CN105119900B

CN105119900B - Information secure transmission method, networking cut-in method and corresponding terminal

Info

Publication number: CN105119900B
Application number: CN201510424991.0A
Authority: CN
Inventors: 刘敏; 叶剑杰
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2015-07-17
Filing date: 2015-07-17
Publication date: 2019-02-26
Anticipated expiration: 2035-07-17
Also published as: CN105119900A

Abstract

The main purpose of the present invention is to provide a kind of mobile terminal and its information secure transmission methods of use, and this method comprises the following steps: obtaining information to be transmitted；Data message is constructed, making the data message includes secondary ciphertext and secondary key, and secondary ciphertext information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key of included random factor encrypts to be formed；Send the data message.Corresponding, the present invention also provides a kind of intelligent terminal and its networking cut-in methods.The present invention is expressed by improving the content that data message is loaded by cryptographic technique, further enhances the communication security effect for connecting technology fastly based on 802.11 protocol realization of IEEE.

Description

Information secure transmission method, networking cut-in method and corresponding terminal

Technical field

The present invention relates to information security technologies, and in particular to a kind of mobile terminal and its used safe information transmission side Method, while being related to a kind of intelligent terminal and its networked cut-in method.

Background technique

Intelligent terminal accesses the control technology of target network, big based on 802.11 agreement institute specification technique of IEEE Power exploitation, using more and more common.It is based on based on AD-Hoc, WiFi Direct technology earliest, makes control terminal (transmitting terminal) Direct-connected relationship is established between receiving end, is then started to transmit the configuration information for accessing target network, is specifically included target The service set and login password of network.Traditional direct-connected mode due to need control terminal and receiving end and router it Between execute it is complicated shake hands and handoff procedure, thus be inefficient.

Improved one of the technology quickly connected, be using multicast packet frame destination address domain or its frame ontology domain can Whether editor's characteristic carrys out load information, and the reception of multicast packet frame, direct-connected independent of establishing between receiving end and control terminal Relationship exempts frequent switching connection relationship, therefore, quick interconnection technique is answered in this way, exempting the handshake procedure of equipment room connection It is more and more extensive with range.

Due to the Limited information that the data frame of data link layer can load, therefore it is lower to be generally only used for transmission capacity requirement Data, example configuration information as mentioned.Really, it can also open up and more be widely applied, such as be used only for sending an end It needs to be shown to the notice of user interface to end, or is used only for sending one for driving some component work of receiving end The signal instruction etc. of work.

On the one hand, the problem of no matter wanting which kind of type is the information of transmission be, be required in view of information security.Current In above-mentioned various technologies, communication security principle, be held respectively by receiving end to transmitting terminal it is mathematically identical or related Key, after the key that transmitting terminal is held with it encrypts information to be transmitted, form data-message transmission to receiving end, receiving end makes It is decrypted with the key to match.This protocol mode is relatively simple, but is also easier to be cracked.To find out its cause, either adopting It is waited for based on the private key encryption that symmetric cryptosystem is realized, or is waited for using the public key encryption realized based on asymmetric encryption techniques Information is transmitted, the key for encrypting information to be transmitted always immobilizes, therefore, when illegal user can be transmitted several times by intercepting and capturing The data packet of generation carries out Brute Force, or the data packet of simulation transmitting terminal, and the attack of similar DDOS, paralysis are initiated to receiving end Paralysis receiving end, even result in other adjacent equipments including WiFi router also since it is desired that identification data frame and by same The influence of sample.

On the other hand, it in current message transmitting procedure, receives and transmission both sides needs is in accordance with fixed disclosure or certainly Agreement is defined, transmitting terminal can not surmount given protocol and freely define the format of information to be transmitted, and receiving end similarly also can not be right Received data message should be parsed flexibly to obtain accurate raw information, existing information transmission technology is inflexible intelligent Defect is seen some from this.Exactly because the also presence of this inflexible defect, causes cracker can be by simply Data message format is analyzed, and accurate raw information is obtained from the data message of intercepting and capturing with lower time cost, it is real The purpose of its existing illegal steal information.

In view of this, it is necessary to existing data communication technology is improved, to ensure that Internet of Things is interconnected saferly Intercommunication.

Summary of the invention

The first object of the present invention aims to solve the problem that above-mentioned at least partly problem in terms of at least one, provide it is a kind of it is mobile eventually End and its used information secure transmission method, to realize information security control in source.

The second object of the present invention be to solve the problems, such as it is above-mentioned in terms of at least one at least partly, provide a kind of intelligence eventually End and its used networking cut-in method, make intelligent terminal receive configuration information saferly to echo previous purpose, Target network is accessed using the configuration information.

In order to realize that the first object of the present invention, the present invention adopt the following technical scheme that:

A kind of information secure transmission method provided by the invention, includes the following steps:

Obtain information to be transmitted；

Data message is constructed, making the data message includes secondary ciphertext and secondary key, and the secondary ciphertext is by primary close Key encrypts the information to be transmitted, forms a ciphertext, then the secondary key of included random factor encrypts to be formed；

Send the data message.

Further, in the step of obtaining information to be transmitted, the information to be transmitted and its submission are received by user interface Instruction instructs in response to the submission and executes subsequent step.

Preferably, the information to be transmitted is the configuration information for accessing target network.

Specifically, the configuration information includes service set for determining the target network and logs in the target The password of network.

Further, the step of constructing data message comprises the following specific steps that:

Utilize the one-time pad ciphertext of information acquisition to be transmitted；

Ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor；

It assembles the secondary key and the secondary ciphertext constitutes the data message.

Preferably, the information to be transmitted is formatted as the text comprising specific identifier before primary encryption.

Disclosed according to one embodiment of present invention, the secondary key includes the specific identifier with for will be described Text is reduced to the information to be transmitted.

According to the present invention disclosed in another embodiment, the secondary key is random number.

Disclosed in one of embodiment according to the present invention, a secondary key is standardized based on asymmetric encryption techniques Public key obtains the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.

Disclosed in one of embodiment according to the present invention, a secondary key is the private standardized based on symmetric cryptosystem Key, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.

Disclosed in one of embodiment according to the present invention, the secondary key is the private standardized based on symmetric cryptosystem Key, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.

Further, the data message further includes the check code for characterizing entire data message length.

Preferably, being formatted as multiple groups sequentially characterized in data link layer in the step of sending the data message Multicast data frame loads the data message to send.

Further, the data message is loaded into the destination address domain and/or frame ontology domain of the multicast packet frame.

Specifically, the multicast packet frame meets the specification of 802.11 agreement of IEEE.

A kind of mobile terminal provided by the invention comprising:

Acquiring unit, for obtaining information to be transmitted；

Structural unit makes the data message include secondary ciphertext and secondary key for constructing data message, described secondary Ciphertext information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key of included random factor Encryption is formed；

Transmission unit, for sending the data message.

Further, the acquiring unit is configured as receiving the information to be transmitted by user interface and its submitting referring to It enables, is instructed in response to the submission and start structural unit.

Further, the structural unit includes following specific module:

Primary encryption module is configured as utilizing ciphertext of one-time pad information acquisition to be transmitted；

Secondary encrypting module is configured as being encrypted as a ciphertext using the secondary key comprising random factor secondary close Text；

Structure assembles module, constitutes the data message for assembling the secondary key and the secondary ciphertext.

Preferably, the transmission unit, is configured as being formatted as multiple multicast numbers sequentially characterized in data link layer The data message is loaded according to frame to send.

The second purpose to realize the present invention, the present invention adopts the following technical scheme:

A kind of networking cut-in method provided by the invention, includes the following steps:

Receive data message；

Contained secondary ciphertext is decrypted using secondary key contained by the data message to obtain a ciphertext；

A ciphertext is decrypted using the secondary key prestored to obtain configuration information therein；

With configuration information configuration own net setting, the target network is accessed.

Preferably, after obtaining data message, being examined using check code contained by data message in the step of receiving data message The length of entire data message is tested, only receives and verifies successful data message.

Further, the step of receiving data message comprises the following specific steps that:

Receive the multicast packet frame with same source；

It is assembled in each multicast packet frame carrying according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized Hold code；

Content code after sequentially assembling is converted into the data message.

Further, the sequence code and content code are expressed in destination address domain and/or the frame sheet of corresponding multicast packet frame In body domain.

Disclosed in one of embodiment according to the present invention, the private key that the secondary key is standardized by symmetric cryptosystem, The secondary ciphertext is obtained by the private key encryption.

Disclosed in one of embodiment according to the present invention, private that a secondary key is standardized by asymmetric encryption techniques Key, a ciphertext are obtained by corresponding public key encryption.

Disclosed in one of embodiment according to the present invention, the private key that a secondary key is standardized by symmetric cryptosystem, Ciphertext is obtained by the private key encryption.

Further, a step of ciphertext is to obtain configuration information therein is decrypted using the secondary key prestored In, obtained after the completion of decryption include specific format text, the specific identifier for being included using the secondary key is by the text Resolve to the configuration information.

A kind of intelligent terminal provided by the invention comprising:

Receiving unit, for receiving data message；

It is primary close to obtain to decrypt contained secondary ciphertext using secondary key contained by the data message for second decryption unit Text；

First decryption unit, it is therein with confidence to obtain to decrypt a ciphertext using the secondary key prestored Breath；

Access unit, for accessing the target network with configuration information configuration own net setting.

Preferably, the receiving unit, is configured as after obtaining data message, is examined using check code contained by data message The length of entire data message is tested, only receives and verifies successful data message.

Further, the receiving unit includes:

Frame receiving module, for receiving the multicast packet frame with same source；

Frame assembles module, and the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized assembles each multicast The content code that data frame carries；

Conversion module, for the content code after sequentially assembling to be converted to the data message.

Further, it in first decryption unit, is configured as obtaining the text comprising specific format, benefit after the completion of decryption The text is resolved to the configuration information by the specific identifier included in the secondary key.

Compared with prior art, the solution of the invention has the following advantages:

1, the present invention is packaged by the information to be transmitted to the configuration information for such as being used to access target network etc, structure The data message with particular encryption format is produced, on the basis of the existing progress primary encryption to information to be transmitted, is imposed Secondary encryption, and key plain used in secondary encryption is covered in the data message, so that the data message is either During being transmitted in a manner of broadcast or multicast, even if being trapped, also it is more difficult to be cracked because there are two re-encryptions. Even if by Brute Force, since the secondary key includes random factor, every time transmit information when secondary key all because with The presence of the machine factor and usually it is different, therefore interceptor can not be obtained according to the different data packet repeatedly intercepted and captured one really The rule of the fixed secondary key, sends datagram, thus the hair of terminal easy to remove etc so that transmitting terminal can not be forged Sending end more safely can transmit information to receiving end.Correspondingly, in receiving end, since the above-mentioned mechanism of transmitting terminal makes data Message presents the regularity that the contained information content is decrypted using its contained secondary key, can extract number according to this rule According to the information of such as configuration information etc that message is loaded, the legal format of data message is effectively differentiated, so that it is guaranteed that being obtained The safety of information achievees the effect that safety receives information.

2, the present invention includes for parsing by the specific of the not encrypted formatted text of transmission information in secondary key Mark, make secondary key be provided simultaneously with encryption, decryption function and contain for parsing by the specific identifier of transmission information, Parsing scheme is constituted, the complexity for cracking the data message is further increased, after so that transmitting terminal is issued data message, is transmitted across The safety of journey is further improved.For receiving end, then parsing therein can be called according to this improvement rule Scheme is parsed to by the not encrypted formatted text of transmission information, is identified and is received using specific identifier therein The content of information finally can still obtain the raw information of transmitting terminal expression to be transmitted, and its safety is obviously able into one Step improves.

3, similarly, based on the presence for parsing scheme described in data message, transmitting terminal is neatly formulated to be passed The specific format of the formatted text of defeated information, and receiving end then can be according to the specific mark that the secondary key of data message is included Knowledge effectively identifies the information to be transmitted of formatting, therefore, so that transmitting terminal and receiving end are provided with negotiation detail agreement Function, improve the intelligence degree of information representation and parsing.

4, the present invention is based on the characteristic of multicast packet frame, data link layer by the data message be loaded into it is multiple sequentially In destination address domain and/or frame ontology domain inside the multicast packet frame of statement, since the propagation and reception of multicast packet frame are equal The direct-connected relationship between receiving end and transmitting terminal is needed not rely upon, therefore, it is possible to which connection relationship is avoided the technology rings such as to switch, shake hands Section, convenient for propagating the information transmitted more quickly, is also convenient for receiving end and utilizes the information more quickly, especially when described Information when being the configuration information for accessing target network, the intelligent terminal for receiving the configuration information can be made real more quickly Existing target network access.On the other hand, due to improving the received speed of information, data message in transmission process also can more be reduced The probability being trapped, to further embody the present invention either its reception scheme or the security feature of transmission scheme.

The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description Obviously, or practice through the invention is recognized.

Detailed description of the invention

Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments Obviously and it is readily appreciated that, in which:

Fig. 1 is the structural schematic diagram of multicast address of the present invention；

Fig. 2 mapping relations schematic diagram between multicast address of the present invention and IP address；

Fig. 3 is the schematic illustration of information secure transmission method of the invention；

Schematic illustration of the Fig. 4 by the step S12 of the information secure transmission method of the invention detailed process realized；

The structural schematic diagram for the data message that Fig. 5 is constructed for the present invention；

Fig. 6 is the schematic illustration of networking cut-in method of the invention；

Schematic illustration of the Fig. 7 by the step S21 of the networking cut-in method of the invention detailed process realized；

Fig. 8 is the structural schematic diagram of mobile terminal of the invention；

Fig. 9 is the schematic diagram of internal structure of the structural unit of mobile terminal of the invention；

Figure 10 is the structural schematic diagram of intelligent terminal of the invention；

Figure 11 is the schematic diagram of internal structure of the receiving unit of intelligent terminal of the invention.

Specific embodiment

The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, and for explaining only the invention, and is not construed as limiting the claims.

Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange Diction "and/or" includes one or more associated wholes for listing item or any cell and all combinations.

Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art The consistent meaning of meaning, and unless idealization or meaning too formal otherwise will not be used by specific definitions as here To explain.

Those skilled in the art of the present technique be appreciated that " terminal " used herein above, " terminal device ", " intelligent terminal ", " mobile terminal " had both included the equipment of wireless signal receiver, only had setting for the wireless signal receiver of non-emissive ability It is standby, and the equipment including receiving and emitting hardware, have the reception that two-way communication on bidirectional communication link, can be executed and Emit the equipment of hardware.This equipment may include: honeycomb or other communication equipments, with single line display or multi-line Display or honeycomb or other communication equipments without multi-line display；PCS(Personal Communications Service, PCS Personal Communications System), it can be with combine voice, data processing, fax and/or communication ability；PDA (Personal Digital Assistant, personal digital assistant), may include radio frequency receiver, pager, internet/ Intranet access, web browser, notepad, calendar and/or GPS (Global Positioning System, global location System) receiver；Conventional laptop and/or palmtop computer or other equipment have and/or including radio frequency receiver Conventional laptop and/or palmtop computer or other equipment.Various " terminals " used herein above can be it is portable, can transport It is defeated, be mounted in the vehicles (aviation, sea-freight and/or land), or be suitable for and/or be configured in local runtime, and/ Or with distribution form, operate in any other position operation in the earth and/or space.Various " terminals " used herein above may be used also To be communication terminal, access terminals, music/video playback terminal, such as it can be PDA, MID (Mobile Internet Device, mobile internet device) and/or mobile phone with music/video playing function, be also possible to smart television, The equipment such as set-top box, intelligent video camera head, intelligent remote controller, intelligent socket.

The present invention is the information security technology solution proposed for the development in response to Internet of Things, makes information from transmission Safety is further strengthened into received entire transmission process.The application scenarios that the present invention is adapted to are mainly reflected in WiFi The communication between intelligent terminal and mobile terminal that technology is realized, with operating system without being necessarily associated with.Based on this, of the invention Not only the terminal on the one hand for the similar mobile phone that plays central control action etc provides substantial encoding mechanism, so as to for Other intelligent terminals access target network and provide automation access guide, on the other hand, or independently of in described rise It entreats other intelligent terminals except the mobile terminal of control action to provide decoding mechanism, is connect to realize that such intelligent terminal is controlled Enter target network.

Although the core scheme that the present invention embodies security performance, which can be not only used for multicast, can also be used in the scene of broadcast, go out In the concise description the considerations of, it is typical real for being still only chosen at the case where data link layer realizes data-message transmission with multicasting technology Example is applied to be illustrated.Specifically, the present invention is in relation in the exemplary embodiments of data message transmission, using multicast packet frame as technology It realizes carrier, realizes the transmission to data message.Thus it is necessary to by the coding and decoding two in relation to data link layer of the invention Rudimentary knowledge involved by aspect is disclosed, and makes those skilled in the art that can exempt to realize through creative thinking according to this specification It.

Since the present invention is illustrated by taking multicasting technology as an example, it is related to the utilization to multicast packet frame, and group of the invention Multicast data frame receives the specification of 802.11 agreements again, therefore, it is necessary to understand the physical frame that 802.11 agreements are standardized in advance The rudimentary knowledge of (mac frame).

Table 1:802.11 protocol suite mac frame structure (first trip unit is Bytes byte):

Do corresponding explanation in each domain being related to below for table 1:

Frame Control, frame control domain；

Duration/ID, the duration/mark, show the frame and it acknowledgement frame will busy channel how long；It is right In frame control domain subtype are as follows: the frame of Power Save-Poll, the domain representation connection identity of STA (AID, Association Indentification)

Address Fields (1-4): for address field, including 4 addresses (source address, destination address, sender address and Recipient address), depending on To DS and From DS in frame control field.

Seq Ctrl, i.e. Sequence Control-are sequence control domain, for filtering repeating frame.

Frame Body: frame ontology domain or data field, the information for indicating to send or receive.

Check Sum: verification domain, including 32 cyclic redundancy check (CRC).

Table 2: frame controls (Frame Control) structure (first trip unit is bit (position)):

2	2	4	1	1	1	1	1	1	1	1
											Version	Type	Subtype	To DS	From DS	MF	Retry	Pwr	More	W	O

The each field being related to below for table 2 does corresponding explanation:

Protocol Version -802.11 standard of expression IEEE version.

Type-expression frame type: including classes such as management, control and data.

Subtype-expression frame subtype, such as: authentication frame (Authentication Frame), releases authentication frame (Deauthentication Frame), association request frame (Association Request Frame), connection response frame (Association Response Frame), claim frame (Reassociation Request Frame), again is reconnected Connection response frame (Reassociation Response Frame) releases connection frame (Disassociation Frame), beacon Frame (Beacon Frame), Probe frame (Probe Frame), Probe claim frame (Probe Request Frame) or Probe Response frame (Probe Response Frame).

For To DS- when frame is sent to Distribution System (DS), which is set as 1.

For From DS- when frame receives at Distribution System (DS), which is set as 1.

MF-More Fragment indicates that the value is set as 1 when there is more segmentations to belong to same number of frames.

Retry- indicates that the segmentation is the repeating transmission frame of precedent transmission segmentation.

Pwr-Power Management, after indicating transmission frame, powder source management mode used by standing.

More-More Data, indicates that many frame buffers are arrived at a station.

W-WEP, expression encrypt frame main body according to WEP (Wired Equivalent Privacy) algorithm.

O-Order1 indicates that recipient should be in strict accordance with the sequential processes frame.

According to the explanation of table 2 it is found that can determine the destination address of multicast packet frame by From DS and To DS field Domain position.Refering to table 3:

Table 3: the usage of address field in a data frame:

Function

To DS

From DS

Address1 (receiving end)

Address2 (transmitting terminal)

Address3

Address4

IBSS

0

DA

SA

BSSID

It is not used

To AP (foundation structure type)

1

0

BSSID

SA

DA

It is not used

From AP (foundation structure type)

0

1

DA

BSSID

SA

It is not used

WDS (wireless distribution system)

1

RA

TA

DA

SA

Those skilled in the art should know IP address space is divided into A, B, C three classes.Four classes, that is, D class address quilt Reservation is used as multicast address.In the IP agreement (IPv4) of fourth edition, from 224.0.0.0 to 239.255.255.255 between institute There is IP address to belong to D class address.

Most importantly the 24th this four to 27 interdigits in multicast address, corresponding to the decimal system is 224 to 239, Its 28 reservation is used as the group mark of multicast, as shown in Figure 1.

The multicast address of IPv4 will be converted into network physical address in network layer.To the network address of a unicast, pass through The available physical address corresponding with IP address of ARP protocol.But ARP protocol is unable to complete similar functions under multicast mode, It must handy other methods acquisition physical address.It is proposed in the RFC document being listed below and completes this conversion process Method:

RFC1112:Multicast IPv4to Ethernet physical address correspondence

RFC1390:Correspondence to FDDI

RFC1469:Correspondence to Token-Ring networks

Within the scope of maximum ethernet address, conversion process is such that most fixed by first 24 of ethernet address For 01:00:5E, this several are important flag bit.Back to back one is fixed as 0, and other 23 in IPv4 multicast address Low 23 fill.The conversion process is as shown in Figure 2.For example, multicast address is that 224.0.0.5 its Ethernet hardware address is 01:00:5E:00:00:05.As can be seen that 23 low (can also be less) of object here address field can be used as editable Bit area, for load information.

In addition, frame ontology domain, i.e. Frame Body, the length of this partial content is variable, and the content specifically stored is by frame Type (type) and subtype (sub type) determine.

As can be seen that the destination address domain and frame ontology domain in multicast packet frame are two editable field, transmitting terminal can Editable bit area i.e. its low 23 content and the length in control frame ontology domain in destination address domain is arranged.It is either single Solely with the editable bit area in destination address domain or the length in frame ontology domain, or with the combination of the two, it is used equally for adding Carry the information for needing to transmit.

When intelligent terminal is not connected with WiFi access point, WiFi chip is the radiofrequency signal that can be detected in space And identify mac frame, but equipment can not further parse frame knot because the certification by access point does not have key at this time The data in frame ontology domain in structure, but due to the frame length in frame ontology domain it is found that the frame length to entire multicast packet frame can also Know, therefore, this characteristic has no effect on the utilization of the frame length to multicast packet frame.So the present invention is by utilizing these words Section, so that the information that mobile terminal is sent with multicast mode can be received intelligent terminal is not in the case where networking.It is real It on border, will also realize that according to 802.11 agreements, for a multicast packet frame, the length of entire frame is uniquely associated with simultaneously It is decided by the length in frame ontology therein domain.

It can be seen that for multicast packet frame according to the knowledge of the disclosure above, the destination address domain in frame structure And/or the variation of its frame ontology length of field is used equally for load configuration information.

A kind of information secure transmission method provided by the invention is controlled typically as active initiator, or as center The visual angle of system side is described, and this method can be embodied as computer program by programming and is mounted on similar mobile phone, flat Run in plate computer or other mobile terminals, for example, operation Android, IOS, Windows Phone system mobile phone or APP (application program) with installation is realized using the transmission method in tablet computer, executes the transmission method by the application program.

Referring to Fig. 3, an exemplary embodiments of information secure transmission method of the invention, this method specifically includes as follows Step:

Step S11, information to be transmitted is obtained.

Mainly realize that data are transmitted using multicast or broadcast technology in view of of the invention, thus the letter to be transmitted Breath is especially suitable for the information content for referring to that data volume is little, such as the configuration information for accessing target network, usually only includes mesh The service set and password of network are marked, information content is just smaller；The instruction for another example only executed comprising one for receiving end Sentence；For another example the notification information of receiving end is only pushed to comprising one.It is such, play this hair with capable of maximizing degree Bright advantage.It, can be by this since the data capacity that each data frame can express is limited as the quantizating index of information content size Field technical staff is determines according to actual conditions.

It should be pointed out that the simplicity for explanation considers, often with the transmission information in each embodiment of the invention One example is the configuration information to censure the information to be transmitted, but should not be understood as that this is without exception to " information to be transmitted " Saying and the still limit of the concepts such as " by the transmission information " of reference same object, " received information " have been converted considering it System.Similarly, subsequent to be related to the different-format content caused by operation such as being formatted information to be transmitted, encrypt, although its Expression-form generates variation, but its object being directed toward is still information pointed by " information to be transmitted " this concept.

It, can be by system drive on mobile phone when the APP is run by taking the APP realized based on the present invention as an example Hardware device utilized.It is well known that not only having WiFi mould group, display, control chip on mobile phone, also there is wheat The components such as gram wind, loudspeaker, these components, which can pass through the APP, to be realized and calls.

By taking android system as an example, mobile phone terminal calls first by its acquiring unit and shows a movable component (Activity), it or one page realized using HTML5 of display, shows the user interface on the screen and scans WiFi access-in point information (is enumerated) with service set SSID, requests user's selected target network, and requires user's input corresponding Password, to obtain the SSID and password of target network.

According to the agreement of WiFi agreement, those skilled in the art be could be aware that, configuration information generally includes WiFi without route For determining the service set (SSID) of the target network and for logging in the mesh provided by device (representing target network) The login password for marking network, may also need in some cases include login password cipher mode, and for open network It can also need not be provided login password.Although WiFi agreement the fact that there are version upgradings, these are related to realization access network And indispensable configuration information to its details and its can be equal by those skilled in the art according to the corresponding determination of document of agreement, therefore Change programme is without being repeated here.

As details accommodation, after user has selected SSID, can be inquired to cloud server corresponding to the SSID Password directly downloads password by cloud if password exists, and can save the mistake for requiring user to input target network password Journey.

Step S12, data message is constructed, making the data message includes secondary ciphertext and secondary key, the secondary ciphertext The information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key encryption of included random factor It is formed.

After the information to be transmitted for obtaining described configuration information etc, just need to construct data message for it.Construct number According to the process of message, play the role of linking up application layer and data link layer, specifically, obtaining the configuration from application layer The information to be transmitted of information etc, and it is subsequent will send the data message in data link layer, so, construct the mistake of data message Journey is substantially equivalent to a protocol layer defined by the present invention.Thus, the realization of this step be it is very flexible, below with Several examples are illustrated:

Refering to a kind of instantiation procedure for constructing the data message shown in Fig. 4, include the following steps:

Step S121, the one-time pad ciphertext of information acquisition to be transmitted is utilized.

One secondary key refers to that is widely used at present is used for the key for being carried out primary encryption by transmission information, Generally use public key encryption mode, i.e. asymmetric encryption mode.In public key encryption mode, mobile terminal will be to be passed as transmitting terminal The urtext of defeated information is encrypted with the public key that it is held, and when being transferred to opposite end, the intelligent terminal as receiving end is called Information to be transmitted is decrypted in the private key prestored, to obtain its original version.The public key and private key, algorithmically Correlation, thus can be used for mutually decrypting the data of other side's encryption.In the present embodiment, this step similarly continues to use traditional technology, benefit It is encrypted with the configuration information of a key pair unprocessed form, to obtain a ciphertext.Asymmetric encryption techniques Higher safety is embodied, is commonly used in the higher scene of security requirement.

In flexible embodiment, a secondary key can use private key encryption, i.e. symmetric cryptosystem is realized.This In one technology, mobile terminal and intelligent terminal have an identical secondary key respectively, and mobile terminal is added using a secondary key Close information to be transmitted obtains a ciphertext, is transferred to intelligent terminal, and intelligent terminal can will be to using the secondary key prestored Transmit information decryption.Symmetric cryptography has the characteristics that algorithm is simple more efficient thus less high in certain security requirements It can preferentially be selected in scene.

Step S122, ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor.

In the present embodiment, after ciphertext is formed or in certain embodiments independent of primary encryption described in Information to be transmitted is utilized the secondary encryption of secondary key progress in this step and forms secondary ciphertext.It should be pointed out that described Secondary key be particularly suitable for the private key standardized using symmetric cryptosystem, as a result, when intelligent terminal receives accordingly After message, it can be consumed with lower calculating and secondary ciphertext is decrypted.

The secondary key includes random factor, and the random factor is included at least and used in secondary key Random number and utilization random manner select two kinds of situations of a secondary key.By the effect of the random factor, make secondary Key all has uncertainty before being used for secondary encryption every time, that is, will carry out secondary encryption to a ciphertext When, just determined.When secondary key carries out secondary encryption to each information to be transmitted as a result, can farthest it embody Its uniqueness out.

The specific implementation of the secondary key can be presented as following several elective modes:

One, using random number as the secondary key.

In this mode, random function is called directly, generates the random number of particular number of bits such as 16, by the random number It is determined as the secondary key.This mode is most easily realized, highly efficient, is convenient for intelligent terminal fast decryption.

Two, the secondary key is randomly determined from the multiple keys prestored.

This mode similarly can be by calling random function to make its endomorph to determine the secondary key prestored Reveal uncertainty.Determining secondary key therefrom, it may have the characteristics of randomness, can similarly play and interceptor is manufactured Decode the effect of obstacle.

Three, using for parse not by the ordered set of the formatting identifying of the information to be transmitted before primary encryption as The secondary key.

Information to be transmitted, generally includes multiple information words, and foregoing configuration information can in an application scenarios To be comprising for providing the service set (SSID) of WiFi access point and its information of password (PSW).In each information word, Its information type and the corresponding information content are generally characterized with some form.When it needs to transmit, usually with by these The form of information word concatenation is expressed as a character string, completes the formatting to information to be transmitted, and obtain formatting matches confidence Breath.

Specifically, service set and the equal configuration information of password are first by taking configuration information as an example, element is used between information word First formatting identifying " | " is separated, with the second formatting identifying ": " point between the information type and the information content of information word Every.Such as service set is that its information type is indicated with SSID, password indicates its information type with PSW, in the information of SSID Holding is MYWiFi, and the information content of password is formatted the formatting to be formed to it not by before primary encryption for PLZLOGIN Configuration information textual form are as follows:

SSID:MYWiFi|PSW:PLZLOGIN

Note that being to carry out tissue in a certain order, wherein SSID exists in the configuration information of the formatting of above-mentioned expression Before, PSW is rear, the two information type identifiers can be for identifying that the corresponding information content be used, and the formatting mark Know ": |: " and then embody its speciality, if agreement obtains the from the first byte of secondary key between transmitting terminal and receiving end One formatting identifying obtains the second formatting identifying from the second byte, then which kind of symbol no matter transmitting terminal use for expressing The formatting identifying can pass through the first byte and the second byte acquisition tool from secondary key for receiving end The formatting identifying for function of having an agreement, and each information word is separated with the symbol of wherein the first byte, and with the symbol of the second byte Number isolation information type and its information content restore the information of each information word so that correctly parsing formats configuration information Content.Therefore, this example, which has undoubtedly embodied data message, has the function of included parsing scheme, makes the secondary key It is not only adapted to decrypt secondary ciphertext, and is suitable for parsing the configuration information of the formatting before not being encrypted, increases datagram The complexity of text, makes interceptor be more difficult to crack.

Obviously, as specific identifier, the formatting identifying is suitable for occurring in the configuration information of formatting according to it Sequence, by similarly arranged in sequence in the secondary key, the formatting identifying can determine at random.When needs make The number of formatting identifying is more, and arrangement is more diversified, and the parsing function that can be expressed is more powerful, the complexity of key It will further improve, so that secondary ciphertext be made to be more difficult to decode.In this case, secondary key is substantially one by multiple lattice Formulaization identifies the specific identifier collection constituted, and the specific identifier string in the specific identifier collection can be used for parsing the configuration of formatting Information, and as a whole, it may also be used for the secondary ciphertext of the configuration information is decrypted to obtain a ciphertext.

In a further improvement, the configuration information is expressed as follows to increase its readable difficulty: 0MYWiFiPLZLOGIN8.As can be seen that different information words are not separated with any symbol in this expression way, however but Still it can be parsed by formatting identifying.

Specifically, being to characterize the spaced-apart locations of information word at formatting identifying, it is used to indicate the formatting identifying Different information words are formatting the location information in configuration information.For example, initial character " 0 " and last character " 8 " actually right and wrong must Must interference factor, the addition of interference factor, even if remaining on and being difficult to so that code breaker obtains the configuration information of the formatting Its true content of intuitive judgment.And in secondary key, the content of formation is " 020815 ", wherein " 02 " is for characterizing first The initial position of a information word SSID is sequence the 2nd, and the initial position that " 08 " is used to characterize second information word SSID is the 8th Position, and most latter two " 15 " are used to characterize the final position of entire configuration information.According to the principle equivalent with upper example, receiving end from After reading " 020815 " this specific identifier string in secondary key, can by the initial position of each information word of determination, from And obtain different information word contents.If transmission both sides have arranged the information type of the information word of different order, receiving end It can be it is understood that the definite content of information word that transmitting terminal is expressed in formatting configuration information.It is improved by observing this Example equally could be aware that, (such as change since the information content normal length of each information word of same configuration information is different Password in configuration information), it is also possible to variation is generated, leads to the position that each information word occurs in different configuration informations not Together, thus, the content for the specific identifier string being correspondingly formed also be not it is every time identical, play the role of random factor, therefore Secondary key is set to have embodied required stochastic behaviour of the invention.

As it can be seen that specific identifier described included by secondary key namely the various formatting identifyings, can be used for The configuration information text of formatting is reduced to the original configuration information for having identification meaning, makes the letter of its each information word Breath content smoothly can be identified and be utilized.

According to description herein, information to be transmitted be first with its formatted text be encrypted to a ciphertext and then by The specific identifier collection, which encrypts, to be formed secondary ciphertext and is expressed in the data message.It should be pointed out that in view of secondary It is improved for protruding the parsing function of specific identifier collection at one in the case that key has the dual function of parsing and encryption Example in, also can remove the process of the primary encryption, in this case, the configuration information being expressed in data message, Can carry out the close of encryption formation to it with the specific identifier collection by the formatted text under its unencrypted state Text.

It is further used in the improvement embodiment for strengthening the self-analytic data function of specific identifier collection, further ignores encryption and examine Consider, any encryption is not carried out to the formatted text, and only provides the formatting identifying string of specific identifier collection to data It include the format of the plaintext in the data message so that receiving end utilizes formatting identifying therein parsing in message Change text.

Four, on the basis of the third revealed two kinds of case and the other variants being unfolded with this, further addition with The machine number construction secondary key.

Adapt to multiple examples that former carries self-analytic data scheme in formatting configuration information, naturally it is also possible in conjunction with institute The first exemplary mode is stated, adds a random number for secondary key described in former example to reinforce its safety.

In summary several determinations provided include the example of the secondary key of random factor, and programmer can be according to Determining agreement selectes any one way of example in programming and realizes it, can further call symmetric encipherment algorithm to described A ciphertext encrypted, to form the secondary ciphertext.

Step S123, it assembles the secondary key and the secondary ciphertext constitutes the data message.

When the clear text format of the secondary ciphertext and secondary key is determined, can according to transmitting terminal and receiving end it Between agreement be assembled into data message as shown in figure 5, secondary key is preposition in the secondary ciphertext.For examining for verification Consider, the entire length of data message is also further used as the front end that check code is expressed in the data message, enables receiving end Determine whether received data message is complete using the check code.Obviously, about the structure of data message namely various pieces Arrangement be that comparison is flexible, the only preferable embodiment that the example of attached drawing provides makes the check code and successive Secondary key especially its specific identifier collection constitutes its stem, and end is its content part.Those skilled in the art are referred to This flexible structure adjusts the structure of the data message, assembles to data message, without should be influenced by this structure and Limit the understanding of the present invention.

After constructing data message of the invention, transmitting terminal and receiving end are just completed in the work of custom protocol layer Make, according to the specification of 802.11 agreement of IEEE, subsequent step will be handled below data link layer.

Step S13, the data message is sent.

In this step, need that the data message is further handled Framed Data.The present invention is with multicast packet frame Example is illustrated, and now introduces several examples that the data message is transmitted using multicast packet frame:

One, only it is used to load the content of the data message with the destination address domain of multicast packet frame.

Specifically, individually low 23 of the editable bit area in multicast packet frame destination address domain is used, utilize First 6 therein, for expressing the sequence code of each multicast packet frame, utilize remaining 17 expression ordered sections to be loaded Content code, therefore 2 can be passed through altogether⁶=64 multicast packet frames transmit a data message.Wherein sequence code is The multicast packet frame of " 000000 " can be used as a reference for, can also not so that receiving end starts to receive homologous subsequent frame accordingly This reference must be set.The data message is loaded into 64 multicast packet frames in this way, sends receiving end to, Receiving end can be according to contrary principle, sequence indicated by the sequence code according to each multicast packet frame, by each multicast packet The content code of frame sequentially assembles, and obtains the data message.

Two, only it is used to load the content of the data message with the frame ontology domain of multicast packet frame.

Control of the transmitting terminal to the frame ontology domain of multicast packet frame, is mainly reflected in the controllable utilization to its frame length, but The utilization of frame length needs to rely on benchmark, thus, the mode of above-mentioned reference frame similarly can be used, have the reference frame There is shortest frame length (uniqueness is associated with its frame ontology length of field), and control the frame ontology domain of remaining each multicast packet frame Length makes to embody difference between different multicast packet frames and the frame length of the reference frame, makes the binary format of the difference Bit String is for expressing such as 10 bit contents, wherein for example preceding 4 are used to express the sequence code, latter 6 for expressing The content code, can similarly pass through 2⁴=16 multicast packet frames load the data message.

Three, simultaneously using the destination address domain of multicast packet frame and frame ontology domain for loading data message.

Understanding to this example, please also refer to first two.In this example, it is assumed that determine destination according to aforementioned first example First 6 during location domain is 23 low are used for order of representation code, remaining 17 for expression content code, further in conjunction with the second example The frame length that method determines frame ontology domain utilizes, and makes the difference of the frame length between multicast packet frame and a reference frame The binary format Bit String of value be 3, then content code substantially by 17 plus 3 totally 20 constitute, it can be seen that its believe Breath ability to express is extended, and is greatly enhanced.

No matter it is used using which kind of mode to multicast packet frame, is realized using the multiple multicast packet frames orderly characterized Load to the data message can meet so that the information to be transmitted be completed to format in data link layer The specification of 802.11 agreement of IEEE.

Complete it is described after the processing work of data link layer, can the mode of multicast packet frame will be described comprising to be passed The data message of defeated information sends receiving end to.

Information secure transmission method of the invention is in transmission information process, even if all multicast packet frames are trapped, To make interceptor obtain the data message, due to the security enhancement that method of the invention plays the role of, interceptor is still It is difficult to decode the information of the invention transmitted.

The present invention further provides a kind of networking cut-in method, can to information secure transmission method above-mentioned transmission Information utilized, referring to Fig. 6, the networking cut-in method includes the following steps:

Step S21, data message is received.

This step needs the frame for being responsible for completing data link layer to receive to obtain corresponding data message.Receive datagram The process of text has the phase reverse-power in agreement with the aforementioned process to send datagram, can refer to the rule of IEEE 802.11 Model.Based on the aforementioned example using multicast packet frame, it is referred to following specific method alignment processing shown in Fig. 7:

Step S211, the multicast packet frame with same source is received.

This step receives the technology with the multicast packet frame of same source by WiFi mould group, is those skilled in the art Member is known, it should be pointed out that same source designated herein refers to the source address of the transmitting terminal, identifies this with this The sender of configuration information needed for method.

Step S212, each multicast packet frame is assembled according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized The content code of carrying.

As before disclosed the editable bit area in the destination address domain using only multicast packet frame, using only frame ontology Length of field difference utilizes the editable bit area in the destination address domain and length difference three of frame ontology domain jointly Example, for realizing the load to the data message.The multicast packet frame of load data message has multiple, is given with sequence code With sequence, according to the contrary principle in agreement, this step can be decoded its received all multicast packet frame of institute, obtain phase Corresponding content code is carried out concatenation assembling by the sequence code and content code answered, the sequence that code is characterized in sequence.

Step S213, the content code after sequentially assembling is converted into the data message.

It is customized to be converted into the present invention according further to the contrary principle in agreement for coded sequence after sequentially assembling The data message that protocol layer can identify, to carry out subsequent processing.For the integrity degree for ensuring the data message, obtaining It, should be using the check code of its front end (specifically depending on data message structure) to the data message after the data message Length is verified.It for the data message not being consistent, should abandon, only the successful data message of acceptance inspection.

Step S22, contained secondary ciphertext is decrypted to obtain a ciphertext using secondary key contained by the data message.

An example of aforementioned announcement according to the present invention in the data message obtained of receiving end, contains described two Secondary key, and the secondary ciphertext suitable for being decrypted with the secondary key.Two expressed by it are read from the data message as a result, Secondary key is decrypted the secondary ciphertext with related algorithm, can be obtained a ciphertext of the configuration information transmitted.It needs It is to be understood that since the secondary key receives the specification of symmetric cryptosystem, therefore, it is not necessary to secondary locally prestoring this Key.

According to the announcement of former approach, the secondary key both can be random number merely, be also possible to be marked by formatting Know the formatting identifying string constituted, i.e. specific identifier collection, no matter secondary key has several heavy meanings, in this example, as long as two Secondary key makes itself have decryption function for encryption configuration information preceding, just must be in this step in advance using secondary The secondary ciphertext of key pair is decrypted.If in certain examples, formatting configuration information without primary encryption, only by secondary Key carries out simple encryption, then just can obtain the configuration information of formatting after this decryption, can directly parse on this basis Format configuration information.Otherwise, obtained after secondary key is decrypted if it is a ciphertext, then also need to be solved again Close, formatting configuration information is finally obtained on the basis of decrypting twice can just be parsed.Certainly, if some embodiments In, specific identifier collection (secondary key) is not used for encryption configuration information, just without decrypting here.

Step S23, a ciphertext is decrypted to obtain configuration information therein using the secondary key prestored.

As in a preceding revealed example, a ciphertext is using a secondary key (public key) to formatting Configuration information, which encrypts, to be formed, the public key which is standardized by asymmetric encryption techniques, thus, the intelligence as receiving end Can terminal prestore corresponding private key, in this step, intelligent terminal calls the private key prestored namely this method so-called primary close A ciphertext is decrypted in key (private key).As can be seen that the so-called secondary key (private key) of this method and previous side Both so-called secondary keys (public key) of method are standardized by asymmetric encryption techniques, be algorithmically it is relevant, the former is solves Key, the latter are encryption key, not have the same key of identical content, those skilled in the art should know.

Really, if the configuration information that formats of the key pair standardized in transmitting terminal using symmetric cryptosystem into Encryption is gone, then intelligent terminal just should prestore an identical secondary key in content as receiving end, and a secondary key was both It is also the decruption key of receiving end for the encryption key of transmitting terminal.

After a decryption ciphertext, the configuration information formatted accordingly is obtained.However, according to aforementioned announcement A variety of variation instances obtain the configuration information of the formatting, the text as specific format from data message anyway This form, this formatted text is not yet identified and utilizes, thus can not yet obtain the configuration of the specification with identification meaning Information.According to the contrary principle in agreement, correspond to certain embodiments, the specific identifier that the secondary key should be utilized to be included will The text resolves to the configuration information with identification meaning.Each example of corresponding aforementioned announcement, there are several types of correspondences Mode is used to handle the configuration information of the formatting:

One, transmitting terminal and the case where the configuration information of the receiving end protocol analysis formatting.

In this case, receiving end need to only parse the configuration information of the formatting according to preparatory agreement, obtain it In each information content.

Two, transmitting terminal is used as secondary key using the formation specific identifier collection of formatting identifying used in formatting procedure Situation.

Such case, two kinds of subdivision situations including aforementioned announcement, one of which are that secondary key is entire specific mark Know collection, including specific identifier collection using formatting identifying is used to indicate information content position in such a way that be used to indicate separating character Mode, another kind is the specific part that specific identifier collection is secondary key.

No matter which kind of situation, all without departing from the contrary principle in agreement.Thus, it should stress in this kind of situation from described two The specific identifier collection is obtained in secondary key, corresponding such as preceding each revealed each concrete condition of example identifies that formatting is matched The information content of confidence breath.

In certain examples, the formatting identifying that specific identifier is concentrated is used to indicate the location of each information content, or Person is used to indicate the separator of each information content, including the first formatting identifying above-mentioned and the second formatting identifying, Anyway, using the instruction of the formatting identifying, separate and extract the formatting configuration information, to be advised The configuration information of model, namely each information content with identification meaning.

According to the processing of this step, the configuration information of specification may finally be obtained, namely recognizes and obtains transmitting terminal transmission Information primitive meaning, for example, receiving end could be aware that the target network that will access for configuration information above-mentioned The service set SSID of network is MYWiFi, and its corresponding login password PSW is then PLZLOGIN.

It should be pointed out that a kind of only make the specific identifier collection only have the function of parsing, without utilizing its key function It in the corresponding embodiment of energy, then need not pass through each decryption step above-mentioned, and two decryption steps are replaced with into integration step Suddenly, it is directly solved here using configuration information of the specific identifier collection to formatting contained by data message according to above-mentioned principle Analysis.In this case, although the configuration information formatted is without special encryption once or twice, due to the present invention Specific identifier collection embody it is certain from protocol function, namely using its formatting identifying compartmentation and match for identification The function of the contained each specifying information content of confidence breath, thus, such case also plays certain cipher round results.

Step S24, with configuration information configuration own net setting, the target network is accessed.

After obtaining the configuration information, just obtain mobile terminal provide service set (SSID) and accordingly it is close Code, intelligent terminal can carry out the network settings of itself, determine that corresponding SSID is MYWiFi, and it is phase that its password, which is arranged, The PLZLOGIN answered, the process of starting access target network, carries out a series of handshake operation, until establishing and SSID institute's generation The connection of the WiFi AP of table.

After intelligent terminal connects the AP, target network has just been accessed, can theoretically have been communicated with cloud server, can also have been passed through The routing function that current local area network provides is communicated with the mobile terminal in net.To which intelligent terminal can be to the shifting Dynamic terminal sends one and characterizes the signal for having completed network insertion, so that mobile terminal can further provide for operation control circle Subsequent operation is done to user in face.

As it can be seen that networking cut-in method of the invention can more safely receive configuration based on safer encryption technology Information avoids the configuration information for receiving illegal user's simulation from obtaining safer using effect.

Further, modularized thoughts are based on, the present invention provides a kind of mobile terminal above-mentioned and intelligent terminal, preferably, The mobile terminal is mounted with the mobile phone of aforementioned corresponding APP to realize, computer journey is utilized between mobile terminal and intelligent terminal Sequence realizes the agreement that technical solution of the present invention is embodied.

Referring to Fig. 8, the intelligent terminal includes acquiring unit 11, structure in the exemplary embodiments of mobile terminal of the invention Make unit 12 and transmission unit 13.Function performed by each unit is explained below in detail:

The acquiring unit 11, for obtaining information to be transmitted.

By taking android system as an example, mobile phone terminal calls first by its acquiring unit 11 and shows a movable component (Activity), it or one page realized using HTML5 of display, shows the user interface on the screen and scans WiFi access-in point information (is enumerated) with service set SSID, requests user's selected target network, and requires user's input corresponding Password, to obtain the SSID and password of target network.

The structural unit 12 makes the data message include secondary ciphertext and secondary key for constructing data message, Secondary ciphertext information to be transmitted as described in one-time pad, forms a ciphertext, then included random factor is described Secondary key encrypts to be formed.

After the information to be transmitted for obtaining described configuration information etc, just need to construct data message for it.Construct number According to the process of message, play the role of linking up application layer and data link layer, specifically, obtaining the configuration from application layer The information to be transmitted of information etc, and it is subsequent will send the data message in data link layer, so, structural unit 12 construct number According to the process of message, it is substantially equivalent to a protocol layer defined by the present invention.Thus, the realization of structural unit 12 is very Flexibly, it is illustrated below with several examples:

In a kind of example of structural unit 12 for constructing the data message as shown in Figure 9, the structural unit 12 Module 123 is assembled including primary encryption module 121, secondary encrypting module 122 and structure, the function declaration of each module is as follows:

The primary encryption module 121 utilizes the one-time pad ciphertext of information acquisition to be transmitted.

One secondary key refers to that is widely used at present is used for the key for being carried out primary encryption by transmission information, Generally use public key encryption mode, i.e. asymmetric encryption mode.In public key encryption mode, mobile terminal will be to be passed as transmitting terminal The urtext of defeated information is encrypted with the public key that it is held, and when being transferred to opposite end, the intelligent terminal as receiving end is called Information to be transmitted is decrypted in the private key prestored, to obtain its original version.The public key and private key, algorithmically Correlation, thus can be used for mutually decrypting the data of other side's encryption.In the present embodiment, the primary encryption module 121 similarly edge It with traditional technology, is encrypted using the configuration information of a key pair unprocessed form, to obtain a ciphertext.It is non- Symmetric cryptosystem embodies higher safety, is commonly used in the higher scene of security requirement.

The secondary encrypting module 122 is configured as adding a ciphertext using the secondary key comprising random factor Close is secondary ciphertext.

In the present embodiment, after ciphertext is formed or in certain embodiments independent of primary encryption described in Information to be transmitted is utilized the secondary encryption of secondary key progress in secondary encrypting module 122 and forms secondary ciphertext.It may be noted that , the secondary key is particularly suitable for the private key standardized using symmetric cryptosystem, as a result, when intelligent terminal receives To after corresponding message, it can be consumed with lower calculating and secondary ciphertext is decrypted.

One, using random number as the secondary key.

In this mode, secondary encrypting module 122 calls directly random function, generate a particular number of bits such as 16 with The random number is determined as the secondary key by machine number.This mode is most easily realized, highly efficient, fast convenient for intelligent terminal Speed decryption.

Two, the secondary key is randomly determined from the multiple keys prestored.

This mode similarly can by secondary encrypting module 122 call random function, come determine one prestore it is secondary Key makes its content embody uncertainty.Determining secondary key therefrom, it may have, similarly can be with the characteristics of randomness Play the effect for manufacturing to interceptor and decoding obstacle.

SSID:MYWiFi|PSW:PLZLOGIN

In summary several determinations provided include the example of the secondary key of random factor, and programmer can be according to Determining agreement selectes any one way of example in programming and realizes it, can further be adjusted by secondary encrypting module 122 Ciphertext is encrypted with symmetric encipherment algorithm, to form the secondary ciphertext.

The structure assembles module 123, constitutes the number for assembling the secondary key and the secondary ciphertext According to message.

When the clear text format of the secondary ciphertext and secondary key is determined, can according to transmitting terminal and receiving end it Between agreement be assembled into data message as shown in figure 5, secondary key is preposition in the secondary ciphertext.For examining for verification Consider, the entire length of data message is also further used as check code, the front end of the data message is expressed in, enables receiving end Determine whether received data message is complete using the check code.Obviously, about the structure of data message namely various pieces Arrangement be that comparison is flexible, the only preferable embodiment that the example of attached drawing provides makes the check code and successive Secondary key especially its specific identifier collection constitutes its stem, and end is its content part.Those skilled in the art are referred to This flexible structure adjusts the structure of the data message, assembles to data message, without should be influenced by this structure and Limit the understanding of the present invention.

After structural unit 12 constructs data message of the invention, transmitting terminal and receiving end are just completed in customized association The work for discussing layer calls transmission unit 13 to carry out in data link layer to data message according to the specification of 802.11 agreement of IEEE Processing.

The transmission unit 13, for sending the data message.

The transmission unit 13 needs that the data message is further handled Framed Data.The present invention is with multicast It is illustrated for data frame, now introduces several examples for transmitting the data message using multicast packet frame:

Understanding to this example, please also refer to first two.In this example, it is assumed that determine destination according to aforementioned first example First 6 during location domain is 23 low are used for order of representation code, remaining 17 for expression content code, further in conjunction with the second example The frame length that principle determines frame ontology domain utilizes, and makes the difference of the frame length between multicast packet frame and a reference frame The binary format Bit String of value be 3, then content code substantially by 17 plus 3 totally 20 constitute, it can be seen that its believe Breath ability to express is extended, and is greatly enhanced.

As can be seen that no matter multicast packet frame is used using which kind of mode, the multiple multicasts orderly characterized are utilized Data frame realizes the load to the data message, so that the information to be transmitted is completed to format in data link layer, The specification of 802.11 agreement of IEEE can be met.

Transmission unit 13 complete it is described after the processing work of data link layer, can multicast packet frame mode by institute It states the data message comprising information to be transmitted and sends receiving end to.

Mobile terminal of the invention is during transmitting information, even if all multicast packet frames are trapped, to make Interceptor obtains the data message, and due to the security enhancement that mobile terminal plays the role of, interceptor is still difficult to decode this The information of invention transmitted.

Referring to Fig. 10, the present invention further provides a kind of intelligent terminal, can to mobile terminal transmit information into Row utilizes comprising receiving unit 21, the second decryption unit 22, the first decryption unit 23 and access unit 24, each unit Function is explained below:

The receiving unit 21, for receiving data message.

Receiving unit 21 needs the frame for being responsible for completing data link layer to receive to obtain corresponding data message.Receive number There is the phase reverse-power in agreement according to the process and the aforementioned process to send datagram of message, IEEE 802.11 can be referred to Specification.Based on the aforementioned example using multicast packet frame, is realized using the constructing module of the receiving unit 21 and receive function Can, Figure 11 is please referred to, receiving unit 21 specifically includes frame receiving module 211, frame assembling module 212 and conversion module 213, respectively The function that module is realized is as follows:

The frame receiving module 211, for receiving the multicast packet frame with same source.

Frame receiving module 211 receives the technology with the multicast packet frame of same source by WiFi mould group, is ability Field technique personnel are known, it should be pointed out that same source designated herein refers to the source address of the transmitting terminal, with The sender of configuration information needed for this identification intelligent terminal.

The frame assembles module 212, the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized Assemble the content code that each multicast packet frame carries.

As before disclosed the editable bit area in the destination address domain using only multicast packet frame, using only frame ontology Length of field difference utilizes the editable bit area in the destination address domain and length difference three of frame ontology domain jointly Example, for realizing the load to the data message.The multicast packet frame of load data message has multiple, is given with sequence code With sequence, according to the contrary principle in agreement, frame assembling module 212 can solve its received all multicast packet frame of institute Code, obtains corresponding sequence code and content code, corresponding content code is carried out concatenation group by the sequence that code is characterized in sequence Dress.

The conversion module 213, for the content code after sequentially assembling to be converted to the data message.

Second decryption unit 22 decrypts contained secondary ciphertext using secondary key contained by the data message to obtain Obtain a ciphertext.

An example of aforementioned announcement according to the present invention in the data message obtained of receiving end, contains described two Secondary key, and the secondary ciphertext suitable for being decrypted with the secondary key.The second decryption unit 22 is read from the data message as a result, Take the secondary key expressed by it, the secondary ciphertext be decrypted with related algorithm, can be obtained transmitted with confidence Ciphertext of breath.It is to be appreciated that since the secondary key receives the specification of symmetric cryptosystem, therefore, it is not necessary to Locally prestoring the secondary key.

According to the announcement of mobile terminal, the secondary key both can be random number merely, be also possible to be marked by formatting Know the formatting identifying string constituted, i.e. specific identifier collection, no matter secondary key has several heavy meanings, in this example, as long as two Secondary key makes itself have decryption function for encryption configuration information preceding, just must be sharp in advance in the second decryption unit 22 Secondary ciphertext is decrypted with secondary key.If in certain examples, formatting configuration information without primary encryption, only passing through It crosses secondary key and carries out simple encryption, then just can obtain the configuration information of formatting after this decryption, it can be straight on this basis It connects parsing and formats configuration information.Otherwise, obtained after secondary key is decrypted if it is a ciphertext, then also need again into Row decryption, formatting configuration information is finally obtained on the basis of decrypting twice can just be parsed.Certainly, if certain implementations In example, specific identifier collection (secondary key) encryption configuration information is not used for, just without decrypting here.

It is therein to obtain to decrypt a ciphertext using the secondary key prestored for first decryption unit 23 Configuration information.

As in a preceding revealed example, a ciphertext is using a secondary key (public key) to formatting Configuration information, which encrypts, to be formed, the public key which is standardized by asymmetric encryption techniques, thus, the intelligence as receiving end Energy terminal prestores corresponding private key, under the action of the first decryption unit 23, calls the private key namely this intelligent terminal prestored A ciphertext is decrypted in a so-called secondary key (private key).As can be seen that this intelligent terminal is so-called primary close Both key (private key) and the so-called secondary key of mobile terminal (public key) are standardized by asymmetric encryption techniques, are algorithmically Relevant, the former is decruption key, and the latter is encryption key, not with the same key of identical content, those skilled in the art Member should know.

After first decryption unit 23 decrypts a ciphertext, the configuration information formatted accordingly is obtained.However, According to a variety of variation instances of aforementioned announcement, the configuration information of the formatting is obtained from data message anyway, is made For the textual form of specific format, this formatted text is not yet identified and utilizes, thus capable of not yet obtaining, there is identification to anticipate The configuration information of the specification of justice.According to the contrary principle in agreement, correspond to certain embodiments, should be wrapped using the secondary key The text is resolved to the configuration information with identification meaning by the specific identifier contained.Each example of corresponding aforementioned announcement, There are several types of the configuration informations that corresponded manner is used to handle the formatting:

According to the processing of this unit, the configuration information of specification may finally be obtained, namely recognizes and obtains transmitting terminal transmission Information primitive meaning, for example, receiving end could be aware that the target network that will access for configuration information above-mentioned The service set SSID of network is MYWiFi, and its corresponding login password PSW is then PLZLOGIN.

It should be pointed out that a kind of only make the specific identifier collection only have the function of parsing, without utilizing its key function It in the corresponding embodiment of energy, then need not pass through decryption above-mentioned, and the first decryption unit 23 and the second decryption unit 22 be replaced For a resolution unit, utilize specific identifier collection to the configuration information of formatting contained by data message according to above-mentioned principle here It is parsed.In this case, it will be understood that although the configuration information formatted adds once or twice without special It is close, but since specific identifier collection of the invention embodies certain from protocol function, namely utilize the separation of its formatting identifying Effect and the function of each specifying information content contained by configuration information for identification, thus, such case also plays centainly Cipher round results.

The access unit 24, for accessing the target network with configuration information configuration own net setting.

As it can be seen that intelligent terminal of the invention can more safely be received with confidence based on safer encryption technology Breath avoids the configuration information for receiving illegal user's simulation from obtaining safer using effect.

In conclusion the present invention by cryptographic technique, is expressed by improving the content that data message is loaded, further plus The strong communication security effect for connecting technology fastly based on 802.11 protocol realization of IEEE.

The above is only some embodiments of the invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims

1. a kind of information secure transmission method, which comprises the steps of:

Information to be transmitted is obtained, the information format to be transmitted is turned into the text comprising specific identifier；

Data message is constructed, making the data message includes secondary ciphertext and secondary key, and the secondary ciphertext is added by a secondary key The close information to be transmitted forms a ciphertext, then the secondary key of included random factor encrypts to be formed；It is described secondary Include the specific identifier for parsing the information to be transmitted being formatted in key；

Send the data message.

2. information secure transmission method according to claim 1, which is characterized in that in the step of obtaining information to be transmitted, The information to be transmitted is received by user interface and its submits instruction, is instructed in response to the submission and is executed subsequent step.

3. information secure transmission method according to claim 1, which is characterized in that the information to be transmitted is for accessing The configuration information of target network.

4. information secure transmission method according to claim 3, which is characterized in that the configuration information includes for determining The service set of the target network and the password for logging in the target network.

5. information secure transmission method according to claim 1, which is characterized in that the step of constructing data message includes such as Lower specific steps:

6. information secure transmission method according to claim 1, which is characterized in that the secondary key is random number.

7. information secure transmission method according to claim 1, which is characterized in that a secondary key is based on asymmetric Encryption technology and the public key standardized obtain the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.

8. information secure transmission method according to claim 1, which is characterized in that a secondary key is to be added based on symmetrical Secret skill art and the private key standardized, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.

9. information secure transmission method according to claim 1, which is characterized in that the secondary key is to be added based on symmetrical Secret skill art and the private key standardized, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.

10. information secure transmission method according to claim 1, which is characterized in that the data message further includes being used for Characterize the check code of entire data message length.

11. information secure transmission method according to claim 1, which is characterized in that the step of sending the data message In, multiple multicast packet frames sequentially characterized, which are formatted as, in data link layer loads the data message to send.

12. information secure transmission method according to claim 11, which is characterized in that the data message is loaded into institute It states in the destination address domain and/or frame ontology domain of multicast packet frame.

13. information secure transmission method according to claim 11, which is characterized in that the multicast packet frame meets IEEE 802.11 the specification of agreement.

14. a kind of mobile terminal characterized by comprising

The information format to be transmitted is turned to the text comprising specific identifier for obtaining information to be transmitted by acquiring unit；

Structural unit, for constructing data message, making the data message includes secondary ciphertext and secondary key, the secondary ciphertext The information to be transmitted as described in one-time pad forms a ciphertext, then the secondary key encryption of included random factor It is formed；Include the specific identifier for parsing the information to be transmitted being formatted in the secondary key；

Transmission unit, for sending the data message.

15. mobile terminal according to claim 14, which is characterized in that the acquiring unit is configured as through user circle Face receives the information to be transmitted and its submits instruction, instructs in response to the submission and starts structural unit.

16. mobile terminal according to claim 14, which is characterized in that the information to be transmitted is for accessing target network The configuration information of network.

17. mobile terminal according to claim 16, which is characterized in that the configuration information includes for determining the mesh It marks the service set of network and logs in the password of the target network.

18. mobile terminal according to claim 14, which is characterized in that the structural unit includes following specific module:

Secondary encrypting module is configured as that ciphertext is encrypted as secondary ciphertext using the secondary key comprising random factor；

19. mobile terminal according to claim 14, which is characterized in that the secondary key is random number.

20. mobile terminal according to claim 14, which is characterized in that a secondary key is based on asymmetric encryption skill Art and the public key standardized obtain the information to be transmitted suitable for decrypting a ciphertext using corresponding private key.

21. mobile terminal according to claim 14, which is characterized in that a secondary key is based on symmetric cryptosystem And the private key standardized, suitable for the information to be transmitted for decrypting a ciphertext to obtain described.

22. mobile terminal according to claim 14, which is characterized in that the secondary key is based on symmetric cryptosystem And the private key standardized, suitable for a ciphertext for decrypting the secondary ciphertext to obtain described.

23. mobile terminal according to claim 14, which is characterized in that the data message further includes entire for characterizing The check code of data message length.

24. mobile terminal according to claim 14, which is characterized in that the transmission unit is configured as in data-link Road floor is formatted as multiple multicast packet frames sequentially characterized and loads the data message to send.

25. mobile terminal according to claim 24, which is characterized in that the data message is loaded into the multicast number According in the destination address domain and/or frame ontology domain of frame.

26. mobile terminal according to claim 24, which is characterized in that the multicast packet frame meets IEEE 802.11 The specification of agreement.

27. a kind of networking cut-in method, which comprises the steps of:

Receive data message；

Decrypt a ciphertext using the secondary key that prestores, obtain include specific format text, using described secondary close The specific identifier that key is included parses the text to obtain configuration information therein；

With configuration information configuration own net setting, target network is accessed.

28. networking cut-in method according to claim 27, which is characterized in that in the step of receiving data message, obtain After data message, using the length for verifying the entire data message of code check contained by data message, verification successfully number is only received According to message.

29. networking cut-in method according to claim 27, which is characterized in that the step of receiving data message includes as follows Specific steps:

Receive the multicast packet frame with same source；

The content code that each multicast packet frame carries is assembled according to the indexed sequential that the sequence code that each multicast packet frame provides is characterized；

Content code after sequentially assembling is converted into the data message.

30. networking cut-in method according to claim 29, which is characterized in that the multicast packet frame meets IEEE 802.11 the specification of agreement.

31. networking cut-in method according to claim 29, which is characterized in that the sequence code and content code are expressed in phase In the destination address domain and/or frame ontology domain of the multicast packet frame answered.

32. networking cut-in method according to claim 27, which is characterized in that the secondary key is symmetric cryptosystem The private key standardized, the secondary ciphertext are obtained by the private key encryption.

33. networking cut-in method according to claim 27, which is characterized in that a secondary key is asymmetric encryption skill The private key that art is standardized, a ciphertext are obtained by corresponding public key encryption.

34. networking cut-in method according to claim 27, which is characterized in that a secondary key is symmetric cryptosystem The private key standardized, a ciphertext are obtained by the private key encryption.

35. networking cut-in method according to claim 27, which is characterized in that the configuration information includes for determining It states the service set of target network and logs in the password of the target network.

36. a kind of intelligent terminal, characterized in that it comprises:

Receiving unit, for receiving data message；

Second decryption unit decrypts contained secondary ciphertext using secondary key contained by the data message to obtain a ciphertext；

First decryption unit decrypts a ciphertext using the secondary key prestored, obtains the text comprising specific format, The specific identifier for being included using the secondary key parses the text to obtain configuration information therein；

Access unit, for accessing target network with configuration information configuration own net setting.

37. intelligent terminal according to claim 36, which is characterized in that in the receiving unit, be configured as obtaining number After message, using the length for verifying the entire data message of code check contained by data message, only receives and verify successful data Message.

38. intelligent terminal according to claim 36, which is characterized in that the receiving unit includes:

Frame assembles module, and the indexed sequential that the sequence code for providing according to each multicast packet frame is characterized assembles each multicast packet The content code that frame carries；

39. the intelligent terminal according to claim 38, which is characterized in that the multicast packet frame meets IEEE 802.11 The specification of agreement.

40. the intelligent terminal according to claim 38, which is characterized in that the sequence code and content code are expressed in accordingly In the destination address domain and/or frame ontology domain of multicast packet frame.

41. intelligent terminal according to claim 36, which is characterized in that the secondary key is advised by symmetric cryptosystem The private key of model, the secondary ciphertext are obtained by the private key encryption.

42. intelligent terminal according to claim 36, which is characterized in that a secondary key is asymmetric encryption techniques institute The private key of specification, a ciphertext are obtained by corresponding public key encryption.

43. intelligent terminal according to claim 36, which is characterized in that a secondary key is advised by symmetric cryptosystem The private key of model, a ciphertext are obtained by the private key encryption.

44. intelligent terminal according to claim 36, which is characterized in that the configuration information includes for determining the mesh It marks the service set of network and logs in the password of the target network.