CN110061954A - A kind of encrypted transmission method based on WAPI - Google Patents

A kind of encrypted transmission method based on WAPI Download PDF

Info

Publication number
CN110061954A
CN110061954A CN201810216254.5A CN201810216254A CN110061954A CN 110061954 A CN110061954 A CN 110061954A CN 201810216254 A CN201810216254 A CN 201810216254A CN 110061954 A CN110061954 A CN 110061954A
Authority
CN
China
Prior art keywords
communication
wapi
communication module
equipment
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810216254.5A
Other languages
Chinese (zh)
Inventor
彭涛
茅卫华
王勇
常体
王均海
解海红
周运良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Boluomi Communication Technology Co Ltd
Original Assignee
Nanjing Boluomi Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Boluomi Communication Technology Co Ltd filed Critical Nanjing Boluomi Communication Technology Co Ltd
Priority to CN201810216254.5A priority Critical patent/CN110061954A/en
Publication of CN110061954A publication Critical patent/CN110061954A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

Present invention relates particularly to a kind of encrypted transmission methods based on WAPI, and equipment and network are carried out preparatory classification first;Equipment is divided into main control module and communication module.Main control module is the equipment for needing to carry out network communication.Communication module is the encryption/decryption for being responsible for data and the equipment using protocol of wireless local area network and WAPI agreement and AP communication.Network is divided into network Intranet and outer net.Secondly it is connected by physical interface with encrypted card in communication module.In communication, communication data is sent to encrypted card, is responsible for data encryption and decryption work by encrypted card.Invention combines wireless local area network technology, WAPI agreement and encryption card apparatus, form a kind of new communication equipment, WAPI WLAN transmission application can be made in the occasion having higher requirements to data encryption using the technology, expand the range of WAPI WLAN application.Therefore this method and its equipment can be used for having the data communication occasion required compared with high safety.

Description

A kind of encrypted transmission method based on WAPI
Technical field
The present invention relates to network security transmission fields, and in particular to a kind of encrypted transmission method based on WAPI.
Background technique
Currently, being widely used to all trades and professions based on IEEE802.11 wireless local area network technology, China also proposes accordingly WAPI(Wireless LAN Authentication and Privacy Infrastructure based on the agreement is wireless Local area network identifies and confidentiality foundation structure) agreement, which is Chinese wireless LAN safety mandatory standard.
Then, due to the characteristic of radio transmission, so that data are easy to be acquired analysis, even if being protected using WAPI agreement Demonstrate,prove data safety, due to the Encryption Algorithm and process of WAPI be it is disclosed, still have a possibility that analyzed crack, some There is more high safety occasion, only rely on WAPI and guarantee data security, still has greater risk.
Therefore, a kind of encrypted transmission method based on WAPI is invented, can use existing wireless local area network technology, is applied The scene of Yu Yougeng high safety occasion, expands the use scope of the technology.
Summary of the invention
1, technical problem to be solved:
For problem set forth above, the present invention proposes a kind of encrypted transmission method based on WAPI, and this method is according to existing The characteristic of WAPI equipment and WLAN, and the hardware interface and software that need the equipment for carrying out encryption communication generally to have Interface, a solution of proposition have good versatility and scalability.
2, technical solution:
A kind of encrypted transmission method based on WAPI, it is characterised in that: the following steps are included:
Step 1: equipment and network are subjected to preparatory classification;Wherein equipment is divided into: main control module and communication module;The master Controlling module is the equipment for needing to carry out network communication;The communication module is to be responsible for encryption/decryption of data and using wireless The equipment of LAN protocol and WAPI agreement and AP communication;Network is divided into;Network Intranet and outer net;
Step 2: it is connected by physical interface with encrypted card in the communication module;In communication, communication data need to be sent to encryption Card is responsible for data encryption and decryption work by encrypted card.
It further, need to encrypted card Jing Guo communication module when step 2 includes that Intranet side data will pass through overseas publicity Data encryption is carried out, then is sent after WAPI, IEEE802.11 protocol processes by outer net side.
Further, IP packet encapsulation is carried out using IPSEC agreement in the communication module, uses NAT address mapping Technology realizes data in the transmission and routing of outer net side.
Further, the communication module uses bridge, that is, 802.1d agreement;The communication module uses USB port and master control Module connection;Or the communication module is communicated using ACM agreement and main control module;Or the communication module is connect using PHY Mouth is directly communicated with main control module between passing through using IEEE802.3 agreement.
3, the utility model has the advantages that
The present invention combines wireless local area network technology, WAPI agreement and encryption card apparatus, forms a kind of new communication equipment, makes WAPI WLAN transmission application can be made in the occasion having higher requirements to data encryption with the technology, expand the wireless office of WAPI The range of domain net application.Therefore this method and its equipment can be used for having the data communication occasion required compared with high safety.
Detailed description of the invention
Fig. 1 is the structure chart of communication module of the invention;
Fig. 2 is the work flow diagram of communication module of the invention.
Specific embodiment
The present invention is further illustrated with reference to the accompanying drawings and examples.
It is as shown in Fig. 1 the structure chart of the communication module in the present invention.Communication module includes USB port as seen from the figure Or Ethernet connects to connect with the main control module of network communication is needed;Communication module includes that SPI or SDIO interface is used for and adds Close cartoon letters;Communication module includes wireless lan interfaces wireless lan interfaces.When needing the data that encrypt by USB or PHY enters equipment, and equipment is handled the data of USB and PHY by bridge (802.1d agreement), and data that treated are passed through NAT address mapping is the address that can be transmitted through WLAN, using IPSEC and secrecy card encryption, finally by using WAPI agreement is wirelessly transmitted to AP.After needing data to be decrypted then by wireless receiving, through WAPI protocol processes, using IPSEC and crypto decryption, are the address of Intranet transmission by NAT address mapping, are finally sent to USB or PHY by bridge It is gone to main control device.
Communication module work flow diagram as shown in Fig. 2.Such as figure communication module starting after, first search for nearby AP, to AP into Row matches, and after successful match, implements WAPI authentication, after authenticating successfully, restarts IPSEC authentication, after IPSEC is authenticated successfully, leads to Believe that module turn-on data forwarding capability, main control module need the data encrypted that can be transmitted at this time by communication module.
It is further described below by way of an example:
One, hardware includes:
(this example uses a ARM9 chip to one piece of embedded board, and chip has USB-Slave for connecting with master control, has There is USB-Host interface to connect 802.11 chips to connect for WLAN), PC machine one, AP mono-, 100,000,000 cipher machines one Platform, server one.
Two, detailed process
The USB-Slave mouth of embedded board connects PC, and USB-ACM device drives are installed on PC, and embedded device, which intersects, to be compiled Translate installation software of the present invention.
Open configuration AP makes it support the access of the wireless terminal of WAPI agreement, and the Ethernet interface of AP equipment connects 100,000,000 cipher machines Outer network interface, network interface in server connection password machine.
Three, specific operation process:
Start embedded board, the SSID and password of the AP example A P setting that configuration development board software connects its needs.
Open embedded software described in the invention.
Embedded software is waited to connect upper AP by WAPI agreement;Embedded software is waited to establish and test with 100,000,000 cipher machines Demonstrate,prove the channel IPSEC.
Server is accessed from the end PC, it is through setting that the end PC, which can normally access server, at this time, and pass through the data of wireless transmission The data that standby upper encrypted card and 100,000,000 cipher machines encrypt.
Although the present invention has been described by way of example and in terms of the preferred embodiments, they be not it is for the purpose of limiting the invention, it is any ripe This those skilled in the art is practised, without departing from the spirit and scope of the invention, can make various changes or retouch from working as, therefore guarantor of the invention Shield range should be subject to what claims hereof protection scope was defined.

Claims (4)

1. a kind of encrypted transmission method based on WAPI, it is characterised in that: the following steps are included:
Step 1: equipment and network are subjected to preparatory classification;Equipment is divided into: main control module and communication module;The master control mould Block is the equipment for needing to carry out network communication;The communication module is to be responsible for encryption/decryption of data and using wireless local area The equipment of fidonetFido and WAPI agreement and AP communication;Network is divided into;Network Intranet and outer net;
Step 2: it is connected by physical interface with encrypted card in the communication module;In communication, communication data is sent to encryption Card is responsible for data encryption and decryption work by encrypted card.
2. a kind of encrypted transmission method based on WAPI according to claim 1, it is characterised in that: step 2 includes Intranet When side data will pass through overseas publicity, need to encrypted card Jing Guo communication module carry out data encryption, then by outer net side by WAPI, It is sent after IEEE802.11 protocol processes.
3. a kind of encrypted transmission method based on WAPI according to claim 1, it is characterised in that: in the communication module IP packet encapsulation is carried out using IPSEC agreement, using NAT address mapping technology, realizes transmission and road of the data in outer net side By.
4. a kind of encrypted transmission method based on WAPI according to claim 1, it is characterised in that: the communication module makes With bridge, that is, 802.1d agreement;The communication module is connected using USB port with main control module;Or the communication module uses ACM agreement and main control module communication;Or the communication module using phy interface pass through between using IEEE802.3 agreement it is straight It connects and is communicated with main control module.
CN201810216254.5A 2018-03-16 2018-03-16 A kind of encrypted transmission method based on WAPI Pending CN110061954A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810216254.5A CN110061954A (en) 2018-03-16 2018-03-16 A kind of encrypted transmission method based on WAPI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810216254.5A CN110061954A (en) 2018-03-16 2018-03-16 A kind of encrypted transmission method based on WAPI

Publications (1)

Publication Number Publication Date
CN110061954A true CN110061954A (en) 2019-07-26

Family

ID=67315329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810216254.5A Pending CN110061954A (en) 2018-03-16 2018-03-16 A kind of encrypted transmission method based on WAPI

Country Status (1)

Country Link
CN (1) CN110061954A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050099978A1 (en) * 2003-11-06 2005-05-12 Interdigital Technology Corporation Access points with selective communication rate and scheduling control and related methods for wireless local area networks (WLANs)
CN1848780A (en) * 2005-04-12 2006-10-18 上海信息安全技术支持中心有限公司 Apparatus and method for automatic changingover standard
CN105554742A (en) * 2015-12-08 2016-05-04 南京熊猫电子股份有限公司 WAPI module circuit and encryption method realizing RFID encryption communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050099978A1 (en) * 2003-11-06 2005-05-12 Interdigital Technology Corporation Access points with selective communication rate and scheduling control and related methods for wireless local area networks (WLANs)
CN1848780A (en) * 2005-04-12 2006-10-18 上海信息安全技术支持中心有限公司 Apparatus and method for automatic changingover standard
CN105554742A (en) * 2015-12-08 2016-05-04 南京熊猫电子股份有限公司 WAPI module circuit and encryption method realizing RFID encryption communication

Similar Documents

Publication Publication Date Title
Arbaugh et al. Your 80211 wireless network has no clothes
EP1972125B1 (en) Apparatus and method for protection of management frames
KR101438243B1 (en) Sim based authentication
US20100119069A1 (en) Network relay device, communication terminal, and encrypted communication method
US7725933B2 (en) Automatic hardware-enabled virtual private network system
US20170310655A1 (en) Secure connections establishment
CN104735747A (en) Information transferring and receiving method and internet-of-things equipment
US11388590B2 (en) Cryptographic security in multi-access point networks
US20090019281A1 (en) Secure host network address configuration
JP3691464B2 (en) Wireless access point
JP2012010254A (en) Communication device, communication method and communication system
CN108966217B (en) Secret communication method, mobile terminal and secret gateway
Dorobantu et al. Security threats in IoT
US20230254203A1 (en) Initiating softap mode provisioning of wifi device via custom data field
CN110061954A (en) A kind of encrypted transmission method based on WAPI
US9667652B2 (en) Mobile remote access
CN102781002A (en) Method and system for automatically obtaining key of encrypted wireless network
CN106535179B (en) WDS authentication method and system
CN102843375B (en) Method for controlling network access based on identification in IP (Internet Protocol) protocol
CN102868522B (en) A kind of processing method of ike negotiation exception
Georgantas Fast initial authentication, a new mechanism to enable fast WLAN mobility
Nixon et al. Analyzing vulnerabilities on WLAN security protocols and enhance its security by using pseudo random MAC address
WO2013181830A1 (en) Association identifier communication device and association identifier communication method
CN202713365U (en) System for network data stream hardware encryption
KR20050060636A (en) System and method for generating encryption key of wireless device in wireless local area network secure system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190726

RJ01 Rejection of invention patent application after publication