The content of the invention
The embodiment of the present invention provides a kind of information configuring methods, can reduce user operation difficulty, improves the experience of user.
Embodiment of the present invention first aspect provides a kind of information configuring methods, is applied to and accesses accessory device, to be configured
In the access device of terminal communication, methods described includes:
Consult to generate first key by Diffie-Hellman with the terminal to be configured;
Descending first key authentication information is sent to the access accessory device, will be described by the access accessory device
Descending first key authentication information is transmitted to the terminal to be configured, so that descending first described in the terminal authentication to be configured
Key authentication information, the descending first key authentication information is the authentication information calculated using the first key;
Receive the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, test
The up first key authentication information is demonstrate,proved, and is sent using the first key to the terminal to be configured after being verified
The configuration information of encryption, so that the terminal to be configured sets up secure connection with the access device using the configuration information,
The up first key authentication information is the authentication information calculated using the first key;Or,
The configuration information encrypted using the first key is sent to the terminal to be configured, and verifies the end to be configured
Hold and the up first key authentication information that accessory device forwarding comes is accessed by described, if being verified, make described to match somebody with somebody confidence
Breath comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information;Or,
The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access annex
The up first key authentication information that terminal to be configured described in device authentication sends, it is if being verified, attached by the access
Part equipment makes the configuration information come into force, so that the terminal to be configured is set up with the access device using the configuration information
Secure connection;Or,
The configuration information that accessory device transmission is encrypted using the first key is accessed to described, and it is attached by the access
The up first key authentication information that terminal to be configured described in part device authentication sends, if being verified, by the access
The configuration information is sent to the terminal to be configured by accessory device, so that the terminal to be configured uses the configuration information
Secure connection is set up with the access device.
With reference in a first aspect, in the first possible implementation, the access device and the access accessory device
Shared second key,
It is described to send descending first key authentication information to access accessory device, specifically include:
The descending first key authentication information using the encryption of the second key is sent to accessory device is accessed.
With reference to first aspect or first aspect the first possible implementation, in second possible implementation
In, it is described to access the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, specifically
Including:
To it is described access accessory device send expect up first key authentication information, make it is described access accessory device will
The described up first key authentication information for receiving is matched with the up first key authentication information of the expectation, if institute
When stating the up first key authentication information that up first key authentication information is the expectation, then the access accessory device is tested
Demonstrate,prove the up first key authentication information to pass through.
With reference to first aspect, first aspect the first or second possible implementation, in the third possible reality
In existing mode, it is described the configuration information is sent to by the access accessory device for the terminal to be configured after, also
Including:
Checking is described to access the described up first key authentication information that accessory device forwarding comes, if being verified, makes
The configuration information comes into force.
With reference to first aspect, first aspect the first, second or the third possible implementation, can at the 4th kind
It is in the implementation of energy, described to consult to generate first key with the terminal to be configured, specifically include:
With the terminal to be configured pass through IKE Diffie-Hellman or public key encryption algorithm RSA agreements or
Elliptic curve cryptography EIGamal protocol negotiations generate first key.
With reference to first aspect or first aspect the first to the 4th kind of any one possible implementation, at the 5th kind
In possible implementation, communicated by wired mode between the access device and the access accessory device, it is described to wait to match somebody with somebody
Put.
Embodiment of the present invention second aspect provides a kind of information configuring methods, is applied to set with access device, access annex
In the terminal to be configured of standby communication, methods described includes:
Consult to generate first key by Diffie-Hellman with the access device;
Receive the access device by access accessory device forwarding come descending first key authentication information, it is described descending
First key authentication information is the authentication information calculated using the first key;
Verify the descending first key authentication information;
Up first key authentication information is sent to the access accessory device, and by the accessory device that accesses by institute
State up first key authentication information and be transmitted to the access device, so that the access device verifies that described up first is close
Key authentication information, receives the use institute that the access device is sent after the checking up first key authentication information passes through
The configuration information of first key encryption is stated, the up first key authentication information is using recognizing that the first key is calculated
Card information;Or,
Receive the configuration information that the use first key that the access device sends is encrypted, and to it is described access it is attached
Part equipment sends up first key authentication information, and believes the up first key certification by the access accessory device
Breath is transmitted to the access device, so that the access device verifies the up first key authentication information, and in checking
By after, make the configuration information come into force;Or,
Receive the configuration information that the use first key that the access device sends is encrypted, and to it is described access it is attached
Part equipment sends up first key authentication information, so that the access accessory device checking up first key certification letter
Breath, and after being verified, make the configuration information come into force;Or,
Up first key authentication information is sent to the access accessory device, so that the access accessory device checking institute
Up first key authentication information is stated, the access accessory device is received and is passed through in the checking up first key authentication information
The configuration information that the use first key for sending afterwards is encrypted, described is institute using the configuration information that the first key is encrypted
State access device and be sent to the access accessory device in advance;
Secure connection is set up with the access device using the configuration information.
It is with reference to second aspect, in the first possible implementation, described so that the access accessory device checking institute
Up first key authentication information is stated, is specifically included:
So that the up first key authentication information is recognized by the accessory device that accesses with the up first key expected
Card information is matched, if the up first key authentication information is the up first key authentication information of the expectation,
Then the access accessory device verifies that the up first key authentication information passes through;The up first key certification of the expectation
Information is that the access device is sent to the access accessory device in advance.
With reference to second aspect or second aspect the first possible implementation, in second possible implementation
In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described
Enter.
The embodiment of the present invention third aspect provides a kind of information configuring methods, is applied to and access device, terminal to be configured
In the access accessory device of communication, the access device is consulted to generate first by Diffie-Hellman with the terminal to be configured
Key, methods described include:
Receive and forward the access device to be sent to the descending first key authentication information of the terminal to be configured, make institute
Descending first key authentication information key described in terminal authentication to be configured is stated, the descending first key authentication information is using described
The authentication information that first key is calculated;
Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that
The access device verifies the up first key authentication information, and makes to the terminal transmission to be configured after being verified
The configuration information encrypted with the first key, so that the terminal to be configured is set with the access using the configuration information
Standby to set up secure connection, the up first key authentication information is the authentication information calculated using the first key;Or
Person,
Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that
The access device is verified on described after the configuration information encrypted using the first key is sent to the terminal to be configured
Row first key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured is used
The configuration information sets up secure connection with the access device;Or,
The up first key authentication information that the terminal to be configured sends is received and verified, after being verified, institute is made
The configuration information for stating first key encryption comes into force, so that the terminal to be configured is receiving the institute that the access device sends
State configuration information and after the configuration information comes into force, set up secure connection with the access device using the configuration information;Or
Person,
The configuration information that the use first key that the access device sends is encrypted is received, receives and verify described
The up first key authentication information that terminal to be configured sends, after being verified, makes the configuration information come into force, and to described
Terminal to be configured sends the configuration information, so that the terminal to be configured uses the configuration information and the access device
Set up secure connection.
It is with reference to the third aspect, in the first possible implementation, described to verify the upper of the terminal transmission to be configured
Row first key authentication information, specifically includes:
Receive the up first key authentication information of the expectation that the access device sends, and by receive it is described on
Row first key authentication information is matched with the up first key authentication information of the expectation, if the up first key
When authentication information is the up first key authentication information of the expectation, then verify that the up first key authentication information leads to
Cross.
With reference to the third aspect or the third aspect the first possible implementation, in second possible implementation
In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described
Enter.
Embodiment of the present invention fourth aspect provides a kind of access device, connects with access accessory device and terminal communication to be configured
Connect, the access device includes:
First key signal generating unit, it is close for consulting generation first by Diffie-Hellman with the terminal to be configured
Key;
First transmitting element, for sending descending first key authentication information to the access accessory device, by described
Access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that the end to be configured
The end checking descending first key authentication information, the descending first key authentication information is to be generated using the first key
The authentication information that the first key that unit is generated is calculated;
First processing units, after sending the descending first key authentication information in first transmitting element,
Receive the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, checking it is described on
Row first key authentication information, and send using matching somebody with somebody that the first key is encrypted to the terminal to be configured after being verified
Confidence ceases, so that the terminal to be configured sets up secure connection using the configuration information and the access device, it is described up
First key authentication information is the authentication information calculated using the first key;Or,
The first processing units, for first transmitting element send the descending first key authentication information it
Afterwards, the configuration information encrypted using the first key is sent to the terminal to be configured, and verifies that the terminal to be configured is led to
Cross the accessory device that accesses and forward the up first key authentication information of coming, if being verified, make the configuration information life
Effect, so that the terminal to be configured sets up secure connection with the access device using the configuration information;Or,
Second processing unit, after sending the descending first key authentication information in first transmitting element,
The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access accessory device checking
The up first key authentication information that the terminal to be configured sends, if being verified, is made by the access accessory device
The configuration information comes into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect
Connect;Or,
The second processing unit, for first transmitting element send the descending first key authentication information it
Afterwards, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and set by the access annex
The standby up first key authentication information for verifying that the terminal to be configured sends, if being verified, by the access annex
The configuration information is sent to the terminal to be configured by equipment, so that the terminal to be configured uses the configuration information and institute
State access device and set up secure connection.
With reference to fourth aspect, in the first possible implementation, the second processing unit includes the first subprocessing
Unit,
The first subprocessing unit, specifically for recognizing to the up first key for accessing accessory device transmission expectation
Card information, makes the accessory device that accesses by up the of the described up first key authentication information for receiving and the expectation
One key authentication information is matched, if the up first key authentication information is the up first key certification of the expectation
During information, then the access accessory device verifies that the up first key authentication information passes through.
With reference to fourth aspect or fourth aspect the first possible implementation, in second possible implementation
In, the second processing unit is additionally operable to verify that the accessory device that accesses forwards the described up first key certification letter for coming
Breath, if being verified, makes the configuration information come into force.
With reference to fourth aspect, fourth aspect the first or second possible implementation, in the third possible reality
In existing mode, communicate by wired mode between the access device and the access accessory device, the terminal to be configured and
Communicated by closely mode between the access accessory device or wired mode communication.
A kind of terminal to be configured is provided in terms of the embodiment of the present invention the 5th, with access device and access accessory device communication link
Connect, the terminal to be configured includes:
Second Key generating unit, for consulting to generate first key by Diffie-Hellman with the access device;
First receiving unit, for receive the access device by access accessory device forwarding come descending first key
Authentication information, the descending first key authentication information are the first key generated using second Key generating unit
The authentication information for calculating;
First authentication unit, for verifying descending first key authentication information that first receiving unit is received;
3rd processing unit, after verifying the descending first key authentication information in first authentication unit,
Up first key authentication information is sent to the access accessory device, and by the access accessory device by described up the
One key authentication information is transmitted to the access device, so that the access device checking up first key certification letter
Breath, receives the access device to verify the use that sends after the up first key authentication information passes through described first close
The configuration information of key encryption, the up first key authentication information is the authentication information calculated using the first key;
Or,
3rd processing unit, for first authentication unit verify the descending first key authentication information it
Afterwards, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex
Preparation serves row first key authentication information, and turns the up first key authentication information by the access accessory device
The access device is issued, so that the access device verifies the up first key authentication information, and is being verified
After make the configuration information come into force;Or,
Fourth processing unit, after verifying the descending first key authentication information in first authentication unit,
The configuration information that the use first key that the access device sends is encrypted is received, and is sent out to the access accessory device
Row first key authentication information is served, so that the access accessory device checking up first key authentication information, and
The configuration information is made to come into force after being verified;Or,
The fourth processing unit, for first authentication unit verify the descending first key authentication information it
Afterwards, up first key authentication information is sent to the access accessory device, so that on the access accessory device checking is described
Row first key authentication information, receives the access accessory device and is verifying the up first key authentication information by rear
The configuration information that the use first key sent is encrypted, it is described to be connect for described using the configuration information that the first key is encrypted
Enter equipment and be sent to the access accessory device in advance;
First connection establishment unit, for matching somebody with somebody for being sent using the 3rd processing unit or the fourth processing unit
Confidence breath sets up secure connection with the access device.
In terms of the 5th, in the first possible implementation, the fourth processing unit includes the second subprocessing
Unit,
The second subprocessing unit, specifically for sending up first key certification letter to the access accessory device
Breath, so that the accessory device that accesses is by the up first key authentication information and the up first key authentication information expected
Matched, it is if the up first key authentication information is the up first key authentication information of the expectation, described
Access accessory device and verify that the up first key authentication information passes through;The up first key authentication information of the expectation is
The access device is sent to the access accessory device in advance.
With reference to the first possible implementation in terms of the 5th or in terms of the 5th, in second possible implementation
In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described
Enter.
A kind of access accessory device is provided in terms of the embodiment of the present invention the 6th, is connected with access device and terminal communication to be configured
Connect, the access device is consulted to generate first key, the access annex by Diffie-Hellman with the terminal to be configured
Equipment includes:
Second receiving unit, the descending first key that the terminal to be configured is sent to for receiving the access device are recognized
Card information, the descending first key authentication information is the authentication information calculated using the first key;
Second transmitting element, for the described descending first key certification letter for forwarding second receiving unit to receive
Breath, makes descending first key authentication information described in the terminal authentication to be configured;
5th processing unit, after forwarding the descending first key authentication information in second transmitting element,
Receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that the access
Up first key authentication information described in device authentication, and send using described the to the terminal to be configured after being verified
The configuration information of one key encryption, so that the terminal to be configured is set up with the access device using the configuration information pacifying
Complete to connect, the up first key authentication information is the authentication information calculated using the first key;Or,
5th processing unit, for second transmitting element forward the descending first key authentication information it
Afterwards, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that described
Access device verifies described up the after the configuration information encrypted using the first key is sent to the terminal to be configured
One key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device;Or,
6th processing unit, after forwarding the descending first key authentication information in second transmitting element,
The up first key authentication information that the terminal to be configured sends is received and verified, after being verified, is made described first close
The configuration information of key encryption comes into force, so that the terminal to be configured is being received described in the access device transmission with confidence
Breath and after the configuration information comes into force, sets up secure connection with the access device using the configuration information;Or,
6th processing unit, for second transmitting element forward the descending first key authentication information it
Afterwards, the configuration information that the use first key that the access device sends is encrypted is received, is received and is verified and described wait to match somebody with somebody
The up first key authentication information of terminal transmission is put, after being verified, sends described with confidence to the terminal to be configured
Breath, so that the terminal to be configured sets up secure connection with the access device using the configuration information.
In terms of the 6th, in the first possible implementation, the 6th processing unit includes the 3rd subprocessing
Unit,
The 3rd subprocessing unit, the up first key specifically for receiving the expectation that the access device sends
Authentication information, and by the up first key authentication information of the described up first key authentication information for receiving and the expectation
Matched, if the up first key authentication information is the up first key authentication information of the expectation, verified
The up first key authentication information passes through.
With reference to the first possible implementation in terms of the 6th or in terms of the 6th, in second possible implementation
In, being communicated by wired mode between the access device and the access accessory device, the terminal to be configured is connect with described
Enter.
A kind of information configuration system is provided in terms of the embodiment of the present invention the 7th, including:Access device, access accessory device and
Terminal to be configured, communicates to connect between the access device, access accessory device and terminal to be configured,
The access device is the access device described in above-mentioned technical proposal, and the terminal to be configured is above-mentioned technical proposal
Described terminal to be configured, the access accessory device are the access accessory device described in above-mentioned technical proposal.
In terms of the 7th, in the first possible implementation, the access device and the access accessory device
Communicated by wired mode.
With reference to the first possible implementation in terms of the 7th or in terms of the 7th, in second possible implementation
In, the access accessory device is communicated by near radio mode or wired mode with the terminal to be configured.
Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured
Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured
Just set up with access device using the configuration information of first key encryption and be connected.It is this to be come by interacting with each other between equipment completely
Complete to set up the scheme of connection, compared with the mode for being manually input into PIN of the prior art carries out inbound information configuration, no
Need user to be manually entered, reduce the operation difficulty of user, improve Consumer's Experience.
Specific embodiment
The embodiment of the present invention provides a kind of information configuring methods, can reduce user operation difficulty, improves internet security.
It is described in detail individually below.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on
Embodiment in the present invention, the every other enforcement obtained under the premise of creative work is not made by those skilled in the art
Example, belongs to the scope of protection of the invention.
Access device in the embodiment of the present invention can for router, modem, terminal to be configured can for mobile phone,
The terminals such as computer, wireless printer, it can be the smart card with communication function to access accessory device, to be configured in the present invention
Terminal can also have the function of access device, and access device can also have the function of terminal to be configured.
Access device, access accessory device and terminal communication to be configured connection in the multiple embodiments of present invention below, institute
State access device to communicate by wired mode with the access accessory device, the access accessory device is to be configured with described
Terminal can be communicated by near radio mode or wired mode, and the access device can pass through with the terminal to be configured
Wireless communication mode;The wired mode communication can be by USB(USB, Universal Serial BUS)
Mode communicates, and it can be near-field communication that the near radio mode communicates(NFC, Near field communication)Side
Formula communicates, and the wireless communication mode can be by Wireless Fidelity(WirelessFidelity, WiFi)Mode communicates.It is described
Access device is communicated by wired mode with the access accessory device, can prevent man-in-the-middle attack, while preventing access from setting
Transmission data that is standby and accessing accessory device is eavesdropped by attacker, and prevents attacker from distorting letter to accessory device write is accessed
Breath.Access accessory device and the terminal to be configured being communicated such as NFC communication using near radio mode, or can be reduced
Power causes the WiFi communication mode that can only be communicated in the range of close distance such as 1 meter to be communicated, due to two equipment
Exchange message is difficult to by man-in-the-middle attack in the close distance, can improve security.
Refering to Fig. 1, it is applied to and accesses in accessory device, the access device of terminal communication to be configured, the embodiment of the present invention
One embodiment of the information configuring methods of offer includes:
101st, access device is consulted to generate first key by Diffie-Hellman with the terminal to be configured.
Access device can pass through Diffie-Hellman with the terminal to be configured, such as:Diffie-Hellman, i.e. DH are close
Key exchange agreement, public key encryption algorithm(Such as:Ron Rivest, Adi Shamirh, LenAdleman, RSA)Agreement is oval bent
Line encryption EIGamal agreements etc. consult to generate first key.
The first key only access device and terminal to be configured that several negotiating algorithms are generated above knows that other equipment is all
The first key is not known.
102nd, access device sends descending first key authentication information to the access accessory device, attached by the access
The descending first key authentication information is transmitted to the terminal to be configured by part equipment, so that the terminal authentication to be configured
The descending first key authentication information, the descending first key authentication information is using recognizing that the first key is calculated
Card information;Execution step 103,104,105 or 106 is distinguished after execution step 102.
Key authentication information can have various production methods, can encrypt a data with key, it is also possible to key pair
One data makes an abstract computing etc..
When the descending first key authentication information verifies correct, illustrate that access device is held with terminal to be configured identical
First key, so as to the equipment identities for confirming other side are real.
103rd, access device receive the terminal to be configured by it is described access accessory device forwarding come it is up first close
Key authentication information, verifies the up first key authentication information, and makes to the terminal transmission to be configured after being verified
The configuration information encrypted with the first key, so that the terminal to be configured uses the configuration information and the access device
Secure connection is set up, the up first key authentication information is the authentication information calculated using the first key.
The process of step 103 is after terminal authentication to be configured descending first key authentication information, to access accessory device
Send up first key authentication information, after the complete up first key authentication information of device authentication to be accessed, if on described
Row first key authentication information is sent using the first key to the terminal to be configured by checking, the then access device
The configuration information of encryption, so that the terminal to be configured sets up secure connection with the access device using the configuration information.
104th, access device sends the configuration information encrypted using the first key to the terminal to be configured, and verifies
The terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified,
The configuration information is made to come into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect
Connect.
The process of step 104 is that access device can be when up first key authentication information not be received to end to be configured
End sends the configuration information using first key encryption, is carried out to up after then receiving up first key authentication information again
The checking of first key authentication information, when the up first key authentication information is after checking, makes the configuration information life
Effect, after configuration information comes into force, terminal to be configured could set up secure connection with the access device using the configuration information.
105th, access device sends the configuration information encrypted using the first key to the terminal to be configured, and passes through
It is described to access the up first key authentication information that the accessory device checking terminal to be configured sends, if being verified, lead to
Cross it is described access accessory device make the configuration information come into force so that the terminal to be configured using the configuration information with it is described
Access device sets up secure connection.
The process of step 105 is that access device passes through in descending first key authentication information described in terminal authentication to be configured
Afterwards, directly the configuration information using first key encryption is sent to terminal to be configured, in step 105, access device is not verified up
First key authentication information, but the up first key authentication information is verified by accessory device is accessed, after being verified,
Configuration information is made to come into force by accessory device is accessed, so that terminal to be configured is built with the access device using the configuration information
Vertical secure connection.
In fact, used as 105 deformation, the embodiment of the present invention can also be access device described in terminal authentication to be configured
After descending first key authentication information passes through, to the configuration information that access accessory device transmission is encrypted using first key, then by
Access accessory device and the configuration information is transmitted to into the terminal to be configured, other processes are identical with step 105, and here is not
Repeat again.
106th, access device accesses the configuration information that accessory device transmission is encrypted using the first key to described, and leads to
The up first key authentication information for accessing the accessory device checking terminal transmission to be configured is crossed, if being verified,
The configuration information is sent to by the terminal to be configured by the access accessory device, so that the terminal to be configured is used
The configuration information sets up secure connection with the access device.
The process of step 106 is that access device passes through in descending first key authentication information described in terminal authentication to be configured
Afterwards, to configuration information of the accessory device transmission using first key encryption is accessed, access accessory device and receive terminal to be configured
After the up first key authentication information for sending, the up first key authentication information is verified, and after being verified, makes institute
State configuration information to come into force, and the configuration information for coming into force is sent to into the terminal to be configured.
The embodiment of the present invention, is applied to and accesses in accessory device, the access device of terminal communication to be configured, methods described
Including:Consult to generate first key by Diffie-Hellman with the terminal to be configured;Send to the access accessory device
The descending first key authentication information is transmitted to described by descending first key authentication information by the access accessory device
Terminal to be configured, so that descending first key authentication information described in the terminal authentication to be configured, the descending first key
Authentication information is the authentication information calculated using the first key;The terminal to be configured is received by the access annex
The up first key authentication information that device forwards are come, verifies the up first key authentication information, and after being verified
The configuration information encrypted using the first key is sent to the terminal to be configured, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device, and the up first key authentication information is using the first key
The authentication information for calculating;Or, the configuration information encrypted using the first key is sent to the terminal to be configured, and is tested
Demonstrate,prove the terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified,
The configuration information is then made to come into force, so that the terminal to be configured sets up safety with the access device using the configuration information
Connection;Or, the configuration information encrypted using the first key is sent to the terminal to be configured, and it is attached by the access
The up first key authentication information that terminal to be configured described in part device authentication sends, if being verified, by the access
Accessory device makes the configuration information come into force, so that the terminal to be configured is built with the access device using the configuration information
Vertical secure connection;Or, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and pass through institute
The up first key authentication information for accessing that the accessory device checking terminal to be configured sends is stated, if being verified, is passed through
The configuration information is sent to the terminal to be configured by the access accessory device, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device.
Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured
Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured
Just set up with access device using the configuration information of first key encryption and be connected.It is provided in an embodiment of the present invention this completely by setting
The scheme for interacting with each other to complete inbound information configuration and set up connection between standby, is manually input into of the prior art
The mode of PIN carries out inbound information configuration and compares, it is not necessary to which user is manually entered, and is reduced the operation difficulty of user, is carried
High Consumer's Experience;As PIN is very short in prior art, only it is made up of 8 bit digitals, it is easy to cracked by brute force attack, so
Internet security is low, and the embodiment of the present invention after up-down bidirectional checking just makes configuration information come into force, further increases net
The security of network.
Further, the step 101 specifically can receive the configuration of the terminal to be configured in the access device
Occur after request.
Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 1, information configuring methods provided in an embodiment of the present invention
In another embodiment, before first key is generated, it is close that the access device can share second with the access accessory device
Key;
It is described to send descending first key authentication information to access accessory device, can specifically include:
The descending first key authentication information using second key encryption is sent to accessory device is accessed.
Alternatively, on the basis of the corresponding alternative embodiments of above-mentioned Fig. 1 and Fig. 1, information provided in an embodiment of the present invention
In another embodiment of collocation method,
It is described to access the up first key authentication information that accessory device verifies that the terminal to be configured sends by described,
Can specifically include:
To it is described access accessory device send expect up first key authentication information, make it is described access accessory device will
The described up first key authentication information for receiving is matched with the up first key authentication information of the expectation, if institute
When stating the up first key authentication information that up first key authentication information is the expectation, then the access accessory device is tested
Demonstrate,prove the up first key authentication information to pass through.
Used as the deformation of the embodiment, the up first key authentication information of the expectation can be and use first key
The configuration information of encryption sends jointly to the access accessory device.
On the basis of the corresponding alternative embodiments of above-mentioned Fig. 1 and Fig. 1, information configuring methods provided in an embodiment of the present invention
Another embodiment in, it is described by it is described access accessory device by the configuration information be sent to the terminal to be configured it
Afterwards, also include:
Checking is described to access the described up first key authentication information that accessory device forwarding comes, if being verified, makes
The configuration information comes into force.
The embodiment of the present invention is accessing after accessory device verifies the up first key authentication information, then to be set by access
It is standby to verify once the first key authentication information again, so that network is safer.
Refering to Fig. 2, it is applied in the terminal to be configured communicated with access device, access accessory device, the embodiment of the present invention
Another embodiment of the information configuring methods of offer includes:
201st, terminal to be configured consults to generate first key by Diffie-Hellman with the access device.
Access device can pass through Diffie-Hellman with the terminal to be configured, such as:Diffie-Hellman, i.e. DH are close
Key exchange agreement, public key encryption algorithm(Such as:Ron Rivest, Adi Shamirh, LenAdleman, RSA)Agreement is oval bent
Line encryption EIGamal agreements etc. consult to generate first key.
The first key only access device and terminal to be configured that several negotiating algorithms are generated above knows that other equipment is all
The first key is not known.
202nd, terminal to be configured receive the access device by access accessory device forwarding come descending first key recognize
Card information, the descending first key authentication information is the authentication information calculated using the first key.
203rd, descending first key authentication information described in terminal authentication to be configured;Difference execution step after step 203
204th, 205,206 or 207, after having performed 204,205,206 or 207 these steps respectively, then perform 208.
204th, terminal to be configured sends up first key authentication information to the access accessory device, and is connect by described
Enter accessory device and the up first key authentication information is transmitted to into the access device, so that access device checking
The up first key authentication information, the reception access device is after verifying that the up first key authentication information passes through
The configuration information that the use first key for sending is encrypted, the up first key authentication information are using described first
The authentication information that cipher key calculation goes out.
The process of step 204 is:After the descending first key authentication information of terminal authentication to be configured, send out to accessory device is accessed
Row first key authentication information is served, the up first key authentication information is transmitted to into the access by accessory device is accessed
Equipment, after the up first key authentication information of device authentication to be accessed, then receives the use first key that access device sends
The configuration information of encryption.
205th, the configuration information that the use first key that the terminal reception to be configured access device sends is encrypted,
And up first key authentication information is sent to the access accessory device, and will be described up by the access accessory device
First key authentication information is transmitted to the access device, so that the access device verifies the up first key certification
Information, and after being verified, make the configuration information come into force.
The process of step 205 is:Terminal to be configured after descending first key authentication information has been verified, first receives access and sets
The configuration information of the use first key encryption that preparation is sent, then sends up first key certification to access accessory device again
The up first key authentication information is transmitted to the access device by accessory device is accessed, is tested by access device by information
The up first key authentication information is demonstrate,proved, after being verified, access device makes the configuration information come into force.
206th, the configuration information that the use first key that the terminal reception to be configured access device sends is encrypted,
And up first key authentication information is sent to the access accessory device, so that the access accessory device checking is described up
First key authentication information, and after being verified, make the configuration information come into force.
The process of step 206 is:Terminal to be configured after descending first key authentication information has been verified, first receives access and sets
The configuration information of the use first key encryption that preparation is sent, then sends up first key certification to access accessory device again
Information, verifies the up first key authentication information by accessory device is accessed, after being verified, by the access accessory device
The configuration information is made to come into force.
Used as the deformation of step 206, terminal to be configured is after descending first key authentication information has been verified, it is also possible to first connect
The configuration information for accessing the use first key encryption that accessory device sends is received, then, then is sent to accessory device is accessed
Row first key authentication information, verifies the up first key authentication information by accessory device is accessed, after being verified, by institute
Stating access accessory device makes the configuration information come into force.
207th, terminal to be configured sends up first key authentication information to the access accessory device, so that the access
Accessory device verifies the up first key authentication information, receives the access accessory device and is verifying that described up first is close
The configuration information that key authentication information is encrypted by the use first key of rear transmission, it is described to be encrypted using the first key
Configuration information be the access device be sent in advance it is described access accessory device.
The process of step 207 is:Access device is sent in advance gives access annex using the configuration information that first key is encrypted
Equipment, terminal to be configured send up first key to accessory device is accessed after descending first key authentication information has been verified
Authentication information, verifies the up first key authentication information by accessory device is accessed, after being verified, by access accessory device
Configuration information is made to come into force.
208th, terminal to be configured sets up secure connection with the access device using the configuration information.
In the embodiment of the present invention, it is applied in the terminal to be configured communicated with access device, access accessory device, the side
Method includes:Consult to generate first key by Diffie-Hellman with the access device;The access device is received by connecing
Enter the descending first key authentication information that accessory device forwarding comes, the descending first key authentication information is using described first
The authentication information that cipher key calculation goes out;Verify the descending first key authentication information;Send up to the access accessory device
First key authentication information, and the up first key authentication information is transmitted to by described connecing by the access accessory device
Enter equipment, so that the access device verifies the up first key authentication information, the access device is received in checking
The configuration information that the use first key that the up first key authentication information is sent after passing through is encrypted, it is described up
First key authentication information is the authentication information calculated using the first key;Or, receive the access device and send
The configuration information that the use first key come is encrypted, and up first key certification letter is sent to the access accessory device
Breath, and the up first key authentication information is transmitted to by the access device by the access accessory device, so that
The access device verifies the up first key authentication information, and after being verified, make the configuration information come into force;Or
Person, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex
Preparation serves row first key authentication information, so that the access accessory device verifies the up first key authentication information,
And after being verified, make the configuration information come into force;Or, up first key certification is sent to the access accessory device
Information, so that the access accessory device verifies the up first key authentication information, receives the access accessory device and exists
The configuration information that the up first key authentication information is encrypted by the use first key of rear transmission is verified, it is described to make
The configuration information encrypted with the first key is that the access device is sent to the access accessory device in advance;Using institute
State configuration information secure connection is set up with the access device.
Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured
Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured
Just set up with access device using the configuration information of first key encryption and be connected.It is provided in an embodiment of the present invention this completely by setting
The scheme for interacting with each other to complete inbound information configuration and set up connection between standby, is manually input into of the prior art
The mode of PIN carries out inbound information configuration and compares, it is not necessary to which user is manually entered, and is reduced the operation difficulty of user, is carried
High Consumer's Experience;As PIN is very short in prior art, only it is made up of 8 bit digitals, it is easy to cracked by brute force attack, so
Internet security is low, and the embodiment of the present invention after up-down bidirectional checking just makes configuration information come into force, further increases net
The security of network.
Further, the step 201 specifically can be asked to the access device send configuration in the terminal to be configured
Ask, and occur after the access device receives the configuring request of the terminal to be configured.
Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 2, another reality of the information configuring methods that the present invention is provided
Apply in example,
It is described so that the access accessory device verifies the up first key authentication information, can specifically include:
So that the up first key authentication information is recognized by the accessory device that accesses with the up first key expected
Card information is matched, if the up first key authentication information is the up first key authentication information of the expectation,
Then the access accessory device verifies that the up first key authentication information passes through;The up first key certification of the expectation
Information is that the access device is sent to the access accessory device in advance.
Used as the deformation of the present embodiment, the up first key authentication information of the expectation can be with information to be configured simultaneously
The access accessory device is sent to by access device.
Refering to Fig. 3, be applied to in access device, the access accessory device of terminal communication to be configured, the access device
Consult to generate first key, information configuration side provided in an embodiment of the present invention by Diffie-Hellman with the terminal to be configured
Another embodiment of method includes:
301st, access accessory device to receive and forward the access device to be sent to descending the first of the terminal to be configured
Key authentication information, makes descending first key authentication information key described in the terminal authentication to be configured, the descending first key
Authentication information is the authentication information calculated using the first key.After execution of step 301, difference execution step 302,
303rd, 304 or 305.
302nd, access accessory device to receive and forward the terminal to be configured to be sent to up the first of the access device
Key authentication information, so that the access device verifies the up first key authentication information, and to institute after being verified
State terminal to be configured and send the configuration information encrypted using the first key, so that the terminal to be configured is matched somebody with somebody using described
Confidence breath sets up secure connection with the access device, and the up first key authentication information is using the first key meter
The authentication information for calculating.
The process of step 302 is:The up first key that the access accessory device reception terminal to be configured sends is recognized
Card information, then forwards the up first key authentication information to access device again, verifies described up first by access device
Key authentication information, and after being verified, sent to the terminal to be configured from access device and added using the first key
Close configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information,
The up first key authentication information is the authentication information calculated using the first key.
303rd, access accessory device to receive and forward the terminal to be configured to be sent to up the first of the access device
Key authentication information, so that the access device is in the configuration encrypted using the first key to the terminal transmission to be configured
The up first key authentication information is verified after information, and after being verified, makes the configuration information come into force, so that institute
State terminal to be configured and set up secure connection with the access device using the configuration information.
The process of step 303 is:The up first key that the access accessory device reception terminal to be configured sends is recognized
Card information, then forwards the up first key authentication information to access device again, and access device is to the terminal to be configured
The up first key authentication information is verified after sending the configuration information encrypted using the first key, after being verified,
The configuration information is made to come into force by the access device, so that the terminal to be configured is connect with described using the configuration information
Enter equipment and set up secure connection.
304th, access accessory device and receive and verify the up first key authentication information that the terminal to be configured sends,
After being verified, make the configuration information of first key encryption come into force so that the terminal to be configured receive it is described
After the configuration information and the configuration information that access device sends comes into force, using the configuration information and the access device
Set up secure connection.
The process of step 304 is:Access accessory device and receive the up first key certification that the terminal to be configured sends
After information, verify the up first key authentication information, and after being verified, make the first key encryption with confidence
Breath comes into force, so that the terminal to be configured is in the configuration information for receiving the access device transmission and described with confidence
After breath comes into force, secure connection is set up with the access device using the configuration information.
Used as the deformation of step 304, the up first key for accessing the accessory device reception terminal transmission to be configured is recognized
Before card information, the configuration information that the use first key that sends of access device is encrypted first is received, and first described wait to match somebody with somebody
The configuration information that terminal forwards the first key encryption is put, the up first key certification letter is then received and verify again
Breath, and after being verified, make the configuration information of the first key encryption come into force, so that the terminal to be configured is being received
After the configuration information and the configuration information sent to the access device comes into force, connect with described using the configuration information
Enter equipment and set up secure connection.
305th, access that accessory device receives that the use first key that the access device sends encrypts with confidence
Breath, receives and verifies the up first key authentication information that the terminal to be configured sends, after being verified, make the configuration
Information comes into force, and sends the configuration information to the terminal to be configured, so that the terminal to be configured uses the configuration
Information sets up secure connection with the access device.
The process of step 305 is:Accessing accessory device, first to receive use that the access device sends described first close
The configuration information of key encryption, then receives and verifies the up first key authentication information that the terminal to be configured sends again,
After being verified, make the configuration information come into force, and the configuration information is sent to the terminal to be configured, so that described treat
Configurating terminal sets up secure connection with the access device using the configuration information.
Be applied in the embodiment of the present invention with access device, the access accessory device of terminal communication to be configured, the side
Method includes, receives and forward the access device to be sent to the descending first key authentication information of the terminal to be configured, make institute
Descending first key authentication information key described in terminal authentication to be configured is stated, the descending first key authentication information is using described
The authentication information that first key is calculated;Receive and forward the terminal to be configured to be sent to up the first of the access device
Key authentication information, so that the access device verifies the up first key authentication information, and to institute after being verified
State terminal to be configured and send the configuration information encrypted using the first key, so that the terminal to be configured is matched somebody with somebody using described
Confidence breath sets up secure connection with the access device, and the up first key authentication information is using the first key meter
The authentication information for calculating;Or, receive and forward the terminal to be configured to be sent to the up first key of the access device
Authentication information, so that the access device is in the configuration information encrypted using the first key to the terminal transmission to be configured
After verify the up first key authentication information, and after being verified, make the configuration information come into force, so that described treat
Configurating terminal sets up secure connection with the access device using the configuration information;Or, receive and verify described to be configured
The up first key authentication information that terminal sends, after being verified, makes the configuration information of the first key encryption come into force,
So that the terminal to be configured comes into force in the configuration information and the configuration information for receiving the access device transmission
Afterwards, secure connection is set up with the access device using the configuration information;Or, what the reception access device sent makes
The configuration information encrypted with the first key, receives and verifies the up first key certification letter that the terminal to be configured sends
Breath, after being verified, makes the configuration information come into force, and sends the configuration information to the terminal to be configured, so that
The terminal to be configured sets up secure connection with the access device using the configuration information.
Information configuring methods provided in an embodiment of the present invention, access device are consulted to generate first key with terminal to be configured
Afterwards, by the descending checking of terminal to be configured, after the up checking of access device or access accessory device, terminal to be configured
Just set up with access device using the configuration information of first key encryption and be connected.It is provided in an embodiment of the present invention this completely by setting
The scheme for interacting with each other to complete inbound information configuration and set up connection between standby, is manually input into of the prior art
The mode of PIN carries out inbound information configuration and compares, it is not necessary to which user is manually entered, and is reduced the operation difficulty of user, is carried
High Consumer's Experience;As PIN is very short in prior art, only it is made up of 8 bit digitals, it is easy to cracked by brute force attack, so
Internet security is low, and the embodiment of the present invention after up-down bidirectional checking just makes configuration information come into force, further increases net
The security of network.
Alternatively, on the basis of the corresponding embodiments of above-mentioned Fig. 3, information configuring methods provided in an embodiment of the present invention
In another embodiment,
The up first key authentication information for verifying that the terminal to be configured sends, can specifically include:
Receive the up first key authentication information of the expectation that the access device sends, and by receive it is described on
Row first key authentication information is matched with the up first key authentication information of the expectation, if the up first key
When authentication information is the up first key authentication information of the expectation, then verify that the up first key authentication information leads to
Cross.
In the embodiment of the present invention, the up first key authentication information of the expectation can with encrypted using first key
Configuration information is received simultaneously.
In order to make it easy to understand, below by taking several specific application scenarios as an example, describing information in the embodiment of the present invention in detail
The detailed process of collocation method:
The detailed process of information configuration in the embodiment of the present invention is described in detail with reference to Fig. 4:
S100, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.
Access device can pass through Diffie-Hellman with the terminal to be configured, such as:Diffie-Hellman, i.e. DH are close
Key exchange agreement, public key encryption algorithm(Such as:Ron Rivest, Adi Shamirh, LenAdleman, RSA)Agreement is oval bent
Line encryption EIGamal agreements etc. consult to generate first key.
Several algorithms are common Diffie-Hellman above, in the case of no man-in-the-middle attack, consult what is generated
First key only access device and terminal to be configured are known, even if the message of exchange process is listened to by miscellaneous equipment, other
Equipment is also difficult to know the first key.
In fact, optional, before access device and terminal to be configured are consulted to generate first key, access device with connect
Enter accessory device and can also share the second key, the sharing mode of second key is stored in access device when can be and dispatch from the factory
With the key in access accessory device.The second key now is static state setting.The access accessory device of such case and connect
Enter equipment and always match access accessory device one access device of correspondence of appearance, i.e.,.In this case can connect
Enter equipment to the process for accessing accessory device the second key of transmission.If the second key is stored in access when not being and dispatching from the factory, annex sets
In standby, it is also possible to pass through USB by access device(Universal Serial BUS, USB)Transmit Deng wired mode
To accessory device is accessed, the second key now can be that dynamic is arranged, and always be inserted into access device in access accessory device
USB or other wired modes on when by access device transmit update the second key.The step of the second key of this renewal, is not
Must occur when starting and treating the configuration process of configurating terminal, can be when access accessory device turns back to access device
Quarter is carried out.
Can also will access accessory device and access device is connected to by wired modes such as USB, that is, access accessory device
When being inserted on access device, access device is interpreted as in forbidding deploying new equipment state, and accesses accessory device and set with access
It is standby to disconnect wired connection, that is, when accessing accessory device and not being inserted on access device, access device is interpreted as in configurable new
Equipment state.
S105, access device send descending first key authentication information to the access accessory device, and described descending first
Key authentication information is the authentication information calculated using the first key.
Key authentication information can have various production methods, can encrypt a data with key, it is also possible to key pair
One data makes an abstract computing etc..Those skilled in the art understand the computational methods of authentication information, here not concrete example.
Access accessory device and descending first key authentication information can be transmitted to accessory device is accessed by wired mode.Should
Wired communication mode can be to be communicated by USB modes.
For example:When burst of data is for " today, weather was very good!", using the authentication information that first key is calculated can be
" today is an auspicious day!”.So descending first key authentication information is just for " today is an auspicious day!”.
When accessory device is accessed with access device also shared second key, under access device is sent to access accessory device
During row first key authentication information, it is also possible to encrypt the descending first key authentication information using second key.
S110, access accessory device send the descending first key authentication information to terminal to be configured.
Access accessory device to communicate by near radio mode with terminal room to be configured or wired mode communication, closely
Apart from wireless communication mode, such as:NFC communication.Wired mode communicates, such as:USB modes communicate.
Descending first key authentication information described in S115, terminal authentication to be configured.
If terminal to be configured also holds first key, then terminal to be configured can just read descending first key certification
Information, such as:Can read that " today is auspicious day!" this descending first key authentication information, if terminal to be configured does not have
Hold first key, then terminal to be configured cannot read that " today is auspicious day!" this descending first key certification letter
Breath.
If the first key that terminal to be configured is held is different from the first key of access device, decline in identical algorithms
The authentication informations different from the descending first key authentication information for receiving are obtained, then terminal to be configured and access before can determine whether out
The key exchange process of equipment malfunctions or by man-in-the-middle attack, and configuration process should terminate that.
When descending first key authentication information success described in terminal authentication to be configured, then can determine that access device is real
Access device.
S120, terminal to be configured send up first key authentication information to accessory device is accessed, and described up first is close
Key authentication information is the authentication information calculated using the first key.
S125, access accessory device forward the up first key authentication information to the access device.
S130, access device verify the up first key authentication information.
When access device verifies the up first key authentication information, then access device can know terminal to be configured
For real terminal to be configured, configuration information can be sent to, the accessing terminal to network to be configured is made.
S135, access device send the configuration information using first key encryption to terminal to be configured, i.e. access device makes
Configuration information is transmitted to terminal to be configured with first key, make the terminal to be configured use the configuration information and the access
Equipment sets up secure connection.
Can also include that before S135 steps terminal to be configured asks the optional step of configuration information to access device.
S140, terminal to be configured set up secure connection using the configuration information and access device.
After being all proved to be successful for up-downgoing in the corresponding application scenarios of Fig. 4, access device is sent to terminal to be configured again matches somebody with somebody
Confidence ceases, and the configuration information terminal to be configured of this scene directly can be used.In fact, under information configuration process can also be
After row is proved to be successful, access device can send the configuration information encrypted using first key, concrete mistake to terminal to be configured
Journey is understood refering to Fig. 5:
S200, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.
In the present embodiment, access device can also share the second key with accessory device is accessed, and detailed process is corresponding with Fig. 7
Scene embodiment it is identical, repeat no more here.
S205, access device send descending first key authentication information to the access accessory device, and described descending first
Key authentication information is the authentication information calculated using the first key.
S210, access accessory device send the descending first key authentication information to terminal to be configured.
Descending first key authentication information described in S215, terminal authentication to be configured.
S220, access device send the configuration information using first key encryption to terminal to be configured, make described to be configured
Terminal sets up secure connection with the access device using the configuration information.
Before step S220, can also include that terminal to be configured asks the optional step of configuration information to access device.
S225, terminal to be configured send up first key authentication information to accessory device is accessed, and described up first is close
Key authentication information is the authentication information calculated using the first key.
S230, access accessory device forward the up first key authentication information to the access device.
S235, access device verify the up first key authentication information, and are verifying the first key certification letter
After breath passes through, the configuration information is made to come into force.
S240, terminal to be configured set up secure connection using the configuration information and access device.
The information configuration process of the information configuration process scene corresponding with Fig. 4 of the corresponding scenes of Fig. 5 is essentially identical, simply
After the descending first key authentication information of terminal authentication to be configured, first configuration information, equipment to be accessed is asked to be sent out to access device
After carrying out the configuration information encrypted using first key, then up first key authentication information is sent to accessory device is accessed, but
Terminal to be configured will be after access device verifies that the first key authentication information passes through, and access device makes the configuration information
After coming into force, secure connection could be set up using the configuration information and access device.If the up first key certification letter
Cease the checking not over access device, then configuration information would not come into force, terminal to be configured also cannot just be set up safety and connect
Connect, in the corresponding application scenarios of Fig. 5, terminal to be configured can not be direct after the configuration information encrypted using first key is received
Use, the configuration information will be made to use after coming into force when access device.
The detailed process of the information configuration of another embodiment in the embodiment of the present invention is described in detail with reference to Fig. 6:
S300, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.
In the present embodiment, access device can also share the second key with accessory device is accessed, and detailed process is corresponding with Fig. 7
Scene embodiment it is identical, be not described in detail here.
S305, access device are close to access the descending first key authentication information of accessory device transmission and expectation up first
Key authentication information.
In fact, S305 can also be splitted into two processes sending respectively.
S310, access accessory device send descending first key authentication information to terminal to be configured.
Descending first key authentication information described in S315, terminal authentication to be configured.
S320, access device send the configuration information encrypted using the first key to terminal to be configured.
Deformation, or access device as S320 is sent using the first key to the access accessory device
The configuration information of encryption, forwards the configuration information encrypted using the first key by the access accessory device.
Or, in S305 with descending first key authentication information and expect up first key authentication information simultaneously
Send the configuration information encrypted using the first key, then by access accessory device forward it is described using described the
The configuration information of one key encryption.
S325, the up first key authentication information for accessing accessory device reception terminal transmission to be configured.
The up first key authentication information is believed by S330, access accessory device with the up first key certification expected
Breath is matched, when matching the up first key authentication information that the up first key authentication information is the expectation
When, if being verified, make the configuration information come into force.
S335, terminal to be configured set up secure connection with the access device using the configuration information.
In the corresponding application scenarios of Fig. 6, after terminal to be configured receives the configuration information encrypted using the first key
Can not directly use, the configuration information will be made to use after coming into force when accessing accessory device.
The detailed process of the information configuration of another embodiment in the embodiment of the present invention is described in detail with reference to Fig. 7:
S400, access device are consulted to generate first key by Diffie-Hellman with terminal to be configured.
In the present embodiment, access device can also share the second key with accessory device is accessed, and detailed process is corresponding with Fig. 7
Scene embodiment it is identical, be not described in detail here.
S405, access device to access accessory device send descending first key authentication information, expect it is up first close
Key authentication information and the configuration information encrypted using first key.
In fact, S305 can also be splitted into two or three transmission process, will the descending first key certification letter
Breath, the up first key authentication information expected and the configuration information encrypted using first key are sent to the access several times
Accessory device, but final purpose is all identical, be provided to send descending first key authentication information, expect it is up first close
Key authentication information and configuration information these three parameters encrypted using first key.
S410, access accessory device send descending first key authentication information to terminal to be configured.
Descending first key authentication information described in S415, terminal authentication to be configured.
S420, terminal to be configured send up first key authentication information to accessory device is accessed.
The up first key authentication information is believed by S425, access accessory device with the up first key certification expected
Breath is matched, if it is the up first key authentication information expected to match the up first key authentication information, is held
Row step subsequent step, if unmatching, does not perform subsequent step.
S430, access accessory device send the configuration information of the use first key encryption to the terminal to be configured.
S435, terminal to be configured set up secure connection using the configuration information and access device.
In fact, alternatively, after step S430, two steps of S440 and S445 are can further include,
S440, access accessory device send up first key authentication information to access device.
S445, access device verify the up first key authentication information, if being verified, make the configuration information
Come into force.In such cases, directly can not use after terminal to be configured receives the configuration information encrypted using the first key,
The configuration information is used after coming into force when access device.
S440 and S445 the two optional steps, verify the up first key authentication information accessory device is accessed
Afterwards, then by access device the first key authentication information is verified once again, so that network is safer.
Refering to Fig. 8, access device provided in an embodiment of the present invention is connected with access accessory device and terminal communication to be configured,
One embodiment of access device provided in an embodiment of the present invention includes:
First key signal generating unit 701, for consulting to generate first by Diffie-Hellman with the terminal to be configured
Key;
First transmitting element 702, for sending descending first key authentication information to the access accessory device, by institute
State access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that described to be configured
Descending first key authentication information described in terminal authentication, the descending first key authentication information is to be given birth to using the first key
The authentication information that the first key generated into unit 701 is calculated;
First processing units 703, for sending the descending first key authentication information in first transmitting element 702
Afterwards, receive the terminal to be configured and the up first key authentication information that accessory device forwarding comes is accessed by described, verify
The up first key authentication information, and added to the terminal transmission to be configured using the first key after being verified
Close configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information, institute
It is the authentication information calculated using the first key to state up first key authentication information;Or,
The first processing units 703, for sending the descending first key certification in first transmitting element 702
After information, the configuration information encrypted using the first key is sent to the terminal to be configured, and verifies described to be configured
Terminal by it is described access accessory device forwarding come up first key authentication information, if being verified, make the configuration
Information comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information;Or,
Second processing unit 704, for sending the descending first key authentication information in first transmitting element 702
Afterwards, the configuration information encrypted using the first key is sent to the terminal to be configured, and is set by the access annex
The standby up first key authentication information for verifying that the terminal to be configured sends, if being verified, by the access annex
Equipment makes the configuration information come into force, so as to the terminal to be configured is set up with the access device using the configuration information pacify
It is complete to connect;Or,
The second processing unit 704, for sending the descending first key certification in first transmitting element 702
After information, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and by the access
The up first key authentication information that the accessory device checking terminal to be configured sends, if being verified, is connect by described
Enter accessory device and the configuration information is sent to into the terminal to be configured, so that the terminal to be configured is using described with confidence
Breath sets up secure connection with the access device.
In the embodiment of the present invention, first key signal generating unit 701 is assisted by Diffie-Hellman with the terminal to be configured
Business generates first key;First transmitting element 702 sends descending first key authentication information to the access accessory device, passes through
The descending first key authentication information is transmitted to the terminal to be configured by the access accessory device, so that described wait to match somebody with somebody
Descending first key authentication information described in terminal authentication is put, the descending first key authentication information is using the first key
The authentication information that the first key that signal generating unit 701 is generated is calculated;First processing units 703 are at described first
After sending unit 702 to send the descending first key authentication information, the terminal to be configured is received by the access annex
The up first key authentication information that device forwards are come, verifies the up first key authentication information, and after being verified
The configuration information encrypted using the first key is sent to the terminal to be configured, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device, and the up first key authentication information is using the first key
The authentication information for calculating;Or, the first processing units 703 send described descending in first transmitting element 702
After one key authentication information, the configuration information encrypted using the first key is sent to the terminal to be configured, and is verified
The terminal to be configured by it is described access accessory device forwarding come up first key authentication information, if being verified,
The configuration information is made to come into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect
Connect;Or, second processing unit 704 after first transmitting element 702 sends the descending first key authentication information,
The configuration information encrypted using the first key is sent to the terminal to be configured, and by the access accessory device checking
The up first key authentication information that the terminal to be configured sends, if being verified, is made by the access accessory device
The configuration information comes into force, so as to the terminal to be configured sets up safety using the configuration information and the access device connect
Connect;Or, the second processing unit 704 sends the descending first key authentication information in first transmitting element 702
Afterwards, the configuration information that accessory device transmission is encrypted using the first key is accessed to described, and by the access annex
The up first key authentication information that terminal to be configured described in device authentication sends, it is if being verified, attached by the access
The configuration information is sent to the terminal to be configured by part equipment so that the terminal to be configured using the configuration information with
The access device sets up secure connection.Compared with prior art, access device provided in an embodiment of the present invention reduces networking
The user operation difficulty of information configuration, and after up-down bidirectional is verified, just make configuration information come into force, further increase
The security of network.
On the basis of the corresponding embodiments of above-mentioned Fig. 8, refering to Fig. 9, access device provided in an embodiment of the present invention it is another
In one embodiment, the second processing unit 704 includes the first subprocessing unit 7041,
The first subprocessing unit 7041, up first specifically for expecting to the access accessory device transmission are close
Key authentication information, make it is described access accessory device will be the described up first key authentication information for receiving upper with the expectation
Row first key authentication information is matched, if the up first key authentication information is the up first key of the expectation
During authentication information, then the access accessory device verifies that the up first key authentication information passes through.
On the basis of the corresponding embodiments of above-mentioned Fig. 8 or Fig. 9, another reality of access device provided in an embodiment of the present invention
Apply in example,
The second processing unit 704, is additionally operable to verify that the accessory device that accesses forwards described up first for coming close
Key authentication information, if being verified, makes the configuration information come into force.
Refering to Figure 10, terminal to be configured provided in an embodiment of the present invention and access device and access accessory device communication link
Connect, an embodiment of terminal to be configured provided in an embodiment of the present invention includes:
Second Key generating unit 801, it is close for consulting generation first by Diffie-Hellman with the access device
Key;
First receiving unit 802, for receive the access device by access accessory device forwarding come descending first
Key authentication information, the descending first key authentication information are using the described of second Key generating unit 801 generation
The authentication information that first key is calculated;
First authentication unit 803, for verifying that the descending first key certification that first receiving unit 802 is received is believed
Breath;
3rd processing unit 804, for verifying the descending first key authentication information in first authentication unit 803
Afterwards, up first key authentication information is sent to the access accessory device, and will be described by the access accessory device
Up first key authentication information is transmitted to the access device, so that the access device verifies the up first key
Authentication information, the use that the reception access device is sent after the checking up first key authentication information passes through are described
The configuration information of first key encryption, the up first key authentication information is the certification calculated using the first key
Information;Or,
3rd processing unit 804, for verifying the descending first key certification in first authentication unit 803
After information, the configuration information that the use first key that the reception access device sends is encrypted, and to the access
Accessory device sends up first key authentication information, and by the accessory device that accesses by the up first key certification
Information is transmitted to the access device, so that the access device verifies the up first key authentication information, and is testing
Card makes the configuration information come into force after passing through;Or,
Fourth processing unit 805, for verifying the descending first key authentication information in first authentication unit 803
Afterwards, the configuration information that the use first key that the reception access device sends is encrypted, and to the access annex
Equipment sends up first key authentication information, so that the access accessory device checking up first key certification letter
Breath, and after being verified, make the configuration information come into force;Or,
The fourth processing unit 805, for verifying the descending first key certification in first authentication unit 803
After information, up first key authentication information is sent to the access accessory device, so that the access accessory device checking
The up first key authentication information, receives the access accessory device and leads in the checking up first key authentication information
Later the configuration information that the use first key for sending is encrypted, the configuration information encrypted using the first key is
The access device is sent to the access accessory device in advance;
First connection establishment unit 806, for using the 3rd processing unit 804 or the fourth processing unit
805 configuration informations for sending set up secure connection with the access device.
In the embodiment of the present invention, the second Key generating unit 801 is consulted by Diffie-Hellman with the access device
Generate first key;First receiving unit 802 receive the access device by access accessory device forwarding come descending first
Key authentication information, the descending first key authentication information are using the described of second Key generating unit 801 generation
The authentication information that first key is calculated;First authentication unit 803 verifies descending that first receiving unit 802 is received
One key authentication information;3rd processing unit 804 verifies the descending first key certification letter in first authentication unit 803
After breath, up first key authentication information is sent to the access accessory device, and by the accessory device that accesses by institute
State up first key authentication information and be transmitted to the access device, so that the access device verifies that described up first is close
Key authentication information, receives the use institute that the access device is sent after the checking up first key authentication information passes through
The configuration information of first key encryption is stated, the up first key authentication information is using recognizing that the first key is calculated
Card information;Or, the 3rd processing unit 804 verifies the descending first key certification in first authentication unit 803
After information, the configuration information that the use first key that the reception access device sends is encrypted, and to the access
Accessory device sends up first key authentication information, and by the accessory device that accesses by the up first key certification
Information is transmitted to the access device, so that the access device verifies the up first key authentication information, and is testing
Card makes the configuration information come into force after passing through;Or, fourth processing unit 805 verifies described in first authentication unit 803
After descending first key authentication information, receive that the use first key that the access device sends encrypts with confidence
Breath, and up first key authentication information is sent to the access accessory device, so that the access accessory device checking is described
Up first key authentication information, and after being verified, make the configuration information come into force;Or, the fourth processing unit
805 after first authentication unit 803 verifies the descending first key authentication information, sends out to the access accessory device
Row first key authentication information is served, so that the access accessory device verifies the up first key authentication information, is received
The access accessory device is added by the use first key of rear transmission in the checking up first key authentication information
Close configuration information, it is described to be in advance sent to described connect for the access device using the configuration information that the first key is encrypted
Enter accessory device;First connection establishment unit 806 uses the 3rd processing unit 804 or the fourth processing unit
805 configuration informations for sending set up secure connection with the access device.Compared with prior art, it is provided in an embodiment of the present invention
Terminal to be configured reduces the user operation difficulty of inbound information configuration, improves internet security.
On the basis of the corresponding embodiments of above-mentioned Figure 10, refering to Figure 11, terminal to be configured provided in an embodiment of the present invention
Another embodiment in, the fourth processing unit 805 includes the second subprocessing unit 8051,
The second subprocessing unit 8051, specifically for sending up first key certification to the access accessory device
Information, so that the accessory device that accesses is by the up first key authentication information and the up first key certification letter expected
Breath is matched, if the up first key authentication information is the up first key authentication information of the expectation, institute
State access accessory device and verify that the up first key authentication information passes through;The up first key authentication information of the expectation
The access accessory device is sent in advance for the access device.
Refering to Figure 12, access accessory device provided in an embodiment of the present invention is connected with access device and terminal communication to be configured
Connect, the embodiment for accessing accessory device provided in an embodiment of the present invention includes:
Second receiving unit 901, is sent to the descending first close of the terminal to be configured for receiving the access device
Key authentication information, the descending first key authentication information is the authentication information calculated using the first key;
Second transmitting element 902, the described descending first key for forwarding second receiving unit 901 to receive are recognized
Card information, makes descending first key authentication information described in the terminal authentication to be configured;
5th processing unit 903, for forwarding the descending first key authentication information in second transmitting element 902
Afterwards, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, so that institute
State access device and verify the up first key authentication information, and use is sent to the terminal to be configured after being verified
The configuration information of the first key encryption, so that the terminal to be configured uses the configuration information and the access device
Secure connection is set up, the up first key authentication information is the authentication information calculated using the first key;Or,
5th processing unit 903, for forwarding the descending first key certification in second transmitting element 902
After information, receive and forward the terminal to be configured to be sent to the up first key authentication information of the access device, with
Make access device checking after the configuration information encrypted using the first key is sent to the terminal to be configured described
Up first key authentication information, and after being verified, make the configuration information come into force, so that the terminal to be configured makes
Secure connection is set up with the access device with the configuration information;Or,
6th processing unit 904, for forwarding the descending first key authentication information in second transmitting element 902
Afterwards, the up first key authentication information that the terminal to be configured sends is received and verified, after being verified, described the is made
The configuration information of one key encryption comes into force so that the terminal to be configured receive the access device send described in match somebody with somebody
After confidence ceases and the configuration information comes into force, secure connection is set up with the access device using the configuration information;Or,
6th processing unit 904, for forwarding the descending first key certification in second transmitting element 902
After information, the configuration information that the use first key that the reception access device sends is encrypted receives and verifies institute
The up first key authentication information that terminal to be configured sends is stated, after being verified, sends described to the terminal to be configured
Configuration information, so that the terminal to be configured sets up secure connection with the access device using the configuration information.
In the embodiment of the present invention, the second receiving unit 901 receives the access device and is sent to the terminal to be configured
Descending first key authentication information, the descending first key authentication information are to be believed using the certification that the first key is calculated
Breath;Second transmitting element 902 forwards the described descending first key authentication information that second receiving unit 901 is received, and makes
Descending first key authentication information described in the terminal authentication to be configured;5th processing unit 903 is in second transmitting element
After the 902 forwardings descending first key authentication information, receive and forward the terminal to be configured to be sent to the access and set
Standby up first key authentication information, so that the access device verifies the up first key authentication information, and is testing
Card sends the configuration information encrypted using the first key after passing through to the terminal to be configured, so that the end to be configured
Secure connection is set up using the configuration information and the access device in end, and the up first key authentication information is to use institute
State the authentication information that first key is calculated;Or, the 5th processing unit 903 is forwarded in second transmitting element 902
After the descending first key authentication information, receive and forward the terminal to be configured to be sent to the up of the access device
First key authentication information, so that the access device is sending what is encrypted using the first key to the terminal to be configured
The up first key authentication information is verified after configuration information, and after being verified, makes the configuration information come into force, so as to
The terminal to be configured is made to set up secure connection with the access device using the configuration information;Or, the 6th processing unit
904, after second transmitting element 902 forwards the descending first key authentication information, receive and verify described to be configured
The up first key authentication information that terminal sends, after being verified, makes the configuration information of the first key encryption come into force,
So that the terminal to be configured comes into force in the configuration information and the configuration information for receiving the access device transmission
Afterwards, secure connection is set up with the access device using the configuration information;Or, the 6th processing unit 904 is described
After second transmitting element 902 forwards the descending first key authentication information, the use that the access device sends is received
The configuration information of the first key encryption, receives and verifies the up first key certification letter that the terminal to be configured sends
Breath, after being verified, sends the configuration information to the terminal to be configured, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device.Compared with prior art, embodiment of the present invention access accessory device can
To reduce the user operation difficulty of inbound information configuration, internet security is improve.
On the basis of the corresponding embodiments of above-mentioned Figure 12, refering to Figure 13, access annex provided in an embodiment of the present invention sets
In standby another embodiment, the 6th processing unit 904 includes the 3rd subprocessing unit 9041,
The 3rd subprocessing unit 9041, up first specifically for receiving the expectation that the access device sends
Key authentication information, and by the up first key certification of the described up first key authentication information for receiving and the expectation
Information is matched, if the up first key authentication information is the up first key authentication information of the expectation,
Verify that the up first key authentication information passes through.
Refering to Figure 14, access device provided in an embodiment of the present invention is connected with access accessory device and terminal communication to be configured
Connect, an embodiment of access device provided in an embodiment of the present invention includes:First input unit 700, the first output device 710,
First memory 720 and first processor 730(First processor 730 can be one or more, and Figure 14 is as a example by one);
First input unit 700, the first output device 710, first memory 720 and first processor 730 can pass through
Bus or other modes connection;
Wherein, the first processor 730 is for consulting to generate the by Diffie-Hellman with the terminal to be configured
One key;
First output device 710 leads to for sending descending first key authentication information to the access accessory device
Cross the access accessory device and the descending first key authentication information is transmitted to into the terminal to be configured, so that described treat
Configurating terminal verifies the descending first key authentication information, and the descending first key authentication information is close using described first
The authentication information that key is calculated;
First input unit 700 be used to receiving the terminal to be configured by it is described access accessory device forwarding come it is up
First key authentication information, the first processor 730 are used to verify the up first key authentication information that described first is defeated
Go out device 710 for the configuration information encrypted using the first key being sent to the terminal to be configured after being verified,
So that the terminal to be configured sets up secure connection, the up first key using the configuration information and the access device
Authentication information is the authentication information calculated using the first key;Or,
First output device 710 is for sending the configuration encrypted using the first key to the terminal to be configured
Information, the first processor 730 be used for verify the terminal to be configured by it is described access accessory device forwarding come it is up
First key authentication information, if being verified, makes the configuration information come into force, so that the terminal to be configured is matched somebody with somebody using described
Confidence breath sets up secure connection with the access device;Or,
First output device 710 is for sending the configuration encrypted using the first key to the terminal to be configured
Information, and the up first key authentication information that accessory device verifies that the terminal to be configured sends is accessed by described, if testing
Card passes through, then make the configuration information come into force by the access accessory device, so that the terminal to be configured is matched somebody with somebody using described
Confidence breath sets up secure connection with the access device;Or,
First output device 710 for it is described access accessory device send using matching somebody with somebody that the first key is encrypted
Confidence ceases, and accesses the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, if
It is verified, then the configuration information is sent to by the terminal to be configured by the access accessory device, so that described treat
Configurating terminal sets up secure connection with the access device using the configuration information.
In some embodiments of the invention, the access device and shared second key of the access accessory device,
First output device 710 is for sending using the descending first close of the second key encryption to accessing accessory device
Key authentication information.
In some embodiments of the invention, first output device 710 is specifically for the access accessory device
The up first key authentication information expected is sent, makes the access accessory device recognize the described up first key for receiving
Card information is matched with the up first key authentication information of the expectation, if the up first key authentication information is institute
When stating the up first key authentication information of expectation, then the access accessory device verifies the up first key authentication information
Pass through.
In some embodiments of the invention, the first processor 730 is additionally operable to verify that the access accessory device turns
The described up first key authentication information sent, if being verified, makes the configuration information come into force.
In some embodiments of the invention, the first processor 730 is specifically for passing through with the terminal to be configured
IKE Diffie-Hellman or public key encryption algorithm RSA agreements or elliptic curve cryptography EIGamal protocol negotiations
Generate first key.
Refering to Figure 15, terminal to be configured provided in an embodiment of the present invention and access device and access accessory device communication link
Connect, an embodiment of terminal to be configured provided in an embodiment of the present invention includes:Secondary input device 800, the second output device
810th, second memory 820 and second processing device 830(Second processing device 830 can be one or more, and Figure 15 with one is
Example);
Secondary input device 800, the second output device 810, second memory 820 and second processing device 830 can pass through
Bus or other modes connection;
The second processing device 830 for the access device by Diffie-Hellman consult generate first key;
The secondary input device 800 be used to receiving the access device by access accessory device forwarding come descending the
One key authentication information, the descending first key authentication information is the authentication information calculated using the first key;
The second processing device 830 is used to verify the descending first key authentication information;
Second output device 810 for sending up first key authentication information to the access accessory device, and
The up first key authentication information is transmitted to by the access device by the access accessory device, so that described connect
Enter up first key authentication information described in device authentication, the secondary input device 800 exists for receiving the access device
The configuration information that the use first key that the up first key authentication information is sent after passing through is encrypted is verified, it is described
Up first key authentication information is the authentication information calculated using the first key;Or,
The secondary input device 800 is used to receive what the use first key that the access device sends was encrypted
Configuration information, second output device 810 for sending up first key authentication information to the access accessory device, and
The up first key authentication information is transmitted to by the access device by the access accessory device, so that described connect
Enter up first key authentication information described in device authentication, and after being verified, make the configuration information come into force;Or,
The secondary input device 800 is used to receive what the use first key that the access device sends was encrypted
Configuration information, second output device 810 for sending up first key authentication information to the access accessory device, with
Make the access accessory device verify the up first key authentication information, and the configuration information life is made after being verified
Effect;Or,
Second output device 810 for sending up first key authentication information to the access accessory device, with
The access accessory device is made to verify the up first key authentication information, the secondary input device 800 is used to receive institute
State access accessory device to encrypt by the use first key of rear transmission in the checking up first key authentication information
Configuration information, it is described to be in advance sent to the access for the access device using the configuration information that the first key is encrypted
Accessory device;
The second processing device 830 is for setting up secure connection with the access device using the configuration information.
In some embodiments of the invention, second output device 810 is for the access accessory device transmission
Up first key authentication information, so that the access accessory device is upper with what is expected by the up first key authentication information
Row first key authentication information is matched, if the up first key authentication information is the up first key of the expectation
During authentication information, then the access accessory device verifies that the up first key authentication information passes through;The expectation it is up
First key authentication information is that the access device is sent to the access accessory device in advance.
Refering to Figure 16, access accessory device provided in an embodiment of the present invention is connected with access device and terminal communication to be configured
Connect, the access device is consulted to generate first key, the embodiment of the present invention by Diffie-Hellman with the terminal to be configured
One embodiment of the access accessory device of offer includes:3rd input unit 900, the 3rd output device 910, the 3rd memory
920 and the 3rd processor 930(3rd processor 930 can be one or more, and Figure 16 is as a example by one);
3rd input unit 900, the 3rd output device 910, the 3rd memory 920 and the 3rd processor 930 can pass through
Bus or other modes connection;
3rd input unit 900 is received and the 3rd output device 910 forwards the access device to be sent to institute
The descending first key authentication information of terminal to be configured is stated, descending first key certification letter described in the terminal authentication to be configured is made
Breath key, the descending first key authentication information is the authentication information calculated using the first key;
3rd input unit 900 is received and the 3rd output device 910 forwards the terminal to be configured to be sent to
The up first key authentication information of the access device, so that the access device checking up first key certification letter
Breath, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that institute
State terminal to be configured secure connection, the up first key certification letter are set up using the configuration information and the access device
Breath is the authentication information calculated using the first key;Or,
3rd input unit 900 is received and the 3rd output device 910 is received and forwards the terminal to be configured
The up first key authentication information of the access device is sent to, so that the access device is being sent out to the terminal to be configured
The up first key authentication information is verified after sending the configuration information encrypted using the first key, and after being verified
The configuration information is made to come into force, so that the terminal to be configured sets up safety with the access device using the configuration information
Connection;Or,
3rd input unit 900 receives the up first key authentication information that the terminal to be configured sends, described
3rd processor 930 verifies the up first key authentication information that the terminal to be configured sends, and after being verified, makes described
The configuration information of first key encryption comes into force, so that the terminal to be configured is being received described in the access device transmission
After configuration information and the configuration information come into force, secure connection is set up with the access device using the configuration information;Or,
3rd input unit 900 receives the configuration that the use first key that the access device sends is encrypted
Information, the 3rd input unit 900 receive the up first key authentication information that the terminal to be configured sends, and the described 3rd
Processor 930 simultaneously verifies up first key authentication information that the terminal to be configured sends, after being verified, makes described matching somebody with somebody
Confidence breath comes into force, and the 3rd output device 910 sends the configuration information to the terminal to be configured, so that described wait to match somebody with somebody
Put terminal and set up secure connection with the access device using the configuration information.
In some embodiments of the invention, the 3rd input unit 900 is sent for receiving the access device
Expectation up first key authentication information, the 3rd processor 930 is for by the described up first key for receiving
Authentication information is matched with the up first key authentication information of the expectation, if the up first key authentication information is
During the up first key authentication information of the expectation, then verify that the up first key authentication information passes through.
Refering to Figure 17, an embodiment of information configuration system provided in an embodiment of the present invention includes:Access device 70, access
Accessory device 90 and terminal to be configured 80, communicate between the access device 70, access accessory device 90 and terminal to be configured 80
Connection,
The access device 70, for consulting to generate first key by Diffie-Hellman with the terminal to be configured;
Descending first key authentication information is sent to the access accessory device, by the accessory device that accesses by described descending first
Key authentication information is transmitted to the terminal to be configured, so that descending first key certification described in the terminal authentication to be configured
Information, the descending first key authentication information is the authentication information calculated using the first key;Wait to match somebody with somebody described in receiving
Putting terminal and the up first key authentication information that accessory device forwarding comes being accessed by described, the checking up first key is recognized
Card information, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that
The terminal to be configured sets up secure connection, the up first key certification using the configuration information and the access device
Information is the authentication information calculated using the first key;Or, send using described first to the terminal to be configured
The configuration information of key encryption, and verify the terminal to be configured by it is described access accessory device forwarding come it is up first close
Key authentication information, if being verified, makes the configuration information come into force, so that the terminal to be configured uses the configuration information
Secure connection is set up with the access device;Or, send using matching somebody with somebody that the first key is encrypted to the terminal to be configured
Confidence ceases, and accesses the up first key authentication information that accessory device verifies that the terminal to be configured sends by described, if
It is verified, then makes the configuration information come into force by the access accessory device, so that the terminal to be configured is using described
Configuration information sets up secure connection with the access device;Or, send close using described first to the access accessory device
The configuration information of key encryption, and verify that the up first key of the terminal transmission to be configured is recognized by the accessory device that accesses
The configuration information, if being verified, is sent to the terminal to be configured by the access accessory device by card information, with
The terminal to be configured is made to set up secure connection with the access device using the configuration information.
The terminal to be configured 80, for consulting to generate first key by Diffie-Hellman with the access device;
Receive the access device by access accessory device forwarding come descending first key authentication information, the descending first key
Authentication information is the authentication information calculated using the first key;Verify the descending first key authentication information;To institute
State access accessory device and send up first key authentication information, and it is close by described up first by the access accessory device
Key authentication information is transmitted to the access device, so that the access device verifies the up first key authentication information,
Receive the use first key that the access device is sent after the checking up first key authentication information passes through
The configuration information of encryption, the up first key authentication information is the authentication information calculated using the first key;Or
Person, the configuration information that the use first key that the reception access device sends is encrypted, and set to the access annex
Preparation serves row first key authentication information, and turns the up first key authentication information by the access accessory device
The access device is issued, so that the access device verifies the up first key authentication information, and is being verified
After make the configuration information come into force;Or, the configuration that the use first key that the reception access device sends is encrypted
Information, and up first key authentication information is sent to the access accessory device, so that the access accessory device checking institute
Up first key authentication information is stated, and after being verified, makes the configuration information come into force;Or, set to the access annex
Preparation serves row first key authentication information, so that the access accessory device verifies the up first key authentication information,
The access accessory device is received to verify the up first key authentication information described first close by the use of rear transmission
The configuration information of key encryption, it is described to be in advance sent to institute for the access device using the configuration information that the first key is encrypted
State and access accessory device;Secure connection is set up with the access device using the configuration information.
The access accessory device 90, for receiving and forwarding the access device to be sent under the terminal to be configured
Row first key authentication information, makes descending first key authentication information key described in the terminal authentication to be configured, and described descending
One key authentication information is the authentication information calculated using the first key;Receive and forward the terminal to be configured to send
To the up first key authentication information of the access device, so that the access device verifies the up first key certification
Information, and the configuration information encrypted using the first key is sent after being verified to the terminal to be configured, so that
The terminal to be configured sets up secure connection, the up first key certification using the configuration information and the access device
Information is the authentication information calculated using the first key;Or, receive and forward the terminal to be configured to be sent to institute
The up first key authentication information of access device is stated, so that the access device is using institute to the terminal transmission to be configured
The up first key authentication information is verified after the configuration information for stating first key encryption, and described matching somebody with somebody is made after being verified
Confidence breath comes into force, so that the terminal to be configured sets up secure connection with the access device using the configuration information;Or
Person, receives and verifies the up first key authentication information that the terminal to be configured sends, after being verified, make described first
The configuration information of key encryption comes into force, so that the terminal to be configured is receiving the configuration that the access device sends
After information and the configuration information come into force, secure connection is set up with the access device using the configuration information;Or, receive
The configuration information that the use first key that the access device sends is encrypted, receives and verifies that the terminal to be configured is sent out
The up first key authentication information for sending, after being verified, makes the configuration information come into force, and sends out to the terminal to be configured
The configuration information is sent, so that the terminal to be configured sets up safety using the configuration information and the access device connecting
Connect.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
Instruct related hardware to complete with by program, the program can be stored in a computer-readable recording medium, storage
Medium can include:ROM, RAM, disk or CD etc..
Information configuring methods, equipment and the system for being provided to the embodiment of the present invention above is described in detail, this
Apply specific case to be set forth the principle and embodiment of the present invention in text, the explanation of above example is only intended to
Help understands the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, according to the think of of the present invention
Think, will change in specific embodiments and applications, in sum, it is right that this specification content should not be construed as
The restriction of the present invention.