CN115915244A - Monitoring method and device for access client, storage medium and electronic equipment - Google Patents
Monitoring method and device for access client, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115915244A CN115915244A CN202211478071.3A CN202211478071A CN115915244A CN 115915244 A CN115915244 A CN 115915244A CN 202211478071 A CN202211478071 A CN 202211478071A CN 115915244 A CN115915244 A CN 115915244A
- Authority
- CN
- China
- Prior art keywords
- client
- access point
- wireless access
- wireless
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a monitoring method and device for accessing a client, a storage medium and electronic equipment. The method comprises the following steps: under the condition that a client accesses a wireless access point, a client random number of the client is obtained through the wireless access point, and a wireless access point random number and a basic element of the wireless access point are obtained; generating a paired transmission secret key according to the random number of the client, the basic element and the random number of the wireless access point; and decrypting the wireless message sent to the wireless access point by the client by using the paired transmission secret key to obtain the account information of the client, and judging whether the client is the client allowing access according to the account information of the client. The invention solves the technical problem that the client side of the access router cannot be discriminated.
Description
Technical Field
The present invention relates to the field of wireless networks, and in particular, to a method and an apparatus for monitoring an access client, a storage medium, and an electronic device.
Background
In the prior art, a wireless access point such as a router is usually provided with a password, and a client can be connected with the router for network access after inputting the password. For example, a guest comes in the home and can access the network through the wireless password connection router.
However, in the prior art, the clients connected with the router cannot be screened.
Disclosure of Invention
The embodiment of the invention provides a monitoring method and device for an access client, a storage medium and electronic equipment, which are used for at least solving the technical problem that the client of an access router cannot be discriminated.
According to an aspect of the embodiments of the present invention, a method for monitoring an access client is provided, where a working channel of a wireless network card is the same as a working channel of a wireless access point, and the wireless network card stores a service set identifier and a key of the wireless access point, and the method includes: under the condition that a client accesses the wireless access point, acquiring a client random number of the client, and acquiring a wireless access point random number and basic elements of the wireless access point through the wireless access point; generating a pairwise transmission key according to the client random number, the basic element and the wireless access point random number; and decrypting the wireless message sent to the wireless access point by the client by using the pair transmission secret key to obtain account information of the client, and judging whether the client is a client allowing access according to the account information of the client.
According to another aspect of the embodiments of the present invention, there is provided a monitoring apparatus for accessing a client, wherein a working channel of a wireless network card is the same as a working channel of a wireless access point, and the wireless network card stores a service set identifier and a secret key of the wireless access point, the apparatus including: an obtaining module, configured to obtain, through the wireless access point, a client random number of the client and obtain a wireless access point random number and a basic element of the wireless access point when the client accesses the wireless access point; a generating module, configured to generate a pairwise transmission key according to the client random number, the basic element, and the wireless access point random number; and the decryption module is used for decrypting the wireless message sent by the client to the wireless access point by using the pair-wise transmission secret key, acquiring the account information of the client and judging whether the client is the client allowing access according to the account information of the client.
As an optional example, the apparatus further includes: a receiving module, configured to set itself to a monitoring mode, and receive a wireless access point flag of the wireless access point to be monitored; a sending module, configured to send an acquisition request to the wireless access point according to the wireless access point identifier, so as to acquire a channel identifier of a working channel of the wireless access point; and the modification module is used for modifying the working channel of the modification module according to the channel mark and adjusting the working channel to be consistent with the channel mark.
As an optional example, the apparatus further includes: and the storage module is used for storing the key in a storage table according to the service set identifier, wherein the storage table comprises a service set identifier column and a key column, and the service set identifier corresponds to the key one to one.
As an optional example, the generating module includes: and the splicing unit is used for splicing the client random number, the wireless access point random number and the basic element into the paired transmission secret key.
As an optional example, the decryption module includes: a decryption unit, configured to decrypt the wireless packet using the paired transmission key as a decryption key, so as to obtain a plaintext content of the wireless packet; and the determining unit is used for taking m-n th bit data in the plaintext content as the account information, wherein the m-n th bit is a position for storing the account information in the plaintext content.
As an optional example, the apparatus further includes: the processing module is used for decrypting a wireless message sent by the client to the wireless access point by using the paired transmission secret key so as to obtain account information of the client, and then comparing the account information with a white list; and under the condition that the white list does not contain the account information, informing the wireless access point to discard the wireless message.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium, in which a computer program is stored, where the computer program is executed by a processor to perform the monitoring method for an access client.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the monitoring method of the access client through the computer program.
In the embodiment of the invention, under the condition that a client accesses the wireless access point, the client random number of the client is obtained through the wireless access point, and the wireless access point random number and the basic elements of the wireless access point are obtained; generating a pairwise transmission key from the client random number, the basic element, and the wireless access point random number; the method comprises the steps of decrypting a wireless message sent by the client to the wireless access point by using the paired transmission secret key to obtain account information of the client, and judging whether the client is an access-allowed client according to the account information of the client.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of an alternative monitoring method for an access client according to an embodiment of the present invention;
fig. 2 is a schematic diagram of STA and AP connections of an alternative monitoring method for an access client according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an alternative monitoring apparatus for accessing a client according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to a first aspect of the embodiments of the present invention, there is provided a method for monitoring an access client, where a working channel of a wireless network card is the same as a working channel of a wireless access point, and the wireless network card stores a service set identifier and a key of the wireless access point, optionally, as shown in fig. 1, the method includes:
s102, under the condition that a client accesses a wireless access point, a client random number of the client is obtained through the wireless access point, and a wireless access point random number and basic elements of the wireless access point are obtained;
s104, generating a paired transmission secret key according to the client random number, the basic element and the wireless access point random number;
s106, decrypting the wireless message sent to the wireless access point by the client by using the paired transmission secret key, acquiring account information of the client, and judging whether the client is the client allowing access according to the account information of the client.
Optionally, the monitoring method for the access client in this embodiment may be applied to a wireless access point in a home, such as a wireless router, a store, or other scenarios including a wireless access point. When the client accesses the wireless access point, the account information of the client can be acquired, and whether the client is the client allowing access or not is checked, so that the access monitoring of the client is completed.
In this embodiment, the client may be a terminal, and the account information may be a unique identifier of the terminal, so that access monitoring may be performed on the terminal. The client can also be an application on the terminal, and the account information can be an account of the application logged in by the user, so that access monitoring can be performed on the specific application.
The working channel of the wireless network card and the working channel of the wireless access point can be set to be the same, so that the wireless network card can receive the wireless message sent to the wireless access point without accessing the wireless access point. Although there is no need to access the wireless access point, the wireless network card acquires the service set identifier and key of the wireless access point so that the wireless access point can be controlled. If the client accesses the wireless access point, the wireless network card can acquire the wireless access point random number of the wireless access point and the client random number of the client through the wireless access point, a paired transmission key is generated through the client random number, the wireless access point random number and the basic element, and the paired transmission key is used for decrypting a wireless message sent to the wireless access point by the client so as to acquire account information of the client. After the account information is acquired, login monitoring can be performed on the client according to the content of the account information.
According to the method, when the client accesses the wireless access point, the client random number of the client can be obtained, the paired transmission secret key is further generated, the paired transmission secret key is used for decrypting the wireless message, and the account information of the client is obtained, so that the purpose of screening the client of the access router is achieved.
As an optional example, the method further includes:
the wireless network card sets itself as a monitoring mode and receives a wireless access point mark of a wireless access point to be monitored;
according to the wireless access point mark, the wireless network card sends an acquisition request to the wireless access point to acquire a channel mark of a working channel of the wireless access point;
the wireless network card modifies the working channel of the wireless network card according to the channel mark and adjusts the working channel to be consistent with the channel mark.
Optionally, in this embodiment, the wireless network card sets itself to be in the monitoring mode. The listening mode is used for listening to a client accessing the wireless access point. The wireless network card may first determine the wireless access point to listen to. Different wireless access points may be distinguished by an infinite access point flag. And sending an acquisition request to the wireless access point according to the wireless access point mark to acquire a channel mark of a working channel of the wireless access point. Then, the wireless network card sets the working channel of itself to be consistent with the channel mark.
As an optional example, the method further includes:
the wireless network card stores the key in a storage table according to the service set identifier, wherein the storage table comprises a service set identifier column and a key column, and the service set identifier and the key are in one-to-one correspondence.
In this embodiment, the wireless network card may maintain a storage table. The storage table may store a correspondence of the service set identifier and the key. The two are in one-to-one correspondence. A key may be uniquely corresponding to a service set identifier. The wireless network card may determine the relationship between the service set identifier and the key by querying a memory table.
As an alternative example, generating the pairwise transmission key from the client random number, the base element, and the wireless access point random number comprises:
and splicing the random number of the client, the random number of the wireless access point and the basic element into a paired transmission key.
Optionally, the concatenation before and after in this embodiment may define an order, for example, the client random number may be first, and then the wireless access point random number is last, or may be in another order, or may not define an order. And splicing to obtain the paired transmission secret keys.
As an alternative example, decrypting a wireless packet sent by a client to a wireless access point using a pairwise transmission key, and acquiring account information of the client includes:
decrypting the wireless message by using the paired transmission secret key as a decryption key to obtain the plaintext content of the wireless message;
and taking m-n th bit data in the plaintext content as account information, wherein the m-n th bit is a position for storing the account information in the plaintext content.
Optionally, in this embodiment, the account information is stored in a specific location in the wireless message. After the wireless message is decoded to obtain the plaintext content, the content of a specific position in the plaintext content can be obtained, so that the account information is obtained.
As an optional example, after decrypting a wireless packet sent by a client to a wireless access point by using a pairwise transmission key to obtain account information of the client, the method further includes:
comparing the account information with a white list;
and under the condition that the white list does not contain account information, informing the wireless access point to discard the wireless message.
Optionally, in this embodiment, after the account information is obtained, the account information may be compared with a white list, where the account information of an account allowed to access the wireless network is recorded in the white list. Through comparison, the clients which are not allowed to log in can be refused to access the wireless access point.
As an optional example, the method further includes:
the client generates a client random number according to a first password input by a user and the self service set identifier, and the wireless access point generates a wireless access point random number according to a second password used for connecting the wireless access point and the self service set identifier.
In this embodiment, the wireless network card may operate in a monitor mode and operate in the same channel as a wireless Access Point (AP), where the monitor mode enables the wireless network card to receive a destination ethernet Address (mac) instead of a message of the wireless network card, and the monitor mode does not need to Access the wireless AP. The Service Set Identifier (SSID) and the key of the AP are Set into the wireless network card. A process of monitoring a client (Station, STA) to associate with an AP (WPA authentication process, where mac of the STA and pairing keys SNonce and ANonce in the association process are obtained, where SNonce is a random number generated by the client and ANonce is a random number generated by a wireless access point), where fig. 2 is a process of associating the STA with the AP. The STA calculates SNonce, the AP calculates ANonce, the AP sends the ANonce to the STA, the STA generates a Pairwise Transmission Key (PTK) using basic elements PMK, SNonce, and ANonce, and the STA sends the SNonce and a MIC, which is a field for message integrity check, to the AP. The AP generates a PTK and Group Temporal Key (GTK) using the PMK, SNonce, and ANonce: the PMK of the AP is calculated through SSI D and PSK of the AP. The PSK is an access password of the wireless access point. The AP returns the GTK and the MIC to the STA, and the STA sends the MIC to the AP. After the wireless network card obtains the PTK through the AP, the reverse operation is carried out through the PTK to obtain a plaintext. And finally, analyzing the application layer message, and acquiring account information of the client, for example, acquiring a client account of the client accessing the network, performing pairing, and checking whether the account is allowed to access (whether the terminal is allowed to access the network), or extracting a QQ account from a QQ login message according to a corresponding format, and checking whether the QQ login is allowed (whether the application is allowed to access the network, which can be applied in an office area to limit specific applications).
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
According to another aspect of the embodiments of the present application, there is also provided a monitoring apparatus for accessing a client, where a working channel of a wireless network card is the same as a working channel of a wireless access point, and the wireless network card stores a service set identifier and a key of the wireless access point, as shown in fig. 3, the apparatus includes:
an obtaining module 302, configured to obtain, through a wireless access point, a client random number of a client and obtain a wireless access point random number and a basic element of the wireless access point when the client accesses the wireless access point;
a generating module 304, configured to generate a pairwise transmission key according to the client random number, the basic element, and the wireless access point random number;
the decryption module 306 is configured to decrypt the wireless packet sent by the client to the wireless access point by using the pairwise transmission key, acquire account information of the client, and determine whether the client is a client allowed to access according to the account information of the client.
Optionally, the monitoring device of the access client in this embodiment may be applied to a wireless access point in a home, such as a wireless router, a store, or other scenarios including a wireless access point. When the client accesses the wireless access point, the account information of the client can be acquired, and whether the client is the client allowing access or not is checked, so that the access monitoring of the client is completed.
In this embodiment, the client may be a terminal, and the account information may be a unique identifier of the terminal, so that access monitoring can be performed on the terminal. The client can also be an application on the terminal, and the account information can be an account of the application logged in by the user, so that access monitoring can be performed on the specific application.
The working channel of the wireless network card and the working channel of the wireless access point can be set to be the same, so that the wireless network card can receive the wireless message sent to the wireless access point without accessing the wireless access point. Although there is no need to access the wireless access point, the wireless network card acquires the service set identifier and the key of the wireless access point so as to control the wireless access point. If the client side is accessed to the wireless access point, the wireless network card can obtain the wireless access point random number of the wireless access point, and obtain the client side random number and the basic element of the client side through the wireless access point, a paired transmission key is generated through the client side random number, the wireless access point random number and the basic element, and the paired transmission key is used for decrypting a wireless message sent to the wireless access point by the client side so as to obtain account information of the client side. After the account information is acquired, login monitoring can be performed on the client according to the content of the account information.
According to the method, when the client accesses the wireless access point, the client random number and the basic elements of the client can be obtained, the paired transmission secret key is further generated, the paired transmission secret key is used for decrypting the wireless message, and the account information of the client is obtained, so that the purpose of screening the client accessing the router is achieved.
As an optional example, the apparatus further includes:
the receiving module is used for setting the receiving module to be in a monitoring mode and receiving a wireless access point mark of a wireless access point to be monitored;
the sending module is used for sending an acquisition request to the wireless access point according to the wireless access point mark and acquiring a channel mark of a working channel of the wireless access point;
and the modification module is used for modifying the working channel of the modification module according to the channel mark and adjusting the working channel to be consistent with the channel mark.
Optionally, in this embodiment, the wireless network card sets itself to be in the monitoring mode. The listening mode is used for listening to a client accessing the wireless access point. The wireless network card may first determine the wireless access point to listen to. Different wireless access points may be distinguished by an infinite access point flag. And sending an acquisition request to the wireless access point according to the wireless access point mark to acquire a channel mark of a working channel of the wireless access point. Then, the wireless network card sets the working channel of itself to be consistent with the channel mark.
As an optional example, the apparatus further includes:
and the storage module is used for storing the key in a storage table according to the service set identifier, wherein the storage table comprises a service set identifier column and a key column, and the service set identifier and the key are in one-to-one correspondence.
In this embodiment, the wireless network card may maintain a storage table. The storage table may store a correspondence of the service set identifier and the key. The two are in one-to-one correspondence. A key may be uniquely corresponding to a service set identifier. The wireless network card may determine the relationship between the service set identifier and the key by querying a memory table.
As an optional example, the generating module includes:
and the splicing unit is used for splicing the client random number, the wireless access point random number and the basic element into a paired transmission secret key.
Optionally, the concatenation before and after in this embodiment may define an order, for example, the client random number may be first, and then the wireless access point random number is last, or may be in another order, or may not define an order. And splicing to obtain the paired transmission secret keys.
As an optional example, the decryption module includes:
the decryption unit is used for decrypting the wireless message by using the paired transmission secret key as a decryption key to obtain the plaintext content of the wireless message;
and the determining unit is used for taking the m-n th bit data in the plaintext content as the account information, wherein the m-n th bit is the position for storing the account information in the plaintext content.
Optionally, in this embodiment, the account information is stored in a specific location in the wireless message. After the wireless message is decoded to obtain the plaintext content, the content of a specific position in the plaintext content can be obtained, so that the account information is obtained.
As an optional example, the apparatus further includes:
the processing module is used for decrypting a wireless message sent to the wireless access point by the client by using the paired transmission secret key so as to obtain account information of the client, and then comparing the account information with the white list; and under the condition that the white list does not contain the account information, informing the wireless access point to discard the wireless message.
Optionally, in this embodiment, after the account information is obtained, the account information may be compared with a white list, where the account information of an account allowed to access the wireless network is recorded in the white list. Through comparison, the clients which are not allowed to log in can be refused to access the wireless access point.
For other examples of this embodiment, please refer to the above examples, which are not described herein again.
Fig. 4 is a schematic diagram of an alternative electronic device according to an embodiment of the present application, as shown in fig. 4, including a processor 402, a communication interface 404, a memory 406, and a communication bus 408, where the processor 402, the communication interface 404, and the memory 406 communicate with each other via the communication bus 408, where,
a memory 406 for storing a computer program;
the processor 402, when executing the computer program stored in the memory 406, performs the following steps:
under the condition that a client accesses the wireless access point, acquiring a client random number of the client, and acquiring a wireless access point random number and basic elements of the wireless access point through the wireless access point;
generating a pairwise transmission key according to the client random number, the basic element and the wireless access point random number;
and decrypting the wireless message sent by the client to the wireless access point by using the paired transmission secret key to obtain account information of the client, and judging whether the client is the client allowing access according to the account information of the client.
Alternatively, in this embodiment, the communication bus may be a PCI (peripheral Component interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus. The communication interface is used for communication between the electronic equipment and other equipment.
The memory may include RAM, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
As an example, the memory 406 may include, but is not limited to, the obtaining module 302, the generating module 304, and the decrypting module 306 in the monitoring apparatus of the access client. In addition, the monitoring device may further include, but is not limited to, other module units in the monitoring device of the access client, which is not described in this example again.
The processor may be a general-purpose processor, and may include but is not limited to: a CPU (Central Processing Unit), an NP (Network Processor), and the like; but also a DSP (Digital Signal Processing), an ASIC (application Specific Integrated circuit), an FPGA (field programmable Gate Array), or other programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
Optionally, for a specific example in this embodiment, reference may be made to the example described in the foregoing embodiment, and this embodiment is not described herein again.
It can be understood by those skilled in the art that the structure shown in fig. 4 is only an illustration, and the device implementing the monitoring method for accessing to the client may be a terminal device, and the terminal device may be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 4 does not limit the structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 4, or have a different configuration than shown in FIG. 4.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disk, ROM, RAM, magnetic or optical disk, and the like.
According to yet another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, wherein the computer program is executed by a processor to perform the steps in the monitoring method of the access client.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the various methods in the foregoing embodiments may be implemented by a program instructing hardware related to the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, read-only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, units or modules, and may be electrical or in other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A monitoring method for accessing a client is characterized in that a working channel of a wireless network card is the same as that of a wireless access point, the wireless network card stores a service set identifier and a secret key of the wireless access point, and the method comprises the following steps:
under the condition that a client accesses the wireless access point, acquiring a client random number of the client, and acquiring a wireless access point random number and basic elements of the wireless access point through the wireless access point;
generating a pairwise transmission key from the client random number, the base element, and the wireless access point random number;
and decrypting the wireless message sent by the client to the wireless access point by using the paired transmission secret key to obtain account information of the client, and judging whether the client is the client allowing access according to the account information of the client.
2. The method of claim 1, further comprising:
the wireless network card sets itself to a monitoring mode and receives a wireless access point mark of the wireless access point to be monitored;
according to the wireless access point mark, the wireless network card sends an acquisition request to the wireless access point to acquire a channel mark of a working channel of the wireless access point;
and the wireless network card modifies the working channel of the wireless network card according to the channel mark and adjusts the working channel to be consistent with the channel mark.
3. The method of claim 1, further comprising:
and the wireless network card stores the key in a storage table according to the service set identifier, wherein the storage table comprises a service set identifier column and a key column, and the service set identifier and the key are in one-to-one correspondence.
4. The method of claim 1, wherein the generating a pairwise transmission key from the client random number, the base element, and the wireless access point random number comprises:
and splicing the client random number, the wireless access point random number and the basic element into the paired transmission key.
5. The method of claim 1, wherein the decrypting the wireless packet sent by the client to the wireless access point using the pairwise transmission key to obtain the account information of the client comprises:
decrypting the wireless message by using the paired transmission secret key as a decryption key to obtain the plaintext content of the wireless message;
and taking m-n bit data in the plaintext content as the account information, wherein the m-n bit is a position for storing the account information in the plaintext content.
6. The method of claim 1, wherein after decrypting a wireless packet sent by the client to the wireless access point using the pairwise transmission key to obtain account information of the client, the method further comprises:
comparing the account information with a white list;
and under the condition that the white list does not contain the account information, informing the wireless access point to discard the wireless message.
7. The method of claim 1, further comprising:
the client generates the client random number according to a first password input by a user and a service set identifier of the client, and the wireless access point generates the wireless access point random number according to a second password used for connecting the wireless access point and the service set identifier of the wireless access point.
8. A monitoring device for accessing a client is characterized in that a working channel of a wireless network card is the same as that of a wireless access point, the wireless network card stores a service set identifier and a secret key of the wireless access point, and the device comprises:
the acquisition module is used for acquiring a client random number of a client through the wireless access point under the condition that the client is accessed to the wireless access point, and acquiring a wireless access point random number and basic elements of the wireless access point;
a generation module, configured to generate a pairwise transmission key according to the client random number, the basic element, and the wireless access point random number;
and the decryption module is used for decrypting the wireless message sent by the client to the wireless access point by using the paired transmission secret key, acquiring account information of the client and judging whether the client is the client allowing access according to the account information of the client.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
10. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 7 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211478071.3A CN115915244A (en) | 2022-11-23 | 2022-11-23 | Monitoring method and device for access client, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211478071.3A CN115915244A (en) | 2022-11-23 | 2022-11-23 | Monitoring method and device for access client, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115915244A true CN115915244A (en) | 2023-04-04 |
Family
ID=86487787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211478071.3A Pending CN115915244A (en) | 2022-11-23 | 2022-11-23 | Monitoring method and device for access client, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115915244A (en) |
-
2022
- 2022-11-23 CN CN202211478071.3A patent/CN115915244A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| US11743731B2 (en) | Method and device to establish a wireless secure link while maintaining privacy against tracking | |
| CN107888381B (en) | Method, device and system for realizing key import | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| US20190289463A1 (en) | Method and system for dual-network authentication of a communication device communicating with a server | |
| CN105007575A (en) | Calling method and system | |
| CN104023012B (en) | The method, apparatus and system of service are called in cluster | |
| US9445269B2 (en) | Terminal identity verification and service authentication method, system and terminal | |
| TW201830949A (en) | Methods for sharing sim card and mobile terminals | |
| CN104935435A (en) | Login methods, terminal and application server | |
| CN105376059A (en) | Method and system for performing application signature based on electronic key | |
| CN111355575A (en) | Communication encryption method, electronic device and readable storage medium | |
| US11139962B2 (en) | Method, chip, device and system for authenticating a set of at least two users | |
| CN112512048A (en) | Mobile network access system, method, storage medium and electronic device | |
| US20190149326A1 (en) | Key obtaining method and apparatus | |
| KR20190026058A (en) | A method of replacing at least one authentication parameter for authenticating a security element and corresponding security element | |
| CN115150109A (en) | Authentication method, device and related equipment | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN110213346B (en) | Encrypted information transmission method and device | |
| US20220174490A1 (en) | System, method, storage medium and equipment for mobile network access | |
| CN115915244A (en) | Monitoring method and device for access client, storage medium and electronic equipment | |
| CN107846390B (en) | Authentication method and device for application program | |
| CN105516083A (en) | Data security management method, apparatus, and system | |
| CN113452513B (en) | Key distribution method, device and system | |
| CN110875902A (en) | Communication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |