CN117544954A

CN117544954A - Network access authentication method, device, electronic equipment and storage medium

Info

Publication number: CN117544954A
Application number: CN202311564741.8A
Authority: CN
Inventors: 唐敏健
Original assignee: Lumi United Technology Co Ltd
Current assignee: Lumi United Technology Co Ltd
Priority date: 2023-11-21
Filing date: 2023-11-21
Publication date: 2024-02-09

Abstract

The embodiment of the application provides a network access authentication method and a related device, wherein the method comprises the following steps: if the terminal equipment acquires the information broadcasted by the network equipment, a connection request carrying a first random code is sent to the network equipment based on the broadcasted information; acquiring first authentication information and a second random code which are sent by network equipment and are generated in response to a connection request; the first authentication information is generated based on a key determined by the device information of the terminal device and a first random code; checking the first authentication information based on the first key and the first random code of the terminal equipment; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first secret key and the second random code, so that connection with the network equipment can be initiated from the terminal equipment side, the connection with the network equipment is directly performed according to information broadcast by the network equipment, and efficiency in connection between the terminal equipment and the network equipment is improved.

Description

Network access authentication method, device, electronic equipment and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to a network access authentication method and a related device.

Background

Currently, most network devices in intelligent home systems based on BLE (Bluetooth Low Energy ) communication technology generally integrate a WIFI function and a BLE function at the same time, that is, the network devices can support WIFI communication and also can support bluetooth low energy for communication. Because when audio and video stream data are transmitted through WIFI, the WIFI signal of the wireless fidelity (WIFI) signal can cause serious interference to the BLE scanning signal in the same narrow space, when the network equipment is connected with the BLE equipment in the scene, the network equipment needs to scan and calculate a large amount of peripheral equipment to select the BLE equipment which needs to be connected, and due to the interference of the WIFI signal, the network equipment often loses the scanning equipment and even cannot scan the equipment, so that the scanning time is prolonged, and the efficiency of the network equipment when the network equipment is connected with the BLE equipment is reduced.

Disclosure of Invention

The embodiment of the application provides a network access authentication method and a related device, which aim to solve the problems that a WIFI signal in network equipment causes interference to a BLE signal and the connection efficiency of the network equipment and the BLE equipment is reduced in the existing scheme.

A first aspect of an embodiment of the present application provides a network access authentication method, where the method includes:

If the terminal equipment acquires the information broadcasted by the network equipment, a connection request carrying a first random code is sent to the network equipment based on the broadcasted information;

acquiring first authentication information and a second random code which are sent by network equipment and are generated in response to the connection request; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code;

verifying the first authentication information based on the first key and the first random code of the terminal device; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first key and the second random code.

A second aspect of an embodiment of the present application provides a network access authentication method, where the method includes:

if the network equipment is in a broadcasting state, broadcasting information for connecting the terminal equipment in a target range;

if a connection request carrying a first random code sent by terminal equipment is received, generating first authentication information and a second random code in response to the connection request and sending the first authentication information and the second random code to the terminal equipment; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code;

If a verification message which is generated after the first authentication information is verified and passed and comprises second authentication information is received by the terminal equipment based on a first secret key and the first random code, the terminal equipment is connected with the terminal equipment through the second authentication information and the second random code; the second authentication information is generated based on the first key and the second random code.

A third aspect of the embodiments of the present application provides an access authentication apparatus, including:

a sending unit, configured to send a connection request carrying a first random code to a network device based on the broadcasted information if the information broadcasted by the network device is obtained;

an obtaining unit, configured to obtain first authentication information and a second random code, which are sent by a network device and are generated in response to the connection request; the first authentication information is generated based on a key determined by device information of the terminal device and the first random code;

a connection unit configured to verify the first authentication information based on a first key of the terminal device and the first random code; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first key and the second random code.

A fourth aspect of the embodiments of the present application provides an access authentication apparatus, including:

a broadcasting unit for broadcasting information for connecting the terminal device in a target range if in a broadcasting state;

a sending unit, configured to generate first authentication information and a second random code in response to a connection request sent by a terminal device if the connection request carrying the first random code is received, and send the first authentication information and the second random code to the terminal device; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code;

the connection unit is used for connecting the terminal equipment through the second authentication information and the second random code if a verification message which is generated after the first authentication information is verified and passes and comprises the second authentication information is received by the terminal equipment based on the first secret key and the first random code; the second authentication information is generated based on the first key and the second random code.

A fifth aspect of embodiments of the present application provides an access authentication system, the system comprising:

the terminal equipment is used for sending a connection request carrying a first random code to the network equipment based on the broadcasted information if the information broadcasted by the network equipment is obtained; acquiring first authentication information and a second random code which are sent by network equipment and are generated in response to the connection request; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code; verifying the first authentication information based on the first key and the first random code of the terminal device; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first key and the second random code;

The network equipment is used for broadcasting information for connecting the terminal equipment in a target range if the network equipment is in a broadcasting state; if a connection request carrying a first random code sent by terminal equipment is received, generating first authentication information and a second random code in response to the connection request and sending the first authentication information and the second random code to the terminal equipment; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code; if a verification message which is generated after the first authentication information is verified and passed and comprises second authentication information is received by the terminal equipment based on a first secret key and the first random code, the terminal equipment is connected with the terminal equipment through the second authentication information and the second random code; the second authentication information is generated based on the first key and the second random code.

A sixth aspect of embodiments of the present application provides an electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the network entry authentication method according to any one of the first aspects when executed by the processor.

A seventh aspect of the embodiments of the present application provides an electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the network entry authentication method according to any one of the second aspects when executed by the processor.

An eighth aspect of the embodiments of the present application provides a computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method according to any one of the first and/or second aspects.

A ninth aspect of the embodiments of the present application provides a computer program product, wherein the computer program product comprises a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform part or all of the steps as described in the first or second aspects of the embodiments of the present application. The computer program product may be a software installation package.

Implementation of the embodiment of the application has the following beneficial effects:

If the terminal equipment acquires the information broadcasted by the network equipment, a connection request carrying a first random code is sent to the network equipment based on the broadcasted information, and the first authentication information and a second random code which are sent by the network equipment and are generated in response to the connection request are acquired, wherein the first authentication information is generated based on a secret key determined by equipment information of the terminal equipment and the first random code, the first authentication information is checked based on the first secret key of the terminal equipment and the first random code, if the check is passed, the connection is performed with the network equipment based on the second random code and the second authentication information, and the second authentication information is generated based on the first secret key and the second random code.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1A is a schematic view of a scenario of an access authentication method according to an embodiment of the present application;

fig. 1B is a schematic diagram of an access authentication system according to an embodiment of the present application;

fig. 2A is a schematic flow chart of a network access authentication method according to an embodiment of the present application;

fig. 2B is a schematic flow chart of a network access authentication method according to an embodiment of the present application;

fig. 2C is an interaction schematic diagram of a network access authentication method according to an embodiment of the present application;

fig. 3 is a schematic flow chart of a terminal device reconnection provided in the embodiment of the present application;

fig. 4 is a schematic block diagram of an access authentication device according to an embodiment of the present application;

fig. 5 is a schematic block diagram of an access authentication device according to an embodiment of the present application;

fig. 6 is a schematic hardware structure of a communication device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

The terms first, second and the like in the description and in the claims of the present application and in the above-described figures, are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.

Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly understand that the embodiments described herein may be combined with other embodiments.

In order to better understand the network access authentication method provided in the embodiments of the present application, a method for network access authentication of a terminal device in the existing scheme is briefly described below. In this embodiment, a terminal device is taken as BLE device, a network device is taken as network device for illustration, and in the existing smart home system, internet of things system and the like, the BLE device includes, for example, a bluetooth voice remote controller and the like, and can perform data transmission after accessing the network, and perform firmware OTA upgrade and the like, at this time, the network device acts as a Master role, and needs to start a scanning function to scan peripheral devices, and after scanning to a target device (BLE device needing to access the network), connection can be initiated and a communication link can be established, and access authentication is performed. Because the network equipment for BLE equipment access also generally integrates the WIFI function to there is the condition that the BLE equipment needs to be connected simultaneously when WIFI transmits audio and video stream data, and the network equipment needs to carry out a large amount of scanning and calculation work to peripheral equipment at this moment and can select the BLE equipment that needs to be connected, because there is WIFI signal interference, the network equipment often loses the condition that scanning equipment even cannot scan terminal equipment, thereby the time that the BLE equipment carries out network access authentication increases sharply etc.

The network access authentication method can initiate connection with the network equipment from the terminal equipment side, and directly connect with the network equipment according to information broadcasted by the network equipment, so that the terminal equipment needing to be connected is prevented from being selected from the network equipment side through scanning and calculation, and efficiency of connection between the terminal equipment and the network equipment is improved.

Meanwhile, the network access authentication method provided by the embodiment of the application can also solve the problem that in the existing scheme, a user directly accesses the BLE device to the network and shares information into the whole home network through the application APP adding device under the condition that the network device is not added in the home network. As shown in fig. 1A, the user then adds the network device 1, the network device 2, the network device 3 to the network device list, and so on, and at this time, since the LBE device is a low power consumption device, no real-time silent downlink channel sends the network device 1, the network device 2, the network device 3, and so on to the BLE device, at this time, the BLE device needs to actively or passively acquire the network device list information of the user, and the processing method in the existing scheme is as follows: the user manually activates the BLE equipment again and synchronizes information of the network equipment 1, the network equipment 2, the network equipment 3 and the like to the BLE equipment in a mode of APP BLE direct connection, so that steps are complicated when the user operates, and convenience is low. According to the network access authentication method, after the information actively broadcast by the network equipment is received, the information of the network equipment can be actively acquired and authenticated, and after the authentication is successful, the acquired information of the network equipment can be stored, so that a user is not required to manually activate BLE equipment and related information of the network equipment is acquired in a direct connection mode of APP BLE, and convenience is improved.

The network access authentication method provided by the application can be applied to an application environment shown in fig. 1B. Among other things, fig. 1B provides a network access authentication system that includes a terminal device 110, a network device 120 (which may specifically be a gateway, a router, etc.) communicatively connected to the terminal device 110, a user control device 130, etc. The intelligent device 110 may be a BLE device, specifically, for example, a bluetooth voice remote controller, a bluetooth sound device, etc., the network device 120 may be an internet of things gateway, or other network devices, and the user control device 130 may be a mobile phone, a remote controller, etc., which is not limited herein.

A network connection is established between the terminal device 110 and the network device 120, and in one embodiment, a network connection may be established between the network device 120 and the terminal device 110 through a local area network or a wide area network path, and a network connection may be established between the user control device 130 and the network device 120 through a wireless local area network or a wide area network path. The user control device 130 interacts with the terminal device 110 via a network connection, so that the user by means of the user control device 130 controls the terminal device 110 of the access network device 120 to perform a corresponding action.

The user control device 130 may be a smart phone, a notebook computer, a personal computer, a tablet computer, an intelligent control panel, or other electronic devices capable of implementing network connection, which is not limited herein. Specifically, before the terminal device 110 and the network device 120 perform authentication, the terminal device 110 needs to perform network configuration authentication at the cloud, and during the network configuration authentication process, an Auth Key corresponding to the terminal device 110 may be generated, and after the authentication is successful, the cloud server may send the Auth Key to all network devices 120 associated with the user, where the Auth Key may be a first Key or a second Key in the subsequent embodiment. The method for generating the authkey is a method for generating the authkey in a general distribution network authentication method, and the length of the authkey can be 32-47 bytes, and the method is not described in detail here.

Referring to fig. 2A, fig. 2A is a schematic flow chart of an access authentication method according to an embodiment of the present application. As shown in fig. 2A, the network access authentication method is applied to a terminal device, and the method includes:

s201, if the terminal equipment acquires the information broadcasted by the network equipment, a connection request carrying a first random code is sent to the network equipment based on the broadcasted information.

When the terminal equipment is accessed to the network, no network equipment which has established a binding relation exists in the current network, and under the condition that the information actively broadcasted by the network equipment is acquired, a connection request carrying a first random code is sent to the network equipment based on the broadcasted information.

The terminal device may receive a broadcast frame sent by the network device and used for performing network connection, and obtain information broadcasted by the network device from the broadcast frame, where the information may specifically be an identifier of the network device in the broadcast frame, and other information that may be used for establishing connection, and so on.

After the terminal equipment establishes communication connection with the network equipment according to the information broadcast by the network equipment, the terminal equipment sends a connection request carrying a first random code to the network equipment based on the broadcast information. The communication connection established here is used for transmission of a request for subsequent authentication connection or the like.

After the terminal device establishes a communication connection with the network device, it may generate a first random code, which is randomly generated.

S202, acquiring first authentication information and a second random code which are sent by network equipment and are generated in response to the connection request; the first authentication information is generated based on a key determined by device information of the terminal device and the first random code.

After receiving the connection request carrying the first random code, the network device may extract the first random code in the connection request, and obtain device information of the terminal device, where the device information of the terminal device includes identification information of the terminal device. The first random code may be a randomly generated character or the like.

The identification information of the terminal equipment can comprise an MAC address, an equipment identification and the like, and the identification information of legal terminal equipment is stored in the network equipment, wherein the legal terminal equipment can be understood as the terminal equipment which is successfully authenticated by a user performing network allocation authentication at a cloud end.

If the network device cannot acquire the corresponding key according to the identification information of the terminal device at this time, the terminal device can be determined to be illegal, the terminal device can be refused to access the network, and the authentication flow is ended.

The method for generating the first authentication information by the network device according to the key and the first random code determined by the device information of the terminal device may be: and taking the secret key determined according to the equipment information of the terminal equipment as a ciphertext, taking the first random code as a plaintext, carrying out encryption operation through an AES128 encryption algorithm to obtain an operation result, and determining the operation result as first authentication information. It is of course possible to use other encryption algorithms for encryption processing to obtain the first authentication information, which is only illustrated herein and not specifically limited.

The network may generate a second random code that is a randomly generated character or the like.

After the first authentication information is acquired and the second random code is generated, the network device sends the first authentication information to the terminal device and generates the second random code. Specifically, the first authentication information and the second random code are sent to the terminal device by sending an authentication response, wherein the authentication response comprises the first authentication information and the second random code.

The terminal device may receive an authentication response sent by the network device, extract the first authentication information and the second random code from the authentication response, and the like.

S203, checking the first authentication information based on a first key of the terminal equipment and the first random code; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first key and the second random code.

After the terminal device obtains the second random code and the first authentication information, the terminal device may perform encryption processing by using a first encryption algorithm according to the first key and the first random code to obtain a first encryption result, and verify the first authentication information according to the first encryption result. In the verification, if the first encryption result is the same as the first authentication information, the verification is passed, and if the first encryption result is different from the first authentication information, the verification is failed. The first encryption algorithm may be an AES128 encryption algorithm, among others, which is consistent with the encryption algorithm described previously.

After the verification fails, the network access from the network device can be refused. And if the verification is passed, the network device can access the network, and second authentication information is generated in an encrypted mode according to the first secret key and the second random code. The network device may also be added to the set of whitelisted devices after the verification is successful. The white list device set may be used for subsequent terminal device reconnections.

After the verification is successful, the terminal device may be connected to the network device based on the second random code and the second authentication information, specifically, the network device may send a verification message carrying the second authentication information to the network device, and the network device is connected to the terminal device according to the second authentication information and the second random code. The check message may be an independent message, which is used to carry the second authentication information that needs to be sent by the terminal device, or may be an interaction message between another existing terminal device and the network device, where the second authentication information is included in the message.

In one possible implementation manner, a method for verifying, by a terminal device, the first authentication information based on a first key of the terminal device and the first random code includes:

A1, the terminal equipment adopts a first encryption algorithm to encrypt the first secret key and the first random code so as to obtain a first encryption result;

a2, if the first encryption result is the same as the first authentication information, checking to pass.

The first encryption algorithm adopted by the terminal device when performing encryption operation according to the first key and the first random code may be a symmetric encryption algorithm, specifically may be that the first key is used as a ciphertext and the first random code is used as a plaintext, may be that the first key is encrypted by using the AES128 encryption algorithm, or may be that the first key is encrypted by using other encryption methods, and the encryption method thereof should correspond to the encryption method in the network device, so that subsequent verification may be performed.

If the first encryption result is different from the first authentication information, the verification fails.

Because the terminal equipment generates the Auth Key corresponding to the terminal equipment when the cloud performs network distribution authentication, and the cloud transmits the Auth Key to all network equipment associated with the user after the terminal equipment is successfully authenticated, the first Key at the moment can be the Auth Key corresponding to the BLE equipment, and the second Key included in the first authentication information can be the Auth Key transmitted to all network equipment associated with the user by the cloud. If the first encryption result is the same as the first authentication information, the encryption texts corresponding to the first encryption result and the first authentication information are the same, and the first random code is used, so that the first secret key stored in the terminal equipment and the second secret key corresponding to the terminal equipment stored in the network equipment can be proved to be the same, and verification is successful, so that identity authentication of the two parties is realized.

In one possible implementation manner, a method for a terminal device to connect with the network device based on the second random code and second authentication information includes:

b1, the terminal equipment sends a check message comprising second authentication information to the network equipment;

b2, the terminal equipment receives a connection message sent by the network equipment after the second authentication information and the second random code are checked to pass;

and B3, the terminal equipment is connected with the network equipment according to the connection message.

And if the second encryption result is the same as the second authentication information, checking the second authentication information, and transmitting a connection message to the terminal equipment.

The method for encrypting the second key and the second random code by using the first encryption algorithm to obtain the second encryption result refers to the method corresponding to step A1 in the foregoing embodiment, and will not be described herein again.

The connection message may be a connection message for establishing a data transmission connection between the subsequent terminal device and the network device, and after the terminal is successfully connected with the network device according to the connection message, the subsequent data transmission, the transmission of the communication message, and the like may be performed between the terminal device and the network device.

In one possible implementation manner, the terminal device may send an initiation of network access connection to the plurality of network devices, for example, after the terminal device cannot communicate with the connected first network device, if the terminal device receives information broadcast by the second network device, the terminal device may identify the second network device and perform network access according to the identification result, which may specifically be:

c1, under the condition that the terminal equipment cannot communicate with the first network equipment, if information broadcasted by the second network equipment is obtained, identifying the identity of the second network equipment according to the information broadcasted by the second network equipment;

and C2, if the second network equipment is identified as the network equipment in the white list equipment set, the terminal equipment sends a connection request to the second network equipment in a time slot for acquiring information broadcasted by the second network equipment so as to indicate that the second network equipment is connected with the terminal equipment.

The situation that the terminal device cannot communicate with the first network device may be that the first network device is turned off, the terminal device is out of coverage range of the first network device, and the like.

When the terminal equipment needs to access the network again, if the information broadcasted by the second network equipment is acquired, the identity of the second network equipment is identified according to the information broadcasted by the second network equipment. The method for identifying the identity of the second network device according to the information broadcast by the second network device may be: comparing the identity information of the second network device with the identity information of the white list device in the white list device set stored by the second network device, if the identity information of the white list device which is the same as the identity information of the second network device exists, determining that the second network device is the white list network device, so that a connection request can be sent to the second network device in a time slot for acquiring the information broadcasted by the second network device to indicate that the second network device is connected with the terminal device, thereby greatly improving the speed of re-accessing the terminal device into the network and improving the efficiency.

If the second network device is identified not to be the network device in the white list device set, a connection request carrying a first random code is sent to the second network device according to the information broadcast by the second network device, and after the connection request carrying the first random code is sent, the connection with the second network device can be established by executing the connection establishment method with the network device in the foregoing embodiment.

In one possible implementation manner, a possible method for sending a connection request to a second network device in a time slot of acquiring information broadcasted by the second network device includes:

d1, determining a sub-time slot for transmitting a connection request in a time slot for acquiring information broadcasted by a second network device, and determining connection request information; the sub-time slot is any one of idle time slots of the time slots for acquiring information broadcast by the second network equipment;

d2, in the sub-time slot, sending a connection request to the second network device based on the connection request information.

The connection request information may include identification information of the terminal device, location information of the identification information in the connection request, and the like.

The time slot of the information broadcast by the second network device may be understood as a time slot in which the second network device broadcasts the information using a fixed time period, where a part of the sub-slots are used to transmit the broadcasted information, and the remaining unused time slots are idle time slots, where there may be a plurality of idle time slots. Accordingly, a connection request may be sent to the second network device based on the connection request information in the sub-slot. Therefore, the connection request can be sent to the second network equipment in the time slot of the information broadcast by the second network equipment, the time for the second network equipment to receive the connection request can be extremely long, and the connection efficiency is improved.

In one possible implementation manner, when the terminal device is in the coverage area of the network device a during moving, and when the user initiates the reconnection operation, the terminal device can meet the real-time requirement by reconnecting with the address corresponding to the network device a. The terminal equipment directly designates the gateway address to return to the network equipment, which is a mode that the return connection speed of the terminal equipment is the fastest. Since the LBE device moves out of coverage of the network device a and moves to coverage of another network device B, and since the terminal device is a low-power device and is usually in a low-power sleep mode, its sensing capability of moving its own position is poor, and it cannot be generally perceived that it has generated a position movement, when a user operates the terminal device to initiate reconnection, the terminal device defaults to initiate reconnection to the network device a, at this time, the reconnection cannot be successfully performed, and the general solution is that the user performs a corresponding gateway switching operation to switch the network device to be reconnected from the network device a to the network device B, so that the efficiency of reconnection of the terminal device is low, and convenience is also not high.

Therefore, in the embodiment of the present application, the fast connection may be performed through the whitelist device set constructed in the foregoing method, and the specific method may be: the terminal equipment scans the broadcast frames, if the broadcast frames transmitted by the network equipment in the white list equipment set exist in the broadcast frames, the broadcast frames are directly connected back according to the broadcast frames transmitted by the network equipment in the white list equipment set, so that the network equipment in the white list equipment set transmits the broadcast frames near the terminal equipment, the connection back efficiency of the terminal equipment is improved greatly, and the connection back time can be reduced by at least 2-10 seconds compared with the connection establishment mode through equipment discovery in the prior scheme. The specific reconnection mode can adopt a general white list reconnection method. Meanwhile, after the communication link is established between the terminal equipment and the network equipment, the terminal equipment can also transmit data signals requiring a certain bandwidth such as real voice, and therefore diversity of data transmission can be achieved.

Referring to fig. 2B, fig. 2B is a schematic flow chart of a network access authentication method according to an embodiment of the present application. As shown in fig. 2B, the network access authentication method is referred to a network device, and the method includes:

S301, if the network device is in a broadcast state, information for connecting the terminal device is broadcast within a target range.

Wherein the network device may broadcast information for connecting the terminal device by transmitting a broadcast frame. Specifically, the network device may broadcast the information for connecting the terminal device by transmitting a broadcast frame when in a broadcast state. The target range may be understood as the coverage of the network device, e.g. the network device coverage comprises the total space of one room, within which the network device broadcasts information for connecting the terminal devices.

The network device, being a non-low power consumption device, may continuously transmit broadcast frames for the terminal device to make a network access connection. The network device may be any gateway device to which the user belongs, one user may associate multiple gateway devices, e.g., the user may set up gateway devices in different rooms, on different floors, all of which may be associated to one user account of the user, the user may add gateway devices through the APP, view the status of gateway devices, etc.

When the terminal device needs to perform network access authentication, it can scan to detect the broadcast frame. After detecting the broadcast frame, relevant information in the broadcast frame (i.e., information that is broadcast) may be extracted, such as an identification of a network device in the broadcast frame, and other information that may be used to establish a connection, etc.

After extracting the information for establishing connection, the terminal equipment establishes network connection with the network equipment, and the terminal equipment takes the role of a Master when establishing.

S302, if a connection request carrying a first random code sent by terminal equipment is received, first authentication information and a second random code are generated in response to the connection request and sent to the terminal equipment; the first authentication information is generated based on a key determined by device information of the terminal device and the first random code.

After receiving the connection request carrying the first random code, the network device may extract the first random code in the connection request, and obtain device information of the terminal device, where the device information of the terminal device includes identification information of the terminal device, and so on.

The network may generate a second random code, which is randomly generated.

S303, if a verification message which is generated after the first authentication information is verified and passes and comprises second authentication information is received by the terminal equipment based on a first secret key and the first random code, the terminal equipment is connected with the terminal equipment through the second authentication information and the second random code; the second authentication information is generated based on the first key and the second random code.

After the terminal device obtains the second random code and the first authentication information, the terminal device can adopt a first encryption algorithm to encrypt according to the first secret key and the first random code to obtain a first encryption result, and check the first authentication information according to the first encryption result. In the verification, if the first encryption result is the same as the first authentication information, the verification is passed, and if the first encryption result is different from the first authentication information, the verification is failed. The first encryption algorithm may be an AES128 encryption algorithm, among others, which is consistent with the encryption algorithm described previously.

After the verification is successful, the terminal device may be connected to the network device based on the second random code and the second authentication information, specifically, the second authentication information may be sent to the network device, and the network device is connected to the terminal device according to the second authentication information and the second random code.

The connection with the terminal device through the second authentication information and the second random code may specifically be: and carrying out encryption processing on a second key and a second random code by adopting a first encryption algorithm to obtain a second encryption operation result, wherein the second key is a key which is stored in the network equipment and corresponds to the terminal equipment and is used for identity verification. If the second encryption operation result is the same as the second authentication information, checking is passed, and connection is performed with the terminal device by sending a connection message to the terminal device (the connection can be used for subsequent data transmission and the like), and if the checking is failed, the communication connection with the terminal device is disconnected.

In one possible implementation manner, a method for connecting a network device with the terminal device through the second authentication information and the second random code includes:

e1, encrypting a second secret key and the second random code by adopting a first encryption algorithm to obtain a second encryption result, wherein the second secret key is a secret key which is stored in the network equipment and corresponds to the terminal equipment and is used for identity verification;

and E2, if the second encryption result is the same as the second authentication information, checking the second encryption result, and connecting the second encryption result with the terminal equipment by sending a connection message to the terminal equipment.

The connection message is used for establishing data transmission connection between the terminal equipment and the network equipment, and after the network equipment is successfully connected with the terminal equipment according to the connection message, subsequent data transmission, communication message transmission and the like can be performed between the network equipment and the terminal equipment.

Fig. 2C, fig. 2C is an interaction schematic diagram of an online authentication method according to an embodiment of the present application. As shown in fig. 2C, the network access authentication method is applied to a network access authentication system, the network access authentication system including a terminal device and a network device, the method including:

S401, the network device broadcasts information for connecting the terminal device within the target range.

S402, the terminal equipment receives information broadcast by the network equipment, and sends a connection request carrying a first random code to the network equipment based on the broadcast information.

S403, the network equipment receives a connection request carrying a first random code sent by the terminal equipment, generates first authentication information and a second random code in response to the connection request, and sends the first authentication information and the second random code to the terminal equipment, wherein the first authentication information is generated based on a secret key determined by equipment information of the terminal equipment and the first random code.

The network may generate a second random code, which is randomly generated.

S404, the terminal equipment acquires the first authentication information and the second random code which are sent by the network equipment and are generated in response to the connection request.

S405, the terminal equipment checks the first authentication information based on a first key of the terminal equipment and the first random code, and if the check is passed, a check message of second authentication information is sent to the network equipment, and the second authentication information is generated based on the first key and the second random code.

After the second random code and the first authentication information are acquired, encryption processing can be performed by adopting a first encryption algorithm according to the first secret key and the first random code, a first encryption result is obtained, and the first authentication information is checked according to the first encryption result. In the verification, if the first encryption result is the same as the first authentication information, the verification is passed, and if the first encryption result is different from the first authentication information, the verification is failed. The first encryption algorithm may be an AES128 encryption algorithm, among others, which is consistent with the encryption algorithm described previously.

S406, if the verification message including the second authentication information generated after the first authentication information is verified based on the first key and the first random code is received by the terminal equipment, the terminal equipment is connected with the terminal equipment through the second authentication information and the second random code.

In this example, if the terminal device obtains the information broadcasted by the network device, a connection request carrying a first random code is sent to the network device based on the broadcasted information, and the first authentication information and a second random code generated in response to the connection request sent by the network device are obtained, where the first authentication information is generated based on a key determined by device information of the terminal device and the first random code, the first authentication information is checked based on the first key of the terminal device and the first random code, if the check is passed, the connection is made with the network device based on the second random code and the second authentication information is generated based on the first key and the second random code, so that a connection between the terminal device and the network device can be initiated, and the connection is directly performed according to the information broadcasted by the network device, thereby avoiding that the terminal device needing to be connected is selected from the network device side through scanning and calculation, and improving efficiency when the connection is performed between the terminal device and the network device.

Meanwhile, the network access authentication method can actively acquire and authenticate the information of the network equipment after receiving the information actively broadcasted by the network equipment, and can save the acquired information of the network equipment after successful authentication, so that a user is not required to manually activate BLE equipment and acquire related information of the network equipment in a direct connection mode of APP BLE, and convenience is improved.

Compared with the prior art that the network equipment takes a Master role to perform a large amount of scanning and analysis work, the network equipment only needs to be newly added with an identity authentication function and is in a broadcast state, and subsequent identity authentication is performed after connection is established in a mode that the terminal equipment scans a broadcast frame, so that multiple authentication functions are realized with lower load, the load of the network equipment is reduced, and the reliability of a system is improved.

In one possible implementation manner, a method for verifying, by a terminal device, the first authentication information based on a first key of the terminal device and the first random code includes: the terminal equipment adopts a first encryption algorithm to encrypt the first key and the first random code so as to obtain a first encryption result; and if the first encryption result is the same as the first authentication information, checking to pass.

In one possible implementation manner, a method for a terminal device to connect with the network device based on the second random code and second authentication information includes: the terminal equipment sends a check message comprising second authentication information to the network equipment; if the network equipment receives a verification message which is generated after the first authentication information is verified and passes and comprises second authentication information based on a first key and the first random code, a first encryption algorithm is adopted to encrypt a second key and the second random code so as to obtain a second encryption result, and the second key is a key which is stored in the network equipment and corresponds to the terminal equipment and is used for identity verification; if the second encryption result is the same as the second authentication information, checking to pass, and sending a connection message to the terminal equipment; the terminal equipment receives a connection message sent by the network equipment after the second authentication information and the second random code are checked to pass; and the terminal equipment is connected with the network equipment according to the connection message.

In one possible implementation manner, the terminal device may send an initiation of network access connection to the plurality of network devices, for example, after the terminal device cannot communicate with the connected first network device, if the terminal device receives information broadcast by the second network device, the terminal device may identify the second network device and perform network access according to the identification result, which may specifically be: after the terminal equipment cannot communicate with the first network equipment, if the terminal equipment needs to access the network again, if the information broadcasted by the second network equipment is obtained, the identity of the second network equipment is identified according to the information broadcasted by the second network equipment; if the second network device is identified as the network device in the white list device set, the terminal device sends a connection request to the second network device in a time slot for acquiring information broadcasted by the second network device, so as to indicate that the second network device is connected with the terminal device.

The method for identifying the identity of the second network device according to the information broadcast by the second network device may be: comparing the identity information of the second network device with the identity information of the white list device in the white list device set stored by the second network device, if the identity information of the white list device which is the same as the identity information of the second network device exists, determining that the second network device is the white list network device, so that a connection request can be sent to the second network device in a time slot for acquiring the information broadcasted by the second network device to indicate that the second network device is connected with the terminal device, thereby greatly improving the speed of re-accessing the terminal device into the network and improving the efficiency.

In one possible implementation manner, a possible method for sending a connection request to a second network device in a time slot of acquiring information broadcasted by the second network device includes: determining a sub-time slot for transmitting a connection request in a time slot for acquiring information broadcasted by the second network equipment, and determining connection request information; the sub-time slot is any one of idle time slots of the time slots for acquiring information broadcast by the second network equipment; and transmitting a connection request to the second network device based on the connection request information in the sub-time slot.

The time slot of the information broadcast by the second network device may be understood as a time slot in which the second network device broadcasts the information using a fixed time period, where a part of the sub-slots are used to transmit the broadcasted information, and the remaining unused time slots are idle time slots, where there may be a plurality of idle time slots. Accordingly, a connection request may be sent to the second network device based on the connection request information in the sub-slot.

As shown in fig. 3, fig. 3 shows a schematic flow chart of a terminal device reconnection. The method comprises the following steps:

s501, the terminal equipment receives a broadcast frame sent by the network equipment.

S502, the terminal equipment determines whether the network equipment corresponding to the broadcast frame is in a white list equipment set, and if so, the terminal equipment establishes connection with the network equipment.

If the network device is not in the white list device set, the corresponding flow of the network access authentication method in the foregoing embodiment is started to perform network access authentication, and after authentication is successful, the network device is added into the white list device set.

The method for establishing connection between the terminal device and the network device may adopt LE Create Connection command instruction for connection, where the instruction is a general whitelist connection instruction.

S503, after the terminal equipment establishes connection with the network equipment, the terminal equipment performs identity authentication on the network equipment.

The method for authenticating the identity of the network device by the terminal device can adopt a general identity authentication method. After the authentication is successful, subsequent information transmission and the like can be performed.

In the example, the broadcasting frames sent by the network devices in the white list device set are directly connected back, so that the broadcasting frames sent by the network devices in the white list device set near the terminal device can be quickly connected back, and the efficiency of terminal device connection is greatly improved.

In a specific example, when the network device is in a broadcast state, it may continuously broadcast information for connecting to the terminal device within a certain range, where the certain range may be a coverage area of the network device, when the terminal device needs to access the network, it may scan, and if a broadcast frame sent by the network device is received during scanning, the terminal device extracts the broadcasted information from the broadcast frame.

For example, the terminal device sends a connection request carrying a first random code to the network device based on the identifier of the network device, etc., after the network device receives the connection request carrying the first random code, the network device generates first authentication information and second random code, and sends the first authentication information and the second random code to the terminal device, after the terminal device receives the first authentication information and the second random code, the terminal device checks the first authentication information based on the first key and the first random code of the terminal device, if the check fails, the connection flow between the terminal device and the network device is ended, if the check passes, a second authentication message generated according to the first key and the second random code is sent to the network device, after the network device receives the first key sent by the terminal device and the second authentication information generated by the first random code, the network device checks the second authentication information, if the check passes, the terminal device sends a connection message to the terminal device, and the terminal device connects with the network device after receiving the connection message.

After the terminal equipment is connected with the network equipment, if the terminal equipment is disconnected from the network equipment, when the terminal equipment needs to access the network again, information broadcasted by other terminal equipment can be received, the terminal equipment performs identity verification on the network equipment after receiving the broadcasted information, and if the verification result is that the network equipment is in a white list equipment set of the terminal equipment, a connection message is directly sent to the network equipment so as to perform subsequent network connection. If the verification result is that the network device is not in the white list device set of the terminal device, the terminal device executes the authentication flow to perform network access authentication.

The application scenario also provides an application scenario, and the application scenario applies the network access authentication method. Specifically, the application of the network access authentication method in the application scene is as follows:

s601, the network device broadcasts information for connecting the terminal device within the target range.

The network device, being a non-low power consumption device, may continuously transmit broadcast frames for the terminal device to make a network access connection. The network device may be any gateway device to which the user belongs, one user may associate multiple gateway devices, e.g., the user may set up gateway devices in different rooms, on different floors, all of which may be associated to one user account of the user, the user may add gateway devices through the APP, view the status of gateway devices, etc. The multiple gateways can broadcast information for connecting the terminal devices at the same time, and the terminal devices select matched gateways for connection.

S602, the terminal equipment receives information broadcast by the network equipment, and sends a connection request carrying a first random code to the network equipment based on the broadcast information.

And S603, the network equipment receives a connection request carrying a first random code sent by the terminal equipment, generates first authentication information and a second random code in response to the connection request and sends the first authentication information and the second random code to the terminal equipment, wherein the first authentication information is generated based on a secret key determined by equipment information of the terminal equipment and the first random code.

The network may generate a second random code, which is randomly generated.

S604, the terminal equipment acquires first authentication information and a second random code which are sent by the network equipment and are generated in response to the connection request.

S605, the terminal equipment checks the first authentication information based on the first key of the terminal equipment and the first random code, and if the check is passed, a check message of second authentication information is sent to the network equipment, and the second authentication information is generated based on the first key and the second random code.

After the second random code and the first authentication information are obtained, the first encryption algorithm adopted by the terminal device when performing encryption operation according to the first key and the first random code may be a symmetric encryption algorithm, specifically may be that the first key is used as a ciphertext and the first random code is used as a plaintext, may be that the first key is encrypted by using the AES128 encryption algorithm, or may be that the first key is encrypted by using other encryption methods, and the encryption method thereof should correspond to the encryption method in the network device, so that subsequent verification may be performed. In the verification, if the first encryption result is the same as the first authentication information, the verification is passed, and if the first encryption result is different from the first authentication information, the verification is failed.

S606, if the verification message including the second authentication information generated after the first authentication information is verified based on the first key and the first random code is received by the terminal equipment, the terminal equipment is connected with the terminal equipment through the second authentication information and the second random code.

The terminal device may specifically send a check message including the second authentication information to the network device; the terminal equipment receives a connection message sent by the network equipment after the second authentication information and the second random code are checked to pass; and the terminal equipment is connected with the network equipment according to the connection message.

If the network equipment receives second authentication information sent by the terminal equipment, checking the first authentication information to generate a check message comprising the second authentication information after passing, and then adopting a first encryption algorithm to encrypt a second key and the second random code to obtain a second encryption result, wherein the second key is a key which is stored in the network equipment and corresponds to the terminal equipment and is used for identity check, and if the second encryption result is the same as the second authentication information, checking the second key to pass, and sending a connection message to the terminal equipment.

The method for encrypting the second key and the second random code by using the first encryption algorithm to obtain the second encryption result refers to the method corresponding to the steps in the foregoing embodiment, which is not described herein again.

Of course, after the terminal device cannot communicate with the connected first network device, connection may also be initiated to other network devices, for example, if the terminal device receives information broadcast by the second network device, the terminal device may identify the second network device and access the network according to the identification result, which may be specifically: if the terminal equipment acquires information broadcasted by the second network equipment under the condition that the terminal equipment cannot communicate with the first network equipment, the identity of the second network equipment is identified according to the information broadcasted by the second network equipment; if the second network device is identified as the network device in the white list device set, the terminal device sends a connection request to the second network device in a time slot for acquiring information broadcasted by the second network device, so as to indicate that the second network device is connected with the terminal device.

In a specific embodiment, when the terminal device is in the coverage area of the network device a during moving, and when the user initiates the reconnection operation, the terminal device can meet the real-time requirement by reconnecting the address corresponding to the network device a. The terminal equipment directly designates the gateway address to return to the network equipment, which is a mode that the return connection speed of the terminal equipment is the fastest. Since the LBE device moves out of coverage of the network device a and moves to coverage of another network device B, and since the terminal device is a low-power device and is usually in a low-power sleep mode, its sensing capability of moving its own position is poor, and it cannot be generally perceived that it has generated a position movement, when a user operates the terminal device to initiate reconnection, the terminal device defaults to initiate reconnection to the network device a, at this time, the reconnection cannot be successfully performed, and the general solution is that the user performs a corresponding gateway switching operation to switch the network device to be reconnected from the network device a to the network device B, so that the efficiency of reconnection of the terminal device is low, and convenience is also not high.

Therefore, the white list device set constructed by the method can be quickly connected back, and the specific method can be as follows: the terminal equipment scans the broadcast frames, if the broadcast frames transmitted by the network equipment in the white list equipment set exist in the broadcast frames, the broadcast frames are directly connected back according to the broadcast frames transmitted by the network equipment in the white list equipment set, so that the network equipment in the white list equipment set transmits the broadcast frames near the terminal equipment, the connection back efficiency of the terminal equipment is improved greatly, and the connection back time can be reduced by at least 2-10 seconds compared with the connection establishment mode through equipment discovery in the prior scheme. The specific reconnection mode can adopt a general white list reconnection method. Meanwhile, after the communication link is established between the terminal equipment and the network equipment, the terminal equipment can also transmit data signals requiring a certain bandwidth such as real voice, and therefore diversity of data transmission can be achieved.

It should be understood that, although the steps in the flowcharts of fig. 2-3 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or stages are performed necessarily occur in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

Fig. 4 is a schematic block diagram of an access authentication apparatus according to an embodiment of the present application, where the access authentication apparatus 400 includes: a transmitting unit 410, an acquiring unit 420, and a connecting unit 430, wherein,

a sending unit 410, configured to send a connection request carrying a first random code to a network device based on the broadcasted information if the information broadcasted by the network device is obtained;

an obtaining unit 420, configured to obtain first authentication information and a second random code that are generated in response to the connection request and sent by the network device; the first authentication information is generated based on a key determined by the device information of the terminal device and the first random code;

a connection unit 430, configured to verify the first authentication information based on the first key of the terminal device and the first random code; if the verification is passed, connecting with the network equipment based on the second random code and the second authentication information; the second authentication information is generated based on the first key and the second random code.

In one possible implementation manner, in the aspect of verifying the first authentication information based on the first key of the terminal device and the first random code, the connection unit 430 is configured to:

Encrypting the first key and the first random code by adopting a first encryption algorithm to obtain a first encryption result;

and if the first encryption result is the same as the first authentication information, checking to pass.

In one possible implementation manner, in the aspect of connecting with the network device based on the second random code and the second authentication information, the connection unit 430 is configured to:

transmitting a check message including second authentication information to the network device;

receiving a connection message sent by the network device after the second authentication information and the second random code pass verification;

and connecting with the network equipment according to the connection message.

In one possible implementation manner, in that if the terminal device acquires information broadcasted by the network device, the sending unit 410 is configured to, based on the broadcasted information, send a connection request carrying the first random code to the network device:

if no network device with a binding relation is established in the current network when the terminal device is connected to the network, a connection request carrying a first random code is sent to the network device based on the broadcasted information under the condition that the information actively broadcasted by the network device is obtained.

In one possible implementation manner, the network access authentication device is further configured to:

when the terminal equipment needs to access the network again under the condition that communication with the first network equipment is impossible, if the information broadcasted by the second network equipment is obtained, the identity of the second network equipment is identified according to the information broadcasted by the second network equipment;

if the second network device is identified as the network device in the white list device set, a connection request is sent to the second network device in a time slot for acquiring information broadcasted by the second network device, so as to indicate that the second network device is connected with the terminal device.

In one possible implementation manner, in the aspect of sending a connection request to the second network device in the time slot when the information broadcast by the second network device is acquired, the network access authentication apparatus is further configured to:

determining a sub-time slot for transmitting a connection request in a time slot for acquiring information broadcasted by the second network equipment, and determining connection request information; the sub-time slot is any one of idle time slots of the time slots for acquiring information broadcast by the second network equipment;

and transmitting a connection request to the second network device based on the connection request information in the sub-time slot.

and if the second network equipment is identified not to be the network equipment in the white list equipment set, sending a connection request carrying a first random code to the second network equipment according to the information broadcast by the second network equipment.

It should be understood that the network access authentication apparatus 400 according to the embodiments of the present application may correspond to a terminal device in the network access authentication method of the embodiments of the present application, and operations and/or functions of each module in the network access authentication apparatus 400 are respectively for implementing corresponding flows of each method in fig. 2 to 3, which are not described herein for brevity.

Fig. 5 an embodiment of the present application provides a schematic block diagram of an access authentication apparatus, where the access authentication apparatus 500 includes: a broadcasting unit 510, a transmitting unit 520, and a connecting unit 530, wherein,

a broadcasting unit 510 for broadcasting information for connecting the terminal device within a target range if in a broadcasting state;

a sending unit 520, configured to, if a connection request carrying a first random code sent by a terminal device is received, generate first authentication information and a second random code in response to the connection request, and send the first authentication information and the second random code to the terminal device; the first authentication information is generated based on a key determined by device information of the terminal device and the first random code;

A connection unit 530, configured to connect to the terminal device through the second authentication information and the second random code if a check message including the second authentication information generated after the terminal device passes the check of the first authentication information based on the first key and the first random code is received; the second authentication information is generated based on the first key and the second random code.

In a possible embodiment, in connection with the terminal device through the second authentication information and the second random code, the connection unit 530 is configured to:

encrypting a second key and the second random code by adopting a first encryption algorithm to obtain a second encryption result, wherein the second key is a key which is stored in the network equipment and corresponds to the terminal equipment and is used for identity verification;

and if the second encryption result is the same as the second authentication information, checking to pass, and connecting the terminal equipment by sending a connection message to the terminal equipment. .

It should be understood that the network access authentication apparatus 500 according to the embodiments of the present application may correspond to a network device in the network access authentication method of the embodiments of the present application, and operations and/or functions of each module in the network access authentication apparatus 500 are respectively for implementing corresponding flows of each method in fig. 2 to 3, which are not described herein for brevity.

The embodiment of the application also provides a network access authentication system, which comprises:

The present embodiment also provides a computer readable storage medium, on which a computer program is stored, where the program when executed by a processor may implement a procedure related to the network access authentication apparatus 500 in the network access authentication method provided in the foregoing method embodiment.

Fig. 6 provides a schematic hardware structure of a communication device according to an embodiment of the present application. The communication device includes a processor and may also include a receiver, a transmitter, and a memory. The receiver, transmitter, memory and processor are interconnected by a bus.

The memory includes, but is not limited to, random access memory (random access memory, RAM), read-only memory (ROM), erasable programmable read-only memory (erasable programmable read only memory, EPROM), or portable read-only memory (compact disc read-only memory, CD-ROM) for associated instructions and data.

The receiver is for receiving data and/or signals and the transmitter is for transmitting data and/or signals. The transmitter and receiver may be separate devices or may be a unitary device.

A processor may include one or more processors, including for example one or more central processing units (central processing unit, CPU), which in the case of a CPU may be a single core CPU or a multi-core CPU.

The memory is used to store program codes and data for the network device.

The processor is used to call the program code and data in the memory to perform the steps of the method embodiments described above. Reference may be made specifically to the description of the method embodiments, and no further description is given here.

It will be appreciated that fig. 6 shows only a simplified design of a communication device. In practical applications, the communications device may also include other necessary elements, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all communications devices that may implement the embodiments of the present invention are within the scope of the present invention.

It should be understood that the communication apparatus in fig. 6 may correspond to a network device or a terminal device in the network access authentication method in the embodiment of the present application, and operations and/or functions of each module in the communication apparatus are respectively for implementing corresponding flows of each method in fig. 2 to 3, which are not described herein for brevity.

It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, such as the division of the units, merely a logical function division, and there may be additional manners of dividing the actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, or may be in electrical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units described above may be implemented either in hardware or in software program modules.

The integrated units, if implemented in the form of software program modules, may be stored in a computer-readable memory for sale or use as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned memory includes: a U-disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Those of ordinary skill in the art will appreciate that all or a portion of the steps in the various methods of the above embodiments may be implemented by a program that instructs associated hardware, and the program may be stored in a computer readable memory, which may include: flash disk, read-only memory, random access memory, magnetic or optical disk, etc.

The foregoing has outlined rather broadly the more detailed description of embodiments of the present application, wherein specific examples are provided herein to illustrate the principles and embodiments of the present application, the above examples being provided solely to assist in the understanding of the methods of the present application and the core ideas thereof; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims

1. A method of network access authentication, the method comprising:

2. The network access authentication method according to claim 1, wherein the verifying the first authentication information based on the first key of the terminal device and the first random code includes:

3. The network access authentication method according to claim 1, wherein the connecting with the network device based on the second random code and second authentication information comprises:

And connecting with the network equipment according to the connection message.

4. A network access authentication method according to any one of claims 1 to 3, wherein if the terminal device acquires information broadcast by the network device, the terminal device sends a connection request carrying a first random code to the network device based on the broadcasted information, including:

5. The network access authentication method of claim 1, further comprising:

if the information broadcasted by the second network equipment is acquired under the condition that communication with the first network equipment is impossible, the identity of the second network equipment is identified according to the information broadcasted by the second network equipment;

6. The network access authentication method according to claim 5, wherein the sending a connection request to the second network device in a time slot in which information broadcast by the second network device is acquired, includes:

7. The network access authentication method of claim 5, further comprising:

8. A method of network access authentication, the method comprising:

9. The network access authentication method according to claim 8, wherein the connecting with the terminal device through the second authentication information and the second random code comprises:

and if the second encryption result is the same as the second authentication information, checking to pass, and connecting the terminal equipment by sending a connection message to the terminal equipment.

10. A network access authentication apparatus, characterized in that the network access authentication apparatus comprises:

11. A network access authentication apparatus, characterized in that the network access authentication apparatus comprises:

12. A network access authentication system, the system comprising:

13. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the network access authentication method according to claims 1 to 9.

14. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the network entry authentication method according to any of claims 1 to 9.