fact, S305 can also be splitted into two processes sending respectively.

S310, access accessory device send descending first key authentication information to terminal to be configured.

Descending first key authentication information described in S315, terminal authentication to be configured.

S320, access device send the configuration information encrypted using the first key to terminal to be configured.

Deformation, or access device as S320 is sent using the first key to the access accessory device The configuration information of encryption, forwards the configuration information encrypted using the first key by the access accessory device.

Or, in S305 with descending first key authentication information and expect up first key authentication information simultaneously Send the configuration information encrypted using the first key, then by access accessory device forward it is described using described the The configuration information of one key encryption.

S325, the up first key authentication information for accessing accessory device reception terminal transmission to be configured.

The up first key authentication information is believed by S330, access accessory device with the up first key certification expected Breath is matched, when matching the up first key authentication information that the up first key authentication information is the expectation When, if being verified, make the configuration information come into force.

S335, terminal to be configured set up secure connection with the access device using the configuration information.

In the corresponding application scenarios of Fig. 6, after terminal to be configured receives the configuration information encrypted using the first key Can not directly use, the configuration information will be made to use after coming into force when accessing accessory device.

The detailed process of the information configuration of another embodiment in the embodiment of the present invention is described in detail with reference to Fig. 7：

S400, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.

S405, access device to access accessory device send descending first key authentication information, expect it is up first close Key authentication information and the configuration information encrypted using first key.

In fact, S305 can also be splitted into two or three transmission process, will the descending first key certification letter Breath, the up first key authentication information expected and the configuration information encrypted using first key are sent to the access several times Accessory device, but final purpose is all identical, be provided to send descending first key authentication information, expect it is up first close Key authentication information and configuration information these three parameters encrypted using first key.

S410, access accessory device send descending first key authentication information to terminal to be configured.

Descending first key authentication information described in S415, terminal authentication to be configured.

S420, terminal to be configured send up first key authentication information to accessory device is accessed.

The up first key authentication information is believed by S425, access accessory device with the up first key certification expected Breath is matched, if it is the up first key authentication information expected to match the up first key authentication information, is held Row step subsequent step, if unmatching, does not perform subsequent step.

S430, access accessory device send the configuration information of the use first key encryption to the terminal to be configured.

S435, terminal to be configured set up secure connection using the configuration information and access device.

In fact, alternatively, after step S430, two steps of S440 and S445 are can further include,

S440, access accessory device send up first key authentication information to access device.

S445, access device verify the up first key authentication information, if being verified, make the configuration information Come into force.In such cases, directly can not use after terminal to be configured receives the configuration information encrypted using the first key, The configuration information is used after coming into force when access device.

S440 and S445 the two optional steps, verify the up first key authentication information accessory device is accessed Afterwards, then by access device the first key authentication information is verified once again, so that network is safer.

Refering to Fig. 8, access device provided in an embodiment of the present invention is connected with access accessory device and terminal communication to be configured, One embodiment of access device provided in an embodiment of the present invention includes：

First key signal generating unit 701, for consulting to generate first by Diffie-Hellman with the terminal to be configured Key；

First transmitting element 702, for sending descending first key authentication information to the access accessory device, by institute State access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that described to be configured Descending first key authentication information described in terminal authentication, the descending first key authentication information is to be given birth to using the first key The authentication information that the first key generated into unit 701 is calculated；

First processing units 703, for sending the descending first key authentication information in first transmitting element 702 Afterwards, receive the terminal to be configured and the up first key authentication information that accessory device forwarding comes is accessed by described, verify The up first key authentication information, and added to the terminal transmission to be configured using the first key after being verified Close configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information, institute It is the authentication information calculated using the first key to state up first key authentication information；Or,

The first processing units 703, for sending the descending first key certification in first transmitting element 702 After information, the configuration information encrypted using the first key is sent to the terminal to be configured, and verifies described to be configured Terminal by it is described access accessory device forwarding come up first key authentication information, if being verified, make the configuration Information comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or,

Second processing unit 704, for sending the descending first key authentication information in first transmitting element 702 Afterwards, the configuration information encrypted using the first key is sent to the terminal to be configured, and is set by the access annex The standby up first key authentication information for verifying that the terminal to be configured sends, if being verified, by the access annex Equipment makes the configuration information come into force, so as to the terminal to be configured is set up with the access device using the configuration information pacify It is complete to connect；Or,

The second processing unit 704, for sending the descending first key certification in first transmitting element 702 After information, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and by the access The up first key authentication information that the accessory device checking terminal to be configured sends, if being verified, is connect by described Enter accessory device and the configuration information is sent to into the terminal to be configured, so that the terminal to be configured is using described with confidence Breath sets up secure connection with the access device.

In the embodiment of the present invention, first key signal generating unit 701 is assisted by Diffie-Hellman with the terminal to be configured Business generates first key；First transmitting element 702 sends descending first key authentication information to the access accessory device, passes through The descending first key authentication information is transmitted to the terminal to be configured by the access accessory device, so that described wait to match somebody with somebody Descending first key authentication information described in terminal authentication is put, the descending first key authentication information is using the first key The authentication information that the first key that signal generating unit 701 is generated is calculated；First processing units 703 are at described first After sending unit 702 to send the descending first key authentication information, the terminal to be configured is received by the access annex The up first key authentication information that device forwards are come, verifies the up first key authentication information, and after being verified The configuration information encrypted using the first key is sent to the terminal to be configured, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device, and the up first key authentication information is using the first key The authentication information for calculating；Or, the first processing units 703 send described descending in first transmitting element 702 After one key authentication information, the configuration information encrypted using the first key is sent to the terminal to be configured, and is verified The terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified, The configuration information is made to come into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect Connect；Or, second processing unit 704 after first transmitting element 702 sends the descending first key authentication information, The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access accessory device checking The up first key authentication information that the terminal to be configured sends, if being verified, is made by the access accessory device The configuration information comes into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect Connect；Or, the second processing unit 704 sends the descending first key authentication information in first transmitting element 702 Afterwards, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and by the access annex The up first key authentication information that terminal to be configured described in device authentication sends, it is if being verified, attached by the access The configuration information is sent to the terminal to be configured by part equipment so that the terminal to be configured using the configuration information with The access device sets up secure connection.Compared with prior art, access device provided in an embodiment of the present invention reduces networking The user operation difficulty of information configuration, and after up-down bidirectional is verified, just make configuration information come into force, further increase The security of network.

On the basis of the corresponding embodiments of above-mentioned Fig. 8, refering to Fig. 9, access device provided in an embodiment of the present invention it is another In one embodiment, the second processing unit 704 includes the first subprocessing unit 7041,

The first subprocessing unit 7041, up first specifically for expecting to the access accessory device transmission are close Key authentication information, make it is described access accessory device will be the described up first key authentication information for receiving upper with the expectation Row first key authentication information is matched, if the up first key authentication information is the up first key of the expectation During authentication information, then the access accessory device verifies that the up first key authentication information passes through.

On the basis of the corresponding embodiments of above-mentioned Fig. 8 or Fig. 9, another reality of access device provided in an embodiment of the present invention Apply in example,

The second processing unit 704, is additionally operable to verify that the accessory device that accesses forwards described up first for coming close Key authentication information, if being verified, makes the configuration information come into force.

Refering to Figure 10, terminal to be configured provided in an embodiment of the present invention and access device and access accessory device communication link Connect, an embodiment of terminal to be configured provided in an embodiment of the present invention includes：

Second Key generating unit 801, it is close for consulting generation first by Diffie-Hellman with the access device Key；

First receiving unit 802, for receive the access device by access accessory device forwarding come descending first Key authentication information, the descending first key authentication information are using the described of second Key generating unit 801 generation The authentication information that first key is calculated；

First authentication unit 803, for verifying that the descending first key certification that first receiving unit 802 is received is believed Breath；

3rd processing unit 804, for verifying the descending first key authentication information in first authentication unit 803 Afterwards, up first key authentication information is sent to the access accessory device, and will be described by the access accessory device Up first key authentication information is transmitted to the access device, so that the access device verifies the up first key Authentication information, the use that the reception access device is sent after the checking up first key authentication information passes through are described The configuration information of first key encryption, the up first key authentication information is the certification calculated using the first key Information；Or,

3rd processing unit 804, for verifying the descending first key certification in first authentication unit 803 After information, the configuration information that the use first key that the reception access device sends is encrypted, and to the access Accessory device sends up first key authentication information, and by the accessory device that accesses by the up first key certification Information is transmitted to the access device, so that the access device verifies the up first key authentication information, and is testing Card makes the configuration information come into force after passing through；Or,

Fourth processing unit 805, for verifying the descending first key authentication information in first authentication unit 803 Afterwards, the configuration information that the use first key that the reception access device sends is encrypted, and to the access annex Equipment sends up first key authentication information, so that the access accessory device checking up first key certification letter Breath, and after being verified, make the configuration information come into force；Or,

The fourth processing unit 805, for verifying the descending first key certification in first authentication unit 803 After information, up first key authentication information is sent to the access accessory device, so that the access accessory device checking The up first key authentication information, receives the access accessory device and leads in the checking up first key authentication information Later the configuration information that the use first key for sending is encrypted, the configuration information encrypted using the first key is The access device is sent to the access accessory device in advance；

First connection establishment unit 806, for using the 3rd processing unit 804 or the fourth processing unit 805 configuration informations for sending set up secure connection with the access device.

In the embodiment of the present invention, the second Key generating unit 801 is consulted by Diffie-Hellman with the access device Generate first key；First receiving unit 802 receive the access device by access accessory device forwarding come descending first Key authentication information, the descending first key authentication information are using the described of second Key generating unit 801 generation The authentication information that first key is calculated；First authentication unit 803 verifies descending that first receiving unit 802 is received One key authentication information；3rd processing unit 804 verifies the descending first key certification letter in first authentication unit 803 After breath, up first key authentication information is sent to the access accessory device, and by the accessory device that accesses by institute State up first key authentication information and be transmitted to the access device, so that the access device verifies that described up first is close Key authentication information, receives the use institute that the access device is sent after the checking up first key authentication information passes through The configuration information of first key encryption is stated, the up first key authentication information is using recognizing that the first key is calculated Card information；Or, the 3rd processing unit 804 verifies the descending first key certification in first authentication unit 803 After information, the configuration information that the use first key that the reception access device sends is encrypted, and to the access Accessory device sends up first key authentication information, and by the accessory device that accesses by the up first key certification Information is transmitted to the access device, so that the access device verifies the up first key authentication information, and is testing Card makes the configuration information come into force after passing through；Or, fourth processing unit 805 verifies described in first authentication unit 803 After descending first key authentication information, receive that the use first key that the access device sends encrypts with confidence Breath, and up first key authentication information is sent to the access accessory device, so that the access accessory device checking is described Up first key authentication information, and after being verified, make the configuration information come into force；Or, the fourth processing unit 805 after first authentication unit 803 verifies the descending first key authentication information, sends out to the access accessory device Row first key authentication information is served, so that the access accessory device verifies the up first key authentication information, is received The access accessory device is added by the use first key of rear transmission in the checking up first key authentication information Close configuration information, it is described to be in advance sent to described connect for the access device using the configuration information that the first key is encrypted Enter accessory device；First connection establishment unit 806 uses the 3rd processing unit 804 or the fourth processing unit 805 configuration informations for sending set up secure connection with the access device.Compared with prior art, it is provided in an embodiment of the present invention Terminal to be configured reduces the user operation difficulty of inbound information configuration, improves internet security.

On the basis of the corresponding embodiments of above-mentioned Figure 10, refering to Figure 11, terminal to be configured provided in an embodiment of the present invention Another embodiment in, the fourth processing unit 805 includes the second subprocessing unit 8051,

The second subprocessing unit 8051, specifically for sending up first key certification to the access accessory device Information, so that the accessory device that accesses is by the up first key authentication information and the up first key certification letter expected Breath is matched, if the up first key authentication information is the up first key authentication information of the expectation, institute State access accessory device and verify that the up first key authentication information passes through；The up first key authentication information of the expectation The access accessory device is sent in advance for the access device.

Refering to Figure 12, access accessory device provided in an embodiment of the present invention is connected with access device and terminal communication to be configured Connect, the embodiment for accessing accessory device provided in an embodiment of the present invention includes：

Second receiving unit 901, is sent to the descending first close of the terminal to be configured for receiving the access device Key authentication information, the descending first key authentication information is the authentication information calculated using the first key；

Second transmitting element 902, the described descending first key for forwarding second receiving unit 901 to receive are recognized Card information, makes descending first key authentication information described in the terminal authentication to be configured；

5th processing unit 903, for forwarding the descending first key authentication information in second transmitting element 902 Afterwards, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that institute State access device and verify the up first key authentication information, and use is sent to the terminal to be configured after being verified The configuration information of the first key encryption, so that the terminal to be configured uses the configuration information and the access device Secure connection is set up, the up first key authentication information is the authentication information calculated using the first key；Or,

5th processing unit 903, for forwarding the descending first key certification in second transmitting element 902 After information, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, with Make access device checking after the configuration information encrypted using the first key is sent to the terminal to be configured described Up first key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured makes Secure connection is set up with the access device with the configuration information；Or,

6th processing unit 904, for forwarding the descending first key authentication information in second transmitting element 902 Afterwards, the up first key authentication information that the terminal to be configured sends is received and verified, after being verified, described the is made The configuration information of one key encryption comes into force so that the terminal to be configured receive the access device send described in match somebody with somebody After confidence ceases and the configuration information comes into force, secure connection is set up with the access device using the configuration information；Or,

6th processing unit 904, for forwarding the descending first key certification in second transmitting element 902 After information, the configuration information that the use first key that the reception access device sends is encrypted receives and verifies institute The up first key authentication information that terminal to be configured sends is stated, after being verified, sends described to the terminal to be configured Configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information.

In the embodiment of the present invention, the second receiving unit 901 receives the access device and is sent to the terminal to be configured Descending first key authentication information, the descending first key authentication information are to be believed using the certification that the first key is calculated Breath；Second transmitting element 902 forwards the described descending first key authentication information that second receiving unit 901 is received, and makes Descending first key authentication information described in the terminal authentication to be configured；5th processing unit 903 is in second transmitting element After the 902 forwardings descending first key authentication information, receive and forward the terminal to be configured to be sent to the access and set Standby up first key authentication information, so that the access device verifies the up first key authentication information, and is testing Card sends the configuration information encrypted using the first key after passing through to the terminal to be configured, so that the end to be configured Secure connection is set up using the configuration information and the access device in end, and the up first key authentication information is to use institute State the authentication information that first key is calculated；Or, the 5th processing unit 903 is forwarded in second transmitting element 902 After the descending first key authentication information, receive and forward the terminal to be configured to be sent to the up of the access device First key authentication information, so that the access device is sending what is encrypted using the first key to the terminal to be configured The up first key authentication information is verified after configuration information, and after being verified, makes the configuration information come into force, so as to The terminal to be configured is made to set up secure connection with the access device using the configuration information；Or, the 6th processing unit 904, after second transmitting element 902 forwards the descending first key authentication information, receive and verify described to be configured The up first key authentication information that terminal sends, after being verified, makes the configuration information of the first key encryption come into force, So that the terminal to be configured comes into force in the configuration information and the configuration information for receiving the access device transmission Afterwards, secure connection is set up with the access device using the configuration information；Or, the 6th processing unit 904 is described After second transmitting element 902 forwards the descending first key authentication information, the use that the access device sends is received The configuration information of the first key encryption, receives and verifies the up first key certification letter that the terminal to be configured sends Breath, after being verified, sends the configuration information to the terminal to be configured, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device.Compared with prior art, embodiment of the present invention access accessory device can To reduce the user operation difficulty of inbound information configuration, internet security is improve.

On the basis of the corresponding embodiments of above-mentioned Figure 12, refering to Figure 13, access annex provided in an embodiment of the present invention sets In standby another embodiment, the 6th processing unit 904 includes the 3rd subprocessing unit 9041,

The 3rd subprocessing unit 9041, up first specifically for receiving the expectation that the access device sends Key authentication information, and by the up first key certification of the described up first key authentication information for receiving and the expectation Information is matched, if the up first key authentication information is the up first key authentication information of the expectation, Verify that the up first key authentication information passes through.

Refering to Figure 14, access device provided in an embodiment of the present invention is connected with access accessory device and terminal communication to be configured Connect, an embodiment of access device provided in an embodiment of the present invention includes：First input unit 700, the first output device 710, First memory 720 and first processor 730（First processor 730 can be one or more, and Figure 14 is as a example by one）；

First input unit 700, the first output device 710, first memory 720 and first processor 730 can pass through Bus or other modes connection；

Wherein, the first processor 730 is for consulting to generate the by Diffie-Hellman with the terminal to be configured One key；

First output device 710 leads to for sending descending first key authentication information to the access accessory device Cross the access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that described treat Configurating terminal verifies the descending first key authentication information, and the descending first key authentication information is close using described first The authentication information that key is calculated；

First input unit 700 be used to receiving the terminal to be configured by it is described access accessory device forwarding come it is up First key authentication information, the first processor 730 are used to verify the up first key authentication information that described first is defeated Go out device 710 for the configuration information encrypted using the first key being sent to the terminal to be configured after being verified, So that the terminal to be configured sets up secure connection, the up first key using the configuration information and the access device Authentication information is the authentication information calculated using the first key；Or,

First output device 710 is for sending the configuration encrypted using the first key to the terminal to be configured Information, the first processor 730 be used for verify the terminal to be configured by it is described access accessory device forwarding come it is up First key authentication information, if being verified, makes the configuration information come into force, so that the terminal to be configured is matched somebody with somebody using described Confidence breath sets up secure connection with the access device；Or,

First output device 710 is for sending the configuration encrypted using the first key to the terminal to be configured Information, and the up first key authentication information that accessory device verifies that the terminal to be configured sends is accessed by described, if testing Card passes through, then make the configuration information come into force by the access accessory device, so that the terminal to be configured is matched somebody with somebody using described Confidence breath sets up secure connection with the access device；Or,

First output device 710 for it is described access accessory device send using matching somebody with somebody that the first key is encrypted Confidence ceases, and accesses the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, if It is verified, then the configuration information is sent to by the terminal to be configured by the access accessory device, so that described treat Configurating terminal sets up secure connection with the access device using the configuration information.

In some embodiments of the invention, the access device and shared second key of the access accessory device,

First output device 710 is for sending using the descending first close of the second key encryption to accessing accessory device Key authentication information.

In some embodiments of the invention, first output device 710 is specifically for the access accessory device The up first key authentication information expected is sent, makes the access accessory device recognize the described up first key for receiving Card information is matched with the up first key authentication information of the expectation, if the up first key authentication information is institute When stating the up first key authentication information of expectation, then the access accessory device verifies the up first key authentication information Pass through.

In some embodiments of the invention, the first processor 730 is additionally operable to verify that the access accessory device turns The described up first key authentication information sent, if being verified, makes the configuration information come into force.

In some embodiments of the invention, the first processor 730 is specifically for passing through with the terminal to be configured IKE Diffie-Hellman or public key encryption algorithm RSA agreements or elliptic curve cryptography EIGamal protocol negotiations Generate first key.

Refering to Figure 15, terminal to be configured provided in an embodiment of the present invention and access device and access accessory device communication link Connect, an embodiment of terminal to be configured provided in an embodiment of the present invention includes：Secondary input device 800, the second output device 810th, second memory 820 and second processing device 830（Second processing device 830 can be one or more, and Figure 15 with one is Example）；

Secondary input device 800, the second output device 810, second memory 820 and second processing device 830 can pass through Bus or other modes connection；

The second processing device 830 for the access device by Diffie-Hellman consult generate first key；

The secondary input device 800 be used to receiving the access device by access accessory device forwarding come descending the One key authentication information, the descending first key authentication information is the authentication information calculated using the first key；

The second processing device 830 is used to verify the descending first key authentication information；

Second output device 810 for sending up first key authentication information to the access accessory device, and The up first key authentication information is transmitted to by the access device by the access accessory device, so that described connect Enter up first key authentication information described in device authentication, the secondary input device 800 exists for receiving the access device The configuration information that the use first key that the up first key authentication information is sent after passing through is encrypted is verified, it is described Up first key authentication information is the authentication information calculated using the first key；Or,

The secondary input device 800 is used to receive what the use first key that the access device sends was encrypted Configuration information, second output device 810 for sending up first key authentication information to the access accessory device, and The up first key authentication information is transmitted to by the access device by the access accessory device, so that described connect Enter up first key authentication information described in device authentication, and after being verified, make the configuration information come into force；Or,

The secondary input device 800 is used to receive what the use first key that the access device sends was encrypted Configuration information, second output device 810 for sending up first key authentication information to the access accessory device, with Make the access accessory device verify the up first key authentication information, and the configuration information life is made after being verified Effect；Or,

Second output device 810 for sending up first key authentication information to the access accessory device, with The access accessory device is made to verify the up first key authentication information, the secondary input device 800 is used to receive institute State access accessory device to encrypt by the use first key of rear transmission in the checking up first key authentication information Configuration information, it is described to be in advance sent to the access for the access device using the configuration information that the first key is encrypted Accessory device；

The second processing device 830 is for setting up secure connection with the access device using the configuration information.

In some embodiments of the invention, second output device 810 is for the access accessory device transmission Up first key authentication information, so that the access accessory device is upper with what is expected by the up first key authentication information Row first key authentication information is matched, if the up first key authentication information is the up first key of the expectation During authentication information, then the access accessory device verifies that the up first key authentication information passes through；The expectation it is up First key authentication information is that the access device is sent to the access accessory device in advance.

Refering to Figure 16, access accessory device provided in an embodiment of the present invention is connected with access device and terminal communication to be configured Connect, the access device is consulted to generate first key, the embodiment of the present invention by Diffie-Hellman with the terminal to be configured One embodiment of the access accessory device of offer includes：3rd input unit 900, the 3rd output device 910, the 3rd memory 920 and the 3rd processor 930（3rd processor 930 can be one or more, and Figure 16 is as a example by one）；

3rd input unit 900, the 3rd output device 910, the 3rd memory 920 and the 3rd processor 930 can pass through Bus or other modes connection；

3rd input unit 900 is received and the 3rd output device 910 forwards the access device to be sent to institute The descending first key authentication information of terminal to be configured is stated, descending first key certification letter described in the terminal authentication to be configured is made Breath key, the descending first key authentication information is the authentication information calculated using the first key；

3rd input unit 900 is received and the 3rd output device 910 forwards the terminal to be configured to be sent to The up first key authentication information of the access device, so that the access device checking up first key certification letter Breath, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that institute State terminal to be configured secure connection, the up first key certification letter are set up using the configuration information and the access device Breath is the authentication information calculated using the first key；Or,

3rd input unit 900 is received and the 3rd output device 910 is received and forwards the terminal to be configured The up first key authentication information of the access device is sent to, so that the access device is being sent out to the terminal to be configured The up first key authentication information is verified after sending the configuration information encrypted using the first key, and after being verified The configuration information is made to come into force, so that the terminal to be configured sets up safety with the access device using the configuration information Connection；Or,

3rd input unit 900 receives the up first key authentication information that the terminal to be configured sends, described 3rd processor 930 verifies the up first key authentication information that the terminal to be configured sends, and after being verified, makes described The configuration information of first key encryption comes into force, so that the terminal to be configured is being received described in the access device transmission After configuration information and the configuration information come into force, secure connection is set up with the access device using the configuration information；Or,

3rd input unit 900 receives the configuration that the use first key that the access device sends is encrypted Information, the 3rd input unit 900 receive the up first key authentication information that the terminal to be configured sends, and the described 3rd Processor 930 simultaneously verifies up first key authentication information that the terminal to be configured sends, after being verified, makes described matching somebody with somebody Confidence breath comes into force, and the 3rd output device 910 sends the configuration information to the terminal to be configured, so that described wait to match somebody with somebody Put terminal and set up secure connection with the access device using the configuration information.

In some embodiments of the invention, the 3rd input unit 900 is sent for receiving the access device Expectation up first key authentication information, the 3rd processor 930 is for by the described up first key for receiving Authentication information is matched with the up first key authentication information of the expectation, if the up first key authentication information is During the up first key authentication information of the expectation, then verify that the up first key authentication information passes through.

Refering to Figure 17, an embodiment of information configuration system provided in an embodiment of the present invention includes：Access device 70, access Accessory device 90 and terminal to be configured 80, communicate between the access device 70, access accessory device 90 and terminal to be configured 80 Connection,

The access device 70, for consulting to generate first key by Diffie-Hellman with the terminal to be configured； Descending first key authentication information is sent to the access accessory device, by the accessory device that accesses by described descending first Key authentication information is transmitted to the terminal to be configured, so that descending first key certification described in the terminal authentication to be configured Information, the descending first key authentication information is the authentication information calculated using the first key；Wait to match somebody with somebody described in receiving Putting terminal and the up first key authentication information that accessory device forwarding comes being accessed by described, the checking up first key is recognized Card information, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that The terminal to be configured sets up secure connection, the up first key certification using the configuration information and the access device Information is the authentication information calculated using the first key；Or, send using described first to the terminal to be configured The configuration information of key encryption, and verify the terminal to be configured by it is described access accessory device forwarding come it is up first close Key authentication information, if being verified, makes the configuration information come into force, so that the terminal to be configured uses the configuration information Secure connection is set up with the access device；Or, send using matching somebody with somebody that the first key is encrypted to the terminal to be configured Confidence ceases, and accesses the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, if It is verified, then makes the configuration information come into force by the access accessory device, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device；Or, send close using described first to the access accessory device The configuration information of key encryption, and verify that the up first key of the terminal transmission to be configured is recognized by the accessory device that accesses The configuration information, if being verified, is sent to the terminal to be configured by the access accessory device by card information, with The terminal to be configured is made to set up secure connection with the access device using the configuration information.

The terminal to be configured 80, for consulting to generate first key by Diffie-Hellman with the access device； Receive the access device by access accessory device forwarding come descending first key authentication information, the descending first key Authentication information is the authentication information calculated using the first key；Verify the descending first key authentication information；To institute State access accessory device and send up first key authentication information, and it is close by described up first by the access accessory device Key authentication information is transmitted to the access device, so that the access device verifies the up first key authentication information, Receive the use first key that the access device is sent after the checking up first key authentication information passes through The configuration information of encryption, the up first key authentication information is the authentication information calculated using the first key；Or Person, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex Preparation serves row first key authentication information, and turns the up first key authentication information by the access accessory device The access device is issued, so that the access device verifies the up first key authentication information, and is being verified After make the configuration information come into force；Or, the configuration that the use first key that the reception access device sends is encrypted Information, and up first key authentication information is sent to the access accessory device, so that the access accessory device checking institute Up first key authentication information is stated, and after being verified, makes the configuration information come into force；Or, set to the access annex Preparation serves row first key authentication information, so that the access accessory device verifies the up first key authentication information, The access accessory device is received to verify the up first key authentication information described first close by the use of rear transmission The configuration information of key encryption, it is described to be in advance sent to institute for the access device using the configuration information that the first key is encrypted State and access accessory device；Secure connection is set up with the access device using the configuration information.

The access accessory device 90, for receiving and forwarding the access device to be sent under the terminal to be configured Row first key authentication information, makes descending first key authentication information key described in the terminal authentication to be configured, and described descending One key authentication information is the authentication information calculated using the first key；Receive and forward the terminal to be configured to send To the up first key authentication information of the access device, so that the access device verifies the up first key certification Information, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that The terminal to be configured sets up secure connection, the up first key certification using the configuration information and the access device Information is the authentication information calculated using the first key；Or, receive and forward the terminal to be configured to be sent to institute The up first key authentication information of access device is stated, so that the access device is using institute to the terminal transmission to be configured The up first key authentication information is verified after the configuration information for stating first key encryption, and described matching somebody with somebody is made after being verified Confidence breath comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or Person, receives and verifies the up first key authentication information that the terminal to be configured sends, after being verified, make described first The configuration information of key encryption comes into force, so that the terminal to be configured is receiving the configuration that the access device sends After information and the configuration information come into force, secure connection is set up with the access device using the configuration information；Or, receive The configuration information that the use first key that the access device sends is encrypted, receives and verifies that the terminal to be configured is sent out The up first key authentication information for sending, after being verified, makes the configuration information come into force, and sends out to the terminal to be configured The configuration information is sent, so that the terminal to be configured sets up safety using the configuration information and the access device connecting Connect.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can Instruct related hardware to complete with by program, the program can be stored in a computer-readable recording medium, storage Medium can include：ROM, RAM, disk or CD etc..

Information configuring methods, equipment and the system for being provided to the embodiment of the present invention above is described in detail, this Apply specific case to be set forth the principle and embodiment of the present invention in text, the explanation of above example is only intended to Help understands the method for the present invention and its core concept；Simultaneously for one of ordinary skill in the art, according to the think of of the present invention Think, will change in specific embodiments and applications, in sum, it is right that this specification content should not be construed as The restriction of the present invention.

Claims

1. a kind of information configuring methods, it is characterised in that be applied to access accessory device, the access of terminal communication to be configured sets In standby, methods described includes：

Descending first key authentication information is sent to the access accessory device, will be described descending by the access accessory device First key authentication information is transmitted to the terminal to be configured, so that descending first key described in the terminal authentication to be configured Authentication information, the descending first key authentication information is the authentication information calculated using the first key；

Receive the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, checking institute Up first key authentication information is stated, and is encrypted using the first key to the terminal transmission to be configured after being verified Configuration information it is so that the terminal to be configured sets up secure connection with the access device using the configuration information, described Up first key authentication information is the authentication information calculated using the first key；Or,

The configuration information encrypted using the first key is sent to the terminal to be configured, and verifies that the terminal to be configured is led to Cross the accessory device that accesses and forward the up first key authentication information of coming, if being verified, make the configuration information life Effect, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or,

The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access accessory device The up first key authentication information that the terminal to be configured sends is verified, if being verified, is set by the access annex It is standby to make the configuration information come into force, so that the terminal to be configured sets up safety with the access device using the configuration information Connection；Or,

The configuration information that accessory device transmission is encrypted using the first key is accessed to described, and is set by the access annex The standby up first key authentication information for verifying that the terminal to be configured sends, if being verified, by the access annex The configuration information is sent to the terminal to be configured by equipment, so that the terminal to be configured uses the configuration information and institute State access device and set up secure connection；

Wherein, it is described to access the up first key certification letter that accessory device verifies that the terminal to be configured sends by described Breath, specifically includes：

The up first key authentication information that accessory device sends expectation is accessed to described, the access accessory device will be received The described up first key authentication information of the terminal transmission described to be configured arrived and the up first key certification of the expectation Information is matched, if the described up first key authentication information that the terminal to be configured sends is up the of the expectation During one key authentication information, then the described up first key for accessing the accessory device checking terminal transmission to be configured is recognized Card information passes through.

2. information configuring methods according to claim 1, it is characterised in that the access device is set with the access annex Standby shared second key,

3. information configuring methods according to claim 1 and 2, it is characterised in that set by the access annex described For after the configuration information is sent to the terminal to be configured, also include：

Checking is described to access the described up first key authentication information that accessory device forwarding comes, if being verified, makes described Configuration information comes into force.

4. information configuring methods according to claim 1 and 2, it is characterised in that described to consult with the terminal to be configured First key is generated, is specifically included：

Pass through IKE Diffie-Hellman or public key encryption algorithm RSA agreements or ellipse with the terminal to be configured Curve encryption EIGamal protocol negotiations generate first key.

5. information configuring methods according to claim 1 and 2, it is characterised in that the access device with it is described access it is attached Communicated by wired mode between part equipment, by closely mode between the terminal to be configured and the access accessory device Communication or wired mode communication.

6. a kind of information configuring methods, it is characterised in that be applied to access device, access the end to be configured that accessory device communicates In end, methods described includes：

Consult to generate first key by Diffie-Hellman with the access device；

Receive the access device by access accessory device forwarding come descending first key authentication information, described descending first Key authentication information is the authentication information calculated using the first key；

Verify the descending first key authentication information；

Send up first key authentication information to the access accessory device, and by the access accessory device will be described on Row first key authentication information is transmitted to the access device, so that the access device verifies that the up first key is recognized Card information, receives the access device and is verifying the use that sends after the up first key authentication information passes through described the The configuration information of one key encryption, the up first key authentication information are to be believed using the certification that the first key is calculated Breath；Or,

The configuration information that the use first key that the access device sends is encrypted is received, and is set to the access annex Preparation serves row first key authentication information, and turns the up first key authentication information by the access accessory device The access device is issued, so that the access device verifies the up first key authentication information, and is being verified After make the configuration information come into force；Or,

The configuration information that the use first key that the access device sends is encrypted is received, and is set to the access annex Preparation serves row first key authentication information, so that the access accessory device verifies the up first key authentication information, And after being verified, make the configuration information come into force；Or,

Up first key authentication information is sent to the access accessory device, so that on the access accessory device checking is described Row first key authentication information, receives the access accessory device and is verifying the up first key authentication information by rear The configuration information that the use first key sent is encrypted, it is described to be connect for described using the configuration information that the first key is encrypted Enter equipment and be sent to the access accessory device in advance；

Secure connection is set up with the access device using the configuration information；

Wherein, it is described so that the access accessory device verifies the up first key authentication information, specifically include：

So that described access described up first key authentication information and the expectation that the terminal to be configured is sent by accessory device Up first key authentication information matched, if the described up first key authentication information that the terminal to be configured sends For the expectation up first key authentication information when, then it is described to access what the accessory device checking terminal to be configured sent The up first key authentication information passes through；The up first key authentication information of the expectation is that the access device is advance It is sent to the access accessory device.

7. information configuring methods according to claim 6, it is characterised in that the access device is set with the access annex Communicated by wired mode between standby, communicated by closely mode between the terminal to be configured and the access accessory device Or wired mode communication.

8. a kind of information configuring methods, it is characterised in that be applied to set with the access annex of access device, terminal communication to be configured In standby, the access device is consulted to generate first key, methods described bag by Diffie-Hellman with the terminal to be configured Include：

Receive and forward the access device to be sent to the descending first key authentication information of the terminal to be configured, make described treating Configurating terminal verifies the descending first key authentication information key, and the descending first key authentication information is using described first The authentication information that cipher key calculation goes out；

Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that described Access device verifies the up first key authentication information, and after being verified uses institute to the terminal transmission to be configured The configuration information of first key encryption is stated, so that the terminal to be configured is built with the access device using the configuration information Vertical secure connection, the up first key authentication information is the authentication information calculated using the first key；Or,

Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that described Access device verifies described up the after the configuration information encrypted using the first key is sent to the terminal to be configured One key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured is using described Configuration information sets up secure connection with the access device；Or,

The up first key authentication information that the terminal to be configured sends is received and verified, after being verified, described the is made The configuration information of one key encryption comes into force so that the terminal to be configured receive the access device send described in match somebody with somebody After confidence ceases and the configuration information comes into force, secure connection is set up with the access device using the configuration information；Or,

The configuration information that the use first key that the access device sends is encrypted is received, is received and is verified and described wait to match somebody with somebody The up first key authentication information of terminal transmission is put, after being verified, is made the configuration information come into force, and is waited to match somebody with somebody to described Put terminal and send the configuration information, so that the terminal to be configured is set up with the access device using the configuration information Secure connection.

Wherein, the up first key authentication information that the checking terminal to be configured sends, specifically includes：

The up first key authentication information of the expectation that the access device sends is received, and it is described to be configured by what is received The described up first key authentication information that terminal sends is matched with the up first key authentication information of the expectation, if The described up first key authentication information that the terminal to be configured sends is the up first key authentication information of the expectation When, then verify that the described up first key authentication information that the terminal to be configured sends passes through.

9. information configuring methods according to claim 8, it is characterised in that the access device is set with the access annex Communicated by wired mode between standby, communicated by closely mode between the terminal to be configured and the access accessory device Or wired mode communication.

10. a kind of access device, it is characterised in that with access accessory device and terminal communication to be configured is connected, the access sets It is standby to include：

First key signal generating unit, for consulting to generate first key by Diffie-Hellman with the terminal to be configured；

First transmitting element, for sending descending first key authentication information to the access accessory device, by the access The descending first key authentication information is transmitted to the terminal to be configured by accessory device, so that the terminal to be configured is tested The descending first key authentication information is demonstrate,proved, the descending first key authentication information is using the first key signal generating unit The authentication information that the first key for generating is calculated；

First processing units, after sending the descending first key authentication information in first transmitting element, receive The terminal to be configured accesses the up first key authentication information that accessory device forwarding comes, checking described up the by described One key authentication information, and after being verified to the terminal to be configured send using the first key encrypt with confidence Breath, so that the terminal to be configured sets up secure connection using the configuration information and the access device, described up first Key authentication information is the authentication information calculated using the first key；Or,

The first processing units, after sending the descending first key authentication information in first transmitting element, The configuration information encrypted using the first key is sent to the terminal to be configured, and verifies that the terminal to be configured passes through institute The up first key authentication information for accessing that accessory device forwarding comes is stated, if being verified, makes the configuration information come into force, with The terminal to be configured is made to set up secure connection with the access device using the configuration information；Or,

Second processing unit, after sending the descending first key authentication information in first transmitting element, to institute State terminal to be configured and send the configuration information encrypted using the first key, and it is described by the access accessory device checking The up first key authentication information that terminal to be configured sends, if being verified, is made by the access accessory device described Configuration information comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information；Or Person,

The second processing unit, after sending the descending first key authentication information in first transmitting element, The configuration information that accessory device transmission is encrypted using the first key is accessed to described, and is tested by the access accessory device The up first key authentication information that the terminal to be configured sends is demonstrate,proved, if being verified, by the access accessory device The configuration information is sent to into the terminal to be configured, so that the terminal to be configured is connect with described using the configuration information Enter equipment and set up secure connection；

Wherein, the second processing unit includes the first subprocessing unit,

The first subprocessing unit, specifically for sending the up first key certification letter expected to the accessory device that accesses Breath, make it is described access described up first key authentication information that the terminal described to be configured for receiving sends by accessory device with The up first key authentication information of the expectation is matched, if the described up first key that the terminal to be configured sends When authentication information is the up first key authentication information of the expectation, then the access accessory device verifies the end to be configured The described up first key authentication information that end sends passes through.

11. access devices according to claim 10, it is characterised in that

The second processing unit, is additionally operable to verify that the accessory device that accesses forwards the described up first key certification letter for coming Breath, if being verified, makes the configuration information come into force.

12. access devices according to claim 10 or 11, it is characterised in that the access device and the access annex Communicated by wired mode between equipment, it is logical by closely mode between the terminal to be configured and the access accessory device Letter or wired mode communication.

13. a kind of terminals to be configured, it is characterised in that communicate to connect with access device and access accessory device, it is described to be configured Terminal includes：

First receiving unit, for receive the access device by access accessory device forwarding come descending first key certification Information, the descending first key authentication information are to be calculated using the first key that second Key generating unit is generated The authentication information for going out；

3rd processing unit, after verifying the descending first key authentication information in first authentication unit, to institute State access accessory device and send up first key authentication information, and it is close by described up first by the access accessory device Key authentication information is transmitted to the access device, so that the access device verifies the up first key authentication information, Receive the use first key that the access device is sent after the checking up first key authentication information passes through The configuration information of encryption, the up first key authentication information is the authentication information calculated using the first key；Or Person,

3rd processing unit, after verifying the descending first key authentication information in first authentication unit, The configuration information that the use first key that the access device sends is encrypted is received, and is sent out to the access accessory device Row first key authentication information is served, and the up first key authentication information is transmitted to by the access accessory device The access device, so that the access device verifies the up first key authentication information, and makes after being verified The configuration information comes into force；Or,

Fourth processing unit, after verifying the descending first key authentication information in first authentication unit, receives The configuration information that the use first key that the access device sends is encrypted, and send to the access accessory device Row first key authentication information, so that the access accessory device verifies the up first key authentication information, and in checking By after, make the configuration information come into force；Or,

The fourth processing unit, after verifying the descending first key authentication information in first authentication unit, Up first key authentication information is sent to the access accessory device, so that the access accessory device checking described up the One key authentication information, receives the access accessory device and is verifying the up first key authentication information by rear transmission The configuration information encrypted using the first key, it is described to be set for the access using the configuration information that the first key is encrypted It is standby to be sent to the accessory device that accesses in advance；

First connection establishment unit, for being sent using the 3rd processing unit or the fourth processing unit with confidence Breath sets up secure connection with the access device；

The fourth processing unit includes the second subprocessing unit,

The second subprocessing unit, specifically for sending up first key authentication information to the access accessory device, with Make the described up first key authentication information that the terminal to be configured is sent by the access accessory device up with what is expected First key authentication information is matched, if the described up first key authentication information that the terminal to be configured sends is described During the up first key authentication information expected, then it is described access that the accessory device checking terminal to be configured sends it is described on Row first key authentication information passes through；The up first key authentication information of the expectation is sent in advance for the access device The access accessory device.

14. terminals to be configured according to claim 13, it is characterised in that the access device is set with the access annex Communicated by wired mode between standby, communicated by closely mode between the terminal to be configured and the access accessory device Or wired mode communication.

15. a kind of access accessory devices, it is characterised in that be connected with access device and terminal communication to be configured, the access sets Standby to consult to generate first key by Diffie-Hellman with the terminal to be configured, the access accessory device includes：

Second receiving unit, is sent to the descending first key certification letter of the terminal to be configured for receiving the access device Breath, the descending first key authentication information is the authentication information calculated using the first key；

Second transmitting element, for the described descending first key authentication information for forwarding second receiving unit to receive, makes Descending first key authentication information described in the terminal authentication to be configured；

5th processing unit, after forwarding the descending first key authentication information in second transmitting element, receives And forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that the access device The up first key authentication information is verified, and sends close using described first to the terminal to be configured after being verified The configuration information of key encryption, so that the terminal to be configured sets up safety using the configuration information and the access device connecting Connect, the up first key authentication information is the authentication information calculated using the first key；Or,

5th processing unit, after forwarding the descending first key authentication information in second transmitting element, Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that the access Equipment verifies that described up first is close after the configuration information encrypted using the first key is sent to the terminal to be configured Key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured uses the configuration Information sets up secure connection with the access device；Or,

6th processing unit, after forwarding the descending first key authentication information in second transmitting element, receives And up first key authentication information that the terminal to be configured sends is verified, after being verified, add the first key Close configuration information comes into force so that the terminal to be configured receive the configuration information that the access device sends and After the configuration information comes into force, secure connection is set up with the access device using the configuration information；Or,

6th processing unit, after forwarding the descending first key authentication information in second transmitting element, The configuration information that the use first key that the access device sends is encrypted is received, the end to be configured is received and verify The up first key authentication information that end sends, after being verified, sends the configuration information to the terminal to be configured, from And make the terminal to be configured set up secure connection with the access device using the configuration information；

6th processing unit includes the 3rd subprocessing unit,

The 3rd subprocessing unit, the up first key certification specifically for receiving the expectation that the access device sends Information, and the described up first key authentication information that the terminal described to be configured for receiving is sent is up with the expectation First key authentication information is matched, if the described up first key authentication information that the terminal to be configured sends is described During the up first key authentication information expected, then the described up first key certification letter that the terminal to be configured sends is verified Breath passes through.

16. access accessory devices according to claim 15, it is characterised in that the access device and the access annex Communicated by wired mode between equipment, it is logical by closely mode between the terminal to be configured and the access accessory device Letter or wired mode communication.

17. a kind of information configuration systems, it is characterised in that include：Access device, access accessory device and terminal to be configured, institute Access device is stated, is accessed,

The access device is the access device described in 10～12 any one of the claims, and the terminal to be configured is upper The terminal to be configured described in claim 13 or 14 is stated, the access accessory device is connecing described in the claims 15 or 16 Enter accessory device.

18. information configuration systems according to claim 17, it is characterised in that the access device and the access annex Equipment is communicated by wired mode.

19. information configuration systems according to claim 17, it is characterised in that the access accessory device is waited to match somebody with somebody with described Put terminal to communicate by near radio mode or wired mode.