CN112702776B - Method for realizing wireless terminal access to wireless local area network and wireless access point - Google Patents
Method for realizing wireless terminal access to wireless local area network and wireless access point Download PDFInfo
- Publication number
- CN112702776B CN112702776B CN202011478210.3A CN202011478210A CN112702776B CN 112702776 B CN112702776 B CN 112702776B CN 202011478210 A CN202011478210 A CN 202011478210A CN 112702776 B CN112702776 B CN 112702776B
- Authority
- CN
- China
- Prior art keywords
- wireless terminal
- key
- server
- random number
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention provides a method for realizing the access of a wireless terminal to a wireless local area network and a wireless access point, wherein the method comprises the following steps: receiving a first network access request message sent by a wireless terminal, wherein the first network access request message comprises a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a visitor key corresponding to the user and a preset privilege initial key; after the wireless terminal is confirmed to be legal according to the visitor key, determining that the association of the wireless terminal is successful and allocating a first permission to the wireless terminal; receiving a first specific authority key sent by a server, wherein the first specific authority key is generated by the server; receiving an authentication request which is sent by the wireless terminal and contains a second specific authority key, wherein the second specific authority key is generated by the wireless terminal; when the first specific right key and the second specific right key match, a second right is assigned to the wireless terminal. The realization difficulty is low.
Description
Technical Field
The invention relates to the field of data communication, in particular to a method for realizing wireless terminal access to a wireless local area network and a wireless access point.
Background
With the rapid development of wireless communication network technology and the rapid growth of service expansion, the popularization of wireless wifi is more and more common, wireless office becomes a normalized office mode, and particularly, equipment which supports wifi terminal access emits bamboo shoots in spring after raining, so that the user groups of the users are more diversified, white collar classes, students, leaders and the like are provided, and the difference of network requirements of the users on wifi access and the like is determined due to the difference of learning levels of the users.
A single wireless network only has a single secret key, and the requirement of high-security companies on the wireless office security cannot be met. Currently, each user employs a single key scheme, which is the most widely used high-security scheme, also called PPSK (per-user PSK).
Beacon frame (beacon frame): the beacon frame is used to announce the existence of 802.11 network in the current environment, which contains network related information such as bssid, etc., so that sta workstation can recognize it normally.
Bssid: a workstation may scan for a particular network (individual) to join, or scan for all networks (broadcases) that the workstation is allowed to join.
SSID: the SSID is used to specify the bit string of an extended service set. Most products consider the SSID as a network name (network name) because this bit string is usually set as a readily recognizable string. The workstation should set it to the broadcast SSID if it intends to find out all networks.
Sta: the wireless users, such as users accessing the wireless station AP, may be notebooks, wireless network access cards, and the like. MAC Address (Media Access Control Address): translated as a MAC Address, also known as a local area network Address (LAN Address), MAC Address, ethernet Address or Physical Address, which is an Address used to identify the location of a network device.
PSK is the pre-shared key: is a Unicode string used to validate L2TP/IPSec connections. "routing and remote access" may be configured to verify VPN connections that support pre-shared keys.
The way existing per-user PSK schemes assign different keys on a per sta basis is basically to register the mac and corresponding key of the terminal on the device. And each user can log in the wireless network by using different passwords in a one-to-one informing mode of an administrator. However, most terminals now have a random mac function, that is, for different bssids, the terminals virtualize different mac addresses for network communication use when connecting. Therefore, the traditional PPSK scheme has a considerable limitation in the use. Moreover, in view of the prior art, none of the solutions can implement simple and efficient real-time change of single-user PSK. That is, if the user carelessly reveals the wifi password, the lawless person can steal the important information data on the company through the mac and password information of the user.
Disclosure of Invention
In order to solve the technical problem, the embodiment of the invention adopts the following technical scheme:
a method for realizing wireless terminal access to wireless local area network is applied in wireless access point AP, and comprises:
receiving a first network access request message sent by a wireless terminal, wherein the first network access request message comprises a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a visitor key corresponding to the user and a preset privilege initial key;
after the wireless terminal is confirmed to be legal according to the visitor key, determining that the association of the wireless terminal is successful and distributing a first permission to the wireless terminal;
receiving a first specific authority key sent by a server, wherein the first specific authority key is generated by the server according to the user identifier, the first random number and the privilege initial identifier sent by the wireless terminal, a second random number generated after the user identifier is confirmed to be legal, and the identifier of the wireless terminal and the identifier of the server by using a first encryption algorithm after the wireless terminal accesses the AP;
receiving an authentication request containing a second specific authority key sent by the wireless terminal, wherein the second specific authority key is generated by the wireless terminal according to the identifier of the server and a second random number sent by the server by using the first encryption algorithm, and the first random number and the identifier of the wireless terminal;
and when the first specific authority key and the second specific authority key are matched, allocating a second authority to the wireless terminal.
Optionally, the method further includes:
notifying the server that the authentication of the wireless terminal by using the second specific authority key is successful, so that the server binds the user identifier with the identifier of the wireless terminal, and sends the updated second random number to the wireless terminal, so that the wireless terminal stores the updated second random number, and sends the updated first random number to the server.
In the alternative,
and presetting the user identification and the privilege initial key on the server.
Optionally, the method further includes:
receiving a second network access request message sent by the wireless terminal, wherein the second network access request message comprises a third specific authority key, and the third specific authority key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
sending information of the wireless terminal requesting for network access to the server, so that the server can generate a fourth specific authority key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
receiving a fourth specific authority key sent by the server and a wireless terminal authority corresponding to the fourth specific authority key;
and when the third specific authority key is matched with the fourth specific authority key, distributing the wireless terminal authority corresponding to the fourth specific authority key to the wireless terminal.
Optionally, the first Algorithm is a SHA1 Algorithm (Secure Hash Algorithm).
Another aspect of the embodiments of the present invention is to provide a wireless access point AP for enabling a wireless terminal to access a wireless local area network, including:
a first receiving module, configured to receive a first network access request packet sent by a wireless terminal, where the first network access request packet includes a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a guest key corresponding to the user, and a preset privilege initial key;
the determining module is used for determining that the wireless terminal is successfully associated and distributing a first permission to the wireless terminal after the wireless terminal is determined to be legal according to the visitor key;
a second receiving module, configured to receive a first specific permission key sent by a server, where the first specific permission key is generated by the server according to the user identifier, the first random number, the initial privilege identifier, a second random number generated after the user identifier is determined to be legal, and the identifiers of the wireless terminal and the server, which are sent by the wireless terminal after the wireless terminal accesses the AP, by using a first encryption algorithm;
a third receiving module, configured to receive an authentication request including a second specific permission key sent by the wireless terminal, where the second specific permission key is generated by the wireless terminal according to the identifier of the server and a second random number sent by the server by using the first encryption algorithm, and the first random number and the identifier of the wireless terminal;
and the authority distribution module is used for distributing a second authority to the wireless terminal when the first specific authority key is matched with the second specific authority key.
Optionally, the method further includes:
and the notification module is used for notifying the server that the wireless terminal successfully authenticates by using the second specific authority key so as to facilitate the server to bind the user identifier with the identifier of the wireless terminal and send the updated second random number to the wireless terminal so as to facilitate the wireless terminal to store the updated second random number and send the updated first random number to the server.
Alternatively to this, the first and second parts may,
and presetting the user identification and the privilege initial key on the server.
Alternatively to this, the first and second parts may,
the first receiving module is further configured to receive a second network access request message sent by the wireless terminal, where the second network access request message includes a third specific permission key, and the third specific permission key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the notification module is further configured to send information that the wireless terminal requests for network access to the server, so that the server generates a fourth specific permission key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the second receiving module is further configured to receive a fourth specific permission key and a wireless terminal permission corresponding to the fourth specific permission key, where the fourth specific permission key is sent by the server;
the permission distribution module is further configured to distribute a wireless terminal permission corresponding to the fourth specific permission key to the wireless terminal when the third specific permission key matches the fourth specific permission key.
Alternatively to this, the first and second parts may,
the first algorithm is the SHA1 algorithm.
The embodiment of the invention has the advantages of low realization difficulty and independent development and realization of AP equipment manufacturers. The message interaction is simple, and one-time network access is successful. The operation is simple, and the real-time key updating is not possessed by the prior art scheme. The embodiment of the invention also provides a user right distribution function, reduces the difficulty of network deployment and network optimization, and reduces the waste of air interface resources and equipment resources.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method provided by an embodiment of the present invention;
fig. 2 is a diagram illustrating a structure of an apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a method for realizing the access of a wireless terminal to a wireless local area network, which is applied to a wireless access point AP and comprises the following steps as shown in figure 1:
s101, receiving a first network access request message sent by a wireless terminal, wherein the first network access request message comprises a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a visitor key corresponding to the user and a preset privilege initial key;
s103, after the wireless terminal is confirmed to be legal according to the visitor key, the wireless terminal is determined to be successfully associated, and a first permission is distributed to the wireless terminal;
s105, receiving a first specific authority key sent by a server, wherein the first specific authority key is generated by the server according to the user identifier, the first random number and the privilege initial identifier sent by the wireless terminal, a second random number generated after the user identifier is confirmed to be legal, and the wireless terminal identifier and the identifier of the server by using a first encryption algorithm after the wireless terminal is accessed to the AP;
s107, receiving an authentication request containing a second specific authority key sent by the wireless terminal, wherein the second specific authority key is generated by the wireless terminal according to the server identifier and a second random number sent by the server by using the first encryption algorithm, and the first random number and the wireless terminal identifier;
s109, when the first specific authority key is matched with the second specific authority key, a second authority is distributed to the wireless terminal.
Optionally, the method further includes:
notifying the server that the authentication of the wireless terminal by using the second specific authority key is successful, so that the server binds the user identifier with the identifier of the wireless terminal, and sends the updated second random number to the wireless terminal, so that the wireless terminal stores the updated second random number, and sends the updated first random number to the server.
Alternatively to this, the first and second parts may,
and presetting the user identification and the privilege initial key on the server.
Optionally, the method further includes:
receiving a second network access request message sent by the wireless terminal, wherein the second network access request message comprises a third specific authority key, and the third specific authority key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
sending information of the wireless terminal requesting for network access to the server, so that the server can generate a fourth specific authority key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
receiving a fourth specific authority key sent by the server and a wireless terminal authority corresponding to the fourth specific authority key;
and when the third specific authority key is matched with the fourth specific authority key, distributing the wireless terminal authority corresponding to the fourth specific authority key to the wireless terminal.
Optionally, the first Algorithm is a SHA1 Algorithm (secure Hash Algorithm 1Secure Hash Algorithm 1).
The embodiment of the invention has the advantages of low realization difficulty and independent development and realization of AP equipment manufacturers. The message interaction is simple, and one-time network access is successful. The operation is simple, and the real-time key updating is not possessed by the prior art scheme. The embodiment of the invention also provides a user right distribution function, reduces the difficulty of network deployment and network optimization, and reduces the waste of air interface resources and equipment resources.
Another aspect of the embodiments of the present invention is to provide a wireless access point AP for enabling a wireless terminal to access a wireless local area network, as shown in fig. 2, including:
a first receiving module 201, configured to receive a first network access request packet sent by a wireless terminal, where the first network access request packet includes a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a guest key corresponding to the user, and a preset privilege initial key;
a determining module 203, configured to determine that the association of the wireless terminal is successful and assign a first permission to the wireless terminal after confirming that the wireless terminal is legal according to the visitor key;
a second receiving module 205, configured to receive a first specific permission key sent by a server, where the first specific permission key is generated by the server according to the user identifier, the first random number, the initial privilege identifier, the second random number generated after the user identifier is determined to be legal, and the identifiers of the wireless terminal and the server, which are sent by the wireless terminal after the wireless terminal accesses the AP;
a third receiving module 207, configured to receive an authentication request that is sent by the wireless terminal and includes a second specific permission key, where the second specific permission key is generated by the wireless terminal according to the identifier of the server and the second random number sent by the server by using the first encryption algorithm, and the first random number and the identifier of the wireless terminal;
an authority assignment module 209, configured to assign a second authority to the wireless terminal when the first specific authority key and the second specific authority key match.
Optionally, the method further includes:
and the notification module is used for notifying the server that the wireless terminal successfully authenticates by using the second specific authority key so as to facilitate the server to bind the user identifier with the identifier of the wireless terminal and send the updated second random number to the wireless terminal so as to facilitate the wireless terminal to store the updated second random number and send the updated first random number to the server.
Alternatively to this, the first and second parts may,
and presetting the user identification and the privilege initial key on the server.
In the alternative,
the first receiving module is further configured to receive a second network access request message sent by the wireless terminal, where the second network access request message includes a third specific permission key, and the third specific permission key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the notification module is further configured to send information that the wireless terminal requests for network access to the server, so that the server generates a fourth specific permission key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the second receiving module is further configured to receive a fourth specific permission key and a wireless terminal permission corresponding to the fourth specific permission key, where the fourth specific permission key is sent by the server;
the permission distribution module is further configured to distribute a wireless terminal permission corresponding to the fourth specific permission key to the wireless terminal when the third specific permission key matches the fourth specific permission key.
Alternatively to this, the first and second parts may,
the first algorithm is the SHA1 algorithm.
The embodiment of the invention has the advantages of low realization difficulty and independent development and realization of AP equipment manufacturers. The message interaction is simple, and one-time network access is successful. The operation is simple, and the real-time key updating is not possessed by the prior art scheme. The embodiment of the invention also provides a user right distribution function, reduces the difficulty of network deployment and network optimization, and reduces the waste of air interface resources and equipment resources.
The following further explains the embodiments of the present invention with reference to specific scenarios:
when a user accesses a network for the first time, the method comprises the following steps:
step one, an administrator adds a job number (user identification) in a server, and the server is provided with a PASS2ORI (privilege initial key);
and step two, the user downloads and installs the special application program APP, and starts the internet access function after inputting the job number. APP carries PASS1 (guest key) and PASS2ORI (privileged initial key) itself;
step three, the APP controls the wireless terminal to use a visitor key PASS1 to associate and designate a wireless local area network wlan1;
step four, after receiving the association request, the AP carries out key matching, after the PASS1 is successfully matched, the wireless terminal is allowed to be associated to the wlan1, visitor permission (first permission) is distributed to the wireless terminal, and only visitor area information can be obtained (if a message sent by the terminal only has a destination address, if the message is a special address of an intranet, the message can be automatically discarded by the AP);
step five, the APP finds that the WLAN1 is successfully associated (the association can be realized by a script continuous ping server ip), a random number A (a first random number) is generated, the work number of the user and the random number A are packaged and encrypted and then sent to the server (the encryption algorithm can be AES algorithm or other, the APP and the server are preset, and the flexibility and the privacy are higher);
step six, the server decrypts the information and checks that the work number of the user is legal, a random number B (a second random number) is immediately generated, and a real-time specific authority key PASS2 (a first specific authority key) is calculated by using a special encryption algorithm SHA1 (a terminal mac, a server mac, a work number, a random number A, a random number B and a PASS2 ORI) (note that the special encryption algorithm can be other types, and the APP and the server can be preset);
step seven, the server synchronizes the information of the user mac and the PASS2 to all the APs in the networking;
and step eight, the server encrypts the random number B and sends the encrypted random number B to the wireless terminal (the encryption algorithm can be an AES algorithm or other algorithms).
Step nine, the APP calculates a real-time specific authority key PASS2 (a second specific authority key) through a special encryption algorithm SHA1 (a terminal mac, a server mac, a work number, a random number A, a random number B and a PASS2 ORI) (note that the special encryption algorithm can be of other types, and the APP and the server are set);
step ten, the APP uses a real-time specific authority key PASS2, a 4-time handshake interface of an open source wpa _ supplicant library is called, matching authentication is carried out on the APP and the AP, and after the first specific authority key and the second specific authority key are matched, the AP promotes the authority of the wireless terminal to be a specific authority (second authority). (Note: the data message is sent directly without disconnecting the network)
Step eleven, the AP informs the server that the wireless terminal successfully accesses the network by using the specific authority key, the server binds the terminal with the user identifier, updates the random number B, encrypts and sends the random number B to the wireless terminal.
And step twelve, the terminal records the random number B, updates the random number A, encrypts and sends the random number A to the server. At this point, both the random number a and the random number B of the server and the wireless terminal have been updated.
When a user accesses the network for the non-first time, the method comprises the following steps:
step one, a user starts an APP, and the APP calculates a real-time specific authority key PASS2 (a third specific authority key) through a special encryption algorithm SHA1 (a terminal mac, a server mac, a work number, a random number A, a random number B and a PASS2 ORI) (note that the special encryption algorithm can be other types, and the APP and the server can be preset);
and step two, the APP uses PASS2 to apply for network access. After receiving the association request of the terminal, the AP applies for network access to a server terminal user;
step three, the server inquires information such as user identification, random number and the like of the wireless terminal mac, and calculates a real-time special authority key PASS2 (fourth special authority key) through a special encryption algorithm SHA1 (the terminal mac, the server mac, the work number, the random number A, the random number B and the PASS2 ORI) (note that the special encryption algorithm can be other types, and the APP and the server can be preset);
step four, the server informs the AP of the key PASS2 of the wireless terminal and the corresponding wireless terminal authority.
And step five, the wireless terminal and the AP successfully verify through 4-time handshake, and after the third specific authority key and the fourth specific authority key are matched, network access is completed, and the wireless terminal can acquire network information corresponding to corresponding authorities.
And step six, the AP informs the server that the terminal successfully accesses the network by using the specific authority key, the server binds the terminal with the user identifier, updates the random number B, encrypts the random number B and sends the encrypted random number B to the wireless terminal.
And seventhly, the wireless terminal records the random number B, updates the random number A, encrypts and sends the random number A to the server. At this point, both the random number a and the random number B have been updated for both the server and the wireless terminal.
The embodiment of the invention has the advantages of low realization difficulty and independent development and realization of AP equipment manufacturers. The message interaction is simple, and one-time network access is successful. The operation is simple, and the real-time key updating is not possessed by the prior art scheme. The embodiment of the invention also provides a user right distribution function, reduces the difficulty of network deployment and network optimization, and reduces the waste of air interface resources and equipment resources.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for realizing wireless terminal access to wireless local area network is applied in wireless access point AP, and comprises:
receiving a first network access request message sent by a wireless terminal, wherein the first network access request message comprises a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a visitor key corresponding to the user and a preset privilege initial key;
after the wireless terminal is confirmed to be legal according to the visitor key, determining that the association of the wireless terminal is successful and distributing a first permission to the wireless terminal;
receiving a first specific authority key sent by a server, wherein the first specific authority key is generated by the server according to the user identifier, the first random number and the privilege initial key sent by the wireless terminal, a second random number generated after the user identifier is confirmed to be legal, the wireless terminal identifier and the identifier of the server by using a first algorithm after the wireless terminal accesses the AP;
receiving an authentication request containing a second specific authority key sent by the wireless terminal, wherein the second specific authority key is generated by the wireless terminal according to the identifier of the server and a second random number sent by the server by applying the first algorithm, and the user identifier, the first random number, the privilege initial key and the wireless terminal identifier;
and when the first specific authority key and the second specific authority key are matched, allocating a second authority to the wireless terminal.
2. The method of claim 1, further comprising:
notifying the server that the authentication of the wireless terminal by using the second specific authority key is successful, so that the server binds the user identifier with the identifier of the wireless terminal, and sends the updated second random number to the wireless terminal, so that the wireless terminal stores the updated second random number, and sends the updated first random number to the server.
3. The method of claim 1, wherein:
and presetting the user identification and the privilege initial key on the server.
4. The method of claim 2, further comprising:
receiving a second network access request message sent by the wireless terminal, wherein the second network access request message contains a third specific authority key, and the third specific authority key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
sending information of the wireless terminal requesting network access to the server, so that the server can generate a fourth specific authority key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier and the user identifier by applying a first algorithm;
receiving a fourth specific authority key sent by the server and a wireless terminal authority corresponding to the fourth specific authority key;
and when the third specific authority key is matched with the fourth specific authority key, distributing the wireless terminal authority corresponding to the fourth specific authority key to the wireless terminal.
5. The method of any of claims 1-4,
the first algorithm is the SHA1 algorithm.
6. A wireless Access Point (AP) for enabling a wireless terminal to access a wireless local area network, comprising:
a first receiving module, configured to receive a first network access request packet sent by a wireless terminal, where the first network access request packet includes a user identifier of a user logged in the wireless terminal, the wireless terminal identifier, a guest key corresponding to the user, and a preset privilege initial key;
the determining module is used for determining that the wireless terminal is successfully associated and distributing a first permission to the wireless terminal after the wireless terminal is determined to be legal according to the visitor key;
a second receiving module, configured to receive a first specific permission key sent by a server, where the first specific permission key is generated by the server according to the user identifier, the first random number, the initial privilege key, a second random number generated after the user identifier is determined to be legal, and the identifiers of the wireless terminal and the server, where the first specific permission key is sent by the wireless terminal after the wireless terminal accesses the AP, and the second random number is generated after the user identifier and the first random number are determined to be legal;
a third receiving module, configured to receive an authentication request including a second specific permission key sent by the wireless terminal, where the second specific permission key is generated by the wireless terminal according to an identifier of the server and a second random number sent by the server by using the first algorithm, and the user identifier, the first random number, the privilege initial key, and the wireless terminal identifier;
and the authority distribution module is used for distributing a second authority to the wireless terminal when the first specific authority key is matched with the second specific authority key.
7. The AP of claim 6, further comprising:
and the notification module is used for notifying the server that the authentication of the wireless terminal by using the second specific authority key is successful, so that the server can bind the user identifier with the identifier of the wireless terminal, and send the updated second random number to the wireless terminal, so that the wireless terminal can store the updated second random number, and send the updated first random number to the server.
8. The AP of claim 6,
and presetting the user identification and the privilege initial key on the server.
9. The AP of claim 7, wherein:
the first receiving module is further configured to receive a second network access request message sent by the wireless terminal, where the second network access request message includes a third specific permission key, and the third specific permission key is generated by the wireless terminal according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the notification module is further configured to send information that the wireless terminal requests for network access to the server, so that the server generates a fourth specific permission key according to the updated first random number, the updated second random number, the privilege initial key, the wireless terminal identifier, the server identifier, and the user identifier by using a first algorithm;
the second receiving module is further configured to receive a fourth specific permission key and a wireless terminal permission corresponding to the fourth specific permission key, where the fourth specific permission key is sent by the server;
the permission distribution module is further configured to distribute a wireless terminal permission corresponding to the fourth specific permission key to the wireless terminal when the third specific permission key matches the fourth specific permission key.
10. The AP of any one of claims 6-9,
the first algorithm is the SHA1 algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011478210.3A CN112702776B (en) | 2020-12-15 | 2020-12-15 | Method for realizing wireless terminal access to wireless local area network and wireless access point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011478210.3A CN112702776B (en) | 2020-12-15 | 2020-12-15 | Method for realizing wireless terminal access to wireless local area network and wireless access point |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702776A CN112702776A (en) | 2021-04-23 |
| CN112702776B true CN112702776B (en) | 2023-03-21 |
Family
ID=75508182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011478210.3A Active CN112702776B (en) | 2020-12-15 | 2020-12-15 | Method for realizing wireless terminal access to wireless local area network and wireless access point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702776B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391540A (en) * | 2012-05-08 | 2013-11-13 | 华为终端有限公司 | Method and system for generating secret key information, terminal device and access network device |
| CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1268093C (en) * | 2002-03-08 | 2006-08-02 | 华为技术有限公司 | Distribution method of wireless local area network encrypted keys |
| CN100539521C (en) * | 2003-05-16 | 2009-09-09 | 华为技术有限公司 | A kind of method that realizes radio local area network authentication |
| TWI249316B (en) * | 2004-02-10 | 2006-02-11 | Ind Tech Res Inst | SIM-based authentication method for supporting inter-AP fast handover |
| CN102625306A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Method, system and equipment for authentication |
| CN104735052B (en) * | 2015-01-28 | 2017-12-08 | 中山大学 | The safe login method and system of Wi-Fi hotspot |
| CN105188055B (en) * | 2015-08-14 | 2018-06-12 | 中国联合网络通信集团有限公司 | wireless network access method, wireless access point and server |
| US10368240B2 (en) * | 2015-08-31 | 2019-07-30 | Samsung Electronics Co., Ltd. | Profile download method and apparatus for use in wireless communication system |
-
2020
- 2020-12-15 CN CN202011478210.3A patent/CN112702776B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391540A (en) * | 2012-05-08 | 2013-11-13 | 华为终端有限公司 | Method and system for generating secret key information, terminal device and access network device |
| CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702776A (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10945127B2 (en) | Exclusive preshared key authentication | |
| CN110800331B (en) | Network verification method, related equipment and system | |
| KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
| CN105706390B (en) | Method and apparatus for performing device-to-device communication in a wireless communication network | |
| KR101315670B1 (en) | Method for smart phone registration when accessing security authentication device and method for access authentication of registered smart phone | |
| US20090240944A1 (en) | Generation method and update method of authorization key for mobile communication | |
| KR20070108365A (en) | Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal | |
| US10321306B2 (en) | Network device selective synchronization | |
| US20130283050A1 (en) | Wireless client authentication and assignment | |
| CN102255916A (en) | Access authentication method, device, server and system | |
| CN103297968A (en) | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system | |
| CN106535089B (en) | Machine-to-machine virtual private network | |
| CN112929876B (en) | Data processing method and device based on 5G core network | |
| CN110519259B (en) | Method and device for configuring communication encryption between cloud platform objects and readable storage medium | |
| CN102571811A (en) | User access authority control system and method thereof | |
| WO2014177106A1 (en) | Network access control method and system | |
| US11936633B2 (en) | Centralized management of private networks | |
| CN112702776B (en) | Method for realizing wireless terminal access to wireless local area network and wireless access point | |
| US11297049B2 (en) | Linking a terminal into an interconnectable computer infrastructure | |
| WO2020063830A1 (en) | Mobile office realization method, apparatus, device, and medium | |
| CN114338522A (en) | IPv6 addressing and networking method based on identification management | |
| CN101998405B (en) | WLAN access authentication based method for accessing services | |
| KR20140051018A (en) | Method and apparatus for managing an embedded subscriber identity module in a communication system | |
| EP1843523B1 (en) | A method of performing a location update of a mobile station to a mobile communication network, a mobile station, and a mobile communication network | |
| CN112887968B (en) | Network equipment management method, device, network management equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |