CN105357670B - A kind of router - Google Patents
A kind of router Download PDFInfo
- Publication number
- CN105357670B CN105357670B CN201510916627.6A CN201510916627A CN105357670B CN 105357670 B CN105357670 B CN 105357670B CN 201510916627 A CN201510916627 A CN 201510916627A CN 105357670 B CN105357670 B CN 105357670B
- Authority
- CN
- China
- Prior art keywords
- router
- wifikey
- units
- data
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a kind of router, is included at least in the router:Router main body unit, for realizing router by the function with WIFI;WIFIKey units, the information of configuration information and the client device being connected with the router for storing the router;WIFIKey administrative units, the data communication for managing the router and the connected client device and WIFIKey.
Description
Technical field
This application involves the technical field of router more particularly to a kind of routers.
Background technology
Intelligent WIFI routers are the main products that major router vendors are promoted now, are positioned as the heart of smart home
It is dirty.Router is all based on linux kernel at present, realizes the routing function of in-home.Existing smart home routing plan
In, the sensitive information and the connection equal stored in clear of facility information of router are not done in router storage based on safety chip height
The protection of security level.With the ecological concept industrialization of internet of things intelligent household, the safety of Intelligent routing is at main problem.
USBKey is the security medium for realizing network bank business, based on the safety-related specifications of ISO7816, is calculated in conjunction with PKCS
The ciphertext transmission of communication data, ensures that Transaction Information is not stolen, distorts in method standard implementation network trading.
Existing intelligent and safe router does not introduce trustable security environment SE, this problem can cause safety-related one
Series of problems.Router account, which is easily stolen, distorts, and the facility information being connect with router is stolen, and passes through equipment and routing
The critical data information of user, including social networks account and financial related data etc. are stolen in the data of device communication.And it is based on
The intelligent router of smart home, then problem is more notable, and criminal obtains the control of router by some technological means
Permission, can be with the home equipment of some intelligent links of remote control, such as intelligent video camera head, intelligent kitchen, intelligent air condition, intelligence
Sweeping robot, smart television, intelligent door and window etc..
The current application fields of USBKey are more limited to so that its following problems faced is that the industrial structure is single, product shape
State is single, be badly in need of being incorporated into Internet of Things and internet+related product industry in, just can guarantee its sustainable development.
Invention content
In view of this, the application provides a kind of router, including:
Router main body unit, for realizing router by the function with WIFI;
WIFIKey units, data information for storing router working condition and the visitor being connected to the router
Family end equipment information;
WIFIKey administrative units, the data for managing the router and the client device and WIFIKey units
Communication.
In the application preferred embodiment, the WIFIKey units can be also used for:
Router configuration data management instruction is handled, processing returns to router configuration data;
Receive client device link order, the connection for completing client device;
Operational order of the client device about other client devices is received, the client-side management permission is verified, tests
The operational order legitimacy is demonstrate,proved, and respective operations are carried out by the WIFIKey administrative units;
When detecting router attack, early warning processing is carried out.
In the application preferred embodiment, the connection for completing client device includes:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, the data for asking equipment to send and generating random number is signed, it is desirable that equipment is signed
Verification;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf so, executing S109;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
In the application preferred embodiment, the processing router configuration data management instruction, processing returns to router and matches
Data are set, include the manufacture processing of router and WIFIKey units, specially:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
In the application preferred embodiment, the processing router configuration data management instruction, processing returns to router and matches
Data are set, including uses and the data used is managed when router, specially:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to
S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
In the application preferred embodiment, when be written in data procedures encounter power-off it is abnormal when, the data management processes
In can also include write-in power interruption recovering, specially:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
In the application preferred embodiment, the operational order for receiving client device about other client devices,
The client-side management permission is verified, verifies the operational order legitimacy, and is carried out pair by the WIFIKey administrative units
It should operate, wherein the client device is superclient end, is specifically included:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list, and return authentication shape after S607, WIFIKey unit nuclear tests card data
State information;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy
The list of devices returned is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, WIFIKey administrative units in router according to the device authentication information that WIFIkey units return send from
The equipment operation that superclient end equipment receives is asked to designated equipment;Specified equipment is returned after being operated according to the instruction received
Return mode of operation;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to super visitor
Family end equipment.
In the application preferred embodiment, it is described detect router attack when, carry out early warning processing, specially:
When WIFIKey units find within the preset period, the router continually storage to WIFIKey units
When data access, WIFIKey units then start alarm flow;
The alarm flow is:
WIFIKe units y sends special instruction to the WIFIKey administrative units of router, it is desirable that it passes through pre-set
The client device that Path remote notice of alarming connects, while WIFIKey units stop automatically into low-power consumption mode or completely
Only work, it is locked into inside, and prompt the access registrar password of user's change WIFIKey units.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments described in application can also be obtained according to these attached drawings other for those of ordinary skill in the art
Attached drawing.
Fig. 1 is the structural schematic diagram that the application is router;
Connection processing flow chart when Fig. 2 is equipment connection router;
Fig. 3 is router manufacture process chart;
Fig. 4 is the flow chart of router data management;
Fig. 5 is power interruption recovering flow chart in ablation process;
Fig. 6 is the flow chart of mobile phone connection router;
Fig. 7 is the flow chart that superclient end equipment operates other client devices by router.
Specific implementation mode
A kind of router disclosed herein, in the technical scheme by the data information of router working condition and company
The facility information connect is stored entirely in WIFIKey units, when router need of work use these data when, then in real time from
It is read in WIFIKey units.It is not stolen not to illegal control with this to protect router and its connect the information of equipment.
In order to make those skilled in the art more fully understand the technical solution in the application, below in conjunction with the embodiment of the present application
In attached drawing, technical solutions in the embodiments of the present application is clearly and completely described, it is clear that described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
The every other embodiment that member is obtained, shall fall within the protection scope of the present application.
Further illustrate that the application implements with reference to illustrations.
As shown in Figure 1, this application provides a kind of router, included at least in the router:
Router main body unit 1, for realizing router by the function with WIFI;
WIFIKey units 2, data information for storing router working condition and the visitor being connected to the router
Family end equipment information;
WIFIKey administrative units 3, the number for managing the router and the client device and WIFIKey units
According to communication.
The WIFIKey units can be by the believable safety chip structure of a variety of encryption and decryption of support and abstract mathematical algorithm
At.
Data memory format inside WIFIKey units:
(1) router data uses TLV format organizations, i.e. TAG+Length+DATA;
(2) the secret key format description of WIFIKey units:Secret key divides secret key data head and secret key number body two parts, i.e. HEAD+
Body。
WIFIKey cell operation flows are described below:
(1) processing router configuration data management instruction, processing return to router configuration data
(2) equipment link order is received, processing equipment connects flow.
(3) operational order of the client about other equipment is received, client-side management permission, verification operation instruction are verified
Legitimacy, and inform router services program, carry out respective operations.
(4) when detecting router attack (such as the short time persistently carries out configuration data access), into early warning process flow.
As shown in Fig. 2, will be explained in connection processing flow when equipment connection, specifically include:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, the data for asking equipment to send and generating random number is signed, it is desirable that equipment is signed
Verification;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107,;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf correct, S109 is executed;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
Router disclosed herein, the router and WIFIKey units therein need to complete default in manufacture
It sets, router data is provided by router vendors, and WIFIKey units are provided by security firm.All data are mono- by WIFIKey
Member is written to using prefabricated instruction in the secure storage of WIFIKey units in the manufacture stage.In the memory mechanism of WIFIkey units
The format for deferring to a and b is determined the storage mode (plaintext or cipher text) of every group of data by router vendors.
Default setting example:
Router factory data:
The manufacture prefabricated citing of WIFIKey unit secret keys:
Data above is required to the special manufacture instruction write-in of WIFIKey units.
As shown in figure 3, router and WIFIKey units manufacture process chart include:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
In routine use, the route configuration information that router is read in WIFIKey units can work router.
Router needs are managed the data used, including:
Router data updates:When user is in WEB interface or use mobile terminal APP update router datas, only
Have when application selects to determine storage, data ought to be written to WIFIKey units by router built-in pipe with ability with instruction mode
In.
The mode that WIFIKey units are written in router data is backed up using new value.When WIFIKey units receive router pipe
When managing the data update instruction of program, the built-in backup region of WIFIKey units is first write new data into, waits for that all updates refer to
After order is sent completely, when sending the last item instruction instruction, Backup Data effective marker is arranged in WIFIKey units, then will
The new data for being stored in backup region is written to the target area of normal storage.
As shown in figure 4, the flow of router data management includes:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to
S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
When being powered off in ablation process, the data write-in of WIFIKey units is interrupted, when being once again powered up, WIFIKey
It will check whether the new data in backup region is effective inside unit, if effectively, new data is re-write normal storage area
Domain;If invalid, then it represents that not yet operate normal storage region, WIFIKey units can work normally.
As shown in figure 5, the power interruption recovering flow in ablation process includes:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
When user occur and having updated error configurations data, router can not work normally, and WIFIKey units are supported to restore
To manufacture configuration feature.
Next, will be described in the function of WIFIKey administrative units in WIFI routers, include mainly:
(1) it is communicated with WIFIKey units, confirms the legitimacy of WIFIKey units.
(2) by the configuration management information of WIFI routers with ciphertext form secure storage in WIFIKey.
(3) by the facility information being connect with WIFI routers with encrypted test mode secure storage in WIFIKey units.
Connecting facility information includes but not limited to:
The routing of device name, device id, device type, device mac address, the IP that equipment obtains, equipment connects the rental period,
The connection Permission Levels etc. that equipment obtains.
(4) escape way is established with the security client of intelligent mobile terminal, the connection of authentication intelligent mobile terminal is legal
Property, authorize access control right rank of the intelligent mobile terminal to the home equipment of router and its connection.
(5) when encountering attack, the intelligent mobile terminal of certification is notified to carry out security alarm immediately by secure connection.
Alarm mechanism is:When WIFIKey units find that within a shorter period, router is continually right
When the data of the storage inside of WIFIKey units access, such as:30 data updates have been done in one minute confirms behaviour
Make, you can think router by rogue attacks, WIFIKey units then start alarm flow.
WIFIKey alarm flows are as follows:
WIFIKey units send special instruction to the WIFIKey administrative units (WIFIKey management programs) of router,
Ask it by pre-set alarm channel (VPN etc. that cell phone application is built) remote notification mobile phone, while WIFIKey units are certainly
It is dynamic to enter low-power consumption mode or be stopped completely, it is locked into inside, restart after router actively powers off,
WIFIKey units could enter normal mode of operation, and prompt the access registrar password of user's change WIFIKey units.
WIFIKey administrative units can be located in the WIFIKey service units of router.
(6) the ciphertext format used in WIFIKey units can include but is not limited to:Single des encryption ciphertext, 3DES encryption
Ciphertext, RSA public key encryptions ciphertext, RSA private key signatures data, SM2 public key encryptions ciphertext, SM2 private key signatures data, SMS4 are close
Text, AES ciphertexts etc..
For not needing the data of ciphertext storage, stored using plaintext abstract mode.Abstract mode includes but not limited to:
SHA1, SHA224, SHA256, SHA384, SHA512, MD5, SM3 etc..
The function of WIFIKey units is described more fully below:
(1) confirm couple in router with WIFIKey service units communication in router to carry out client secure certification
The legitimacy of intelligent mobile terminal;
(2) list of devices and its related status information etc. of Intelligent routing connection are obtained;
(3) escape way is completed, sends instruction to the specified other equipment being connect with router so that target device is complete
At correspondingly function;
Such as, work order is sent to intelligent video camera head, to realize the case where watching family etc.;
(4) when router is under attack, by carrying out preset related security after warning message;
Such as, router shutdown command etc. is remotely sent.
Client device and router communication flow is described more fully below:
Those skilled in the art can define:
Client device can be loaded in mobile phone, tablet computer, smartwatch etc. to connect the smart machine of router
On APP, be generally divided into Android APP, IOSAPP, HTML5APP, WINDOWS APP.
Comprising mounted in operating system on the router and the WIFIKey administrative units based on operating system in router.
The communication flow includes:
(1) router is switched on and enters working condition;
(2) client device is switched on and enters working condition;
(3) client device finds router and initiates the connection certification request.
(4) WIFIKey administrative units receive certification request in router and that the certification request is sent to WIFIKey is mono-
Member;
(5) WIFIKey units receive the message identifying of WIFIKey administrative units transmission, safe handling are carried out, after processing
Safe packet be sent to the WIFIKey administrative units in router.
The safe handling includes but not limited to:Data encryption, data deciphering, data MAC certifications, data HASH verification,
Verifying data signature, data carry out PKCS and are packaged unpacking etc..
(6) WIFIKey administrative units receive the processing message of WIFIKey units, send it to client device and want
Client device is asked to carry out safety certification.
(7) client device receives safe packet, and verify data is sent to router after carrying out safety certification.
(8) the WIFIKey administrative units of loading in the router confirm data integrity after receiving verify data, then will
It is sent to WIFIKey units.
(9) WIFIKey units are verified, and client, which is added to safety, after confirmation is errorless trusts in registration table, and root
Correspondingly security level is distributed for it according to verification information, corresponding message is returned and gives server-side management program.
Be stored in WIFIKey units the credible registration table structure of equipment can include but is not limited to include:Device type is set
Standby ID, device mac address and equipment description.Such as:PC computers, 0001,12-34-56-78-9A-BC, Peter-PC.
(10) WIFIKey administrative units carry out respective handling according to the message that WIFIKey units return, and allow client
Equipment accesses and network connection.
As shown in fig. 6, by taking mobile phone as an example, the flow that mobile phone is connect with router includes:
S501 starts.
S502, router enter WIFI working conditions.
S503, mobile phone detect WIFI signal, and WIFI connection requests are initiated by the APP installed on mobile phone.
S504, cell phone application tissue connection request Data Concurrent send the WIFIKey administrative units into router.
Preferably, cell phone application can be by mobile phone MAC Address, the account registered on the router and WIFI connection passwords
It organizes, and WIFIKey administrative units is sent to after adding CRC.
S505, WIFIKey administrative units receive transmitted data in router, are sent the data to after verification is errorless
WIFIKey units.
The verification refers to that verify CRC wherein included removes CRC and send the data to WIFIKey after confirmation is errorless
Unit.
Whether S506, WIFIKey unit judges mobile phone are in trust listIf so, jumping to S513;If otherwise executing
S507。
It is digitally signed after S507, WIFIKey reconfiguration of cell information, WIFIKey signature being sent in router
Administrative unit.
The WIFIKey units recombinate the information that 8 byte random numbers and mobile phone are sent, and carry out RSA digital signature,
WIFIKey administrative units signature result being sent in router.
Signature is sent to cell phone application by S508, the WIFIKey administrative units in router.
S509, cell phone application carry out signature verification, by after verification data and result be sent to WIFI Key administrative units.
The public key that mobile phone uses when installing APP by it carries out signature verification, and the data of signature verification and result are sent
To WIFI Key administrative units.
S510, WIFIKey administrative unit forward Signature verification data and result to give WIFIKey units.
Whether the signature verification of S511, WIFIKey unit judges passes throughIf so, executing S512;If it is not, then jumping to
S516。
Cellphone information is added to safety and trusts registration table by S512.
S513 verifies WIFI passwords.
S514 determines whether WIFI passwords are correctIf so, executing S515;If it is not, then jumping to S516.
S515 allows mobile phone to connect.
S516 terminates.
It is for road it should be noted why first sending message by mobile phone rather than removing connection mobile phone by router
When can verify that whether mobile phone has carried out secure registration on the router by device, and can prevent router from illegally being controlled
It goes actively to connect chartered equipment.
It is that completion is established in Router Security connection above, as shown in fig. 7, will be described below after a connection setup, has super
The client device of grade administrator right is (referred to as:Superclient end equipment) by the router to other client devices into
The flow of row operation:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list, and return authentication shape after S607, WIFIKey unit nuclear tests card data
State information;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy
The list of devices returned is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, WIFIKey administrative units in router according to the device authentication information that WIFIkey units return send from
The equipment operation that superclient end equipment receives is asked to designated equipment;Specified equipment is returned after being operated according to the instruction received
Return mode of operation;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to super visitor
Family end equipment.
The implementation of the present invention can ensure Router Security even running, ensure router access and control secure and trusted
It is carried out under environment, ensures the safety of smart home device remote control, ensure the safety of smart home ecological data.
It will be understood by those skilled in the art that embodiments herein can be provided as method, apparatus (equipment) or computer
Program product.Therefore, in terms of the application can be used complete hardware embodiment, complete software embodiment or combine software and hardware
Embodiment form.Moreover, the application can be used in one or more wherein include computer usable program code meter
The computer journey implemented in calculation machine usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of sequence product.
The application is flow chart of the reference according to method, apparatus (equipment) and computer program product of the embodiment of the present application
And/or block diagram describes.It should be understood that each flow in flowchart and/or the block diagram can be realized by computer program instructions
And/or the combination of the flow and/or box in box and flowchart and/or the block diagram.These computer programs can be provided to refer to
Enable the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate
One machine so that by the instruction that computer or the processor of other programmable data processing devices execute generate for realizing
The device for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application
Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application
Belong within the scope of the application claim and its equivalent technologies, then the application is also intended to exist comprising these modification and variations
It is interior.
Claims (7)
1. a kind of router, included at least in the router:
Router main body unit, for realizing router by the function with WIFI;
WIFIKey units, data information for storing router working condition and the client being connected to the router
Facility information;
WIFIKey administrative units, it is logical for managing the router and the client device and the data of WIFIKey units
News;
The WIFIKey units are additionally operable to:
Receive client device link order, the connection for completing client device;
Wherein, it is described complete client device connection include:
S101 starts;
S102, WIFIKey unit receive the connection request of router forwarding;
S103, whether request equipment is in secure registration tableIf it is not, then executing S104;If so, redirecting S108;
S104 generates random number, and the data for asking equipment to send and generating random number are signed, it is desirable that equipment carries out signature and tests
Card;
S105, the signature verification result of waiting facilities;
S106, determines whether signature verification passes through, if passing through, executes S107;If it is not, then redirecting S110;
Trust list will be added by the equipment of verification in S107;
Whether S108, verification WIFI passwords are correctIf so, executing S109;If it is not, then redirecting S110;
S109 allows to connect, and return allows to connect message;
S110 terminates.
2. router as described in claim 1, the WIFIKey units are additionally operable to:
Router configuration data management instruction is handled, processing returns to router configuration data;
Operational order of the client device about other client devices is received, the client-side management permission is verified, verifies institute
Operational order legitimacy is stated, and respective operations are carried out by the WIFIKey administrative units;
When detecting router attack, early warning processing is carried out.
3. router as claimed in claim 2, the processing router configuration data management instruction, processing return to router and match
Data are set, include the manufacture processing of router and WIFIKey units, specially:
S201 starts;
S202, WIFIKey unit secret key are written;
Whether S203, WIFIKey unit secret key are presetIf it is not, then jumping to S202;If so, executing S204;
S204, router configuration data write-in;
S205, determines whether router data has been written intoIf it is not, then jumping to S204;If so, executing S206;
The life cycle of router is switched to user mode by S206;
S207 terminates.
4. router as claimed in claim 2, the processing router configuration data management instruction, processing return to router and match
Data are set, including uses and the data used is managed when router, specially:
S301 starts data management;
S302, user update the data;
S303, it is determined whether update the dataIf so, executing S304;If it is not, then jumping to S311;
S304, router is to WIFIKey unit transmission datas;
S305, WIFIKey unit write the data received in backup region;
S306, it is determined whether be the last item router dataIf so, S307 is executed, if it is not, then jumping to S304;
Backup area effective marker is written in S307;
S308, determination are all to be provided with the effective marker of backup areaIf so, executing S309;If it is not, then jumping to S311;
Backup area data are written to target data area by S309;
S310, the effective marker in erasing backup region;
S311 terminates.
5. router as claimed in claim 4, when be written in data procedures encounter power-off it is abnormal when, the data management
Can also include write-in power interruption recovering in journey, specially:
S401 starts;
S402, backup region effectively identify whether to be arrangedIf so, executing S403;If it is not, then jumping to S405;
The data backed up in region are written to target data area S403;
The effective marker in region is backed up in S404, erasing;
S405 terminates.
6. router as claimed in claim 2, the operational order for receiving client device about other client devices,
The client-side management permission is verified, verifies the operational order legitimacy, and is carried out pair by the WIFIKey administrative units
It should operate, wherein the client device is superclient end, is specifically included:
S601, superclient end equipment initiate certification request;
S602, router handle superclient end request Concurrency and carry out safety certification to WIFIKey units;
S603, WIFIKey cell processing authentication information simultaneously send safe packet to router;
S604, router respond request simultaneously forward safe packet to superclient end;
S605, superclient end processing safe packet simultaneously send verify data;
S606, router forward verify data to WIFIKey units;
Superclient end is added to safe list after S607, WIFIKey unit nuclear tests card data, and return authentication state is believed
Breath;
S608, router return authentication status information;
S609, superclient end is sent to router reads connection list of devices instruction;
S610, WIFIKey administrative units, which are sent, in router reads list of devices in WIFIkey units and instructs;
The legitimacy for the instruction that the verification of S611, WIFIKey unit receives, the returning equipment list if legal;
S612 returns to obtained WIFIKey units after the WIFIKey administrative units in router confirm instruction legitimacy
List of devices is sent to superclient end equipment;
S613, superclient end equipment send the operational order of designated equipment;
S614, the WIFIKey administrative units in router give WIFIkey units to send and read designated equipment information command;
S615, WIFIkey unit verify designated equipment legitimacy, and return to verification information;
S616, the WIFIKey administrative units in router are sent according to the device authentication information that WIFIkey units return from super
The equipment operation that client device receives is asked to designated equipment;Specified equipment is grasped according to return after the instruction operation received
Make state;WIFIKey administrative units in router obtain the mode of operation of designated equipment, and send it to superclient end
Equipment.
It is described when detecting router attack 7. router as claimed in claim 2, early warning processing is carried out, specially:
When WIFIKey units find that within the preset period, the router is continually to the storage data of WIFIKey units
When accessing, WIFIKey units then start alarm flow;
The alarm flow is:
WIFIKey units send special instruction to the WIFIKey administrative units of router, it is desirable that it passes through pre-set alarm
The client device of Path remote notice connection, while WIFIKey units stop work automatically into low-power consumption mode or completely
Make, it is locked into inside, and prompt the access registrar password of user's change WIFIKey units.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510916627.6A CN105357670B (en) | 2015-12-10 | 2015-12-10 | A kind of router |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510916627.6A CN105357670B (en) | 2015-12-10 | 2015-12-10 | A kind of router |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105357670A CN105357670A (en) | 2016-02-24 |
CN105357670B true CN105357670B (en) | 2018-08-21 |
Family
ID=55333502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510916627.6A Active CN105357670B (en) | 2015-12-10 | 2015-12-10 | A kind of router |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105357670B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105871852B (en) * | 2016-04-08 | 2019-03-05 | 绍兴文理学院元培学院 | A kind of intelligent router, Router Security management method |
CN108833221A (en) * | 2018-05-30 | 2018-11-16 | 四川斐讯全智信息技术有限公司 | A kind of quick distribution of smart home and the system and method for binding account |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201700013U (en) * | 2010-06-29 | 2011-01-05 | 北京北方博业科技发展有限公司 | 3g router |
CN102291856A (en) * | 2011-09-21 | 2011-12-21 | 大连钜正科技有限公司 | Internet of things gateway with multipassage and multichannel supporting effect |
CN104618899A (en) * | 2015-01-29 | 2015-05-13 | 杭州晟元芯片技术有限公司 | ZigBee router with built-in safety module |
CN104618204A (en) * | 2015-01-29 | 2015-05-13 | 杭州晟元芯片技术有限公司 | Intelligent home system for guaranteeing safe and remote control based on security modules and realization method thereof |
-
2015
- 2015-12-10 CN CN201510916627.6A patent/CN105357670B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201700013U (en) * | 2010-06-29 | 2011-01-05 | 北京北方博业科技发展有限公司 | 3g router |
CN102291856A (en) * | 2011-09-21 | 2011-12-21 | 大连钜正科技有限公司 | Internet of things gateway with multipassage and multichannel supporting effect |
CN104618899A (en) * | 2015-01-29 | 2015-05-13 | 杭州晟元芯片技术有限公司 | ZigBee router with built-in safety module |
CN104618204A (en) * | 2015-01-29 | 2015-05-13 | 杭州晟元芯片技术有限公司 | Intelligent home system for guaranteeing safe and remote control based on security modules and realization method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN105357670A (en) | 2016-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3646173B1 (en) | Theft and tamper resistant data protection | |
CN103227776B (en) | Configuration method, configuration device, computer program product and control system | |
TWI643508B (en) | Smart routing system for IoT smart devices | |
CN101351807B (en) | Methods and systems for associating an embedded security chip with a computer | |
US9021568B2 (en) | Verification method for verifying validity of program, and verification system | |
MX2011002423A (en) | Authorization of server operations. | |
CN101258505A (en) | Secure software updates | |
JP2016531508A (en) | Data secure storage | |
US10990692B2 (en) | Managing data handling policies | |
JP2006114010A (en) | System for home network and method for authentication between remote terminal and home network using smart card | |
JP2008532123A (en) | Method for monitoring and controlling managed devices | |
KR102439881B1 (en) | System for controlling network access based on controller and method of the same | |
KR102460695B1 (en) | System for controlling network access based on controller and method of the same | |
US8254577B2 (en) | Validation of encryption key | |
JP2012137975A (en) | Relay processor, control method for the same and program | |
CN111901303A (en) | Device authentication method and apparatus, storage medium, and electronic apparatus | |
KR102377248B1 (en) | System for controlling network access based on controller and method of the same | |
KR20190057677A (en) | Electronic device and method for transmitting and receiving data based on secured operating system in the electronic device | |
CN105357670B (en) | A kind of router | |
KR101206854B1 (en) | Authentication system and method based by unique identifier | |
JP2010212805A (en) | Method and system for distributing security information of settlement processing, center apparatus thereof, settlement device and program | |
KR20160063250A (en) | Network authentication method using a card device | |
CN102822840B (en) | Use management system and use management method | |
KR102377246B1 (en) | System for controlling network access based on controller and method of the same | |
CN105991524A (en) | Family information security system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |