CN109525992A - Connection is established, machinery of consultation and device are established in connection - Google Patents
Connection is established, machinery of consultation and device are established in connection Download PDFInfo
- Publication number
- CN109525992A CN109525992A CN201710847993.XA CN201710847993A CN109525992A CN 109525992 A CN109525992 A CN 109525992A CN 201710847993 A CN201710847993 A CN 201710847993A CN 109525992 A CN109525992 A CN 109525992A
- Authority
- CN
- China
- Prior art keywords
- security configuration
- request
- target
- connection
- sta
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/14—Access restriction or access information delivery, e.g. discovery data delivery using user query or user detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Abstract
The present invention provides a kind of connections to establish, machinery of consultation and device are established in connection; wherein; the connection method for building up includes: when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP is not belonging to the blacklist safeguarded in advance, and the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;The negotiation response message that the target AP is returned is received in the given time, wherein, security configuration information is carried in the negotiation response message, connection is established according to the security configuration information and the target AP, solve the problems, such as in the related technology kiss routing is foolproof quickly access hot spot by way of there are Wi-Fi link is unsafe, simplify user connect hot spot operation, promote ease for use while ensure the safety of Wi-Fi link.
Description
Technical field
The present invention relates to the communications fields, establish in particular to a kind of connection, machinery of consultation and device are established in connection.
Background technique
It is a kind of commercial verification in Wireless Fidelity (Wireless fidelity, Wi-Fi) technical spirit, recognizes with Wi-Fi
The product of card meets the serial specifications for wireless networks of IEEE 802.11, it is the most commonly used standard of current application in Wi-Fi.?
In global range, the Wi-Fi based on Wi-Fi technology is increasingly widespread, and coverage area is also more and more extensive, Wi-Fi with its from
More and more people are become by unlimited glamour.Instantly, either family, office or various public arenas, user are intended to
Access Wi-Fi network is to promote network speed and save flow.
The medium of wireless network is open, it means that attacker can be easily stealthy in this medium, in order to
Guarantee the safety of information transmission in Wi-Fi network, IEEE 802.11 requires work station (STA) must be really before transmission frame
Recognize identity.
Fig. 1 is according to the schematic diagram of system identity verifying exchange process in the related technology, as shown in Figure 1,802.11 is fixed
The process of the open system authentication of justice is shown in Fig. 1, is authentication request by first frame that STA is issued
(authentication request) management frame, wireless access point AP respond authentication and respond (authentication
Response) management frame.In open network, management frame and data are all not encrypted namely any in this Wi-Fi model
Equipment in enclosing can intercept and capture the data in communication, so as to cause serious security risk.
802.11b provides WEP (Wired Equivalent Privacy) cipher mode based on shared key, but
WEP encryption has been cracked.Then, a kind of Wi-Fi safety of measured interoperable enhances solution WPA (Wi-Fi
Protected Access) it is suggested, but good times don't last long, and the safety problem of WPA gradually exposes.After this, in 802.11i
Defining the plus versions of WPA --- WPA2 uses CCM (Counter-Mode/CBC-MAC) authentication mode and AES
(Advanced Encryption Standard) Encryption Algorithm, strengthens the safety of WLAN and the guarantor to user information
Shield.
When in order to simplify connection AP, the configuration of the side AP and the work of the side STA, Beijing Nan Bao Science and Technology Ltd. was in 2014
A wireless router kisslink that October 28 was formally externally issued, also known as kiss routing are in American blend
keewifi;This product is raised in Jingdone district crowd and obtains 4255435 yuan, and completeness is up to 21277% good result;This product
CES in 2015 is also logged in, and obtains the social recommendation of the father Matthew Gast of Wi-Fi.The leading attraction of this product is " kiss
Routing, a kiss just connects ", beat greatly fool's board " line that plugs in plugs cable, be you it is to be understood that all configurations;From this
Forget about password, get rid of loiter network worry, only need kiss it just can possess it is all ".Technically, it declares complete using near field authentication techniques
It is automatic to realize hardware encryption, so that user is no longer manually entered password as before and authenticates.
The so-called near field authentication techniques of this product, be exactly in fact refer to router top windowing be partially submerged into one it is close
Sensor, Fig. 2 is the schematic diagram according to the principle that kiss routing connection in the related technology, as shown in Fig. 2, connection procedure is: using
The Wi-Fi setting on mobile phone is opened at family, is viewed the open hot spot of the entitled KSLINK***** of SSID, is clicked connection;
Router will receive from mobile phone send connection request (Association request), but because
The special designing of Kisslink router, will not make an immediate response connection request, but need the notice of equal authentication modules;
In effective time interval, by (kiss) router top on mobile phone sticker, such proximity sensor will receive object
The close signal of body is judged as that equipment access authentication passes through accordingly, is transmitted to connection request of the link block response from mobile phone
(Association Response), and complete to connect;Consider message delay and have the possibility of loss, Wi-Fi product is generally real
Have interval retransmission mechanism to Association request on now, as long as namely during this period complete kiss routing certification all may be used
It is more than that timeliness touches then connection failure to complete connection.
From above-mentioned steps as can be seen that Kisslink chooses the easy way out, place is that IEEE802.11 agreement, which is utilized, does not define road
By the processing rule of device side Association request message, and helped using the waiting interval of the message and retransmission mechanism
Help the access authentication of completion " hardware mode ".And other users, even if you can see the open heat of this KSLINK*****
Point, but if cannot complete to touch with panel close to the router, then the open hot spot can not be connected.
The convenience of this product is self-evident, simplifies user while increasing access right protection and connects hot spot
Step, disadvantage are also obviously, to be somebody's turn to do although limiting unauthorized user access by the process for changing router side
Hot spot, but have not been changed the safety of the link of open network --- link protection not encrypted, wireless channel can be any
People, which intercepts, to monitor.Although Kisslink can establish two wireless networks after opening routing automatically, one be no password name
For the wireless network of KSLINK****, the other is there is the wireless network of the entitled KSLINK****X of password, Fig. 3 is according to phase
The schematic diagram for the SSID that kiss routing in the technology of pass generates, as shown in figure 3, be only with " X " ending network being to need by mobile phone
APP cooperation could use, and compare just with the method for conventional connection hot spot without clear superiority in this way.
However, in the related technology kiss routing it is foolproof quickly access hot spot by way of there are Wi-Fi links not
The problem of safety, not yet provides perfect solution.
Summary of the invention
The embodiment of the invention provides a kind of connections to establish, machinery of consultation and device are established in connection, at least to solve correlation
In technology kiss routing it is foolproof quickly access hot spot by way of there are the unsafe problems of Wi-Fi link.
According to one embodiment of present invention, a kind of connection method for building up is provided, comprising:
It is not belonging in advance when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP
When the blacklist of maintenance, Xiang Suoshu AP sends Wireless Fidelity protection setting (Wi-Fi Protected Setup, referred to as WPS)
Security configuration negotiate request;
The negotiation response message that the target AP is returned is received in the given time, wherein in the negotiation response message
Security configuration information is carried, the negotiation response message is that the target AP determines that responding the safety matches according to predetermined policy
Set transmission after negotiating request;
Connection is established according to the security configuration information and the target AP.
Optionally, before the security configuration for sending WPS to the AP negotiates request, the method also includes:
The AP information in preset range is scanned, the AP information preservation that scanning is obtained is into scan list;
By the AP in scan list according to signal strength by being just ranked up;
First AP of sorting is determined as the target AP.
Optionally, by the AP in scan list according to signal strength by before being just ranked up, the method is also wrapped
It includes:
Inquire the blacklist safeguarded in advance;
AP present in blacklist is deleted from the scan list.
Optionally, after the security configuration for sending WPS to the AP negotiates request, the method also includes:
If not receiving the negotiation response message that the target AP is returned within the predetermined time, the target AP is tieed up
It protects in the blacklist.
According to another embodiment of the invention, it additionally provides a kind of connect and establishes machinery of consultation, comprising:
The security configuration for the Wireless Fidelity protection setting WPS that receiving workstation STA is sent negotiates request, wherein the peace
Full configuring negotiation request is the STA when the signal strength for detecting wireless access point AP is greater than the first preset threshold and the AP
It is not belonging to send when the blacklist safeguarded in advance;
It determines that responding the security configuration negotiates request according to predetermined policy, and is returned to the STA and negotiate response message,
Wherein, security configuration information is carried in the negotiation response message, the security configuration information is established for the STA to be connected
It connects.
Optionally, determine that responding the security configuration negotiation request packet includes following one according to predetermined policy:
Whether the signal strength for detecting the STA is greater than the second preset threshold, in the case where testing result, which is, is, determines
It responds the security configuration and negotiates request;
It is authenticated by the finger print information of acquisition, in the case where the authentication is passed, determines and respond the security configuration association
It consults and request and asks;
PBC button is set by the button of mobile terminal and determines that responding the security configuration negotiates request.
According to another embodiment of the invention, it additionally provides a kind of connect and establishes device, comprising:
Sending module, for being greater than the first preset threshold and described when the signal strength that detect target wireless access points AP
When AP is not belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
First receiving module, the negotiation response message returned for receiving the target AP in the given time, wherein institute
It states and negotiates to carry security configuration information in response message, the negotiation response message is that the target AP is true according to predetermined policy
Security configuration described in provisioning response negotiates what request was sent later;
Link block, for establishing connection according to the security configuration information and the target AP.
Optionally, described device further include:
Scan module, for scanning in preset range before negotiating request in the security configuration for sending WPS to the AP
AP information, the AP information preservation that scanning is obtained is into scan list;
Sorting module, for by the AP in scan list according to signal strength by being just ranked up;
Determine object module, first AP is determined as the target AP for will sort.
Optionally, described device further include:
Enquiry module, for the AP in scan list is pre- by inquiring before being just ranked up according to signal strength
The blacklist first safeguarded;
Removing module, for deleting AP present in blacklist from the scan list.
Optionally, described device further includes;
Maintenance module, after negotiating request in the security configuration for sending WPS to the AP, if in the predetermined time
It does not receive the negotiation response message that the target AP is returned inside, the target AP is maintained into the blacklist.
According to another embodiment of the invention, it additionally provides a kind of connect and establishes consulting device, comprising:
Second receiving module, the security configuration association for the receiving workstation STA Wireless Fidelity protection setting WPS sent
It consults and request and asks, wherein it is the STA when the signal strength that detect wireless access point AP is greater than that the security configuration, which negotiates request,
What one preset threshold and the AP were not belonging to send when the blacklist safeguarded in advance;
Determining module for determining that responding the security configuration negotiates request according to predetermined policy, and is returned to the STA
Negotiate response message, wherein security configuration information is carried in the negotiation response message, the security configuration information is used for institute
It states STA and establishes connection.
Optionally, the determining module, is also used to
Whether the signal strength for detecting the STA is greater than the second preset threshold, in the case where testing result, which is, is, determines
It responds the security configuration and negotiates request;
It is authenticated by the finger print information of acquisition, in the case where the authentication is passed, determines and respond the security configuration association
It consults and request and asks;
PBC button is set by the button of mobile terminal and determines that responding the security configuration negotiates request.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, the storage medium includes storage
Program, wherein described program executes method described in any of the above embodiments when running.
According to still another embodiment of the invention, a kind of processor is additionally provided, the processor is used to run program,
In, described program executes method described in any of the above embodiments when running.
Through the invention, when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP
When being not belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;?
The negotiation response message that the target AP is returned is received in predetermined time, wherein carry safety in the negotiation response message
Configuration information establishes connection according to the security configuration information and the target AP, solves in the related technology through kiss routing
There are the unsafe problems of Wi-Fi link for the foolproof mode for quickly accessing hot spot, connect hot spot operation, promotion simplifying user
The safety of Wi-Fi link is ensured while ease for use.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram according to system identity verifying exchange process in the related technology;
Fig. 2 is the schematic diagram according to kiss routing connection in the related technology;
Fig. 3 is the schematic diagram of the SSID generated according to kiss routing in the related technology;
Fig. 4 is the flow chart of connection method for building up according to an embodiment of the present invention;
Fig. 5 is the schematic diagram of AP scenario simulation according to an embodiment of the present invention;
Fig. 6 is the signal of the scanning result of STA according to an embodiment of the present invention;
Fig. 7 is the spectrogram of AP signal strength according to an embodiment of the present invention;
Fig. 8 is the structural block diagram of STA according to an embodiment of the present invention;
Fig. 9 is the structural block diagram of AP according to an embodiment of the present invention;
Figure 10 is the flow chart that STA according to an embodiment of the present invention and AP establish connection;
Figure 11 is the flow chart according to an embodiment of the present invention for connecting and establishing machinery of consultation;
Figure 12 is the flow chart that AP according to an embodiment of the present invention and STA carries out security configuration negotiation;
Figure 13 is the block diagram according to an embodiment of the present invention for connecting and establishing device;
Figure 14 is the block diagram according to an embodiment of the present invention for connecting and establishing consulting device.
Specific embodiment
Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and in combination with Examples.It should be noted that not conflicting
In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.
Embodiment 1
A kind of connection method for building up is provided in the present embodiment, and Fig. 4 is connection foundation side according to an embodiment of the present invention
The flow chart of method, as shown in figure 4, the process includes the following steps:
Step S402, when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP not
When belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
Step S404 receives the negotiation response message that the target AP is returned in the given time, wherein the negotiation is rung
It answers and carries security configuration information in message, the negotiation response message is the target AP according to the determining response institute of predetermined policy
It states security configuration and negotiates what request was sent later;
Step S406 establishes connection according to the security configuration information and the target AP.
Through the above steps, when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and described
When AP is not belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
The negotiation response message that the target AP is returned is received in the given time, wherein carries peace in the negotiation response message
Full configuration information establishes connection according to the security configuration information and the target AP, solves in the related technology through kiss road
By the foolproof mode for quickly accessing hot spot, there are the unsafe problems of Wi-Fi link, are simplifying the operation of user's connection hot spot, are mentioning
The safety of Wi-Fi link is ensured while rising ease for use.
In the embodiment of the present invention, before the security configuration for sending WPS to the AP negotiates request, the method is also wrapped
It includes: determining the target AP, can determine in the following manner: the AP information in scanning preset range, the AP that scanning is obtained
Information preservation is into scan list;By the AP in scan list according to signal strength by being just ranked up;It will sort first
AP is determined as the target AP.
In an alternative embodiment, by the AP in scan list according to signal strength by being just ranked up it
Before, the method also includes: the blacklist that inquiry is safeguarded in advance;AP present in blacklist is deleted from the scan list
It removes.Blacklist strategy be in order to filter the AP for not supporting this mechanism, in order to avoid choose every time this AP cause connection always not at
Function.
Optionally, after the security configuration for sending WPS to the AP negotiates request, the method also includes;
If not receiving the negotiation response message that the target AP is returned within the predetermined time, the target AP is tieed up
It protects in the blacklist.
It is actively sent out to the AP close to AP when the side STA monitors the signal strength of certain AP more than pre-determined threshold in the side STA
The security configuration for playing WPS negotiates request;Correspondingly, the side AP judges that decision is by strategy after the negotiation request for receiving STA
No response negotiation request;When AP decision passes through, then negotiation request can be responded, so that STA and AP enter the negotiation of WPS security configuration
Process;After negotiation, the security configuration information that STA is got according to negotiations process initiates the connection with AP again, establishes WPA2
The connection of secured fashion.This process inputs hot spot password without user, and the triggering of connection can pass through distance controlling.
Radio wave signal will receive the outer barriers such as environmental factor such as load bearing wall, metal product, electromagnetic interference, and penetrate
The influence of the hardware multiple factors such as frequency chip, power amplifier, antenna.Actual in use, distance and blocking for wall are to influence nothing
The principal element of line electric wave signal intensity.
Fig. 5 is the schematic diagram of AP scenario simulation according to an embodiment of the present invention, as shown in figure 5, in simulated scenario, in room
Between in 802 close to the position of AP802, the Wi-Fi signal list of STA1 search, Fig. 6 is sweeping for STA according to an embodiment of the present invention
The schematic diagram of result is retouched, as shown in fig. 6, further, using wireless near the signal detection tool detection AP802 of Wi-Fi
Signal can obtain the AP information list of the position current environment, as shown in table 1.
Table 1
It is standardized according to Wi-Fi, AP can be interfered with each other with configuration work on different orthogonal channel with reducing, if by table 1
AP information presented in the form of spectrogram, Fig. 7 is the spectrogram of AP signal strength according to an embodiment of the present invention, such as Fig. 7 institute
Show, in the position of STA1, the signal strength of AP802 is most strong.Although changing with factors such as environment, the signal strength of different AP may
Certain fluctuating is had, but is influenced limited.According to actual measurement, as long as STA1 is received apart from close enough AP802, STA1 comes from AP802
Signal strength significantly more than other AP in ambient enviroment.
Fig. 8 is the structural block diagram of STA according to an embodiment of the present invention, as shown in figure 8, STA of the present invention is mainly wrapped
It includes with lower module:
Antenna: for sending/receiving radio wave, realize that STA and AP etc. sets the wireless communication between Wi-Fi equipment;
RF unit: the functions such as frequency conversion, function amplification are executed;
Baseband signal processing unit: the physical layer protocol based on IEEE802.11 series of canonical executes the control of modulation /demodulation
Unit;
Specifically include modulation module, demodulation module, intensity of radio wave detection module;
Protocol control units: being based on IEEE802.11 series of canonical, controls and connects to external equipment transmission message frame and processing
Receive the message frame from external equipment;
It specifically includes:
It scans management module: being responsible for management frame Beacon and Probe Response of the parsing from AP, detect and record
Surrounding can use AP list;
Tactful configuration module: being supplied to user controllable interface, and the decision threshold value of default is adjusted for user;
Policy decision module: the AP information of current environment is obtained from scanning management module, when the signal strength of AP reaches pre-
When gating limit value, the blacklist safeguarded in query strategy decision-making module, selection is not in blacklist and the highest AP of signal strength
As linking objective, the security configuration information for notifying connection management module to start to target AP is negotiated;
Meanwhile receive the processing result from WPS functional module, record for multiple WPS negotiate time-out AP, by itself plus
Enter blacklist;
WPS functional module: receiving the notice of connection management module, is responsible for carrying out safe match according to the processing of WPS normal process
The negotiation of confidence breath, and negotiation result is passed into connection management module and tactful monitoring modular;
Connection management module: being responsible for the connection status of management STA, receives the connection request from policy decision module, and
WPS functional module is sent to by instruction is negotiated to the security configuration information of target AP;Receive the negotiation knot from WPS functional module
Fruit, the security configuration information obtained using WPS process initiate the connection to target AP, and by connection result timely update to
Family;
User's display unit: the user interactive module of STA is responsible for receiving user's operation, while current function is presented to user
The status information of energy.
Fig. 9 is the structural block diagram of AP according to an embodiment of the present invention, as shown in figure 9, AP described in the embodiment of the present invention its
Device mainly comprises the following modules:
Antenna element, RF unit, baseband signal processing unit: it is acted on and process flow is identical as STA;
Tactful configuration module: tactful configuration module is responsible for building the special access strategy of control AP, can preset some rule confessions
Selection, default use signal strength;This module optionally, such as without this module, then implemented according to default mechanism by policy decision module
Detection;The advantages of being equipped with this module is to be able to satisfy the needs of different scenes using unified approach.
Whether connection management module: receiving the WPS from STA and negotiate request, allow to respond to the inquiry of tactful detection module
Negotiate request;If detection passes through, then notifies the WPS request of WPS functional module response STA, negotiated with entering WPS security configuration
Process;
The current connection of hot spot is managed, the connection request from STA is received and processed;
Tactful detection module: it according to the strategy of setting, monitors whether to reach policy condition, and court verdict is notified to connect
Management module;
WPS functional module: it is responsible for receiving the notice from connection management module, the security configuration of WPS is carried out according to standard
Information reconciliation process, and pass the result to connection management module and tactful monitoring modular;
Referring to Fig. 9, emphasis of the embodiment of the present invention illustrates that Innovation Process is related to and newly-increased the incidence relation of intermodule
Module.
Figure 10 is the flow chart that STA according to an embodiment of the present invention and AP establish connection, as shown in Figure 10, comprising:
Step S1001, STA1 collect the information of surrounding AP by scanning, and scanning result is notified policy decision module;
Step S1002, policy decision module obtain signal threshold value from tactful configuration module first;Secondly, detection reports
AP scan list in, if having signal strength be more than predetermined threshold value AP;If any the one or more of the super threshold value of record
Otherwise AP ignores and this time reports into next step;
Step S1003, optionally, policy decision module inquire the black name safeguarded according to one or more AP of record
It is single, AP existing for blacklist is rejected from record;AP if there is the condition that meets exists, then enters in next step, otherwise ignore this
It is secondary to report;
Step S1004 judges whether there is the AP of the condition of satisfaction, in the case where judging structure to be, executes step
Otherwise S1005 terminates;
Step S1005, selection meets aforementioned testing conditions, and the highest AP of signal strength, as linking objective, notice connects
Connect the security configuration information negotiation that management module starts to the AP;Connection management module notifies WPS functional module, starts to target
The WPS security configuration information of AP is negotiated;
Step S1006, WPS functional module is initiated to the negotiation of target AP to request, and the side AP is waited to respond;
Such as in 2 minutes the overtime duration of definition (WPS specification), STA1 has received negotiation and receives the response, then STA1 according to
The message process and target AP interaction security configuration information of WPS specification definition, pass the result to connection management after negotiation
Module enters step S1008;
Such as in 2 minutes, STA1 does not receive negotiation and receives the response, then enters step S1007;
Step S1007 updates blacklist;
Step S1008 completes security configuration information and negotiates;
Step S1009, connection management module use target AP security configuration information, according to the connection process of standard with
WPA2 secured fashion initiates the connection for arriving target AP;
Step S1010 waits the connection request of AP response STA, and the connection management module of STA1 is responsible for and AP interaction is completed
This time connection processing, and give result notice to user's display unit;
Result is notified user by user's display unit by the connection management module of step S1011, STA1, and process terminates;
Optionally, policy decision module receives target AP negotiation request timed out message, keeps a record to the AP, according to certain
Policy Updates blacklist, it is time-out 3 times such as continuous, then it is assumed that AP does not support mechanism of the present invention, to jump automatically in follow-up decision process
It crosses, process terminates;
Embodiment 2
According to another embodiment of the invention, it additionally provides a kind of connect and establishes machinery of consultation, Figure 11 is according to this hair
The flow chart of machinery of consultation is established in the connection of bright embodiment, and as shown in figure 11, which includes the following steps:
The security configuration for the Wireless Fidelity protection setting WPS that step S1102, receiving workstation STA are sent negotiates request,
In, it is the STA when the signal strength for detecting wireless access point AP is greater than the first default threshold that the security configuration, which negotiates request,
What value and the AP were not belonging to send when the blacklist safeguarded in advance;
Step S1104 determines that responding the security configuration negotiates request according to predetermined policy, and returns and assist to the STA
Quotient's response message, wherein security configuration information is carried in the negotiation response message, the security configuration information is for described
STA establishes connection.
Optionally, determine that responding the security configuration negotiation request packet includes following one according to predetermined policy: described in detection
Whether the signal strength of STA is greater than the second preset threshold, in the case where testing result, which is, is, determines and responds the security configuration
Negotiate request;
It is authenticated by the finger print information of acquisition, in the case where the authentication is passed, determines and respond the security configuration association
It consults and request and asks;
PBC button is set by the button of mobile terminal and determines that responding the security configuration negotiates request.
Figure 12 is the flow chart that AP according to an embodiment of the present invention and STA carries out security configuration negotiation, as shown in figure 12, packet
It includes:
Step S1202, after the WPS that AP1 receives STA1 negotiates request, notification strategy detection module is made decisions;
Step S1204, strategy check whether the signal strength of module detection STA1 meets preset threshold value, such as reach,
Downstream is then entered by judgement, otherwise ignores request, process terminates;
Step S1206, WPS functional module responds the WPS request of STA1, completes the negotiations process of WPS security configuration.
In the above-described embodiments, the specific rules of step S1204 have following optinal plan, can pass through tactful configuration module
It is configured, default recommendation uses signal strength:
1) side AP makes a decision with reference also to the signal strength of STA namely the side AP needs a preset thresholding, when AP is supervised
When measuring the signal strength for sending the STA of the request more than its preset value, the security configuration for responding STA negotiates request;
2) AP also includes the case where that terminal device does mobile hot spot, thus the existing hardware that can use terminal device is completed
Authentication, such as fingerprint --- the confirmation that security configuration negotiates response is carried out by the fingerprint of user after receiving the request;
3) the physical button scheme of compatible Wi-Fi Alliance specification definition, can all have on many routers on the market by
(Push Button Configuration, referred to as PBC) key button is arranged in button, is pacified by pressing entity button
The confirmation of full configuring negotiation response;
Further, after AP1 receives the connection request that STA1 is initiated, connection request is handled according to normal process;It completes
Connection terminates process.
For the side AP, WPS requests Processing Example and connection procedure embodiment is two independent streams for the side AP
Journey, triggering entrance are all initiated by the side STA.
In embodiment described in the invention, doing change is mainly to trigger WPS according to signal strength in STA equipment
Security configuration is negotiated and the decision process requested is negotiated in the response of the side AP;And used WPS negotiates request in the process, connection is asked
The definition for following IEEE802.11 series standard specification such as ask, any transformation do not done to message format, thus it is compatible other not
Support AP, the STA equipment of this scheme.For example, the AP that this scheme is not used will not respond request after STA1 issues WPS request,
So connection of STA1 is naturally unsuccessful;For example, still keeping original connection flow when STA2 connects AP in a manner of inputting password
Journey is not influenced by of the invention.
In the related technology, user to AP firstly the need of configuring or check its password;STA connection AP needs later
Input password.Through the embodiment of the present invention, user no longer needs to pay close attention to the configuration of AP, also needs not look at current set close
Code, but after the Wi-Fi function of STA is opened, it completes to connect by close-target AP simply by by STA, namely by space
Identity validation scheme substitute traditional authentication scheme based on password.Jie of this process due to not needing user
Enter, user's direct feel is proximate to after AP, and STA and target AP have been successfully established Wi-Fi connection.
Embodiment 3
According to another embodiment of the invention, it additionally provides a kind of connect and establishes device, Figure 13 is real according to the present invention
The block diagram of device is established in the connection for applying example, as shown in figure 13, comprising:
Sending module 132, for when detect target wireless access points AP signal strength be greater than the first preset threshold and
When the AP is not belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS is negotiated
Request;
First receiving module 134, the negotiation response message returned for receiving the target AP in the given time,
In, security configuration information is carried in the negotiation response message, the negotiation response message is the target AP according to predetermined
Strategy is determining to respond transmission after the security configuration negotiation is requested;
Link block 136, for establishing connection according to the security configuration information and the target AP.
Optionally, described device further include:
Scan module, for scanning in preset range before negotiating request in the security configuration for sending WPS to the AP
AP information, the AP information preservation that scanning is obtained is into scan list;
Sorting module, for by the AP in scan list according to signal strength by being just ranked up;
Determine object module, first AP is determined as the target AP for will sort.
Optionally, described device further include:
Enquiry module, for the AP in scan list is pre- by inquiring before being just ranked up according to signal strength
The blacklist first safeguarded;
Removing module, for deleting AP present in blacklist from the scan list.
Optionally, described device further includes;
Maintenance module, after negotiating request in the security configuration for sending WPS to the AP, if in the predetermined time
It does not receive the negotiation response message that the target AP is returned inside, the target AP is maintained into the blacklist.
Embodiment 4
According to another embodiment of the invention, it additionally provides a kind of connect and establishes consulting device, Figure 14 is according to this hair
The block diagram of consulting device is established in the connection of bright embodiment, as shown in figure 14, comprising:
Second receiving module 142, the security configuration for the receiving workstation STA Wireless Fidelity protection setting WPS sent
Negotiate request, wherein it is the STA when detecting that the signal strength of wireless access point AP is greater than that the security configuration, which negotiates request,
What the first preset threshold and the AP were not belonging to send when the blacklist safeguarded in advance;
Determining module 144, for determining that responding the security configuration negotiates request according to predetermined policy, and to the STA
It returns and negotiates response message, wherein carry security configuration information in the negotiation response message, the security configuration information is used
Connection is established in the STA.
Optionally, the determining module 144, is also used to
Whether the signal strength for detecting the STA is greater than the second preset threshold;
In the case where testing result, which is, is, determine that responding the security configuration negotiates request.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
Embodiment 5
The embodiments of the present invention also provide a kind of storage medium, which includes the program of storage, wherein above-mentioned
Program executes method described in any of the above embodiments when running.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store the journey for executing following steps
Sequence code:
S11 is not belonging to when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP
When the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
S12 receives the negotiation response message that the target AP is returned in the given time, wherein the negotiation response disappears
Security configuration information is carried in breath, the negotiation response message is the target AP according to the determining response of predetermined policy
Security configuration negotiates what request was sent later;
S13 establishes connection according to the security configuration information and the target AP.
Optionally, storage medium is also configured to store the program code for executing following steps:
The security configuration for the Wireless Fidelity protection setting WPS that S21, receiving workstation STA are sent negotiates request, wherein institute
State security configuration negotiate request be the STA when the signal strength that detect wireless access point AP be greater than the first preset threshold and
What the AP was not belonging to send when the blacklist safeguarded in advance;
S22 determines that responding the security configuration negotiates request according to predetermined policy, and returns to the STA and negotiate response
Message, wherein security configuration information is carried in the negotiation response message, the security configuration information is built for the STA
Vertical connection.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store program code such as disk, magnetic or disk.
Embodiment 6
The embodiments of the present invention also provide a kind of processor, the processor is for running program, wherein program operation
Step in Shi Zhihang any of the above-described method.
Optionally, in the present embodiment, above procedure is for executing following steps:
S31 is not belonging to when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP
When the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
S32 receives the negotiation response message that the target AP is returned in the given time, wherein the negotiation response disappears
Security configuration information is carried in breath, the negotiation response message is the target AP according to the determining response of predetermined policy
Security configuration negotiates what request was sent later;
S33 establishes connection according to the security configuration information and the target AP.
Optionally, above procedure is also used to execute following steps:
The security configuration for the Wireless Fidelity protection setting WPS that S41, receiving workstation STA are sent negotiates request, wherein institute
State security configuration negotiate request be the STA when the signal strength that detect wireless access point AP be greater than the first preset threshold and
What the AP was not belonging to send when the blacklist safeguarded in advance;
S42 determines that responding the security configuration negotiates request according to predetermined policy, and returns to the STA and negotiate response
Message, wherein security configuration information is carried in the negotiation response message, the security configuration information is built for the STA
Vertical connection.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in two computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or the step of description, perhaps they are fabricated to each integrated circuit modules or by two of which module or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc.
With replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of connection method for building up characterized by comprising
It is not belonging to safeguard in advance when the signal strength for detecting target wireless access points AP is greater than the first preset threshold and the AP
Blacklist when, Xiang Suoshu AP send Wireless Fidelity protection setting WPS security configuration negotiate request;
The negotiation response message that the target AP is returned is received in the given time, wherein is carried in the negotiation response message
There is security configuration information, the negotiation response message is that the target AP determines that responding the security configuration assists according to predetermined policy
Consult and request transmission after asking;
Connection is established according to the security configuration information and the target AP.
2. the method according to claim 1, wherein negotiating request in the security configuration for sending WPS to the AP
Before, the method also includes:
The AP information in preset range is scanned, the AP information preservation that scanning is obtained is into scan list;
By the AP in scan list according to signal strength by being just ranked up;
First AP of sorting is determined as the target AP.
3. according to the method described in claim 2, it is characterized in that, by the AP in scan list according to signal strength by height
Before being ranked up, the method also includes:
Inquire the blacklist safeguarded in advance;
AP present in blacklist is deleted from the scan list.
4. according to the method described in claim 3, it is characterized in that, negotiating request in the security configuration for sending WPS to the AP
Later, the method also includes:
If not receiving the negotiation response message that the target AP is returned within the predetermined time, the target AP is maintained into
In the blacklist.
5. machinery of consultation is established in a kind of connection characterized by comprising
The security configuration for the Wireless Fidelity protection setting WPS that receiving workstation STA is sent negotiates request, wherein the safety is matched
It sets and negotiates to request to be the STA when the signal strength for detecting wireless access point AP is greater than the first preset threshold and the AP does not belong to
It is sent when the blacklist safeguarded in advance;
It determines that responding the security configuration negotiates request according to predetermined policy, and is returned to the STA and negotiate response message,
In, security configuration information is carried in the negotiation response message, the security configuration information establishes connection for the STA.
6. according to the method described in claim 5, negotiating it is characterized in that, being determined according to predetermined policy and responding the security configuration
Request includes following one:
Whether the signal strength for detecting the STA is greater than the second preset threshold, in the case where testing result, which is, is, determines response
The security configuration negotiates request;
It is authenticated by the finger print information of acquisition, in the case where the authentication is passed, determines that responding the security configuration negotiation asks
It asks;
PBC button is set by the button of mobile terminal and determines that responding the security configuration negotiates request.
7. device is established in a kind of connection characterized by comprising
Sending module, for being greater than the first preset threshold and the AP not when the signal strength for detecting target wireless access points AP
When belonging to the blacklist safeguarded in advance, the security configuration that Xiang Suoshu AP sends Wireless Fidelity protection setting WPS negotiates request;
First receiving module, the negotiation response message returned for receiving the target AP in the given time, wherein the association
Security configuration information is carried in quotient's response message, the negotiation response message is that the target AP is rung according to predetermined policy is determining
It is sent after answering the security configuration to negotiate request;
Link block, for establishing connection according to the security configuration information and the target AP.
8. consulting device is established in a kind of connection characterized by comprising
Second receiving module, the security configuration negotiation for the receiving workstation STA Wireless Fidelity protection setting WPS sent are asked
It asks, wherein it is the STA when the signal strength for detecting wireless access point AP is greater than first in advance that the security configuration, which negotiates request,
What if threshold value and the AP were not belonging to send when the blacklist safeguarded in advance;
Determining module for determining that responding the security configuration negotiates request according to predetermined policy, and returns to the STA and negotiates
Response message, wherein security configuration information is carried in the negotiation response message, the security configuration information is for described
STA establishes connection.
9. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein when described program is run
Method described in any one of perform claim requirement 1 to 4,5 to 6.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require any one of 1 to 4,5 to 6 described in method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710847993.XA CN109525992A (en) | 2017-09-19 | 2017-09-19 | Connection is established, machinery of consultation and device are established in connection |
| PCT/CN2018/106505 WO2019057086A1 (en) | 2017-09-19 | 2018-09-19 | Connection establishment method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710847993.XA CN109525992A (en) | 2017-09-19 | 2017-09-19 | Connection is established, machinery of consultation and device are established in connection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109525992A true CN109525992A (en) | 2019-03-26 |
Family
ID=65769504
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710847993.XA Pending CN109525992A (en) | 2017-09-19 | 2017-09-19 | Connection is established, machinery of consultation and device are established in connection |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109525992A (en) |
| WO (1) | WO2019057086A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442377A (en) * | 2013-08-15 | 2013-12-11 | 福州瑞芯微电子有限公司 | Method for WPS session negotiation between WIFI module and plurality of APs at same time |
| CN103916856A (en) * | 2013-01-06 | 2014-07-09 | 华为终端有限公司 | Method for establishing wireless communication, user equipment and access point |
| CN104080148A (en) * | 2013-03-29 | 2014-10-01 | 华为终端有限公司 | Method and device for achieving rapid network connection |
| CN106170146A (en) * | 2016-07-14 | 2016-11-30 | 珠海市魅族科技有限公司 | Method for connecting network, network access equipment, wireless terminal and network connection system |
| CN106454841A (en) * | 2016-10-19 | 2017-02-22 | 青岛海信移动通信技术股份有限公司 | Wireless access point processing method and terminal |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101915314B1 (en) * | 2011-10-25 | 2018-11-07 | 삼성전자주식회사 | Method and apparatus for wi-fi connecting using wi-fi protected setup in a portable terminal |
| CN104540131B (en) * | 2015-01-13 | 2019-03-05 | 贺湘平 | A kind of authentication method based on wireless signal strength |
| CN104853448A (en) * | 2015-05-08 | 2015-08-19 | 乐视致新电子科技(天津)有限公司 | Method for automatically establishing wireless connection and device thereof |
-
2017
- 2017-09-19 CN CN201710847993.XA patent/CN109525992A/en active Pending
-
2018
- 2018-09-19 WO PCT/CN2018/106505 patent/WO2019057086A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103916856A (en) * | 2013-01-06 | 2014-07-09 | 华为终端有限公司 | Method for establishing wireless communication, user equipment and access point |
| CN104080148A (en) * | 2013-03-29 | 2014-10-01 | 华为终端有限公司 | Method and device for achieving rapid network connection |
| CN103442377A (en) * | 2013-08-15 | 2013-12-11 | 福州瑞芯微电子有限公司 | Method for WPS session negotiation between WIFI module and plurality of APs at same time |
| CN106170146A (en) * | 2016-07-14 | 2016-11-30 | 珠海市魅族科技有限公司 | Method for connecting network, network access equipment, wireless terminal and network connection system |
| CN106454841A (en) * | 2016-10-19 | 2017-02-22 | 青岛海信移动通信技术股份有限公司 | Wireless access point processing method and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019057086A1 (en) | 2019-03-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP3585422B2 (en) | Access point device and authentication processing method thereof | |
| CN106105134B (en) | Method and apparatus for improving end-to-end data protection | |
| JP5281128B2 (en) | WI-FI access method, access point, and WI-FI access system | |
| CN104168561B (en) | Hot spot configuration method, cut-in method and equipment in a kind of WLAN | |
| CN102869014A (en) | Terminal and data communication method | |
| WO2009000206A1 (en) | Method and system for access control of home node b | |
| US20140029512A1 (en) | Single-ssid and dual-ssid enhancements | |
| CN108012267A (en) | A kind of method for network authorization, relevant device and system | |
| JP6411629B2 (en) | Terminal authentication method and apparatus used in mobile communication system | |
| WO2013021094A1 (en) | Method, apparatus, and computer program product for connection setup in device-to-device communication | |
| CN107094293A (en) | A kind of device and method for obtaining WiFi terminal real MAC address | |
| US9794119B2 (en) | Method and system for preventing the propagation of ad-hoc networks | |
| JP2007535229A (en) | Re-selection method for wireless LAN in various types of networks | |
| CN106170146A (en) | Method for connecting network, network access equipment, wireless terminal and network connection system | |
| JP6476523B2 (en) | Wireless access point | |
| WO2021218878A1 (en) | Slice authentication method and apparatus | |
| US11895579B2 (en) | System and method of Wi-Fi offload in multi-SIM devices | |
| CN107567017A (en) | Wireless connection system, device and method | |
| CN107979864A (en) | Cut-in method, the apparatus and system of access point | |
| CN104469766A (en) | Terminal authentication method and device used in mobile communication system | |
| CN108419234A (en) | Wi-Fi Hotspot WPS connection methods and device | |
| CN105848154A (en) | Method for carrying out wireless identity authentication based on RSSI ranging | |
| CN101155106B (en) | Method and device for building WLAN security system | |
| CN109525992A (en) | Connection is established, machinery of consultation and device are established in connection | |
| KR102438713B1 (en) | Method and apparatus for changing AP in Wi-Fi IoT device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |