CN113316146B - Method, access point and terminal for providing network access service - Google Patents

Method, access point and terminal for providing network access service Download PDF

Info

Publication number
CN113316146B
CN113316146B CN202110558284.6A CN202110558284A CN113316146B CN 113316146 B CN113316146 B CN 113316146B CN 202110558284 A CN202110558284 A CN 202110558284A CN 113316146 B CN113316146 B CN 113316146B
Authority
CN
China
Prior art keywords
access point
password
terminal
encrypted
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110558284.6A
Other languages
Chinese (zh)
Other versions
CN113316146A (en
Inventor
田新雪
蒙睿
肖征荣
马书惠
杨子文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202110558284.6A priority Critical patent/CN113316146B/en
Publication of CN113316146A publication Critical patent/CN113316146A/en
Application granted granted Critical
Publication of CN113316146B publication Critical patent/CN113316146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention provides a method for providing network access service, a first access point, a second access point and a terminal, belongs to the technical field of communication, and can at least partially solve the problem of poor user experience of the existing method for providing the network access service. The method for accessing the network into the service comprises the following steps: receiving network access application information sent by a terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal; generating a random number, and sending authentication application information to the second access point through the shared block chain according to the identifier of the second access point, wherein the authentication application information comprises a first encryption result and the random number; receiving a second encryption result sent by a second access point; and encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.

Description

Method, access point and terminal for providing network access service
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a method for providing network access service, a first access point, a second access point and a terminal.
Background
With the development of economy and technology, devices such as routers and switches have been increasingly used, and the routers and switches, which serve as wireless APs (Access points), can provide network Access services for terminals within a coverage range of Wi-Fi (mobile hotspot) signals released by the devices and having Access passwords (or Wi-Fi passwords) for accessing the Wi-Fi signals (or the Access points), so that the terminals can Access a network.
Such as a home router installed at each home (which may also be referred to as home Wi-Fi), which may provide network access services for terminals within the home that possess the Wi-Fi password of the home Wi-Fi.
When the terminal moves to an area which cannot be covered by Wi-Fi signals released by home Wi-Fi, the terminal can search many other Wi-Fi signals, but the terminal cannot access a network through the Wi-Fi signals because the terminal does not access an access password corresponding to the Wi-Fi signals.
Meanwhile, as the terminal is already in an area which cannot be covered by the home Wi-Fi, although the home Wi-Fi may be in an idle state at the moment, the terminal cannot access the network through the home Wi-Fi, and poor user experience is caused.
Disclosure of Invention
The invention at least partially solves the problem of poor user experience of the existing method for providing the network access service, and provides a method for providing the network access service with good user experience, a first access point, a second access point and a terminal.
A first aspect of the present invention provides a method for providing a network access service, the method being used for a first access point, the first access point being a node sharing a blockchain, the method comprising:
receiving network access application information sent by a terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by homomorphic encryption of a password to be encrypted by using a homomorphic encryption key by the terminal, and the password to be encrypted is obtained from a password book by the terminal according to an algorithm agreed in advance with the second access point;
generating a random number, and sending authentication application information to the second access point through the shared block chain according to the identifier of the second access point, wherein the authentication application information comprises the first encryption result and the random number;
receiving a second encryption result sent by the second access point, wherein the second encryption result is obtained by using the homomorphic encryption key by the second access point to homomorphically encrypt the password to be encrypted and the random number;
and encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
A second aspect of the present invention provides a method of providing a network access service, the method being for a terminal, the method comprising:
acquiring a password to be encrypted from a password book according to an algorithm predetermined by a second access point corresponding to the terminal, and homomorphically encrypting the password to be encrypted by using a homomorphic encryption key to acquire a first encryption result;
and sending network access application information to the first access point, wherein the network access application information comprises the first encryption result and the identifier of the second access point.
Optionally, the obtaining a password to be encrypted from a password book according to an algorithm agreed in advance by a second access point corresponding to the terminal, and performing homomorphic encryption on the password to be encrypted by using a homomorphic encryption key to obtain a first encryption result includes: acquiring a password to be encrypted from a password book according to an algorithm agreed in advance with the second access point at the access time point, and homomorphically encrypting the password to be encrypted by using the homomorphic encryption key to acquire a first encryption result; the network access application information further includes the access time point.
Further optionally, the obtaining the password to be encrypted from the password book according to the access time point and the algorithm agreed in advance with the second access point includes: generating a positive integer N according to the access time point according to a predetermined algorithm; and determining the Nth password in the password book as the password to be encrypted.
A third aspect of the present invention provides a method for providing a network access service, the method being used for a second access point, the second access point being a node sharing a blockchain, the method comprising:
receiving authentication application information sent by the first access point, wherein the authentication application information comprises a first encryption result and a random number;
acquiring a password to be encrypted from a password book according to an algorithm predetermined by a terminal corresponding to the second access point, and decrypting the first encryption result according to a homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result;
and under the condition that the encryption result is the same as the password to be encrypted, encrypting the password to be encrypted and the random number by using the homomorphic encryption key to obtain a second encryption result, and sending the second encryption result to the first access point through the shared block chain.
Optionally, the authentication application information further includes an access time point; the obtaining the password to be encrypted from the password book according to the algorithm predetermined by the terminal corresponding to the second access point includes: and acquiring the password to be encrypted from the password book according to the access time point and the algorithm agreed in advance with the terminal.
Further optionally, the sending the second encryption result to the first access point through the shared block chain includes: and after the second encryption result is signed by using the private key of the second access point, broadcasting the second encryption result to all nodes of the shared block chain.
A fourth aspect of the present invention provides a first access point of a network, the first access point being a node sharing a blockchain, the first access point comprising:
the terminal receiving module is used for receiving network access application information sent by a terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by homomorphic encryption of a password to be encrypted by the terminal through a homomorphic encryption key, and the password to be encrypted is obtained by the terminal from a password book according to an algorithm agreed in advance with the second access point;
a block chain sending module, configured to generate a random number, and send authentication application information to the second access point through the shared block chain according to an identifier of the second access point, where the authentication application information includes the first encryption result and the random number;
the block chain receiving module is used for receiving a second encryption result sent by the second access point, wherein the second encryption result is obtained by using the homomorphic encryption key by the second access point to homomorphically encrypt the password to be encrypted and the random number;
and the access module is used for encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
A fifth aspect of the present invention provides a terminal, comprising:
the terminal encryption module is used for acquiring a password to be encrypted from a password book according to an algorithm predetermined by a second access point corresponding to the terminal, and homomorphic encryption is performed on the password to be encrypted by using a homomorphic encryption key to acquire a first encryption result;
and the sending module is used for sending network access application information to the first access point, wherein the network access application information comprises the first encryption result and the identifier of the second access point.
A sixth aspect of the present invention provides a second access point, which is a node sharing a blockchain, including:
a receiving module, configured to receive authentication application information sent by the first access point, where the authentication application information includes a first encryption result and a random number;
the access point encryption module is used for acquiring a password to be encrypted from the password book according to an algorithm predetermined by a terminal corresponding to the second access point, and decrypting the first encryption result according to a homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result;
and the communication module is used for encrypting the password to be encrypted and the random number by using the homomorphic encryption key to obtain a second encryption result under the condition that the encryption result is the same as the password to be encrypted, and sending the second encryption result to the first access point through the shared block chain.
In the method for network access service, the first access point, the second access point and the terminal of the embodiment of the invention, the first access point and the second access point are different nodes of the same shared block chain, the first access point receives a first encryption result sent by the terminal, sends the first encryption result to the second access point through the block chain, and judges whether to provide network access service for the terminal according to a second encryption result returned by the second access point. By the method for providing the network access service, on one hand, the suspicious terminal can be prevented from accessing the first access point, so that the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, after passing the verification, the first access point directly provides network access service for the terminal, all information does not need to pass other access points, the communication efficiency is high, and the user experience is good.
Drawings
Fig. 1 is a flowchart illustrating a method for providing a network access service for a first access point according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for providing a network access service for a terminal according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a method for providing network access service for a second access point according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a method for providing network access service according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a part of steps of a method for providing a network access service according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating a portion of another method for providing network access services according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating a portion of another method for providing network access services according to an embodiment of the present invention;
fig. 8 is a block diagram illustrating a first ap according to an embodiment of the present invention;
fig. 9 is a block diagram schematically illustrating a terminal according to an embodiment of the present invention;
fig. 10 is a block diagram illustrating a second access point according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention and are not limiting of the invention.
It is to be understood that the embodiments and features of the embodiments can be combined with each other without conflict.
It is to be understood that, for the convenience of description, only parts related to the present invention are shown in the drawings of the present invention, and parts not related to the present invention are not shown in the drawings.
It should be understood that each unit and module related in the embodiments of the present invention may correspond to only one physical structure, may also be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.
It will be understood that, without conflict, the functions, steps, etc. noted in the flowchart and block diagrams of the present invention may occur in an order different from that noted in the figures.
It is to be understood that the flowchart and block diagrams of the present invention illustrate the architecture, functionality, and operation of possible implementations of systems, apparatus, devices and methods according to various embodiments of the present invention. Each block in the flowchart or block diagrams may represent a unit, module, segment, code, which comprises executable instructions for implementing the specified function(s). Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by a hardware-based system that performs the specified functions or by a combination of hardware and computer instructions.
It is to be understood that the units and modules involved in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware, for example, the units and modules may be located in a processor.
In some related technologies, by setting a visitor mode in an access point device, a network access service is provided for a terminal without an access password corresponding to the access point, and the terminal can access the one-time access password of the access point only through authentication to obtain the network access service provided by the access point.
However, with the development of the hidden visitor technology, a hacker can steal the privacy of a terminal user by monitoring the data communication of the terminal accessing an access point such as a router and a switch; even the user can be hijacked to access the phishing hotspot, and traffic hijacking, tampering and the like are realized.
For example, a vulnerability called "Key Reinstallation attach" is based on WPA2 privacy protocol, and an attacker uses a one-time Key provided by an access point to a terminal to crack information exchanged between the access point and the terminal, so as to obtain important information of a terminal user, such as a credit card, chat information, and a payment password.
Particularly, the access point releases Wi-Fi signals for public places, and the access password of the access point is known by all the public, so that a hacker can crack information exchanged between the access point and a terminal more easily.
In other related technologies, after the terminal moves to an area which cannot be covered by Wi-Fi signals released by home Wi-Fi, the terminal sends information which is required to be sent to the home Wi-Fi to the access point corresponding to other searched Wi-Fi signals, and the access point corresponding to other Wi-Fi signals sends the received information to the home Wi-Fi.
That is, all information needs to be forwarded to the home Wi-Fi through other access points, although the method can realize that the home Wi-Fi provides network access service for the terminal, the communication efficiency is low and the user experience is poor due to the need of forwarding of other access points.
Example 1:
referring to fig. 1, the present embodiment provides a method of providing a network access service.
The method for providing the network access service is used for a first access point of a network.
When the network is a local area network, there are at least two access points (such as routers and switches) within the coverage area of the network, where the access points can be used for the terminal to access the local area network.
The access point of the network may specifically be a router, a switch, or other devices, which releases the Wi-Fi signal, and a terminal within the coverage of the Wi-Fi signal may access the network by connecting to the Wi-Fi signal.
A network may have multiple access points, such as for a wide area internet where nearly all routers are its access points.
Each access point has its corresponding access password (or Wi-Fi password), and multiple access points may form a shared block chain, and each access point is a node of the shared block chain and may store its own Identifier, specifically, an SSID (Service Set Identifier) of the access point, and its own IP (Internet Protocol) address in the block chain.
After joining the tbc, the access point may prompt itself to join the tbc in the public SSID to notify the corresponding terminal (or the terminal connected to the corresponding terminal) that it has joined the tbc.
The first access point specifically refers to an access point corresponding to a Wi-Fi signal currently searched by a terminal needing to access a network, and the terminal does not have an access password (or Wi-Fi password) corresponding to the access point and cannot access the network through the access point (or the access point cannot provide network access service for the terminal).
Specifically, under the condition that the access point corresponding to the access password owned by the terminal does not work or the terminal is just out of the coverage range of the Wi-Fi signals released by the access points, the terminal sends network access application information to the access point corresponding to the searched Wi-Fi signal after searching for other Wi-Fi signals, wherein the network access application information is used for applying for releasing the access point (namely, the first access point) of the Wi-Fi signal to provide network access service for the access point.
After searching for a plurality of Wi-Fi signals, the terminal may send application information to all access points corresponding to the plurality of Wi-Fi signals, which are all first access points.
For each first access point, the method for providing a network access service provided in this embodiment specifically includes:
s101, network access application information sent by a terminal is received, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by using a homomorphic encryption key by the terminal to homomorphic encrypt a password to be encrypted, and the password to be encrypted is obtained from a password book by the terminal according to an algorithm agreed with the second access point in advance.
After the terminal sends the network access application information, the first access point receives the network access application information of the terminal.
And the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal.
The second access point corresponding to the terminal is the access point which is provided with the access password of the access point by the terminal, and when the terminal moves to the area covered by the signal released by the access point, the terminal can directly enable the access point to provide network access service for the terminal through the access password.
When the terminal has access passwords of a plurality of access points in the network, that is, a plurality of access points in the network can all become a second access point corresponding to the terminal, the terminal can select one access point as the second access point and place an identifier of the access point (specifically, an SSID of the access point) in the network access application information.
The terminal and the second access point negotiate together to generate a cipher book in advance, and agree to obtain the algorithm of the password to be encrypted from the cipher book, and agree to a homomorphic encryption key HK for homomorphic encryption of the password to be encrypted.
Specifically, after determining an access time point Tn (specifically, the time when the terminal finds the first access point), the terminal generates a positive integer N according to the access time point Tn by using an algorithm agreed with the second access point, uses the nth password in the password book as a password RK to be encrypted, and after obtaining the password RK to be encrypted, performs homomorphic encryption on the password RK to be encrypted by using a homomorphic encryption key HK to obtain a first encryption result e (RK).
And S102, generating a random number, and sending authentication application information to the second access point through the shared block chain according to the identifier of the second access point, wherein the authentication application information comprises a first encryption result and the random number.
And after receiving the network access application information, the first access point generates a random number R, and sends the authentication application information to the second block chain by using the shared block chain according to the identifier of the second access point in the network access application information.
The authentication application information includes a first encryption result e (rk) included in the access application information and a random number R generated by the first access point.
After receiving the authentication application information, the second access point acquires a password RK 'to be encrypted from a password book (a password book which is negotiated with the terminal and is generated in advance) according to an algorithm which is agreed with the terminal and acquires the password to be encrypted from the password book, meanwhile, the second access point decrypts the first encryption result by using a homomorphic decryption key corresponding to a homomorphic encryption key HK agreed in advance with the terminal to acquire a decryption result RK, if the decryption result RK is consistent with the result RK' to be encrypted, the terminal and the second access point are agreed in advance, and the second access point performs homomorphic encryption on the password RK to be encrypted and a random number R by using the homomorphic encryption key HK to acquire a second encryption result E (RK + R).
And after the second access point acquires the second encryption result E (RK + R), the second access point sends the second encryption result E (RK + R) to the first access point through the shared block chain, and the first access point receives the second encryption result E (RK + R) sent by the second access point.
S103, receiving a second encryption result sent by the second access point, wherein the second encryption result is obtained by using the homomorphic encryption key and the homomorphic encryption key by the second access point to perform homomorphic encryption on the password to be encrypted and the random number.
S104, encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
The first access point receives a second encryption result E (RK + R) sent by the second access point, and after obtaining the second encryption result E (RK + R), uses a homomorphic encryption key HK to carry out secret encryption on a random number R to obtain a third encryption result E (R), when the sum of the third encryption result E (R) and the first encryption result E (RK) is the same as that of the second encryption result E (RK + R), namely E (R) + E (RK) E (RK + R), the first access point provides network access service for the terminal, and when the sum of the third encryption result E (R) and the first encryption result E (RK) is different from that of the second encryption result E (RK + R), namely E (R) + E (RK + R), the first access point refuses to provide network access service for the terminal.
In the method for providing network access service in this embodiment, the first access point and the second access point are different nodes of the same shared block chain, the first access point receives a first encryption result sent by the terminal, sends the first encryption result to the second access point through the block chain, and determines whether to provide network access service for the terminal according to a second encryption result returned by the second access point. By the method for providing the network access service, on one hand, the suspicious terminal can be prevented from accessing the first access point, so that the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, after passing the verification, the first access point directly provides network access service for the terminal, all information does not need to pass other access points, the communication efficiency is high, and the user experience is good.
Meanwhile, the first access point and the second access point are nodes sharing the block chain, the information transmitted by the first access point and the second access point passes through the block chain, the block chain is used as a decentralized database, the safety is high, and the information is transmitted by using the block chain, so that the safety of the information can be further guaranteed.
Example 2:
referring to fig. 2, the present embodiment provides a method for providing a network access service, and unlike embodiment 1, the method for providing a network access service of the present embodiment is applied to a terminal.
The method for providing network access service provided by the embodiment of the disclosure specifically includes:
s201, a password to be encrypted is obtained from the password book according to an algorithm agreed in advance by a second access point corresponding to the terminal, and homomorphic encryption is carried out on the password to be encrypted by using a homomorphic encryption key to obtain a first encryption result.
After searching a plurality of Wi-Fi signals, the terminal finds that no access password corresponding to the Wi-Fi signals exists, and selects a Wi-Fi signal which is desired to be accessed from the searched Wi-Fi signals (at this moment, the access point is the first access point).
The terminal obtains the password RK to be encrypted from the password book generated by pre-negotiation with the second access point according to the algorithm for obtaining the password to be encrypted from the password book agreed with the second access point in advance, and encrypts the password RK to be encrypted by using the homomorphic encryption key HK agreed with the second access point to obtain a first encryption result E (RK).
S202, sending network access application information to the first access point, wherein the network access application information comprises a first encryption result and an identifier of the second access point.
After the terminal acquires the first encryption result E (RK), the first encryption result E (RK) and the identifier of the second access point are written into the network access application information, and the network access application information is sent to the first access point.
The first access point receives access application information sent by the terminal, generates a random number R and sends authentication application information to the second block chain by using the shared block chain according to the identification of the second access point in the network access application information, wherein the authentication application information comprises a first encryption result E (RK) included in the access application information and the random number R generated by the first access point.
After receiving the authentication application information, the second access point acquires a password RK 'to be encrypted from a password book (a password book which is negotiated with the terminal and is generated in advance) according to an algorithm which is agreed with the terminal and acquires the password to be encrypted from the password book, meanwhile, the second access point decrypts the first encryption result by using a homomorphic decryption key corresponding to a homomorphic encryption key HK agreed in advance with the terminal to acquire a decryption result RK, if the decryption result RK is consistent with the result RK' to be encrypted, the terminal and the second access point are agreed in advance, and the second access point performs homomorphic encryption on the password RK to be encrypted and a random number R by using the homomorphic encryption key HK to acquire a second encryption result E (RK + R).
And after obtaining the second encryption result E (RK + R), the second access point sends the second encryption result E (RK + R) to the first access point through the shared block chain, the first access point receives the second encryption result E (RK + R) sent by the second access point, the random number R is confidential by using the homomorphic encryption key HK to obtain a third encryption result E (R), and when the sum of the third encryption result E (R) and the first encryption result E (RK) is the same as the second encryption result E (RK + R), namely E (R) + E (RK) ((RK + R)), the first access point provides network access service for the terminal.
In the method for providing the network access service according to this embodiment, the terminal and the second access point obtain the password to be encrypted according to a predetermined algorithm, and encrypt the password to be encrypted according to a predetermined algorithm, if the terminal encrypts the password to be encrypted to obtain the first encryption result and the third encryption result obtained by encrypting the generated random number by the first access point with the same second encryption result obtained by encrypting the password to be encrypted by the second access point and the random number generated by the first access point, it is described that the homomorphic encryption key used for encrypting the terminal and the second access point and the obtained password to be encrypted are the same, further described that the terminal is predetermined by the second access point, that is, the identity of the terminal is authenticated by the second access point, and the first access point can provide the network access service for the terminal. By the method for providing the network access service, on one hand, through double encryption (on one hand, the password to be encrypted is obtained, and on the other hand, the password to be encrypted is encrypted), the suspicious terminal is prevented from accessing the first access point, further the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, because the first access point directly provides network access service for the terminal, all information does not need to pass through other access points, the communication efficiency is high, and the user experience is good.
Example 3:
referring to fig. 3, the present embodiment provides a method for providing a network access service, which is different from embodiments 1 and 2 in that the method is used for a second access point of a network.
The method for providing network access service of the embodiment specifically includes:
s301, authentication application information sent by the first access point is received, wherein the authentication application information comprises a first encryption result and a random number.
The first access point generates a random number after receiving the network access application information sent by the terminal, and sends the authentication application information to the second access point by using the shared block chain according to the identifier of the second access point in the network access application information, and the second access point receives the authentication application information sent by the first access point.
The authentication application information comprises a first encryption result included in the access application information.
S302, acquiring a password to be encrypted from the password book according to an algorithm predetermined by the terminal corresponding to the second access point, and decrypting the first encryption result according to the homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result.
After receiving the authentication application information, the second access point acquires a password RK' to be encrypted from a password book (a password book which is negotiated with the terminal and generated in advance) according to an algorithm which is agreed with the terminal and acquires the password to be encrypted from the password book, and meanwhile, the second access point decrypts the first encryption result E (RK) by using a homomorphic decryption key corresponding to a homomorphic encryption key HK agreed in advance by the terminal to acquire a decryption result RK.
And S303, under the condition that the encryption result is the same as the password to be encrypted, encrypting the password to be encrypted and the random number by using the homomorphic encryption key to obtain a second encryption result, and sending the second encryption result to the first access point through the shared block chain.
If the decryption result RK is consistent with the result RK' to be encrypted, the terminal and the second access point are agreed in advance, and the second access point uses the homomorphic encryption key HK to homomorphically encrypt the password RK to be encrypted and the random number R to obtain a second encryption result E (RK + R).
The second access point sends a second encryption result E (RK + R) to the first access point through a shared block chain, the first access point uses a homomorphic encryption key HK to carry out secret to the random number R after obtaining the second encryption result E (RK + R) to obtain a third encryption result E (R), and the first access point provides network access service for the terminal under the condition that the sum of the third encryption result E (R) and the first encryption result E (RK) is the same as that of the second encryption result E (RK + R).
In the method for providing the network access service according to this embodiment, the terminal and the second access point obtain the password to be encrypted according to a predetermined algorithm, and encrypt the password to be encrypted according to a predetermined algorithm, if the terminal encrypts the password to be encrypted to obtain the first encryption result and the third encryption result obtained by encrypting the generated random number by the first access point with the same second encryption result obtained by encrypting the password to be encrypted by the second access point and the random number generated by the first access point, it is described that the homomorphic encryption key used for encrypting the terminal and the second access point and the obtained password to be encrypted are the same, further described that the terminal is predetermined by the second access point, that is, the identity of the terminal is authenticated by the second access point, and the first access point can provide the network access service for the terminal. By the method for providing the network access service, on one hand, through double encryption (on one hand, the password to be encrypted is obtained, and on the other hand, the password to be encrypted is encrypted), the suspicious terminal is prevented from accessing the first access point, further the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, because the first access point directly provides network access service for the terminal, all information does not need to pass through other access points, the communication efficiency is high, and the user experience is good.
Example 4:
referring to fig. 4, the present embodiment provides a method of providing a network access service.
In this embodiment, the network may specifically be a wide area internet, which includes a plurality of access points (specifically, may be devices or apparatuses such as routers and switches that release Wi-Fi signals).
Each of a plurality of access points of the network has its own corresponding access password (or Wi-Fi password), and these access points may form a shared block chain, and each access point is a node of the shared block chain, and may store its own Identifier, specifically, an SSID (Service Set Identifier) of the access point, and its own IP (Internet Protocol) address in the block chain.
After the access point joins the sharing blockchain, the access point can prompt the access point to join the sharing blockchain in the public SSID to inform the terminal corresponding to the access point (or the terminal connected with the access point) that the access point has joined the sharing blockchain, so that for the terminal with the Wi-Fi password of the access point, the access point is Homewifi of the terminal, and other access points which send the identifier and the IP address to the sharing blockchain are visitffi of the terminal.
The method for providing network access service of the embodiment specifically includes:
s401, the terminal obtains the password to be encrypted from the password book according to the algorithm agreed in advance by the second access point corresponding to the terminal, and homomorphic encryption is carried out on the password to be encrypted by using the homomorphic encryption key to obtain a first encryption result.
For a terminal (such as a mobile phone, a tablet computer, etc.), under the condition that the terminal has an access password of an access point (such as a home Wi-Fi of a home where a terminal user is located), the access point (such as the home Wi-Fi of the home where the terminal user is located) can become a Homewifi corresponding to the access point.
When an access point corresponding to an access password owned by a terminal (namely, Homewifi corresponding to the terminal) does not work and the Homewifi is already added into a shared block chain (for example, the shared block chain aaa. blockchain, Homewifi is Homewifi @ aaa. blockchain), or the terminal is just out of the coverage range of Wi-Fi signals released by the Homewifi corresponding to the terminal, the terminal searches for other Wi-Fi signals released by other nodes of the shared block chain.
When the terminal searches for Wi-Fi signals of other nodes (such as Visitwifi @ aaa. blockchain) of the shared block chain, the terminal obtains a password RK to be encrypted from a password book generated by pre-negotiating with a second access point according to an algorithm for obtaining the password to be encrypted from the password book pre-agreed with Homewifi, and encrypts the password RK to be encrypted by using a homomorphic encryption key HK agreed with the second access point to obtain a first encryption result E (RK).
Specifically, referring to fig. 5, the obtaining, by the terminal, the password to be encrypted from the password book according to the algorithm agreed in advance by the second access point corresponding to the terminal, and performing homomorphic encryption on the password to be encrypted by using the homomorphic encryption key to obtain the first encryption result (S401) may include:
s501, the terminal obtains the password to be encrypted from the password book according to the access time point and the algorithm agreed with the second access point in advance, and homomorphic encryption is carried out on the password to be encrypted by using the homomorphic encryption key to obtain a first encryption result.
The terminal and the second access point, namely Homewifi, negotiate together to generate a password book, a large number of passwords can be synchronously generated at regular time according to the password book, and the terminal and the Homewifi can agree to synchronously modify the passwords according to certain rules, such as modifying the passwords once every 5 seconds. After the terminal determines Visitwifi, the time when Visitwifi is found (or Visitwifi is determined) may be determined as an access time point Tn, and the password to be encrypted is obtained from the password when the time is the access time point Tn.
The terminal uses a homomorphic encryption key HK agreed with Homewifi in advance to homomorphic encrypt the password RK to be encrypted, and a first encryption result E (RK) is obtained.
The shared secret key SK agreed with the Homewifi in advance can be an access password of the Homewifi, and can also be a password known by other Homewifi and the terminal.
More specifically, referring to fig. 6, the terminal obtains the password to be encrypted from the password book according to the access time point and according to the algorithm predefined with the second access point (S501), and may further include:
s601, generating a positive integer N according to an algorithm agreed in advance according to the access time point.
S602, determining the Nth password in the password book as the password to be encrypted.
The terminal and the Homewifi jointly negotiate to generate a password book, a large number of passwords can be synchronously generated at regular time according to the password book, and the terminal and the Homewifi can agree to synchronously modify the passwords according to a certain rule, such as modifying the passwords once every 5 seconds.
After the terminal determines Visitwifi, the time point for determining Visitwifi can be set as an access time point Tn, the password to be encrypted is obtained from the password book modified at intervals according to the access time point Tn, if a positive integer N is generated according to the access time point and an algorithm stipulated with Homewifi in advance, and the Nth password in the password book is used as a password RK to be encrypted.
After the terminal acquires the password RK to be encrypted, homomorphic encryption is carried out on the password RK to be encrypted by using a homomorphic encryption key HK prearranged with Homewifi, and a first encryption result E (RK) is acquired.
S402, the terminal sends network access application information to the first access point, wherein the network access application information comprises a first encryption result and an identifier of the second access point.
After the terminal obtains the first encryption result E (RK), the first encryption result E (RK) and the identifier of the second access point, namely the identifier of Homewifi, are written into the network access application information, and the network access application information is sent to the first access point, namely Visitwifi.
And under the condition that the password RK to be encrypted is obtained by the terminal according to the access time point Tn, the network access application information further comprises the access time point Tn.
It should be emphasized that, after the terminal searches for multiple Wi-Fi signals, it may send network access application information to all access points corresponding to the multiple Wi-Fi signals, and for each process of providing a network access service corresponding to the network access application information, an access point receiving the network access application information is a first access point.
S403, the first access point receives the network access application information sent by the terminal.
S404, the first access point generates a random number, and sends authentication application information to the second access point through the shared block chain according to the identification of the second access point, wherein the authentication application information comprises a first encryption result and the random number.
The first access point, namely Visitwifi, receives the network access application information sent by the terminal, generates a random number R after receiving the network access application information, and sends the authentication application information to the second block chain by using the shared block chain according to the identifier of the second access point in the network access application information.
Specifically, visiwifi can use a private key of the block chain to sign the authentication application information, and use a broadcasting mode to send the authentication application information to the second access point, namely Homewifi.
The authentication application information comprises a first encryption result E (RK) included in the access application information and a random number R generated by the first access point. And when the password RK to be encrypted is acquired by the terminal according to the access time point Tn, namely the network access application information sent by the terminal comprises the access time point Tn, the authentication application information also comprises the access time point Tn.
S405, the second access point receives the authentication application information sent by the first access point.
S406, the second access point acquires the password to be encrypted from the password book according to the algorithm predetermined by the terminal corresponding to the second access point, and decrypts the first encryption result according to the homomorphic decryption key corresponding to the homomorphic encryption key to acquire the decryption result.
S407, the second access point encrypts the password to be encrypted and the random number by using the homomorphic encryption key under the condition that the encryption result is the same as the password to be encrypted to obtain a second encryption result, and sends the second encryption result to the first access point through the shared block chain.
And the second access point (namely Homewifi) verifies the private key signature of the message broadcast by the first access point (namely Visitwifi), and acquires the authentication application information after the verification is passed.
After receiving the authentication application information, the second access point (namely, Homewifi) acquires the password RK' to be encrypted from the codebook (the codebook which is negotiated with the terminal and generated in advance) according to the algorithm for acquiring the password to be encrypted from the codebook agreed with the terminal, and meanwhile, the second access point decrypts the first encryption result e (RK) by using the homomorphic decryption key corresponding to the homomorphic encryption key HK agreed in advance with the terminal to acquire the decryption result RK.
If the decryption result RK is consistent with the result RK' to be encrypted, it is indicated that the terminal and the second access point (namely Homewifi) are agreed in advance, and the second access point (namely Homewifi) uses the homomorphic encryption key HK to homomorphic encrypt the password RK to be encrypted and the random number R to obtain a second encryption result E (RK + R).
Specifically, referring to fig. 7, the obtaining, by the second access point, the password to be encrypted from the password book according to the algorithm pre-agreed by the terminal corresponding to the second access point (S406) may include:
s701, the second access point obtains the password to be encrypted from the password book according to the access time point and the algorithm agreed with the terminal in advance.
The terminal and the Homewifi jointly negotiate to generate a password book, a large number of passwords can be synchronously generated at regular time according to the password book, and the terminal and the Homewifi can agree to synchronously modify the passwords according to a certain rule, such as modifying the passwords once every 5 seconds.
After the Homewifi obtains the access time point Tn, a positive integer N is generated according to the access time point Tn and an algorithm agreed with the Homewifi in advance, and the Nth password in the password book is used as a password RK' to be encrypted.
And the Homewifi decrypts the first encryption result E (RK) by using a homomorphic decryption key corresponding to the homomorphic encryption key HK agreed by the terminal in advance to obtain a decryption result RK.
The shared key SK' agreed with the Homewifi in advance can be an access password of the Homewifi, and can also be a password known by other Homewifi and the terminal.
If the decryption result RK is consistent with the result RK' to be encrypted and appears for the first time, the terminal and the second access point (namely Homewifi) are agreed in advance, and the second access point (namely Homewifi) uses the homomorphic encryption key HK to homomorphically encrypt the password RK to be encrypted and the random number R to obtain a second encryption result E (RK + R).
It should be emphasized that, since the password to be encrypted is obtained from the password book according to the access time point, if the second encryption result obtained by the Homewifi does not appear for the first time, it indicates that the terminal sending the network access application information may not be a normal terminal, and the Homewifi may send rejection information to the visitfifi.
After the second encryption result is obtained, the Homewifi signs the second encryption result E (RK + R), and sends the second encryption result E (RK + R) to the first access point through the shared block chain, namely Visitwifi.
Specifically, the sending of the second encryption result, i.e. E (RK + R), to the first access point (i.e. Visitwifi) through the shared block chain includes: and after the second encryption result is signed by using a private key of the second access point, broadcasting the second encryption result to all nodes of the shared block chain.
Namely, the second access point (Homewifi) signs the second encryption result by using a private key of the Homewifi, and publishes the second encryption result in the block chain, and broadcasts the second encryption result to all nodes sharing the block chain in a broadcasting mode.
S408, the first access point receives the second encryption result sent by the second access point.
S409, the first access point encrypts the random number by using the homomorphic encryption key to obtain a third encryption result, and provides network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
The Visitwifi receives a second encryption result E (RK + R) sent by the Homewifi, after the second encryption result E (RK + R) is obtained, a homomorphic encryption key HK is used for carrying out confidentiality on the random number R to obtain a third encryption result E (R), and the sum of the third encryption result E (R) and the first encryption result E (RK) is compared with the second encryption result E (RK + R) to judge whether the sum is the same.
In the case that the sum of the third encryption result E (R) and the first encryption result E (RK) is the same as the second encryption result E (RK + R), i.e., (R) + E (RK) ═ E (RK + R), since the homomorphic encryption has the characteristic that "processing the homomorphic encrypted data to obtain an output, decrypting the output, and the result is the same as the output result obtained by processing the unencrypted original data by the same method", it indicates that the terminal and the second access point use the same homomorphic encryption key and the same encryption key to be encrypted, that is, the terminal and the second access point really have agreed in advance, and the identity of the terminal is authenticated by the second access point and is not a suspicious terminal or hacker, so that the network access service can be provided for the terminal.
If the sum of the third encryption result E (R) and the first encryption result E (RK) is different from the second encryption result E (RK + R), i.e. E (R) + E (RK) ≠ E (RK + R), it means that the terminal and the second access point use encryption that may be performed by different homomorphic encryption keys or different passwords to be encrypted, that is, the terminal does not have a pre-agreement with the second access point, and the identity thereof is not authenticated by the second access point, which may be a suspicious terminal or a hacker, and the terminal is not provided with network access service.
The homomorphic encryption key HK may be shared by the second access point in the shared blockchain, and the first access point may directly obtain the homomorphic encryption key HK from the shared blockchain, or may be sent to the first access point along with the second encryption result for use by the first access point.
In the method for providing the network access service according to this embodiment, the terminal and the second access point respectively obtain the password to be encrypted according to the predetermined algorithm, and encrypt the password to be encrypted according to the predetermined algorithm, if the terminal encrypts the password to be encrypted to obtain the first encryption result and the third encryption result obtained by encrypting the generated random number by the first access point, and the second encryption result obtained by encrypting the password to be encrypted and the random number generated by the first access point by the second access point are the same, it is described that the homomorphic encryption key used by the terminal and the second access point for encryption and the obtained password to be encrypted are both consistent, and it is further described that the terminal is predetermined with the second access point, that is, the identity of the terminal is authenticated by the second access point, and the first access point can provide the network access service for the terminal.
By the method for providing the network access service, on one hand, the suspicious terminal can be prevented from accessing the first access point (because the suspicious terminal does not agree with the second access point in advance, the correct encryption result can be obtained only by knowing the password book and the pre-agreed algorithm), the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, because the first access point directly provides network access service for the terminal, all information does not need to pass through other access points, the communication efficiency is high, and the user experience is good.
Example 5:
referring to fig. 8, the present embodiment provides a first access point of a network, where the first access point is a node sharing a blockchain, and the first access point includes:
the terminal receiving module is used for receiving network access application information sent by the terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by homomorphic encryption of a password to be encrypted by using a homomorphic encryption key by the terminal, and the password to be encrypted is obtained from a password book by the terminal according to an algorithm agreed with the second access point in advance;
the block chain sending module is used for generating a random number and sending authentication application information to the second access point through the shared block chain according to the identifier of the second access point, wherein the authentication application information comprises a first encryption result and the random number;
the block chain receiving module is used for receiving a second encryption result sent by the second access point, wherein the second encryption result is obtained by homomorphically encrypting the password to be encrypted and the random number by using the homomorphic encryption key by the second access point;
and the access module is used for encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
In the first access point of the network in this embodiment, the first access point and the second access point are different nodes of the same shared blockchain, and the first access point receives a first encryption result sent by the terminal, sends the first encryption result to the second access point through the blockchain, and determines whether to provide a network access service for the terminal according to a second encryption result returned by the second access point. By the method for providing the network access service, on one hand, the suspicious terminal can be prevented from accessing the first access point, so that the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, after passing the verification, the first access point directly provides network access service for the terminal, all information does not need to pass other access points, the communication efficiency is high, and the user experience is good.
Example 6:
referring to fig. 9, the present embodiment provides a terminal including:
the terminal encryption module is used for acquiring a password to be encrypted from the password book according to an algorithm predetermined by a second access point corresponding to the terminal, and homomorphically encrypting the password to be encrypted by using a homomorphic encryption key to acquire a first encryption result;
and the sending module is used for sending network access application information to the first access point, wherein the network access application information comprises a first encryption result and the identifier of the second access point.
In the terminal of the network in this embodiment, the terminal and the second access point obtain the password to be encrypted according to the predetermined algorithm, and encrypt the password to be encrypted according to the predetermined algorithm, if the terminal encrypts the password to be encrypted to obtain the first encryption result and the third encryption result obtained by encrypting the generated random number by the first access point, and the sum of the first encryption result and the second encryption result obtained by encrypting the password to be encrypted by the second access point and the random number generated by the first access point is the same, it is described that the homomorphic encryption key used by the terminal and the second access point for encryption and the obtained password to be encrypted are both consistent, and it is further described that the terminal is predetermined with the second access point, that is, the identity of the terminal is authenticated by the second access point, and the first access point can provide a network access service for the terminal. Through the method for providing the network access service, on one hand, through double encryption (firstly, the password to be encrypted is obtained, and secondly, the password to be encrypted is encrypted), the suspicious terminal is prevented from accessing the first access point, further, the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, because the first access point directly provides network access service for the terminal, all information does not need to pass through other access points, the communication efficiency is high, and the user experience is good.
Example 7:
referring to fig. 10, the present embodiment provides a second access point, where the second access point is a node sharing a blockchain, and the second access point includes:
the receiving module is used for receiving authentication application information sent by the first access point, and the authentication application information comprises a first encryption result and a random number;
the access point encryption module is used for acquiring a password to be encrypted from the password book according to an algorithm predetermined by a terminal corresponding to the second access point, and decrypting the first encryption result according to the homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result;
and the communication module is used for encrypting the password to be encrypted and the random number by using the homomorphic encryption key under the condition that the encryption result is the same as the password to be encrypted to obtain a second encryption result, and sending the second encryption result to the first access point through the shared block chain.
In the second access point in this embodiment, the terminal and the second access point obtain the password to be encrypted according to the predetermined algorithm, and encrypt the password to be encrypted according to the predetermined algorithm, if the terminal encrypts the password to be encrypted to obtain the first encryption result and the third encryption result obtained by encrypting the generated random number by the first access point, and the second encryption result obtained by encrypting the password to be encrypted and the random number generated by the first access point by the second access point are the same, it is further described that the terminal and the homomorphic encryption key used for encrypting by the second access point and the obtained password to be encrypted are both consistent, that is, the identity of the terminal is authenticated by the second access point, and the first access point can provide a network access service for the terminal. By the method for providing the network access service, on one hand, through double encryption (on one hand, the password to be encrypted is obtained, and on the other hand, the password to be encrypted is encrypted), the suspicious terminal is prevented from accessing the first access point, further the suspicious terminal is prevented from attacking other terminals, and the network security is improved; on the other hand, because the first access point directly provides network access service for the terminal, all information does not need to pass through other access points, the communication efficiency is high, and the user experience is good.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. A method for providing network access services for a first access point, the first access point being a node sharing a blockchain, the method comprising:
receiving network access application information sent by a terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by homomorphic encryption of a password to be encrypted by using a homomorphic encryption key by the terminal, and the password to be encrypted is obtained from a password book by the terminal according to an algorithm agreed in advance with the second access point;
generating a random number, and sending authentication application information to the second access point through the shared block chain according to the identifier of the second access point, wherein the authentication application information comprises the first encryption result and the random number;
receiving a second encryption result sent by the second access point, wherein the second encryption result is obtained by using the homomorphic encryption key by the second access point to homomorphically encrypt the sum of the password to be encrypted and the random number;
and encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
2. A method for providing network access services, the method being for a terminal, the method comprising:
acquiring a password to be encrypted from a password book according to an algorithm predetermined by a second access point corresponding to the terminal, and homomorphically encrypting the password to be encrypted by using a homomorphic encryption key to acquire a first encryption result;
and sending network access application information to the first access point, wherein the network access application information comprises the first encryption result and the identifier of the second access point.
3. The method of claim 2,
the acquiring of the password to be encrypted from the password book according to the algorithm agreed in advance by the second access point corresponding to the terminal, and the homomorphic encryption of the password to be encrypted by using the homomorphic encryption key to acquire the first encryption result comprises the following steps:
acquiring a password to be encrypted from a password book according to an algorithm agreed in advance with the second access point at the access time point, and homomorphically encrypting the password to be encrypted by using the homomorphic encryption key to acquire a first encryption result;
the network access application information further includes the access time point.
4. The method of claim 3,
the acquiring the password to be encrypted from the password book according to the access time point and the algorithm agreed in advance with the second access point comprises the following steps:
generating a positive integer N according to the access time point according to a predetermined algorithm;
and determining the Nth password in the password book as the password to be encrypted.
5. A method for providing network access services for a second access point, the second access point being a node sharing a blockchain, the method comprising:
receiving authentication application information sent by a first access point, wherein the authentication application information comprises a first encryption result and a random number;
acquiring a password to be encrypted from a password book according to an algorithm predetermined by a terminal corresponding to the second access point, and decrypting the first encryption result according to a homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result;
and under the condition that the decryption result is the same as the password to be encrypted, encrypting the password to be encrypted and the random number by using the homomorphic encryption key to obtain a second encryption result, and sending the second encryption result to the first access point through the shared block chain.
6. The method of claim 5, wherein the authentication application information further comprises an access time point;
the obtaining the password to be encrypted from the password book according to the algorithm predetermined by the terminal corresponding to the second access point includes:
and acquiring the password to be encrypted from the password book according to the access time point and the algorithm agreed in advance with the terminal.
7. The method of claim 6, wherein sending the second encryption result to the first access point via the shared blockchain comprises:
and after the second encryption result is signed by using the private key of the second access point, broadcasting the second encryption result to all nodes of the shared block chain.
8. A first access point, wherein the first access point is a node sharing a blockchain, the first access point comprising:
the terminal receiving module is used for receiving network access application information sent by a terminal, wherein the network access application information comprises a first encryption result and an identifier of a second access point corresponding to the terminal, the first encryption result is obtained by homomorphic encryption of a password to be encrypted by the terminal through a homomorphic encryption key, and the password to be encrypted is obtained by the terminal from a password book according to an algorithm agreed in advance with the second access point;
a block chain sending module, configured to generate a random number, and send authentication application information to the second access point through the shared block chain according to an identifier of the second access point, where the authentication application information includes the first encryption result and the random number;
the block chain receiving module is configured to receive a second encryption result sent by the second access point, where the second encryption result is obtained by performing homomorphic encryption on the sum of the password to be encrypted and the random number by using the homomorphic encryption key by the second access point;
and the access module is used for encrypting the random number by using the homomorphic encryption key to obtain a third encryption result, and providing network access service for the terminal under the condition that the sum of the first encryption result and the third encryption result is the same as the second encryption result.
9. A terminal, characterized in that the terminal comprises:
the terminal encryption module is used for acquiring a password to be encrypted from a password book according to an algorithm predetermined by a second access point corresponding to the terminal, and homomorphic encryption is performed on the password to be encrypted by using a homomorphic encryption key to acquire a first encryption result;
and the sending module is used for sending network access application information to the first access point, wherein the network access application information comprises the first encryption result and the identifier of the second access point.
10. A second access point, wherein the second access point is a node sharing a blockchain, the second access point comprising:
the access point comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving authentication application information sent by a first access point, and the authentication application information comprises a first encryption result and a random number;
the access point encryption module is used for acquiring a password to be encrypted from the password book according to an algorithm predetermined by a terminal corresponding to the second access point, and decrypting the first encryption result according to a homomorphic decryption key corresponding to the homomorphic encryption key to acquire a decryption result;
and the communication module is used for encrypting the password to be encrypted and the random number by using the homomorphic encryption key to obtain a second encryption result under the condition that the decryption result is the same as the password to be encrypted, and sending the second encryption result to the first access point through the shared block chain.
CN202110558284.6A 2021-05-21 2021-05-21 Method, access point and terminal for providing network access service Active CN113316146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110558284.6A CN113316146B (en) 2021-05-21 2021-05-21 Method, access point and terminal for providing network access service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110558284.6A CN113316146B (en) 2021-05-21 2021-05-21 Method, access point and terminal for providing network access service

Publications (2)

Publication Number Publication Date
CN113316146A CN113316146A (en) 2021-08-27
CN113316146B true CN113316146B (en) 2022-07-12

Family

ID=77374078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110558284.6A Active CN113316146B (en) 2021-05-21 2021-05-21 Method, access point and terminal for providing network access service

Country Status (1)

Country Link
CN (1) CN113316146B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244245A (en) * 2014-09-12 2014-12-24 普联技术有限公司 Wireless access authentication method, wireless router device and wireless terminal
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
EP3503456A1 (en) * 2017-12-19 2019-06-26 Koninklijke Philips N.V. Homomorphic encryption for password authentication
JP2019125883A (en) * 2018-01-15 2019-07-25 日本電信電話株式会社 Electronic commerce system, service providing server, third party organization server, electronic commerce method, and program
CN111083697A (en) * 2020-01-10 2020-04-28 中国联合网络通信集团有限公司 Access method, terminal, micro base station and access system
CN111901795A (en) * 2020-09-02 2020-11-06 中国联合网络通信集团有限公司 Access method, core network equipment and micro base station management server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
CN104244245A (en) * 2014-09-12 2014-12-24 普联技术有限公司 Wireless access authentication method, wireless router device and wireless terminal
EP3503456A1 (en) * 2017-12-19 2019-06-26 Koninklijke Philips N.V. Homomorphic encryption for password authentication
JP2019125883A (en) * 2018-01-15 2019-07-25 日本電信電話株式会社 Electronic commerce system, service providing server, third party organization server, electronic commerce method, and program
CN111083697A (en) * 2020-01-10 2020-04-28 中国联合网络通信集团有限公司 Access method, terminal, micro base station and access system
CN111901795A (en) * 2020-09-02 2020-11-06 中国联合网络通信集团有限公司 Access method, core network equipment and micro base station management server

Also Published As

Publication number Publication date
CN113316146A (en) 2021-08-27

Similar Documents

Publication Publication Date Title
US7734280B2 (en) Method and apparatus for authentication of mobile devices
EP3493462B1 (en) Authentication method, authentication apparatus and authentication system
US8429404B2 (en) Method and system for secure communications on a managed network
Mershad et al. A framework for secure and efficient data acquisition in vehicular ad hoc networks
US7793103B2 (en) Ad-hoc network key management
JP2019017120A (en) Method and apparatus for base station self-configuration
CN108880813B (en) Method and device for realizing attachment process
CN111212426B (en) Terminal access method, terminal, micro base station and access system
KR20140066230A (en) Systems and methods for encoding exchanges with a set of shared ephemeral key data
CN113329407A (en) Mutual authentication between user equipment and evolved packet core
KR20050072789A (en) A method for the access of the mobile terminal to the wlan and for the data communication via the wireless link securely
CN101512537A (en) Method and system for secure processing of authentication key material in an Ad Hoc Wireless Network
US20230344626A1 (en) Network connection management method and apparatus, readable medium, program product, and electronic device
CN111901795B (en) Access method, core network equipment and micro base station management server
CN112566119A (en) Terminal authentication method and device, computer equipment and storage medium
CN111212425A (en) Access method, server and terminal
WO2005041532A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
KR20080093449A (en) Gsm authentication in a cdma network
CN113316146B (en) Method, access point and terminal for providing network access service
CN111885600B (en) Access method of dual-card terminal, terminal and server
CN111988777B (en) Method for processing one number double-terminal service, core network equipment and server
CN111800791B (en) Authentication method, core network equipment and terminal
CN113347628A (en) Method, access point and terminal for providing network access service
CN113316142B (en) Wireless network access method and device
WO2018032984A1 (en) Access authentication method, ue, and access device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant