CN105430649A - Wifi access method and apparatus - Google Patents
Wifi access method and apparatus Download PDFInfo
- Publication number
- CN105430649A CN105430649A CN201511025581.5A CN201511025581A CN105430649A CN 105430649 A CN105430649 A CN 105430649A CN 201511025581 A CN201511025581 A CN 201511025581A CN 105430649 A CN105430649 A CN 105430649A
- Authority
- CN
- China
- Prior art keywords
- wifi
- wifi equipment
- mobile terminal
- request
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a WIFI access method and apparatus and belongs to the WIFI network security field. The objective of the invention is to solve the problem of incapability of ensuring the access security of a mobile terminal and the problem of inconsistency of security. The WIFI access method includes the following steps that: a mobile terminal obtains identity recognition information of a WIFI apparatus from a credible WIFI cloud platform before being connected into the WIFI apparatus to obtain network data; and the mobile terminal compares the identity recognition information of the WIFI apparatus with an identity verification code of the WIFI apparatus so as to judge whether the WIFI apparatus is safe and reliable. The WIFI access method provided by the embodiment of the invention is used for verifying the WIFI apparatus when the mobile terminal is connected with the WIFI apparatus.
Description
Technical field
The present invention relates to WIFI network security fields, particularly relate to a kind of WIFI cut-in method and equipment.
Background technology
In the construction of current wireless city, smart city, relate to a large amount of public WIFI (English names: wirelessfidelity, Chinese: Wireless Fidelity) dispose, mobile terminal is more easily by WIFI accessing Internet, but addressable WIFI network whether credible and secure not corresponding safeguard technology and system, after mobile terminal accesses illegal WIFI network, the risk information of facing be stolen, therefore illegal WIFI network endangers vast domestic consumer constantly.
The credible WIFI connecting system disposed in prior art comprises: cloud certificate server, access controller, WIFI hot spot, cloud certificate server issues security strategy to access controller.When mobile terminal accesses the WIFI hot spot in this system first, WIFI hot spot prospecting tools is downloaded from WIFI hot spot, obtain security strategy by this WIFI hot spot prospecting tools from access controller, and use this security strategy to detect this WIFI hot spot, detect and successfully then start certification online.
State in realization in the process of credible WIFI access, inventor finds that in prior art, at least there are the following problems:
As mentioned above, by downloading WIFI hot spot prospecting tools to detect current WIFI hotspot information from this WIFI hot spot after access WIFI hot spot in prior art, still there is the situation of accessing first and namely accessing illegal WIFI hot spot, mobile terminal access security can not be ensured; Prior art ensures fail safe according to security strategy simultaneously, and different application scene different mobile terminal role obtains different safety guarantee, and therefore fail safe is inconsistent.
Summary of the invention
Embodiments of the invention provide a kind of WIFI cut-in method and equipment, must not ensure mobile terminal access security and the inconsistent problem of fail safe for solution.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, provide a kind of WIFI cut-in method, the method comprises:
Mobile terminal obtains the MAC Address of described WIFI equipment from WIFI equipment, sends the request of data comprising described MAC Address to credible WIFI cloud platform;
Described credible WIFI cloud platform, according to the described MAC Address in described request of data, obtains the identity information of corresponding WIFI equipment, and sends the identity information of the WIFI equipment of described correspondence to described mobile terminal; Described identity information comprises the unique identities code of described WIFI equipment
Described mobile terminal sends request the checking request of the authentication code of described WIFI equipment after receiving the described identity information sent by described credible WIFI cloud platform to described WIFI equipment;
Described WIFI equipment receives the checking request sent by described mobile terminal, sends described authentication code to described mobile terminal;
After described mobile terminal receives the described authentication code sent by described WIFI equipment, described authentication code and described unique identities code are compared, if consistent, be proved to be successful and access described WIFI equipment, if inconsistent, authentication failed and do not access described WIFI equipment.
In the implementation that the first is possible, in conjunction with first aspect, described before credible WIFI cloud platform transmission request of data, comprising:
Described mobile terminal generates the first random key, is encrypted to generate described request of data to described first random key and described MAC Address by the PKI of described credible WIFI cloud platform.
In the implementation that the second is possible, in conjunction with first aspect, described before described WIFI equipment transmission checking request, comprising:
Described mobile terminal generates the second random key, and be encrypted to generate described checking request to described second random key by the first communication key, wherein, described first communication key carries in described identity information.
In the implementation that the third is possible, in conjunction with first aspect, after described credible WIFI cloud platform receives described request of data, comprising:
The described credible WIFI cloud platform private key of described credible WIFI cloud platform is decrypted the described request of data that described mobile terminal sends.
In the 4th kind of possible implementation, in conjunction with first aspect, described send the identity information of WIFI equipment of described correspondence to described mobile terminal before, comprising:
Described credible WIFI cloud platform the first random key is encrypted described identity information, and wherein, described first random key carries in described request of data.
In the 5th kind of possible implementation, in conjunction with first aspect, after described WIFI equipment receives the checking request sent by described mobile terminal, comprising:
Described WIFI equipment is decrypted by checking request described in second communication double secret key, and wherein, described second communication key stores in described WIFI equipment.
In the 6th kind of possible implementation, in conjunction with first aspect, described send described authentication code to described mobile terminal before, comprising:
Described WIFI equipment is encrypted described authentication code by the second random key, and wherein, described second random key carries in described checking request.
Second aspect, provides a kind of mobile terminal, and this mobile terminal comprises:
Receiving element, for obtaining the MAC Address of described WIFI equipment from WIFI equipment;
Transmitting element, for request of data being sent to credible WIFI cloud platform to ask the identity information of described WIFI equipment, wherein, described request of data comprises described MAC Address, described credible WIFI cloud platform stores described MAC Address and described identity information, described MAC Address and described identity information one_to_one corresponding, and described identity information comprises the unique identities code of described WIFI equipment;
Described receiving element, also for receiving the described identity information sent by described credible WIFI cloud platform;
Described transmitting element, also for sending checking request to described WIFI equipment with the authentication code of asking described WIFI equipment;
Described receiving element, also for receiving the described authentication code sent by described WIFI equipment;
Authentication unit, for described authentication code and described unique identities code being compared, if consistent, be proved to be successful and access described WIFI equipment, if inconsistent, and authentication failed and do not access described WIFI equipment.
In the implementation that the first is possible, in conjunction with second aspect, this mobile terminal also comprises:
Generation unit, for generating the first random key;
Ciphering unit, for being encrypted to generate described request of data to described first random key and described MAC Address by the PKI of described credible WIFI cloud platform.
In the implementation that the second is possible, in conjunction with second aspect, this mobile terminal also comprises:
Generation unit, for generating the second random key;
Ciphering unit, for being encrypted to generate described checking request to described second random key by the first communication key, wherein, described first communication key carries in described identity information.
The third aspect, provide a kind of credible WIFI cloud platform, this is credible, and WIFI cloud platform comprises:
Receiving element, for receiving the request of data sent by mobile terminal, wherein, described request of data comprises the MAC Address of WIFI equipment;
Administrative unit, obtains the identity information of corresponding WIFI equipment according to received MAC Address; Wherein store the MAC Address of WIFI equipment and the identity information of described WIFI equipment, described MAC Address and described identity information one_to_one corresponding, and described identity information comprises the unique identities code of described WIFI equipment, described unique identities code is used for mobile terminal and verifies that whether described WIFI equipment is legal according to the authentication code of described unique identities code and described WIFI equipment;
Transmitting element, for sending the identity information of the WIFI equipment of described correspondence to described mobile terminal.
In the implementation that the first is possible, in conjunction with the third aspect, this is credible, and WIFI cloud platform also comprises:
Decryption unit, for being decrypted the described request of data that described mobile terminal sends with the private key of credible WIFI cloud platform.
And/or,
Ciphering unit, for being encrypted described identity information with the first random key, wherein, described first random key carries in described request of data.
Fourth aspect, provide a kind of WIFI equipment, this device comprises:
Receiving element, for the checking request of mobile terminal receive, the authentication code of described checking request for asking described WIFI equipment, whether described authentication code is legal to verify described WIFI equipment for the unique identities code combining the described WIFI equipment obtained from credible cloud platform by described mobile terminal;
Transmitting element, for sending described authentication code to described mobile terminal.
In the implementation that the first is possible, in conjunction with fourth aspect, this WIFI equipment comprises:
Decryption unit, for being decrypted by checking request described in second communication double secret key, wherein, described second communication key stores in described WIFI equipment;
And/or,
Ciphering unit, for being encrypted described authentication code by the second random key, wherein, described second random key carries in described checking request.
The WIFI cut-in method that embodiments of the invention provide, equipment and WIFI connecting system, mobile terminal obtains the MAC Address of WIFI equipment from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, the unique identities code of WIFI equipment is comprised in this identity information; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The structural representation of the WIFI connecting system that Fig. 1 provides for embodiments of the invention;
Fig. 2 carries out the schematic flow sheet registered for WIFI equipment that embodiments of the invention provide at credible WIFI cloud platform;
The mutual schematic diagram of a kind of WIFI cut-in method that Fig. 3 provides for embodiments of the invention;
The schematic flow sheet of the MAC Address of the acquisition for mobile terminal WIFI equipment that Fig. 4 provides for embodiments of the invention;
The structural representation of the another kind of WIFI cut-in method that Fig. 5 provides for embodiments of the invention;
The structural representation of a kind of mobile terminal that Fig. 6 provides for embodiments of the invention;
The structural representation of a kind of credible WIFI cloud platform that Fig. 7 provides for embodiments of the invention;
The structural representation of two a kind of WIFI equipment that Fig. 8 provides for embodiments of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
With reference to the structural representation that Figure 1 shows that the WIFI connecting system that embodiments of the invention provide, this system comprises: mobile terminal 11, WIFI equipment 12, credible WIFI cloud platform 13, network 14.After setting up credible WIFI cloud platform, all believable WIFI equipment all needs enrollment status on this credible WIFI cloud platform, credible WIFI cloud platform distributes identity code to believable WIFI equipment, signcode (is called the first communication key in credible WIFI cloud platform side, the first communication key is called in WIFI platform side, these two keys are identical), mobile terminal 11 is at access WIFI equipment 12 and by before WIFI equipment 12 access network 14, first by credible WIFI cloud platform, certification is carried out to the identity of this WIFI equipment, ensure the safe and reliable of this WIFI equipment, and the encryption of whole verification process whole process.
WIFI equipment carries out the process registered at credible WIFI cloud platform, comprise the following steps:
The manufacturer of S201, deployment WIFI equipment or production WIFI equipment provides MAC Address, the identity information of WIFI equipment.
Keeper's input of S202, credible WIFI cloud platform or batch import MAC Address to credible WIFI cloud platform.
S203, credible WIFI cloud platform are that this WIFI equipment generates unique identities code and communication key according to the MAC Address of WIFI equipment and identity information, exemplary, and unique identities code and communication key are 32.
Identity code and communication key are write WIFI equipment as system initial configuration by S204, WIFI deployed with devices personnel.
Embodiment 1:
The embodiment provides a kind of WIFI cut-in method, be applied to the WIFI connecting system shown in Fig. 1, with reference to shown in Fig. 3, comprising:
S301, mobile terminal obtain the MAC Address of WIFI equipment from WIFI equipment.
S302, mobile terminal send request of data to ask the identity information of WIFI equipment to credible WIFI cloud platform, wherein, request of data comprises the MAC Address of WIFI equipment, credible WIFI cloud platform stores MAC Address and the identity information of WIFI equipment, MAC Address and identity information one_to_one corresponding, and identity information comprises the unique identities code of WIFI equipment.
Optionally, mobile terminal sends request of data to the open port of credible WIFI cloud platform.
S303, credible WIFI cloud platform receive the request of data sent by mobile terminal, and wherein, request of data comprises the MAC Address of WIFI equipment.
S304, credible WIFI cloud platform obtain the identity information of corresponding WIFI equipment according to the MAC Address in received request of data; Wherein credible WIFI cloud platform stores the MAC Address of WIFI equipment and the identity information of WIFI equipment, MAC Address and identity information one_to_one corresponding, and identity information comprises the unique identities code of WIFI equipment, unique identities code is used for mobile terminal and verifies that whether WIFI equipment is legal according to the authentication code of unique identities code and WIFI equipment.
Optionally, if search unsuccessful, authentication failed value-1 is returned, if search successfully, return the identity information (comprise unique identities code and the first communication key, exemplary, unique identities code and the first communication key are 32) of corresponding WIFI equipment.
S305, credible WIFI cloud platform send the identity information of corresponding WIFI equipment to mobile terminal.
S306, mobile terminal receive the identity information sent by credible WIFI cloud platform.
If identity information is authentication failed value-1, authentication failed, abandons connecting the WIFI of WIFI equipment, if identity information is effective value, then carry out step 307.Wherein, identity information comprises unique identities code and first communication key of WIFI equipment, exemplary, and unique identities code and the first communication key are 32.
S307, mobile terminal send checking request with the authentication code of asking WIFI equipment to WIFI equipment.
Optionally, mobile terminal sends checking request to the open port of WIFI equipment.
S308, WIFI equipment receives the checking request sent by mobile terminal, and the authentication code of checking request for asking WIFI equipment, authentication code is used in conjunction with unique identities code to verify that whether WIFI equipment is legal.
S309, WIFI equipment sends authentication code to mobile terminal.
S310, mobile terminal receive the authentication code sent by WIFI equipment.
Optionally, after step S310, also comprise:
Authentication code and unique identities code compare by S311, mobile terminal, if consistent, be proved to be successful, open the network port of the fire compartment wall of mobile terminal operating system, and access WIFI equipment; If inconsistent, authentication failed and do not access WIFI equipment.
The WIFI cut-in method that embodiments of the invention provide, mobile terminal obtains the MAC Address of WIFI equipment from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, in this identity information, comprises the unique identities code of WIFI equipment; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Concrete, step S301 increases the authentication function of believable WIFI equipment in the WIFI service of operating system (for android operating system) by mobile terminal, the accessibility of net control is carried out by fire compartment wall (the iptables function for Android system), concrete, with reference to shown in Fig. 4, the MAC Address step obtaining WIFI equipment comprises:
S3011, mobile terminal open the WIFI service of Android system.
The WIFI service of S3012, mobile terminal starts to start, and opens the iptables function of Android system, closes the every other port except accessing the port of credible WIFI cloud platform and WIFI equipment.
The WIFI service of S3013, mobile terminal connects WIFI equipment.
The WIFI service acquisition of S3014, mobile terminal is to the MAC Address of WIFI equipment.
Optionally, before step S302, also comprise:
S312, mobile terminal generate the first random key (randomKey), and the first random key is symmetric cryptographic key, for credible WIFI cloud platform to mobile terminal send data time be encrypted and mobile terminal receive data time deciphering;
S313, mobile terminal are encrypted to generate request of data to the first random key and MAC Address (mac) by the PKI (publickey) of credible WIFI cloud platform.
Exemplary, step S313 can be expressed as: (randomKey+mac) publickey.
Optionally, after step S303, also comprise:
S314, the credible WIFI cloud platform private key of credible WIFI cloud platform are decrypted the request of data that mobile terminal sends, decrypt the MAC Address of the WIFI equipment of mobile terminal request checking, and symmetric cryptographic key first random key for being encrypted when mobile terminal sends data.
Optionally, before step S305, also comprise:
S315, credible WIFI cloud platform the first random key are encrypted identity information, and wherein, the first random key carries in request of data.
Optionally, after step S306, also comprise:
S316, the first random key used for mobile terminal are decrypted the identity information that credible WIFI cloud platform sends.
Optionally, before step S307, also comprise:
S317, mobile terminal generate the second random key, and wherein, the second random key is symmetric cryptographic key, for WIFI equipment to mobile terminal send data time be encrypted and mobile terminal receive data time deciphering.
S318, mobile terminal are encrypted to generate checking request to the second random key by the first communication key, and wherein, the first communication key carries in identity information.
Optionally, after step S308, also comprise:
S319, WIFI equipment is decrypted by second communication double secret key checking request, and wherein, second communication key stores in described WIFI equipment, and second communication key is identical with the first communication key.Obtain the second random key comprised in the checking request of mobile terminal.
Optionally, before step 309, also comprise:
S320, WIFI equipment is encrypted authentication code by the second random key, and wherein, the second random key carries in checking request.
S321, the second random key used for mobile terminal are decrypted the authentication code that WIFI equipment sends.If decipher unsuccessfully, then authentication failed.
The WIFI cut-in method that embodiments of the invention provide, mobile terminal obtains the MAC Address of WIFI equipment from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, in this identity information, comprises the unique identities code of WIFI equipment; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Embodiment 2:
The embodiment provides a kind of mobile terminal, be applied to the WIFI connecting system shown in Fig. 1, for performing the WIFI cut-in method shown in Fig. 3 and Fig. 5, with reference to shown in Fig. 6, comprising:
Receiving element 111, for obtaining the MAC Address of WIFI equipment from WIFI equipment;
Transmitting element 112, for sending request of data to ask the identity information of WIFI equipment to credible WIFI cloud platform, wherein, request of data comprises MAC Address, credible WIFI cloud platform store M AC address and identity information, MAC Address and identity information one_to_one corresponding, and identity information comprises the unique identities code of WIFI equipment;
Receiving element 111, also for receiving the identity information sent by credible WIFI cloud platform;
Transmitting element 112, also for sending checking request to WIFI equipment with the authentication code of asking WIFI equipment;
Receiving element 111, also for receiving the authentication code sent by WIFI equipment;
Authentication unit 113, for authentication code and unique identities code being compared, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, and authentication failed and do not access WIFI equipment.
Optionally, the mobile terminal that embodiments of the invention provide also comprises:
Generation unit 114, for generating the first random key;
This generation unit 114, also for generating the second random key;
Ciphering unit 115, for being encrypted to generate request of data to the first random key and MAC Address by the PKI of credible WIFI cloud platform.
Ciphering unit 115, also for being encrypted to generate checking request to the second random key by the first communication key, wherein, the first communication key carries in identity information.
Decryption unit 116, for being decrypted the identity information that credible WIFI cloud platform sends with the first random key.
Decryption unit 116, also for being decrypted the authentication code that WIFI equipment sends with the second random key.
The mobile terminal that embodiments of the invention provide, the MAC Address of WIFI equipment is obtained from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, in this identity information, comprises the unique identities code of WIFI equipment; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Embodiment 3:
The embodiment provides a kind of credible WIFI cloud platform, be applied to the WIFI connecting system shown in Fig. 1, for performing the WIFI cut-in method shown in Fig. 3 and Fig. 5, with reference to shown in Fig. 7, comprising:
Receiving element 131, for receiving the request of data sent by mobile terminal, wherein, request of data comprises the MAC Address of WIFI equipment;
Administrative unit 132, obtains the identity information of corresponding WIFI equipment according to received MAC Address; Wherein store the MAC Address of WIFI equipment and the identity information of WIFI equipment, MAC Address and identity information one_to_one corresponding, and identity information comprises the unique identities code of WIFI equipment, unique identities code is used for mobile terminal and verifies that whether WIFI equipment is legal according to the authentication code of unique identities code and WIFI equipment;
Transmitting element 133, for sending the identity information of corresponding WIFI equipment to mobile terminal.
Optionally, the credible WIFI cloud platform that embodiments of the invention provide also comprises:
Decryption unit 134, for being decrypted the request of data that mobile terminal sends with the private key of credible WIFI cloud platform.
Ciphering unit 135, for being encrypted identity information with the first random key, wherein, the first random key carries in request of data.
The credible WIFI cloud platform that embodiments of the invention provide, mobile terminal obtains the MAC Address of WIFI equipment from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, in this identity information, comprises the unique identities code of WIFI equipment; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI cloud platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Embodiment 4:
The embodiment provides a kind of WIFI equipment, be applied to the WIFI connecting system shown in Fig. 1, for performing the WIFI cut-in method shown in Fig. 3 and Fig. 5, with reference to shown in Fig. 8, comprising:
Receiving element 121, for the checking request of mobile terminal receive, the authentication code of described checking request for asking described WIFI equipment, whether described authentication code is legal to verify described WIFI equipment for the unique identities code combining the described WIFI equipment obtained from credible cloud platform by described mobile terminal;
Transmitting element 122, for sending described authentication code to described mobile terminal.
Optionally, the WIFI equipment that embodiments of the invention provide also comprises:
Decryption unit 123, for being decrypted by checking request described in second communication double secret key, wherein, described second communication key stores in described WIFI equipment.
Ciphering unit 124, for being encrypted described authentication code by the second random key, wherein, described second random key carries in described checking request.
The WIFI equipment that embodiments of the invention provide, mobile terminal obtains the MAC Address of WIFI equipment from WIFI equipment, this MAC Address is sent to credible WIFI cloud platform to ask the identity information of this WIFI equipment, wherein, in this identity information, comprises the unique identities code of WIFI equipment; The identity information comprising unique identities code of WIFI equipment is sent to mobile terminal by credible WIFI cloud platform; Checking request is sent with the authentication code of asking WIFI equipment to WIFI equipment after mobile terminal receives the identity information sent by credible WIFI platform; The authentication code of this WIFI equipment is sent to mobile terminal after receiving the checking request sent by mobile terminal by WIFI equipment; Compare with unique identities code after mobile terminal receives the authentication code of WIFI equipment, if consistent, be proved to be successful and access WIFI equipment, if inconsistent, authentication failed and do not access WIFI equipment.Therefore, at access WIFI equipment first to obtain the identity identification information of this WIFI equipment before obtaining network data from credible WIFI cloud platform, and then the identity identification information obtained from WIFI equipment compared judge this WIFI equipment whether secure and trusted, ensure that the fail safe that mobile terminal accesses, simultaneously owing to not distinguishing application scenarios and mobile terminal role, so consistent concerning fail safe the access of all mobile terminals.Solve and can not ensure mobile terminal access security and the inconsistent problem of fail safe.
Should understand, in various embodiments of the present invention, the size of the sequence number of above-mentioned each process does not also mean that the priority of execution sequence, and the execution sequence of each process should be determined with its function and internal logic, and should not form any restriction to the implementation process of the embodiment of the present invention.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (14)
1. a WIFI cut-in method, is characterized in that, comprising:
Mobile terminal obtains the MAC Address of described WIFI equipment from WIFI equipment, sends the request of data comprising described MAC Address to credible WIFI cloud platform;
Described credible WIFI cloud platform receives described request of data, and according to the described MAC Address in described request of data, obtains the identity information of corresponding WIFI equipment, and send the identity information of the WIFI equipment of described correspondence to described mobile terminal; Described identity information comprises the unique identities code of described WIFI equipment;
Described mobile terminal sends request the checking request of the authentication code of described WIFI equipment after receiving the described identity information sent by described credible WIFI cloud platform to described WIFI equipment;
Described WIFI equipment receives the checking request sent by described mobile terminal, sends described authentication code to described mobile terminal;
After described mobile terminal receives the described authentication code sent by described WIFI equipment, described authentication code and described unique identities code are compared, if consistent, be proved to be successful and access described WIFI equipment, if inconsistent, authentication failed and do not access described WIFI equipment.
2. WIFI cut-in method according to claim 1, is characterized in that, described to send to credible WIFI cloud platform comprise the request of data of described MAC Address before, comprising:
Described mobile terminal generates the first random key, is encrypted to generate described request of data to described first random key and described MAC Address by the PKI of described credible WIFI cloud platform.
3. WIFI cut-in method according to claim 1, is characterized in that, described send request the checking request of the authentication code of described WIFI equipment to described WIFI equipment before, comprising:
Described mobile terminal generates the second random key, and be encrypted to generate described checking request to described second random key by the first communication key, wherein, described first communication key carries in described identity information.
4. WIFI cut-in method according to claim 1, is characterized in that, after described credible WIFI cloud platform connects described request of data, comprising:
The described credible WIFI cloud platform private key of described credible WIFI cloud platform is decrypted the described request of data that described mobile terminal sends.
5. WIFI cut-in method according to claim 1, is characterized in that, described send the identity information of WIFI equipment of described correspondence to described mobile terminal before, comprising:
Described credible WIFI cloud platform the first random key is encrypted described identity information, and wherein, described first random key carries in described request of data.
6. WIFI cut-in method according to claim 1, is characterized in that, after described WIFI equipment receives the checking request sent by described mobile terminal, comprising:
Described WIFI equipment is decrypted by checking request described in second communication double secret key, and wherein, described second communication key stores in described WIFI equipment.
7. WIFI cut-in method according to claim 1, is characterized in that, described send described authentication code to described mobile terminal before, comprising:
Described WIFI equipment is encrypted described authentication code by the second random key, and wherein, described second random key carries in described checking request.
8. a mobile terminal, is characterized in that, comprising:
Receiving element, for obtaining the MAC Address of described WIFI equipment from WIFI equipment;
Transmitting element, for comprising the request of data of described MAC Address to ask the identity information of described WIFI equipment to credible WIFI cloud platform transmission, wherein said identity information comprises the unique identities code of described WIFI equipment;
Described receiving element, also for receiving the described identity information sent by described credible WIFI cloud platform;
Described transmitting element, also for sending request the checking request of the authentication code of described WIFI equipment to described WIFI equipment;
Described receiving element, also for receiving the described authentication code sent by described WIFI equipment;
Authentication unit, for described authentication code and described unique identities code being compared, if consistent, be proved to be successful and access described WIFI equipment, if inconsistent, and authentication failed and do not access described WIFI equipment.
9. mobile terminal according to claim 8, is characterized in that, also comprises:
Generation unit, for generating the first random key;
Ciphering unit, for being encrypted to generate described request of data to described first random key and described MAC Address by the PKI of described credible WIFI cloud platform.
10. mobile terminal according to claim 8, is characterized in that, also comprises:
Generation unit, for generating the second random key;
Ciphering unit, for being encrypted to generate described checking request to described second random key by the first communication key, wherein, described first communication key carries in described identity information.
11. 1 kinds of credible WIFI cloud platforms, is characterized in that, comprising:
Receiving element, for receiving the request of data sent by mobile terminal, wherein, described request of data comprises the MAC Address of WIFI equipment;
Administrative unit, obtains the identity information of corresponding WIFI equipment according to received MAC Address; Described identity information comprises the unique identities code of described WIFI equipment, and described unique identities code is used for mobile terminal and verifies that whether described WIFI equipment is legal according to the authentication code of described unique identities code and described WIFI equipment;
Transmitting element, for sending the identity information of the WIFI equipment of described correspondence to described mobile terminal.
12. credible WIFI cloud platforms according to claim 11, is characterized in that, also comprise:
Decryption unit, for being decrypted the described request of data that described mobile terminal sends with the private key of credible WIFI cloud platform;
And/or,
Ciphering unit, for being encrypted described identity information with the first random key, wherein, described first random key carries in described request of data.
13. 1 kinds of WIFI equipment, is characterized in that, comprising:
Receiving element, for the checking request of mobile terminal receive, the authentication code of described checking request for asking described WIFI equipment, whether described authentication code is legal to verify described WIFI equipment for the unique identities code combining the described WIFI equipment obtained from credible cloud platform by described mobile terminal;
Transmitting element, for sending described authentication code to described mobile terminal.
14. WIFI equipment according to claim 13, is characterized in that, also comprise:
Decryption unit, for being decrypted by checking request described in second communication double secret key, wherein, described second communication key stores in described WIFI equipment;
And/or,
Ciphering unit, for being encrypted described authentication code by the second random key, wherein, described second random key carries in described checking request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511025581.5A CN105430649B (en) | 2015-12-30 | 2015-12-30 | WIFI cut-in method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511025581.5A CN105430649B (en) | 2015-12-30 | 2015-12-30 | WIFI cut-in method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105430649A true CN105430649A (en) | 2016-03-23 |
| CN105430649B CN105430649B (en) | 2019-01-29 |
Family
ID=55508518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511025581.5A Active CN105430649B (en) | 2015-12-30 | 2015-12-30 | WIFI cut-in method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105430649B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106028340A (en) * | 2016-07-29 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for identifying pseudo base stations |
| CN106102061A (en) * | 2016-06-07 | 2016-11-09 | 北京小米移动软件有限公司 | Method for connecting network and device |
| CN106713298A (en) * | 2016-12-16 | 2017-05-24 | 迈普通信技术股份有限公司 | Communication method and device |
| CN112769881A (en) * | 2019-11-01 | 2021-05-07 | 中移智行网络科技有限公司 | Control system and method of Internet of things equipment and trusted security cloud platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244271A1 (en) * | 2007-03-28 | 2008-10-02 | Legend Holdings Ltd | Method and system for authentication based on wireless identification, wireless identification and server |
| CN104469770A (en) * | 2014-11-27 | 2015-03-25 | 中国联合网络通信集团有限公司 | WLAN authentication method, platform and system for third-party application |
| CN104661219A (en) * | 2015-01-15 | 2015-05-27 | 天地融科技股份有限公司 | Communication method of wireless equipment, wireless equipment and server |
| CN104717218A (en) * | 2015-03-19 | 2015-06-17 | 北京云安世纪科技有限公司 | Wifi certification system and method |
-
2015
- 2015-12-30 CN CN201511025581.5A patent/CN105430649B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244271A1 (en) * | 2007-03-28 | 2008-10-02 | Legend Holdings Ltd | Method and system for authentication based on wireless identification, wireless identification and server |
| CN104469770A (en) * | 2014-11-27 | 2015-03-25 | 中国联合网络通信集团有限公司 | WLAN authentication method, platform and system for third-party application |
| CN104661219A (en) * | 2015-01-15 | 2015-05-27 | 天地融科技股份有限公司 | Communication method of wireless equipment, wireless equipment and server |
| CN104717218A (en) * | 2015-03-19 | 2015-06-17 | 北京云安世纪科技有限公司 | Wifi certification system and method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106102061A (en) * | 2016-06-07 | 2016-11-09 | 北京小米移动软件有限公司 | Method for connecting network and device |
| CN106028340A (en) * | 2016-07-29 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for identifying pseudo base stations |
| CN106713298A (en) * | 2016-12-16 | 2017-05-24 | 迈普通信技术股份有限公司 | Communication method and device |
| CN106713298B (en) * | 2016-12-16 | 2019-06-18 | 迈普通信技术股份有限公司 | A kind of communication means and equipment |
| CN112769881A (en) * | 2019-11-01 | 2021-05-07 | 中移智行网络科技有限公司 | Control system and method of Internet of things equipment and trusted security cloud platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105430649B (en) | 2019-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106257861B (en) | By control equipment come the authentication method and its system with auto communication | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| US10931464B2 (en) | Communication system, hardware security module, terminal device, communication method, and program | |
| CN103401880B (en) | The system and method that a kind of industrial control network logs in automatically | |
| CN111376865B (en) | Vehicle digital key activation method, system and storage medium | |
| CN105162797B (en) | A kind of mutual authentication method based on video monitoring system | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| JP2012530311A5 (en) | ||
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| CN107733636B (en) | Authentication method and authentication system | |
| JP5380583B1 (en) | Device authentication method and system | |
| CN101783800A (en) | Embedded system safety communication method, device and system | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN109639644B (en) | Authorization verification method and device, storage medium and electronic equipment | |
| CN108650261B (en) | Mobile terminal system software burning method based on remote encryption interaction | |
| CN105636037A (en) | Authentication method and apparatus and electronic device | |
| CN105430649A (en) | Wifi access method and apparatus | |
| CN104506527A (en) | Multidimensional information pointer platform and data access method thereof | |
| CN105320891A (en) | Method and device for securely loading system image for computer | |
| CN114419765A (en) | Method and device for realizing vehicle safety control by NFC card and readable storage medium | |
| CN105704114A (en) | Hearing device with service mode and related method | |
| CN107026730B (en) | Data processing method, device and system | |
| WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system | |
| CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |