CN106714156A - Wireless access point and management platform authentication method and device - Google Patents

Wireless access point and management platform authentication method and device Download PDF

Info

Publication number
CN106714156A
CN106714156A CN201510410310.5A CN201510410310A CN106714156A CN 106714156 A CN106714156 A CN 106714156A CN 201510410310 A CN201510410310 A CN 201510410310A CN 106714156 A CN106714156 A CN 106714156A
Authority
CN
China
Prior art keywords
wap
key
information
key information
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510410310.5A
Other languages
Chinese (zh)
Inventor
王意军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510410310.5A priority Critical patent/CN106714156A/en
Publication of CN106714156A publication Critical patent/CN106714156A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

The application, which relates to the wireless network field, provides a wireless access point and management platform authentication method and device. The method comprises: a wireless access point generates a first random challenge word; the wireless access point encrypts an identification number of the wireless access point and the first random challenge word by using a secret key stored by the wireless access point to obtain first secret key information; the wireless access point sends first authentication information to a management platform, wherein the first authentication information includes the identification number of the wireless access point, the first random challenge word and the first key information; the management platform verifies the first authentication information by using a secret key corresponding to the wireless access point to obtain second secret key information; and when the management platform determines that the first secret key information corresponds to the second secret key information, the wireless access point is determined to be legal.

Description

A kind of method and apparatus of WAP and management platform authentication
Technical field
The present invention relates to field of wireless, and in particular to what a kind of WAP and management platform were authenticated Method and apparatus.
Background technology
The scale development of wireless network, the management method of WAP is more and more, especially currently without The evolution of gauze network, numerous WAP passes through linking Internet to management platform, is set based on access Standby safety problem, it has to consider the authentication management between WAP and management platform.
In wireless network management, to ensure the security of equipment, WAP is to be registered to management flat During platform, it is necessary to MAC (Media Access Control, media intervention key-course) address according to equipment It is general in advance by the MAC of equipment or the sequence number of equipment judges the legitimacy of connection WAP Address or sequence number are configured on network management platform.
But, in current security fields, MAC Address is rewritten, counterfeit WAP is all to hold The thing easily realized, only by the identification of MAC Address and sequence number, it is impossible to ensure WAP Legitimacy, after counterfeit WAP is linked into network management platform, will be from network management platform Data are got, the safety of user profile will certainly be threatened.
The content of the invention
The method and apparatus that the present invention provides a kind of WAP and management platform authentication, solve access The problem of the legitimacy verifies of point device and network management platform, for the equipment in network provides safer It is reliable to access.
In order to realize foregoing invention purpose, the technical scheme that the present invention takes is as follows:
A kind of WAP and management platform method for authenticating, are applied to management platform side, including:
The first authentication information that WAP sends is received, first authentication information includes described wireless The identification number of access point, the first random challenge word and first key information, the first key information is institute State WAP using the key of WAP storage to the identification number of the WAP and The first random challenge word is encrypted acquisition;
First authentication information is verified using key corresponding with the WAP, is obtained Second key information;
When it is determined that the first key information and second key information to it is corresponding when then judge described wireless Access point is legal.
Further, also include after the second key information of acquisition:
When it is determined that the first key information and second key information not to it is corresponding when then judge the nothing Line access point is illegal.
Further, it is described to judge also to include after the WAP is legal:
Generate the second random challenge word;
Using key corresponding with the WAP to the identification number of the WAP and described Two random challenge words are encrypted, and obtain the 3rd key information;
The second authentication information is sent to the WAP, so that the WAP utilizes the nothing The key of line access point storage is verified to second authentication information, and second authentication information includes The identification number of the WAP, the second random challenge word and the 3rd key information.
Further, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Further, first authentication information is carried out using key corresponding with the WAP Verification includes:
When the first key information is the WAP sharing using WAP storage Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP , then utilize shared key corresponding with the WAP to the identification number of the WAP and The first random challenge word carries out hash operations;
When the first key information is the WAP sharing using WAP storage Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value , then utilize public key corresponding with the WAP to be decrypted the first key information, Obtain the first decrypted hash value;And using shared key corresponding with the WAP to described wireless The identification number of access point and the first random challenge word carry out hash operations and obtain the second hashed value.
Further, using key corresponding with the WAP to the mark of the WAP Number and the second random challenge word be encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed.
Further, it is determined that the first key information it is corresponding with second key information including:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
In order to solve the above technical problems, the present invention also provides a kind of WAP and management platform authentication side Method, is applied to WAP side, including:
Generate the first random challenge word;
Using the key of WAP storage to the identification number of the WAP and described first Random challenge word is encrypted, and obtains first key information;
The first authentication information is sent to management platform, so that the management platform is utilized and the wireless access The corresponding key of point is verified to first authentication information, and first authentication information includes the nothing The identification number of line access point, the first random challenge word and first key information.
Further, also include after sending the first authentication information to management platform:
The second authentication information that management platform sends is received, second authentication information wirelessly connects including described The identification number of access point, the second random challenge word and the 3rd key information, the 3rd key information is described Management platform utilizes identification number and institute of the key corresponding with the WAP to the WAP State the second random challenge word and be encrypted acquisition;
The key stored using the WAP is verified to second authentication information, obtains the Four key informations;
When it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge the management Platform is legal.
Further, also include after the 4th key information of acquisition:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe Platform is illegal.
Further, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Further, the key for being stored using the WAP is to the identification number of the WAP With the first random challenge word be encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed.
Further, the key for being stored using the WAP carries out school to second authentication information Test including:
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP , then utilize identification number and institute of the shared key of WAP storage to the WAP Stating the second random challenge word carries out hash operations;
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value , then utilize public key corresponding with the management platform to be decrypted the 3rd key information, obtain Second decrypted hash value;And the shared key of WAP storage is utilized to the WAP Identification number and the second random challenge word carry out hash operations obtain the 4th hashed value.
Further, it is determined that the 3rd key information it is corresponding with the 4th key information including:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
In order to solve the above technical problems, the present invention also provides a kind of WAP and management platform authentication side Method, including:
WAP generates the first random challenge word;
The WAP utilizes the key of WAP storage to the mark of the WAP Knowledge number and the first random challenge word are encrypted, and obtain first key information;
The WAP sends the first authentication information to management platform, and first authentication information includes The identification number of the WAP, the first random challenge word and first key information;
The management platform is entered using key corresponding with the WAP to first authentication information Row verification, obtains the second key information;
When the management platform determine the first key information and second key information to it is corresponding when then Judge that the WAP is legal.
Further, methods described also includes:
When the management platform determine the first key information and second key information not to it is corresponding when Then judge that the WAP is illegal.
Further, it is described to judge also to include after the WAP is legal:
The management platform generates the second random challenge word;
The management platform is using key corresponding with the WAP to the mark of the WAP Knowledge number and the second random challenge word are encrypted, and obtain the 3rd key information;
The management platform sends the second authentication information to the WAP;Second authentication information Identification number including the WAP, the second random challenge word and the 3rd key information;
The WAP is entered using the key that the WAP is stored to second authentication information Row verification, obtains the 4th key information;
When the WAP determine the 3rd key information and the 4th key information to it is corresponding when Then judge that the management platform is legal.
Further, when the WAP determines that the 3rd key information is believed with the 4th key Then judge that the management platform is illegal when breath is not to correspondence.
Further, the WAP utilizes the key of WAP storage to described wireless The identification number of access point and the first random challenge word be encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed.
Further, the management platform utilizes key corresponding with the WAP to described first Authentication information carries out verification to be included:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the first random challenge word carries out hash operations;Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained First decrypted hash value;And using shared key corresponding with the WAP to the wireless access The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value.
Further, it is determined that the first key information it is corresponding with second key information including:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
Further, the management platform utilizes key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word be encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed.
Further, the WAP utilizes the key of WAP storage to described second Authentication information carries out verification to be included:
The shared key stored using the WAP is to the identification number of the WAP and described Second random challenge word carries out hash operations;Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value.
Further, it is determined that the 3rd key information it is corresponding with the 4th key information including:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
The present invention also provides a kind of WAP and management platform authentication device, is arranged at management platform side, Including:
First receiver module, the first authentication information for receiving WAP transmission, first mirror Power information includes identification number, the first random challenge word and the first key information of the WAP, institute It is that the WAP utilizes the key of WAP storage to the nothing to state first key information The identification number of line access point and the first random challenge word are encrypted acquisition;
First authentication module, for being authenticated to described first using key corresponding with the WAP Information is verified, and obtains the second key information;
First judge module, determines that the first key information is corresponding with second key information for working as When, then judge that the WAP is legal.
Alternatively, first judge module, is additionally operable to when determining the first key information with described the Then judge that the WAP is illegal when two key informations are not to correspondence.
Alternatively, described device also includes:
First generation module, for generating the second random challenge word;
First encrypting module, for utilizing key corresponding with the WAP to the wireless access The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
First sending module, for sending the second authentication information to the WAP, so that the nothing Line access point is verified using the key that the WAP is stored to second authentication information, institute State identification number of second authentication information including the WAP, the second random challenge word and the 3rd key Information.
Alternatively, first authentication module includes:
First dismisses unit, for being that the WAP utilizes the nothing when the first key information Identification number and the first random challenge word of the shared key of line access point storage to the WAP Hash operations acquisition is carried out, then utilizes shared key corresponding with the WAP to described wireless The identification number of access point and the first random challenge word carry out hash operations;
First decryption unit, for being that the WAP utilizes the nothing when the first key information Identification number and the first random challenge word of the shared key of line access point storage to the WAP Carry out hash operations obtain the first hashed value and using WAP storage private key to described the One hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described first Key information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP Shared key carries out hash operations and obtains to the identification number and the first random challenge word of the WAP Obtain the second hashed value.
Alternatively, first encrypting module includes:
First hashing unit, for utilizing shared key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word carry out hash operations;Or,
First signature unit, for utilizing shared key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word carry out hash operations and obtain the 3rd hashed value and profit The private key stored with the management platform is signed to the 3rd hashed value.
Alternatively, first judge module includes:
First direct corresponding unit, for when the first key information it is identical with second decryption information When, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit, for when the first decrypted hash value is identical with the second hashed value, Determine that the first key information is corresponding with second key information.
The present invention also provides a kind of WAP and management platform authentication device, is arranged at WAP Side, including:
Second generation module, for generating the first random challenge word;
Second encrypting module, for the key using WAP storage to the WAP Identification number and the first random challenge word be encrypted, obtain first key information;
Second sending module, for sending the first authentication information to management platform, so that the management platform First authentication information is verified using key corresponding with the WAP, described first Authentication information includes identification number, the first random challenge word and the first key information of the WAP.
Alternatively, described device also includes:
Second receiver module, the second authentication information for receiving management platform transmission, second authentication Information includes identification number, the second random challenge word and the 3rd key information of the WAP, described 3rd key information is that the management platform utilizes key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word are encrypted acquisition;
Second authentication module, for the key using WAP storage to the described second authentication letter Breath is verified, and obtains the 4th key information;
Second judge module, determines that the 3rd key information is corresponding with the 4th key information for working as When, then judge that the management platform is legal.
Alternatively, second judge module is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe Platform is illegal.
Alternatively, second encrypting module includes:
Second hashing unit, the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the first random challenge word carry out hash operations;Or,
Second signature unit, the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the first random challenge word carry out hash operations and obtain the first hashed value and utilize The private key of the WAP storage is signed to first hashed value.
Alternatively, second authentication module includes:
Second dismisses unit, for being that the management platform is utilized and the nothing when the 3rd key information Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP Hash operations acquisition is carried out, then the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the second random challenge word carry out hash operations;
Second decryption unit, for being that the management platform is utilized and the nothing when the 3rd key information Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP Hash operations are carried out to obtain the 3rd hashed value and utilize the private key of management platform storage to the described 3rd Hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the 3rd key Information is decrypted, and obtains the second decrypted hash value;And using the shared close of WAP storage Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the 4th Hashed value.
Alternatively, second judge module includes:
Second direct corresponding unit, for when the 3rd key information it is identical with the 4th decryption information When, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit, for when the second decrypted hash value is identical with the 4th hashed value, Determine that the 3rd key information is corresponding with the 4th key information.
Compared to the prior art the present invention, has the advantages that:
Method for authenticating and device that the present invention is provided, can realize access point apparatus and network management platform Legitimacy is mutually verified, it is ensured that the legitimacy of WAP, for the equipment in network provides safer It is reliable to access.
Brief description of the drawings
Fig. 1 is the WAP for being applied to management platform side and the management platform authentication of the embodiment of the present invention The flow chart of method;
Fig. 2 is the WAP for being applied to WAP side and the management platform mirror of the embodiment of the present invention The flow chart of power method;
Fig. 3 is the flow chart of a kind of WAP and management platform method for authenticating of the embodiment of the present invention;
Fig. 4 is the WAP for being arranged at management platform side and the management platform authentication of the embodiment of the present invention The structural representation of device;
Fig. 5 is the WAP for being arranged at WAP side and the management platform dress of the embodiment of the present invention The structural representation put;
Fig. 6 is the WAP encryption schematic diagram 1 of the embodiment of the present invention;
Fig. 7 is the WAP encryption schematic diagram 2 of the embodiment of the present invention;
Fig. 8 is the management platform authentication schematic diagram 1 of the embodiment of the present invention;
Fig. 9 is the management platform authentication schematic diagram 2 of the embodiment of the present invention;
Figure 10 is the management platform encryption schematic diagram 1 of the embodiment of the present invention;
Figure 11 is the management platform encryption schematic diagram 2 of the embodiment of the present invention;
Figure 12 is the WAP authentication schematic diagram 1 of the embodiment of the present invention;
Figure 13 is the WAP authentication schematic diagram 2 of the embodiment of the present invention;
Figure 14 is the flow chart of WAP and the management platform authentication of the embodiment of the present invention 1;
Figure 15 is the flow chart of WAP and the management platform authentication of the embodiment of the present invention 2.
Specific embodiment
To make goal of the invention of the invention, technical scheme and beneficial effect of greater clarity, with reference to Accompanying drawing is illustrated to embodiments of the invention, it is necessary to explanation is, in the case where not conflicting, this Shen Please in embodiment and embodiment in feature can mutually be combined.
As shown in figure 1, the embodiment of the present invention provides a kind of WAP and management platform method for authenticating, Management platform side is applied to, when management platform is authenticated to WAP, including:
S101, the first authentication information for receiving WAP transmission, first authentication information include institute State identification number, the first random challenge word and the first key information of WAP, the first key letter Cease for the WAP utilizes the key of WAP storage to the mark of the WAP Knowledge number and the first random challenge word are encrypted acquisition;
S102, school is carried out to first authentication information using key corresponding with the WAP Test, obtain the second key information;
S103, when it is determined that the first key information and second key information to it is corresponding when then judge institute State WAP legal.
S104, when it is determined that the first key information and second key information not to it is corresponding when then judge The WAP is illegal.
Preferably, when asking WAP to authenticate management platform, including:
S105, the second random challenge word of generation;
S106, using key corresponding with the WAP to the identification number of the WAP and The second random challenge word is encrypted, and obtains the 3rd key information;
S107, to the WAP send the second authentication information so that the WAP utilize The key of the WAP storage is verified to second authentication information, the second authentication letter Breath includes identification number, the second random challenge word and the 3rd key information of the WAP.
Wherein, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Step S102 includes:
When the first key information is the WAP sharing using WAP storage Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP (as shown in Figure 6), then utilize shared key corresponding with the WAP to the wireless access The identification number and the first random challenge word of point carry out hash operations (as shown in Figure 8);
When the first key information is the WAP sharing using WAP storage Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value (as shown in Figure 7) for obtaining, then utilize public key corresponding with the WAP to the first key Information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP shared Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the Two hashed values (as shown in Figure 9).
Step S106 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations (as shown in Figure 10);Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed (as shown in figure 11).
Step S103 includes:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
As shown in Fig. 2 the embodiment of the present invention provides a kind of WAP and management platform method for authenticating, WAP side is applied to, when asking management platform to authenticate WAP, including:
S201, the first random challenge word of generation;
S202, identification number and institute using the key of WAP storage to the WAP State the first random challenge word to be encrypted, obtain first key information;
S203, to management platform send the first authentication information so that the management platform utilize and the nothing The corresponding key of line access point is verified to first authentication information, and first authentication information includes The identification number of the WAP, the first random challenge word and first key information.
Preferably, when WAP is authenticated to management platform, also include:
S204, the second authentication information for receiving management platform transmission, second authentication information includes described The identification number of WAP, the second random challenge word and the 3rd key information, the 3rd key information For the management platform using key corresponding with the WAP to the mark of the WAP Number and the second random challenge word be encrypted acquisition;
S205, the key stored using the WAP are verified to second authentication information, Obtain the 4th key information;
S206, when it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge institute State management platform legal.
S207, when it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge The management platform is illegal.
Wherein, the identification number of the WAP includes following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
Step S202 includes:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations (as shown in Figure 6);Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed (as shown in Figure 7).
Step S205 includes:
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP (as shown in Figure 10), then using the shared key of WAP storage to the WAP Identification number and the second random challenge word carry out hash operations (as shown in figure 12);
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value (as shown in figure 11), then utilize public key corresponding with the management platform to the 3rd key information It is decrypted, obtains the second decrypted hash value;And using the shared key pair of WAP storage The identification number of the WAP and the second random challenge word carry out hash operations and obtain the 4th hash Value (as shown in figure 13).
Step S206 includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
As shown in figure 3, the embodiment of the present invention provides a kind of WAP and management platform method for authenticating, WAP is encrypted using the key of storage, and asks management platform to authenticate WAP, Including:
S301, WAP generate the first random challenge word;
S302, the WAP are using the key of WAP storage to the wireless access The identification number and the first random challenge word of point are encrypted, and obtain first key information;
S303, the WAP send the first authentication information, the first authentication letter to management platform Breath includes identification number, the first random challenge word and the first key information of the WAP;
S304, the management platform are authenticated using key corresponding with the WAP to described first Information is verified, and obtains the second key information;
S305, determine that the first key information is corresponding with second key information when the management platform When, then judge that the WAP is legal.
S306, determine that the first key information is not right with second key information when the management platform At once, then judge that the WAP is illegal.
If WAP is legal, key and the management platform storage of WAP storage Key corresponding with the WAP is identical or corresponding, and now authentication can pass through, if wirelessly Access point is illegal, and such as WAP is camouflage, then the key of WAP storage and management The key corresponding from WAP of platform storage is different or does not correspond to, and now authentication cannot pass through.
Management platform is encrypted using key corresponding with WAP, and asks WAP pair Management platform authentication (if this authentication being not required to, without the following steps), including:
S307, the management platform generate the second random challenge word;
S308, the management platform are using key corresponding with the WAP to the wireless access The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
S309, the management platform send the second authentication information to the WAP;Second mirror Power information includes identification number, the second random challenge word and the 3rd key information of the WAP;
S310, the WAP are authenticated using the key of WAP storage to described second Information is verified, and obtains the 4th key information;
S311, the 3rd key information and the 4th key information pair are determined when the WAP At once, then judge that the management platform is legal.
S312, determine the 3rd key information with the 4th key information not when the WAP Then judge that the management platform is illegal during to correspondence.
Similar, if management platform is legal, the key and management platform of WAP storage The key corresponding with the WAP of storage is identical or corresponding, and now authentication can pass through, such as Fruit management platform be it is illegal, such as management platform be camouflage, then WAP storage key with The key corresponding from WAP of management platform storage is different or does not correspond to, and now authentication cannot Pass through.
Step S302 includes:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations (as shown in Figure 6);Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed (as shown in Figure 7).
Step S304 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the first random challenge word carries out hash operations (as shown in Figure 8);Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained First decrypted hash value;And using shared key corresponding with the WAP to the wireless access The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value (such as Fig. 9 institutes Show).
Step S305 includes:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
Step S308 includes:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations (as shown in Figure 10);Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed (as shown in figure 11).
Step S310 includes:
The shared key stored using the WAP is to the identification number of the WAP and described Second random challenge word carries out hash operations (as shown in figure 12);Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value (as shown in figure 13).
Step S311 includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
The shared key of each WAP, different from other WAPs.Legal is wireless Access point preserves this shared key with legal management platform, and both sides are believed key using this shared key Breath is authenticated.
To prevent shared key from divulging a secret, ciphering signature (such as RSA Algorithm) can be further done.
WAP preserves the corresponding public key of private key and management platform of signature, and management platform is preserved The corresponding public key of private key and WAP of platform, both sides are using this corresponding public key or private key to closing Key information is authenticated.
As shown in figure 4, the present invention also provides a kind of WAP and management platform authentication device, set In management platform side, including:
First receiver module 401, the first authentication information for receiving WAP transmission, described the One authentication information includes identification number, the first random challenge word and the first key information of the WAP, The first key information is that the WAP utilizes the key of WAP storage to described The identification number of WAP and the first random challenge word are encrypted acquisition;
First authentication module 402, for utilizing key corresponding with the WAP to described first Authentication information is verified, and obtains the second key information;
First judge module 403, for when the determination first key information and second key information Then judge that the WAP is legal during to correspondence.
First judge module 403, is additionally operable to when the determination first key information is close with described second Key Asymmetry information is seasonable, then judge that the WAP is illegal.
Said apparatus also include:
First generation module 404, for generating the second random challenge word;
First encrypting module 405, for utilizing key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word are encrypted, and obtain the 3rd key information;
First sending module 406, for sending the second authentication information to the WAP, so that institute State WAP carries out school using the key that the WAP is stored to second authentication information Test, the identification number of second authentication information including the WAP, the second random challenge word and the Three key informations.
Wherein, first authentication module 402 includes:
First dismiss unit 4021, for when the first key information for the WAP utilizes institute The shared key for stating WAP storage is chosen at random to the identification number of the WAP and described first War word carries out hash operations acquisition, then utilize shared key corresponding with the WAP to described The identification number of WAP and the first random challenge word carry out hash operations;
First decryption unit 4022, for when the first key information for the WAP utilizes institute The shared key for stating WAP storage is chosen at random to the identification number of the WAP and described first War word carries out hash operations and obtains the first hashed value and utilize the private key of WAP storage to institute Stating the first hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described First key information is decrypted, and obtains the first decrypted hash value;And utilize and the WAP pair The shared key answered carries out hash fortune to the identification number and the first random challenge word of the WAP Calculate and obtain the second hashed value.
First encrypting module 405 includes:
First hashing unit 4051, for utilizing shared key corresponding with the WAP to described The identification number of WAP and the second random challenge word carry out hash operations;Or,
First signature unit 4052, for utilizing shared key corresponding with the WAP to described The identification number of WAP and the second random challenge word carry out hash operations obtain the 3rd hashed value, And the 3rd hashed value is signed using the private key that the management platform is stored.
First judge module 403 includes:
First direct corresponding unit 4031, for when the first key information and second decryption information When identical, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit 4032, for when the first decrypted hash value it is identical with the second hashed value When, determine that the first key information is corresponding with second key information.
As shown in figure 5, the embodiment of the present invention also provides a kind of WAP and management platform authentication device, WAP side is arranged at, including:
Second generation module 501, for generating the first random challenge word;
Second encrypting module 502, the key for being stored using the WAP is wirelessly connect to described The identification number of access point and the first random challenge word are encrypted, and obtain first key information;
Second sending module 503, for sending the first authentication information to management platform, so that the management Platform is verified using key corresponding with the WAP to first authentication information, described First authentication information includes identification number, the first random challenge word and the first key letter of the WAP Breath.
Said apparatus also include:
Second receiver module 504, the second authentication information for receiving management platform transmission, described second Authentication information includes identification number, the second random challenge word and the 3rd key information of the WAP, 3rd key information is that the management platform utilizes key corresponding with the WAP to described The identification number of WAP and the second random challenge word are encrypted acquisition;
Second authentication module 505, reflects for the key using WAP storage to described second Power information is verified, and obtains the 4th key information;
Second judge module 506, for when determination the 3rd key information and the 4th key information Then judge that the management platform is legal during to correspondence.
Second judge module 506 is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe Platform is illegal.
Wherein, second encrypting module 502 includes:
Second hashing unit 5021, for the shared key using WAP storage to the nothing The identification number of line access point and the first random challenge word carry out hash operations;Or,
Second signature unit 5022, for the shared key using WAP storage to the nothing The identification number of line access point and the first random challenge word carry out hash operations obtain the first hashed value and The private key stored using the WAP is signed to first hashed value.
Second authentication module 505 includes:
Second dismiss unit 5051, for when the 3rd key information be the management platform using and institute The corresponding shared key of WAP is stated to choose the identification number of the WAP and described second at random War word carries out hash operations acquisition, then using the shared key of WAP storage to the nothing The identification number of line access point and the second random challenge word carry out hash operations;
Second decryption unit 5052, for when the 3rd key information for the management platform utilize and institute The corresponding shared key of WAP is stated to choose the identification number of the WAP and described second at random War word carries out hash operations and obtains the 3rd hashed value and utilize the private key of management platform storage to described 3rd hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the described 3rd Key information is decrypted, and obtains the second decrypted hash value;And using being total to that the WAP is stored Enjoy key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP 4th hashed value.
Second judge module 506 includes:
Second direct corresponding unit 5061, for when the 3rd key information and the 4th decryption information When identical, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit 5062, for when the second decrypted hash value it is identical with the 4th hashed value When, determine that the 3rd key information is corresponding with the 4th key information.
Embodiment 1
Shared key in the embodiment of the present invention, refer to for the hashing algorithm arranged for certain (such as SHA-256), the shared key of hash operations is carried out.As shown in figure 14, step is as follows:
11st, with the NodeID of oneself, (NodeID can be the MAC of WAP to WAP Address, sequence number, or other unique identifications) and randomly generate one challenge word X, using depositing The shared key of storage does hash operations to them, obtains hashed value A (see Fig. 6);
12nd, WAP is when request is connected to management platform, message carry NodeID, challenge word and Hashed value A;
13rd, management platform uses the WAP pair after the connection request for receiving WAP Answer shared key to do hashing algorithm to the NodeID that receives and challenge word X, obtain hashed value AA (see Fig. 8).
If the 14, A=AA, management platform judges that the WAP is legal, otherwise illegally.
Following four step is authentication of the WAP to management platform, is the further embodiment of the present invention Function.If this authentication is not required to, without this four steps:
15th, if it is determined that WAP is legal, management platform randomly generates a challenge word Y, to receiving To NodeID, carry out hash operations using the corresponding shared key of the WAP and obtain hashed value B (see Figure 10);
16th, management platform carries WAP in the response message for being sent to WAP The hashed value B (see Figure 10) of NodeID, challenge word and encryption;
17th, after WAP receives response message, the shared key using storage is to receiving NodeID and challenge word Y do hash operations, obtain hashed value BB;
If the 18, B=BB, the management platform point is legal, otherwise illegal (see Fig. 3).
Embodiment 2
To prevent shared key from divulging a secret, ciphering signature (such as RSA Algorithm) can be further done to hashed value. As shown in figure 15, step is as follows:
21st, with the NodeID of oneself, (NodeID can be the MAC of WAP to WAP Address, sequence number, or other unique identifications) and randomly generate one challenge word X, using depositing Storage shared key does hash operations to them, obtains hashed value A, the private key stored using WAP RSA signature is done to A, RSA signature ciphertext AAA is drawn (see Fig. 7);
22nd, when request is connected to management platform, message carries NodeID, challenge character to WAP String and RSA signature ciphertext AAA;
23rd, management platform uses WAP correspondence after the connection request for receiving WAP Public key to signature result AAA carry out RSA decryption, obtain the signature original text of RSA, draw decryption Hashed value AAAA, then again with WAP correspondence shared key to NodeID, challenge word X Do hash operations, obtain hashed result AA (see Fig. 9);
24th, management platform compares the hashed value AA knots of RSA signature decrypted hash value AAAA and calculating Really, if unanimously, the WAP is legal, otherwise illegally.
Following four step is authentication of the WAP to management platform, is the further embodiment of the present invention Function.If this authentication is not required to, without this four steps:
25th, if it is determined that WAP is legal, management platform randomly generates a challenge word Y, to receiving To NodeID, carry out hash operations using the corresponding shared key of the WAP and obtain hashed value B;
26th, the private key stored using management platform does RSA signature to hashed value B, draws RSA signature Ciphertext BBB (see Figure 11), and the NodeID of WAP, challenge word are carried in response message With RSA signature ciphertext BBB.
27th, after WAP receives response message, the corresponding public affairs of the management platform for pre-saving are used Key does RSA decryption to the signature result BBB for receiving, and draws the signature original text of RSA, show that decryption dissipates Train value BBBB, then the shared key stored with WAP does hash fortune to NodeID and challenge word Calculate BB (see Figure 13);
28th, WAP compares the hashed value BB of RSA signature decrypted hash value BBBB and calculating, If two results are consistent, the management platform is legal, otherwise illegally.
Although disclosed implementation method is as above, its content is only to facilitate understand the present invention Technical scheme and the implementation method that uses, be not intended to limit the present invention.Technology belonging to any present invention Technical staff in field, on the premise of disclosed core technology scheme is not departed from, can be with Any modification and change, but the protection domain that the present invention is limited are made in the form and details implemented, still The scope that must be limited by appending claims is defined.

Claims (36)

1. a kind of WAP and management platform method for authenticating, are applied to management platform side, and its feature exists In, including:
The first authentication information that WAP sends is received, first authentication information includes described wireless The identification number of access point, the first random challenge word and first key information, the first key information is institute State WAP using the key of WAP storage to the identification number of the WAP and The first random challenge word is encrypted acquisition;
First authentication information is verified using key corresponding with the WAP, is obtained Second key information;
When it is determined that the first key information and second key information to it is corresponding when then judge described wireless Access point is legal.
2. the method for claim 1, it is characterised in that:Obtain and also wrap after the second key information Include:
When it is determined that the first key information and second key information not to it is corresponding when then judge the nothing Line access point is illegal.
3. the method for claim 1, it is characterised in that:It is described to judge that the WAP is closed Also include after method:
Generate the second random challenge word;
Using key corresponding with the WAP to the identification number of the WAP and described Two random challenge words are encrypted, and obtain the 3rd key information;
The second authentication information is sent to the WAP, so that the WAP utilizes the nothing The key of line access point storage is verified to second authentication information, and second authentication information includes The identification number of the WAP, the second random challenge word and the 3rd key information.
4. the method for claim 1, it is characterised in that the identification number bag of the WAP Include following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
5. the method for claim 1, it is characterised in that:Using corresponding with the WAP Key verification carried out to first authentication information include:
When the first key information is the WAP sharing using WAP storage Key carries out hash operations acquisition to the identification number and the first random challenge word of the WAP , then utilize shared key corresponding with the WAP to the identification number of the WAP and The first random challenge word carries out hash operations;
When the first key information is the WAP sharing using WAP storage Key carries out hash operations to the identification number and the first random challenge word of the WAP and obtains the One hashed value is simultaneously carried out signature and is obtained using the private key that the WAP is stored to first hashed value , then utilize public key corresponding with the WAP to be decrypted the first key information, Obtain the first decrypted hash value;And using shared key corresponding with the WAP to described wireless The identification number of access point and the first random challenge word carry out hash operations and obtain the second hashed value.
6. method as claimed in claim 3, it is characterised in that using corresponding with the WAP Key the identification number and the second random challenge word of the WAP are encrypted including:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed.
7. method as claimed in claim 6, it is characterised in that determine the first key information and institute Stating the second key information correspondence includes:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
8. a kind of WAP and management platform method for authenticating, are applied to WAP side, its feature It is, including:
Generate the first random challenge word;
Using the key of WAP storage to the identification number of the WAP and described first Random challenge word is encrypted, and obtains first key information;
The first authentication information is sent to management platform, so that the management platform is utilized and the wireless access The corresponding key of point is verified to first authentication information, and first authentication information includes the nothing The identification number of line access point, the first random challenge word and first key information.
9. method as claimed in claim 8, it is characterised in that:The first authentication letter is sent to management platform Also include after breath:
The second authentication information that management platform sends is received, second authentication information wirelessly connects including described The identification number of access point, the second random challenge word and the 3rd key information, the 3rd key information is described Management platform utilizes identification number and institute of the key corresponding with the WAP to the WAP State the second random challenge word and be encrypted acquisition;
The key stored using the WAP is verified to second authentication information, obtains the Four key informations;
When it is determined that the 3rd key information and the 4th key information to it is corresponding when then judge the management Platform is legal.
10. method as claimed in claim 9, it is characterised in that obtain after the 4th key information also Including:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe Platform is illegal.
11. methods as claimed in claim 8, it is characterised in that:The identification number of the WAP Including following one or more:
Media intervention control layer MAC address, sequence number, unique identification.
12. methods as claimed in claim 8, it is characterised in that:Stored using the WAP Key the identification number and the first random challenge word of the WAP are encrypted including:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed.
13. methods as claimed in claim 9, it is characterised in that:Stored using the WAP Key verification carried out to second authentication information include:
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations acquisition to the identification number and the second random challenge word of the WAP , then utilize identification number and institute of the shared key of WAP storage to the WAP Stating the second random challenge word carries out hash operations;
When the 3rd key information is that the management platform is shared using corresponding with the WAP Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the Three hashed values simultaneously carry out signature acquisition using the private key that the management platform is stored to the 3rd hashed value , then utilize public key corresponding with the management platform to be decrypted the 3rd key information, obtain Second decrypted hash value;And the shared key of WAP storage is utilized to the WAP Identification number and the second random challenge word carry out hash operations obtain the 4th hashed value.
14. methods as claimed in claim 13, it is characterised in that:Determine the 3rd key information with The 4th key information correspondence includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
A kind of 15. WAPs and management platform method for authenticating, it is characterised in that including:
WAP generates the first random challenge word;
The WAP utilizes the key of WAP storage to the mark of the WAP Knowledge number and the first random challenge word are encrypted, and obtain first key information;
The WAP sends the first authentication information to management platform, and first authentication information includes The identification number of the WAP, the first random challenge word and first key information;
The management platform is entered using key corresponding with the WAP to first authentication information Row verification, obtains the second key information;
When the management platform determine the first key information and second key information to it is corresponding when then Judge that the WAP is legal.
16. methods as claimed in claim 15, it is characterised in that:Also include:
When the management platform determine the first key information and second key information not to it is corresponding when Then judge that the WAP is illegal.
17. methods as claimed in claim 15, it is characterised in that:It is described to judge the WAP Also include after legal:
The management platform generates the second random challenge word;
The management platform is using key corresponding with the WAP to the mark of the WAP Knowledge number and the second random challenge word are encrypted, and obtain the 3rd key information;
The management platform sends the second authentication information to the WAP;Second authentication information Identification number including the WAP, the second random challenge word and the 3rd key information;
The WAP is entered using the key that the WAP is stored to second authentication information Row verification, obtains the 4th key information;
When the WAP determine the 3rd key information and the 4th key information to it is corresponding when Then judge that the management platform is legal.
18. methods as claimed in claim 17, it is characterised in that:When the WAP determines institute State the 3rd key information and the 4th key information not to it is corresponding when then judge that the management platform is illegal.
19. methods as claimed in claim 15, it is characterised in that:The WAP is using described The key of WAP storage enters to the identification number and the first random challenge word of the WAP Row encryption includes:
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations;Or,
The shared key stored using the WAP is to the identification number of the WAP and described First random challenge word carries out hash operations and obtains the first hashed value and using WAP storage Private key first hashed value is signed.
20. methods as claimed in claim 19, it is characterised in that:The management platform utilize with it is described The corresponding key of WAP carries out verification to first authentication information to be included:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the first random challenge word carries out hash operations;Or,
The first key information is decrypted using public key corresponding with the WAP, is obtained First decrypted hash value;And using shared key corresponding with the WAP to the wireless access The identification number and the first random challenge word of point carry out hash operations and obtain the second hashed value.
21. methods as claimed in claim 20, it is characterised in that:Determine the first key information with The second key information correspondence includes:
When the first key information is identical with second decryption information, the first key letter is determined Breath is corresponding with second key information;Or,
When the first decrypted hash value is identical with the second hashed value, determine the first key information with The second key information correspondence.
22. methods as claimed in claim 17, it is characterised in that:The management platform utilize with it is described The corresponding key of WAP enters to the identification number and the second random challenge word of the WAP Row encryption includes:
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations;Or,
The identification number to the WAP and institute using shared key corresponding with the WAP Stating the second random challenge word carries out hash operations the 3rd hashed value of acquisition and using management platform storage Private key the 3rd hashed value is signed.
23. methods as claimed in claim 22, it is characterised in that:The WAP is using described The key of WAP storage carries out verification to second authentication information to be included:
The shared key stored using the WAP is to the identification number of the WAP and described Second random challenge word carries out hash operations;Or,
The 3rd key information is decrypted using public key corresponding with the management platform, obtains the Two decrypted hash values;And the shared key of WAP storage is utilized to the WAP Identification number and the second random challenge word carry out hash operations and obtain the 4th hashed value.
24. methods as claimed in claim 23, it is characterised in that:Determine the 3rd key information with The 4th key information correspondence includes:
When the 3rd key information is identical with the 4th decryption information, the 3rd key letter is determined Breath is corresponding with the 4th key information;Or,
When the second decrypted hash value is identical with the 4th hashed value, determine the 3rd key information with The 4th key information correspondence.
A kind of 25. WAPs and management platform authentication device, are arranged at management platform side, its feature It is, including:
First receiver module, the first authentication information for receiving WAP transmission, first mirror Power information includes identification number, the first random challenge word and the first key information of the WAP, institute It is that the WAP utilizes the key of WAP storage to the nothing to state first key information The identification number of line access point and the first random challenge word are encrypted acquisition;
First authentication module, for being authenticated to described first using key corresponding with the WAP Information is verified, and obtains the second key information;
First judge module, determines that the first key information is corresponding with second key information for working as When, then judge that the WAP is legal.
26. devices as claimed in claim 25, it is characterised in that:First judge module, also uses In when it is determined that the first key information and second key information not to it is corresponding when then judge described wireless Access point is illegal.
27. devices as claimed in claim 25, it is characterised in that:Also include:
First generation module, for generating the second random challenge word;
First encrypting module, for utilizing key corresponding with the WAP to the wireless access The identification number and the second random challenge word of point are encrypted, and obtain the 3rd key information;
First sending module, for sending the second authentication information to the WAP, so that the nothing Line access point is verified using the key that the WAP is stored to second authentication information, institute State identification number of second authentication information including the WAP, the second random challenge word and the 3rd key Information.
28. devices as claimed in claim 25, it is characterised in that:First authentication module includes:
First dismisses unit, for being that the WAP utilizes the nothing when the first key information Identification number and the first random challenge word of the shared key of line access point storage to the WAP Hash operations acquisition is carried out, then utilizes shared key corresponding with the WAP to described wireless The identification number of access point and the first random challenge word carry out hash operations;
First decryption unit, for being that the WAP utilizes the nothing when the first key information Identification number and the first random challenge word of the shared key of line access point storage to the WAP Carry out hash operations obtain the first hashed value and using WAP storage private key to described the One hashed value carries out acquisition of signing, then utilize public key corresponding with the WAP to described first Key information is decrypted, and obtains the first decrypted hash value;And using corresponding with the WAP Shared key carries out hash operations and obtains to the identification number and the first random challenge word of the WAP Obtain the second hashed value.
29. devices as claimed in claim 27, it is characterised in that first encrypting module includes:
First hashing unit, for utilizing shared key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word carry out hash operations;Or,
First signature unit, for utilizing shared key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word carry out hash operations and obtain the 3rd hashed value and profit The private key stored with the management platform is signed to the 3rd hashed value.
30. devices as claimed in claim 29, it is characterised in that first judge module includes:
First direct corresponding unit, for when the first key information it is identical with second decryption information When, determine that the first key information is corresponding with second key information;Or,
First indirect corresponding unit, for when the first decrypted hash value is identical with the second hashed value, Determine that the first key information is corresponding with second key information.
A kind of 31. WAPs and management platform authentication device, are arranged at WAP side, and it is special Levy and be, including:
Second generation module, for generating the first random challenge word;
Second encrypting module, for the key using WAP storage to the WAP Identification number and the first random challenge word be encrypted, obtain first key information;
Second sending module, for sending the first authentication information to management platform, so that the management platform First authentication information is verified using key corresponding with the WAP, described first Authentication information includes identification number, the first random challenge word and the first key information of the WAP.
32. devices as claimed in claim 31, it is characterised in that:Also include:
Second receiver module, the second authentication information for receiving management platform transmission, second authentication Information includes identification number, the second random challenge word and the 3rd key information of the WAP, described 3rd key information is that the management platform utilizes key corresponding with the WAP to described wireless The identification number of access point and the second random challenge word are encrypted acquisition;
Second authentication module, for the key using WAP storage to the described second authentication letter Breath is verified, and obtains the 4th key information;
Second judge module, determines that the 3rd key information is corresponding with the 4th key information for working as When, then judge that the management platform is legal.
33. devices as claimed in claim 32, it is characterised in that second judge module is additionally operable to:
When it is determined that the 3rd key information and the 4th key information not to it is corresponding when then judge the pipe Platform is illegal.
34. devices as claimed in claim 31, it is characterised in that:Second encrypting module includes:
Second hashing unit, the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the first random challenge word carry out hash operations;Or,
Second signature unit, the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the first random challenge word carry out hash operations and obtain the first hashed value and utilize The private key of the WAP storage is signed to first hashed value.
35. devices as claimed in claim 32, it is characterised in that:Second authentication module includes:
Second dismisses unit, for being that the management platform is utilized and the nothing when the 3rd key information Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP Hash operations acquisition is carried out, then the shared key for being stored using the WAP is wirelessly connect to described The identification number of access point and the second random challenge word carry out hash operations;
Second decryption unit, for being that the management platform is utilized and the nothing when the 3rd key information Identification number and the second random challenge word of the corresponding shared key of line access point to the WAP Hash operations are carried out to obtain the 3rd hashed value and utilize the private key of management platform storage to the described 3rd Hashed value carries out acquisition of signing, then utilize public key corresponding with the management platform to the 3rd key Information is decrypted, and obtains the second decrypted hash value;And using the shared close of WAP storage Key carries out hash operations to the identification number and the second random challenge word of the WAP and obtains the 4th Hashed value.
36. devices as claimed in claim 35, it is characterised in that:Second judge module includes:
Second direct corresponding unit, for when the 3rd key information it is identical with the 4th decryption information When, determine that the 3rd key information is corresponding with the 4th key information;Or,
Second indirect corresponding unit, for when the second decrypted hash value is identical with the 4th hashed value, Determine that the 3rd key information is corresponding with the 4th key information.
CN201510410310.5A 2015-07-13 2015-07-13 Wireless access point and management platform authentication method and device Withdrawn CN106714156A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510410310.5A CN106714156A (en) 2015-07-13 2015-07-13 Wireless access point and management platform authentication method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510410310.5A CN106714156A (en) 2015-07-13 2015-07-13 Wireless access point and management platform authentication method and device
PCT/CN2016/080767 WO2017008556A1 (en) 2015-07-13 2016-04-29 Authentication method and device for wireless access point and management platform

Publications (1)

Publication Number Publication Date
CN106714156A true CN106714156A (en) 2017-05-24

Family

ID=57756810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510410310.5A Withdrawn CN106714156A (en) 2015-07-13 2015-07-13 Wireless access point and management platform authentication method and device

Country Status (2)

Country Link
CN (1) CN106714156A (en)
WO (1) WO2017008556A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019153118A1 (en) * 2018-02-06 2019-08-15 福建联迪商用设备有限公司 Method for transmitting key, receiving terminal, and distribution terminal
CN110493272A (en) * 2019-09-25 2019-11-22 北京风信科技有限公司 Use the communication means and communication system of multiple key

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107551A (en) * 2018-10-29 2020-05-05 杭州海康威视数字技术股份有限公司 Wireless network bridge networking method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753361A (en) * 2004-09-20 2006-03-29 华为技术有限公司 Right identification method
CN1757195A (en) * 2003-03-06 2006-04-05 Tim意大利股份公司 Methods and software program product for mutual authentication in a communications network
US20080134306A1 (en) * 2006-12-04 2008-06-05 Telefonaktiebolaget Lm Ericsson (Publ) Method for fast handover and authentication in a packet data network
CN101640886A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, re-authentication method and communication device
CN101764693A (en) * 2009-12-24 2010-06-30 福建星网锐捷网络有限公司 Authentication method, system, client and network equipment
CN102625307A (en) * 2011-01-31 2012-08-01 电信科学技术研究院 Wireless network access system
CN103096301A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Method for verifying wireless local area network access point and station for the same
CN103634170A (en) * 2012-08-21 2014-03-12 中兴通讯股份有限公司 Home network interconnecting method and apparatus

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201112360D0 (en) * 2011-07-18 2011-08-31 Skype Ltd Distributing information
CN102685745B (en) * 2012-04-23 2016-05-11 深圳市江波龙电子有限公司 The authentication method of wireless aps equipment and system
US20140337950A1 (en) * 2013-05-07 2014-11-13 Futurewei Technologies, Inc. Method and Apparatus for Secure Communications in a Wireless Network
CN104125568B (en) * 2014-08-11 2018-09-07 湖南恒茂高科股份有限公司 Wireless access point safety certifying method and system
CN104581727A (en) * 2015-02-03 2015-04-29 福州瑞芯微电子有限公司 Equipment connecting method and device and AP (access point) end electronic equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1757195A (en) * 2003-03-06 2006-04-05 Tim意大利股份公司 Methods and software program product for mutual authentication in a communications network
CN1753361A (en) * 2004-09-20 2006-03-29 华为技术有限公司 Right identification method
US20080134306A1 (en) * 2006-12-04 2008-06-05 Telefonaktiebolaget Lm Ericsson (Publ) Method for fast handover and authentication in a packet data network
CN101640886A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, re-authentication method and communication device
CN101764693A (en) * 2009-12-24 2010-06-30 福建星网锐捷网络有限公司 Authentication method, system, client and network equipment
CN102625307A (en) * 2011-01-31 2012-08-01 电信科学技术研究院 Wireless network access system
CN103096301A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Method for verifying wireless local area network access point and station for the same
CN103634170A (en) * 2012-08-21 2014-03-12 中兴通讯股份有限公司 Home network interconnecting method and apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
尹淑玲: "《网络安全技术教程》", 31 May 2014 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019153118A1 (en) * 2018-02-06 2019-08-15 福建联迪商用设备有限公司 Method for transmitting key, receiving terminal, and distribution terminal
CN110493272A (en) * 2019-09-25 2019-11-22 北京风信科技有限公司 Use the communication means and communication system of multiple key

Also Published As

Publication number Publication date
WO2017008556A1 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
CN106603485A (en) Secret key negotiation method and device
CN105162797B (en) A kind of mutual authentication method based on video monitoring system
CN103427992B (en) The method and system of secure communication is set up between node in a network
CN106301769A (en) Quantum key output intent, storage consistency verification method, Apparatus and system
CN106411521A (en) Identity authentication methods, devices and system for quantum key distribution process
US20090287921A1 (en) Mobile device assisted secure computer network communication
CN104796265A (en) Internet-of-things identity authentication method based on Bluetooth communication access
CN103095456B (en) The processing method of transaction message and system
WO2005006629A3 (en) Terminal authentication in a wireless network
CN105915502A (en) Method and system for facilitating network joining
CN109951489B (en) Digital identity authentication method, equipment, device, system and storage medium
CN103248491B (en) A kind of backup method of electronic signature token private key and system
CN103812651B (en) Method of password authentication, apparatus and system
CN106331970A (en) Hearing device and method of updating a hearing device
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CN106101097A (en) Home appliance and with the communication system of Cloud Server and method, Cloud Server
CN109150526A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN106850207B (en) Identity identifying method and system without CA
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN106714156A (en) Wireless access point and management platform authentication method and device
CN104393993A (en) A security chip for electricity selling terminal and the realizing method
CN109245885A (en) Cryptographic key negotiation method, equipment, storage medium and system
CN107360125A (en) Access authentication method, WAP and user terminal
CN109257170A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN107277020A (en) The system and method for remote validation mobile device legitimacy based on public private key system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170524

WW01 Invention patent application withdrawn after publication