CN106028328A - NFC-based hotspot authentication method - Google Patents
NFC-based hotspot authentication method Download PDFInfo
- Publication number
- CN106028328A CN106028328A CN201610339326.6A CN201610339326A CN106028328A CN 106028328 A CN106028328 A CN 106028328A CN 201610339326 A CN201610339326 A CN 201610339326A CN 106028328 A CN106028328 A CN 106028328A
- Authority
- CN
- China
- Prior art keywords
- focus
- client
- certificate server
- authentication result
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an NFC-based hotspot authentication method. The method comprises the following steps: a client obtains an ssid and a password of a hotspot through NFC and carries out decryption of the ssid and the password; the client forbids other applications to carry out communication through a Wi-Fi module connected with the client; the client establishes connection with the hotspot through the Wi-Fi module connected with the client; the client sends a random number to the hotspot; the hotpot carries out encryption operation of the random number through a first encryption method, so as to obtain authentication information. The method adopting the technical scheme has the advantages that uniqueness authentication of the hotspot can be achieved through an authentication server, so that AP phishing can be avoided.
Description
Technical field
The present invention relates to AP safety management technology field, particularly relate to a kind of focus certification based on NFC
Method.
Background technology
AP (wireless access points (WirelessAccessPoint)), i.e. wifi access point.Existing
Wifi becomes more and more popular, everybody all with, a device that can provide wifi signal is exactly focus, greatly
Family can be attached after searching focus with mobile phone or notebook, and it is all according to ssid that existing focus connects
Be attached with password, as long as and near the focus of the most identical ssid and password occurs in,
Just can connect, so facilitate everybody connection.Such as the focus of existing bus, user takes
Bus or i.e. can connect bus focus around bus.But have a problem that, as
Fruit is that illegal ssid becomes with cryptographic camouflage and bus wifi, and it is non-that such user just can connect this
The focus of method, will result in focus and " goes fishing ", and the most illegal focus pretends to be legal focus.This focus is such as
Fruit is to have information interception function, then user is during normal online, accidentally it is possible to cause
The leakage of information, such as bank card information, consequently, it is possible to cause serious safety issue.
Summary of the invention
For this reason, it may be necessary to provide a kind of focus authentication method based on NFC, solve existing focus spoofed
Problem.
For achieving the above object, inventor provide a kind of focus authentication method based on NFC, be applied to
Between client, focus and certificate server, focus has unique first encryption method, certificate server
There is the first decryption method corresponding with the first encryption method, comprise the steps:
Focus changes ssid and password at set intervals;
Sent by NFC after focus encryption ssid and password;
Client obtains from NFC and deciphers and obtains ssid and password;
Client forbids that other application programs communicate by being attached thereto wifi module;
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto
Connect;
Client sends and counts to focus at random;
Focus uses the first encryption method to be verified information after random number is encrypted computing;
Focus replys checking information to client;
Client sends focus identification information, checking information and counts to certificate server at random;
Certificate server obtains first decryption method according to focus identification information;
After certificate server uses first decryption method to be decrypted checking information and compare with random number
Relatively obtain authentication result;
Certificate server replys authentication result to client;
Client judges whether authentication result is passed through;
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;
If do not passed through, then disconnect the connection between focus;
Detection focus signal intensity, after focus signal intensity is less than preset value, disconnects the connection with focus
And delete hot information.
Further, having unique second encryption method between certificate server, client has and second
The second decryption method that encryption method is corresponding, wherein:
When client sends authentication information to certificate server, client sends client identification information to recognizing
Card server;
After certificate server obtains authentication result, obtain the second encryption method according to client identification information,
Using the second encryption method to be encrypted authentication result and random number, then certificate server replys encryption
After authentication result to client;
Client judges, when whether authentication result is passed through, to enter authentication result initially with the second decryption method
Row deciphering, it is judged that random number is the most correct and whether authentication result is passed through;
If random number is correct and authentication result is passed through, then allow other application programs by being attached thereto wifi
Module communicates;
Otherwise, then the connection between focus is disconnected.
Further, client sends and the information of reception certificate server includes: client passes through mobile phone
Radio-frequency module sends and receives certificate server information.
Further, before this method starts, further comprise the steps of:
Client judges around whether there is the focus that two or more ssid information is identical with mac information, as
Fruit has, then point out this focus.
Being different from prior art, technique scheme passes through certificate server, it is possible to achieve focus unique
Property certification, it is to avoid the situation that AP is gone fishing occurs.
Accompanying drawing explanation
Fig. 1 is the system architecture schematic diagram of the present invention.
Detailed description of the invention
By describing the technology contents of technical scheme, structural feature in detail, being realized purpose and effect, below
It is explained in detail in conjunction with specific embodiments.
Refer to shown in Fig. 1, present embodiments provide a kind of focus authentication method based on NFC, permissible
Being applied in the system 100 of Fig. 1, be applied between client, focus and certificate server, client can
To be mobile phone 101 or notebook client.Focus 102 has unique first encryption method, uniquely
I.e. different from other focuses, uniqueness association can be carried out by the identification information of focus.Authentication service
Device 103 has the first decryption method corresponding with the first encryption method.
This method comprises the steps: that focus changes ssid and password at set intervals;Focus encryption ssid
Sent by NFC with after password;Client obtains from NFC and deciphers and obtains ssid and password;
So ssid and password are just not easy artificially to be cracked.
Client obtains on NFC (Near Field Communication, near field communication (NFC))
Take and decipher obtain ssid and password, i.e. ssid and password be encryption, decipherment algorithm is deposited on the client.
NFC module typically has two, and one is arranged in hotspot device, and one is arranged on a client device,
On mobile phone, mobile phone and hotspot device are near can be carried out NFC communication.So want to forge illegal
User's relative difficult of focus knows ssid and password, and user is without being manually entered these information, convenient
The most quickly connect.Client forbids that other application programs communicate by being attached thereto wifi module;
Client is typically mounted in operating system, operating system has other application programs, operating system connects
Being connected to wifi module, application program can be communicated with external program by wifi module.Client is prohibited
Only other application programs have multiple implementation by wifi module communication, can be by intercepting other application
Data packet discarding is also fallen, or arrange an invalid route by the communication of program, thus by all of should
By program all by this routing forwarding, the communication of these application programs i.e. can be forbidden.
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto
Connect.
Client sends and counts to focus at random;Client can generate a random number, this random number
There is various ways.Focus uses the first encryption method to be verified after random number is encrypted computing
Information;Checking information is i.e. the random number after encryption.
Focus replys checking information to client;Client send focus identification information, checking information and with
Certificate server counted to by machine.Focus identification information can be mac address information or other information of focus,
If other information, focus replys checking information to client when, focus can be sent together by focus
Identification information is to client.
Certificate server obtains first decryption method according to focus identification information;Certificate server uses first
After checking information is decrypted by decryption method and compare with random number and obtain authentication result;Certification takes
Business device replys authentication result to client;Client judges whether authentication result is passed through.
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;If
Do not pass through, then disconnect the connection between focus.So, the focus falsely used owing to not knowing encryption method,
Then random number can not be encrypted and obtain correct checking information, natural nothing on certificate server
Method certification is passed through.Then client just can disconnect and the connection of the focus falsely used, thus avoids illegal focus
Connection.
Focus in order to avoid falsely using directly transmits legal authentication result to client, in some embodiment
In, there is unique second encryption method between certificate server, client has and the second encryption method pair
The second decryption method answered, wherein: when client sends authentication information to certificate server, client is sent out
Send client identification information to certificate server;After certificate server obtains authentication result, according to client
Identification information obtains the second encryption method, uses the second encryption method to add authentication result and random number
Close, the authentication result after then certificate server replys encryption is to client;Client judges authentication result
When whether passing through, initially with the second decryption method, authentication result is decrypted, it is judged that whether random number
Whether correct and authentication result is passed through;If random number is correct and authentication result is passed through, then other are allowed to answer
Communicate by being attached thereto wifi module by program;Otherwise, then the connection between focus is disconnected.
So, authentication result is also the data of encryption, if the focus falsely used at will sends other legal recognizing
Card result, then do not encrypt through the second encryption method due to this authentication result, then cannot decipher
To correct random number and authentication result.Thus avoiding the focus falsely used, arbitrarily send one other are legal
Authentication result to client, and cause the problem that client connects.
Certainly, as long as client is not by being the wifi module acquisition that is authenticated result, it is possible to significantly
Improve the correctness of authentication result, as mobile phone radio frequency module (2G, 3G, 4G communication module can be passed through
Deng), client sends and receives the information of certificate server and includes: client is sent out by mobile phone radio frequency module
Send and receive certificate server information.Wifi pattern when so the focus owing to falsely using is carried out, and mobile phone is penetrated
Frequency module cannot be falsely used, then client is legal recognizing from the authentication result that mobile phone radio frequency module gets
Card result.
Many times, the focus falsely used and legal focus are in a place, for this illegal feelings
Condition, needs to remind in time user.Then before this method starts, further comprise the steps of: client and judge around
Whether exist two or more ssid (abbreviation of Service Set Identifier, service set) information and
Mac (Media Access Control, media interviews control, and can be obtained by the beacon frame of scan hot spot)
The focus that information is identical, if it has, then point out this focus.Prompting can be by dialog box or highlighted aobvious
The mode shown is carried out, and user one sees such situation, will vigilance relatively when of connection.
In order to avoid connecting illegal focus elsewhere, present invention additionally comprises following steps: detection
Focus signal intensity, after focus signal intensity is less than preset value, disconnects the connection with focus and deletes heat
Dot information.After deleting hot information, the equipment installing client just cannot connect this hot information automatically,
Thus ensure safety.
Although being described the various embodiments described above, but those skilled in the art once learn
Basic creative concept, then can make other change and amendment to these embodiments, so above institute
Stating only embodiments of the invention, not thereby limit the scope of patent protection of the present invention, every utilization is originally
Equivalent structure or equivalence flow process that description of the invention and accompanying drawing content are made convert, or directly or indirectly use
In the technical field that other are relevant, within being the most in like manner included in the scope of patent protection of the present invention.
Claims (3)
1. a focus authentication method based on NFC, is applied to client, focus and certificate server
Between, focus has unique first encryption method, and certificate server has corresponding with the first encryption method
First decryption method, it is characterised in that comprise the steps:
Focus changes ssid and password at set intervals;
Sent by NFC after focus encryption ssid and password;
Client obtains from NFC and deciphers and obtains ssid and password;
Client forbids that other application programs communicate by being attached thereto wifi module;
Client, according to the ssid obtained and password, is set up even to focus by the wifi module being attached thereto
Connect;
Client sends and counts to focus at random;
Focus uses the first encryption method to be verified information after random number is encrypted computing;
Focus replys checking information to client;
Client sends focus identification information, checking information and counts to certificate server at random;
Certificate server obtains first decryption method according to focus identification information;
After certificate server uses first decryption method to be decrypted checking information and compare with random number
Relatively obtain authentication result;
Certificate server replys authentication result to client;
Client judges whether authentication result is passed through;
If passed through, then other application programs are allowed to communicate by being attached thereto wifi module;
If do not passed through, then disconnect the connection between focus;
Detection focus signal intensity, after focus signal intensity is less than preset value, disconnects the connection with focus
And delete hot information.
A kind of focus authentication method based on NFC the most according to claim 1, it is characterised in that
Having unique second encryption method between certificate server, client has corresponding with the second encryption method
Second decryption method, wherein:
When client sends authentication information to certificate server, client sends client identification information to recognizing
Card server;
After certificate server obtains authentication result, obtain the second encryption method according to client identification information,
Using the second encryption method to be encrypted authentication result and random number, then certificate server replys encryption
After authentication result to client;
Client judges, when whether authentication result is passed through, to enter authentication result initially with the second decryption method
Row deciphering, it is judged that random number is the most correct and whether authentication result is passed through;
If random number is correct and authentication result is passed through, then allow other application programs by being attached thereto wifi
Module communicates;
Otherwise, then the connection between focus is disconnected.
A kind of focus authentication method based on NFC the most according to claim 2, it is characterised in that
Client send and receive certificate server information include: client by mobile phone radio frequency module send and
Receive certificate server information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610339326.6A CN106028328A (en) | 2016-05-19 | 2016-05-19 | NFC-based hotspot authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610339326.6A CN106028328A (en) | 2016-05-19 | 2016-05-19 | NFC-based hotspot authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106028328A true CN106028328A (en) | 2016-10-12 |
Family
ID=57095207
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610339326.6A Withdrawn CN106028328A (en) | 2016-05-19 | 2016-05-19 | NFC-based hotspot authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106028328A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106846562A (en) * | 2016-12-26 | 2017-06-13 | 努比亚技术有限公司 | A kind of method verified device and send checking information |
CN111970676A (en) * | 2019-05-20 | 2020-11-20 | 北京小米移动软件有限公司 | WiFi hotspot access method, device, equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162990A (en) * | 2006-10-15 | 2008-04-16 | 柏建敏 | Method of negotiation to establish safety relation between network access authentication points |
CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
CN104735052A (en) * | 2015-01-28 | 2015-06-24 | 中山大学 | WiFi hot spot safe login method and system |
US20150181421A1 (en) * | 2012-05-03 | 2015-06-25 | Zte Corporation | Methods, devices and system for verifying mobile equipment |
CN105163316A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for accessing Wi-Fi hotspot |
CN105188055A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Wireless network access method, wireless access point and server |
US20160095153A1 (en) * | 2014-09-26 | 2016-03-31 | Fortinet, Inc. | Mobile hotspot managed by access controller |
-
2016
- 2016-05-19 CN CN201610339326.6A patent/CN106028328A/en not_active Withdrawn
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162990A (en) * | 2006-10-15 | 2008-04-16 | 柏建敏 | Method of negotiation to establish safety relation between network access authentication points |
US20150181421A1 (en) * | 2012-05-03 | 2015-06-25 | Zte Corporation | Methods, devices and system for verifying mobile equipment |
CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
US20160095153A1 (en) * | 2014-09-26 | 2016-03-31 | Fortinet, Inc. | Mobile hotspot managed by access controller |
CN104735052A (en) * | 2015-01-28 | 2015-06-24 | 中山大学 | WiFi hot spot safe login method and system |
CN105163316A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for accessing Wi-Fi hotspot |
CN105188055A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Wireless network access method, wireless access point and server |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106846562A (en) * | 2016-12-26 | 2017-06-13 | 努比亚技术有限公司 | A kind of method verified device and send checking information |
CN106846562B (en) * | 2016-12-26 | 2020-01-07 | 努比亚技术有限公司 | Verification device and method for sending verification information |
CN111970676A (en) * | 2019-05-20 | 2020-11-20 | 北京小米移动软件有限公司 | WiFi hotspot access method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11178125B2 (en) | Wireless network connection method, wireless access point, server, and system | |
CN111669276B (en) | Network verification method, device and system | |
US9883390B2 (en) | Method and a device of authentication in the converged wireless network | |
CN108848112B (en) | Cut-in method, equipment and the system of user equipment (UE) | |
CN101945386B (en) | A kind of method and system realizing safe key synchronous binding | |
US10588015B2 (en) | Terminal authenticating method, apparatus, and system | |
CN106559783B (en) | Authentication method, device and system for WIFI network | |
WO2016028530A1 (en) | Secure provisioning of an authentication credential | |
CN105792194B (en) | Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy | |
CN108293223A (en) | A kind of data transmission method, user equipment and network side equipment | |
EP3982590A1 (en) | Security authentication method, configuration method, and related device | |
JP2014112969A (en) | Negotiation with secure authentication capability | |
CN104284331A (en) | Method and system for connecting with portable WLAN hotspot | |
CN101938741A (en) | Method, system and device for mutual authentication | |
CN102970680A (en) | Method and device for network switching | |
CN103139750A (en) | Processing system, processing method, identification server and access controller for user logoff | |
JP6153168B2 (en) | Connection authentication method, system and terminal | |
KR20180019099A (en) | Configuration and Authentication of Wireless Devices | |
CN105873034A (en) | Safe hot spot information processing method | |
CN105873035A (en) | Safe AP (access point) information processing method | |
CN106028328A (en) | NFC-based hotspot authentication method | |
CN106028327A (en) | Method for realizing hotspot security through authentication server | |
CN104902473A (en) | Wireless network access authentication method and device based on CPK (Combined Public Key Cryptosystem) identity authentication | |
CN106101058A (en) | A kind of hot information processing method based on Quick Response Code | |
CN114600487A (en) | Identity authentication method and communication device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20161012 |