Summary of the invention
In view of this, the embodiment of the invention provides a kind of authentication methods of wireless network, wireless network safety communication side
Method and device, to realize certification of the user to wireless network server.
According in a first aspect, the embodiment of the invention provides a kind of authentication method of wireless network, the wireless network packet
Include: certification node and certificate server, the certification node prestore the first public key and the first private key, and the certificate server is pre-
There are the second public key and the second private key, the authentication method of the wireless network includes: to send the first identity information to the certification to take
Business device;The first encryption information that the certificate server is sent is received, first encryption information is that the certificate server makes
The first identity information of the certification node and the second identity information of certificate server are encrypted with second private key
It generates;First encryption information is decrypted using second public key, obtains the tiers e'tat letter of the certification node
Breath, and judge whether the tiers e'tat information and first identity information are identical;When the tiers e'tat information with it is described
When first identity information is identical, judgement passes through the certification of the certificate server.
With reference to first aspect, in first aspect first embodiment, using second public key to first encryption
Information is decrypted, and also decryption obtains the second identity information of the certificate server, the method also includes: use described the
One private key encrypts the second identity information of the certificate server that first identity information and decryption obtain, and generates second
Encryption information, and second encryption information is sent to the certificate server.
First embodiment with reference to first aspect, in first aspect second embodiment, the tiers e'tat information is
The certification node is decrypted to obtain using SM2 algorithm using second public key to first encryption information;Described
Two encryption information are that the certification node conciliates first identity information using the SM2 algorithm using first private key
Second identity information of close obtained certificate server carries out encryption generation.
First embodiment with reference to first aspect, in first aspect third embodiment, the authentication method of wireless network
Further include: the third encryption information that the certificate server is sent is received, the third encryption information is the certificate server
The first wildcard according to the service set of corresponding access points and the certification node and certificate server is raw
At the first PMK key information, encryption generation is carried out to the first PMK key information using first public key;Using described
The third encryption information is decrypted in first private key, obtains the 3rd PMK key information, judges the 3rd PMK key letter
Whether the second wildcard and first wildcard in breath are identical;When second wildcard and described the
When one wildcard is identical, determine that the 3rd PMK key information is identical as the first PMK key information;According to described
First pre-share of the service set of the corresponding access points of certificate server and the certification node and certificate server
Key generates the 2nd PMK key information;The 2nd PMK key information is encrypted using second public key, generates the
Four encryption information, and the 4th encryption information is sent to the certificate server;Receive what the certificate server was sent
PMK available information and PMK key information, the PMK available information and PMK key information are described in the certificate server use
The 4th encryption information is decrypted in second private key, obtains the 4th PMK key information, judges the 4th PMK key letter
Whether the third wildcard and first wildcard in breath are identical, when the third wildcard and described the
When one wildcard is identical, determine that the 4th PMK key information is identical as the 2nd PMK key information rear according to
First PMK key information and the 4th PMK key information generate;Store the PMK key information.
Third embodiment with reference to first aspect, in the 4th embodiment of first aspect, the 3rd PMK key information
It is obtained after the third encryption information is decrypted using SM2 algorithm using first private key for the certification node;Institute
Stating the 4th encryption information is that the certification node uses second public key using the SM2 algorithm to the 2nd PMK key
Information carries out encryption generation.
According to second aspect, the embodiment of the invention provides a kind of authentication method of wireless network, the wireless network packet
Include: certification node and certificate server, the certification node prestore the first public key and the first private key, and the certificate server is pre-
There are the second public key and the second private key, the authentication method of the wireless network includes: the first body for receiving the certification node and sending
Part information;Using second private key to the first identity information of the certification node and the second identity information of certificate server
It is encrypted, generates the first encryption information, and first encryption information is sent to the certification node.
In conjunction with second aspect, in second aspect first embodiment, the authentication method of wireless network further include: receive institute
The second encryption information that certification node is sent is stated, second encryption information is that the certification node uses second public key pair
First encryption information is decrypted, and obtains the tiers e'tat information of the certification node and the second identity of the server
Information, and judge whether the tiers e'tat information and first identity information are identical, when the tiers e'tat information and institute
State the first identity information it is identical when, the certification node using first private key to first identity information and described second
Identity information carries out encryption generation;Second encryption information is decrypted using first public key, obtains the certification
4th identity information of server, and judge whether the 4th identity information and second identity information are identical;When described
When 4th identity information is identical as second identity information, determine that the certification to the certification node passes through.
In conjunction with second aspect first embodiment, in second aspect second embodiment, first encryption information is
The certificate server takes the first identity information of the certification node and certification using SM2 algorithm using second private key
Second identity information of business device carries out encryption generation;4th identity information is that the certificate server is public using described first
Key is decrypted to obtain using the SM2 algorithm to second encryption information.
In conjunction with second aspect first embodiment, in second aspect third embodiment, the authentication method of wireless network
Further include: according to the service set of the corresponding access points of the certificate server and the certification node and authentication service
First wildcard of device generates the first PMK key information, using first public key to the first PMK key information into
Row encryption, generates third encryption information, and the third encryption information is sent to the certification node;Receive the certification section
The 4th encryption information that point is sent, the 4th encryption information are that the certification node uses first private key to the third
Encryption information is decrypted, and obtains the 3rd PMK key information, judges that the second pre-share in the 3rd PMK key information is close
Whether key and first wildcard are identical, when second wildcard is identical as first wildcard
When, determine that the 3rd PMK key information is identical as the first PMK key information, it is corresponding according to the certificate server
It is close that first wildcard of the service set of access points and the certification node and certificate server generates the 2nd PMK
Key information carries out encryption generation to the 2nd PMK key information using second public key;Using second private key to institute
It states the 4th encryption information to be decrypted, obtains the 4th PMK key information, judge that the third in the 4th PMK key information is pre-
Whether shared key and first wildcard are identical, when the third wildcard and first wildcard
When identical, determine that the 4th PMK key information is identical as the 2nd PMK key information, believed according to the first PMK key
Breath and the 4th PMK key information generate PMK key information and PMK available information, store the PMK key information, and will
The PMK available information and the PMK key information are sent to the certification node.
In conjunction with second aspect third embodiment, in the 4th embodiment of second aspect, the third encryption information is
The certificate server carries out encryption generation to the first PMK key information using SM2 algorithm using first public key;Institute
It states PMK available information and PMK key information and uses the SM2 algorithm to institute using second private key for the certificate server
It states and is generated after the 4th encryption information is decrypted according to the first PMK key information and the 4th PMK key information.
According to the third aspect, the embodiment of the invention provides a kind of wireless network safety communication method, the wireless networks
It include: certification node, certificate server, the certificate server is communicated by access points with the certification node,
The wireless network safety communication method includes: using first aspect, first aspect any embodiment, second aspect or second party
The authentication method of wireless network described in any embodiment of face authenticates the wireless network;When certification passes through, adopt
Encryption key distribution is carried out to the certification node and access points with SM3 algorithm and SM4 algorithm;The certification node and access connect
Access point carries out data communication using SM3 algorithm and SM4 algorithm using the key.
According to fourth aspect, the embodiment of the invention provides a kind of authentication device of wireless network, the wireless network packet
Include: certification node and certificate server, the certification node prestore the first public key and the first private key, and the certificate server is pre-
There are the second public key and the second private key, the authentication device of wireless network includes: identity information sending module, for sending the first body
Part information is to the certificate server;Encryption information receiving module, the first encryption sent for receiving the certificate server
Information, first encryption information are first identity of the certificate server using second private key to the certification node
Second identity information of information and certificate server carries out encryption generation;Deciphering module, for using second public key to institute
It states the first encryption information to be decrypted, obtains the tiers e'tat information of the certification node, and judge the tiers e'tat information
It is whether identical as first identity information;Determination module, for when the tiers e'tat information and first identity information
When identical, judgement passes through the certification of the certificate server.
According to the 5th aspect, the embodiment of the invention provides a kind of authentication device of wireless network, the wireless network packet
Include: certification node and certificate server, the certification node prestore the first public key and the first private key, and the certificate server is pre-
There are the second public key and the second private key, the authentication device of the wireless network includes: identity information receiving module, described for receiving
Authenticate the first identity information that node is sent;Encryption information generation module, for being saved using second private key to the certification
First identity information of point and the second identity information of certificate server are encrypted, and generate the first encryption information, and will be described
First encryption information is sent to the certification node.
According to the 6th aspect, the embodiment of the invention provides a kind of wireless network safety communication device, the wireless networks
It include: certification node, certificate server, the certificate server is communicated by access points with the certification node,
The wireless network safety communication device includes: authentication module, for using first aspect, first aspect any embodiment, the
The authentication method of wireless network described in two aspects or second aspect any embodiment authenticates the wireless network;It is close
Key distribution module, for when certification passes through, using SM3 algorithm and SM4 algorithm to the certification node and access points into
Row encryption key distribution;Data communication module, for the certification node and access points using the key using SM3 algorithm with
SM4 algorithm carries out data communication.
According to the 7th aspect, the embodiment of the invention provides a kind of electronic equipment, which includes: memory and place
Device is managed, connection is communicated with each other between the memory and the processor, computer instruction is stored in the memory, it is described
Processor by executing the computer instruction, thereby executing first aspect, first aspect any embodiment, second aspect or
Wireless network safety communication described in the authentication method or the third aspect of wireless network described in second aspect any embodiment
Method.
It is described computer-readable the embodiment of the invention provides a kind of computer readable storage medium according to eighth aspect
Storage medium is stored with computer instruction, and the computer instruction is for making the computer execute first aspect, first aspect
The authentication method or the third aspect of wireless network described in any embodiment, second aspect or second aspect any embodiment
The wireless network safety communication method.
Technical solution of the present invention at least has the advantages that compared with prior art
The embodiment of the invention provides a kind of authentication method of wireless network, wireless network safety communication method and device,
Wireless network includes: certification node and certificate server, and certification node prestores the first public key and the first private key, certificate server
The second public key and the second private key are prestored, the authentication method of the wireless network includes: to send the first identity information to authentication service
Device;Receive the first encryption information that certificate server is sent, the first encryption information be certificate server using the second private key to recognizing
Second identity information of the first identity information and certificate server of demonstrate,proving node carries out encryption generation;Using the second public key to first
Encryption information is decrypted, and obtains the tiers e'tat information of certification node, and judge tiers e'tat information and the first identity information
It is whether identical;When tiers e'tat information is identical as the first identity information, judgement passes through the certification of certificate server.Pass through reality
The present invention is applied, certification of the certification node to certificate server is realized, is connect again after the authentication to certificate server passes through
Enter wireless network, avoids user and login the property that causes the leakage of personal information after the Wi-Fi network of forgery and can not retrieve
Loss.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having
Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
As shown in Figure 1, being the application scenarios schematic diagram of the embodiment of the present invention.Mobile terminal is the mobile phone with WiFi module
Or tablet computer etc., it is interacted between mobile terminal and server, mobile terminal, which is equipped with, supports wireless network of the present invention
The integrated software of other third-party applications such as the application program or game of authentication method or wireless network safety communication method is opened
It sends out kit (Software Dwbelopment Kit, SDK), the connection between application program or SDK and server uses
It is mobile whole after carrying out open system authentication between the access points of HTTPS+XML interface protocol, mobile terminal and server
Its identity information can be sent to server by access points by end, and server adds the identity information using private key
Close, mobile terminal is decrypted encrypted identity information using the public key of server, the identity obtained by judging decryption
Whether information is that the identity information of itself realizes the certification to server.
The embodiment of the invention provides a kind of authentication method of wireless network, wireless network includes: certification node and certification
Server, certification node prestore the first public key and the first private key, and certificate server prestores the second public key and the second private key, such as
Shown in Fig. 2, the authentication method of the wireless network includes:
Step S101: certification node sends the first identity information to certificate server;
Step S102: certificate server is using the second private key to the first identity information and certificate server for authenticating node
Second identity information is encrypted, and generates the first encryption information, which is sent to certification node;
Step S103: certification node is decrypted the first encryption information using the second public key, obtains the of certification node
Three identity informations;
Step S104: certification node judges whether tiers e'tat information is identical as the first identity information;
Step S105: when tiers e'tat information is identical as the first identity information, certification node determines to certificate server
Certification pass through;
Step S106: when tiers e'tat information and the first identity information be not identical, certification node determines to authentication service
The certification of device does not pass through.
S101 to step S106 through the above steps, the authentication method of wireless network provided in an embodiment of the present invention are realized
Certification of the certification node to certificate server, mobile terminal which holds take to certification
The authentication of business device accesses wireless network after passing through again, avoids after user logins the Wi-Fi network of forgery and causes personal letter
The leakage of breath and the property loss that can not be retrieved.
In a preferred embodiment, as shown in figure 3, the authentication method of wireless network provided in an embodiment of the present invention is authenticating
It further include authentication of the certificate server to certification node, specifically after node passes through the authentication of certificate server
Include:
Step S107: the of the certificate server that certification node obtains the first identity information and decryption using the first private key
Two identity informations are encrypted, and generate the second encryption information, and the second encryption information is sent to certificate server, wherein the
Two identity informations are that certification node is decrypted to obtain using the second public key to the first encryption information in above-mentioned steps S103;
Step S108: certificate server receives the second encryption information that certification node is sent, using the first public key to second
Encryption information is decrypted, and obtains the 4th identity information of certificate server;
Step S109: certificate server judges whether the 4th identity information and the second identity information are identical;
Step S1010: when the 4th identity information is identical as the second identity information, certificate server determines to certification node
Certification pass through;
Step S1011: when the 4th identity information and not identical the second identity information, certificate server determines to save certification
The certification of point does not pass through.
S107 to step S1011 through the above steps, the authentication method of wireless network provided in an embodiment of the present invention are realized
Certification of the certificate server to certification node again allows its to access wireless network after the authentication to certification node passes through
Network avoids unauthorized user access wireless network using Internet resources, protects the equity of authorized user.
The authentication method of S101 to step S1011 through the above steps, wireless network provided in an embodiment of the present invention are realized
Identity two-way identification between certification node and certificate server, to ensure that authenticating node and certification in wireless network takes
Device bi-directional transfer of data of being engaged in safety.
In a preferred embodiment, above-mentioned first encryption information is that certificate server uses the second private key to use SM2 algorithm
Second identity information of the first identity information and certificate server to certification node carries out encryption generation, above-mentioned tiers e'tat letter
Breath is decrypted to obtain using SM2 algorithm using the second public key for certification node to the first encryption information, above-mentioned second encryption letter
The second of the certificate server that breath obtains the first identity information and decryption using SM2 algorithm using the first private key for certification node
Identity information carries out encryption generation, and above-mentioned 4th identity information is certificate server using the first public key using SM2 algorithm to the
Two encryption information are decrypted to obtain.The embodiment of the present invention executes above-mentioned encrypt and decrypt operation using the close SM2 algorithm of state, not by
It is limited to external enciphering and deciphering algorithm, convenient for modifying to algorithm, improves the initiative of operation.
In a specific embodiment of the present invention, between certification node and certificate server further include: access points
(AP, Access Point) is authenticated and is carried out wireless communication between node and certificate server by access points.Specifically,
Before certification node and certificate server carry out the two-way authentication of identity, certification node and certificate server also carry out Open System
System certification, certification node send certification request information (EAPOL-Start, Extensible Authentication
Extensible Authentication Protocol of the Protocol Over LAN based on local area network) to access points, access points receive the certification and ask
Information is sought, sends identity request information (EAP-Request/Identity) to certification node, which includes visiting
Ask that the identity information of access point, certification node receive the identity request information, send identity response information (EAP-Response/
Identity) to access points, which includes the identity information for authenticating node, authenticates the identity information of node
Usually authenticate the MAC Address of node.On the other hand, when authenticating node and certificate server is communicated, access points
The information transmitted between certification node and certificate server is forwarded, that is, the information that node is sent will be authenticated and be forwarded to and recognized
Server is demonstrate,proved, the information that certificate server is sent is forwarded to certification node.
In a preferred embodiment, as shown in figure 4, through the above steps S101 to step S1011 realize certification node and
After two-way authentication between certificate server, the authentication method of wireless network provided in an embodiment of the present invention further include: generate
It the step of PMK key, specifically includes:
Step S201: certificate server is according to service set (SSID, the Service Set of corresponding access points
Identifier) and certification node and certificate server the first wildcard (PSK, pre-shared key) generate first
PMK (Pairwise Master Key, pairwise master key) key information, carries out the first PMK key information using the first public key
Encryption generates third encryption information, and the third encryption information is sent to certification node;
Step S202: certification node receives the above-mentioned third encryption information that certificate server is sent, and uses the first private key pair
Third encryption information is decrypted, and obtains the 3rd PMK key information;
Step S203: certification node judges that the second wildcard in the 3rd PMK key information and the first pre-share are close
Whether key is identical, when the second wildcard and not identical the first wildcard, step S204 is executed, when the second pre-share
When key is identical as the first wildcard, step S205 is executed;
Step S204: terminate the step of generating PMK key;
Step S205: certification node determines that the 3rd PMK key information is identical as the first PMK key information, is taken according to certification
The service set of the corresponding access points of device of being engaged in and the first wildcard of certification node and certificate server generate the
Two PMK key informations;
Step S206: certification node encrypts the 2nd PMK key information using the second public key, generates the 4th encryption letter
Breath, and the 4th encryption information is sent to certificate server;
Step S207: certificate server receives the 4th encryption information that certification node is sent, using the second private key to the 4th
Encryption information is decrypted, and obtains the 4th PMK key information;
Step S208: certificate server judges third wildcard and the first pre-share in the 4th PMK key information
Whether key is identical, when third wildcard and not identical the first wildcard, step S204 is executed, when third is pre- total
Enjoy key it is identical as the first wildcard when, execute step S209;
Step S209: certificate server determines that the 4th PMK key information is identical as the 2nd PMK key information, according to first
PMK key information and the 4th PMK key information generate PMK key information and PMK available information, store PMK key information, and will
PMK available information and PMK key information are sent to certification node;
Step S2010: certification node receives PMK available information and PMK key information that certificate server is sent, storage
PMK key information.
S201 to step S2010 through the above steps, the authentication method of wireless network provided in an embodiment of the present invention generate
PMK key information is simultaneously stored in certification node and certificate server, lays the foundation for the encryption key distribution of wireless network.
In a preferred embodiment, above-mentioned third encryption information is that certificate server uses the first public key to use SM2 algorithm
Encryption generation is carried out to the first PMK key information, above-mentioned 3rd PMK key information is that certification node is used using the first private key
SM2 algorithm obtains after third encryption information is decrypted, and above-mentioned 4th encryption information is that certification node is adopted using the second public key
Encryption generation is carried out to the 2nd PMK key information with SM2 algorithm, above-mentioned PMK available information and PMK key information are authentication service
Device using the second private key using SM2 algorithm the 4th encryption information is decrypted after according to the first PMK key information and the 4th PMK
Key information generates.The embodiment of the present invention executes above-mentioned encrypt and decrypt operation using the close SM2 algorithm of state, and it is additional to be not only restricted to state
Decipherment algorithm improves the initiative of operation convenient for modifying to algorithm.
The embodiment of the invention also provides a kind of wireless network safety communication method, wireless network includes: certification node, recognizes
Server is demonstrate,proved, certificate server is communicated by access points with certification node, as shown in figure 5, the wireless network secure
Communication means includes:
Step S301: wireless network is authenticated using the authentication method of wireless network in above-described embodiment;
Step S302: when certification passes through, certification node and access points are carried out using SM3 algorithm and SM4 algorithm
Encryption key distribution;
Specifically, access points generate the first random number, and the first random number is sent to certification node;Authenticate node
The second random number is generated, is deposited according to the first random number, the second random number and in the authentication method embodiment of above-mentioned wireless network
The PMK key information of storage generates the 2nd PTK (Pairwise Transient Key, pair temporal key) key information, uses
First 128 of 2nd PTK key information and using SM3 algorithm to the first random number and the second random number encryption, generate slender acanthopanax
Confidential information, and the 5th encryption information and the second random number are sent to access points;Access points according to the first random number,
Second random number and the PMK key information stored in the authentication method of above-mentioned wireless network generate the first PTK key information, make
With first 128 of the first PTK key information and using SM3 algorithm to the first random number and the second random number encryption, the 6th is generated
Encryption information, and judge whether the 6th encryption information and the 5th encryption information are identical;When the 6th encryption information and slender acanthopanax secret letter
Simultaneously, access points generate GTK according to the first PTK key information to manner of breathing (Group Transient Key organizes temporary key)
Key information encrypts GTK key information using 128~256 of the first PTK key information and using SM4 algorithm, generates and add
GTK key information after close, using first 128 of the first PTK key information and using SM3 algorithm to encrypted GTK key
Information encryption generates the 7th encryption information, and encrypted GTK key information and the 7th encryption information is sent to certification section
Point;Certification node adds encrypted GTK key information using first 128 of the 2nd PTK key information and using SM3 algorithm
It is close, the 8th encryption information is generated, and judge whether the 8th encryption information and the 7th encryption information are identical;When the 8th encryption information with
When 7th encryption information is identical, certification node is using 128~256 of the 2nd PTK key information and using SM4 algorithm to encryption
GTK key information decryption afterwards, obtains GTK key information, and generate cipher key acknowledgement message, uses the 2nd PTK key information
First 128 and using SM3 algorithm to cipher key acknowledgement message encrypt, generate the 9th encryption information, and by the 2nd PTK key information,
Cipher key acknowledgement message and the 9th encryption information are sent to access points;Before access points use the first PTK key information
128 and cipher key acknowledgement message is encrypted using SM3 algorithm, generates the tenth encryption information, and judge the tenth encryption information and the
Whether nine encryption information are identical;When the tenth encryption information is identical as the 9th encryption information, it is available that access points generate key
Information generates PTK key information according to the first PTK key information and the 2nd PTK key information, stores PTK key information and GTK
Key information, and PTK key information and key available information are sent to certification node;It authenticates node and receives PTK key information
With key available information, PTK key information and GTK key information are stored.
It should be noted that by the above-mentioned process for carrying out encryption key distribution to certification node and access points, certification section
Point and access points store PTK key information and GTK key information, wherein except the algorithm used is the close SM3 algorithm of state
Outside the close SM4 algorithm of state, remaining step is same as the prior art.Wireless network safety communication side provided in an embodiment of the present invention
Method uses the close SM4 algorithm of the close SM3 algorithm of state and state when carrying out encryption key distribution to certification node and access points, unrestricted
In external enciphering and deciphering algorithm, convenient for modifying to algorithm, the initiative of operation is improved.
Step S303: node and access points are authenticated using the key distributed in step S302 and use SM3 algorithm and SM4
Algorithm carries out data communication.
Specifically, it authenticates between node and access points and carries out data communication, when one of them is to Data Encryption Transmission
When to another, encrypted data are decrypted in another.
Wherein, ciphering process are as follows: generate the sequence number of be-encrypted data, sequence number circulation is incremented by, according to the sequence number
The header information of encryption data is generated, and third random number is generated according to sequence number and the MAC Address of sender;According to be encrypted
The frame header information of data generates the first additional authentication data (AAD, additional authentication data);According to
SSID and PTK key information generates the first temporary key;Using the first temporary key and using SM3 algorithm to the first Additional Verification
Data, third random number and MAC Service Data Unit (MSDU, MAC Service Data Unit) are encrypted, and generate the tenth
One encryption information;MAC Service Data Unit is encrypted using SM4 algorithm using the first temporary key, the 12nd is generated and adds
Confidential information;11st encryption information, the 12nd encryption information and SMx Header are packaged, encryption data is generated.
Decrypting process are as follows: the header information of encryption data is parsed, sequence number is obtained, and whether judges the sequence number
Meet progressive law, if the sequence number is unsatisfactory for progressive law, abandons the frame;If the sequence number meets progressive law, according to
SSID and PTK key information generates the second temporary key;The 4th random number is generated according to the MAC Address of sender and sequence number;
The second additional authentication data is generated according to the frame header information of encryption data;Using the second temporary key and use SM4 algorithm pair
MAC Service Data Unit is decrypted, the MAC Service Data Unit after being decrypted;Using the second temporary key and use SM3
Algorithm encrypts the second additional authentication data, the 4th random number, MAC Service Data Unit, generates the 13rd encryption information;
Judge whether the value of the 13rd encryption information equal with the value of the 11st encryption information;When the 13rd encryption information value with
When the value of 11st encryption information is equal, terminate decrypting process;When the value and the 11st encryption information of the 13rd encryption information
When being worth unequal, the frame is abandoned.
It should be noted that during above-mentioned certification node and access points carry out data communication, except the calculation of use
Method is outside the close SM4 algorithm of the close SM3 algorithm of state and state, remaining step is same as the prior art.It is provided in an embodiment of the present invention wireless
Secure communication of network method uses the close SM3 algorithm of state and the close SM4 of state when authenticating node and access points carry out data communication
Algorithm is not only restricted to external enciphering and deciphering algorithm, convenient for modifying to algorithm, improves the initiative of operation.
Wireless network safety communication method provided in an embodiment of the present invention, S301 is realized to wireless network through the above steps
The identity two-way identification of middle certification node and certificate server, S302, which is realized, through the above steps accesses certification node and access
The encryption key distribution of point, it is logical to realize that certification node and access points use the key of distribution to carry out data by S303 through the above steps
Letter improves the safety of wireless network data transmission, and since what is wherein used is national secret algorithm, is not only restricted to foreign countries
Enciphering and deciphering algorithm improves the initiative of operation convenient for modifying to algorithm.
The embodiment of the invention also provides a kind of authentication device of wireless network, wireless network includes: certification node and recognizes
Server is demonstrate,proved, certification node prestores the first public key and the first private key, and certificate server prestores the second public key and the second private key,
As shown in fig. 6, the authentication device of the wireless network includes: identity information sending module 1, for sending the first identity information to recognizing
Demonstrate,prove server;Encryption information receiving module 2, for receiving the first encryption information of certificate server transmission, the first encryption information
For certificate server using the second private key to certification node the first identity information and certificate server the second identity information into
Row encryption generates;Deciphering module 3 obtains the of certification node for the first encryption information to be decrypted using the second public key
Three identity informations, and judge whether tiers e'tat information is identical as the first identity information;Determination module 4, for working as tiers e'tat
When information is identical as the first identity information, judgement passes through the certification of certificate server.
The authentication device of wireless network provided in an embodiment of the present invention realizes certification node and recognizes certificate server
Card, the mobile terminal which holds access again after the authentication to certificate server passes through
Wireless network avoids the property damage that causes the leakage of personal information after user logins the Wi-Fi network of forgery and can not retrieve
It loses.
The embodiment of the invention also provides a kind of authentication device of wireless network, wireless network includes: certification node and recognizes
Server is demonstrate,proved, certification node prestores the first public key and the first private key, and certificate server prestores the second public key and the second private key,
As shown in fig. 7, the authentication device of the wireless network includes: identity information receiving module 5, for receiving certification node transmission
First identity information;Encryption information generation module 6, for using first identity information and certification of second private key to certification node
Second identity information of server is encrypted, and generates the first encryption information, and the first encryption information is sent to certification node.
The authentication device of wireless network provided in an embodiment of the present invention realizes certification node and recognizes certificate server
Card, the mobile terminal which holds access again after the authentication to certificate server passes through
Wireless network avoids the property damage that causes the leakage of personal information after user logins the Wi-Fi network of forgery and can not retrieve
It loses.
The embodiment of the invention also provides a kind of wireless network safety communication device, wireless network includes: certification node, recognizes
Server is demonstrate,proved, certificate server is communicated by access points with certification node, as shown in figure 8, the wireless network secure
Communication device includes: authentication module 7, for being recognized using the authentication method of wireless network in above-described embodiment wireless network
Card;Secret key distribution module 8, for when certification passes through, using SM3 algorithm and SM4 algorithm to certification node and access points
Carry out encryption key distribution;Data communication module 9 is calculated using key using SM3 algorithm and SM4 for authenticating node and access points
Method carries out data communication.
Wireless network safety communication device provided in an embodiment of the present invention is realized by above-mentioned authentication module to wireless network
The identity two-way identification of middle certification node and certificate server, is realized by above-mentioned secret key distribution module to certification node and access
The encryption key distribution of access point realizes that certification node and access points are counted using the key of distribution by data communication module
According to communication, the safety of wireless network data transmission is improved, and since what is wherein used is national secret algorithm, is not only restricted to
External enciphering and deciphering algorithm improves the initiative of operation convenient for modifying to algorithm.
The embodiment of the invention also provides a kind of electronic equipment, as shown in figure 9, the electronic equipment may include processor 10
With memory 11, wherein processor 10 can be connected with memory 11 by bus or other modes, to pass through bus in Fig. 9
For connection.
Processor 10 can be central processing unit (Central Processing Unit, CPU).Processor 10 can be with
For other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory 11 is used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, non-
Transient computer executable program and module, as the corresponding program of the authentication method of the wireless network in the embodiment of the present invention refers to
Order/module is (for example, identity information sending module 1 shown in fig. 6, encryption information receiving module 2, deciphering module 3 and determination module
4) the corresponding program instruction/module of wireless network safety communication method or in the embodiment of the present invention is (for example, shown in Fig. 8 recognize
Demonstrate,prove module 7, secret key distribution module 8 and data communication module 9).Processor 10 is stored in non-temporary in memory 11 by operation
State software program, instruction and module realize above-mentioned side thereby executing the various function application and data processing of processor
The authentication method or wireless network safety communication method of wireless network in method embodiment.
Memory 11 may include storing program area and storage data area, wherein storing program area can storage program area,
Application program required at least one function;It storage data area can the data etc. that are created of storage processor 10.In addition, storage
Device 11 may include high-speed random access memory, can also include non-transient memory, for example, at least a magnetic disk storage
Part, flush memory device or other non-transient solid-state memories.In some embodiments, it includes relative to place that memory 11 is optional
The remotely located memory of device 10 is managed, these remote memories can pass through network connection to processor 10.The reality of above-mentioned network
Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
One or more of modules are stored in the memory 11, when being executed by the processor 10, are executed
The authentication method or wireless network safety communication method as shown in Figure 5 of wireless network in embodiment as in Figure 2-4.
Above-mentioned electronic equipment detail can be corresponded to refering to associated description corresponding in embodiment shown in Fig. 2 to Fig. 5
Understood with effect, details are not described herein again.
It is that can lead to it will be understood by those skilled in the art that realizing all or part of the process in above-described embodiment method
Computer program is crossed to instruct relevant hardware and complete, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for magnetic disk,
CD, read-only memory (Read-Only Memory, ROM), random access memory (Random Access
Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk
(Solid-State Drive, SSD) etc.;The storage medium can also include the combination of the memory of mentioned kind.
Although being described in conjunction with the accompanying the embodiment of the present invention, those skilled in the art can not depart from the present invention
Spirit and scope in the case where various modifications and variations can be made, such modifications and variations are each fallen within by appended claims institute
Within the scope of restriction.