CN105007163A - Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices - Google Patents
Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices Download PDFInfo
- Publication number
- CN105007163A CN105007163A CN201510417048.7A CN201510417048A CN105007163A CN 105007163 A CN105007163 A CN 105007163A CN 201510417048 A CN201510417048 A CN 201510417048A CN 105007163 A CN105007163 A CN 105007163A
- Authority
- CN
- China
- Prior art keywords
- psk
- pin
- smart machine
- public key
- encrypted public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention is suitable for the field of communication, and provides pre-shared key (PSK) transmitting and receiving methods and transmitting and acquiring devices. The PSK receiving method comprises the following steps: acquiring an encrypted public key broadcast by an access point (AP); encrypting a personal identification number (PIN) with the acquired encrypted public key; transmitting the PIN encrypted by the encrypted public key to the AP in order that the AP decrypts the PIN with a private key, and encrypting the PSK with the PIN; and receiving the PSK which is transmitted by the AP and is encrypted by the PIN, and decrypting the PSK. Through the embodiment of the invention, the acquisition speed can be increased, and the reliability of the PSK is enhanced.
Description
Technical field
The embodiment of the present invention belongs to the communications field, particularly relates to a kind of transmission of wildcard, acquisition methods and transmission, acquisition device.
Background technology
The various smart machines (such as smart jack, hereafter represents smart machine with STA) of Internet of Things only have the effect of access network competence exertion.Such as, STA under factory state needs the access local network (route of such as family, the access point of local network is hereafter represented with AP) competence exertion effect, and in order to ensure information security, AP generally understands encryption enabled mechanism, only after the wildcard PSK of checking STA acquisition is correct, just can access this STA.
The acquisition methods of existing wildcard has 2 kinds: STA is changed into Soft AP by (1) temporarily, this Soft AP does not have password, user accesses this Soft AP by mobile phone or computer, then to set up with STA at IP layer and communicate, the configuration informations such as PSK are passed to STA by mobile phone or computer, so that after STA switches back Station pattern, set up wireless connections according to the configuration information just got and AP.The shortcoming of the method is: complex operation step, and user compares indigestibility, easily makes mistakes, and greatly affects Consumer's Experience; Soft AP does not encrypt, and fail safe is not high.(2) to make an appointment certain character of length coding utilizing packet, when STA receives a packet, resolve the length obtaining this packet, and go out corresponding character according to the length decoder of the packet obtained, finally multiple character group that the length of the multiple packet of decoding obtains are taken on complete PSK.Although the method simplifies operating procedure, but because the character obtained according to the length decoder of a packet is limited, therefore, need to receive for obtaining a complete PSK, multiple packet of decoding, thus reduce the speed obtaining PSK, further, PSK is also increased not high by risk, the fail safe of intercepting and capturing.
To sum up, the acquisition methods complex operation step of existing wildcard, fail safe are low.
Summary of the invention
Embodiments providing a kind of transmission of wildcard, acquisition methods and transmission, acquisition device, being intended to solve existing method when obtaining wildcard, the problem that complex operation step, fail safe are low.
The embodiment of the present invention is achieved in that a kind of acquisition methods of wildcard, and described method comprises:
Obtain the encrypted public key of access point AP broadcast;
The encrypted public key obtained is adopted to encrypt individual recognition code PIN;
To the PIN of encrypted public key encryption be adopted to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopt described PIN to encrypt wildcard PSK;
Receive the PSK of the employing described PIN encryption that described AP sends and decrypt described PSK.
Another object of the embodiment of the present invention is the sending method providing a kind of wildcard, and described method comprises:
Broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN;
Receive the PIN of the employing encrypted public key encryption that described smart machine sends, and adopt private key to decrypt described PIN;
Described PIN is adopted to encrypt wildcard PSK;
By adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
Another object of the embodiment of the present invention is the acquisition device providing a kind of wildcard, and described device comprises:
Public key acquisition unit, for obtaining the encrypted public key that access point AP broadcasts;
Individual's recognition code ciphering unit, encrypts individual recognition code PIN for adopting the encrypted public key of acquisition;
Individual recognition code transmitting element after encryption, for will the PIN of encrypted public key encryption be adopted to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopts described PIN to encrypt wildcard PSK;
PSK receiving element, the PSK that the described PIN of employing sent for receiving described AP encrypts also decrypts described PSK.
Another object of the embodiment of the present invention is the dispensing device providing a kind of wildcard, and described device comprises:
Public key broadcasts unit, for broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN;
Individual's recognition code decryption unit, for receiving the PIN of the employing encrypted public key encryption that described smart machine sends, and adopts private key to decrypt described PIN;
PSK ciphering unit, encrypts wildcard PSK for adopting described PIN;
PSK transmitting element, for by adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
In embodiments of the present invention, because smart machine obtains in the process of PSK, without the need to user's multi-pass operation, because this simplify operation complexity, further, due to before acquisition PSK, the step through a series of encryption, deciphering is needed, therefore, improve the reliability of this PSK, in addition, because PSK is disposablely sent on smart machine, therefore, the acquisition speed of PSK is accelerated.
Accompanying drawing explanation
Fig. 1 is the flow chart of the acquisition methods of a kind of wildcard that first embodiment of the invention provides;
Fig. 2 is the flow chart of the sending method of a kind of wildcard that second embodiment of the invention provides;
Fig. 3 is the structure chart of the acquisition device of a kind of wildcard that third embodiment of the invention provides;
Fig. 4 is the structure chart of the dispensing device of a kind of wildcard that fourth embodiment of the invention provides.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
In the embodiment of the present invention, obtain the encrypted public key of access point AP broadcast, the encrypted public key obtained is adopted to encrypt individual recognition code PIN, and the PIN after encryption is sent to AP, private key is adopted to decrypt described PIN to make described AP, and adopt described PIN to encrypt wildcard PSK, then receive the PSK of the employing described PIN encryption that described AP sends and decrypt described PSK.
In order to technical solutions according to the invention are described, be described below by specific embodiment.
embodiment one:
Fig. 1 shows the flow chart of the acquisition methods of a kind of wildcard that first embodiment of the invention provides, and details are as follows:
Step S11, obtains the encrypted public key of access point AP broadcast.
In this step, encrypted public key is changed after can using certain hour, also can just abandon after a single use, to ensure the crypticity of this encrypted public key.
Alternatively, the encrypted public key that described acquisition access point AP broadcasts specifically comprises:
Whether the scanning of A1, smart machine exists media access control layer (MediaAccess Control, the MAC) management frames that access point AP broadcasts, and described MAC management frames carries encrypted public key.Described MAC management frames is specially Beacon frame, and described Beacon frame is the frame that fixed time broadcast sends, and is mainly used to the existence to other equipment informing networks AP.
A2, when scanning MAC management frames, obtain the encrypted public key that described MAC management frames is carried.
Wherein, smart machine refers to the equipment needing to access AP, such as smart jack.In above-mentioned A1 and A2, make an appointment and add a self-defining element, storage encryption PKI in this self-defining element in MAC management frames, when smart machine scans MAC management frames, obtain encrypted public key from the self-defining element of this MAC management frames.Because MAC management frames communicates between smart machine and the data link layer of AP, and before smart machine does not access AP, AP cannot communicate at IP layer above with smart machine, but can in data link layer exchange message, therefore, great facility can be provided for the communication between smart machine and AP by MAC management frame transmission encrypted public key.In addition, owing to only adding one for the self-defining element of storage encryption PKI in MAC management frames, therefore, the packet of standard can not be affected, also can not produce unnecessary a large amount of packet, decrease data redundancy.
Step S12, adopts the encrypted public key obtained to encrypt individual recognition code PIN.
In this step, individual's recognition code (Personal Identification Number, PIN) can set as required, as, the sequence number of each smart machine or the character of other settings can be set as, certainly, in order to improve the reliability of this PIN, the described encrypted public key obtained that adopts encrypts individual recognition code PIN, specifically comprises:
B1, stochastic generation individual recognition code PIN.
The PIN of the encrypted public key encryption stochastic generation that B2, employing obtain.
In above-mentioned B1 and B2, random function stochastic generation PIN can be adopted, then adopt the encrypted public key of acquisition to encrypt this PIN.Because this PIN is stochastic generation, this improves the difficulty decoding this PIN.
Step S13, will adopt the PIN of encrypted public key encryption to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopts described PIN to encrypt wildcard PSK.
In this step, smart machine sends Probe Request frame to AP, and this Probe Request frame comprises a self-defining element, comprises the PIN adopting encrypted public key encryption in this self-defining element.After AP receives Probe Request frame, utilize private key to decrypt PIN from this Probe Request frame, and utilize this PIN to encrypt PSK.
Step S14, receives the PSK of the employing described PIN encryption that described AP sends and decrypts described PSK.
In this step, smart machine receives the Probe Response frame that described AP sends, and from the self-defining element of described ProbeResponse frame, obtaining the PSK after adopting PIN encryption, the PIN that this smart machine utilizes the last time stored to send to AP and the decipherment algorithm of making an appointment decrypt corresponding PSK.
Alternatively, the PSK that the described PIN of employing sent at the described AP of described reception encrypts also after decrypting described PSK, comprising:
Described PSK is sent to described AP, so that described AP verifies whether described PSK is legal PSK, and selects whether to set up network connection according to the result.Particularly, when AP verifies that described PSK is legal PSK, set up network with smart machine and be connected, otherwise refusal is set up network with smart machine and is connected.Certainly, in order to ensure the confidentiality of PSK further, after also this PSK can being encrypted, be sent to described AP again.
In first embodiment of the invention, obtain the encrypted public key of access point AP broadcast, the encrypted public key obtained is adopted to encrypt individual recognition code PIN, and the PIN after encryption is sent to AP, private key is adopted to decrypt described PIN to make described AP, and adopt described PIN to encrypt wildcard PSK, then receive the PSK of the employing described PIN encryption that described AP sends and decrypt described PSK.Because smart machine obtains in the process of PSK, without the need to user's multi-pass operation, because this simplify operation complexity, and, due to before acquisition PSK, need the step through a series of encryption, deciphering, this improves the reliability of this PSK, in addition, because PSK is disposablely sent on smart machine, therefore, accelerate the acquisition speed of PSK.
Should be understood that in embodiments of the present invention, the size of the sequence number of above-mentioned each process does not also mean that the priority of execution sequence, and the execution sequence of each process should be determined with its function and internal logic, and should not form any restriction to the implementation process of the embodiment of the present invention.
embodiment two:
Fig. 2 shows the flow chart of the sending method of a kind of wildcard that second embodiment of the invention provides, and details are as follows:
Step S21, broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN.
Wherein, smart machine refers to the equipment needing to access AP, such as smart jack; Encrypted public key is changed after can using certain hour, also can just abandon after a single use, to ensure the crypticity of this encrypted public key.In this step, make an appointment and add a self-defining element in MAC management frames, so as in this self-defining element storage encryption PKI, when AP broadcasts MAC management frames, be equivalent to broadcast enciphering PKI.Wherein, described MAC management frames is specially Beacon frame, and PIN can set as required, e.g., can be set as the sequence number of each smart machine or the character of other settings, certainly, also by a random function stochastic generation, can be not construed as limiting herein.
Because MAC management frames communicates between smart machine and the data link layer of AP, and before smart machine does not access AP, AP cannot communicate at IP layer above with smart machine, but can in data link layer exchange message, therefore, great facility can be provided for the communication between smart machine and AP by MAC management frame transmission encrypted public key.In addition, owing to only adding one for the self-defining element of storage encryption PKI in MAC management frames, therefore, the packet of standard can not be affected, also can not produce unnecessary a large amount of packet, decrease data redundancy.
Step S22, receives the PIN of the employing encrypted public key encryption that described smart machine sends, and adopts private key to decrypt described PIN.
Private key in this step is the decruption key of encrypted public key, and when encrypted public key changes, this private key is corresponding change also.
Alternatively, in order to confirm the legitimacy of smart machine, the PIN of the employing encrypted public key encryption that the described smart machine of described reception sends, and adopt private key to decrypt described PIN, specifically comprise:
The PIN that C1, the employing encrypted public key receiving the transmission of described smart machine are encrypted.
C2, obtain the unique identification of described smart machine, to judge whether the unique identification of described smart machine is in default white list, and described default white list stores the unique identification of legal smart machine.
C3, when the unique identification of described smart machine is in default white list, adopt private key decrypt described PIN.
In above-mentioned C1 ~ C3, AP receives the Probe Request frame that smart machine sends, this Probe Request frame comprises a self-defining element, the PIN adopting encrypted public key encryption is comprised in this self-defining element, in addition, also comprise the unique identification of smart machine, the unique identification of this smart machine is as the MAC information, user name etc. of smart machine.AP obtains and adopts the PIN of encrypted public key encryption and the unique identification of smart machine, and the unique identification of the smart machine of acquisition is compared with the information prestored in white list, if the unique identification of the smart machine obtained is identical with the unique identification of certain smart machine that white list stores, then judge that this smart machine is as legal smart machine, now, then adopt private key to decrypt corresponding PIN.Owing to adding white list mechanism, therefore, reduce after illegal smart machine listens to encrypted public key, the probability of relevant information is stolen, in addition, only when determining that smart machine is legal to AP, just perform the operation of deciphering PIN, when smart machine is illegal, does not perform the operation of deciphering PIN, decrease the waste of resource.
Alternatively, in order to improve fail safe, each entry (information of the smart machine namely stored) of setting white list has an ageing time, once arrive the ageing time of entry, then AP deletes this entry from white list.Certainly, in order to improve the flexibility of entry management, the ageing time that can set each entry is different.Alternatively, the MAC information of smart machine is obtained by mobile terminal (as mobile phone, pad etc.), and the MAC information of the smart machine of acquisition is added in the white list of AP, the MAC information of this smart machine can be stored in the bar code of smart machine, the MAC information of this smart machine just can be obtained when the bar code of mobile scanning terminal smart machine, input by hand without the need to user, improve the efficiency of MAC acquisition of information.
Step S23, adopts described PIN to encrypt wildcard PSK.
Because PIN deciphering obtained encrypts PSK, because this increasing the fail safe of this PSK.
Step S24, by adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
Because this PIN is that smart machine sends to AP's, therefore, direct employing PIN encrypts the transmission that PSK it also avoid the decruption key (embodiment of the present invention is PIN) of this PSK, thus not only significantly reduces the risk of the decruption key revealing this PSK, also effectively saves resource.
Alternatively, will the PSK of described PIN encryption be adopted to be sent to smart machine described, receives to make described smart machine and after decrypting described PSK, comprising:
D1, receive the PSK that described smart machine sends, and verify whether described PSK is legal PSK.
D2, when described PSK is legal PSK, sets up network with described smart machine and be connected.
In above-mentioned D1 and D2, the PSK received compares with the PSK of storage, if identical, then judges that the PSK that receives is as legal PSK after receiving the PSK that smart machine sends by AP, otherwise, be illegal PSK.When the PSK judging to receive is legal PSK, AP agrees to that setting up network with described smart machine is connected.Certainly, if the PSK that AP receives is the PSK after encryption, then after adopting the clear crytpographic key of making an appointment with smart machine to decipher this PSK, then the PSK after deciphering is compared with the PSK of storage.
In second embodiment of the invention, AP broadcast enciphering PKI, described encrypted public key is obtained to make smart machine, and adopt the encrypted public key obtained to encrypt individual recognition code PIN, receive the PIN of the employing encrypted public key encryption that described smart machine sends again, and adopt private key to decrypt described PIN, finally adopt described PIN to encrypt wildcard PSK, and by adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.Because AP sends in the process of PSK to smart machine, without the need to user's multi-pass operation, because this simplify operation complexity, and, due to before transmission PSK, need the step through a series of encryption, deciphering, therefore, improve the reliability of this PSK, in addition, because PSK is disposablely sent on smart machine, therefore, avoid the repeatedly transmission of same PSK, accelerate the transmission speed of PSK.
embodiment three:
Fig. 3 shows the structure chart of the acquisition device of a kind of wildcard that third embodiment of the invention provides, and the acquisition device of this wildcard can be applicable in smart machine, and this smart machine is the equipment needing to access AP, such as smart jack.For convenience of explanation, illustrate only the part relevant to the embodiment of the present invention.
The acquisition device of described wildcard comprises: individual recognition code transmitting element 33, PSK receiving element 34 after public key acquisition unit 31, individual recognition code ciphering unit 32, encryption, wherein:
Public key acquisition unit 31, for obtaining the encrypted public key that access point AP broadcasts.
Wherein, encrypted public key is changed after can using certain hour, also can just abandon after a single use, to ensure the crypticity of this encrypted public key.
Alternatively, described public key acquisition unit 31 specifically comprises:
Scan module, for scanning the MAC management frames that whether there is access point AP and broadcast, described MAC management frames carries encrypted public key.Particularly, make an appointment and add a self-defining element, storage encryption PKI in this self-defining element in MAC management frames.
PKI extraction module, for when scanning MAC management frames, obtains the encrypted public key that described MAC management frames is carried.
Individual's recognition code ciphering unit 32, encrypts individual recognition code PIN for adopting the encrypted public key of acquisition.
Wherein, PIN can set as required, and e.g., can be set as the sequence number of each smart machine or the character of other settings, also can be generated by random function, now, described individual recognition code ciphering unit 32 comprises:
Individual's recognition code generation module, for stochastic generation individual recognition code PIN.
Public-key encryption module, for adopting the PIN of the encrypted public key encryption stochastic generation of acquisition.
Because this PIN is stochastic generation, this improves the difficulty decoding this PIN.
Individual recognition code transmitting element 33 after encryption, for will the PIN of encrypted public key encryption be adopted to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopts described PIN to encrypt wildcard PSK.
Particularly, send Probe Request frame to AP, this Probe Request frame comprises a self-defining element, comprises the PIN adopting encrypted public key encryption in this self-defining element.
PSK receiving element 34, the PSK that the described PIN of employing sent for receiving described AP encrypts also decrypts described PSK.
Particularly, receive the Probe Response frame that described AP sends, and from the self-defining element of described Probe Response frame, obtaining the PSK after adopting PIN encryption, the PIN that this smart machine utilizes the last time stored to send to AP and the decipherment algorithm of making an appointment decrypt corresponding PSK.
Alternatively, the acquisition device of described wildcard comprises:
Connection request transmitting element, for described PSK is sent to described AP, so that described AP verifies whether described PSK is legal PSK, and selects whether to set up network connection according to the result.Particularly, when AP verifies that described PSK is legal PSK, set up network with smart machine and be connected, otherwise refusal is set up network with smart machine and is connected.Certainly, in order to ensure the confidentiality of PSK further, after also this PSK can being encrypted, be sent to described AP again.
In third embodiment of the invention, owing to obtaining in the process of PSK, without the need to user's multi-pass operation, because this simplify operation complexity, further, due to before acquisition PSK, the step through a series of encryption, deciphering is needed, therefore, improve the reliability of this PSK, in addition, because PSK is disposablely sent on smart machine, therefore, the acquisition speed of PSK is accelerated.
embodiment four:
Fig. 4 shows the structure chart of the dispensing device of a kind of wildcard that fourth embodiment of the invention provides, the dispensing device of this wildcard can be used for the equipment of Network Access Point, as being applied in router, for convenience of explanation, illustrate only the part relevant to the embodiment of the present invention.
The dispensing device of this wildcard comprises: public key broadcasts unit 41, individual recognition code decryption unit 42, PSK ciphering unit 43, PSK transmitting element 44.Wherein:
Public key broadcasts unit 41, for broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN.
Wherein, encrypted public key is changed after can using certain hour, also can just abandon after a single use, to ensure the crypticity of this encrypted public key.
Particularly, make an appointment and add a self-defining element in MAC management frames, so as in this self-defining element storage encryption PKI, when AP broadcasts MAC management frames, be equivalent to broadcast enciphering PKI.Wherein, described MAC management frames is specially Beacon frame.
Individual's recognition code decryption unit 42, for receiving the PIN of the employing encrypted public key encryption that described smart machine sends, and adopts private key to decrypt described PIN.
Wherein, private key is here the decruption key of encrypted public key, and when encrypted public key changes, this private key is corresponding change also.
Alternatively, described individual recognition code decryption unit 42 comprises:
PIN receiver module, for receiving the PIN of the employing encrypted public key encryption that described smart machine sends.Particularly, receive the Probe Request frame that smart machine sends, this Probe Request frame comprises a self-defining element, the PIN adopting encrypted public key encryption is comprised in this self-defining element, in addition, also comprise the unique identification of smart machine, the unique identification of this smart machine is as the MAC information, user name etc. of smart machine.
White list judge module, for obtaining the unique identification of described smart machine, to judge whether the unique identification of described smart machine is in default white list, and described default white list stores the unique identification of legal smart machine.Particularly, the unique identification of the smart machine of acquisition is compared with the information prestored in white list, if the unique identification of the smart machine obtained is identical with the unique identification of certain smart machine that white list stores, then judge that this smart machine is as legal smart machine.
Private key deciphering module, for when the unique identification of described smart machine is in default white list, adopts private key to decrypt described PIN.Owing to adding white list mechanism, therefore, reduce after illegal smart machine listens to encrypted public key, the probability of relevant information is stolen, in addition, only when determining that smart machine is legal to AP, just perform the operation of deciphering PIN, when smart machine is illegal, does not perform the operation of deciphering PIN, decrease the waste of resource.
Alternatively, in order to improve fail safe, each entry (information of the smart machine namely stored) of setting white list has an ageing time, once arrive the ageing time of entry, then AP deletes this entry from white list.Certainly, in order to improve the flexibility of entry management, the ageing time that can set each entry is different.Alternatively, the MAC information of smart machine is obtained by mobile terminal (as mobile phone, pad etc.), and the MAC information of the smart machine of acquisition is added in the white list of AP, the MAC information of this smart machine can be stored in the bar code of smart machine, the MAC information of this smart machine just can be obtained when the bar code of mobile scanning terminal smart machine, input by hand without the need to user, improve the efficiency of MAC acquisition of information.
PSK ciphering unit 43, encrypts wildcard PSK for adopting described PIN.
PSK transmitting element 44, for by adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
Because this PIN is that smart machine sends to AP's, therefore, direct employing PIN encrypts the transmission that PSK it also avoid the decruption key (embodiment of the present invention is PIN) of this PSK, thus not only significantly reduces the risk of the decruption key revealing this PSK, also effectively saves resource.
Alternatively, the dispensing device of described wildcard comprises:
PSK authentication unit, for receiving the PSK that described smart machine sends, and verifies whether described PSK is legal PSK.
Network connection establishment unit, for when described PSK is legal PSK, sets up network with described smart machine and is connected.
In above-mentioned PSK authentication unit and network connection establishment unit, after receiving the PSK that smart machine sends, the PSK received is compared with the PSK of storage, if identical, then judge that the PSK that receives is as legal PSK, otherwise, be illegal PSK.When the PSK judging to receive is legal PSK, agree to that setting up network with described smart machine is connected.Certainly, if the PSK received is the PSK after encryption, then after adopting the clear crytpographic key of making an appointment with smart machine to decipher this PSK, then the PSK after deciphering is compared with the PSK of storage.
In fourth embodiment of the invention, owing to sending in the process of PSK to smart machine, without the need to user's multi-pass operation, because this simplify operation complexity, and, due to before transmission PSK, need the step through a series of encryption, deciphering, this improves the reliability of this PSK, in addition, because PSK is disposablely sent on smart machine, therefore, avoid the repeatedly transmission of same PSK, accelerate the transmission speed of PSK.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.
If described function using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.
Claims (10)
1. an acquisition methods for wildcard, is characterized in that, described method comprises:
Obtain the encrypted public key of access point AP broadcast;
The encrypted public key obtained is adopted to encrypt individual recognition code PIN;
To the PIN of encrypted public key encryption be adopted to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopt described PIN to encrypt wildcard PSK;
Receive the PSK of the employing described PIN encryption that described AP sends and decrypt described PSK.
2. method according to claim 1, is characterized in that, the described encrypted public key obtained that adopts encrypts individual recognition code PIN, specifically comprises:
Stochastic generation individual recognition code PIN;
Adopt the PIN of the encrypted public key encryption stochastic generation obtained.
3. method according to claim 1, is characterized in that, the PSK that the described PIN of employing sent at the described AP of described reception encrypts also after decrypting described PSK, comprising:
Described PSK is sent to described AP, so that described AP verifies whether described PSK is legal PSK, and selects whether to set up network connection according to the result.
4. a sending method for wildcard, is characterized in that, described method comprises:
Broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN;
Receive the PIN of the employing encrypted public key encryption that described smart machine sends, and adopt private key to decrypt described PIN;
Described PIN is adopted to encrypt wildcard PSK;
By adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
5. method according to claim 4, is characterized in that, the PIN of the employing encrypted public key encryption that the described smart machine of described reception sends, and adopts private key to decrypt described PIN, specifically comprises:
Receive the PIN of the employing encrypted public key encryption that described smart machine sends;
Obtain the unique identification of described smart machine, to judge whether the unique identification of described smart machine is in default white list, and described default white list stores the unique identification of legal smart machine;
When the unique identification of described smart machine is in default white list, private key is adopted to decrypt described PIN.
6. method according to claim 4, is characterized in that, will the PSK of described PIN encryption be adopted to be sent to smart machine described, receives and after decrypting described PSK, comprising to make described smart machine:
Receive the PSK that described smart machine sends, and verify whether described PSK is legal PSK;
When described PSK is legal PSK, sets up network with described smart machine and be connected.
7. an acquisition device for wildcard, is characterized in that, described device comprises:
Public key acquisition unit, for obtaining the encrypted public key that access point AP broadcasts;
Individual's recognition code ciphering unit, encrypts individual recognition code PIN for adopting the encrypted public key of acquisition;
Individual recognition code transmitting element after encryption, for will the PIN of encrypted public key encryption be adopted to be sent to AP, to make described AP adopt private key to decrypt described PIN, and adopts described PIN to encrypt wildcard PSK;
PSK receiving element, the PSK that the described PIN of employing sent for receiving described AP encrypts also decrypts described PSK.
8. device according to claim 7, is characterized in that, described individual recognition code ciphering unit comprises:
Individual's recognition code generation module, for stochastic generation individual recognition code PIN;
Public-key encryption module, for adopting the PIN of the encrypted public key encryption stochastic generation of acquisition.
9. a dispensing device for wildcard, is characterized in that, described device comprises:
Public key broadcasts unit, for broadcast enciphering PKI, to make smart machine obtain described encrypted public key, and adopts the encrypted public key obtained to encrypt individual recognition code PIN;
Individual's recognition code decryption unit, for receiving the PIN of the employing encrypted public key encryption that described smart machine sends, and adopts private key to decrypt described PIN;
PSK ciphering unit, encrypts wildcard PSK for adopting described PIN;
PSK transmitting element, for by adopting the PSK of described PIN encryption to be sent to smart machine, receiving to make described smart machine and decrypting described PSK.
10. device according to claim 9, is characterized in that, described individual recognition code decryption unit comprises:
PIN receiver module, for receiving the PIN of the employing encrypted public key encryption that described smart machine sends;
White list judge module, for obtaining the unique identification of described smart machine, to judge whether the unique identification of described smart machine is in default white list, and described default white list stores the unique identification of legal smart machine;
Private key deciphering module, for when the unique identification of described smart machine is in default white list, adopts private key to decrypt described PIN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510417048.7A CN105007163B (en) | 2015-07-15 | 2015-07-15 | Transmission, acquisition methods and the transmission of wildcard, acquisition device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510417048.7A CN105007163B (en) | 2015-07-15 | 2015-07-15 | Transmission, acquisition methods and the transmission of wildcard, acquisition device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105007163A true CN105007163A (en) | 2015-10-28 |
| CN105007163B CN105007163B (en) | 2018-07-31 |
Family
ID=54379691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510417048.7A Active CN105007163B (en) | 2015-07-15 | 2015-07-15 | Transmission, acquisition methods and the transmission of wildcard, acquisition device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105007163B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704679A (en) * | 2016-05-04 | 2016-06-22 | 深圳市蜂联科技有限公司 | Method for quickly connecting AP and SD with confirming function under uncorrelated WIFI environment |
| CN105979515A (en) * | 2016-05-04 | 2016-09-28 | 深圳市蜂联科技有限公司 | Method of quick connection between SD and AP with identification function in uncorrelated WIFI environment |
| CN106657122A (en) * | 2016-12-30 | 2017-05-10 | 广东欧珀移动通信有限公司 | Data processing method and device as well as terminal device |
| CN107483201A (en) * | 2017-07-17 | 2017-12-15 | 深圳市盛路物联通讯技术有限公司 | A kind of selection encryption method and device based on Internet of Things access point |
| CN112822758A (en) * | 2020-12-31 | 2021-05-18 | 深圳市晨北科技有限公司 | Method, device and storage medium for accessing network |
| CN113596811A (en) * | 2021-06-30 | 2021-11-02 | 荣耀终端有限公司 | Data transmission method and terminal equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665183A (en) * | 2005-03-23 | 2005-09-07 | 西安电子科技大学 | Key agreement method in WAPI authentication mechanism |
| CN101765110A (en) * | 2009-12-21 | 2010-06-30 | 苏州汉明科技有限公司 | Dedicated encryption protection method between user and wireless access point |
| CN101908959A (en) * | 2010-07-28 | 2010-12-08 | 北京握奇数据系统有限公司 | Method, equipment and system thereof for establishing shared key |
| CN102215483A (en) * | 2010-04-08 | 2011-10-12 | 华为终端有限公司 | Method and device for performing negotiation according to Wi-Fi protected setup (WPS) protocol |
| CN102843687A (en) * | 2012-09-18 | 2012-12-26 | 惠州Tcl移动通信有限公司 | Smartphone portable point safe access system and method |
-
2015
- 2015-07-15 CN CN201510417048.7A patent/CN105007163B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665183A (en) * | 2005-03-23 | 2005-09-07 | 西安电子科技大学 | Key agreement method in WAPI authentication mechanism |
| CN101765110A (en) * | 2009-12-21 | 2010-06-30 | 苏州汉明科技有限公司 | Dedicated encryption protection method between user and wireless access point |
| CN102215483A (en) * | 2010-04-08 | 2011-10-12 | 华为终端有限公司 | Method and device for performing negotiation according to Wi-Fi protected setup (WPS) protocol |
| CN101908959A (en) * | 2010-07-28 | 2010-12-08 | 北京握奇数据系统有限公司 | Method, equipment and system thereof for establishing shared key |
| CN102843687A (en) * | 2012-09-18 | 2012-12-26 | 惠州Tcl移动通信有限公司 | Smartphone portable point safe access system and method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704679A (en) * | 2016-05-04 | 2016-06-22 | 深圳市蜂联科技有限公司 | Method for quickly connecting AP and SD with confirming function under uncorrelated WIFI environment |
| CN105979515A (en) * | 2016-05-04 | 2016-09-28 | 深圳市蜂联科技有限公司 | Method of quick connection between SD and AP with identification function in uncorrelated WIFI environment |
| CN105704679B (en) * | 2016-05-04 | 2019-04-16 | 深圳市蜂联科技有限公司 | A method of AP and there is the SD of confirmation function quickly to connect under the WIFI environment of onrelevant |
| CN106657122A (en) * | 2016-12-30 | 2017-05-10 | 广东欧珀移动通信有限公司 | Data processing method and device as well as terminal device |
| CN107483201A (en) * | 2017-07-17 | 2017-12-15 | 深圳市盛路物联通讯技术有限公司 | A kind of selection encryption method and device based on Internet of Things access point |
| CN112822758A (en) * | 2020-12-31 | 2021-05-18 | 深圳市晨北科技有限公司 | Method, device and storage medium for accessing network |
| CN113596811A (en) * | 2021-06-30 | 2021-11-02 | 荣耀终端有限公司 | Data transmission method and terminal equipment |
| CN113596811B (en) * | 2021-06-30 | 2022-06-21 | 荣耀终端有限公司 | Data transmission method and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105007163B (en) | 2018-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6283384B2 (en) | Method and apparatus for self-configuring a base station | |
| CN101822082B (en) | Techniques for secure channelization between UICC and terminal | |
| CN111052672B (en) | Secure key transfer protocol without certificate or pre-shared symmetric key | |
| CN101406021B (en) | SIM based authentication | |
| CN106656510B (en) | A kind of encryption key acquisition methods and system | |
| CN105764058B (en) | Method, device and system for accessing network | |
| CN105007163A (en) | Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices | |
| CN107888381B (en) | Method, device and system for realizing key import | |
| CN105722013A (en) | Bluetooth pairing method and device | |
| US20080170699A1 (en) | Method and device for managing a wireless resource | |
| CN105656941A (en) | Identity authentication device and method | |
| CN101820629A (en) | Identity authentication method, device and system in wireless local area network (WLAN) | |
| EP3952241A1 (en) | Parameter sending method and apparatus | |
| CN100566337C (en) | Strengthen the method for wireless LAN safety | |
| CN105357007A (en) | Encryption communication method and communication terminal | |
| KR20090111315A (en) | Power distribution system secure access communication system and method | |
| CN112104460A (en) | Method for encrypting and decrypting algorithm of asymmetric dynamic token | |
| CN1649295A (en) | Device and its method for end-to-end enciphering and deenciphering in clony system | |
| CN111224958A (en) | Data transmission method and system | |
| US11019037B2 (en) | Security improvements in a wireless data exchange protocol | |
| KR100969649B1 (en) | Method and apparatus for performing ciphering in a wireless communications system | |
| US9008624B2 (en) | Method of authenticating a first and a second entity at a third entity | |
| CN102413463A (en) | Wireless media access layer authentication and key agreement method for filling variable sequence length | |
| CN108174344B (en) | GIS position information transmission encryption method and device in trunking communication | |
| US11652625B2 (en) | Touchless key provisioning operation for communication devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |