CN106028327A - Method for realizing hotspot security through authentication server - Google Patents

Method for realizing hotspot security through authentication server Download PDF

Info

Publication number
CN106028327A
CN106028327A CN201610338767.4A CN201610338767A CN106028327A CN 106028327 A CN106028327 A CN 106028327A CN 201610338767 A CN201610338767 A CN 201610338767A CN 106028327 A CN106028327 A CN 106028327A
Authority
CN
China
Prior art keywords
client
focus
certificate server
authentication result
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201610338767.4A
Other languages
Chinese (zh)
Inventor
徐美琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610338767.4A priority Critical patent/CN106028327A/en
Publication of CN106028327A publication Critical patent/CN106028327A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for realizing hotspot security through an authentication server. The method comprises the steps that a client obtains and decrypts to obtain the ssid and password of a hotspot through NFC (Near Field Communication), and the client forbids another application to communicate with the client through a wifi module connected with the client; the client establishes connection with the hotspot through the wifi module connected with the client; the client sends random numbers to the hotspot; and the hotspot carries out encryption operation on the random numbers by employing a first encryption method and then obtains verification information. According to the technical scheme of the method, the uniqueness authentication of the hotspot can be realized, and the condition that an AP (Wireless Access Point) is fished can be avoided.

Description

A kind of method realizing focus safety by certificate server
Technical field
The present invention relates to focus safety management technology field, particularly relate to one and realized by certificate server The method of focus safety.
Background technology
AP (wireless access points (WirelessAccessPoint)), i.e. wifi access point.Existing Wifi becomes more and more popular, everybody all with, a device that can provide wifi signal is exactly focus, greatly Family can be attached after searching focus with mobile phone or notebook, and it is all according to ssid that existing focus connects Be attached with password, as long as and near the focus of the most identical ssid and password occurs in, Just can connect, so facilitate everybody connection.Such as the focus of existing bus, user takes Bus or i.e. can connect bus focus around bus.But have a problem that, as Fruit is that illegal ssid becomes with cryptographic camouflage and bus wifi, and it is non-that such user just can connect this The focus of method, will result in focus and " goes fishing ", and the most illegal focus pretends to be legal focus.This focus is such as Fruit is to have information interception function, then user is during normal online, accidentally it is possible to cause The leakage of information, such as bank card information, consequently, it is possible to cause serious safety issue.
Summary of the invention
For this reason, it may be necessary to provide a kind of method realizing focus safety by certificate server, solve existing heat The problem that point is spoofed.
For achieving the above object, a kind of side being realized focus safety by certificate server is inventor provided Method, is applied between client, focus and certificate server, and focus has unique first encryption method, Certificate server has the first decryption method corresponding with the first encryption method, comprises the steps:
Focus changes ssid and password at set intervals;
Sent by NFC after focus encryption ssid and password;
Client obtains from NFC and deciphers and obtains ssid and password;
Client forbids that other application programs communicate by being attached thereto wifi module;
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto Connect;
Client sends and counts to focus at random;
Focus uses the first encryption method to be verified information after random number is encrypted computing;
Focus replys checking information to client;
Client sends focus identification information, checking information and counts to certificate server at random;
Certificate server obtains first decryption method according to focus identification information;
After certificate server uses first decryption method to be decrypted checking information and compare with random number Relatively obtain authentication result;
Certificate server replys authentication result to client;
Client judges whether authentication result is passed through;
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;
If do not passed through, then disconnect the connection between focus.
Further, having unique second encryption method between certificate server, client has and second The second decryption method that encryption method is corresponding, wherein:
When client sends authentication information to certificate server, client sends client identification information to recognizing Card server;
After certificate server obtains authentication result, obtain the second encryption method according to client identification information, Using the second encryption method to be encrypted authentication result and random number, then certificate server replys encryption After authentication result to client;
Client judges, when whether authentication result is passed through, to enter authentication result initially with the second decryption method Row deciphering, it is judged that random number is the most correct and whether authentication result is passed through;
If random number is correct and authentication result is passed through, then allow other application programs by being attached thereto wifi Module communicates;
Otherwise, then the connection between focus is disconnected.
Further, client sends and the information of reception certificate server includes: client passes through mobile phone Radio-frequency module sends and receives certificate server information.
Further, before this method starts, further comprise the steps of:
Client judges around whether there is the focus that two or more ssid information is identical with mac information, as Fruit has, then point out this focus.
Further, also comprise the steps: to detect focus signal intensity, be less than at focus signal intensity After preset value, disconnect the connection with focus and delete hot information.
Being different from prior art, technique scheme passes through certificate server, it is possible to achieve focus unique Property certification, it is to avoid the situation that AP is gone fishing occurs.
Accompanying drawing explanation
Fig. 1 is the system architecture schematic diagram of the present invention.
Detailed description of the invention
By describing the technology contents of technical scheme, structural feature in detail, being realized purpose and effect, below It is explained in detail in conjunction with specific embodiments.
Refer to shown in Fig. 1, present embodiments provide a kind of by certificate server realize focus safety Method, can apply to, in the system 100 of Fig. 1, be applied between client, focus and certificate server, Client can be mobile phone 101 or notebook client.Focus 102 has unique first encryption side Method, i.e. the most different from other focuses, uniqueness association can be carried out by the identification information of focus. Certificate server 103 has the first decryption method corresponding with the first encryption method.
This method comprises the steps: that focus changes ssid and password at set intervals;Focus encryption ssid Sent by NFC with after password;Client obtains from NFC and deciphers and obtains ssid and password; So ssid and password are just not easy artificially to be cracked.
Client obtains on NFC (Near Field Communication, near field communication (NFC)) Take and decipher obtain ssid and password, i.e. ssid and password be encryption, decipherment algorithm is deposited on the client. NFC module typically has two, and one is arranged in hotspot device, and one is arranged on a client device, On mobile phone, mobile phone and hotspot device are near can be carried out NFC communication.So want to forge illegal User's relative difficult of focus knows ssid and password, and user is without being manually entered these information, convenient The most quickly connect.Client forbids that other application programs communicate by being attached thereto wifi module; Client is typically mounted in operating system, operating system has other application programs, operating system connects Being connected to wifi module, application program can be communicated with external program by wifi module.Client is prohibited Only other application programs have multiple implementation by wifi module communication, can be by intercepting other application Data packet discarding is also fallen, or arrange an invalid route by the communication of program, thus by all of should By program all by this routing forwarding, the communication of these application programs i.e. can be forbidden.
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto Connect.
Client sends and counts to focus at random;Client can generate a random number, this random number There is various ways.Focus uses the first encryption method to be verified after random number is encrypted computing Information;Checking information is i.e. the random number after encryption.
Focus replys checking information to client;Client send focus identification information, checking information and with Certificate server counted to by machine.Focus identification information can be mac address information or other information of focus, If other information, focus replys checking information to client when, focus can be sent together by focus Identification information is to client.
Certificate server obtains first decryption method according to focus identification information;Certificate server uses first After checking information is decrypted by decryption method and compare with random number and obtain authentication result;Certification takes Business device replys authentication result to client;Client judges whether authentication result is passed through.
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;If Do not pass through, then disconnect the connection between focus.So, the focus falsely used owing to not knowing encryption method, Then random number can not be encrypted and obtain correct checking information, natural nothing on certificate server Method certification is passed through.Then client just can disconnect and the connection of the focus falsely used, thus avoids illegal focus Connection.
Focus in order to avoid falsely using directly transmits legal authentication result to client, in some embodiment In, there is unique second encryption method between certificate server, client has and the second encryption method pair The second decryption method answered, wherein: when client sends authentication information to certificate server, client is sent out Send client identification information to certificate server;After certificate server obtains authentication result, according to client Identification information obtains the second encryption method, uses the second encryption method to add authentication result and random number Close, the authentication result after then certificate server replys encryption is to client;Client judges authentication result When whether passing through, initially with the second decryption method, authentication result is decrypted, it is judged that whether random number Whether correct and authentication result is passed through;If random number is correct and authentication result is passed through, then other are allowed to answer Communicate by being attached thereto wifi module by program;Otherwise, then the connection between focus is disconnected. So, authentication result is also the data of encryption, if the focus falsely used at will sends other legal recognizing Card result, then do not encrypt through the second encryption method due to this authentication result, then cannot decipher To correct random number and authentication result.Thus avoiding the focus falsely used, arbitrarily send one other are legal Authentication result to client, and cause the problem that client connects.
Certainly, as long as client is not by being the wifi module acquisition that is authenticated result, it is possible to significantly Improve the correctness of authentication result, as mobile phone radio frequency module (2G, 3G, 4G communication module can be passed through Deng), client sends and receives the information of certificate server and includes: client is sent out by mobile phone radio frequency module Send and receive certificate server information.Wifi pattern when so the focus owing to falsely using is carried out, and mobile phone is penetrated Frequency module cannot be falsely used, then client is legal recognizing from the authentication result that mobile phone radio frequency module gets Card result.
Many times, the focus falsely used and legal focus are in a place, for this illegal feelings Condition, needs to remind in time user.Then before this method starts, further comprise the steps of: client and judge around Whether exist two or more ssid (abbreviation of Service Set Identifier, service set) information and Mac (Media Access Control, media interviews control, and can be obtained by the beacon frame of scan hot spot) The focus that information is identical, if it has, then point out this focus.Prompting can be by dialog box or highlighted aobvious The mode shown is carried out, and user one sees such situation, will vigilance relatively when of connection.
In order to avoid connecting illegal focus elsewhere, present invention additionally comprises following steps: detection Focus signal intensity, after focus signal intensity is less than preset value, disconnects the connection with focus and deletes heat Dot information.After deleting hot information, the equipment installing client just cannot connect this hot information automatically, Thus ensure safety.
Although being described the various embodiments described above, but those skilled in the art once learn Basic creative concept, then can make other change and amendment to these embodiments, so above institute Stating only embodiments of the invention, not thereby limit the scope of patent protection of the present invention, every utilization is originally Equivalent structure or equivalence flow process that description of the invention and accompanying drawing content are made convert, or directly or indirectly use In the technical field that other are relevant, within being the most in like manner included in the scope of patent protection of the present invention.

Claims (3)

1. the method realizing focus safety by certificate server, is applied to client, focus and recognizes Between card server, focus has unique first encryption method, and certificate server has and the first encryption side The first decryption method that method is corresponding, it is characterised in that comprise the steps:
Focus changes ssid and password at set intervals;
Sent by NFC after focus encryption ssid and password;
Client obtains from NFC and deciphers and obtains ssid and password;
Client forbids that other application programs communicate by being attached thereto wifi module;
Client judges around whether there is the focus that two or more ssid information is identical with mac information, as Fruit has, then point out this focus
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto Connect;
Client sends and counts to focus at random;
Focus uses the first encryption method to be verified information after random number is encrypted computing;
Focus replys checking information to client;
Client sends focus identification information, checking information and counts to certificate server at random;
Certificate server obtains first decryption method according to focus identification information;
After certificate server uses first decryption method to be decrypted checking information and compare with random number Relatively obtain authentication result;
Certificate server replys authentication result to client;
Client judges whether authentication result is passed through;
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;
If do not passed through, then disconnect the connection between focus.
A kind of method realizing focus safety by certificate server the most according to claim 1, its Being characterised by there is unique second encryption method between certificate server, client has and the second encryption The second decryption method that method is corresponding, wherein:
When client sends authentication information to certificate server, client sends client identification information to recognizing Card server;
After certificate server obtains authentication result, obtain the second encryption method according to client identification information, Using the second encryption method to be encrypted authentication result and random number, then certificate server replys encryption After authentication result to client;
Client judges, when whether authentication result is passed through, to enter authentication result initially with the second decryption method Row deciphering, it is judged that random number is the most correct and whether authentication result is passed through;
If random number is correct and authentication result is passed through, then allow other application programs by being attached thereto wifi Module communicates;
Otherwise, then the connection between focus is disconnected.
A kind of method realizing focus safety by certificate server the most according to claim 2, its Being characterised by, client sends and receives the information of certificate server and includes: client passes through mobile phone radio frequency Module sends and receives certificate server information.
CN201610338767.4A 2016-05-19 2016-05-19 Method for realizing hotspot security through authentication server Withdrawn CN106028327A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610338767.4A CN106028327A (en) 2016-05-19 2016-05-19 Method for realizing hotspot security through authentication server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610338767.4A CN106028327A (en) 2016-05-19 2016-05-19 Method for realizing hotspot security through authentication server

Publications (1)

Publication Number Publication Date
CN106028327A true CN106028327A (en) 2016-10-12

Family

ID=57096666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610338767.4A Withdrawn CN106028327A (en) 2016-05-19 2016-05-19 Method for realizing hotspot security through authentication server

Country Status (1)

Country Link
CN (1) CN106028327A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106375945A (en) * 2016-10-18 2017-02-01 上海斐讯数据通信技术有限公司 Method and system for automatic connection with wireless network by mobile terminal
US10910866B2 (en) 2016-02-05 2021-02-02 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Charging system and charging method for terminal and power adapter

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588878A (en) * 2004-08-05 2005-03-02 Ut斯达康通讯有限公司 Method for detecting illegally cut-in point in radio cocal network
CN102547701A (en) * 2010-12-24 2012-07-04 中国移动通信集团公司 Authentication method and wireless access point as well as authentication server
CN102769482A (en) * 2011-05-03 2012-11-07 中兴通讯股份有限公司 Method, equipment, device and system of link target WLAN (Wireless Local Area Network) equipment based on NFC (Near Field Communication) technology
CN102883315A (en) * 2012-08-28 2013-01-16 中兴通讯股份有限公司 Wireless fidelity (WiFi) authentication method and system, and terminal
CN104302014A (en) * 2014-09-11 2015-01-21 小米科技有限责任公司 Method and device for connecting terminal with Wi-Fi hotspot

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588878A (en) * 2004-08-05 2005-03-02 Ut斯达康通讯有限公司 Method for detecting illegally cut-in point in radio cocal network
CN102547701A (en) * 2010-12-24 2012-07-04 中国移动通信集团公司 Authentication method and wireless access point as well as authentication server
CN102769482A (en) * 2011-05-03 2012-11-07 中兴通讯股份有限公司 Method, equipment, device and system of link target WLAN (Wireless Local Area Network) equipment based on NFC (Near Field Communication) technology
CN102883315A (en) * 2012-08-28 2013-01-16 中兴通讯股份有限公司 Wireless fidelity (WiFi) authentication method and system, and terminal
CN104302014A (en) * 2014-09-11 2015-01-21 小米科技有限责任公司 Method and device for connecting terminal with Wi-Fi hotspot

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10910866B2 (en) 2016-02-05 2021-02-02 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Charging system and charging method for terminal and power adapter
CN106375945A (en) * 2016-10-18 2017-02-01 上海斐讯数据通信技术有限公司 Method and system for automatic connection with wireless network by mobile terminal

Similar Documents

Publication Publication Date Title
CN103139768B (en) Authentication method in fusing wireless network and authentication device
CN101945386B (en) A kind of method and system realizing safe key synchronous binding
US10588015B2 (en) Terminal authenticating method, apparatus, and system
CN105792194B (en) Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy
US20100031029A1 (en) Techniques to provide access point authentication for wireless network
CN106559783B (en) Authentication method, device and system for WIFI network
CN107005927A (en) Cut-in method, equipment and the system of user equipment (UE)
US11381977B2 (en) System and method for decrypting communication exchanged on a wireless local area network
CN113556227B (en) Network connection management method, device, computer readable medium and electronic equipment
CN105636037B (en) Authentication method, device and electronic equipment
CN107396350A (en) SDN inter-module method for security protection based on the SDN 5G network architectures
CN104284331B (en) A kind of method and system connecting portable WLAN hot spot
CN101938741A (en) Method, system and device for mutual authentication
CN102970680A (en) Method and device for network switching
CN105873034A (en) Safe hot spot information processing method
CN103152326A (en) Distributed authentication method and authentication system
CN105873035A (en) Safe AP (access point) information processing method
CN106028327A (en) Method for realizing hotspot security through authentication server
CN106028328A (en) NFC-based hotspot authentication method
CN104902473A (en) Wireless network access authentication method and device based on CPK (Combined Public Key Cryptosystem) identity authentication
CN106101058A (en) A kind of hot information processing method based on Quick Response Code
US9350721B2 (en) Air interface security method and device
CN102223633B (en) Method, device and system for authenticating wireless local area network (WLAN)
CN105873036A (en) Safe AP (access point) information processing method
CN109743716A (en) A kind of Wireless LAN Verification System and method based on NFC

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20161012

WW01 Invention patent application withdrawn after publication