CN105554760B - Wireless access point authentication method, apparatus and system - Google Patents
Wireless access point authentication method, apparatus and system Download PDFInfo
- Publication number
- CN105554760B CN105554760B CN201610067779.8A CN201610067779A CN105554760B CN 105554760 B CN105554760 B CN 105554760B CN 201610067779 A CN201610067779 A CN 201610067779A CN 105554760 B CN105554760 B CN 105554760B
- Authority
- CN
- China
- Prior art keywords
- access point
- wireless access
- information
- certificate server
- management terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention discloses a kind of wireless access point authentication method, apparatus and systems, belong to network safety filed.The present invention sends the first information by wireless access point to certificate server;Management terminal sends the second information to certificate server;Certificate server carries out authentication after the second information is received, to hardware information and owner's information, authentication by when, wireless access point is added to trusted wireless access point list;Solves the problem of existing authentication method, the public Wi Fi of personation can be defaulted as public Wi Fi trusty, cause data of the user terminal to the inside of the public Wi Fi of the personation data transmitted and user terminal can be by security threat by certificate server;Reach and authentication is carried out to wireless access point by certificate server so that only true wireless access point by the authentication of certificate server, can just improve the effect of the Information Security inside the data and user terminal of user terminal transmission.
Description
Technical field
The present embodiments relate to network safety filed, more particularly to a kind of wireless access point authentication method, device and it is
System.
Background technology
With being widely used for user terminal, wireless network becomes a kind of important form of user terminal access internet.
Common wireless network is Wi-Fi (Wireless-Fidelity, Wireless Fidelity) network.Current most of business place is equal
Public Wi-Fi is provided with, for user's free trial.
In the prior art, when accessing public Wi-Fi, certificate server has to recognize user terminal user terminal
After the success of card, only certification, public Wi-Fi could normally forward the related data that the user terminal is sent.In certificate server
To in the verification process of user terminal, certificate server is the trusted state of acquiescence to public Wi-Fi, that is, authentication service
Device is without being authenticated public Wi-Fi.
During the embodiment of the present invention is realized, inventor has found that the prior art has at least the following problems:
Since hacker can set the public Wi-Fi of personation, the public Wi-Fi of the personation and true public Wi-Fi to have
There are identical hardware information, such as SSID.The public Wi-Fi of personation can be defaulted as the public trusty by certificate server
Wi-Fi, the data that the public Wi-Fi forwarding user terminals of personation is utilized to send so that user terminal is to the public Wi-Fi of personation
The data inside data and user terminal transmitted can be by security threat.
Invention content
In order to which the public Wi-Fi for solving the problems, such as personation can generate security threat to user terminal, the embodiment of the present invention carries
A kind of wireless access point authentication method, apparatus and system are supplied.The technical solution is as follows:
It is according to embodiments of the present invention in a first aspect, provide a kind of wireless access point authentication method, the method includes:
Wireless access point sends the first information to certificate server, and the first information includes:The wireless access point
Hardware information and the first public key corresponding with the wireless access point;
Management terminal sends the second information to the certificate server, and second information includes:The wireless access point
Hardware information and the wireless access point owner's information;
The certificate server after second information is received, to the hardware information and owner's information into
Row authentication, the authentication by when, by the wireless access point be added to trusted wireless access point list, and
Storage the first public key corresponding with the wireless access point.
Second aspect according to embodiments of the present invention provides a kind of wireless access point authentication method, the method includes:
The first information that wireless access point is sent is received, the first information includes:The hardware letter of the wireless access point
Breath and the first public key corresponding with the wireless access point;
The second information that management terminal is sent is received, second information includes:The hardware information of the wireless access point
With owner's information of the wireless access point;
After second information is received, authentication is carried out to the hardware information and owner's information,
The authentication by when, by the wireless access point be added to trusted wireless access point list, and store with the nothing
Corresponding first public key of line access point.
The third aspect according to embodiments of the present invention, provides a kind of wireless access point authentication device, and described device includes:
First receiving module, for receiving the first information of wireless access point transmission, the first information includes:The nothing
The hardware information of line access point and the first public key corresponding with the wireless access point;
Second receiving module, for receiving the second information of management terminal transmission, second information includes:It is described wireless
Owner's information of the hardware information of access point and the wireless access point;
Authentication module, for after second information is received, believing the hardware information and the owner
Breath carry out authentication, the authentication by when, by the wireless access point be added to trusted wireless access point range
Table, and store the first public key corresponding with the wireless access point.
Fourth aspect according to embodiments of the present invention provides a kind of wireless access point Verification System, the system comprises:
Certificate server, wireless access point and management terminal;
The certificate server includes the wireless access point authentication device as described in the above-mentioned third aspect;
The wireless access point, for sending the first information to the certificate server;
The management terminal, for sending the second information to the certificate server.
The advantageous effect that technical solution provided in an embodiment of the present invention is brought is:
The first information is sent to certificate server by wireless access point;Management terminal sends the second letter to certificate server
Breath;Certificate server carries out authentication after the second information is received, to hardware information and owner's information, in authentication
By when, by wireless access point be added to trusted wireless access point list, and store it is corresponding with wireless access point first public affairs
Key;Solving existing authentication method, the public Wi-Fi of personation can be defaulted as public Wi-Fi trusty by certificate server,
Cause data of the user terminal to the inside of the public Wi-Fi of the personation data transmitted and user terminal can be by safe prestige
The problem of side of body;Reach and authentication is carried out to wireless access point by certificate server so that only true wireless access
Point by the authentication of certificate server, can just improve the number inside the data and user terminal of user terminal transmission
According to the effect of safety.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, other are can also be obtained according to these attached drawings
Attached drawing.
Fig. 1 is the structure diagram for the wireless access point Verification System that an illustrative embodiment of the invention provides;
Fig. 2 is the flow chart of wireless access point authentication method provided by one embodiment of the present invention;
Fig. 3 is the flow chart for the wireless access point authentication method that another embodiment of the present invention provides;
Fig. 4 is the flow chart for the wireless access point authentication method that further embodiment of the present invention provides;
Fig. 5 A are the flow charts of wireless access point authentication method provided by one embodiment of the present invention;
Fig. 5 B are the flow charts for the wireless access point authentication method that another embodiment of the present invention provides;
Fig. 5 C are the flow charts for the wireless access point authentication method that further embodiment of the present invention provides;
Fig. 6 is the block diagram of wireless access point authentication device provided by one embodiment of the present invention;
Fig. 7 is the block diagram for the wireless access point authentication device that another embodiment of the present invention provides;
A kind of Fig. 8 block diagrams of wireless access point Verification System provided by one embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
In order to make it easy to understand, the technological concept involved by some embodiment of the present invention is introduced first.
Public key and private key
Public key refers to disclosed key, does not need to maintain secrecy, and decryption side can obtain through various channels;And private key is
Refer to the key only held by encryption side itself, maintain secrecy.One public key corresponds to a private key;Public key and common group of private key
Into a kind of asymmetric cryptosystem mode.Asymmetric cryptosystem mode refers to be carried out with corresponding private key with the information of public key encryption
Decryption, can only be also decrypted using the information of private key encryption with corresponding public key.That is, the key that encryption and decryption use is
It is different.
Such as:It is assumed that A will send encryption information to B, then A first has to obtain public key corresponding with B, then uses and B pairs
After the information that the public key answered sends needs is encrypted, encrypted information is sent to B, B is in the encryption for receiving A transmissions
Information after, it is necessary to encrypted information can be just decrypted, obtained interior in encrypted information using private key corresponding with B
Hold.Since private key corresponding with B only has B oneself to possess, the encrypted information that A is sent is safe.
Encryption and signature
Encryption refers to that sender is encrypted the data of transmission using public key corresponding with recipient, and recipient is receiving
Private key corresponding with recipient can only be used to be decrypted after to encrypted data, can just get sender's hair after decryption
The data sent;Alternatively, sender is encrypted the data of transmission using private key corresponding with sender, recipient is receiving
After encrypted data, public key corresponding with sender can only be used to be decrypted, can just get sender's transmission after decryption
Data.For preventing leaking data, only possessing private key corresponding with public key can just decrypt to obtain the content of data for encryption.
Signature refers to that sender signs to the data of transmission using private key corresponding with sender, and signature refers to send
The data application hash function of transmission is calculated informative abstract in person, and sender's use private key corresponding with sender is to calculating
Obtained informative abstract is encrypted, and sender sends jointly to encrypted informative abstract as the signature and data of data
Recipient;Recipient uses hash function as sender from the number received first after data and signature are received
Informative abstract is calculated in, reuses public key corresponding with sender and encrypted informative abstract is decrypted;When two
When a informative abstract is identical, recipient can be confirmed that the data received and signature are that sender sends..It signs to prevent
Data are tampered, and possessing public key corresponding with private key can verify whether data are to possess the data that the sender of private key sends.
It please refers to Fig.1, it illustrates the structures of Wireless Access Point System that an illustrative embodiment of the invention provides to show
It is intended to.The Wireless Access Point System includes:Wireless access point 120, management terminal 140 and certificate server 160.
Wireless access point 120 can be that router, Wi-Fi Hotspot and radio network gateway etc. provide wireless network access services
The general designation of equipment.In the embodiment of the present invention, illustrated so that wireless access point 120 is router.Wireless access point 120 and pipe
Wireless network is established with user terminal (not shown) by wireless network connection, wireless access point 120 between reason terminal 140
Before connection, need through authentication of the certificate server 160 to the wireless access point 120.Wireless access point 120 and certification
Connection is established by wireless network or cable network between server 160.The embodiment of the present invention is to wireless access point 120 and certification
Communication mode between server 160 does not limit.
Management terminal 140 can be mobile phone, tablet computer, E-book reader, pocket computer on knee and desk-top meter
Calculation machine etc..Optionally, the application program dedicated for managing public Wi-Fi is installed, for example, Tencent in management terminal 140
QQ, wechat, microblogging etc..
Connection is established by wireless network or cable network between management terminal 140 and certificate server 160.Optionally,
Management terminal 140 by encrypted tunnel to certificate server 160 send information, wherein, encrypted tunnel refer to management terminal 140 with
Autonomous channel between certificate server 160, such as:Information is sent using https channels.The embodiment of the present invention is to management terminal
Communication mode between 140 and certificate server 160 does not limit.
Trusted wireless access point list, public with certificate server 160 corresponding second is stored in certificate server 160
Key and the second private key.Optionally, with 160 corresponding second public key more than one of certificate server, the second different public keys difference
For signing, session etc..Certificate server 160 can be the server cluster or cloud of a server, multiple servers composition
Calculating center.
It please refers to Fig.2, it illustrates the flow charts of wireless access point authentication method provided by one embodiment of the present invention.This
Embodiment is with the wireless access point authentication method applied to illustrating in certificate server 160 shown in FIG. 1.This method packet
It includes:
Step 201, the first information that wireless access point is sent is received, the first information includes:The hardware letter of wireless access point
Breath and the first public key corresponding with wireless access point.
Hardware information includes:It is the SSID (Service Set Identifier, service set) of wireless access point, wireless
The BSSID (Basic Service Set Identifier, basic service set identification) of the access point and MAC of wireless access point
(Media Access Control, the physical address of equipment).
Step 202, the second information that management terminal is sent is received, the second information includes:The hardware information of wireless access point
With owner's information of wireless access point.
Owner's information includes but not limited to:At least one of latitude and longitude coordinates, owner's title and owner address.
Step 203, after the second information is received, authentication is carried out to hardware information and owner's information, in identity
Certification by when, wireless access point is added to trusted wireless access point list, and store corresponding with wireless access point the
One public key.
In conclusion wireless access point authentication method provided in this embodiment, by receive that wireless access point sends the
One information;Receive the second information that management terminal is sent;After the second information is received, to hardware information and owner's information into
Row authentication, authentication by when, by wireless access point be added to trusted wireless access point list, and store and nothing
Corresponding first public key of line access point;Solves existing authentication method, certificate server can give tacit consent to the public Wi-Fi of personation
For public Wi-Fi trusty, lead to user terminal to the inside of the public Wi-Fi of the personation data transmitted and user terminal
Data can be by security threat the problem of;Reach and authentication is carried out to wireless access point by certificate server, made
Must there was only the data that true wireless access point by the authentication of certificate server, can just improve user terminal transmission
And the effect of the Information Security inside user terminal.
It please refers to Fig.3, it illustrates the flow charts for the wireless access point authentication method that another embodiment of the present invention provides.
The present embodiment is with the wireless access point authentication method applied to illustrating in wireless access point Verification System shown in FIG. 1.
This method includes:
Step 301, wireless access point sends the first information to certificate server, and the first information includes:Wireless access point
Hardware information and the first public key corresponding with wireless access point.
Hardware information includes:The MAC of the SSID of wireless access point, the BSSID of wireless access point and wireless access point.
Step 302, management terminal sends the second information to certificate server, and the second information includes:Wireless access point it is hard
Owner's information of part information and wireless access point.
Owner's information includes but not limited to:At least one of latitude and longitude coordinates, owner's title and owner address.
Step 303, certificate server carries out identity to hardware information and owner's information and recognizes after the second information is received
Card, authentication by when, by wireless access point be added to trusted wireless access point list, and store and wireless access point
Corresponding first public key.
In conclusion wireless access point authentication method provided in this embodiment, by wireless access point to certificate server
Send the first information;Management terminal sends the second information to certificate server;Certificate server is right after the second information is received
Hardware information and owner's information carry out authentication, authentication by when, by wireless access point be added to trusted without
Line accesses point list, and stores the first public key corresponding with wireless access point;Solve existing authentication method, certificate server
The public Wi-Fi of personation can be defaulted as public Wi-Fi trusty, user terminal is caused to be passed to the public Wi-Fi of personation
The problem of data inside defeated data and user terminal can be by security threat;Reach through certificate server to nothing
Line access point carry out authentication so that only true wireless access point just can by the authentication of certificate server,
Improve the effect of the Information Security inside the data and user terminal of user terminal transmission.
It please refers to Fig.4, it illustrates the flow charts for the wireless access point authentication method that further embodiment of the present invention provides.
The present embodiment is with the wireless access point authentication method applied to illustrating in wireless network access scheme shown in FIG. 1.It should
Method includes:
Step 401, wireless access point sends the first information to certificate server, and the first information includes:Wireless access point
Hardware information and the first public key corresponding with wireless access point.
Wireless access point sends the first information to certificate server first, and the hardware that the first information includes wireless access point is believed
Breath and the first public key corresponding with the wireless access point.
The hardware information of wireless access point includes:The SSID of wireless access point, the BSSID of wireless access point and wireless access
The MAC of point.
Optionally, SSID and BSSID is included at least in a wireless access point;If in a wireless access point
Including multiple SSID and multiple BSSID, then wireless access point is by multiple SSID and multiple BSSID while carrying is in hardware information
It is sent to certificate server.
Before wireless access point sends the first information to certificate server, wireless access point generation is corresponding with wireless access point
The first public key and the first private key, the first public key corresponding with wireless access point is sent to certificate server.
Optionally, wireless access point also carries the first random number to the first information that certificate server is sent.
Such as:Wireless access point randomly generates the random number of 12 bytes, and wireless access point is random to 12 bytes of generation
Number is encoded to obtain the first random number of 16 bytes.
Optionally, wireless access point also carries corresponding with wireless access point to the first information that certificate server is sent
Firmware/plug-in version number.
Optionally, wireless access point use the first private key corresponding with wireless access point carries out the first information the first label
Name sends the first information and the first signature to certificate server.
In a schematical example, wireless access point by hardware information, the first public key corresponding with wireless access point,
First random number and firmware/plug-in version number are all carried in the first information, and wireless access point use is corresponding with wireless access point
The first private key sign to the first information, wireless access point by the first information and first signature simultaneously be sent to authentication service
Device.
Such as:Wireless access point is by URL (Uniform Resource Locator, uniform resource locator):
“http:The channel of // [domain name]/router/inform " sends the first information and the first signature to certificate server.
Illustratively, wireless access point is sent to the first information of certificate server and includes content as shown in Table 1:
Table one
As shown in Table 1, the wireless access point shown in table one includes 2 ssid.Wherein, field references difference information
Mark, such as:Ver represents the current firmware/plug-in version number of wireless access point;Mac represents the MAC Address of wireless access point;
Ssid represents the SSID of wireless access point;Bssid represents the BSSID of wireless access point;Ssid2 represents the second of wireless access point
A SSID;Bssid2 represents second BSSID of wireless access point;Pbk represents the second public key corresponding with wireless access point, the
Two public keys are to encode to obtain using base64 after wireless access point is calculated according to Curve25519 algorithms;X represents wireless access
The first random number that point generates, the first random number are to use base64 to the random number of 12 bytes that wireless access point randomly generates
The random number of 16 bytes obtained after coding;Sig, which is represented, carries out above-mentioned data using corresponding second private key of wireless access point
First obtained of signing is signed.The type of all information is all the type of character string in the first information.
Accordingly, certificate server receives the first information that wireless access point is sent.
Step 402, certificate server sends feedback information and the second signature to wireless access point, and the second signature is certification clothes
Business device uses the signature that the second private key corresponding with certificate server carries out feedback information, and feedback information includes and authentication service
Corresponding second public key of device and the second random number.
Certificate server passes through corresponding with wireless access point the after the first information for receiving wireless access point transmission
Whether the one public key verifications first information is tampered, when the first information is not tampered with, to wireless access point send feedback information and
Second signature.Optionally, feedback information includes the second public key corresponding with certificate server and the second random number.Certificate server
The second signature is carried out to feedback information using the second private key corresponding with certificate server;Certificate server is by feedback information and
Two signatures send jointly to wireless access point.
Optionally, feedback information can also include firmware corresponding with wireless access point/plug-in unit latest edition number.With it is wireless
Whether firmware/plug-in unit that the corresponding firmware of access point/plug-in unit latest edition number is used to detect in wireless access point needs to update.
Illustratively, certificate server is signed as shown in Table 2 to the feedback information and second that wireless access point is sent:
Table two
As shown in Table 2, the mark of field references difference information, such as:Ret represents return code;Msg represents return code word
Information;Ver represents firmware/plug-in unit latest edition number of wireless access point;It is public that pbk represents corresponding with certificate server first
Key;Y represents the second random number of certificate server generation, and the second random number is used to calculate encryption key;Sig represents use with recognizing
Corresponding first private key of card server signs to data above, wireless access point use corresponding with certificate server first
Public key verifies signature.Type refers to the type of each information in the second information, including integer and character string.
Accordingly, wireless access point receives the feedback information and the second signature that certificate server is sent.
Step 403, management terminal sends to wireless access point and obtains request, obtains request for obtaining wireless access point
Hardware information.
Optionally, wireless access point provides an acquiescence wireless network without verification, and management terminal accesses the acquiescence nothing
Gauze network.Then, management terminal is sent to wireless access point by the acquiescence wireless network and obtains request, and acquisition request is used for
Obtain hardware information corresponding with wireless access point.
Such as:Management terminal is by URL:“http:The channel of // [domain name]/admin/getrouterinfo " is to nothing
Line access point send obtain request, optionally, management terminal by instant messaging program " wechat ' to wireless access point transmission obtain
Request is taken, then obtains and the openid identity after wechat logs in is carried in request, openid identity is management terminal
Mark.
Optionally, the mark that management terminal is carried in request is obtained.
Optionally, management terminal is established with wireless access point by the wireless network that wireless access point is given tacit consent to and connected, management
Terminal is sent to wireless access point by wireless network and obtains request.
Illustratively, management terminal is asked as shown in Table 3 to the acquisition that wireless access point is sent:
| Field | Type | Explanation | Remarks |
| openid | String | Openid after wechat login | Issue wireless access point |
Table three
As shown in Table 3, field openid represents the mark of management terminal, and type is character string type.
Accordingly, wireless access point receives the acquisition request that management terminal is sent.
Step 404, wireless access point sends hardware information to management terminal.
After wireless access point receives the acquisition request of management terminal transmission, ask according to obtaining, sent to management terminal
Hardware information.
Optionally, the hardware information that wireless access point is sent to management terminal includes but not limited to:The MAC of wireless access point
At least one of BSSID of address, the SSID of wireless access point and wireless access point.
Optionally, wireless access point is after the acquisition request of management terminal transmission is received, to obtaining what is carried in request
The mark of management terminal is verified, when verifying that the mark has administration authority, hardware information is sent to management terminal.
Optionally, management terminal is previously stored with the first public key corresponding with wireless access point.Wireless access point use with
Corresponding first private key of wireless access point carries out third signature to the mark of all or part of hardware information and management terminal.
Such as:Wireless access point using the first private key corresponding with wireless access point to the MAC Address of wireless access point and
The mark of management terminal carries out third signature.
Optionally, hardware information and third signature are sent to management terminal by wireless access point.
Illustratively, the hardware information that wireless access point is sent to management terminal is as shown in Table 4:
Table four
As shown in Table 4, the mark of field references difference information, such as:Ret represents return code;Msg represents return code word
Information;Mac represents the MAC Address of wireless access point;Ssid represents the SSID of wireless access point;Bssid represents wireless access point
BSSID, if wireless access point supports multiple ssid and bssid, be defined as array ssidlist, show multiple ssid and
bssid;Sig represents use the second private key corresponding with wireless access point and signs to openid and MAC Address.Type refers to
The type of each information in second information, including integer and character string.
Accordingly, management terminal receives hardware information and the third signature that wireless access point is sent, and signs to third
It is verified.
Step 405, management terminal sends the second information to certificate server, and the second information includes:Wireless access point it is hard
Owner's information of part information and wireless access point.
Management terminal sends the second information after the hardware information for receiving wireless access point transmission, to certificate server,
Second information includes the hardware information of wireless access point and owner's information of wireless access point.
Optionally, management terminal sends the second information by encryption connection to certificate server, such as:Encryption connection is:
Using the connection of https technologies.
For example, management terminal passes through " https:// [domain name]/admin/bind " channels send second to certificate server
Information.
Owner's information of wireless access point includes but not limited to:Latitude and longitude coordinates, owner's title and owner address
At least one of.Optionally, the latitude and longitude coordinates of owner are obtained automatically by management terminal by positioning.
In the present embodiment, the information included to owner's information of wireless access point is not especially limited.
Optionally, the second information further includes:The mark of management terminal and the access token of management terminal.The visit of management terminal
Token is asked for showing that the management terminal has the permission that certificate server is asked to be authenticated the wireless access point.
Optionally, the second information further includes third signature.Third signature refers to wireless access point use and wireless access point
The signature that corresponding first private key carries out the mark of all or part of hardware information and management terminal.
Illustratively, the second information that management terminal is sent to certificate server is as shown in Table 5:
Table five
As shown in Table 5, the mark of field references difference information, such as:Openid represents the mark of management terminal;Token generations
The access token of table management terminal;Mac represents the MAC Address of wireless access point;Ssid represents the SSID of wireless access point;
Bssid represents the BSSID of wireless access point;Mark represents the remarks of the SSID of wireless access point;Ssid2 represents wireless access point
Second SSID;Bssid2 represents second BSSID of wireless access point;Mark2 represents second of wireless access point
The remarks of SSID;Sig represents use the second private key corresponding with wireless access point and signs to openid and MAC Address;
Position represents the latitude and longitude coordinates of owner;Company represents owner's title;Address represents owner address.Class
Type refers to that each information is character string type in the second information.
Accordingly, certificate server receives the second information that management terminal is sent.
Step 406, certificate server carries out identity to hardware information and owner's information and recognizes after the second information is received
Card, authentication by when, by wireless access point be added to trusted wireless access point list, and store and wireless access point
Corresponding first public key.
Certificate server receive management terminal transmission the second information after, obtain the second information in hardware information and
Owner's information;Authentication is carried out to the hardware information and owner's information that get.
Optionally, certificate server includes the authentication of hardware information and owner's information:
1) whether the hardware information that the hardware information that certificate server authentication management terminal is sent is sent with wireless access point
Matching;
2) whether owner's information that certificate server authentication management terminal is sent is correct.
Authentication by when, certificate server by wireless access point be added to trusted wireless access point list in,
Storage the first public key corresponding with wireless access point simultaneously.Wireless access point is added to trusted wireless access by certificate server
Point list refer to certificate server by authentication by the SSID that provides of wireless access point be added to trusted wireless access
In point list.Meanwhile certificate server stores the first public key corresponding with wireless access point, so that certificate server is to wireless
When access point carries out authentication, whether the first public key that certification wireless access point provides belongs to trusted wireless access point list
In corresponding public key.
The first public key corresponding with wireless access point of certificate server storage is used in the follow-up process to wireless access
The authentication of point.Certificate server includes the authentication procedures of wireless access point:Certificate server receives wireless access
The first public key that point provides, certificate server verify whether the first public key corresponding with wireless access point belongs to wireless with trusted
It accesses in the corresponding list of public keys of point list, list of public keys refers to the list of public key corresponding with trusted wireless access point.When
When the first public key that wireless access point provides is present in the corresponding list of public keys of trusted wireless access point list, authentication service
Device determines that the wireless access point is trusted wireless access point;When the first public key that wireless access point provides is not present in trusted
During the corresponding list of public keys of wireless access point list, certificate server determines that the wireless access point is not trusted wireless access
Point.
In conclusion wireless access point authentication method provided in this embodiment, by wireless access point to certificate server
Send the first information;Management terminal sends the second information to certificate server;Certificate server is right after the second information is received
Hardware information and owner's information carry out authentication, authentication by when, by wireless access point be added to trusted without
Line accesses point list, and stores the first public key corresponding with wireless access point;Solve existing authentication method, certificate server
The public Wi-Fi of personation can be defaulted as public Wi-Fi trusty, user terminal is caused to be passed to the public Wi-Fi of personation
The problem of data inside defeated data and user terminal can be by security threat;Reach through certificate server to nothing
Line access point carry out authentication so that only true wireless access point just can by the authentication of certificate server,
Improve the effect of the Information Security inside the data and user terminal of user terminal transmission.
In addition, wireless access point use the first private key corresponding with wireless access point carries out the first information the first signature,
The first information and the first signature are sent to certificate server so that the first information is not tampered, and improves the safety of the first information
Property.
Meanwhile wireless access point use the first private key corresponding with wireless access point is to all or part of hardware information and pipe
The mark for managing terminal carries out third signature, ensure that the hardware information for the wireless access point that management terminal receives is not tampered with,
Improve the safety of data.
It should be noted is that it can be implemented separately to recognize the step of related certificate server side in the present embodiment
Demonstrate,prove the wireless access point authentication method of server side.
Wireless access point authentication method based on shown in Fig. 4, the information transmission between certificate server and wireless access point
It can be transmitted by encrypted mode, that is, after step 402, can also include the following steps, as shown in Figure 5A:
Step 402a, certificate server is according to the first random number, the second random number and corresponding with wireless access point first
First key is calculated in public key, and the information for being sent to wireless access point is encrypted using first key.
Certificate server to wireless access point after feedback information and the second signature is sent, according to the first random number, second
First key is calculated in random number and the first public key corresponding with wireless access point.Certificate server is using first key to hair
The information for giving wireless access point is encrypted.
Optionally, certificate server calculates the serial number that first key required information further includes data packet.The sequence of data packet
Number refer to that certificate server is sent to the corresponding serial number of information of wireless access point.
Such as:Certificate server sends the serial number 1 of information, at this time data packet to wireless access point for the first time;Certification takes
Second of serial number 2 that information, at this time data packet are sent to wireless access point of business device, and so on.
Illustratively, the process of certificate server calculating first key is as follows:
When the serial number 1 of data packet, session is calculated by the first random number and the second random number in certificate server
Key;Shared key is calculated by the first public key corresponding with wireless access point in certificate server;Certificate server according to
First key is calculated in session key and shared key;
When the serial number of data packet is not 1, certificate server is calculated according to a upper session key and shared key
First key.
After first key is calculated in certificate server, the information for being sent to wireless access point is carried out using first key
Encryption.
Step 402b, wireless access point is according to the first random number, the second random number and corresponding with certificate server second
The second key is calculated in public key, and the information that certificate server is sent to using the second key pair is encrypted.
Wireless access point receive certificate server transmission feedback information and second signature after, according to authentication service
Whether the corresponding second public key verifications feedback information of device is tampered, when feedback information is not tampered with, according to the first random number,
The second key is calculated in two random numbers and the second public key corresponding with certificate server.Wireless access point uses the second key pair
The information for being sent to certificate server is encrypted.
Optionally, wireless access point calculates the serial number that the second key required information further includes data packet.The sequence of data packet
Number refer to that wireless access point is sent to the corresponding serial number of information of certificate server.
Such as:Wireless access point sends the serial number 1 of information, at this time data packet to certificate server for the first time;Wirelessly connect
Second of serial number 2 that information, at this time data packet are sent to certificate server of access point, and so on.
Illustratively, the process of the second key of wireless access point calculating is as follows:
When the serial number 1 of data packet, session is calculated by the first random number and the second random number in wireless access point
Key;Shared key is calculated by the second public key corresponding with certificate server in wireless access point;Wireless access point according to
The second key is calculated in session key and shared key;
When the serial number of data packet is not 1, wireless access point is calculated according to a upper session key and shared key
Second key.
After the second key is calculated in wireless access point, the information that certificate server is sent to using the second key pair is carried out
Encryption.
In conclusion the information for being sent to wireless access point is encrypted using first key by certificate server,
The information for being sent to certificate server using the second key pair with wireless access point is encrypted, and be ensure that wireless access point and is recognized
The safety that information is transmitted between card server.
Wireless access point authentication method based on shown in Fig. 4, management terminal can obtain certification by certificate server and take
The certification network list being engaged in device.And the hardware information in certification network list is deleted.That is, after step 406,
It can also include the following steps, as shown in Figure 5 B:
Step 407, management terminal is obtained to certificate server transmission list and is asked.
List obtains request for obtaining the certification network list in certificate server, certification network list be trusted without
The list for each credible SSID that line access point provides.
Management terminal is sent when needing to check or delete certification network corresponding with wireless access point to certificate server
List obtains request.The list obtain request for obtain trusted wireless access point in certificate server provide it is each credible
The list of SSID.
Optionally, list obtains the mark that management terminal is carried in request.Such as:Wechat is carried in acquisition request to step on
Openid and access token after record.
Such as:Management terminal passes through " http:// [domain name]/admin/getrouterlist " is sent to certificate server
List obtains request.
Illustratively, management terminal obtains request as shown in Table 6 to the list that certificate server is sent:
| Field | Type | Explanation | Remarks |
| openid | String | The openid that wechat logs in | |
| token | String | The accesstoken that wechat logs in |
Table six
As shown in Table 6, list obtains the mark that management terminal is carried in request.Field openid represents management terminal
Mark, token represents the access token of management terminal, and the type of the two is all character string type.
Accordingly, certificate server receives the list that management terminal is sent and obtains request.
Step 408, certificate server sends certification network list to management terminal.
Certification sends certification network list after receiving list and obtaining request, to management terminal.Wherein, certification network arranges
Table is the list for each credible SSID that trusted wireless access point provides.
Illustratively, the certification network list that certificate server is sent to management terminal is as shown in Table 7:
Table seven
As shown in Table 7, the mark of field references difference information, such as:Ret represents return code;Msg represents return code word
Information;Mac represents the MAC Address of wireless access point;Ssid represents the SSID of wireless access point;Bssid represents wireless access point
BSSID, if wireless access point supports multiple ssid and bssid, establish array ssidlist and routerlist, display is more
A ssid and bssid;Mark represents the remarks of the SSID of wireless access point.Type refers to each information in certification network list
Type, including integer and character string.
Accordingly, management terminal receives the certification network list that certificate server is sent.
Step 409, management terminal is sent to certificate server cancels bind request, cancels bind request and includes wireless access
The credible SSID that point provides.
It after management terminal receives certification network list, is sent to certificate server and cancels bind request, cancelling binding please
The credible SSID provided including wireless access point is provided.Cancel bind request in the certification network list in certificate server
Cancel the credible SSID that corresponding wireless access point provides.Such as:Management terminal passes through " http:// [domain name]/admin/
Unbind " is sent to certificate server cancels bind request.
Optionally, cancel the mark that bind request further includes management terminal.
It is assumed that including multiple SSID in a wireless access point in wireless access point list, then cancelling bind request can
To cancel all SSID in the wireless access point, the part SSID in the wireless access point can also be cancelled.
Cancel the credible SSID that the wireless access point that bind request includes provides to refer to need what is cancelled in wireless access point
SSID。
Illustratively, the cancellation bind request that management terminal is sent to certificate server is as shown in Table 8:
Table eight
As shown in Table 8, the wireless access point shown in table eight includes 2 ssid.Wherein, field references difference information
Mark, such as:Field openid represents the mark of management terminal, and token represents the access token of management terminal;Mac represents wireless
The MAC Address of access point;Ssid represents the SSID of wireless access point;Bssid represents the BSSID of wireless access point;Ssid2 is represented
Second SSID of wireless access point;Bssid2 represents second BSSID of wireless access point.Cancel all letters in bind request
The type of breath is all the type of character string.
Accordingly, certificate server receives the cancellation bind request that management terminal is sent.
Step 410, certificate server is deleted wireless access point in certification network list and is provided according to bind request is cancelled
Credible SSID.
After certificate server receives cancellation bind request, obtain the wireless access point cancelled and carried in bind request and provide
Credible SSID, according to the hardware information, the credible SSID that wireless access point provides is deleted in certification network list.
Wireless access point authentication method based on shown in Fig. 4, management terminal determine that the SSID of wireless access point is certificate web
During network, the SSID of the wireless access point after determining is sent to certificate server.That is, after step 406, it can also include
Following steps, as shown in Figure 5 C:
Step 411, management terminal sends network validation request to certificate server, and network validation request, which carries, wirelessly to be connect
The SSID of access point.
After management terminal is connected to wireless access point by certificate server, the SSID of wireless access point is appointed as certification
The SSID of network;And the SSID of specified wireless access point is carried and is sent to certificate server in network validation request.
Such as:Management terminal passes through " http:// [domain name]/admin/setwifi " is true to certificate server transmission network
Recognize request.
Accordingly, certificate server receives the network validation request that management terminal is sent.
Step 412, certificate server is asked according to network validation, and specified SSID is added to certification network list.
Certificate server is obtained and is specified in network validation request after the network validation request of management terminal transmission is received
Wireless access point SSID;Specified SSID is added to certification network list by certificate server.
Certification network list refers to the list for each credible SSID that trusted wireless access point provides.
Fig. 6 is please referred to, it illustrates the structure boxes of wireless access point authentication device provided by one embodiment of the present invention
Figure.The wireless access point authentication device can be implemented in combination with by software, hardware or both as certificate server in Fig. 1
All or part of.The wireless access point authentication device includes:
First receiving module 620, for receiving the first information of wireless access point transmission, the first information includes:Wirelessly connect
The hardware information of access point and the first public key corresponding with wireless access point.
Second receiving module 640, for receiving the second information of management terminal transmission, the second information includes:Wireless access
The hardware information of point and owner's information of wireless access point.
Authentication module 660, for after the second information is received, identity to be carried out to hardware information and owner's information
Certification, authentication by when, by wireless access point be added to trusted wireless access point list, and store and wireless access
Corresponding first public key of point.
In conclusion wireless access point authentication device provided in this embodiment, by receive that wireless access point sends the
One information;Receive the second information that management terminal is sent;After the second information is received, to hardware information and owner's information into
Row authentication, authentication by when, by wireless access point be added to trusted wireless access point list, and store and nothing
Corresponding first public key of line access point;Solves existing authentication method, certificate server can give tacit consent to the public Wi-Fi of personation
For public Wi-Fi trusty, lead to user terminal to the inside of the public Wi-Fi of the personation data transmitted and user terminal
Data can be by security threat the problem of;Reach and authentication is carried out to wireless access point by certificate server, made
Must there was only the data that true wireless access point by the authentication of certificate server, can just improve user terminal transmission
And the effect of the Information Security inside user terminal.
Fig. 7 is please referred to, it illustrates the structure sides for the wireless access point authentication device that another embodiment of the present invention provides
Block diagram.The wireless access point authentication device can be implemented in combination with by software, hardware or both as authentication service in Fig. 1
Device all or part of.The wireless access point authentication device includes:
First receiving module 710, for receiving the first information of wireless access point transmission, the first information includes:Wirelessly connect
The hardware information of access point and the first public key corresponding with wireless access point.
Optionally, in the present embodiment, the first receiving module 710 is additionally operable to receive the first information that wireless access point is sent
With the first signature, the first signature is that wireless access point use the first private key corresponding with wireless access point carries out the first information
Signature.
Optionally, the first information also carries the first random number.
In the present embodiment, wireless access point authentication device can also include:Feed back sending module 720 and cipher key calculation module
730。
Sending module 720 is fed back, for sending feedback information and the second signature to wireless access point, the second signature is certification
Server uses the signature that the second private key corresponding with certificate server carries out feedback information, and feedback information includes taking with certification
Corresponding second public key of business device and the second random number.
Cipher key calculation module 730, for according to the first random number, the second random number and corresponding with wireless access point first
First key is calculated in public key, and the information for being sent to wireless access point is encrypted using first key.
Second receiving module 740, for receiving the second information of management terminal transmission, the second information includes:Wireless access
The hardware information of point and owner's information of wireless access point.
Authentication module 750, for after the second information is received, identity to be carried out to hardware information and owner's information
Certification, authentication by when, by wireless access point be added to trusted wireless access point list, and store and wireless access
Corresponding first public key of point.
Optionally, in the present embodiment, wireless access point authentication device can also include:Request receiving module 760 and list
Sending module 770.
Request receiving module 760, the list for receiving management terminal transmission obtain request, and list obtains request for obtaining
The certification network list in certificate server is taken, certification network list is each trusted service that trusted wireless access point provides
The list of set identifier SSID.
List sending module 770, for sending certification network list to management terminal.
Optionally, in the present embodiment, wireless access point authentication device can also include:Cancel receiving module 780 and information
Removing module 790.
Cancel receiving module 780, for receiving the cancellation bind request of management terminal transmission, cancel bind request and include nothing
The credible SSID that line access point provides.
Information deletion module 790, for according to bind request being cancelled, wireless access point being deleted in certification network list and is carried
The credible SSID supplied.
In conclusion wireless access point authentication device provided in this embodiment, by wireless access point to certificate server
Send the first information;Management terminal sends the second information to certificate server;Certificate server is right after the second information is received
Hardware information and owner's information carry out authentication, authentication by when, by wireless access point be added to trusted without
Line accesses point list, and stores the first public key corresponding with wireless access point;Solve existing authentication method, certificate server
The public Wi-Fi of personation can be defaulted as public Wi-Fi trusty, user terminal is caused to be passed to the public Wi-Fi of personation
The problem of data inside defeated data and user terminal can be by security threat;Reach through certificate server to nothing
Line access point carry out authentication so that only true wireless access point just can by the authentication of certificate server,
Improve the effect of the Information Security inside the data and user terminal of user terminal transmission.
In addition, wireless access point use the first private key corresponding with wireless access point carries out the first information the first signature,
The first information and the first signature are sent to certificate server so that the first information is not tampered, and improves the safety of the first information
Property.
Meanwhile wireless access point use the first private key corresponding with wireless access point is to all or part of hardware information and pipe
The mark for managing terminal carries out third signature, ensure that the hardware information for the wireless access point that management terminal receives is not tampered with,
Improve the safety of data.
Fig. 8 is please referred to, it illustrates a kind of structure boxes of wireless access point Verification System provided in an embodiment of the present invention
Figure, the system include:Management terminal 820, wireless access point 840 and certificate server 860;
Management terminal 820, for sending the second information to certificate server;
Wireless access point 840, for sending the first information to certificate server;
Certificate server 860, including any wireless access point of embodiment as shown in Figure 6 or embodiment illustrated in fig. 7
Authentication device.
It should be noted that:Above-described embodiment provide wireless access point certification device in wireless access point certification,
It, can be as needed and by above-mentioned function distribution only with the division progress of above-mentioned each function module for example, in practical application
It is completed by different function modules, i.e., the internal structure of equipment is divided into different function modules, it is described above to complete
All or part of function.In addition, the device for the wireless access point certification that above-described embodiment provides and wireless access point certification
Embodiment of the method belongs to same design, and specific implementation process refers to embodiment of the method, and which is not described herein again.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment
It completes, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.
Claims (18)
1. a kind of wireless access point authentication method, which is characterized in that the method includes:
Wireless access point sends the first information to certificate server, and the first information includes:The hardware of the wireless access point
Information and the first public key corresponding with the wireless access point;
Management terminal is sent to the wireless access point obtains request, described to obtain request for obtaining the wireless access point
Hardware information, it is described to obtain the mark that the management terminal is carried in request;
The wireless access point takes described obtain in request after the acquisition request that the management terminal is sent is received
The mark of the management terminal of band is verified, when verifying that the mark has administration authority, is sent out to the management terminal
Send hardware information;
The management terminal sends the second information to the certificate server, and second information includes:The wireless access point
Hardware information and the wireless access point owner's information;
The certificate server after second information is received, described in certification management terminal send hardware information with it is described
Whether the hardware information that wireless access point is sent matches, and whether owner's information that management terminal described in certification is sent is correct;
Authentication by when, the wireless access point is added to trusted wireless access point list, and store with it is described wireless
Corresponding first public key of access point.
2. according to the method described in claim 1, it is characterized in that, the wireless access point sends the first letter to certificate server
Breath, including:
The wireless access point use the first private key corresponding with the wireless access point carries out the first information the first label
Name sends the first information and first signature to the certificate server.
3. according to the method described in claim 2, it is characterized in that, the first information also carries the first random number;
The wireless access point is also wrapped after the certificate server sends the carrying first information and first signature
It includes:
The certificate server sends feedback information and the second signature to the wireless access point, and second signature is described to recognize
Card server uses the signature that the second private key corresponding with the certificate server carries out the feedback information, the feedback letter
Breath includes the second public key corresponding with the certificate server and the second random number;
The certificate server is according to first random number, second random number and corresponding with the wireless access point
First key is calculated in one public key, and the information for being sent to the wireless access point is encrypted using the first key;
And/or the wireless access point is according to first random number, second random number and corresponding with the certificate server
The second key is calculated in second public key, and the information for being sent to the certificate server using second key pair is added
It is close.
4. according to the method described in claim 1, it is characterized in that, described obtain the mark that the management terminal is carried in request
Know, the management terminal is stored with first public key;
The wireless access point sends the hardware information to the management terminal, including:
The wireless access point use the first private key corresponding with the wireless access point, to all or part of hardware information and institute
The mark for stating management terminal carries out third signature, sends the hardware information to the management terminal and the third is signed.
5. according to the method described in claim 4, it is characterized in that, the wireless access point is added to by the certificate server
After trusted wireless access point list, further include:
The management terminal is obtained to the certificate server transmission list and is asked, and it is described for obtaining that the list obtains request
Certification network list in certificate server, the certification network list are that each of trusted wireless access point offer can
The list of telecommunications services set identifier SSID;
The certificate server sends the certification network list to the management terminal.
6. according to the method described in claim 5, it is characterized in that, described in the certificate server to management terminal transmission
After certification network list, further include:
The management terminal is sent to the certificate server cancels bind request, and the cancellation bind request includes described wireless
The trusted service set identifier SSID that access point provides;
The certificate server deletes the trusted service collection according to the cancellation bind request in the certification network list
Identify SSID.
7. a kind of wireless access point authentication method, which is characterized in that the method includes:
The first information that wireless access point is sent is received, the first information includes:The hardware information of the wireless access point and
The first public key corresponding with the wireless access point;
The second information that management terminal is sent is received, second information includes:The hardware information of the wireless access point and institute
Owner's information of wireless access point is stated, the hardware information is that the management terminal please to wireless access point transmission acquisition
It asks, the wireless access point takes described obtain in request after the acquisition request that the management terminal is sent is received
The mark of the management terminal of band is verified, when verifying that the mark has administration authority, is sent out to the management terminal
It send, it is described to obtain request for obtaining the hardware information of the wireless access point;
After second information is received, hardware information and the wireless access point that management terminal described in certification is sent are sent
Hardware information whether match, and described in certification management terminal send owner's information it is whether correct, pass through in authentication
When, the wireless access point is added to trusted wireless access point list, and store corresponding with the wireless access point the
One public key.
8. the method according to the description of claim 7 is characterized in that the first information for receiving wireless access point and sending, packet
It includes:
The first information and the first signature that the wireless access point is sent are received, first signature is the wireless access
The signature that point carries out the first information using the first private key corresponding with the wireless access point.
9. according to the method described in claim 8, it is characterized in that, the first information also carries the first random number;
After the first information and the first signature for receiving the wireless access point and sending, further include:
Send feedback information and the second signature to the wireless access point, second signature be the certificate server use with
The signature that corresponding second private key of the certificate server carries out the feedback information, the feedback information include recognizing with described
Demonstrate,prove corresponding second public key of server and the second random number;
It is calculated according to first random number, second random number and the first public key corresponding with the wireless access point
First key is encrypted the information for being sent to the wireless access point using the first key.
10. according to any method of claim 7 to 9, which is characterized in that described be added to the wireless access point can
After trusting wireless access point list, further include:
It receives the list that the management terminal is sent and obtains request, the list obtains request for obtaining the certificate server
In certification network list, the certification network list is each trusted service collection mark that the trusted wireless access point provides
Know the list of SSID;
The certification network list is sent to the management terminal.
11. according to the method described in claim 10, it is characterized in that, described send the certification network to the management terminal
After list, further include:
The cancellation bind request that the management terminal is sent is received, the cancellation bind request is provided including the wireless access point
Trusted service set identifier SSID;
According to the cancellation bind request, the trusted service set identifier SSID is deleted in the certification network list.
12. a kind of wireless access point authentication device, which is characterized in that described device includes:
First receiving module, for receiving the first information of wireless access point transmission, the first information includes:It is described wirelessly to connect
The hardware information of access point and the first public key corresponding with the wireless access point;
Second receiving module, for receiving the second information of management terminal transmission, second information includes:The wireless access
The hardware information of point and owner's information of the wireless access point, the hardware information are the management terminals to described wireless
Access point, which is sent, obtains request, and the wireless access point is right after the acquisition request that the management terminal is sent is received
The mark of the management terminal carried in request that obtains is verified, when verifying that the mark has administration authority,
It is sent to the management terminal, it is described to obtain request for obtaining the hardware information of the wireless access point;
Authentication module, for after second information is received, hardware information that management terminal described in certification is sent with
Whether the hardware information that the wireless access point is sent matches, and just whether owner's information that management terminal described in certification is sent
Really, authentication by when, by the wireless access point be added to trusted wireless access point list, and store with the nothing
Corresponding first public key of line access point.
13. device according to claim 12, which is characterized in that first receiving module is additionally operable to receive the nothing
The first information and the first signature that line access point is sent, first signature is the wireless access point use and the nothing
The signature that corresponding first private key of line access point carries out the first information.
14. device according to claim 13, which is characterized in that the first information also carries the first random number;
Described device further includes:
Sending module is fed back, for sending feedback information and the second signature to the wireless access point, second signature is institute
The signature that certificate server uses the second private key corresponding with the certificate server to carry out the feedback information is stated, it is described anti-
Feedforward information includes the second public key corresponding with the certificate server and the second random number;
Cipher key calculation module, for according to first random number, second random number and corresponding with the wireless access point
The first public key first key is calculated, the information for being sent to the wireless access point is added using the first key
It is close.
15. according to any device of claim 12 to 14, which is characterized in that described device further includes:
Request receiving module obtains request for receiving the list that the management terminal is sent, and the list obtains request and is used for
The certification network list in the certificate server is obtained, the certification network list is that the trusted wireless access point provides
Each trusted service set identifier SSID list;
List sending module, for sending the certification network list to the management terminal.
16. device according to claim 15, which is characterized in that described device further includes:
Cancel receiving module, for receiving the cancellation bind request that the management terminal is sent, the cancellation bind request includes
The trusted service set identifier SSID that the wireless access point provides;
Information deletion module, for that according to the cancellation bind request, can convince described in deletion in the certification network list
Be engaged in set identifier SSID.
17. a kind of wireless access point Verification System, which is characterized in that the system comprises:Certificate server, wireless access point and
Management terminal;
The certificate server includes the wireless access point authentication device as described in claim 12 to 16 is any;
The wireless access point, for sending the first information to the certificate server;
The management terminal, for sending the second information to the certificate server.
18. a kind of computer readable storage medium, which is characterized in that it has program stored therein in the computer readable storage medium,
Described program is loaded by processor and is performed to realize such as claim 1 to 6 any one of them wireless access point authentication method;
Alternatively, such as claim 7 to 11 any one of them wireless access point authentication method.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610067779.8A CN105554760B (en) | 2016-01-29 | 2016-01-29 | Wireless access point authentication method, apparatus and system |
| EP17743704.3A EP3410758B1 (en) | 2016-01-29 | 2017-01-23 | Wireless network connecting method and apparatus, and storage medium |
| PCT/CN2017/072186 WO2017129089A1 (en) | 2016-01-29 | 2017-01-23 | Wireless network connecting method and apparatus, and storage medium |
| KR1020187020181A KR102134302B1 (en) | 2016-01-29 | 2017-01-23 | Wireless network access method and apparatus, and storage medium |
| US15/913,644 US10638321B2 (en) | 2016-01-29 | 2018-03-06 | Wireless network connection method and apparatus, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610067779.8A CN105554760B (en) | 2016-01-29 | 2016-01-29 | Wireless access point authentication method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105554760A CN105554760A (en) | 2016-05-04 |
| CN105554760B true CN105554760B (en) | 2018-06-29 |
Family
ID=55833647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610067779.8A Active CN105554760B (en) | 2016-01-29 | 2016-01-29 | Wireless access point authentication method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105554760B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3410758B1 (en) | 2016-01-29 | 2020-02-26 | Tencent Technology (Shenzhen) Company Limited | Wireless network connecting method and apparatus, and storage medium |
| CN106101058A (en) * | 2016-05-19 | 2016-11-09 | 郑建钦 | A kind of hot information processing method based on Quick Response Code |
| CN106102062B (en) * | 2016-06-14 | 2020-02-11 | 中国联合网络通信集团有限公司 | Public wireless network access method and device |
| CN108306793B (en) * | 2016-10-09 | 2021-01-22 | 杭州萤石网络有限公司 | Intelligent device, intelligent home gateway, and method and system for establishing connection |
| CN107172588A (en) * | 2017-06-14 | 2017-09-15 | 广东艾檬电子科技有限公司 | A kind of WiFi network recommends method and device |
| CN109729055B (en) * | 2017-10-30 | 2021-08-20 | 北京三快在线科技有限公司 | Communication method, communication device, electronic apparatus, and storage medium |
| CN108811036B (en) * | 2018-05-24 | 2020-07-31 | 上海连尚网络科技有限公司 | Method and apparatus for displaying wireless access point information |
| CN109474592B (en) * | 2018-11-08 | 2021-08-31 | 蓝信移动(北京)科技有限公司 | Public key binding method and system |
| CN112637184B (en) * | 2020-12-18 | 2022-05-17 | 珠海格力电器股份有限公司 | Security authentication system, method, apparatus, device, and computer-readable storage medium |
| CN114845298B (en) * | 2022-03-29 | 2023-11-28 | 国网山东省电力公司经济技术研究院 | Overhead optical cable monitoring and transmitting system based on trusted WLAN |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867929B (en) * | 2010-05-25 | 2013-03-13 | 北京星网锐捷网络技术有限公司 | Authentication method, system, authentication server and terminal equipment |
| KR101345943B1 (en) * | 2012-02-29 | 2013-12-27 | 주식회사 팬택 | Mobile device for access point verification and method for operating mobile device |
| CN104270366B (en) * | 2014-09-30 | 2017-09-29 | 北京金山安全软件有限公司 | method and device for detecting karma attack |
| CN104955028A (en) * | 2015-06-23 | 2015-09-30 | 北京奇虎科技有限公司 | Method, device and sensor for identifying phishing WIFI (wireless fidelity) |
| CN105162768B (en) * | 2015-07-31 | 2018-12-07 | 腾讯科技(深圳)有限公司 | The method and device of detection fishing Wi-Fi Hotspot |
| CN105101209A (en) * | 2015-08-24 | 2015-11-25 | 山西朗众信息技术有限公司 | Wireless router access method and wireless router access system |
-
2016
- 2016-01-29 CN CN201610067779.8A patent/CN105554760B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN105554760A (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105554760B (en) | Wireless access point authentication method, apparatus and system | |
| US10638321B2 (en) | Wireless network connection method and apparatus, and storage medium | |
| EP3642997B1 (en) | Secure communications providing forward secrecy | |
| KR101508360B1 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
| US8707029B2 (en) | Mobile handset identification and communication authentication | |
| CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
| CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| CN107493273A (en) | Identity identifying method, system and computer-readable recording medium | |
| KR20180029695A (en) | System and method for transmitting data using block-chain | |
| CN107483212A (en) | A kind of method of both sides' cooperation generation digital signature | |
| US10484350B2 (en) | Privacy-preserving location corroborations | |
| CN105554747A (en) | Wireless network connecting method, device and system | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| CN106576043A (en) | Virally distributable trusted messaging | |
| CN103929745B (en) | Wireless MESH network access authentication system and method based on privacy protection | |
| KR20110083886A (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN108111497A (en) | Video camera and server inter-authentication method and device | |
| CN111342955B (en) | Communication method and device and computer storage medium | |
| CN107483429B (en) | A kind of data ciphering method and device | |
| CN103874059B (en) | Message processing method and device, system | |
| US9160739B2 (en) | Secure data transmission system | |
| KR20180000220A (en) | Method providing secure message service and apparatus therefor | |
| KR101358375B1 (en) | Prevention security system and method for smishing | |
| CN113365264B (en) | Block chain wireless network data transmission method, device and system | |
| CN111698203A (en) | Cloud data encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |