CN110519760B - Network access method, device, equipment and storage medium - Google Patents
Network access method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110519760B CN110519760B CN201910670264.0A CN201910670264A CN110519760B CN 110519760 B CN110519760 B CN 110519760B CN 201910670264 A CN201910670264 A CN 201910670264A CN 110519760 B CN110519760 B CN 110519760B
- Authority
- CN
- China
- Prior art keywords
- signature
- iot
- iot device
- terminal device
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Abstract
The application provides a network access method, a device, equipment and a storage medium, comprising the following steps: and the terminal equipment acquires the updated WiFi information. The terminal equipment sends the connection information of the terminal equipment to the IoT equipment. And the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information. The IoT device sends the first signature to the terminal device. The terminal device verifies the first signature with a first public key of the IoT device. And if the terminal equipment successfully verifies the first signature, the terminal equipment sends the WiFi information to the IoT equipment. The IoT equipment accesses the WiFi network through the WiFi information. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved.
Description
Technical Field
The present application is applied to the field of communications technologies, and in particular, to a network access method, apparatus, device, and storage medium.
Background
The Internet of Things (IoT) is an information carrier based on The Internet, a traditional telecommunication network, etc., and allows all IoT devices to form an interconnected network.
Generally, an IoT device may acquire information of a Wireless Fidelity (WiFi) network from a router, that is, WiFi information, which includes: an account number and/or password for the WiFi network. The account of the WiFi network may be a Service Set Identifier (SSID) of the WiFi network. With the popularization of IoT devices, WiFi passwords are easily revealed, so users are required to update the WiFi passwords or replace routers, and based on this, IoT devices need to re-access the WiFi network. Current approaches to re-access WiFi networks include: a special device, such as a HiLink router, needs to be used, and the special device acquires the updated WiFi information and directly sends the updated WiFi information to each IoT device, which may be referred to as a batch distribution network mode. However, the batch distribution mode still causes the problem of WiFi information leakage.
Disclosure of Invention
The application provides a network access method, a device, equipment and a storage medium. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved.
In a first aspect, the present application provides a network access method, which is applied to part or all of a terminal device, and includes: and acquiring the updated wireless fidelity WiFi information. And sending connection information of the terminal equipment to the IoT equipment of the Internet of things, wherein the connection information is used for the terminal equipment to establish connection with the IoT equipment. Receiving a first signature sent by an IoT device, wherein the first signature is a signature of information of the IoT device through a first private key of the IoT device. And verifying the first signature through a first public key of the IoT device, wherein the first private key and the first public key of the IoT device are a secret key pair of the IoT device. And if the first signature is verified successfully, sending WiFi information to the IoT equipment, wherein the WiFi information is used for the IoT equipment to access the WiFi network. That is, if the terminal device successfully verifies the first signature, that is, the IoT device is legal, the terminal device sends WiFi information to the IoT device. So that the IoT device accesses the WiFi network through the WiFi information. Conversely, if the IoT device is illegal, the terminal device does not send WiFi information to the IoT device. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved.
Optionally, before sending the WiFi information to the IoT device, the method further includes: sending the second signature to the IoT device. The second signature is a signature carried out on a public key of the APP and a second public key of the IoT equipment through a private key of the APP login account, so that the IoT equipment verifies the second signature through the public key of the APP login account, the APP is installed on the terminal equipment, the APP is used for controlling the IoT equipment, and the private key and the public key of the APP login account are a secret key pair. Namely, the terminal device not only needs to verify the validity of the IoT device, but also the IoT device needs to verify the APP login account. Therefore, the WiFi information leakage condition is further reduced, and the network safety can be further improved.
Optionally, the WiFi information and/or the second signature are sent encrypted by a shared key generated by the terminal device. Therefore, the WiFi information leakage condition can be further reduced, and the network security can be further improved.
Optionally, the connection information is hotspot information of the terminal device, and correspondingly, the method further includes: and taking the time when the IoT equipment and the terminal equipment establish the connection as the starting time, and closing the hot spot of the terminal equipment after a preset time period. Or if the terminal device receives the response success message, turning off the hotspot of the terminal device, wherein the response success message is used for indicating that the IoT device has successfully accessed the WiFi network. By closing the hot spot of the terminal equipment in time, the power consumption of the terminal equipment can be reduced.
Optionally, the method further comprises: a first public key of an IoT device is obtained.
Optionally, the method further comprises: and sending the APP login account number and the first public key of the IoT device to the server, so that other terminal devices using the APP login account number acquire the first public key of the IoT device from the server. So that the respective IoT devices can communicate through the first public key of each other.
A network access method performed by the IoT device side, and a network access apparatus, a device, a storage medium, and a computer program product will be described below. The effect can refer to the network access method executed by the terminal device side, which is not described again.
In a second aspect, the present application provides a network access method, which is applied to part or all of an IoT device, and includes: and receiving the connection information sent by the terminal equipment. And establishing connection between the terminal equipment and the IoT equipment according to the connection information. And sending the first signature to the terminal device so that the terminal device can verify the first signature, wherein the first signature is a signature of the information of the IoT device through a first private key of the IoT device, and the first private key and the first public key of the IoT device are a secret key pair of the IoT device. And receiving updated wireless fidelity WiFi information sent by the terminal equipment, and accessing the WiFi network through the WiFi information.
Optionally, before receiving the updated WiFi information sent by the terminal device, the method further includes: receiving a second signature sent by the terminal equipment, wherein the second signature is a signature carried out on a public key of the APP and a second public key of the IoT equipment through a private key of an APP login account, the APP is installed on the terminal equipment, the APP is used for controlling the IoT equipment by the terminal equipment, and the private key and the public key of the APP login account are a secret key pair. And verifying the second signature through the public key of the APP login account. Correspondingly, the accessing of the WiFi network through the WiFi information comprises the following steps: and if the second signature is successfully verified, accessing the WiFi network through the WiFi information.
Optionally, the WiFi information and/or the second signature are sent encrypted by a shared key generated by the terminal device.
Optionally, the method further comprises: and if the IoT equipment is successfully accessed to the WiFi network, sending a response success message to the terminal equipment.
In a third aspect, the present application provides a network access apparatus, where the apparatus is part or all of a terminal device, and includes:
and the first acquisition module is used for acquiring the updated wireless fidelity WiFi information.
The first sending module is used for sending connection information of the terminal equipment to the IoT equipment of the Internet of things, and the connection information is used for the terminal equipment to establish connection with the IoT equipment.
The first receiving module is used for receiving a first signature sent by the IoT equipment, wherein the first signature is a signature of information of the IoT equipment through a first private key of the IoT equipment.
The verification module is used for verifying the first signature through a first public key of the IoT equipment, and a first private key and the first public key of the IoT equipment are a secret key pair of the IoT equipment.
And the second sending module is used for sending WiFi information to the IoT equipment if the verification module successfully verifies the first signature, wherein the WiFi information is used for accessing the IoT equipment to the WiFi network.
In a fourth aspect, the present application provides a network access apparatus, which is part or all of an IoT device, including:
and the first receiving module is used for receiving the connection information sent by the terminal equipment.
And the establishing module is used for establishing the connection between the terminal equipment and the IoT equipment according to the connection information.
The first sending module is configured to send a first signature to the terminal device, so that the terminal device verifies the first signature, the first signature is a signature performed on information of the IoT device through a first private key of the IoT device, and the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
And the second receiving module is used for receiving the updated wireless fidelity WiFi information sent by the terminal equipment.
And the access module is used for accessing the WiFi network through the WiFi information.
In a fifth aspect, the present application provides a terminal device, including: a transceiver, a processor, and a memory. The memory is for storing computer executable instructions for execution by the processor, the processor and the transceiver being for implementing the network access method as the first aspect or an alternative to the first aspect.
In a sixth aspect, the present application provides an IoT device, comprising: a transceiver, a processor, and a memory. The memory is for storing computer executable instructions for execution by the processor, the processor and the transceiver being for implementing the network access method as described in the second aspect or an alternative form of the second aspect.
In a seventh aspect, the present application provides a computer storage medium comprising: computer-executable instructions for implementing a network access method as the first aspect or an alternative to the first aspect.
In an eighth aspect, the present application provides a computer storage medium comprising: computer-executable instructions for implementing a network access method as per the second aspect or alternatives to the second aspect.
In a ninth aspect, the present application provides a computer program product comprising: computer-executable instructions for implementing a network access method as the first aspect or an alternative to the first aspect.
In a tenth aspect, the present application provides a computer program product comprising: computer-executable instructions for implementing a network access method as per the second aspect or alternatives to the second aspect.
When an IoT device is previously accessed into a WiFi network, but a password in the WiFi network is easy to leak, the WiFi information needs to be updated, and a terminal device can acquire the updated WiFi information and send connection information of the terminal device to the IoT device. And the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information. The IoT device sends the first signature to the terminal device. The terminal device verifies the first signature with a first public key of the IoT device. And if the terminal equipment successfully verifies the first signature, namely the IoT equipment is legal, the terminal equipment sends WiFi information to the IoT equipment. So that the IoT device accesses the WiFi network through the WiFi information. Conversely, if the IoT device is illegal, the terminal device does not send WiFi information to the IoT device. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved. Further, after the terminal device successfully authenticates the IoT device, the WiFi information is encrypted and sent to the IoT device through the shared key between the terminal device and the IoT device, so that the WiFi information leakage can be further reduced, and the network security can be further improved.
Drawings
Fig. 1 is an application scenario diagram provided in an embodiment of the present application;
fig. 2 is an interaction flowchart of a network access method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a trust ring provided by an embodiment of the present application;
fig. 4 is an interaction flowchart of a network access method according to another embodiment of the present application;
fig. 5 is an interaction flowchart of a network access method according to still another embodiment of the present application;
fig. 6 is an interaction flowchart of a network access method according to another embodiment of the present application;
fig. 7 is an interaction flowchart of a network access method according to still another embodiment of the present application;
fig. 8 is a schematic diagram of a network access device 800 according to an embodiment of the present application;
fig. 9 is a schematic diagram of a network access apparatus 900 according to an embodiment of the present application;
fig. 10 is a schematic diagram of a terminal device 1000 according to an embodiment of the present application;
fig. 11 is a schematic diagram of an IoT device 1100 according to an embodiment of the present application.
Detailed Description
As above, the current way to re-access the WiFi network includes: a special device, such as a HiLink router, needs to be used, and the special device acquires the updated WiFi information and directly sends the updated WiFi information to each IoT device, which may be referred to as a batch distribution network mode. However, the batch distribution mode still causes the problem of WiFi information leakage. In addition, since special devices such as HiLink routers need to be used, when the special devices are not currently used, network distribution operation needs to be performed on each IoT device manually.
A terminal device referred to herein may refer to a device that provides voice and/or data connectivity to a user, a handheld device having wireless connection capability, or other processing device connected to a wireless modem. The terminal device may communicate with at least one core Network via a Radio Access Network (RAN). The terminal equipment may be mobile terminals such as mobile telephones (or so-called "cellular" telephones) and computers with mobile terminals, e.g. portable, pocket, hand-held, computer-included or car-mounted mobile devices, which exchange voice and/or data with a radio access network. The Terminal device may also be referred to as a Subscriber Unit (Subscriber Unit), a Subscriber Station (Subscriber Station), a Mobile Station (Mobile Station), a Remote Station (Remote Station), an Access Point (Access Point), a Remote Terminal (Remote Terminal), an Access Terminal (Access Terminal), a User Terminal (User Terminal), a User Agent (User Agent), or a User device (User Equipment), which is not limited herein.
The IoT equipment related to the application can be terminal equipment which can be accessed into the IoT, such as a printer, a refrigerator, a robot, a sensor, an electric meter, a water meter, a floor sweeping robot, a socket, a mouse, a camera and the like.
Optionally, fig. 1 is an application scenario diagram provided in an embodiment of the present application, and as shown in fig. 1, network elements related to the application scenario include: at least one terminal device 11 (fig. 1, for example, includes one terminal device 11) and at least one IoT device 12 (fig. 1, for example, includes one camera, one mouse, one socket, and one sweeping robot), where the IoT device 12 has previously accessed into the WiFi network, but since a password in the WiFi network is easily leaked, it is necessary to update WiFi information, and the terminal device 11 may obtain updated WiFi information and send the updated WiFi information to the IoT device 12 in a case that the IoT device 12 is legal.
Fig. 2 is an interaction flowchart of a network access method provided in an embodiment of the present application, and optionally, an execution subject related to the method includes: some or all of the terminal device, some or all of the IoT device, some of the terminal device may be a processor internal to the terminal device, and some of the IoT device may be a processor internal to the IoT device. Taking the execution subject of the method as the terminal device and the IoT device as an example, as shown in fig. 2, the method includes the following steps:
step S201: and the terminal equipment acquires the updated WiFi information.
Step S202: the terminal device sends connection information of the terminal device to the IoT device.
Step S203: and the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information.
Step S204: the IoT device sends the first signature to the terminal device.
The first signature is a signature of information of the IoT device by a first private key of the IoT device.
Step S205: the terminal device verifies the first signature with a first public key of the IoT device.
Wherein the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
Step S206: and if the terminal equipment successfully verifies the first signature, the terminal equipment sends WiFi information to the IoT equipment.
Step S207: the IoT equipment accesses the WiFi network through the WiFi information.
Optionally, the updated WiFi information includes: the updated account number of the WiFi network and/or the updated password of the WiFi network. Such as: when the router is not replaced, only the password of the WiFi network is modified, in which case the terminal device may send the modified password to the IoT device. Alternatively, the terminal device may send the modified password and the previous account number of the WiFi network to the IoT device. For another example: when the router has been replaced, the password of the WiFi network is not modified, in which case the terminal device may send the modified password to the IoT device. Alternatively, the terminal device may send the modified password and the previous account number of the WiFi network to the IoT device. For another example: when the router has been replaced and the password of the WiFi network has been modified, the terminal device may send the modified password and the modified account number of the WiFi network to the IoT device.
Optionally, the terminal device may send the connection information to the IoT device in a multicast manner. Or, the IoT device monitors a multicast packet sent by the terminal device, and obtains connection information of the terminal device through the multicast packet.
Optionally, the connection information of the terminal device includes hotspot information of the terminal device. The hotspot information includes a name of the hotspot. After obtaining the hotspot information, the IoT device may connect to the hotspot started by the terminal device, and after the connection is successful, the terminal device may allocate an Internet Protocol (IP) to the IoT device. Or the connection information of the terminal device comprises the Bluetooth name and the Bluetooth password of the terminal device. After acquiring the bluetooth name and the bluetooth password, the IoT device may connect to the terminal device in a bluetooth manner. It should be noted that, the connection method between the terminal device and the IoT device is not limited in the present application.
Optionally, after the terminal device establishes a connection with the IoT device, the IoT device sends a request message to the terminal device, where the request message is used to request to acquire WiFi information, and the request message may carry the first signature. The IoT device may generate a secret key pair of the IoT device by using the Ed25519 algorithm, including: the first private key of the IoT device (i.e., the Ed25519 private key of the IoT device) and the first public key (i.e., the Ed25519 public key of the IoT device) and the information of the IoT device is signed by the first private key of the IoT device by using an Ed25519 algorithm, so as to obtain a first signature, optionally, the information of the IoT device includes an identifier of the IoT device. After the terminal device acquires the first signature, the first signature is verified through the acquired first public key of the IoT device by adopting an Ed25519 algorithm. If the terminal device successfully verifies the first signature, the IoT device is legal, otherwise, the IoT device is illegal.
Optionally, after the IoT device and the terminal device complete the first pin code distribution, a trust relationship is established between the IoT device and the terminal device, and at this time, the terminal device may obtain the first public key of the IoT device, so that the terminal device may authenticate the identity of the IoT device. Similarly, after the distribution of the first pin code of the other IoT devices and the terminal device is completed, a trust relationship is also established between the IoT device and the terminal device, and at this time, the terminal device may obtain the first public key of the IoT device, so that the terminal device may authenticate the identity of the IoT device. So that the terminal device may obtain the first public keys of the plurality of IoT devices. Fig. 3 is a schematic diagram of a trust ring provided in an embodiment of the present application, as shown in fig. 3, a trust ring 13 is formed between multiple IoT devices 12 and a terminal device 11, where the terminal device 11 may send an APP login account and a first public key of the IoT device 12 to a server (not shown in fig. 3) in the trust ring 13, and the terminal device is installed with an APP, and the APP is used for the terminal device to control the IoT devices. As long as the terminal device 11 or other terminal devices join the trust ring 13 and log in using the same APP login account, the terminal devices may obtain the first public key of each IoT device 12 from the server. The identity of the IoT device may be authenticated through the first public key of the IoT device 12, and if the authentication is successful, the terminal device may subsequently send the WiFi information to the IoT device that is successfully authenticated.
Optionally, after the terminal device successfully authenticates the IoT device, the WiFi information is encrypted and sent to the IoT device through a shared key between the terminal device and the IoT device. The terminal device may obtain the second public key of the IoT device and the private key of the APP, and generate the shared key according to the second public key of the IoT device and the private key of the APP. It is worth mentioning that the second public key of the IoT device and the second private key of the IoT device are a secret key pair of the IoT device, the second public key of the IoT device may be a public key generated by the IoT device based on the currve 25519 algorithm (i.e., the currve 25519 public key of the IoT device), and the second private key of the IoT device may be a private key generated by the IoT device based on the currve 25519 algorithm (i.e., the currve 25519 private key of the IoT device). The private key of the APP and the public key of the APP are a private key pair of the APP, the public key of the APP may be a public key generated by the terminal device based on the Curve25519 algorithm (i.e., the Curve25519 public key of the APP), and the private key of the APP may be a private key generated by the terminal device based on the Curve25519 algorithm (i.e., the Curve25519 private key of the APP). In addition, the present application does not limit how the shared key is generated.
Optionally, if the connection information is hotspot information of the terminal device, and correspondingly, the time for establishing the current connection between the IoT device and the terminal device is used as an initial time, and after a preset time period (for example, 3 minutes), the terminal device closes its hotspot; or if the terminal device receives a response success message, closing the hotspot of the terminal device, wherein the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
Optionally, if the connection information is bluetooth information of the terminal device, and correspondingly, the time for establishing the current connection between the IoT device and the terminal device is used as the starting time, and after a preset time period (e.g., 3 minutes), the terminal device turns off bluetooth; or if the terminal device receives a response success message, the bluetooth of the terminal device is turned off, and the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
In summary, the present application provides a network access method, when an IoT device has previously accessed a WiFi network, but a password in the WiFi network is easily revealed, so that WiFi information needs to be updated, and a terminal device may obtain updated WiFi information and send connection information of the terminal device to the IoT device. And the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information. The IoT device sends the first signature to the terminal device. The terminal device verifies the first signature with a first public key of the IoT device. And if the terminal equipment successfully verifies the first signature, namely the IoT equipment is legal, the terminal equipment sends WiFi information to the IoT equipment. So that the IoT device accesses the WiFi network through the WiFi information. Conversely, if the IoT device is illegal, the terminal device does not send WiFi information to the IoT device. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved. Further, after the terminal device successfully authenticates the IoT device, the WiFi information is encrypted and sent to the IoT device through the shared key between the terminal device and the IoT device, so that the WiFi information leakage can be further reduced, and the network security can be further improved. Further, when there are multiple IoT devices, the terminal device may send WiFi information to the multiple IoT devices in a batch manner, so that efficiency of access of the IoT devices to the WiFi network may be improved.
Fig. 4 is an interaction flowchart of a network access method according to another embodiment of the present application, and optionally, an execution subject related to the method includes: some or all of the terminal device, some or all of the IoT device, some of the terminal device may be a processor internal to the terminal device, and some of the IoT device may be a processor internal to the IoT device. Taking the execution subject of the method as the terminal device and the IoT device as an example, as shown in fig. 4, the method includes the following steps:
step S401: and the terminal equipment acquires the updated WiFi information.
Step S402: the terminal device sends connection information of the terminal device to the IoT device.
Step S403: and the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information.
Step S404: the IoT device sends the first signature to the terminal device.
The first signature is a signature of information of the IoT device by a first private key of the IoT device.
Step S405: the terminal device verifies the first signature with a first public key of the IoT device.
Wherein the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
Step S406: and if the terminal equipment successfully verifies the first signature, the terminal equipment sends a second signature to the IoT equipment.
The second signature is a signature of the public key of the APP and the second public key of the IoT device by applying the private key of the APP login account.
Step S407: and the IoT equipment verifies the second signature through the public key of the APP login account.
Step 408: and if the IoT equipment successfully verifies the second signature, sending an indication message to the terminal equipment.
The indication message is used to indicate that the IoT device successfully verifies the second signature.
Step S409: the terminal device sends WiFi information to the IoT device.
Step S410: the IoT equipment accesses the WiFi network through the WiFi information.
The present embodiment is different from the previous embodiment in that: in this embodiment, the terminal device needs to verify the validity of the IoT device, i.e., step S401 to step 405. The IoT device is also to authenticate the APP login account. Therefore, the content repeated in this embodiment and the previous embodiment is not described herein again.
The following description is made with respect to steps S406 to S410:
the terminal device may use an Ed25519 algorithm to sign the public key of the APP (i.e., the Curve25519 public key of the APP) and the second public key of the IoT device (i.e., the Curve25519 public key of the IoT device) by using the private key of the APP login account (i.e., the Ed25519 private key of the APP login account), so as to obtain a second signature.
Optionally, the terminal device may further encrypt the second signature by using the shared key to send the encrypted second signature. The terminal device may obtain a private key of the APP (i.e., the private key of the currve 25519 of the APP) and a second public key of the IoT device (i.e., the public key of the currve 25519 of the IoT device), and generate the shared key according to the private key of the APP and the second public key of the IoT device. The present application does not limit how the shared key is generated. It should be noted that the public key and the private key of the APP login account are a secret key pair, the public key and the private key of the APP are a secret key pair, the first public key and the first private key of the IoT device are a secret key pair, and the second public key and the second private key of the IoT device are a secret key pair.
Optionally, after obtaining the second signature, the IoT device uses an Ed25519 algorithm, but is not limited to this, and the second signature is verified by the obtained public key of the APP login account. If the IoT equipment successfully verifies the second signature, the APP login account is legal, and otherwise, the APP login account is illegal.
Optionally, after the APP login account is successfully authenticated, the IoT device sends an indication message to the terminal device, and after the terminal device receives the indication message, the WiFi information is encrypted by using a shared key between the terminal device and the IoT device and sent to the IoT device. The terminal device may obtain the second public key of the IoT device and the private key of the APP, and generate the shared key according to the second public key of the IoT device and the private key of the APP. As such, the present application does not limit how the method of generating the shared key is.
Optionally, if the connection information is hotspot information of the terminal device, and correspondingly, the time for establishing the current connection between the IoT device and the terminal device is used as an initial time, and after a preset time period (for example, 3 minutes), the terminal device closes its hotspot; or if the terminal device receives a response success message, closing the hotspot of the terminal device, wherein the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
Optionally, if the connection information is bluetooth information of the terminal device, and correspondingly, the time for establishing the current connection between the IoT device and the terminal device is used as the starting time, and after a preset time period (e.g., 3 minutes), the terminal device turns off bluetooth; or if the terminal device receives a response success message, the bluetooth of the terminal device is turned off, and the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
In summary, in this embodiment, if the terminal device successfully verifies the first signature, that is, the IoT device is legal, the IoT device continues to verify the APP login account. And if the IoT equipment successfully verifies the APP login account, the IoT equipment accesses the WiFi network through the WiFi information. Conversely, if the IoT device and/or the APP login account is illegal, the terminal device does not send WiFi information to the IoT device. Therefore, the WiFi information leakage condition can be reduced, and the network safety can be improved. Further, after the terminal device successfully authenticates the IoT device, the WiFi information and/or the second signature are encrypted and sent to the IoT device through the shared key between the terminal device and the IoT device, so that the situation that the WiFi information and/or the second signature are leaked can be further reduced, and the network security can be further improved. Further, when there are multiple IoT devices, the terminal device may send WiFi information to the multiple IoT devices in a batch manner, so that efficiency of access of the IoT devices to the WiFi network may be improved.
Fig. 5 is an interaction flowchart of a network access method according to yet another embodiment of the present application, and optionally, an execution subject related to the method includes: some or all of the terminal device, some or all of the IoT device, some of the terminal device may be a processor internal to the terminal device, and some of the IoT device may be a processor internal to the IoT device. Taking the execution subject of the method as the terminal device and the IoT device as an example, as shown in fig. 5, the method includes the following steps:
step S501: and the terminal equipment acquires the updated WiFi information.
Step S502: the terminal device sends connection information of the terminal device to the IoT device.
Step S503: and the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information.
Step S504: the IoT device sends the first signature to the terminal device.
The first signature is a signature of information of the IoT device by a first private key of the IoT device.
Step S505: the terminal device verifies the first signature with a first public key of the IoT device.
Wherein the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
Step S506: and if the terminal equipment successfully verifies the first signature, the terminal equipment generates a public key and a private key of the APP.
Step S507: the terminal device sends the public key of the APP to the IoT device.
Step S508: the IoT device generates a second public key and a second private key for the IoT device.
Step S509: the IoT device generates a shared secret key according to the second private key of the IoT device and the public key of the APP.
Step S510: the IoT device signs the second public key of the IoT device and the public key of the APP through the first private key of the IoT device to obtain a third signature. And encrypts the third signature with the shared key.
Step S511: the IoT device sends the third signature and the first public key of the IoT device to the terminal device.
Step S512: the terminal device verifies the third signature through the first public key of the IoT device.
Step S513: and if the third signature is verified successfully, the terminal equipment sends a second signature to the IoT equipment.
The second signature is a signature of the public key of the APP and the second public key of the IoT device by applying the private key of the APP login account.
Step S514: and the IoT equipment verifies the second signature through the public key of the APP login account.
Step 515: and if the IoT equipment successfully verifies the second signature, sending an indication message to the terminal equipment.
The indication message is used to indicate that the IoT device successfully verifies the second signature.
Step S516: the terminal device sends WiFi information to the IoT device.
Step S517: the IoT equipment accesses the WiFi network through the WiFi information.
The present embodiment is different from the previous embodiment in that: in this embodiment, the IoT device signs the second public key of the IoT device and the public key of the APP with the first private key of the IoT device to obtain a third signature. And encrypts the third signature with the shared key. The terminal device may verify the third signature with the first public key of the IoT device. And after the terminal device successfully verifies the third signature, sending the second signature to the IoT device. In addition, the content of the repetition of the present embodiment and the two above embodiments is not described herein again.
Optionally, the terminal device may generate the public key and the private key of the APP by using the Curve25519 algorithm. The IoT device may also generate a second public key and a second private key of the IoT device using the currve 25519 algorithm.
Step S509 is an optional step, and when the IoT device does not perform step S509, in step S510, the IoT device does not need to encrypt the third signature with the shared key.
Optionally, the terminal device may check the third signature with the first public key of the IoT device using the Ed25519 algorithm.
It should be noted that the shared key generated by the terminal device is the same as the shared key generated by the IoT device.
In summary, in the embodiment of the present application, the terminal device and the IoT device implement mutual authentication, which further can improve network security.
Fig. 6 is an interaction flowchart of a network access method according to another embodiment of the present application, and optionally, an execution subject related to the method includes: some or all of the terminal device, some or all of the IoT device, some of the terminal device may be a processor internal to the terminal device, and some of the IoT device may be a processor internal to the IoT device. Taking the execution subject of the method as the terminal device and the IoT device as an example, as shown in fig. 6, the method includes the following steps:
step S601: and the terminal equipment acquires the updated WiFi information.
Step S602: the terminal device sends connection information of the terminal device to the IoT device.
Step S603: and the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information.
Step S604: the IoT device sends the first signature to the terminal device.
The first signature is a signature of information of the IoT device by a first private key of the IoT device.
Step S605: the terminal device verifies the first signature with a first public key of the IoT device.
Step S606: and if the terminal equipment successfully verifies the first signature, the terminal equipment sends WiFi information and a second signature to the IoT equipment.
Step S607: and the IoT equipment verifies the second signature through the public key of the APP login account.
Step 608: and if the IoT equipment successfully verifies the second signature, the IoT equipment accesses the WiFi network through the WiFi information.
The present embodiment is different from the embodiment corresponding to fig. 4 in that: in this embodiment, if the terminal device successfully verifies the first signature, the terminal device sends WiFi information and a second signature to the IoT device. And if the IoT equipment successfully verifies the second signature, the IoT equipment accesses the WiFi network through the WiFi information. Therefore, the content of the embodiment and the above embodiments are not repeated herein.
Fig. 7 is an interaction flowchart of a network access method according to yet another embodiment of the present application, and optionally, an execution subject related to the method includes: some or all of the terminal device, some or all of the IoT device, some of the terminal device may be a processor internal to the terminal device, and some of the IoT device may be a processor internal to the IoT device. Taking the execution subject of the method as the terminal device and the IoT device as an example, as shown in fig. 7, the method includes the following steps:
step S701: and the terminal equipment acquires the updated WiFi information.
Step S702: the terminal device sends connection information of the terminal device to the IoT device.
Step S703: and the IoT equipment establishes connection between the terminal equipment and the IoT equipment according to the connection information.
Step S704: the IoT device sends the first signature to the terminal device.
The first signature is a signature of information of the IoT device by a first private key of the IoT device.
Step S705: the terminal device verifies the first signature with a first public key of the IoT device.
Step S706: and if the terminal equipment successfully verifies the first signature, the terminal equipment generates a public key and a private key of the APP.
Step S707: the terminal device sends the public key of the APP to the IoT device.
Step S708: the IoT device generates a second public key and a second private key for the IoT device.
Step S709: the IoT device generates a shared secret key according to the second private key of the IoT device and the public key of the APP.
Step S710: the IoT device signs the second public key of the IoT device and the public key of the APP through the first private key of the IoT device to obtain a third signature. And encrypts the third signature with the shared key.
Step S711: the IoT device sends the third signature and the first public key of the IoT device to the terminal device.
Step S712: the terminal device verifies the third signature through the first public key of the IoT device.
Step S713: and if the third signature is verified successfully, the terminal equipment sends the second signature and the WiFi information to the IoT equipment.
Step S714: and the IoT equipment verifies the second signature through the public key of the APP login account.
Step 715: and if the IoT equipment successfully verifies the second signature, the IoT equipment accesses the WiFi network through the WiFi information.
The present embodiment is different from the previous embodiment in that: in this embodiment, the IoT device signs the second public key of the IoT device and the public key of the APP with the first private key of the IoT device to obtain a third signature. And if the third signature is verified successfully, the terminal equipment sends the second signature and the WiFi information to the IoT equipment. In addition, the content of the repetition of the present embodiment and the two above embodiments is not described herein again.
Fig. 8 is a schematic diagram of a network access apparatus 800 according to an embodiment of the present application, where the apparatus is a part or all of a terminal device, and as shown in fig. 8, the apparatus 800 includes:
a first obtaining module 801, configured to obtain updated WiFi information.
The first sending module 802 is configured to send connection information of the terminal device to an IoT device in the internet of things, where the connection information is used for the terminal device to establish a connection with the IoT device.
A first receiving module 803, configured to receive a first signature sent by an IoT device, where the first signature is a signature performed on information of the IoT device through a first private key of the IoT device.
The verifying module 804 is configured to verify the first signature by using a first public key of the IoT device, where the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
The second sending module 805 is configured to send WiFi information to the IoT device if the verification module successfully verifies the first signature, where the WiFi information is used for the IoT device to access a WiFi network.
Optionally, the apparatus 800 further includes: a third sending module 806, configured to send the second signature to the IoT device before the second sending module 805 sends the WiFi information to the IoT device. The second signature is a signature carried out on a public key of the APP and a second public key of the IoT equipment through a private key of the APP login account, so that the IoT equipment verifies the second signature through the public key of the APP login account, the APP is installed on the terminal equipment, the APP is used for controlling the IoT equipment, and the private key and the public key of the APP login account are a secret key pair.
Optionally, the WiFi information and/or the second signature are sent encrypted by a shared key generated by the terminal device.
Optionally, the connection information is hotspot information of the terminal device, and correspondingly, the apparatus 800 further includes: a closing module 807, configured to take a time when the IoT device establishes the current connection with the terminal device as an initial time, and close the hotspot of the terminal device after a preset time period.
Alternatively, the first and second electrodes may be,
the apparatus 800 further comprises: a second receiving module 808 and a closing module 807, where if the second receiving module 808 receives the response success message, the closing module 807 closes the hotspot of the terminal device, and the response success message is used to indicate that the IoT device has successfully accessed the WiFi network.
Optionally, the apparatus 800 further includes: a second obtaining module 809 is configured to obtain the first public key of the IoT device.
Optionally, the apparatus 800 further includes: a fourth sending module 810, configured to send the APP login account and the first public key of the IoT device to the server, so that other terminal devices using the APP login account obtain the first public key of the IoT device from the server.
The network access apparatus provided in this embodiment of the present application may be configured to execute the network access method executed by the terminal device side, and the content and effect of the network access apparatus may refer to part of the method embodiment, which is not described herein again.
Fig. 9 is a schematic diagram of a network access apparatus 900 according to an embodiment of the present application, where the apparatus 900 is a part or all of an IoT device, and as shown in fig. 9, the apparatus 900 includes:
a first receiving module 901, configured to receive connection information sent by a terminal device.
An establishing module 902, configured to establish a connection between the terminal device and the IoT device according to the connection information.
The first sending module 903 is configured to send a first signature to the terminal device, so that the terminal device verifies the first signature, where the first signature is a signature performed on information of the IoT device through a first private key of the IoT device, and the first private key and the first public key of the IoT device are a secret key pair of the IoT device.
A second receiving module 904, configured to receive updated WiFi information sent by a terminal device.
An access module 905, configured to access a WiFi network through WiFi information.
Optionally, the apparatus 900 further includes:
a third receiving module 906, configured to receive a second signature sent by the terminal device before the second receiving module 904 receives the updated WiFi information sent by the terminal device, where the second signature is a signature performed on a public key of the APP and a second public key of the IoT device by using a private key of the APP login account, the terminal device is provided with the APP, the APP is used for the terminal device to control the IoT device, and the private key and the public key of the APP login account are a secret key pair.
A checking module 907, configured to check the second signature through the public key of the APP login account.
Correspondingly, the access module 905 is specifically configured to: and if the second signature is successfully verified, accessing the WiFi network through the WiFi information.
Optionally, the WiFi information and/or the second signature are sent encrypted by a shared key generated by the terminal device.
Optionally, the apparatus 900 further includes: a second sending module 908, configured to send a response success message to the terminal device if the IoT device has successfully accessed the WiFi network.
The network access apparatus provided in the embodiment of the present application may be configured to execute the network access method executed by the IoT device side, and the content and the effect of the network access apparatus may refer to part of the method embodiment, which is not described herein again.
Fig. 10 is a schematic diagram of a terminal device 1000 according to an embodiment of the present application, and as shown in fig. 10, the terminal device 1000 includes: a transceiver 1001, a memory 1002, and one or more processors 1003, where the processors 1003 may also be referred to as processing units, may implement certain control or processing functions. The processor 1003 may be a general-purpose processor, a special-purpose processor, or the like. For example, a baseband processor, or a central processor. The baseband processor may be configured to process a communication protocol and communication data, the central processing unit may be configured to control the communication device, execute a software program, and process data of the software program, wherein the memory 1002 is configured to store computer-executable instructions, so that the transceiver 1001 and the processor 1003 implement the network access method performed by the terminal device.
The processor 1003 and the transceiver 1001 described herein may be implemented on an Integrated Circuit (IC), an analog IC, a Radio Frequency Integrated Circuit (RFIC), a mixed signal IC, an Application Specific Integrated Circuit (ASIC), a Printed Circuit Board (PCB), an electronic device, or the like. The processor and transceiver may also be fabricated using various 1C process technologies, such as Complementary Metal Oxide Semiconductor (CMOS), N-type metal oxide semiconductor (NMOS), P-type metal oxide semiconductor (PMOS), Bipolar Junction Transistor (BJT), Bipolar CMOS (bicmos), silicon germanium (SiGe), gallium arsenide (GaAs), and the like.
The terminal device provided in the embodiment of the present application may be configured to execute the network access method executed by the terminal device side, and the content and the effect of the method may refer to part of the method embodiment, which is not described again.
Fig. 11 is a schematic diagram of an IoT device 1100 according to an embodiment of the present application, and as shown in fig. 11, the IoT device 1100 includes: the transceiver 1101, the memory 1102 and one or more processors 1103, the processors 1103 may also be referred to as processing units, which may implement certain control or processing functions. The processor 1103 may be a general-purpose processor, a special-purpose processor, or the like. For example, a baseband processor, or a central processor. The baseband processor may be configured to process a communication protocol and communication data, and the central processor may be configured to control the communication device, execute a software program, and process data of the software program, where the memory 1102 is configured to store computer executable instructions to enable the transceiver 1101 and the processor 1103 to implement the network access method performed by the IoT device.
The processor 1103 and transceiver 1101 described herein may be implemented on an IC, analog IC, RFIC, mixed signal IC, ASIC, PCB, electronic device, or the like. The processor and transceiver may also be fabricated using various 1C process technologies such as CMOS, NMOS, PMOS, BJT, bipolar CMOS (bicmos), silicon germanium (SiGe), gallium arsenide (GaAs), etc.
The IoT device provided in the embodiment of the present application may be configured to execute the network access method executed by the IoT device side, and the content and effect of the IoT device may refer to part of the method embodiment, which is not described herein again.
The present application also provides a computer storage medium including computer-executable instructions that, when executed by a computer, cause the computer to implement the network access method described above, the contents and effects of which can be referred to the method embodiments.
The present application also provides a computer program product comprising computer executable instructions which, when executed by a computer, cause the computer to implement the network access method described above, the contents and effects of which may be referred to the method embodiments.
Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer-executable instructions. The procedures or functions according to the embodiments of the present application are all or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer-executable instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another, e.g., the computer-executable instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In addition, the method embodiments and the device embodiments may also refer to each other, and the same or corresponding contents in different embodiments may be referred to each other, which is not described in detail.
Claims (20)
1. A network access method is applied to part or all of terminal equipment, and is characterized by comprising the following steps:
acquiring updated wireless fidelity WiFi information;
sending connection information of the terminal equipment to IoT equipment, wherein the connection information is used for the terminal equipment to establish connection with the IoT equipment;
receiving a first signature sent by the IoT device, wherein the first signature is a signature of information of the IoT device through a first private key of the IoT device;
verifying the first signature by a first public key of the IoT device, wherein the first private key and the first public key of the IoT device are a secret key pair of the IoT device;
if the first signature is verified successfully, the WiFi information is sent to the IoT equipment, and the WiFi information is used for the IoT equipment to access a WiFi network;
wherein the sending the WiFi information to the IoT device further comprises, before:
sending a second signature to the IoT device;
the second signature is a signature carried out on the public key of the APP and the second public key of the IoT equipment through the private key of the APP login account, so that the IoT equipment checks the second signature through the public key of the APP login account, the APP is installed on the terminal equipment, the APP is used for controlling the IoT equipment through the terminal equipment, and the private key and the public key of the APP login account are a secret key pair.
2. The method of claim 1, wherein the WiFi information and/or the second signature is sent encrypted with a shared key generated by the terminal device.
3. The method according to claim 1 or 2, wherein the connection information is hotspot information of the terminal device, and correspondingly, the method further comprises:
taking the time when the IoT equipment and the terminal equipment establish the connection as the starting time, and closing the hot spot of the terminal equipment after a preset time period;
alternatively, the first and second electrodes may be,
if the terminal device receives a response success message, the hotspot of the terminal device is closed, and the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
4. The method of claim 1 or 2, further comprising:
obtain a first public key of the IoT device.
5. The method of claim 1 or 2, further comprising:
and sending the APP login account and the first public key of the IoT equipment to a server so that other terminal equipment using the APP login account can acquire the first public key of the IoT equipment from the server.
6. A network access method applied to part or all of IoT equipment comprises the following steps:
receiving connection information sent by terminal equipment;
establishing a connection between the terminal device and the IoT device according to the connection information;
sending a first signature to the terminal device for the terminal device to verify the first signature, wherein the first signature is a signature of information of the IoT device through a first private key of the IoT device, and the first private key and a first public key of the IoT device are a secret key pair of the IoT device;
receiving updated wireless fidelity WiFi information sent by the terminal equipment, and accessing a WiFi network through the WiFi information;
before receiving the updated WiFi information sent by the terminal device, the method further includes:
receiving a second signature sent by a terminal device, wherein the second signature is a signature of a private key of an APP login account number on a public key of the APP and a second public key of the IoT device, the APP is installed on the terminal device, the APP is used for the terminal device to control the IoT device, and the private key and the public key of the APP login account number are a secret key pair;
verifying the second signature through a public key of the APP login account;
correspondingly, the accessing a WiFi network through the WiFi information includes:
and if the second signature is verified successfully, accessing a WiFi network through the WiFi information.
7. The method of claim 6, wherein the WiFi information and/or the second signature is sent encrypted with a shared key generated by the terminal device.
8. The method of claim 6 or 7, further comprising:
and if the IoT equipment is successfully accessed to the WiFi network, sending a response success message to the terminal equipment.
9. A network access apparatus, wherein the apparatus is part or all of a terminal device, comprising:
the first acquisition module is used for acquiring updated wireless fidelity WiFi information;
a first sending module, configured to send connection information of the terminal device to an internet of things (IoT) device, where the connection information is used for the terminal device to establish a connection with the IoT device;
a first receiving module, configured to receive a first signature sent by the IoT device, where the first signature is a signature of information of the IoT device through a first private key of the IoT device;
a verification module, configured to verify the first signature by using a first public key of the IoT device, where the first private key and the first public key of the IoT device are a secret key pair of the IoT device;
a second sending module, configured to send, if the verification module successfully verifies the first signature, the WiFi information to the IoT device, where the WiFi information is used for the IoT device to access a WiFi network;
a third sending module, configured to send a second signature to the IoT device before the second sending module sends the WiFi information to the IoT device;
the second signature is a signature carried out on the public key of the APP and the second public key of the IoT equipment through the private key of the APP login account, so that the IoT equipment checks the second signature through the public key of the APP login account, the APP is installed on the terminal equipment, the APP is used for controlling the IoT equipment through the terminal equipment, and the private key and the public key of the APP login account are a secret key pair.
10. The apparatus of claim 9, wherein the WiFi information and/or the second signature is sent encrypted with a shared key generated by the terminal device.
11. The apparatus according to claim 9 or 10, wherein the connection information is hot spot information of the terminal device, and accordingly,
the device further comprises: a closing module, configured to close a hotspot of the terminal device after a preset time period by using a time when the IoT device establishes the current connection with the terminal device as a start time;
alternatively, the first and second electrodes may be,
the device further comprises: the terminal device comprises a second receiving module and a closing module, wherein the closing module closes the hotspot of the terminal device if the second receiving module receives a response success message, and the response success message is used for indicating that the IoT device has successfully accessed the WiFi network.
12. The apparatus of claim 9 or 10, further comprising:
a second obtaining module, configured to obtain the first public key of the IoT device.
13. The apparatus of claim 9 or 10, further comprising:
a fourth sending module, configured to send the APP login account and the first public key of the IoT device to a server, so that other terminal devices using the APP login account obtain the first public key of the IoT device from the server.
14. A network access apparatus, wherein the apparatus is part or all of an IoT device, comprising:
the first receiving module is used for receiving the connection information sent by the terminal equipment;
an establishing module, configured to establish a connection between the terminal device and the IoT device according to the connection information;
a first sending module, configured to send a first signature to the terminal device, so that the terminal device verifies the first signature, where the first signature is a signature of information of the IoT device through a first private key of the IoT device, and the first private key and a first public key of the IoT device are a secret key pair of the IoT device;
the second receiving module is used for receiving the updated wireless fidelity WiFi information sent by the terminal equipment;
the access module is used for accessing a WiFi network through the WiFi information;
a third receiving module, configured to receive a second signature sent by the terminal device before the second receiving module receives updated WiFi information sent by the terminal device, where the second signature is a signature performed on a public key of an APP login account and a second public key of the IoT device by using a private key of the APP login account, the APP is installed on the terminal device, the APP is used for the terminal device to control the IoT device, and the private key and the public key of the APP login account are a secret key pair;
the verification module is used for verifying the second signature through a public key of the APP login account;
correspondingly, the access module is specifically configured to:
and if the second signature is verified successfully, accessing a WiFi network through the WiFi information.
15. The apparatus of claim 14, wherein the WiFi information and/or the second signature is sent encrypted with a shared key generated by the terminal device.
16. The apparatus of claim 14 or 15, further comprising:
a second sending module, configured to send a response success message to the terminal device if the IoT device has successfully accessed the WiFi network.
17. A terminal device, comprising: a transceiver, a processor, and a memory;
the memory is configured to store computer-executable instructions for execution by the processor, the processor and the transceiver being configured to implement the network access method of any one of claims 1-5.
18. An IoT device, comprising: a transceiver, a processor, and a memory;
the memory is configured to store computer-executable instructions for execution by the processor, the processor and the transceiver being configured to implement the network access method of any one of claims 6-8.
19. A computer storage medium, comprising: computer-executable instructions for implementing the network access method of any one of claims 1-5.
20. A computer storage medium, comprising: computer-executable instructions for implementing the network access method of any one of claims 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910670264.0A CN110519760B (en) | 2019-07-24 | 2019-07-24 | Network access method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910670264.0A CN110519760B (en) | 2019-07-24 | 2019-07-24 | Network access method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110519760A CN110519760A (en) | 2019-11-29 |
| CN110519760B true CN110519760B (en) | 2021-02-09 |
Family
ID=68623936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910670264.0A Active CN110519760B (en) | 2019-07-24 | 2019-07-24 | Network access method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110519760B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113242550A (en) * | 2020-01-22 | 2021-08-10 | 阿里巴巴集团控股有限公司 | Network distribution method, device, equipment and storage medium |
| CN113543150A (en) * | 2020-04-22 | 2021-10-22 | 中兴通讯股份有限公司 | Network distribution method and device of intelligent device, electronic device and computer readable medium |
| CN114697017B (en) * | 2020-12-31 | 2024-01-16 | 华为技术有限公司 | Key negotiation method and related equipment thereof |
| CN116668964A (en) * | 2021-02-05 | 2023-08-29 | Oppo广东移动通信有限公司 | Equipment network distribution method, device, equipment and storage medium |
| CN113114668B (en) * | 2021-04-09 | 2023-11-03 | 北京石头世纪科技股份有限公司 | Information transmission method, mobile terminal, storage medium and electronic equipment |
| CN114172692A (en) * | 2021-11-12 | 2022-03-11 | 新开普电子股份有限公司 | Security authentication method for accessing terminal to Internet of things |
| CN114339787A (en) * | 2021-12-31 | 2022-04-12 | 深圳市优必选科技股份有限公司 | Network distribution method of intelligent device, terminal device and computer readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241679A (en) * | 2016-03-29 | 2017-10-10 | 阿里巴巴集团控股有限公司 | One kind connection method for building up, method for sending information, message method and device |
| CN108391323A (en) * | 2018-02-02 | 2018-08-10 | 北京小米移动软件有限公司 | Equipment interconnected method, device and electronic equipment |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8176328B2 (en) * | 2008-09-17 | 2012-05-08 | Alcatel Lucent | Authentication of access points in wireless local area networks |
| CN102571702B (en) * | 2010-12-22 | 2014-11-05 | 中兴通讯股份有限公司 | Key generation method, system and equipment in Internet of things |
| CN102325322B (en) * | 2011-05-18 | 2014-01-15 | 西安电子科技大学 | Multi-way access gateway device supporting wireless network and certification method |
| CN102215226A (en) * | 2011-05-31 | 2011-10-12 | 北京虎符科技有限公司 | Self-organized network |
| KR101538424B1 (en) * | 2012-10-30 | 2015-07-22 | 주식회사 케이티 | Terminal for payment and local network monitoring |
| CN104349320A (en) * | 2013-08-09 | 2015-02-11 | 联想(北京)有限公司 | Sharing method and electronic equipment |
| CN105207790A (en) * | 2015-08-29 | 2015-12-30 | 宇龙计算机通信科技(深圳)有限公司 | Information processing method, device and system |
| CN105245552B (en) * | 2015-11-18 | 2019-01-18 | 北京京东世纪贸易有限公司 | Realize smart machine, terminal device and the method for security control authorization |
| CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
-
2019
- 2019-07-24 CN CN201910670264.0A patent/CN110519760B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241679A (en) * | 2016-03-29 | 2017-10-10 | 阿里巴巴集团控股有限公司 | One kind connection method for building up, method for sending information, message method and device |
| CN108391323A (en) * | 2018-02-02 | 2018-08-10 | 北京小米移动软件有限公司 | Equipment interconnected method, device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110519760A (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519760B (en) | Network access method, device, equipment and storage medium | |
| CN110798833B (en) | Method and device for verifying user equipment identification in authentication process | |
| US10412083B2 (en) | Dynamically generated SSID | |
| JP6668407B2 (en) | Terminal authentication method and apparatus used in mobile communication system | |
| CN112640385B (en) | non-SI device and SI device for use in SI system and corresponding methods | |
| CN107689864B (en) | Authentication method, server, terminal and gateway | |
| CN108012264A (en) | The scheme based on encrypted IMSI for 802.1x carriers hot spot and Wi-Fi call authorizations | |
| JP2014509468A (en) | Method and system for out-of-band delivery of wireless network credentials | |
| KR20150051568A (en) | Security supporting method and system for proximity based service device to device discovery and communication in mobile telecommunication system environment | |
| CN112640387B (en) | non-SI device, method, and computer readable and/or microprocessor executable medium for wireless connection | |
| CN108882233B (en) | IMSI encryption method, core network and user terminal | |
| US20240080316A1 (en) | Methods and apparatus for provisioning, authentication, authorization, and user equipment (ue) key generation and distribution in an on-demand network | |
| JP5721183B2 (en) | Wireless LAN communication system, wireless LAN base unit, communication connection establishment method, and program | |
| WO2016176902A1 (en) | Terminal authentication method, management terminal and application terminal | |
| CN115412909A (en) | Communication method and device | |
| WO2016003310A1 (en) | Bootstrapping a device to a wireless network | |
| US11765132B2 (en) | Information processing apparatus, non-transitory computer readable medium, and communication system | |
| US20220322467A1 (en) | Provisioning headless wifi devices and related systems, methods and devices | |
| US20230276231A1 (en) | Authentication Between Wireless Devices and Edge Servers | |
| US20230188498A1 (en) | Efficient and secure universal/app links | |
| WO2019144350A1 (en) | Communication method and communication apparatus | |
| KR20230016662A (en) | Key negotiation method, apparatus and system | |
| CN117203935A (en) | Method and apparatus for setup, authentication, authorization, and User Equipment (UE) key generation and distribution in an on-demand network | |
| CN116827915A (en) | Communication method, device and system | |
| KR20130140134A (en) | Method and system for out-of-band delivery of wireless network credentials |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |