CN105828328A - Network connection method, client network access method and device - Google Patents
Network connection method, client network access method and device Download PDFInfo
- Publication number
- CN105828328A CN105828328A CN201510013247.1A CN201510013247A CN105828328A CN 105828328 A CN105828328 A CN 105828328A CN 201510013247 A CN201510013247 A CN 201510013247A CN 105828328 A CN105828328 A CN 105828328A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- wap
- aes
- sequence code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a network connection method, a client network access method and a device. The network connection method comprises the steps that after a wireless access point receives the request of network access sent by a client, the client is connected to a basic service set of a no password mode; then a message that the client is connected to the basic service set of a no password mode is sent to the client; the client generates a first key that the wireless access point authenticates according to a second key in connecting a network; and the wireless access point carries out access authentication of the first key generated by the client according to a second key, after successful authentication, the client is connected to a basic service set of an encryption mode from the basic service set of a no password mode, wherein the generation mechanism of the first key in the client is corresponding to the generation mechanism of the second key in the wireless access point. By using the invention, a wireless LAN can be safely and simply used without setting a key by the user, and a user experience is improved.
Description
Technical field
The present invention relates to wireless communication field, particularly to the connection of a kind of network, the method and device of client access network.
Background technology
WLAN (WirelessLocalAreaNetwork, WLAN) is to use wireless communication technology to be interconnected by computer equipment, and constituting can be with intercommunication and the LAN of resource-sharing.WLAN have structure flexibly, access convenient, support multiple terminal to access, terminal moves the feature such as flexibly.
Owing to the air message of foundation and use WLAN is to transmit in atmosphere; plaintext transmission is used to have the danger divulged a secret; in order to protect privacy of user; prior art provides multiple encryption algorithms air message is encrypted; such as WEP (WiredEquivalentPrivacy; Wired Equivalent Privacy), WPA (Wi-FiProtectedAccess; Wi-Fi Protected Access), WPA2 and WAPI (WirelessLANAuthenticationandPrivacyInfrastructure, WLAN authentication and privacy infrastructure) etc..
Wireless router in the market supports above-mentioned several AES mostly, if user can define longer and insignificant key, with WAP2 algorithm for encryption, that almost can not crack, but such key can be remembered hardly, and inputs loaded down with trivial details.Major part user the most simply gathers enough 8, such as: 12345678,11111111 or name, birthday etc., but this simple key performs practically no function, and utilizes the shortest time just can be by Brute Force.Although some user knows that the simple key of use may be cracked, but the trouble forgotten Password with minimizing the most for convenience, simple key would rather be used.
The deficiencies in the prior art are:
Key that existing WLAN encryption method uses otherwise the most complicated, can not remember, or too simple, can be cracked easily, it is impossible to enough make user's not only safety but also simply use WLAN.
Summary of the invention
The embodiment of the present invention provides method and device, the method and device of client access network that a kind of network connects, in order to solve the problem that user cannot use the most safely but also simply WLAN.
The embodiment of the present invention provides a kind of method that network connects, including step:
Receive the request of the access network that client sends;
According to request, client is linked in the BSS without cipher mode that WAP is set up;
Client is accessed the message feedback of the BSS without cipher mode to client;
Carrying out access authentication according to the first key that the second double secret key client generates, the generting machanism of described second key and described first key generting machanism on the client is corresponding;
After the authentication has been successful, client is connected to from the BSS without cipher mode the BSS of encryption mode.
The embodiment of the present invention provides the device that a kind of network connects, including:
First receiver module, for receiving the request of the access network that client sends;
AM access module, for being linked into client in the BSS without cipher mode that WAP is set up according to described request;
Feedback module, for having accessed the message feedback of the BSS without cipher mode to client by client;
Authentication module, carries out access authentication for the first key generated according to the second double secret key client, and the generting machanism of described second key and described first key generting machanism on the client is corresponding;
AM access module is further used for after the authentication has been successful, and client is connected to the BSS of encryption mode from the BSS without cipher mode.
A kind of method providing client access network in the embodiment of the present invention, including step:
Send the request of access network to WAP;
The client receiving WAP feedback has accessed the message of the BSS without cipher mode;
The first key of being authenticated according to the second key of WAP when generating access network, the generting machanism of described first key and the described second key generting machanism on WAP is corresponding;
Described first key and WAP is used to carry out access authentication.
The embodiment of the present invention provides the device of a kind of client access network, including:
Second sending module, for sending the request of access network to WAP;
Second receiver module, has accessed the message of the BSS without cipher mode for receiving the client of WAP feedback;
Generation module, the first key that WAP is authenticated according to the second key in time generating access network, the generting machanism of this first key and the described second key generting machanism on WAP is corresponding;
Second authentication module, for using the first key and WAP to carry out access authentication.
The invention has the beneficial effects as follows:
nullIn the technical scheme that the embodiment of the present invention provides,By changing existing network connected mode,First client is linked into without in the BSS of cipher mode,Then key authentication is passed through,Again client is linked in the BSS of encryption mode,Due to time in the BSS accessing encryption mode,The first key being authenticated is to be generated by the application program being preset in client,And the generting machanism of the generting machanism and client generating the second key at the application program of WAP is corresponding,Namely,Verification process is completed by being previously deployed at the application program of client and WAP,Therefore it is not required to client to be accessed refined net by user setup key,And,The safe coefficient of key can also be selected by the application program preset,So,The technical scheme using the embodiment of the present invention to provide can make user the most safely but also simply use WLAN,Improve Consumer's Experience.
Accompanying drawing explanation
The specific embodiment of the present invention is described below with reference to accompanying drawings, wherein:
Fig. 1 is the schematic flow sheet that in the embodiment of the present invention, method for connecting network is implemented;
Fig. 2 is the schematic diagram of client switching BSS in the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of WAP the second key updating in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet that in the embodiment of the present invention, client network access method is implemented;
Fig. 5 is the schematic flow sheet of client the first key updating in the embodiment of the present invention;
Fig. 6 is the structural representation of network connection device in the embodiment of the present invention;
Fig. 7 is the structural representation of client access network device in the embodiment of the present invention.
Detailed description of the invention
In order to make technical scheme in the embodiment of the present invention and advantage clearer, below in conjunction with accompanying drawing, the exemplary embodiment of the present invention is described in more detail, obviously, described embodiment is only the exhaustive of a part of embodiment of the present invention rather than all embodiments.
For the deficiencies in the prior art, the embodiment of the present invention provides method, the method and device of client access network that a kind of network connects, allows users to the most safely but also simply use WLAN, improve Consumer's Experience.It is illustrated below.
Fig. 1 is the schematic flow sheet that in the embodiment of the present invention, method for connecting network is implemented, as it can be seen, step can be included:
The request of the access network that step 101, reception client send;
Step 102, according to described request client is linked in the BSS without cipher mode that WAP is set up;
Step 103, client is accessed the message feedback of the BSS without cipher mode to client;
Step 104, the first key generated according to the second double secret key client carry out access authentication, and the generting machanism of described second key and described first key generting machanism on the client is corresponding;
Step 105, after the authentication has been successful, is connected to the BSS of encryption mode by client from the BSS without cipher mode.
In being embodied as, AP (AccessPoint, WAP) can set up two BSS (BasicServiceSet, Basic Service Set) in advance, one of them be openclear without cipher mode, another one is encryption mode.
In the technical scheme that the embodiment of the present invention provides, by changing existing network connected mode, first client is linked into without in the BSS of cipher mode, then key authentication is passed through, again client is linked in the BSS of encryption mode, and key is not required to client to be accessed refined net by user setup, allows users to the most safely but also simply use WLAN, improve Consumer's Experience.
In enforcement, in step 104, certification can include step:
Determine that the first key that described client sends whether should with the second double secret key of WAP storage;
If corresponding, then certification success.
In being embodied as, can be authenticated by judging that the first key that client is sent is the most identical with the second key that AP stores, if identical, certification success.In addition to this it is possible to by judging whether the second key that the first key that client is sent stores with WAP has complementation or other can determine whether that the corresponding relation mated is authenticated.Corresponding relation is not restricted by the embodiment of the present invention, skilled artisan understands that for convenience and use, following example all by judge the first key that client sends with the second key of WAP storage the most identical as a example by.
The most corresponding with the second key by certification the first key, client is mated with the BSS of WAP, it is possible to easily client is linked in the BSS of encryption mode.
In enforcement, authentication mode may include that closely authentication mode, the mode of built-in authentication server or the mode of external certificate server.
In being embodied as, certificate server is general way, as: radiusserver, this server is to have been configured a series of letter of identity (such as user name password etc.) when certificate server by network manager, informing/license to user afterwards, user need to carry out authentication when logging in router.
Closely encryption mode is the positional information being obtained client by wireless router, by this positional information compared with the position model preset, determine mating of this positional information and predeterminated position model, wireless router obtains the identity information of client, completes the mirror mandate to client, it is allowed to client accesses wireless network, generally, just can be by an action near router, router just will recognise that this equipment, and passes through certification.Closely at least one embodiment of encryption mode see Application No. 2014101194428, the patent document of invention entitled wireless network Authentication Authorization method and device.
Built-in and the external physical location referring to certificate server in the mode of built-in authentication server and the mode of external certificate server, may be mounted at above router (then for built-in), it is also possible to be arranged on other equipment being connected beyond router (then for external).
In addition to above-mentioned three kinds of authentication modes, it is also possible to use other authentication modes, select above-mentioned three kinds of modes in this embodiment, be to skilled artisan understands that for convenience and use, without limitation in the embodiment of the present invention.
In enforcement, Basic Service Set can be connected with client in the way of hiding SSID.
In being embodied as, SSID (ServiceSetIdentifier, service set) WLAN can be divided into several sub-network needing different identity to verify by technology, each sub-network is required for independent authentication, only just can enter corresponding sub-network by the user of authentication, prevent unauthorized user from entering present networks.Wireless router the most all can provide " allowing SSID broadcast " function, if not wanting to allow the wireless network of oneself be searched by SSID name by people, " can forbid that SSID broadcasts ", now, present networks is not present in the available network list that other people can search.
By the way of hiding SSID, can preferably ensure to use the safety of WLAN, prevent uncommitted disabled user from using this WLAN.
In enforcement, before receiving the first key that client is sent, generate the second key and may include that
Determine the sequence code for generating the second key of storage on WAP;
Generating the second key according to AES according to described sequence code, described AES is identical with the AES generating the first key in client.
In being embodied as, AES can use the AES (AdvancedEncryptionStandard, Advanced Encryption Standard) of MD5 (MessageDigestA1gorithm, Message Digest Algorithm 5) or self-defined key.AES is not limited by the embodiment of the present invention.
Owing to WAP AES is identical with the AES that client stores, therefore can facilitate client and WAP collaborative work, be conducive to improving key authentication efficiency.
In enforcement, may further include:
Transmission sequence code, to client, generates the first key for described client according to AES and described sequence code.
In being embodied as, client can be with WAP collaborative work, and sequence code is sent to client by WAP, owing to WAP is identical with the AES of client, sequence code is identical, the first identical key and the second key can be calculated, be smoothed out certification.
In enforcement, generate the second key according to AES according to described sequence code, can include step:
Described sequence code is encoded according to AES;
The password obtained after coding is intercepted according to self-defined length;
Determine that the password after intercepting is as the second key.
In being embodied as, the second key length can be by User Defined, and from 8~64, the second the longest safety coefficient of key length is the highest, but the second key length is the longest also to consume the most resources and carry out encoding and decoding.
The password figure place obtained after encoding according to AES is more, can select to intercept a certain segment length according to user be used as the second key all as the second key.So on the one hand, ensure that safety, on the other hand also reduce the resource consumption of encoding and decoding.
In enforcement, when generating the second key according to AES, can be according to combination producing second key of multiple sequence codes.
In being embodied as, the sequence code carrying out encoding can be one, it is also possible to is the combination of multiple sequence code.Increasing a sequence code to encode, the second key of generation is the most more difficult to crack, and improves safety.
In enforcement, described sequence code can include WAP MAC Address, WAP serial number, salt figure and variable.
In being embodied as, WAP MAC (MediaAccessControl, medium education) address, serial number, salt figure can be self-defining by wireless router manufacturer, and variable can be date.Wireless router manufacturer can be with the permutation and combination of preset multiple each part mentioned above composition, such as: sequence code 1 can be after MAC two, first four of salt figure, the date of time;Sequence code 2 can be four, the month of time after MAC front two, salt figure, by that analogy.
Wherein, variable can be date, it is also possible to be other parameters, such as time, random digit, it is also possible to be another sequence code etc., without limitation in the embodiment of the present invention.
Utilize sequence code coding to generate the second key and considerably increase the probability that can not crack, improve the safety of Web vector graphic.
In enforcement, the method that the embodiment of the present invention provides may further include:
According to predetermined period, the second key is updated.
In being embodied as, the second key updating cycle can be by User Defined, and the update cycle is the shortest the safest.
In enforcement, described second key is updated including step according to predetermined period:
Determine WAP the second key;
It is authenticated according to the client that described second double secret key is to be accessed;
After the authentication has been successful, the described second key distance last time updated is determined;
When the described time exceedes the default second key updating cycle, update the second key.
Illustrating the use of the method that embodiment provides with example, an example is in order to illustrate how client accesses the BSS of encryption, and an example is in order to illustrate how the second key updates the most again.
Fig. 2 is the schematic diagram of client switching BSS in the embodiment of the present invention, as shown in the figure, first client is connected to without in the BSS of cipher mode, the first key that client calculates is the most identical with the second key that WAP stores, it is authenticated, after certification success, client is connected in the BSS of encryption mode, hereafter, client will no longer access without in the BSS of cipher mode.
Existing wireless router is all one network do not encrypted of acquiescence, is then configured to certain refined net by user's configuration, and specifies key.The method for connecting network provided in the embodiment of the present invention, the first key is produced by sequence code and AES, it is not necessary to user configures, need not user's memory, reduce the difficulty connecting refined net, improve Consumer's Experience simultaneously, the first key is more difficult cracks for this, improves safety.
Fig. 3 is the schematic flow sheet of WAP the second key updating in the embodiment of the present invention, as it can be seen, may include steps of:
Step 301, renewal are for calculating the sequence code of the second key;
Step 302, current second key is utilized to be authenticated;
Step 303, judging whether the second key updating cycle exceeded Preset Time, if exceeding, then the sequence code updated according to step 301 generates the second key, and utilizes this second newly-generated key to be again authenticated, if not less than, then utilize current second key authentication.
A kind of method additionally providing client access network in the embodiment of the present invention, Fig. 4 is the schematic flow sheet that in the embodiment of the present invention, client network access method is implemented, as it can be seen, step can be included:
Step 401, send access network request to WAP;
Step 402, the client of reception WAP feedback have accessed the message of the BSS without cipher mode;
Step 403, the first key of being authenticated according to the second key of WAP when generating access network, the generting machanism of described first key and the described second key generting machanism on WAP is corresponding;
Step 404, using described first key and WAP to carry out access authentication, client is connected to the BSS of encryption mode from the BSS without cipher mode after the authentication has been successful.
In being embodied as, client with WAP collaborative work, can keep the concordance of AES, can calculate the first identical key and the second key, by key authentication, after success, client is connected in the BSS of encryption mode.In the process, it is not necessary to key is configured by user, bring great convenience to user.
In enforcement, during the first key that when generating access network, WAP is authenticated according to the second key, step can be included:
Receive the sequence code that WAP sends;
Encoding described sequence code according to AES, the AES that described AES generates the second key with WAP is identical;
The password obtained after coding is intercepted according to self-defined length;
Determine that the password after intercepting is as the first key.
In being embodied as, the first key length can be by User Defined, and from 8~64, the first the longest safety coefficient of key length is the highest, but the first key length is the longest also to consume the most resources and carry out encoding and decoding.
The password figure place obtained after encoding according to AES is more, can select to intercept a certain segment length according to user be used as the first key all as the first key.So on the one hand, ensure that safety, on the other hand also reduce the resource consumption of encoding and decoding
In enforcement, described sequence code can include WAP MAC Address, WAP serial number, salt figure and variable.
In being embodied as, WAP MAC Address, serial number, salt figure can be self-defining by wireless router manufacturer, and variable can be date.Wireless router manufacturer can be with the permutation and combination of preset multiple each part mentioned above composition, such as: sequence code 1 can be after MAC two, first four of salt figure, the date of time;Sequence code 2 can be four, the month of time after MAC front two, salt figure, by that analogy.
Utilize sequence code coding to generate the first key and considerably increase the probability that can not crack, improve the safety of Web vector graphic.
In enforcement, may further include:
According to predetermined period, the first key is updated.
In being embodied as, the first key updating cycle can be by User Defined, and the update cycle is the shortest the safest.
In enforcement, described first key is updated including step according to predetermined period:
Determine the current first key distance last time updated;
When the described time exceedes the default first key updating cycle, update current first key.
With example, the use of the method that embodiment provides is illustrated the most again.
Fig. 5 is the schematic flow sheet of client the first key updating in the embodiment of the present invention, as it can be seen, may include steps of:
Step 501, judge whether the first key updating cycle exceeded Preset Time;
If exceeding, then perform step 502;
If not less than, then perform step 503;
The sequence code that step 502, utilization receive recalculates the first key made new advances, and utilizes this first new key to be authenticated;
Step 503, current first key is utilized to be authenticated.
Based on same inventive concept, the embodiment of the present invention additionally provides device and the device of a kind of client access network that a kind of network connects, owing to the principle of device solution problem is similar to a kind of a kind of method of method for connecting network, client access network, therefore the enforcement of device may refer to the enforcement of method, repeats no more in place of repetition.
Fig. 6 is the structural representation of network connection device in the embodiment of the present invention, as it can be seen, may include that in a device
First receiver module 601, for receiving the request of the access network that client sends;
AM access module 602, for being linked into client in the BSS without cipher mode that WAP is set up according to described request;
Feedback module 603, for having accessed the message feedback of the BSS without cipher mode to client by client;
First authentication module 604, carries out access authentication for the first key generated according to the second double secret key client, and the generting machanism of described second key and described first key generting machanism on the client is corresponding;
AM access module 602 is further used for after the authentication has been successful, and client is connected to the BSS of encryption mode from the BSS without cipher mode.
In enforcement, this first authentication module 604 includes:
Second key determines unit 6041, for determining that the first key that described client sends whether should with the second double secret key of WAP storage;
Certification successfully determines unit 6042, seasonable with the second double secret key of WAP storage for the first key sent in client, determines certification success.
In enforcement, described first authentication module 604 is further used for employing and includes: closely authentication mode, the mode of built-in authentication server or the authentication mode of external certificate server.
In enforcement, described AM access module 602 is further used for being connected the Basic Service Set accessed in the way of hiding SSID with client.
In enforcement, the device in the embodiment of the present invention may further include:
Sequence code determines module 605, for before receiving the first key that client is sent, determines the sequence code for generating the second key of storage on WAP;
Second key production module 606, for generating the second key according to AES according to described sequence code, described AES is identical with the AES of the first key generated in client.
In enforcement, may further include:
First sending module 607, is used for sending sequence code to client, generates the first key for described client according to AES and described sequence code.
In enforcement, this second key production module 606 may include that
Coding unit 6061, for encoding according to AES described sequence code;
Interception unit 6062, for intercepting according to self-defined length the password obtained after coding;
Second key determines unit 6063, and the password after determining intercepting is as the second key.
In enforcement, when this second key production module 606 is further used for generating the second key according to AES, can be according to combination producing second key of multiple sequence codes.
In enforcement, this second key production module 606 generates the sequence code of the second key can include WAP MAC Address, WAP serial number, salt figure and variable.
In enforcement, may further include:
Second key updating module 608, for being updated the second key according to predetermined period.
In enforcement, the second key updating module 608 may include that
Determine unit 6081, be used for determining WAP the second key;
Client certificate unit 6082, for being authenticated according to the client that described second double secret key is to be accessed;
The very first time determines unit 6083, for after the authentication has been successful, determines the described second key distance last time updated;
First updating block 6084, for when the described time exceedes the default second key updating cycle, updates the second key.
Fig. 7 is the structural representation of client access network device in the embodiment of the present invention, as it can be seen, may include that in a device
Second sending module 701, for sending the request of access network to WAP;
Second receiver module 702, has accessed the message of the BSS without cipher mode for receiving the client of WAP feedback;
The first key of being authenticated according to the second key of WAP when generation module 703 is further used for generating access network, the generting machanism of described first key and the described second key generting machanism on WAP is corresponding;
Second authentication module 704, for using the first key and WAP to carry out access authentication.
In enforcement, the second receiver module 702 can be further used for receiving the sequence code that WAP sends;
Described generation module 703 dress may include that
Coding unit 7031, for encoding described sequence code according to AES, the AES that described AES generates the second key with WAP is identical;
Interception unit 7032, for intercepting according to self-defined length the password obtained after coding;
First key determines unit 7033, and the password after determining intercepting is as the first key.
In enforcement, the sequence code that coding unit 7031 carries out encoding can include WAP MAC Address, WAP serial number, salt figure and variable.
In enforcement, it is also possible to farther include:
First key updating module 705, for being updated the first key according to predetermined period.
In enforcement, the first key updating module 705 may include that
Second time determined unit 7051, for determining the current first key distance last time updated;
Second updating block 7052, for when the described time exceedes the default first key updating cycle, updates current first key.
For convenience of description, each several part of apparatus described above is divided into various parts or unit to be respectively described with function.Certainly, the function of each parts or unit can be realized in same or multiple softwares or hardware when implementing the present invention.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or computer program.Therefore, the form of the embodiment in terms of the present invention can use complete hardware embodiment, complete software implementation or combine software and hardware.And, the present invention can use the form at one or more upper computer programs implemented of computer-usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) wherein including computer usable program code.
The present invention is to describe with reference to method, equipment (system) and the flow chart of computer program according to embodiments of the present invention and/or block diagram.It should be understood that can be by the flow process in each flow process in computer program instructions flowchart and/or block diagram and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computer program instructions can be provided to produce a machine to the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device so that the instruction performed by the processor of computer or other programmable data processing device is produced for realizing the device of function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and can guide in the computer-readable memory that computer or other programmable data processing device work in a specific way, the instruction making to be stored in this computer-readable memory produces the manufacture including command device, and this command device realizes the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to perform sequence of operations step on computer or other programmable devices to produce computer implemented process, thus the instruction performed on computer or other programmable devices provides the step of the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame for realization.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creative concept, then these embodiments can be made other change and amendment.So, claims are intended to be construed to include preferred embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification without departing from the spirit and scope of the present invention to the present invention.So, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (30)
1. the method that a network connects, it is characterised in that comprise the steps:
Receive the request of the access network that client sends;
According to described request, client is linked in the Basic Service Set BSS without cipher mode that WAP is set up;
Client is accessed the message feedback of the BSS without cipher mode to client;
Carrying out access authentication according to the first key that the second double secret key client generates, the generting machanism of described second key and described first key generting machanism on the client is corresponding;
After the authentication has been successful, client is connected to from the BSS without cipher mode the BSS of encryption mode.
2. the method for claim 1, it is characterised in that described authentication mode includes: closely authentication mode, the mode of built-in authentication server or the mode of external certificate server.
3. method as claimed in claim 2, it is characterised in that Basic Service Set is connected with client in the way of hiding service set SSID.
4. the method as described in claims 1 to 3 is arbitrary, it is characterised in that before receiving the first key that client is sent, generates the second key and includes:
Determine the sequence code for generating the second key of storage on WAP;
Generating the second key according to AES according to described sequence code, described AES is identical with the AES generating the first key in client.
5. method as claimed in claim 4, it is characterised in that farther include:
Transmission sequence code, to client, generates the first key for described client according to AES and described sequence code.
6. the method as described in claim 4 or 5, it is characterised in that generate the second key according to AES according to described sequence code, including step:
Described sequence code is encoded according to AES;
The password obtained after coding is intercepted according to self-defined length;
Determine that the password after intercepting is as the second key.
7. the method as described in claim 1 to 6 is arbitrary, it is characterised in that when generating the second key according to AES, according to combination producing second key of multiple sequence codes.
8. method as claimed in claim 7, it is characterised in that described sequence code includes WAP MAC address, WAP serial number, salt figure and variable.
9. the method as described in claim 1 to 8 is arbitrary, it is characterised in that farther include:
According to predetermined period, the second key is updated.
10. method as claimed in claim 9, it is characterised in that described according to predetermined period, the second key is updated, including:
Determine WAP the second key;
It is authenticated according to the client that described second double secret key is to be accessed;
After the authentication has been successful, the described second key distance last time updated is determined;
When the described time exceedes the default second key updating cycle, update the second key.
The method of 11. 1 kinds of client access networks, it is characterised in that comprise the steps:
Send the request of access network to WAP;
The client receiving WAP feedback has accessed the message of the BSS without cipher mode;
The first key of being authenticated according to the second key of WAP when generating access network, the generting machanism of described first key and the described second key generting machanism on WAP is corresponding;
Described first key and WAP is used to carry out access authentication.
12. methods as claimed in claim 11, it is characterised in that during the first key that during described generation access network, WAP is authenticated according to the second key, including step:
Receive the sequence code that WAP sends;
Encoding described sequence code according to AES, the AES that described AES generates the second key with WAP is identical;
The password obtained after coding is intercepted according to self-defined length;
Determine that the password after intercepting is as the first key.
13. methods as described in claim 11 or 12, it is characterised in that described sequence code includes WAP MAC Address, WAP serial number, salt figure and variable.
14. methods as described in claim 11 to 13 is arbitrary, it is characterised in that farther include:
According to predetermined period, the first key is updated.
15. methods as claimed in claim 14, it is characterised in that described first key is updated including step according to predetermined period:
Determine the current first key distance last time updated;
When the described time exceedes the default first key updating cycle, update current first key.
The device that 16. 1 kinds of networks connect, it is characterised in that including:
First receiver module, for receiving the request of the access network that client sends;
AM access module, for being linked into client in the BSS without cipher mode that WAP is set up according to described request;
Feedback module, for having accessed the message feedback of the BSS without cipher mode to client by client;
First authentication module, carries out access authentication for the first key generated according to the second double secret key client, and the generting machanism of described second key and described first key generting machanism on the client is corresponding;
AM access module is further used for after the authentication has been successful, and client is connected to the BSS of encryption mode from the BSS without cipher mode.
17. devices as claimed in claim 16, it is characterised in that described first authentication module is further used for employing and includes: closely authentication mode, the mode of built-in authentication server or the authentication mode of external certificate server.
18. devices as claimed in claim 17, it is characterised in that described AM access module is further used for being connected the Basic Service Set accessed in the way of hiding SSID with client.
19. devices as described in claim 16 to 18 is arbitrary, it is characterised in that farther include:
Sequence code determines module, for before receiving the first key that client is sent, determines the sequence code for generating the second key of storage on WAP;
Second key production module, for generating the second key according to AES according to described sequence code, described AES is identical with the AES of the first key generated in client.
20. devices as claimed in claim 19, it is characterised in that farther include:
First sending module, is used for sending sequence code to client, generates the first key for described client according to AES and described sequence code.
21. devices as described in claim 19 or 20, it is characterised in that described second key production module includes:
Coding unit, for encoding according to AES described sequence code;
Interception unit, for intercepting according to self-defined length the password obtained after coding;
Second key determines unit, and the password after determining intercepting is as the second key.
22. devices as described in claim 16 to 21 is arbitrary, it is characterised in that described second key production module is further used for according to AES according to combination producing second key of multiple sequence codes.
23. devices as claimed in claim 22, it is characterised in that the sequence code that described second key production module generates the second key includes WAP MAC Address, WAP serial number, salt figure and variable.
24. devices as described in claim 21 to 23 is arbitrary, it is characterised in that farther include:
Second key updating module, for being updated the second key according to predetermined period.
25. devices as claimed in claim 24, it is characterised in that described second key updating module includes:
Determine unit, be used for determining WAP the second key;
Client certificate unit, for being authenticated according to the client that described second double secret key is to be accessed;
The very first time determines unit, for after the authentication has been successful, determines the described second key distance last time updated;
First updating block, for when the described time exceedes the default second key updating cycle, updates the second key.
The device of 26. 1 kinds of client access networks, it is characterised in that including:
Second sending module, for sending the request of access network to WAP;
Second receiver module, has accessed the message of the BSS without cipher mode for receiving the client of WAP feedback;
Generation module, the first key of being authenticated according to the second key of WAP in time generating access network, the generting machanism of described first key and the described second key generting machanism on WAP is corresponding;
Second authentication module, for using the first key and WAP to carry out access authentication.
27. devices as claimed in claim 26, it is characterised in that
Second receiver module is further used for receiving the sequence code that WAP sends;
Described generation module includes:
Coding unit, for encoding described sequence code according to AES, the AES that described AES generates the second key with WAP is identical;
Interception unit, for intercepting according to self-defined length the password obtained after coding;
First key determines unit, and the password after determining intercepting is as the first key.
28. devices as described in claim 26 or 27, it is characterised in that the sequence code that described coding unit carries out encoding includes WAP MAC Address, WAP serial number, salt figure and variable.
29. devices as described in claim 26 to 28 is arbitrary, it is characterised in that farther include:
First key updating module, for being updated the first key according to predetermined period.
30. devices as claimed in claim 29, it is characterised in that described first key updating module includes:
Second time determined unit, for determining the current first key distance last time updated;
Second updating block, for when the described time exceedes the default first key updating cycle, updates current first key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510013247.1A CN105828328A (en) | 2015-01-09 | 2015-01-09 | Network connection method, client network access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510013247.1A CN105828328A (en) | 2015-01-09 | 2015-01-09 | Network connection method, client network access method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105828328A true CN105828328A (en) | 2016-08-03 |
Family
ID=56514287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510013247.1A Pending CN105828328A (en) | 2015-01-09 | 2015-01-09 | Network connection method, client network access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105828328A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108184237A (en) * | 2018-02-12 | 2018-06-19 | 中天宽带技术有限公司 | The connection equipment and its automatic connection method of a kind of household radio local area network |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1554862A1 (en) * | 2002-08-14 | 2005-07-20 | Thomson Licensing S.A. | Session key management for public wireless lan supporting multiple virtual operators |
| CN101820629A (en) * | 2010-04-15 | 2010-09-01 | 华为终端有限公司 | Identity authentication method, device and system in wireless local area network (WLAN) |
| CN103517383A (en) * | 2012-06-18 | 2014-01-15 | 华为终端有限公司 | A method and a device for the access of a mobile terminal to a household network |
| WO2014044065A1 (en) * | 2012-09-18 | 2014-03-27 | 惠州Tcl移动通信有限公司 | Method and system for securely accessing portable hotspot of smart phones |
| CN104202799A (en) * | 2014-07-29 | 2014-12-10 | 福建星网锐捷通讯股份有限公司 | A method for accessing wireless network by WIFI smart apparatus with zero-configuration |
-
2015
- 2015-01-09 CN CN201510013247.1A patent/CN105828328A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1554862A1 (en) * | 2002-08-14 | 2005-07-20 | Thomson Licensing S.A. | Session key management for public wireless lan supporting multiple virtual operators |
| CN101820629A (en) * | 2010-04-15 | 2010-09-01 | 华为终端有限公司 | Identity authentication method, device and system in wireless local area network (WLAN) |
| CN103517383A (en) * | 2012-06-18 | 2014-01-15 | 华为终端有限公司 | A method and a device for the access of a mobile terminal to a household network |
| WO2014044065A1 (en) * | 2012-09-18 | 2014-03-27 | 惠州Tcl移动通信有限公司 | Method and system for securely accessing portable hotspot of smart phones |
| CN104202799A (en) * | 2014-07-29 | 2014-12-10 | 福建星网锐捷通讯股份有限公司 | A method for accessing wireless network by WIFI smart apparatus with zero-configuration |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108184237A (en) * | 2018-02-12 | 2018-06-19 | 中天宽带技术有限公司 | The connection equipment and its automatic connection method of a kind of household radio local area network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101500229B (en) | Method for establishing security association and communication network system | |
| CN109644134B (en) | System and method for large-scale Internet of things group authentication | |
| EP2343917B1 (en) | Method, system and device for implementing device addition in the wi-fi device to device network | |
| US10305684B2 (en) | Secure connection method for network device, related apparatus, and system | |
| CN101527908B (en) | Method for pre-identifying wireless local area network terminal and wireless local area network system | |
| WO2018137351A1 (en) | Method, relevant device and system for processing network key | |
| US10588015B2 (en) | Terminal authenticating method, apparatus, and system | |
| CN108012267A (en) | A kind of method for network authorization, relevant device and system | |
| CN101500230B (en) | Method for establishing security association and communication network | |
| CN104144163A (en) | Identity verification method, device and system | |
| EP2993933A1 (en) | Wireless terminal configuration method, apparatus and wireless terminal | |
| CN110808830A (en) | IoT (Internet of things) security verification framework based on 5G network slice and service method thereof | |
| CN103297224A (en) | Encryption key information distribution method and related device | |
| CN112566119A (en) | Terminal authentication method and device, computer equipment and storage medium | |
| CN110943835A (en) | Distribution network encryption method and system for sending wireless local area network information | |
| CN104066083A (en) | Method and device used for accessing wireless local area network | |
| CN112929876B (en) | Data processing method and device based on 5G core network | |
| CN104244373B (en) | A kind of method that wireless terminal adds wireless network | |
| CN103096307A (en) | Secret key verification method and device | |
| CN110831000B (en) | Secure access method, device and system | |
| WO2015117514A1 (en) | Method for accessing lte network, electronic device, and computing storage medium | |
| CN107734505A (en) | Wireless access authentication method and system | |
| CN105828330B (en) | Access method and device | |
| CN104902473A (en) | Wireless network access authentication method and device based on CPK (Combined Public Key Cryptosystem) identity authentication | |
| CN105828328A (en) | Network connection method, client network access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160803 |
|
| RJ01 | Rejection of invention patent application after publication |