CN105119900B - Information secure transmission method, networking cut-in method and corresponding terminal - Google Patents
Information secure transmission method, networking cut-in method and corresponding terminal Download PDFInfo
- Publication number
- CN105119900B CN105119900B CN201510424991.0A CN201510424991A CN105119900B CN 105119900 B CN105119900 B CN 105119900B CN 201510424991 A CN201510424991 A CN 201510424991A CN 105119900 B CN105119900 B CN 105119900B
- Authority
- CN
- China
- Prior art keywords
- information
- data message
- ciphertext
- key
- transmitted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/61—Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
- H04L65/611—Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for multicast or broadcast
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The main purpose of the present invention is to provide a kind of mobile terminal and its information secure transmission methods of use, and this method comprises the following steps: obtaining information to be transmitted;Data message is constructed, making the data message includes secondary ciphertext and secondary key, and secondary ciphertext information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key of included random factor encrypts to be formed;Send the data message.Corresponding, the present invention also provides a kind of intelligent terminal and its networking cut-in methods.The present invention is expressed by improving the content that data message is loaded by cryptographic technique, further enhances the communication security effect for connecting technology fastly based on 802.11 protocol realization of IEEE.
Description
Technical field
The present invention relates to information security technologies, and in particular to a kind of mobile terminal and its used safe information transmission side
Method, while being related to a kind of intelligent terminal and its networked cut-in method.
Background technique
Intelligent terminal accesses the control technology of target network, big based on 802.11 agreement institute specification technique of IEEE
Power exploitation, using more and more common.It is based on based on AD-Hoc, WiFi Direct technology earliest, makes control terminal (transmitting terminal)
Direct-connected relationship is established between receiving end, is then started to transmit the configuration information for accessing target network, is specifically included target
The service set and login password of network.Traditional direct-connected mode due to need control terminal and receiving end and router it
Between execute it is complicated shake hands and handoff procedure, thus be inefficient.
Improved one of the technology quickly connected, be using multicast packet frame destination address domain or its frame ontology domain can
Whether editor's characteristic carrys out load information, and the reception of multicast packet frame, direct-connected independent of establishing between receiving end and control terminal
Relationship exempts frequent switching connection relationship, therefore, quick interconnection technique is answered in this way, exempting the handshake procedure of equipment room connection
It is more and more extensive with range.
Due to the Limited information that the data frame of data link layer can load, therefore it is lower to be generally only used for transmission capacity requirement
Data, example configuration information as mentioned.Really, it can also open up and more be widely applied, such as be used only for sending an end
It needs to be shown to the notice of user interface to end, or is used only for sending one for driving some component work of receiving end
The signal instruction etc. of work.
On the one hand, the problem of no matter wanting which kind of type is the information of transmission be, be required in view of information security.Current
In above-mentioned various technologies, communication security principle, be held respectively by receiving end to transmitting terminal it is mathematically identical or related
Key, after the key that transmitting terminal is held with it encrypts information to be transmitted, form data-message transmission to receiving end, receiving end makes
It is decrypted with the key to match.This protocol mode is relatively simple, but is also easier to be cracked.To find out its cause, either adopting
It is waited for based on the private key encryption that symmetric cryptosystem is realized, or is waited for using the public key encryption realized based on asymmetric encryption techniques
Information is transmitted, the key for encrypting information to be transmitted always immobilizes, therefore, when illegal user can be transmitted several times by intercepting and capturing
The data packet of generation carries out Brute Force, or the data packet of simulation transmitting terminal, and the attack of similar DDOS, paralysis are initiated to receiving end
Paralysis receiving end, even result in other adjacent equipments including WiFi router also since it is desired that identification data frame and by same
The influence of sample.
On the other hand, it in current message transmitting procedure, receives and transmission both sides needs is in accordance with fixed disclosure or certainly
Agreement is defined, transmitting terminal can not surmount given protocol and freely define the format of information to be transmitted, and receiving end similarly also can not be right
Received data message should be parsed flexibly to obtain accurate raw information, existing information transmission technology is inflexible intelligent
Defect is seen some from this.Exactly because the also presence of this inflexible defect, causes cracker can be by simply
Data message format is analyzed, and accurate raw information is obtained from the data message of intercepting and capturing with lower time cost, it is real
The purpose of its existing illegal steal information.
In view of this, it is necessary to existing data communication technology is improved, to ensure that Internet of Things is interconnected saferly
Intercommunication.
Summary of the invention
The first object of the present invention aims to solve the problem that above-mentioned at least partly problem in terms of at least one, provide it is a kind of it is mobile eventually
End and its used information secure transmission method, to realize information security control in source.
The second object of the present invention be to solve the problems, such as it is above-mentioned in terms of at least one at least partly, provide a kind of intelligence eventually
End and its used networking cut-in method, make intelligent terminal receive configuration information saferly to echo previous purpose,
Target network is accessed using the configuration information.
In order to realize that the first object of the present invention, the present invention adopt the following technical scheme that:
A kind of information secure transmission method provided by the invention, includes the following steps:
Obtain information to be transmitted;
Data message is constructed, making the data message includes secondary ciphertext and secondary key, and the secondary ciphertext is by primary close
Key encrypts the information to be transmitted, forms a ciphertext, then the secondary key of included random factor encrypts to be formed;
Send the data message.
Further, in the step of obtaining information to be transmitted, the information to be transmitted and its submission are received by user interface
Instruction instructs in response to the submission and executes subsequent step.
Preferably, the information to be transmitted is the configuration information for accessing target network.
Specifically, the configuration information includes service set for determining the target network and logs in the target
The password of network.
Further, the step of constructing data message comprises the following specific steps that:
Utilize the one-time pad ciphertext of information acquisition to be transmitted;
Ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor;
It assembles the secondary key and the secondary ciphertext constitutes the data message.
Preferably, the information to be transmitted is formatted as the text comprising specific identifier before primary encryption.
Disclosed according to one embodiment of present invention, the secondary key includes the specific identifier with for will be described
Text is reduced to the information to be transmitted.
According to the present invention disclosed in another embodiment, the secondary key is random number.
Disclosed in one of embodiment according to the present invention, a secondary key is standardized based on asymmetric encryption techniques
Public key obtains the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.
Disclosed in one of embodiment according to the present invention, a secondary key is the private standardized based on symmetric cryptosystem
Key, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.
Disclosed in one of embodiment according to the present invention, the secondary key is the private standardized based on symmetric cryptosystem
Key, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.
Further, the data message further includes the check code for characterizing entire data message length.
Preferably, being formatted as multiple groups sequentially characterized in data link layer in the step of sending the data message
Multicast data frame loads the data message to send.
Further, the data message is loaded into the destination address domain and/or frame ontology domain of the multicast packet frame.
Specifically, the multicast packet frame meets the specification of 802.11 agreement of IEEE.
A kind of mobile terminal provided by the invention comprising:
Acquiring unit, for obtaining information to be transmitted;
Structural unit makes the data message include secondary ciphertext and secondary key for constructing data message, described secondary
Ciphertext information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key of included random factor
Encryption is formed;
Transmission unit, for sending the data message.
Further, the acquiring unit is configured as receiving the information to be transmitted by user interface and its submitting referring to
It enables, is instructed in response to the submission and start structural unit.
Preferably, the information to be transmitted is the configuration information for accessing target network.
Specifically, the configuration information includes service set for determining the target network and logs in the target
The password of network.
Further, the structural unit includes following specific module:
Primary encryption module is configured as utilizing ciphertext of one-time pad information acquisition to be transmitted;
Secondary encrypting module is configured as being encrypted as a ciphertext using the secondary key comprising random factor secondary close
Text;
Structure assembles module, constitutes the data message for assembling the secondary key and the secondary ciphertext.
Preferably, the information to be transmitted is formatted as the text comprising specific identifier before primary encryption.
Disclosed according to one embodiment of present invention, the secondary key includes the specific identifier with for will be described
Text is reduced to the information to be transmitted.
According to the present invention disclosed in another embodiment, the secondary key is random number.
Disclosed in one of embodiment according to the present invention, a secondary key is standardized based on asymmetric encryption techniques
Public key obtains the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.
Disclosed in one of embodiment according to the present invention, a secondary key is the private standardized based on symmetric cryptosystem
Key, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.
Disclosed in one of embodiment according to the present invention, the secondary key is the private standardized based on symmetric cryptosystem
Key, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.
Further, the data message further includes the check code for characterizing entire data message length.
Preferably, the transmission unit, is configured as being formatted as multiple multicast numbers sequentially characterized in data link layer
The data message is loaded according to frame to send.
Further, the data message is loaded into the destination address domain and/or frame ontology domain of the multicast packet frame.
Specifically, the multicast packet frame meets the specification of 802.11 agreement of IEEE.
The second purpose to realize the present invention, the present invention adopts the following technical scheme:
A kind of networking cut-in method provided by the invention, includes the following steps:
Receive data message;
Contained secondary ciphertext is decrypted using secondary key contained by the data message to obtain a ciphertext;
A ciphertext is decrypted using the secondary key prestored to obtain configuration information therein;
With configuration information configuration own net setting, the target network is accessed.
Preferably, after obtaining data message, being examined using check code contained by data message in the step of receiving data message
The length of entire data message is tested, only receives and verifies successful data message.
Further, the step of receiving data message comprises the following specific steps that:
Receive the multicast packet frame with same source;
It is assembled in each multicast packet frame carrying according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized
Hold code;
Content code after sequentially assembling is converted into the data message.
Specifically, the multicast packet frame meets the specification of 802.11 agreement of IEEE.
Further, the sequence code and content code are expressed in destination address domain and/or the frame sheet of corresponding multicast packet frame
In body domain.
Disclosed in one of embodiment according to the present invention, the private key that the secondary key is standardized by symmetric cryptosystem,
The secondary ciphertext is obtained by the private key encryption.
Disclosed in one of embodiment according to the present invention, private that a secondary key is standardized by asymmetric encryption techniques
Key, a ciphertext are obtained by corresponding public key encryption.
Disclosed in one of embodiment according to the present invention, the private key that a secondary key is standardized by symmetric cryptosystem,
Ciphertext is obtained by the private key encryption.
Further, a step of ciphertext is to obtain configuration information therein is decrypted using the secondary key prestored
In, obtained after the completion of decryption include specific format text, the specific identifier for being included using the secondary key is by the text
Resolve to the configuration information.
Specifically, the configuration information includes service set for determining the target network and logs in the target
The password of network.
A kind of intelligent terminal provided by the invention comprising:
Receiving unit, for receiving data message;
It is primary close to obtain to decrypt contained secondary ciphertext using secondary key contained by the data message for second decryption unit
Text;
First decryption unit, it is therein with confidence to obtain to decrypt a ciphertext using the secondary key prestored
Breath;
Access unit, for accessing the target network with configuration information configuration own net setting.
Preferably, the receiving unit, is configured as after obtaining data message, is examined using check code contained by data message
The length of entire data message is tested, only receives and verifies successful data message.
Further, the receiving unit includes:
Frame receiving module, for receiving the multicast packet frame with same source;
Frame assembles module, and the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized assembles each multicast
The content code that data frame carries;
Conversion module, for the content code after sequentially assembling to be converted to the data message.
Specifically, the multicast packet frame meets the specification of 802.11 agreement of IEEE.
Further, the sequence code and content code are expressed in destination address domain and/or the frame sheet of corresponding multicast packet frame
In body domain.
Disclosed in one of embodiment according to the present invention, the private key that the secondary key is standardized by symmetric cryptosystem,
The secondary ciphertext is obtained by the private key encryption.
Disclosed in one of embodiment according to the present invention, private that a secondary key is standardized by asymmetric encryption techniques
Key, a ciphertext are obtained by corresponding public key encryption.
Disclosed in one of embodiment according to the present invention, the private key that a secondary key is standardized by symmetric cryptosystem,
Ciphertext is obtained by the private key encryption.
Further, it in first decryption unit, is configured as obtaining the text comprising specific format, benefit after the completion of decryption
The text is resolved to the configuration information by the specific identifier included in the secondary key.
Specifically, the configuration information includes service set for determining the target network and logs in the target
The password of network.
Compared with prior art, the solution of the invention has the following advantages:
1, the present invention is packaged by the information to be transmitted to the configuration information for such as being used to access target network etc, structure
The data message with particular encryption format is produced, on the basis of the existing progress primary encryption to information to be transmitted, is imposed
Secondary encryption, and key plain used in secondary encryption is covered in the data message, so that the data message is either
During being transmitted in a manner of broadcast or multicast, even if being trapped, also it is more difficult to be cracked because there are two re-encryptions.
Even if by Brute Force, since the secondary key includes random factor, every time transmit information when secondary key all because with
The presence of the machine factor and usually it is different, therefore interceptor can not be obtained according to the different data packet repeatedly intercepted and captured one really
The rule of the fixed secondary key, sends datagram, thus the hair of terminal easy to remove etc so that transmitting terminal can not be forged
Sending end more safely can transmit information to receiving end.Correspondingly, in receiving end, since the above-mentioned mechanism of transmitting terminal makes data
Message presents the regularity that the contained information content is decrypted using its contained secondary key, can extract number according to this rule
According to the information of such as configuration information etc that message is loaded, the legal format of data message is effectively differentiated, so that it is guaranteed that being obtained
The safety of information achievees the effect that safety receives information.
2, the present invention includes for parsing by the specific of the not encrypted formatted text of transmission information in secondary key
Mark, make secondary key be provided simultaneously with encryption, decryption function and contain for parsing by the specific identifier of transmission information,
Parsing scheme is constituted, the complexity for cracking the data message is further increased, after so that transmitting terminal is issued data message, is transmitted across
The safety of journey is further improved.For receiving end, then parsing therein can be called according to this improvement rule
Scheme is parsed to by the not encrypted formatted text of transmission information, is identified and is received using specific identifier therein
The content of information finally can still obtain the raw information of transmitting terminal expression to be transmitted, and its safety is obviously able into one
Step improves.
3, similarly, based on the presence for parsing scheme described in data message, transmitting terminal is neatly formulated to be passed
The specific format of the formatted text of defeated information, and receiving end then can be according to the specific mark that the secondary key of data message is included
Knowledge effectively identifies the information to be transmitted of formatting, therefore, so that transmitting terminal and receiving end are provided with negotiation detail agreement
Function, improve the intelligence degree of information representation and parsing.
4, the present invention is based on the characteristic of multicast packet frame, data link layer by the data message be loaded into it is multiple sequentially
In destination address domain and/or frame ontology domain inside the multicast packet frame of statement, since the propagation and reception of multicast packet frame are equal
The direct-connected relationship between receiving end and transmitting terminal is needed not rely upon, therefore, it is possible to which connection relationship is avoided the technology rings such as to switch, shake hands
Section, convenient for propagating the information transmitted more quickly, is also convenient for receiving end and utilizes the information more quickly, especially when described
Information when being the configuration information for accessing target network, the intelligent terminal for receiving the configuration information can be made real more quickly
Existing target network access.On the other hand, due to improving the received speed of information, data message in transmission process also can more be reduced
The probability being trapped, to further embody the present invention either its reception scheme or the security feature of transmission scheme.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, in which:
Fig. 1 is the structural schematic diagram of multicast address of the present invention;
Fig. 2 mapping relations schematic diagram between multicast address of the present invention and IP address;
Fig. 3 is the schematic illustration of information secure transmission method of the invention;
Schematic illustration of the Fig. 4 by the step S12 of the information secure transmission method of the invention detailed process realized;
The structural schematic diagram for the data message that Fig. 5 is constructed for the present invention;
Fig. 6 is the schematic illustration of networking cut-in method of the invention;
Schematic illustration of the Fig. 7 by the step S21 of the networking cut-in method of the invention detailed process realized;
Fig. 8 is the structural schematic diagram of mobile terminal of the invention;
Fig. 9 is the schematic diagram of internal structure of the structural unit of mobile terminal of the invention;
Figure 10 is the structural schematic diagram of intelligent terminal of the invention;
Figure 11 is the schematic diagram of internal structure of the receiving unit of intelligent terminal of the invention.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and for explaining only the invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange
Diction "and/or" includes one or more associated wholes for listing item or any cell and all combinations.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art
The consistent meaning of meaning, and unless idealization or meaning too formal otherwise will not be used by specific definitions as here
To explain.
Those skilled in the art of the present technique be appreciated that " terminal " used herein above, " terminal device ", " intelligent terminal ",
" mobile terminal " had both included the equipment of wireless signal receiver, only had setting for the wireless signal receiver of non-emissive ability
It is standby, and the equipment including receiving and emitting hardware, have the reception that two-way communication on bidirectional communication link, can be executed and
Emit the equipment of hardware.This equipment may include: honeycomb or other communication equipments, with single line display or multi-line
Display or honeycomb or other communication equipments without multi-line display;PCS(Personal Communications
Service, PCS Personal Communications System), it can be with combine voice, data processing, fax and/or communication ability;PDA
(Personal Digital Assistant, personal digital assistant), may include radio frequency receiver, pager, internet/
Intranet access, web browser, notepad, calendar and/or GPS (Global Positioning System, global location
System) receiver;Conventional laptop and/or palmtop computer or other equipment have and/or including radio frequency receiver
Conventional laptop and/or palmtop computer or other equipment.Various " terminals " used herein above can be it is portable, can transport
It is defeated, be mounted in the vehicles (aviation, sea-freight and/or land), or be suitable for and/or be configured in local runtime, and/
Or with distribution form, operate in any other position operation in the earth and/or space.Various " terminals " used herein above may be used also
To be communication terminal, access terminals, music/video playback terminal, such as it can be PDA, MID (Mobile Internet
Device, mobile internet device) and/or mobile phone with music/video playing function, be also possible to smart television,
The equipment such as set-top box, intelligent video camera head, intelligent remote controller, intelligent socket.
The present invention is the information security technology solution proposed for the development in response to Internet of Things, makes information from transmission
Safety is further strengthened into received entire transmission process.The application scenarios that the present invention is adapted to are mainly reflected in WiFi
The communication between intelligent terminal and mobile terminal that technology is realized, with operating system without being necessarily associated with.Based on this, of the invention
Not only the terminal on the one hand for the similar mobile phone that plays central control action etc provides substantial encoding mechanism, so as to for
Other intelligent terminals access target network and provide automation access guide, on the other hand, or independently of in described rise
It entreats other intelligent terminals except the mobile terminal of control action to provide decoding mechanism, is connect to realize that such intelligent terminal is controlled
Enter target network.
Although the core scheme that the present invention embodies security performance, which can be not only used for multicast, can also be used in the scene of broadcast, go out
In the concise description the considerations of, it is typical real for being still only chosen at the case where data link layer realizes data-message transmission with multicasting technology
Example is applied to be illustrated.Specifically, the present invention is in relation in the exemplary embodiments of data message transmission, using multicast packet frame as technology
It realizes carrier, realizes the transmission to data message.Thus it is necessary to by the coding and decoding two in relation to data link layer of the invention
Rudimentary knowledge involved by aspect is disclosed, and makes those skilled in the art that can exempt to realize through creative thinking according to this specification
It.
Since the present invention is illustrated by taking multicasting technology as an example, it is related to the utilization to multicast packet frame, and group of the invention
Multicast data frame receives the specification of 802.11 agreements again, therefore, it is necessary to understand the physical frame that 802.11 agreements are standardized in advance
The rudimentary knowledge of (mac frame).
Table 1:802.11 protocol suite mac frame structure (first trip unit is Bytes byte):
Do corresponding explanation in each domain being related to below for table 1:
Frame Control, frame control domain;
Duration/ID, the duration/mark, show the frame and it acknowledgement frame will busy channel how long;It is right
In frame control domain subtype are as follows: the frame of Power Save-Poll, the domain representation connection identity of STA (AID,
Association Indentification)
Address Fields (1-4): for address field, including 4 addresses (source address, destination address, sender address and
Recipient address), depending on To DS and From DS in frame control field.
Seq Ctrl, i.e. Sequence Control-are sequence control domain, for filtering repeating frame.
Frame Body: frame ontology domain or data field, the information for indicating to send or receive.
Check Sum: verification domain, including 32 cyclic redundancy check (CRC).
Table 2: frame controls (Frame Control) structure (first trip unit is bit (position)):
2 | 2 | 4 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
Version | Type | Subtype | To DS | From DS | MF | Retry | Pwr | More | W | O |
The each field being related to below for table 2 does corresponding explanation:
Protocol Version -802.11 standard of expression IEEE version.
Type-expression frame type: including classes such as management, control and data.
Subtype-expression frame subtype, such as: authentication frame (Authentication Frame), releases authentication frame
(Deauthentication Frame), association request frame (Association Request Frame), connection response frame
(Association Response Frame), claim frame (Reassociation Request Frame), again is reconnected
Connection response frame (Reassociation Response Frame) releases connection frame (Disassociation Frame), beacon
Frame (Beacon Frame), Probe frame (Probe Frame), Probe claim frame (Probe Request Frame) or Probe
Response frame (Probe Response Frame).
For To DS- when frame is sent to Distribution System (DS), which is set as 1.
For From DS- when frame receives at Distribution System (DS), which is set as 1.
MF-More Fragment indicates that the value is set as 1 when there is more segmentations to belong to same number of frames.
Retry- indicates that the segmentation is the repeating transmission frame of precedent transmission segmentation.
Pwr-Power Management, after indicating transmission frame, powder source management mode used by standing.
More-More Data, indicates that many frame buffers are arrived at a station.
W-WEP, expression encrypt frame main body according to WEP (Wired Equivalent Privacy) algorithm.
O-Order1 indicates that recipient should be in strict accordance with the sequential processes frame.
According to the explanation of table 2 it is found that can determine the destination address of multicast packet frame by From DS and To DS field
Domain position.Refering to table 3:
Table 3: the usage of address field in a data frame:
Function | To DS | From DS | Address1 (receiving end) | Address2 (transmitting terminal) | Address3 | Address4 |
IBSS | 0 | 0 | DA | SA | BSSID | It is not used |
To AP (foundation structure type) | 1 | 0 | BSSID | SA | DA | It is not used |
From AP (foundation structure type) | 0 | 1 | DA | BSSID | SA | It is not used |
WDS (wireless distribution system) | 1 | 1 | RA | TA | DA | SA |
Those skilled in the art should know IP address space is divided into A, B, C three classes.Four classes, that is, D class address quilt
Reservation is used as multicast address.In the IP agreement (IPv4) of fourth edition, from 224.0.0.0 to 239.255.255.255 between institute
There is IP address to belong to D class address.
Most importantly the 24th this four to 27 interdigits in multicast address, corresponding to the decimal system is 224 to 239,
Its 28 reservation is used as the group mark of multicast, as shown in Figure 1.
The multicast address of IPv4 will be converted into network physical address in network layer.To the network address of a unicast, pass through
The available physical address corresponding with IP address of ARP protocol.But ARP protocol is unable to complete similar functions under multicast mode,
It must handy other methods acquisition physical address.It is proposed in the RFC document being listed below and completes this conversion process
Method:
RFC1112:Multicast IPv4to Ethernet physical address correspondence
RFC1390:Correspondence to FDDI
RFC1469:Correspondence to Token-Ring networks
Within the scope of maximum ethernet address, conversion process is such that most fixed by first 24 of ethernet address
For 01:00:5E, this several are important flag bit.Back to back one is fixed as 0, and other 23 in IPv4 multicast address
Low 23 fill.The conversion process is as shown in Figure 2.For example, multicast address is that 224.0.0.5 its Ethernet hardware address is
01:00:5E:00:00:05.As can be seen that 23 low (can also be less) of object here address field can be used as editable
Bit area, for load information.
In addition, frame ontology domain, i.e. Frame Body, the length of this partial content is variable, and the content specifically stored is by frame
Type (type) and subtype (sub type) determine.
As can be seen that the destination address domain and frame ontology domain in multicast packet frame are two editable field, transmitting terminal can
Editable bit area i.e. its low 23 content and the length in control frame ontology domain in destination address domain is arranged.It is either single
Solely with the editable bit area in destination address domain or the length in frame ontology domain, or with the combination of the two, it is used equally for adding
Carry the information for needing to transmit.
When intelligent terminal is not connected with WiFi access point, WiFi chip is the radiofrequency signal that can be detected in space
And identify mac frame, but equipment can not further parse frame knot because the certification by access point does not have key at this time
The data in frame ontology domain in structure, but due to the frame length in frame ontology domain it is found that the frame length to entire multicast packet frame can also
Know, therefore, this characteristic has no effect on the utilization of the frame length to multicast packet frame.So the present invention is by utilizing these words
Section, so that the information that mobile terminal is sent with multicast mode can be received intelligent terminal is not in the case where networking.It is real
It on border, will also realize that according to 802.11 agreements, for a multicast packet frame, the length of entire frame is uniquely associated with simultaneously
It is decided by the length in frame ontology therein domain.
It can be seen that for multicast packet frame according to the knowledge of the disclosure above, the destination address domain in frame structure
And/or the variation of its frame ontology length of field is used equally for load configuration information.
A kind of information secure transmission method provided by the invention is controlled typically as active initiator, or as center
The visual angle of system side is described, and this method can be embodied as computer program by programming and is mounted on similar mobile phone, flat
Run in plate computer or other mobile terminals, for example, operation Android, IOS, Windows Phone system mobile phone or
APP (application program) with installation is realized using the transmission method in tablet computer, executes the transmission method by the application program.
Referring to Fig. 3, an exemplary embodiments of information secure transmission method of the invention, this method specifically includes as follows
Step:
Step S11, information to be transmitted is obtained.
Mainly realize that data are transmitted using multicast or broadcast technology in view of of the invention, thus the letter to be transmitted
Breath is especially suitable for the information content for referring to that data volume is little, such as the configuration information for accessing target network, usually only includes mesh
The service set and password of network are marked, information content is just smaller;The instruction for another example only executed comprising one for receiving end
Sentence;For another example the notification information of receiving end is only pushed to comprising one.It is such, play this hair with capable of maximizing degree
Bright advantage.It, can be by this since the data capacity that each data frame can express is limited as the quantizating index of information content size
Field technical staff is determines according to actual conditions.
It should be pointed out that the simplicity for explanation considers, often with the transmission information in each embodiment of the invention
One example is the configuration information to censure the information to be transmitted, but should not be understood as that this is without exception to " information to be transmitted "
Saying and the still limit of the concepts such as " by the transmission information " of reference same object, " received information " have been converted considering it
System.Similarly, subsequent to be related to the different-format content caused by operation such as being formatted information to be transmitted, encrypt, although its
Expression-form generates variation, but its object being directed toward is still information pointed by " information to be transmitted " this concept.
It, can be by system drive on mobile phone when the APP is run by taking the APP realized based on the present invention as an example
Hardware device utilized.It is well known that not only having WiFi mould group, display, control chip on mobile phone, also there is wheat
The components such as gram wind, loudspeaker, these components, which can pass through the APP, to be realized and calls.
By taking android system as an example, mobile phone terminal calls first by its acquiring unit and shows a movable component
(Activity), it or one page realized using HTML5 of display, shows the user interface on the screen and scans
WiFi access-in point information (is enumerated) with service set SSID, requests user's selected target network, and requires user's input corresponding
Password, to obtain the SSID and password of target network.
According to the agreement of WiFi agreement, those skilled in the art be could be aware that, configuration information generally includes WiFi without route
For determining the service set (SSID) of the target network and for logging in the mesh provided by device (representing target network)
The login password for marking network, may also need in some cases include login password cipher mode, and for open network
It can also need not be provided login password.Although WiFi agreement the fact that there are version upgradings, these are related to realization access network
And indispensable configuration information to its details and its can be equal by those skilled in the art according to the corresponding determination of document of agreement, therefore
Change programme is without being repeated here.
As details accommodation, after user has selected SSID, can be inquired to cloud server corresponding to the SSID
Password directly downloads password by cloud if password exists, and can save the mistake for requiring user to input target network password
Journey.
Step S12, data message is constructed, making the data message includes secondary ciphertext and secondary key, the secondary ciphertext
The information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key encryption of included random factor
It is formed.
After the information to be transmitted for obtaining described configuration information etc, just need to construct data message for it.Construct number
According to the process of message, play the role of linking up application layer and data link layer, specifically, obtaining the configuration from application layer
The information to be transmitted of information etc, and it is subsequent will send the data message in data link layer, so, construct the mistake of data message
Journey is substantially equivalent to a protocol layer defined by the present invention.Thus, the realization of this step be it is very flexible, below with
Several examples are illustrated:
Refering to a kind of instantiation procedure for constructing the data message shown in Fig. 4, include the following steps:
Step S121, the one-time pad ciphertext of information acquisition to be transmitted is utilized.
One secondary key refers to that is widely used at present is used for the key for being carried out primary encryption by transmission information,
Generally use public key encryption mode, i.e. asymmetric encryption mode.In public key encryption mode, mobile terminal will be to be passed as transmitting terminal
The urtext of defeated information is encrypted with the public key that it is held, and when being transferred to opposite end, the intelligent terminal as receiving end is called
Information to be transmitted is decrypted in the private key prestored, to obtain its original version.The public key and private key, algorithmically
Correlation, thus can be used for mutually decrypting the data of other side's encryption.In the present embodiment, this step similarly continues to use traditional technology, benefit
It is encrypted with the configuration information of a key pair unprocessed form, to obtain a ciphertext.Asymmetric encryption techniques
Higher safety is embodied, is commonly used in the higher scene of security requirement.
In flexible embodiment, a secondary key can use private key encryption, i.e. symmetric cryptosystem is realized.This
In one technology, mobile terminal and intelligent terminal have an identical secondary key respectively, and mobile terminal is added using a secondary key
Close information to be transmitted obtains a ciphertext, is transferred to intelligent terminal, and intelligent terminal can will be to using the secondary key prestored
Transmit information decryption.Symmetric cryptography has the characteristics that algorithm is simple more efficient thus less high in certain security requirements
It can preferentially be selected in scene.
Step S122, ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor.
In the present embodiment, after ciphertext is formed or in certain embodiments independent of primary encryption described in
Information to be transmitted is utilized the secondary encryption of secondary key progress in this step and forms secondary ciphertext.It should be pointed out that described
Secondary key be particularly suitable for the private key standardized using symmetric cryptosystem, as a result, when intelligent terminal receives accordingly
After message, it can be consumed with lower calculating and secondary ciphertext is decrypted.
The secondary key includes random factor, and the random factor is included at least and used in secondary key
Random number and utilization random manner select two kinds of situations of a secondary key.By the effect of the random factor, make secondary
Key all has uncertainty before being used for secondary encryption every time, that is, will carry out secondary encryption to a ciphertext
When, just determined.When secondary key carries out secondary encryption to each information to be transmitted as a result, can farthest it embody
Its uniqueness out.
The specific implementation of the secondary key can be presented as following several elective modes:
One, using random number as the secondary key.
In this mode, random function is called directly, generates the random number of particular number of bits such as 16, by the random number
It is determined as the secondary key.This mode is most easily realized, highly efficient, is convenient for intelligent terminal fast decryption.
Two, the secondary key is randomly determined from the multiple keys prestored.
This mode similarly can be by calling random function to make its endomorph to determine the secondary key prestored
Reveal uncertainty.Determining secondary key therefrom, it may have the characteristics of randomness, can similarly play and interceptor is manufactured
Decode the effect of obstacle.
Three, using for parse not by the ordered set of the formatting identifying of the information to be transmitted before primary encryption as
The secondary key.
Information to be transmitted, generally includes multiple information words, and foregoing configuration information can in an application scenarios
To be comprising for providing the service set (SSID) of WiFi access point and its information of password (PSW).In each information word,
Its information type and the corresponding information content are generally characterized with some form.When it needs to transmit, usually with by these
The form of information word concatenation is expressed as a character string, completes the formatting to information to be transmitted, and obtain formatting matches confidence
Breath.
Specifically, service set and the equal configuration information of password are first by taking configuration information as an example, element is used between information word
First formatting identifying " | " is separated, with the second formatting identifying ": " point between the information type and the information content of information word
Every.Such as service set is that its information type is indicated with SSID, password indicates its information type with PSW, in the information of SSID
Holding is MYWiFi, and the information content of password is formatted the formatting to be formed to it not by before primary encryption for PLZLOGIN
Configuration information textual form are as follows:
SSID:MYWiFi|PSW:PLZLOGIN
Note that being to carry out tissue in a certain order, wherein SSID exists in the configuration information of the formatting of above-mentioned expression
Before, PSW is rear, the two information type identifiers can be for identifying that the corresponding information content be used, and the formatting mark
Know ": |: " and then embody its speciality, if agreement obtains the from the first byte of secondary key between transmitting terminal and receiving end
One formatting identifying obtains the second formatting identifying from the second byte, then which kind of symbol no matter transmitting terminal use for expressing
The formatting identifying can pass through the first byte and the second byte acquisition tool from secondary key for receiving end
The formatting identifying for function of having an agreement, and each information word is separated with the symbol of wherein the first byte, and with the symbol of the second byte
Number isolation information type and its information content restore the information of each information word so that correctly parsing formats configuration information
Content.Therefore, this example, which has undoubtedly embodied data message, has the function of included parsing scheme, makes the secondary key
It is not only adapted to decrypt secondary ciphertext, and is suitable for parsing the configuration information of the formatting before not being encrypted, increases datagram
The complexity of text, makes interceptor be more difficult to crack.
Obviously, as specific identifier, the formatting identifying is suitable for occurring in the configuration information of formatting according to it
Sequence, by similarly arranged in sequence in the secondary key, the formatting identifying can determine at random.When needs make
The number of formatting identifying is more, and arrangement is more diversified, and the parsing function that can be expressed is more powerful, the complexity of key
It will further improve, so that secondary ciphertext be made to be more difficult to decode.In this case, secondary key is substantially one by multiple lattice
Formulaization identifies the specific identifier collection constituted, and the specific identifier string in the specific identifier collection can be used for parsing the configuration of formatting
Information, and as a whole, it may also be used for the secondary ciphertext of the configuration information is decrypted to obtain a ciphertext.
In a further improvement, the configuration information is expressed as follows to increase its readable difficulty:
0MYWiFiPLZLOGIN8.As can be seen that different information words are not separated with any symbol in this expression way, however but
Still it can be parsed by formatting identifying.
Specifically, being to characterize the spaced-apart locations of information word at formatting identifying, it is used to indicate the formatting identifying
Different information words are formatting the location information in configuration information.For example, initial character " 0 " and last character " 8 " actually right and wrong must
Must interference factor, the addition of interference factor, even if remaining on and being difficult to so that code breaker obtains the configuration information of the formatting
Its true content of intuitive judgment.And in secondary key, the content of formation is " 020815 ", wherein " 02 " is for characterizing first
The initial position of a information word SSID is sequence the 2nd, and the initial position that " 08 " is used to characterize second information word SSID is the 8th
Position, and most latter two " 15 " are used to characterize the final position of entire configuration information.According to the principle equivalent with upper example, receiving end from
After reading " 020815 " this specific identifier string in secondary key, can by the initial position of each information word of determination, from
And obtain different information word contents.If transmission both sides have arranged the information type of the information word of different order, receiving end
It can be it is understood that the definite content of information word that transmitting terminal is expressed in formatting configuration information.It is improved by observing this
Example equally could be aware that, (such as change since the information content normal length of each information word of same configuration information is different
Password in configuration information), it is also possible to variation is generated, leads to the position that each information word occurs in different configuration informations not
Together, thus, the content for the specific identifier string being correspondingly formed also be not it is every time identical, play the role of random factor, therefore
Secondary key is set to have embodied required stochastic behaviour of the invention.
As it can be seen that specific identifier described included by secondary key namely the various formatting identifyings, can be used for
The configuration information text of formatting is reduced to the original configuration information for having identification meaning, makes the letter of its each information word
Breath content smoothly can be identified and be utilized.
According to description herein, information to be transmitted be first with its formatted text be encrypted to a ciphertext and then by
The specific identifier collection, which encrypts, to be formed secondary ciphertext and is expressed in the data message.It should be pointed out that in view of secondary
It is improved for protruding the parsing function of specific identifier collection at one in the case that key has the dual function of parsing and encryption
Example in, also can remove the process of the primary encryption, in this case, the configuration information being expressed in data message,
Can carry out the close of encryption formation to it with the specific identifier collection by the formatted text under its unencrypted state
Text.
It is further used in the improvement embodiment for strengthening the self-analytic data function of specific identifier collection, further ignores encryption and examine
Consider, any encryption is not carried out to the formatted text, and only provides the formatting identifying string of specific identifier collection to data
It include the format of the plaintext in the data message so that receiving end utilizes formatting identifying therein parsing in message
Change text.
Four, on the basis of the third revealed two kinds of case and the other variants being unfolded with this, further addition with
The machine number construction secondary key.
Adapt to multiple examples that former carries self-analytic data scheme in formatting configuration information, naturally it is also possible in conjunction with institute
The first exemplary mode is stated, adds a random number for secondary key described in former example to reinforce its safety.
In summary several determinations provided include the example of the secondary key of random factor, and programmer can be according to
Determining agreement selectes any one way of example in programming and realizes it, can further call symmetric encipherment algorithm to described
A ciphertext encrypted, to form the secondary ciphertext.
Step S123, it assembles the secondary key and the secondary ciphertext constitutes the data message.
When the clear text format of the secondary ciphertext and secondary key is determined, can according to transmitting terminal and receiving end it
Between agreement be assembled into data message as shown in figure 5, secondary key is preposition in the secondary ciphertext.For examining for verification
Consider, the entire length of data message is also further used as the front end that check code is expressed in the data message, enables receiving end
Determine whether received data message is complete using the check code.Obviously, about the structure of data message namely various pieces
Arrangement be that comparison is flexible, the only preferable embodiment that the example of attached drawing provides makes the check code and successive
Secondary key especially its specific identifier collection constitutes its stem, and end is its content part.Those skilled in the art are referred to
This flexible structure adjusts the structure of the data message, assembles to data message, without should be influenced by this structure and
Limit the understanding of the present invention.
After constructing data message of the invention, transmitting terminal and receiving end are just completed in the work of custom protocol layer
Make, according to the specification of 802.11 agreement of IEEE, subsequent step will be handled below data link layer.
Step S13, the data message is sent.
In this step, need that the data message is further handled Framed Data.The present invention is with multicast packet frame
Example is illustrated, and now introduces several examples that the data message is transmitted using multicast packet frame:
One, only it is used to load the content of the data message with the destination address domain of multicast packet frame.
Specifically, individually low 23 of the editable bit area in multicast packet frame destination address domain is used, utilize
First 6 therein, for expressing the sequence code of each multicast packet frame, utilize remaining 17 expression ordered sections to be loaded
Content code, therefore 2 can be passed through altogether6=64 multicast packet frames transmit a data message.Wherein sequence code is
The multicast packet frame of " 000000 " can be used as a reference for, can also not so that receiving end starts to receive homologous subsequent frame accordingly
This reference must be set.The data message is loaded into 64 multicast packet frames in this way, sends receiving end to,
Receiving end can be according to contrary principle, sequence indicated by the sequence code according to each multicast packet frame, by each multicast packet
The content code of frame sequentially assembles, and obtains the data message.
Two, only it is used to load the content of the data message with the frame ontology domain of multicast packet frame.
Control of the transmitting terminal to the frame ontology domain of multicast packet frame, is mainly reflected in the controllable utilization to its frame length, but
The utilization of frame length needs to rely on benchmark, thus, the mode of above-mentioned reference frame similarly can be used, have the reference frame
There is shortest frame length (uniqueness is associated with its frame ontology length of field), and control the frame ontology domain of remaining each multicast packet frame
Length makes to embody difference between different multicast packet frames and the frame length of the reference frame, makes the binary format of the difference
Bit String is for expressing such as 10 bit contents, wherein for example preceding 4 are used to express the sequence code, latter 6 for expressing
The content code, can similarly pass through 24=16 multicast packet frames load the data message.
Three, simultaneously using the destination address domain of multicast packet frame and frame ontology domain for loading data message.
Understanding to this example, please also refer to first two.In this example, it is assumed that determine destination according to aforementioned first example
First 6 during location domain is 23 low are used for order of representation code, remaining 17 for expression content code, further in conjunction with the second example
The frame length that method determines frame ontology domain utilizes, and makes the difference of the frame length between multicast packet frame and a reference frame
The binary format Bit String of value be 3, then content code substantially by 17 plus 3 totally 20 constitute, it can be seen that its believe
Breath ability to express is extended, and is greatly enhanced.
No matter it is used using which kind of mode to multicast packet frame, is realized using the multiple multicast packet frames orderly characterized
Load to the data message can meet so that the information to be transmitted be completed to format in data link layer
The specification of 802.11 agreement of IEEE.
Complete it is described after the processing work of data link layer, can the mode of multicast packet frame will be described comprising to be passed
The data message of defeated information sends receiving end to.
Information secure transmission method of the invention is in transmission information process, even if all multicast packet frames are trapped,
To make interceptor obtain the data message, due to the security enhancement that method of the invention plays the role of, interceptor is still
It is difficult to decode the information of the invention transmitted.
The present invention further provides a kind of networking cut-in method, can to information secure transmission method above-mentioned transmission
Information utilized, referring to Fig. 6, the networking cut-in method includes the following steps:
Step S21, data message is received.
This step needs the frame for being responsible for completing data link layer to receive to obtain corresponding data message.Receive datagram
The process of text has the phase reverse-power in agreement with the aforementioned process to send datagram, can refer to the rule of IEEE 802.11
Model.Based on the aforementioned example using multicast packet frame, it is referred to following specific method alignment processing shown in Fig. 7:
Step S211, the multicast packet frame with same source is received.
This step receives the technology with the multicast packet frame of same source by WiFi mould group, is those skilled in the art
Member is known, it should be pointed out that same source designated herein refers to the source address of the transmitting terminal, identifies this with this
The sender of configuration information needed for method.
Step S212, each multicast packet frame is assembled according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized
The content code of carrying.
As before disclosed the editable bit area in the destination address domain using only multicast packet frame, using only frame ontology
Length of field difference utilizes the editable bit area in the destination address domain and length difference three of frame ontology domain jointly
Example, for realizing the load to the data message.The multicast packet frame of load data message has multiple, is given with sequence code
With sequence, according to the contrary principle in agreement, this step can be decoded its received all multicast packet frame of institute, obtain phase
Corresponding content code is carried out concatenation assembling by the sequence code and content code answered, the sequence that code is characterized in sequence.
Step S213, the content code after sequentially assembling is converted into the data message.
It is customized to be converted into the present invention according further to the contrary principle in agreement for coded sequence after sequentially assembling
The data message that protocol layer can identify, to carry out subsequent processing.For the integrity degree for ensuring the data message, obtaining
It, should be using the check code of its front end (specifically depending on data message structure) to the data message after the data message
Length is verified.It for the data message not being consistent, should abandon, only the successful data message of acceptance inspection.
Step S22, contained secondary ciphertext is decrypted to obtain a ciphertext using secondary key contained by the data message.
An example of aforementioned announcement according to the present invention in the data message obtained of receiving end, contains described two
Secondary key, and the secondary ciphertext suitable for being decrypted with the secondary key.Two expressed by it are read from the data message as a result,
Secondary key is decrypted the secondary ciphertext with related algorithm, can be obtained a ciphertext of the configuration information transmitted.It needs
It is to be understood that since the secondary key receives the specification of symmetric cryptosystem, therefore, it is not necessary to secondary locally prestoring this
Key.
According to the announcement of former approach, the secondary key both can be random number merely, be also possible to be marked by formatting
Know the formatting identifying string constituted, i.e. specific identifier collection, no matter secondary key has several heavy meanings, in this example, as long as two
Secondary key makes itself have decryption function for encryption configuration information preceding, just must be in this step in advance using secondary
The secondary ciphertext of key pair is decrypted.If in certain examples, formatting configuration information without primary encryption, only by secondary
Key carries out simple encryption, then just can obtain the configuration information of formatting after this decryption, can directly parse on this basis
Format configuration information.Otherwise, obtained after secondary key is decrypted if it is a ciphertext, then also need to be solved again
Close, formatting configuration information is finally obtained on the basis of decrypting twice can just be parsed.Certainly, if some embodiments
In, specific identifier collection (secondary key) is not used for encryption configuration information, just without decrypting here.
Step S23, a ciphertext is decrypted to obtain configuration information therein using the secondary key prestored.
As in a preceding revealed example, a ciphertext is using a secondary key (public key) to formatting
Configuration information, which encrypts, to be formed, the public key which is standardized by asymmetric encryption techniques, thus, the intelligence as receiving end
Can terminal prestore corresponding private key, in this step, intelligent terminal calls the private key prestored namely this method so-called primary close
A ciphertext is decrypted in key (private key).As can be seen that the so-called secondary key (private key) of this method and previous side
Both so-called secondary keys (public key) of method are standardized by asymmetric encryption techniques, be algorithmically it is relevant, the former is solves
Key, the latter are encryption key, not have the same key of identical content, those skilled in the art should know.
Really, if the configuration information that formats of the key pair standardized in transmitting terminal using symmetric cryptosystem into
Encryption is gone, then intelligent terminal just should prestore an identical secondary key in content as receiving end, and a secondary key was both
It is also the decruption key of receiving end for the encryption key of transmitting terminal.
After a decryption ciphertext, the configuration information formatted accordingly is obtained.However, according to aforementioned announcement
A variety of variation instances obtain the configuration information of the formatting, the text as specific format from data message anyway
This form, this formatted text is not yet identified and utilizes, thus can not yet obtain the configuration of the specification with identification meaning
Information.According to the contrary principle in agreement, correspond to certain embodiments, the specific identifier that the secondary key should be utilized to be included will
The text resolves to the configuration information with identification meaning.Each example of corresponding aforementioned announcement, there are several types of correspondences
Mode is used to handle the configuration information of the formatting:
One, transmitting terminal and the case where the configuration information of the receiving end protocol analysis formatting.
In this case, receiving end need to only parse the configuration information of the formatting according to preparatory agreement, obtain it
In each information content.
Two, transmitting terminal is used as secondary key using the formation specific identifier collection of formatting identifying used in formatting procedure
Situation.
Such case, two kinds of subdivision situations including aforementioned announcement, one of which are that secondary key is entire specific mark
Know collection, including specific identifier collection using formatting identifying is used to indicate information content position in such a way that be used to indicate separating character
Mode, another kind is the specific part that specific identifier collection is secondary key.
No matter which kind of situation, all without departing from the contrary principle in agreement.Thus, it should stress in this kind of situation from described two
The specific identifier collection is obtained in secondary key, corresponding such as preceding each revealed each concrete condition of example identifies that formatting is matched
The information content of confidence breath.
In certain examples, the formatting identifying that specific identifier is concentrated is used to indicate the location of each information content, or
Person is used to indicate the separator of each information content, including the first formatting identifying above-mentioned and the second formatting identifying,
Anyway, using the instruction of the formatting identifying, separate and extract the formatting configuration information, to be advised
The configuration information of model, namely each information content with identification meaning.
According to the processing of this step, the configuration information of specification may finally be obtained, namely recognizes and obtains transmitting terminal transmission
Information primitive meaning, for example, receiving end could be aware that the target network that will access for configuration information above-mentioned
The service set SSID of network is MYWiFi, and its corresponding login password PSW is then PLZLOGIN.
It should be pointed out that a kind of only make the specific identifier collection only have the function of parsing, without utilizing its key function
It in the corresponding embodiment of energy, then need not pass through each decryption step above-mentioned, and two decryption steps are replaced with into integration step
Suddenly, it is directly solved here using configuration information of the specific identifier collection to formatting contained by data message according to above-mentioned principle
Analysis.In this case, although the configuration information formatted is without special encryption once or twice, due to the present invention
Specific identifier collection embody it is certain from protocol function, namely using its formatting identifying compartmentation and match for identification
The function of the contained each specifying information content of confidence breath, thus, such case also plays certain cipher round results.
Step S24, with configuration information configuration own net setting, the target network is accessed.
After obtaining the configuration information, just obtain mobile terminal provide service set (SSID) and accordingly it is close
Code, intelligent terminal can carry out the network settings of itself, determine that corresponding SSID is MYWiFi, and it is phase that its password, which is arranged,
The PLZLOGIN answered, the process of starting access target network, carries out a series of handshake operation, until establishing and SSID institute's generation
The connection of the WiFi AP of table.
After intelligent terminal connects the AP, target network has just been accessed, can theoretically have been communicated with cloud server, can also have been passed through
The routing function that current local area network provides is communicated with the mobile terminal in net.To which intelligent terminal can be to the shifting
Dynamic terminal sends one and characterizes the signal for having completed network insertion, so that mobile terminal can further provide for operation control circle
Subsequent operation is done to user in face.
As it can be seen that networking cut-in method of the invention can more safely receive configuration based on safer encryption technology
Information avoids the configuration information for receiving illegal user's simulation from obtaining safer using effect.
Further, modularized thoughts are based on, the present invention provides a kind of mobile terminal above-mentioned and intelligent terminal, preferably,
The mobile terminal is mounted with the mobile phone of aforementioned corresponding APP to realize, computer journey is utilized between mobile terminal and intelligent terminal
Sequence realizes the agreement that technical solution of the present invention is embodied.
Referring to Fig. 8, the intelligent terminal includes acquiring unit 11, structure in the exemplary embodiments of mobile terminal of the invention
Make unit 12 and transmission unit 13.Function performed by each unit is explained below in detail:
The acquiring unit 11, for obtaining information to be transmitted.
Mainly realize that data are transmitted using multicast or broadcast technology in view of of the invention, thus the letter to be transmitted
Breath is especially suitable for the information content for referring to that data volume is little, such as the configuration information for accessing target network, usually only includes mesh
The service set and password of network are marked, information content is just smaller;The instruction for another example only executed comprising one for receiving end
Sentence;For another example the notification information of receiving end is only pushed to comprising one.It is such, play this hair with capable of maximizing degree
Bright advantage.It, can be by this since the data capacity that each data frame can express is limited as the quantizating index of information content size
Field technical staff is determines according to actual conditions.
It should be pointed out that the simplicity for explanation considers, often with the transmission information in each embodiment of the invention
One example is the configuration information to censure the information to be transmitted, but should not be understood as that this is without exception to " information to be transmitted "
Saying and the still limit of the concepts such as " by the transmission information " of reference same object, " received information " have been converted considering it
System.Similarly, subsequent to be related to the different-format content caused by operation such as being formatted information to be transmitted, encrypt, although its
Expression-form generates variation, but its object being directed toward is still information pointed by " information to be transmitted " this concept.
It, can be by system drive on mobile phone when the APP is run by taking the APP realized based on the present invention as an example
Hardware device utilized.It is well known that not only having WiFi mould group, display, control chip on mobile phone, also there is wheat
The components such as gram wind, loudspeaker, these components, which can pass through the APP, to be realized and calls.
By taking android system as an example, mobile phone terminal calls first by its acquiring unit 11 and shows a movable component
(Activity), it or one page realized using HTML5 of display, shows the user interface on the screen and scans
WiFi access-in point information (is enumerated) with service set SSID, requests user's selected target network, and requires user's input corresponding
Password, to obtain the SSID and password of target network.
According to the agreement of WiFi agreement, those skilled in the art be could be aware that, configuration information generally includes WiFi without route
For determining the service set (SSID) of the target network and for logging in the mesh provided by device (representing target network)
The login password for marking network, may also need in some cases include login password cipher mode, and for open network
It can also need not be provided login password.Although WiFi agreement the fact that there are version upgradings, these are related to realization access network
And indispensable configuration information to its details and its can be equal by those skilled in the art according to the corresponding determination of document of agreement, therefore
Change programme is without being repeated here.
As details accommodation, after user has selected SSID, can be inquired to cloud server corresponding to the SSID
Password directly downloads password by cloud if password exists, and can save the mistake for requiring user to input target network password
Journey.
The structural unit 12 makes the data message include secondary ciphertext and secondary key for constructing data message,
Secondary ciphertext information to be transmitted as described in one-time pad, forms a ciphertext, then included random factor is described
Secondary key encrypts to be formed.
After the information to be transmitted for obtaining described configuration information etc, just need to construct data message for it.Construct number
According to the process of message, play the role of linking up application layer and data link layer, specifically, obtaining the configuration from application layer
The information to be transmitted of information etc, and it is subsequent will send the data message in data link layer, so, structural unit 12 construct number
According to the process of message, it is substantially equivalent to a protocol layer defined by the present invention.Thus, the realization of structural unit 12 is very
Flexibly, it is illustrated below with several examples:
In a kind of example of structural unit 12 for constructing the data message as shown in Figure 9, the structural unit 12
Module 123 is assembled including primary encryption module 121, secondary encrypting module 122 and structure, the function declaration of each module is as follows:
The primary encryption module 121 utilizes the one-time pad ciphertext of information acquisition to be transmitted.
One secondary key refers to that is widely used at present is used for the key for being carried out primary encryption by transmission information,
Generally use public key encryption mode, i.e. asymmetric encryption mode.In public key encryption mode, mobile terminal will be to be passed as transmitting terminal
The urtext of defeated information is encrypted with the public key that it is held, and when being transferred to opposite end, the intelligent terminal as receiving end is called
Information to be transmitted is decrypted in the private key prestored, to obtain its original version.The public key and private key, algorithmically
Correlation, thus can be used for mutually decrypting the data of other side's encryption.In the present embodiment, the primary encryption module 121 similarly edge
It with traditional technology, is encrypted using the configuration information of a key pair unprocessed form, to obtain a ciphertext.It is non-
Symmetric cryptosystem embodies higher safety, is commonly used in the higher scene of security requirement.
In flexible embodiment, a secondary key can use private key encryption, i.e. symmetric cryptosystem is realized.This
In one technology, mobile terminal and intelligent terminal have an identical secondary key respectively, and mobile terminal is added using a secondary key
Close information to be transmitted obtains a ciphertext, is transferred to intelligent terminal, and intelligent terminal can will be to using the secondary key prestored
Transmit information decryption.Symmetric cryptography has the characteristics that algorithm is simple more efficient thus less high in certain security requirements
It can preferentially be selected in scene.
The secondary encrypting module 122 is configured as adding a ciphertext using the secondary key comprising random factor
Close is secondary ciphertext.
In the present embodiment, after ciphertext is formed or in certain embodiments independent of primary encryption described in
Information to be transmitted is utilized the secondary encryption of secondary key progress in secondary encrypting module 122 and forms secondary ciphertext.It may be noted that
, the secondary key is particularly suitable for the private key standardized using symmetric cryptosystem, as a result, when intelligent terminal receives
To after corresponding message, it can be consumed with lower calculating and secondary ciphertext is decrypted.
The secondary key includes random factor, and the random factor is included at least and used in secondary key
Random number and utilization random manner select two kinds of situations of a secondary key.By the effect of the random factor, make secondary
Key all has uncertainty before being used for secondary encryption every time, that is, will carry out secondary encryption to a ciphertext
When, just determined.When secondary key carries out secondary encryption to each information to be transmitted as a result, can farthest it embody
Its uniqueness out.
The specific implementation of the secondary key can be presented as following several elective modes:
One, using random number as the secondary key.
In this mode, secondary encrypting module 122 calls directly random function, generate a particular number of bits such as 16 with
The random number is determined as the secondary key by machine number.This mode is most easily realized, highly efficient, fast convenient for intelligent terminal
Speed decryption.
Two, the secondary key is randomly determined from the multiple keys prestored.
This mode similarly can by secondary encrypting module 122 call random function, come determine one prestore it is secondary
Key makes its content embody uncertainty.Determining secondary key therefrom, it may have, similarly can be with the characteristics of randomness
Play the effect for manufacturing to interceptor and decoding obstacle.
Three, using for parse not by the ordered set of the formatting identifying of the information to be transmitted before primary encryption as
The secondary key.
Information to be transmitted, generally includes multiple information words, and foregoing configuration information can in an application scenarios
To be comprising for providing the service set (SSID) of WiFi access point and its information of password (PSW).In each information word,
Its information type and the corresponding information content are generally characterized with some form.When it needs to transmit, usually with by these
The form of information word concatenation is expressed as a character string, completes the formatting to information to be transmitted, and obtain formatting matches confidence
Breath.
Specifically, service set and the equal configuration information of password are first by taking configuration information as an example, element is used between information word
First formatting identifying " | " is separated, with the second formatting identifying ": " point between the information type and the information content of information word
Every.Such as service set is that its information type is indicated with SSID, password indicates its information type with PSW, in the information of SSID
Holding is MYWiFi, and the information content of password is formatted the formatting to be formed to it not by before primary encryption for PLZLOGIN
Configuration information textual form are as follows:
SSID:MYWiFi|PSW:PLZLOGIN
Note that being to carry out tissue in a certain order, wherein SSID exists in the configuration information of the formatting of above-mentioned expression
Before, PSW is rear, the two information type identifiers can be for identifying that the corresponding information content be used, and the formatting mark
Know ": |: " and then embody its speciality, if agreement obtains the from the first byte of secondary key between transmitting terminal and receiving end
One formatting identifying obtains the second formatting identifying from the second byte, then which kind of symbol no matter transmitting terminal use for expressing
The formatting identifying can pass through the first byte and the second byte acquisition tool from secondary key for receiving end
The formatting identifying for function of having an agreement, and each information word is separated with the symbol of wherein the first byte, and with the symbol of the second byte
Number isolation information type and its information content restore the information of each information word so that correctly parsing formats configuration information
Content.Therefore, this example, which has undoubtedly embodied data message, has the function of included parsing scheme, makes the secondary key
It is not only adapted to decrypt secondary ciphertext, and is suitable for parsing the configuration information of the formatting before not being encrypted, increases datagram
The complexity of text, makes interceptor be more difficult to crack.
Obviously, as specific identifier, the formatting identifying is suitable for occurring in the configuration information of formatting according to it
Sequence, by similarly arranged in sequence in the secondary key, the formatting identifying can determine at random.When needs make
The number of formatting identifying is more, and arrangement is more diversified, and the parsing function that can be expressed is more powerful, the complexity of key
It will further improve, so that secondary ciphertext be made to be more difficult to decode.In this case, secondary key is substantially one by multiple lattice
Formulaization identifies the specific identifier collection constituted, and the specific identifier string in the specific identifier collection can be used for parsing the configuration of formatting
Information, and as a whole, it may also be used for the secondary ciphertext of the configuration information is decrypted to obtain a ciphertext.
In a further improvement, the configuration information is expressed as follows to increase its readable difficulty:
0MYWiFiPLZLOGIN8.As can be seen that different information words are not separated with any symbol in this expression way, however but
Still it can be parsed by formatting identifying.
Specifically, being to characterize the spaced-apart locations of information word at formatting identifying, it is used to indicate the formatting identifying
Different information words are formatting the location information in configuration information.For example, initial character " 0 " and last character " 8 " actually right and wrong must
Must interference factor, the addition of interference factor, even if remaining on and being difficult to so that code breaker obtains the configuration information of the formatting
Its true content of intuitive judgment.And in secondary key, the content of formation is " 020815 ", wherein " 02 " is for characterizing first
The initial position of a information word SSID is sequence the 2nd, and the initial position that " 08 " is used to characterize second information word SSID is the 8th
Position, and most latter two " 15 " are used to characterize the final position of entire configuration information.According to the principle equivalent with upper example, receiving end from
After reading " 020815 " this specific identifier string in secondary key, can by the initial position of each information word of determination, from
And obtain different information word contents.If transmission both sides have arranged the information type of the information word of different order, receiving end
It can be it is understood that the definite content of information word that transmitting terminal is expressed in formatting configuration information.It is improved by observing this
Example equally could be aware that, (such as change since the information content normal length of each information word of same configuration information is different
Password in configuration information), it is also possible to variation is generated, leads to the position that each information word occurs in different configuration informations not
Together, thus, the content for the specific identifier string being correspondingly formed also be not it is every time identical, play the role of random factor, therefore
Secondary key is set to have embodied required stochastic behaviour of the invention.
As it can be seen that specific identifier described included by secondary key namely the various formatting identifyings, can be used for
The configuration information text of formatting is reduced to the original configuration information for having identification meaning, makes the letter of its each information word
Breath content smoothly can be identified and be utilized.
According to description herein, information to be transmitted be first with its formatted text be encrypted to a ciphertext and then by
The specific identifier collection, which encrypts, to be formed secondary ciphertext and is expressed in the data message.It should be pointed out that in view of secondary
It is improved for protruding the parsing function of specific identifier collection at one in the case that key has the dual function of parsing and encryption
Example in, also can remove the process of the primary encryption, in this case, the configuration information being expressed in data message,
Can carry out the close of encryption formation to it with the specific identifier collection by the formatted text under its unencrypted state
Text.
It is further used in the improvement embodiment for strengthening the self-analytic data function of specific identifier collection, further ignores encryption and examine
Consider, any encryption is not carried out to the formatted text, and only provides the formatting identifying string of specific identifier collection to data
It include the format of the plaintext in the data message so that receiving end utilizes formatting identifying therein parsing in message
Change text.
Four, on the basis of the third revealed two kinds of case and the other variants being unfolded with this, further addition with
The machine number construction secondary key.
Adapt to multiple examples that former carries self-analytic data scheme in formatting configuration information, naturally it is also possible in conjunction with institute
The first exemplary mode is stated, adds a random number for secondary key described in former example to reinforce its safety.
In summary several determinations provided include the example of the secondary key of random factor, and programmer can be according to
Determining agreement selectes any one way of example in programming and realizes it, can further be adjusted by secondary encrypting module 122
Ciphertext is encrypted with symmetric encipherment algorithm, to form the secondary ciphertext.
The structure assembles module 123, constitutes the number for assembling the secondary key and the secondary ciphertext
According to message.
When the clear text format of the secondary ciphertext and secondary key is determined, can according to transmitting terminal and receiving end it
Between agreement be assembled into data message as shown in figure 5, secondary key is preposition in the secondary ciphertext.For examining for verification
Consider, the entire length of data message is also further used as check code, the front end of the data message is expressed in, enables receiving end
Determine whether received data message is complete using the check code.Obviously, about the structure of data message namely various pieces
Arrangement be that comparison is flexible, the only preferable embodiment that the example of attached drawing provides makes the check code and successive
Secondary key especially its specific identifier collection constitutes its stem, and end is its content part.Those skilled in the art are referred to
This flexible structure adjusts the structure of the data message, assembles to data message, without should be influenced by this structure and
Limit the understanding of the present invention.
After structural unit 12 constructs data message of the invention, transmitting terminal and receiving end are just completed in customized association
The work for discussing layer calls transmission unit 13 to carry out in data link layer to data message according to the specification of 802.11 agreement of IEEE
Processing.
The transmission unit 13, for sending the data message.
The transmission unit 13 needs that the data message is further handled Framed Data.The present invention is with multicast
It is illustrated for data frame, now introduces several examples for transmitting the data message using multicast packet frame:
One, only it is used to load the content of the data message with the destination address domain of multicast packet frame.
Specifically, individually low 23 of the editable bit area in multicast packet frame destination address domain is used, utilize
First 6 therein, for expressing the sequence code of each multicast packet frame, utilize remaining 17 expression ordered sections to be loaded
Content code, therefore 2 can be passed through altogether6=64 multicast packet frames transmit a data message.Wherein sequence code is
The multicast packet frame of " 000000 " can be used as a reference for, can also not so that receiving end starts to receive homologous subsequent frame accordingly
This reference must be set.The data message is loaded into 64 multicast packet frames in this way, sends receiving end to,
Receiving end can be according to contrary principle, sequence indicated by the sequence code according to each multicast packet frame, by each multicast packet
The content code of frame sequentially assembles, and obtains the data message.
Two, only it is used to load the content of the data message with the frame ontology domain of multicast packet frame.
Control of the transmitting terminal to the frame ontology domain of multicast packet frame, is mainly reflected in the controllable utilization to its frame length, but
The utilization of frame length needs to rely on benchmark, thus, the mode of above-mentioned reference frame similarly can be used, have the reference frame
There is shortest frame length (uniqueness is associated with its frame ontology length of field), and control the frame ontology domain of remaining each multicast packet frame
Length makes to embody difference between different multicast packet frames and the frame length of the reference frame, makes the binary format of the difference
Bit String is for expressing such as 10 bit contents, wherein for example preceding 4 are used to express the sequence code, latter 6 for expressing
The content code, can similarly pass through 24=16 multicast packet frames load the data message.
Three, simultaneously using the destination address domain of multicast packet frame and frame ontology domain for loading data message.
Understanding to this example, please also refer to first two.In this example, it is assumed that determine destination according to aforementioned first example
First 6 during location domain is 23 low are used for order of representation code, remaining 17 for expression content code, further in conjunction with the second example
The frame length that principle determines frame ontology domain utilizes, and makes the difference of the frame length between multicast packet frame and a reference frame
The binary format Bit String of value be 3, then content code substantially by 17 plus 3 totally 20 constitute, it can be seen that its believe
Breath ability to express is extended, and is greatly enhanced.
As can be seen that no matter multicast packet frame is used using which kind of mode, the multiple multicasts orderly characterized are utilized
Data frame realizes the load to the data message, so that the information to be transmitted is completed to format in data link layer,
The specification of 802.11 agreement of IEEE can be met.
Transmission unit 13 complete it is described after the processing work of data link layer, can multicast packet frame mode by institute
It states the data message comprising information to be transmitted and sends receiving end to.
Mobile terminal of the invention is during transmitting information, even if all multicast packet frames are trapped, to make
Interceptor obtains the data message, and due to the security enhancement that mobile terminal plays the role of, interceptor is still difficult to decode this
The information of invention transmitted.
Referring to Fig. 10, the present invention further provides a kind of intelligent terminal, can to mobile terminal transmit information into
Row utilizes comprising receiving unit 21, the second decryption unit 22, the first decryption unit 23 and access unit 24, each unit
Function is explained below:
The receiving unit 21, for receiving data message.
Receiving unit 21 needs the frame for being responsible for completing data link layer to receive to obtain corresponding data message.Receive number
There is the phase reverse-power in agreement according to the process and the aforementioned process to send datagram of message, IEEE 802.11 can be referred to
Specification.Based on the aforementioned example using multicast packet frame, is realized using the constructing module of the receiving unit 21 and receive function
Can, Figure 11 is please referred to, receiving unit 21 specifically includes frame receiving module 211, frame assembling module 212 and conversion module 213, respectively
The function that module is realized is as follows:
The frame receiving module 211, for receiving the multicast packet frame with same source.
Frame receiving module 211 receives the technology with the multicast packet frame of same source by WiFi mould group, is ability
Field technique personnel are known, it should be pointed out that same source designated herein refers to the source address of the transmitting terminal, with
The sender of configuration information needed for this identification intelligent terminal.
The frame assembles module 212, the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized
Assemble the content code that each multicast packet frame carries.
As before disclosed the editable bit area in the destination address domain using only multicast packet frame, using only frame ontology
Length of field difference utilizes the editable bit area in the destination address domain and length difference three of frame ontology domain jointly
Example, for realizing the load to the data message.The multicast packet frame of load data message has multiple, is given with sequence code
With sequence, according to the contrary principle in agreement, frame assembling module 212 can solve its received all multicast packet frame of institute
Code, obtains corresponding sequence code and content code, corresponding content code is carried out concatenation group by the sequence that code is characterized in sequence
Dress.
The conversion module 213, for the content code after sequentially assembling to be converted to the data message.
It is customized to be converted into the present invention according further to the contrary principle in agreement for coded sequence after sequentially assembling
The data message that protocol layer can identify, to carry out subsequent processing.For the integrity degree for ensuring the data message, obtaining
It, should be using the check code of its front end (specifically depending on data message structure) to the data message after the data message
Length is verified.It for the data message not being consistent, should abandon, only the successful data message of acceptance inspection.
Second decryption unit 22 decrypts contained secondary ciphertext using secondary key contained by the data message to obtain
Obtain a ciphertext.
An example of aforementioned announcement according to the present invention in the data message obtained of receiving end, contains described two
Secondary key, and the secondary ciphertext suitable for being decrypted with the secondary key.The second decryption unit 22 is read from the data message as a result,
Take the secondary key expressed by it, the secondary ciphertext be decrypted with related algorithm, can be obtained transmitted with confidence
Ciphertext of breath.It is to be appreciated that since the secondary key receives the specification of symmetric cryptosystem, therefore, it is not necessary to
Locally prestoring the secondary key.
According to the announcement of mobile terminal, the secondary key both can be random number merely, be also possible to be marked by formatting
Know the formatting identifying string constituted, i.e. specific identifier collection, no matter secondary key has several heavy meanings, in this example, as long as two
Secondary key makes itself have decryption function for encryption configuration information preceding, just must be sharp in advance in the second decryption unit 22
Secondary ciphertext is decrypted with secondary key.If in certain examples, formatting configuration information without primary encryption, only passing through
It crosses secondary key and carries out simple encryption, then just can obtain the configuration information of formatting after this decryption, it can be straight on this basis
It connects parsing and formats configuration information.Otherwise, obtained after secondary key is decrypted if it is a ciphertext, then also need again into
Row decryption, formatting configuration information is finally obtained on the basis of decrypting twice can just be parsed.Certainly, if certain implementations
In example, specific identifier collection (secondary key) encryption configuration information is not used for, just without decrypting here.
It is therein to obtain to decrypt a ciphertext using the secondary key prestored for first decryption unit 23
Configuration information.
As in a preceding revealed example, a ciphertext is using a secondary key (public key) to formatting
Configuration information, which encrypts, to be formed, the public key which is standardized by asymmetric encryption techniques, thus, the intelligence as receiving end
Energy terminal prestores corresponding private key, under the action of the first decryption unit 23, calls the private key namely this intelligent terminal prestored
A ciphertext is decrypted in a so-called secondary key (private key).As can be seen that this intelligent terminal is so-called primary close
Both key (private key) and the so-called secondary key of mobile terminal (public key) are standardized by asymmetric encryption techniques, are algorithmically
Relevant, the former is decruption key, and the latter is encryption key, not with the same key of identical content, those skilled in the art
Member should know.
Really, if the configuration information that formats of the key pair standardized in transmitting terminal using symmetric cryptosystem into
Encryption is gone, then intelligent terminal just should prestore an identical secondary key in content as receiving end, and a secondary key was both
It is also the decruption key of receiving end for the encryption key of transmitting terminal.
After first decryption unit 23 decrypts a ciphertext, the configuration information formatted accordingly is obtained.However,
According to a variety of variation instances of aforementioned announcement, the configuration information of the formatting is obtained from data message anyway, is made
For the textual form of specific format, this formatted text is not yet identified and utilizes, thus capable of not yet obtaining, there is identification to anticipate
The configuration information of the specification of justice.According to the contrary principle in agreement, correspond to certain embodiments, should be wrapped using the secondary key
The text is resolved to the configuration information with identification meaning by the specific identifier contained.Each example of corresponding aforementioned announcement,
There are several types of the configuration informations that corresponded manner is used to handle the formatting:
One, transmitting terminal and the case where the configuration information of the receiving end protocol analysis formatting.
In this case, receiving end need to only parse the configuration information of the formatting according to preparatory agreement, obtain it
In each information content.
Two, transmitting terminal is used as secondary key using the formation specific identifier collection of formatting identifying used in formatting procedure
Situation.
Such case, two kinds of subdivision situations including aforementioned announcement, one of which are that secondary key is entire specific mark
Know collection, including specific identifier collection using formatting identifying is used to indicate information content position in such a way that be used to indicate separating character
Mode, another kind is the specific part that specific identifier collection is secondary key.
No matter which kind of situation, all without departing from the contrary principle in agreement.Thus, it should stress in this kind of situation from described two
The specific identifier collection is obtained in secondary key, corresponding such as preceding each revealed each concrete condition of example identifies that formatting is matched
The information content of confidence breath.
In certain examples, the formatting identifying that specific identifier is concentrated is used to indicate the location of each information content, or
Person is used to indicate the separator of each information content, including the first formatting identifying above-mentioned and the second formatting identifying,
Anyway, using the instruction of the formatting identifying, separate and extract the formatting configuration information, to be advised
The configuration information of model, namely each information content with identification meaning.
According to the processing of this unit, the configuration information of specification may finally be obtained, namely recognizes and obtains transmitting terminal transmission
Information primitive meaning, for example, receiving end could be aware that the target network that will access for configuration information above-mentioned
The service set SSID of network is MYWiFi, and its corresponding login password PSW is then PLZLOGIN.
It should be pointed out that a kind of only make the specific identifier collection only have the function of parsing, without utilizing its key function
It in the corresponding embodiment of energy, then need not pass through decryption above-mentioned, and the first decryption unit 23 and the second decryption unit 22 be replaced
For a resolution unit, utilize specific identifier collection to the configuration information of formatting contained by data message according to above-mentioned principle here
It is parsed.In this case, it will be understood that although the configuration information formatted adds once or twice without special
It is close, but since specific identifier collection of the invention embodies certain from protocol function, namely utilize the separation of its formatting identifying
Effect and the function of each specifying information content contained by configuration information for identification, thus, such case also plays centainly
Cipher round results.
The access unit 24, for accessing the target network with configuration information configuration own net setting.
After obtaining the configuration information, just obtain mobile terminal provide service set (SSID) and accordingly it is close
Code, intelligent terminal can carry out the network settings of itself, determine that corresponding SSID is MYWiFi, and it is phase that its password, which is arranged,
The PLZLOGIN answered, the process of starting access target network, carries out a series of handshake operation, until establishing and SSID institute's generation
The connection of the WiFi AP of table.
After intelligent terminal connects the AP, target network has just been accessed, can theoretically have been communicated with cloud server, can also have been passed through
The routing function that current local area network provides is communicated with the mobile terminal in net.To which intelligent terminal can be to the shifting
Dynamic terminal sends one and characterizes the signal for having completed network insertion, so that mobile terminal can further provide for operation control circle
Subsequent operation is done to user in face.
As it can be seen that intelligent terminal of the invention can more safely be received with confidence based on safer encryption technology
Breath avoids the configuration information for receiving illegal user's simulation from obtaining safer using effect.
In conclusion the present invention by cryptographic technique, is expressed by improving the content that data message is loaded, further plus
The strong communication security effect for connecting technology fastly based on 802.11 protocol realization of IEEE.
The above is only some embodiments of the invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (44)
1. a kind of information secure transmission method, which comprises the steps of:
Information to be transmitted is obtained, the information format to be transmitted is turned into the text comprising specific identifier;
Data message is constructed, making the data message includes secondary ciphertext and secondary key, and the secondary ciphertext is added by a secondary key
The close information to be transmitted forms a ciphertext, then the secondary key of included random factor encrypts to be formed;It is described secondary
Include the specific identifier for parsing the information to be transmitted being formatted in key;
Send the data message.
2. information secure transmission method according to claim 1, which is characterized in that in the step of obtaining information to be transmitted,
The information to be transmitted is received by user interface and its submits instruction, is instructed in response to the submission and is executed subsequent step.
3. information secure transmission method according to claim 1, which is characterized in that the information to be transmitted is for accessing
The configuration information of target network.
4. information secure transmission method according to claim 3, which is characterized in that the configuration information includes for determining
The service set of the target network and the password for logging in the target network.
5. information secure transmission method according to claim 1, which is characterized in that the step of constructing data message includes such as
Lower specific steps:
Utilize the one-time pad ciphertext of information acquisition to be transmitted;
Ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor;
It assembles the secondary key and the secondary ciphertext constitutes the data message.
6. information secure transmission method according to claim 1, which is characterized in that the secondary key is random number.
7. information secure transmission method according to claim 1, which is characterized in that a secondary key is based on asymmetric
Encryption technology and the public key standardized obtain the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.
8. information secure transmission method according to claim 1, which is characterized in that a secondary key is to be added based on symmetrical
Secret skill art and the private key standardized, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.
9. information secure transmission method according to claim 1, which is characterized in that the secondary key is to be added based on symmetrical
Secret skill art and the private key standardized, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.
10. information secure transmission method according to claim 1, which is characterized in that the data message further includes being used for
Characterize the check code of entire data message length.
11. information secure transmission method according to claim 1, which is characterized in that the step of sending the data message
In, multiple multicast packet frames sequentially characterized, which are formatted as, in data link layer loads the data message to send.
12. information secure transmission method according to claim 11, which is characterized in that the data message is loaded into institute
It states in the destination address domain and/or frame ontology domain of multicast packet frame.
13. information secure transmission method according to claim 11, which is characterized in that the multicast packet frame meets IEEE
802.11 the specification of agreement.
14. a kind of mobile terminal characterized by comprising
The information format to be transmitted is turned to the text comprising specific identifier for obtaining information to be transmitted by acquiring unit;
Structural unit, for constructing data message, making the data message includes secondary ciphertext and secondary key, the secondary ciphertext
The information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key encryption of included random factor
It is formed;Include the specific identifier for parsing the information to be transmitted being formatted in the secondary key;
Transmission unit, for sending the data message.
15. mobile terminal according to claim 14, which is characterized in that the acquiring unit is configured as through user circle
Face receives the information to be transmitted and its submits instruction, instructs in response to the submission and starts structural unit.
16. mobile terminal according to claim 14, which is characterized in that the information to be transmitted is for accessing target network
The configuration information of network.
17. mobile terminal according to claim 16, which is characterized in that the configuration information includes for determining the mesh
It marks the service set of network and logs in the password of the target network.
18. mobile terminal according to claim 14, which is characterized in that the structural unit includes following specific module:
Primary encryption module is configured as utilizing ciphertext of one-time pad information acquisition to be transmitted;
Secondary encrypting module is configured as that ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor;
Structure assembles module, constitutes the data message for assembling the secondary key and the secondary ciphertext.
19. mobile terminal according to claim 14, which is characterized in that the secondary key is random number.
20. mobile terminal according to claim 14, which is characterized in that a secondary key is based on asymmetric encryption skill
Art and the public key standardized obtain the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.
21. mobile terminal according to claim 14, which is characterized in that a secondary key is based on symmetric cryptosystem
And the private key standardized, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.
22. mobile terminal according to claim 14, which is characterized in that the secondary key is based on symmetric cryptosystem
And the private key standardized, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.
23. mobile terminal according to claim 14, which is characterized in that the data message further includes entire for characterizing
The check code of data message length.
24. mobile terminal according to claim 14, which is characterized in that the transmission unit is configured as in data-link
Road floor is formatted as multiple multicast packet frames sequentially characterized and loads the data message to send.
25. mobile terminal according to claim 24, which is characterized in that the data message is loaded into the multicast number
According in the destination address domain and/or frame ontology domain of frame.
26. mobile terminal according to claim 24, which is characterized in that the multicast packet frame meets IEEE 802.11
The specification of agreement.
27. a kind of networking cut-in method, which comprises the steps of:
Receive data message;
Contained secondary ciphertext is decrypted using secondary key contained by the data message to obtain a ciphertext;
Decrypt a ciphertext using the secondary key that prestores, obtain include specific format text, using described secondary close
The specific identifier that key is included parses the text to obtain configuration information therein;
With configuration information configuration own net setting, target network is accessed.
28. networking cut-in method according to claim 27, which is characterized in that in the step of receiving data message, obtain
After data message, using the length for verifying the entire data message of code check contained by data message, verification successfully number is only received
According to message.
29. networking cut-in method according to claim 27, which is characterized in that the step of receiving data message includes as follows
Specific steps:
Receive the multicast packet frame with same source;
The content code that each multicast packet frame carries is assembled according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized;
Content code after sequentially assembling is converted into the data message.
30. networking cut-in method according to claim 29, which is characterized in that the multicast packet frame meets IEEE
802.11 the specification of agreement.
31. networking cut-in method according to claim 29, which is characterized in that the sequence code and content code are expressed in phase
In the destination address domain and/or frame ontology domain of the multicast packet frame answered.
32. networking cut-in method according to claim 27, which is characterized in that the secondary key is symmetric cryptosystem
The private key standardized, the secondary ciphertext are obtained by the private key encryption.
33. networking cut-in method according to claim 27, which is characterized in that a secondary key is asymmetric encryption skill
The private key that art is standardized, a ciphertext are obtained by corresponding public key encryption.
34. networking cut-in method according to claim 27, which is characterized in that a secondary key is symmetric cryptosystem
The private key standardized, a ciphertext are obtained by the private key encryption.
35. networking cut-in method according to claim 27, which is characterized in that the configuration information includes for determining
It states the service set of target network and logs in the password of the target network.
36. a kind of intelligent terminal, characterized in that it comprises:
Receiving unit, for receiving data message;
Second decryption unit decrypts contained secondary ciphertext using secondary key contained by the data message to obtain a ciphertext;
First decryption unit decrypts a ciphertext using the secondary key prestored, obtains the text comprising specific format,
The specific identifier for being included using the secondary key parses the text to obtain configuration information therein;
Access unit, for accessing target network with configuration information configuration own net setting.
37. intelligent terminal according to claim 36, which is characterized in that in the receiving unit, be configured as obtaining number
After message, using the length for verifying the entire data message of code check contained by data message, only receives and verify successful data
Message.
38. intelligent terminal according to claim 36, which is characterized in that the receiving unit includes:
Frame receiving module, for receiving the multicast packet frame with same source;
Frame assembles module, and the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized assembles each multicast packet
The content code that frame carries;
Conversion module, for the content code after sequentially assembling to be converted to the data message.
39. the intelligent terminal according to claim 38, which is characterized in that the multicast packet frame meets IEEE 802.11
The specification of agreement.
40. the intelligent terminal according to claim 38, which is characterized in that the sequence code and content code are expressed in accordingly
In the destination address domain and/or frame ontology domain of multicast packet frame.
41. intelligent terminal according to claim 36, which is characterized in that the secondary key is advised by symmetric cryptosystem
The private key of model, the secondary ciphertext are obtained by the private key encryption.
42. intelligent terminal according to claim 36, which is characterized in that a secondary key is asymmetric encryption techniques institute
The private key of specification, a ciphertext are obtained by corresponding public key encryption.
43. intelligent terminal according to claim 36, which is characterized in that a secondary key is advised by symmetric cryptosystem
The private key of model, a ciphertext are obtained by the private key encryption.
44. intelligent terminal according to claim 36, which is characterized in that the configuration information includes for determining the mesh
It marks the service set of network and logs in the password of the target network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510424991.0A CN105119900B (en) | 2015-07-17 | 2015-07-17 | Information secure transmission method, networking cut-in method and corresponding terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510424991.0A CN105119900B (en) | 2015-07-17 | 2015-07-17 | Information secure transmission method, networking cut-in method and corresponding terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105119900A CN105119900A (en) | 2015-12-02 |
CN105119900B true CN105119900B (en) | 2019-02-26 |
Family
ID=54667790
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510424991.0A Active CN105119900B (en) | 2015-07-17 | 2015-07-17 | Information secure transmission method, networking cut-in method and corresponding terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105119900B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105101102B (en) * | 2015-07-01 | 2019-01-25 | 北京奇虎科技有限公司 | Multicast transmission method, information extracting method and corresponding terminal and equipment |
CN105592096A (en) * | 2015-12-30 | 2016-05-18 | Tcl集团股份有限公司 | Rapid connection method and apparatus of network equipment |
CN107645319B (en) * | 2017-11-10 | 2024-02-02 | 国网江苏省电力公司泰州供电公司 | Intelligent socket assembly control method for power line safety communication |
CN111447613B (en) * | 2019-01-16 | 2023-07-25 | 南京快轮智能科技有限公司 | Encryption system for sharing products |
CN110928564B (en) * | 2019-11-11 | 2020-10-09 | 中科有讯(北京)科技有限公司 | Method for safely updating application, service server, cluster and storage medium |
CN111935317B (en) * | 2020-09-27 | 2021-01-01 | 恒大新能源汽车投资控股集团有限公司 | Vehicle information verification method and device and computer-readable storage medium |
CN115102768B (en) * | 2022-06-24 | 2024-03-19 | 平安银行股份有限公司 | Data processing method and device and computer equipment |
CN115643017B (en) * | 2022-12-23 | 2023-03-31 | 云加速(北京)科技有限公司 | Software identification validity checking method based on hybrid coding model |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102568062A (en) * | 2011-09-29 | 2012-07-11 | 浙江吉利汽车研究院有限公司 | Encryption and decryption method for remote controller |
CN102801712A (en) * | 2012-07-17 | 2012-11-28 | 苏州市米想网络信息技术有限公司 | Network communication system adopting intelligent control |
EP2698780A2 (en) * | 2012-08-02 | 2014-02-19 | Fujitsu Limited | Encryption processing device and method |
CN104640091A (en) * | 2015-01-13 | 2015-05-20 | 董红伟 | Method for encryption communication of short message of mobile phone |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6187251B2 (en) * | 2013-12-27 | 2017-08-30 | 富士通株式会社 | Data communication method and data communication apparatus |
-
2015
- 2015-07-17 CN CN201510424991.0A patent/CN105119900B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102568062A (en) * | 2011-09-29 | 2012-07-11 | 浙江吉利汽车研究院有限公司 | Encryption and decryption method for remote controller |
CN102801712A (en) * | 2012-07-17 | 2012-11-28 | 苏州市米想网络信息技术有限公司 | Network communication system adopting intelligent control |
EP2698780A2 (en) * | 2012-08-02 | 2014-02-19 | Fujitsu Limited | Encryption processing device and method |
CN104640091A (en) * | 2015-01-13 | 2015-05-20 | 董红伟 | Method for encryption communication of short message of mobile phone |
Also Published As
Publication number | Publication date |
---|---|
CN105119900A (en) | 2015-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105119900B (en) | Information secure transmission method, networking cut-in method and corresponding terminal | |
CN105072665B (en) | Networking control, cut-in method and corresponding terminal and equipment | |
US9338130B2 (en) | Apparatus and method to register Wi-Fi clients on a Wi-Fi network | |
US7929504B2 (en) | Systems and methods for the connection and remote configuration of wireless clients | |
CN105101102B (en) | Multicast transmission method, information extracting method and corresponding terminal and equipment | |
CN105120454B (en) | Information transferring method, networking cut-in method and corresponding terminal | |
CN107113594B (en) | Method for securely transmitting and receiving discovery messages in a device-to-device communication system | |
CN106254147B (en) | It is a kind of for the configuration method of Wi-Fi network, internet-of-things terminal and control terminal | |
WO2017213971A1 (en) | Network-visitability detection control | |
CN103765848A (en) | Apparatus and methods for media access control replacement | |
KR20130111960A (en) | Secure node admission in a communication network | |
WO2016101494A1 (en) | Wireless intelligent access method | |
EP3163922B1 (en) | Method, device and system for terminal to establish connection | |
CN103581901A (en) | Method and device for processing Wi-Fi wireless network access configuration information | |
Sedidi et al. | Key exchange protocols for secure Device-to-Device (D2D) communication in 5G | |
US20210306308A1 (en) | Communication method between mesh network and cloud server, mesh network system and node device thereof | |
US20240107313A1 (en) | Control frame processing method, control frame generating method, station, access point, and storage medium | |
CN106550362B (en) | Method and system for safely accessing intelligent equipment to wireless local area network | |
CN105594183B (en) | The device and method realized for the independent safety in wirelessly communicating | |
RU2509445C2 (en) | Method and apparatus for reducing overhead for checking data integrity in wireless communication system | |
CN105120012B (en) | Smart machine and its networking cut-in method, message receiving method and device | |
WO2022134089A1 (en) | Method and apparatus for generating security context, and computer-readable storage medium | |
WO2023236984A1 (en) | Wireless network access method, apparatus and device, and storage medium | |
CN109460646A (en) | Method for identifying ID, device, system, electronic equipment and readable medium | |
CN101483867B (en) | User identity verification method, related device and system in WAP service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220720 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
TR01 | Transfer of patent right |