WO2014161277A1 - Method and system for connecting portable wlan hotspot - Google Patents

Method and system for connecting portable wlan hotspot Download PDF

Info

Publication number
WO2014161277A1
WO2014161277A1 PCT/CN2013/083574 CN2013083574W WO2014161277A1 WO 2014161277 A1 WO2014161277 A1 WO 2014161277A1 CN 2013083574 W CN2013083574 W CN 2013083574W WO 2014161277 A1 WO2014161277 A1 WO 2014161277A1
Authority
WO
WIPO (PCT)
Prior art keywords
wlan
hotspot
dsd
hsd
wlan device
Prior art date
Application number
PCT/CN2013/083574
Other languages
French (fr)
Chinese (zh)
Inventor
陈普查
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014161277A1 publication Critical patent/WO2014161277A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of wireless communications, and in particular, to a method and system for connecting a wireless local area network (WLAN) hotspot.
  • WLAN wireless local area network
  • the process of configuring a WLAN hotspot and establishing a connection is complicated.
  • the steps include: the user needs to first configure a service set identifier (Service Set Identifier, SSID), authentication and decryption mode, and set a password on the hotspot side.
  • SSID Service Set Identifier
  • the Wi-Fi Alliance defines a Wi-Fi Protected Setup (WPS) standard for connecting Wi-Fi hotspots and Wi-Fi devices, as well as Wi-Fi Direct.
  • WPS Wi-Fi Protected Setup
  • Wi-Fi Simple Configuration Technical Specification v2.0.2 defines three basic connection methods:
  • Push Button Configuration (PBC) mode adopts this mode.
  • the user can establish a Wi-Fi connection very conveniently. Specifically, the user only needs to press Wi. - The specific button on the Fi device and the Wi-Fi hotspot can complete the connection without going through a complicated configuration process.
  • this approach has the disadvantage that an undesired Wi-Fi device and/or Wi-Fi hotspot may inadvertently or maliciously establish Wi-Fi with the desired hotspot and/or device between two push operations. connection. In other words, the existence of the method itself cannot effectively prevent the defect of the undesired connection process, which brings certain security risks to the actual use of the user.
  • the Personal Identification Number (PIN) method is adopted.
  • the user only needs to input the PIN of the Wi-Fi hotspot on the Wi-Fi device to complete the connection.
  • the user can also enter the PIN of the Wi-Fi device on the Wi-Fi hotspot.
  • a requirement for the latter is that the Wi-Fi hotspot must have a display or control client for input operations.
  • the PIN method can better overcome the security flaws of the PBC mode, but the PIN needs to be remembered, and the password needs to be manually entered. At the same time, PINs generally have length requirements. This will undoubtedly increase the probability of error.
  • NFC Near Field Communication
  • Wi-Fi hotspot You only need to gently touch the Wi-Fi device and the Wi-Fi hotspot, or bring the Wi-Fi device and Wi-Fi hotspot closer to a certain distance. , you can complete the connection. However, this approach also poses a security risk that undesired Wi-Fi devices will also be connected to Wi-Fi hotspots because they are close enough.
  • the three methods are described in detail above. It should also be noted that the first two methods need to go through a complicated 802.1x authentication process to obtain the authenticator's certificate of trust (Credentials). During the actual test, it was found that when multiple Wi-Fi devices are connected to a Wi-Fi hotspot at the same time, the status of the Wi-Fi hotspot is often abnormal, which greatly affects the user experience.
  • the hotspot is the role of the authenticator; for the hotspot PIN, the device is the authenticator role.
  • a "probe-authentication-association" process is required to finally establish a Wi-Fi connection based on WPA or WPA-2.
  • the touch screen includes a touch detecting component and a touch screen controller, wherein: the touch detecting component is installed in front of the display screen for detecting a touch position of the user, and then sending the touch information to the touch screen controller; and the main function of the touch screen controller is from the touch point
  • the detecting device receives the touch information, converts it into contact coordinates, and sends it to the CPU, which can simultaneously receive and execute the command sent by the CPU.
  • many innovative technologies can be implemented to enhance the user experience, such as sliding unlocking, sliding multiple selection, sliding page turning, and the like. As a result, touch screens dominate the smartphone and tablet.
  • Embodiments of the present invention provide a method and system for connecting a portable WLAN hotspot.
  • a method for connecting a portable WLAN hotspot including: the WLAN hotspot receiving a WLAN hotspot initiated by a WLAN device according to Device Slide Data (DSD) After the access request, detecting a sliding operation performed in response to the WLAN hotspot access request; when detecting the sliding operation, the WLAN hotspot generates a hotspot sliding track data (Host Slide Data, referred to as HSD), and replies An access request response; the WLAN hotspot generates an asymmetric key pair by using the HSD, and obtains a DSD of the WLAN device by using the asymmetric key pair; the WLAN hotspot compares the obtained DSD with the HSD, if matched, Sending an authentication certificate to the WLAN device, and accessing the WLAN hotspot with the WLAN device.
  • DSD Device Slide Data
  • the asymmetric key pair includes a public key and a private key
  • the WLAN hotspot generates an asymmetric key pair by using the HSD
  • the step of obtaining the DSD of the WLAN device by using the asymmetric key pair includes:
  • the WLAN hotspot generates the public key and the private key by using the HSD, and sends the public key to the WLAN device;
  • the WLAN hotspot receives the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter;
  • the hotspot decrypts E1 using the private key to obtain the decrypted DSD and access parameters.
  • the WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device
  • the step of accessing the WLAN hotspot by the WLAN device includes: the WLAN hotspot compares the obtained DSD with the HSD, If the matching is performed, the access parameter is used to encrypt the authentication certificate to obtain the second ciphertext E2; the WLAN hotspot sends the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain Decrypt the authentication certificate and access the WLAN hotspot.
  • the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device.
  • a connection system for a portable WLAN hotspot including: a detecting unit, configured to: after receiving a WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, The sliding operation is performed in response to the WLAN hotspot access request; the response unit is configured to generate hotspot sliding track data HSD and reply to the access request response when the sliding operation is detected; and the track acquiring unit is configured to utilize the Said HSD generates an asymmetric key pair and uses the asymmetric key pair
  • the DSD to the WLAN device; the hotspot access unit is configured to compare the obtained DSD with the HSD, and if yes, send an authentication certificate to the WLAN device, and access the WLAN hotspot with the WLAN device.
  • the asymmetric key pair includes a public key and a private key
  • the trajectory obtaining unit includes: an asymmetric key generating module, configured to generate a public key and a private key by using the HSD, and the public key Sending to the WLAN device; the WLAN hotspot receiving module is configured to receive the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter; the WLAN hotspot decryption module is configured to decrypt the E1 by using the private key , get the decrypted DSD and access parameters.
  • the hotspot access unit includes: a WLAN hotspot core control module, configured to compare the obtained DSD with the HSD; and the WLAN hotspot encryption module is configured to use the access parameter to encrypt the authentication certificate when matching Obtaining a second ciphertext E2 ; the WLAN hotspot sending module is configured to send the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses Wi-Fi hotspot.
  • the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device.
  • the hotspot access unit is further configured to: when the DSD and the HSD do not match, generate a control frame for indicating termination of the WLAN hotspot access authentication, and send the control frame to the WLAN device.
  • the beneficial effects of the embodiments of the present invention are: based on the analysis of the prior art and the consideration of the user's needs, the touch hotspot sliding technology is used to connect the portable hotspot, so that the user can conveniently and safely Establish a wireless connection.
  • FIG. 2 is a schematic diagram of an operation interface of a portable WLAN hotspot according to an embodiment of the present invention
  • FIG. 4 is a system functional block diagram of a WLAN hotspot function and a WLAN device function according to an embodiment of the present invention
  • FIG. 5 is an SCP authentication protocol interaction diagram provided by an embodiment of the present invention
  • FIG. 6 is a flowchart of a WLAN device side according to an embodiment of the present invention
  • FIG. 7 is a flowchart of a portable WLAN hotspot side according to an embodiment of the present invention.
  • Embodiments of the present invention prevent the occurrence of an undesired connection process by touch screen sliding technology, asymmetric key technology, and encryption and decryption technology, thereby achieving connection security.
  • the embodiment of the present invention acquires the user's sliding track data (HSD) on a portable WLAN hotspot with a touch screen or a touch pad, and calculates an asymmetric key pair, that is, a public key and a private key (also referred to as an encryption key and a decryption key). ).
  • the public key can be broadcasted to encrypt the sliding track data on the device side.
  • the WLAN device to be connected acquires the user's sliding track data (DSD) and encrypts the "DSD, MAC address, random number sequence" with the public key obtained by the interception.
  • the ciphertext is then sent to the WLAN hotspot with the private key.
  • the WLAN hotspot decrypts the DSD with the private key and compares it with the HSD obtained by itself to determine whether it matches. After the match, the "MAC address, random number sequence" is used as a symmetric key to encrypt the trust certificate and send it to the WLAN device.
  • the WLAN device decrypts the trust certificate using its own "MAC address, random number sequence".
  • the WLAN device completes the establishment of the WLAN connection and can exchange data with the portable WLAN hotspot based on the trust certificate.
  • the "portable" WLAN hotspot here refers to a certain type of WLAN hotspot, that is, a scene when a touch screen mobile terminal is used as a WLAN hotspot, and does not include an ordinary SOHO (home office) wireless router.
  • SOHO home office
  • the main difference between the "portable" WLAN hotspot and the ordinary LAN hotspot is that the "portable” WLAN hotspot has a touch screen, such as an Android smart phone.
  • the hotspot is a function point of the mobile terminal, but not all functions; and the ordinary WLAN hotspot, for example TP-Link's various SOHO wireless routers generally do not have a touch screen, and are mainly used for routing functions.
  • the embodiments of the present invention are described in detail below with reference to FIGS. 1 through 7.
  • 1 is a flowchart of a method for connecting a portable WLAN hotspot according to an embodiment of the present invention. As shown in FIG. 1, the steps include: Step 101: After receiving the WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, the WLAN hotspot detects the sliding operation performed by the user in response to the WLAN access request.
  • FIG. 2 is a schematic diagram of an operation interface of a portable WLAN hotspot according to an embodiment of the present invention.
  • a connection mode for acquiring sliding track data is started through a connection option, such as "Slide".
  • the user can perform a certain sliding operation on the screen area where the sliding track is acquired, and can also be acquired by a similar application such as a handwriting panel of the input method.
  • Step 102 When detecting that the user performs a sliding operation, the WLAN hotspot generates hotspot sliding track data HSD and returns an access request response.
  • 3 is a schematic diagram of an operation interface of a WLAN device requesting connection to a portable WLAN hotspot according to an embodiment of the present invention.
  • the WLAN hotspot operation interface of FIG. 2 is basically the same, and the difference is that the WLAN device requesting the connection can select the search.
  • a hotspot in the list is connected.
  • the asymmetric key pair includes a public key and a private key, and the step 103 includes: using a WLAN hotspot to use the
  • the HSD generates a public key and a private key, and sends the public key to the WLAN device.
  • the WLAN device encrypts the DSD and the access parameter by using the public key to obtain a first ciphertext E1; the WLAN hotspot decrypts the E1 by using the private key. , get the decrypted DSD and access parameters.
  • the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device.
  • Step 104 The WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot.
  • the step 104 includes: the WLAN hotspot compares the obtained DSD with the HSD, and if yes, uses the access parameter to encrypt the authentication certificate, obtains the second ciphertext E2, and sends the second ciphertext E2 to the WLAN device;
  • the access parameter decrypts E2 obtains the decrypted authentication certificate, and accesses the WLAN hotspot with the WLAN device. Further, if the DSD does not match the HSD, the WLAN hotspot generates a control frame for indicating termination of the WLAN hotspot access authentication, and sends the control frame to the WLAN device.
  • Embodiments of the present invention are required to be applied to a portable WLAN hotspot and a WLAN device having a touch screen or a touch panel, which enables a user to establish a wireless local area network connection more conveniently and securely. If the WLAN hotspot and the WLAN device have a storage function, the HSD and DSD that successfully establish the WLAN connection can be cached. When the connection needs to be established next time, both the HSD and the DSD active can immediately establish a WLAN connection without re-sliding.
  • the embodiment of the invention further provides a connection system for a portable WLAN hotspot, comprising: a detecting unit, configured to be initiated when receiving the WLAN device according to the device sliding trajectory data DSD
  • the response unit is configured to generate the hotspot sliding track data HSD when the user performs the sliding operation, and reply the access request response.
  • the trajectory obtaining unit is configured to generate an asymmetric key pair by using the HSD, and obtain the DSD of the WLAN device by using the asymmetric key pair.
  • the asymmetric key pair includes a public key and a private key
  • the trajectory acquiring unit includes an asymmetric key generating module, a WLAN hotspot receiving module, and a WLAN hotspot decrypting module.
  • the asymmetric key generation module generates a public key and a private key by using the HSD, and sends the public key to the WLAN device; the WLAN hotspot receiving module receives the WLAN device to encrypt the DSD and the access parameter by using the received public key. Obtaining a first ciphertext E1; the WLAN hotspot decryption module decrypts the received E1 by using the private key to obtain a decrypted DSD and an access parameter.
  • the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device.
  • the hotspot access unit is configured to compare the obtained DSD with the HSD, and if yes, send an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot; otherwise, generate a control frame for indicating termination of the WLAN hotspot access authentication. And sent to the WLAN device.
  • the hotspot access unit includes a WLAN hotspot core control module, a WLAN hotspot encryption module, and a WLAN hotspot sending module.
  • the WLAN hotspot core control module compares the obtained DSD with the HSD. If the WLAN hotspot encryption module matches the access parameter, the ciphertext encryption module obtains the second ciphertext E2 and the WLAN hotspot sending module.
  • the second ciphertext E2 is sent to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses the WLAN hotspot.
  • the embodiment of the present invention relates to an interaction between two entities, that is, a WLAN hotspot and a WLAN device.
  • the basic functional modules or components of the WLAN hotspot include: a WLAN hotspot human-computer interaction module, and an asymmetric key.
  • a generating module a WLAN hotspot decryption module, a WLAN hotspot encryption module, a WLAN hotspot core control module, a WLAN hotspot receiving module, and a WLAN hotspot sending module
  • the basic functional modules or components of the WLAN device include: a WLAN device human-computer interaction module, and a WLAN device Decryption module, WLAN device encryption module, WLAN device core control module, WLAN device receiving module, WLAN device sending module.
  • the WLAN hotspot human-computer interaction module is a touch screen or a human-machine interaction hardware device capable of acquiring Hot Slide Sliding Track Data (HSD).
  • the option of providing the user with a connection mode on the operation interface should at least include a startup option for acquiring the sliding track data, such as the "Slide" option shown in FIG. 2.
  • the WLAN hotspot can initiate the virtual sub-interface or special control of the HSD.
  • the asymmetric key generation module generates an asymmetric key pair, that is, a public key and a private key (or an encryption key and a decryption key) according to the HSD acquired from the human-machine interaction module.
  • the WLAN hotspot decryption module decrypts the ciphertext El requesting to connect to the WLAN device by using a private key to obtain
  • the WLAN hotspot encryption module encrypts the MAC address and the random number sequence R of the WLAN device obtained by decrypting the E1 as a symmetric key, and encrypts the Credentials issued to the WLAN device to obtain the ciphertext E2.
  • the main function of the WLAN hotspot core control module is to control the processing of other modules, coordinate the cooperative operation before each module, and complete data caching, comparison, and the like.
  • One of the important functions is to compare the DSD of the WLAN device obtained by decrypting E1 with the HSD obtained on the hot spot. If it matches, the authentication process is continued. Otherwise, an error is returned and the authentication process is terminated.
  • the WLAN device human-computer interaction module is the same human-computer interaction device as the WLAN hotspot, that is, the touch screen or the human-machine interaction hardware device capable of acquiring the DSD, and also provides the user with the option of the connection mode on the operation interface. The difference is that this connection option is valid only after you have selected a WLAN hotspot to be connected.
  • the WLAN device encryption module encrypts the DSD, the device MAC address, and the random number sequence R by using the public key of the WLAN hotspot that the WLAN device is ready to connect to obtain the ciphertext El.
  • the WLAN device decryption module uses its own MAC address and random number sequence R as symmetric keys, and decrypts the ciphertext E2 to obtain a trusted certificate (Credentials) of the hotspot to be connected.
  • the main function of the WLAN device core control module is to control the processing of other modules, coordinate the cooperative operation before each module, and complete the buffering and comparison of data.
  • the module is also arranged to generate a sequence of random numbers R, which together with its own MAC are used as a symmetric key.
  • the embodiments of the present invention provide basic functional modules or components of two entities of a WLAN device and a WLAN hotspot, and these modules can also be included in one physical entity.
  • FIG. 4 is a functional block diagram of a system having a WLAN hotspot function and a WLAN device function according to an embodiment of the present invention.
  • the device includes a human-machine interaction module, an asymmetric key generation module, an encryption module, a decryption module, and a sending module.
  • Receive modules which have the functions of all the functional modules and components described above, except that when they are used as a specific role (WLAN hotspot or WLAN device), different functional modules need to be enabled.
  • FIG. 5 is a flowchart of interaction performed by using a Slide Configuration Protocol (SCP) according to an embodiment of the present invention. As shown in FIG.
  • SCP Slide Configuration Protocol
  • Step A Requesting a WLAN connected WLAN device (ie, requesting a device) ) Get the user's sliding track data DSD.
  • Step B The WLAN device requests authentication by the Open System authentication method, and the WLAN hotspot performs authentication and confirms. Specifically, the WLAN device sends an authentication request frame authentication request with an authentication mode of 'Open System' to the WLAN hotspot. After receiving the authentication request frame, the WLAN hotspot determines whether to receive the authentication request frame, and after receiving, to the WLAN. The device sends an authentication response frame (Authentication Response), indicating that the WLAN terminal accepts the authentication.
  • Step C The WLAN device Dev initiates an association request, that is, sends an association request frame to the WLAN hotspot.
  • the WLAN hotspot After receiving the association request frame, the WLAN hotspot detects the sliding operation of the user. When detecting that the user operates the WLAN hotspot, the hotspot sliding track data HSD is generated, and the Slide mode is also selected, and the WLAN is indicated in the associated response frame. Hotspots also use the Slide method. That is, the WLAN hotspot access request initiated by the WLAN device according to the DSD includes an authentication request frame Authentication Request and an association request frame Association Request sent by the WLAN device to the WLAN hotspot. The WLAN hotspot replying to the WLAN device's hotspot access request response includes an association response frame sent by the WLAN hotspot to the WLAN device.
  • Step F After receiving the association response frame, the WLAN device sends an SCP-Start frame of the sliding configuration protocol SCP to the WLAN hotspot to start the sliding authentication process.
  • Step G After receiving the SCP-Start, the WLAN hotspot uses an asymmetric key generation algorithm (such as RSA, Elgamal, etc.) to calculate the HSD on the WLAN hotspot to generate an asymmetric key pair, that is, a public key and a private key (or It is called encryption key and decryption key).
  • Step H The WLAN hotspot sends an SCP-Request frame carrying the public key to the WLAN device.
  • Step I The WLAN device encrypts the DSD, the MAC address, and the random number sequence R with the public key to obtain the ciphertext E1.
  • Step J The WLAN device sends an SCP-Response frame carrying E1 to the WLAN hotspot.
  • Step K The WLAN hotspot decrypts El with the private key, and obtains the DSD, MAC address, and random number sequence R of the WLAN device. Then, it is judged whether the HSD and the DSD match. If the match is made, the MAC and R of the WLAN device are used as the symmetric key to encrypt the trust certificate C to generate the ciphertext E2. Otherwise, the WLAN device is considered to be illegal, and the authentication process is terminated.
  • Step L The WLAN hotspot sends an SCP-Request carrying E2 to the WLAN device.
  • Step M The WLAN device decrypts its own MAC address and the stored random number sequence R as a key.
  • Step N The WLAN device sends the SCP-Response frame to the WLAN hotspot and carries the authentication success identifier, such as Done. The entire processing flow based on the sliding configuration protocol ends normally.
  • Step 0 After the WLAN device obtains the trust certificate C, it can perform secure data exchange with the hotspot, that is, the two parties use the authentication certificate to encrypt and decrypt the data frame.
  • FIG. 6 is a flowchart of a WLAN device side according to an embodiment of the present invention. As shown in FIG. 6, the steps include: Step A: A user selects a Slide connection mode.
  • Step B The WLAN device waits for the user's sliding track data DSD, such as track 2 in Figure 3 (sliding from left to right). If the DSD is successfully obtained, go to step C. Otherwise, go to step 0.
  • Step C The WLAN device sends an authentication request frame with the authentication mode 'Open System' to the WLAN hotspot.
  • Step D The WLAN device waits for an authentication response frame Authentication Response from the WLAN hotspot. If yes, execute step E. Otherwise, go to step 0.
  • This request-response protocol interaction process is shown in step B of FIG.
  • Step E The WLAN device initiates an association request frame Association Request to the WLAN hotspot, and carries the connection mode, that is, the Slide mode, in the association request frame.
  • Step F The WLAN device waits for the association response frame Association Response 0 from the WLAN hotspot. If it is received, step G is performed. Otherwise, step 0 is performed.
  • Step G The WLAN device sends an SCP-Start frame of the sliding configuration protocol to the WLAN hotspot to start the sliding authentication process.
  • Step H The WLAN device waits for the SCP-Request frame carrying the public key. If yes, go to step I. Otherwise, go to step 0.
  • Step I The WLAN device generates a random number sequence R.
  • Step J The WLAN device encrypts the DSD, the MAC address, and the random number sequence R by using the public key from the WLAN to obtain the ciphertext E1.
  • Step K The WLAN device sends an SCP-Response frame carrying the ciphertext E1 to the WLAN hotspot.
  • Step L The WLAN device waits for the SCP-Request frame carrying the ciphertext E2 from the WLAN hotspot. If yes, go to step M. Otherwise, go to step 0.
  • Step M The WLAN device decrypts the ciphertext E2 by using its own MAC address and the stored random number sequence R as a symmetric key to obtain a trust certificate C of the WLAN hotspot.
  • Step N The WLAN device performs data exchange on the successfully established WLAN link based on the trust certificate C, and after the data exchange is completed, the steps are performed! 5 .
  • Step 0 The WLAN device displays a failure message on the interface to prompt the user.
  • Step P End this session.
  • FIG. 7 is a flowchart of a portable WLAN hotspot side according to an embodiment of the present invention. As shown in FIG.
  • Step A The user activates the WLAN hotspot Hotspot, or activates the Hotspot function of the smart device, so that the smart device acts as a WL AN hotspot.
  • Step B The WLAN hotspot receives an authentication request frame Authentication Request from the WLAN device.
  • Step C The WLAN hotspot determines whether to receive the authentication request frame. If yes, perform step D; otherwise, perform the step.
  • Step D The WLAN hotspot sends an authentication response frame Authentication Response to the WLAN device, indicating that the WLAN terminal accepts the authentication. This request-response protocol interaction process is shown in step B of FIG.
  • Step E The WLAN hotspot receives an association request frame Association Request from the WLAN device, and the association request frame carries a connection mode, that is, a Slide mode.
  • Step F The WLAN hotspot waits for the user's sliding track data HSD. If it is valid, such as the "2" track shown in Figure 2 (sliding from left to right), step G is performed; otherwise, the steps are performed.
  • Step G The WLAN hotspot sends an association response frame Association Request to the WLAN device, and the association request frame carries a connection mode, that is, a Slide mode.
  • Step H The WLAN hotspot receives the SCP-Start frame of the WLAN device and starts the SCP-based authentication process.
  • Step I The WLAN hotspot uses an asymmetric key generation algorithm (such as RSA, Elgamal, etc.) to calculate the HSD, and generates an asymmetric key pair, that is, a public key and a private key (or an encryption key and a decryption key).
  • Step J The WLAN hotspot sends an SCP-Request frame carrying the public key to the WLAN device.
  • Step K The WLAN hotspot waits for the SCP-Request frame carrying the ciphertext E1 from the WLAN device. If yes, go to step L; otherwise, go to step 1.
  • Step L The WLAN hotspot uses the private key to decrypt the ciphertext E1, and obtains the DSD, the MAC address, and the random number sequence R of the WLAN device.
  • Step M The WLAN hotspot determines whether the DSD matches its own HSD. If yes, perform step N. Otherwise, perform the step.
  • Step N The WLAN hotspot uses the MAC address of the WLAN device and the random number sequence R as symmetric keys, encrypts its own trust certificate C, and obtains ciphertext E2.
  • Step O The WLAN hotspot sends an SCP-Request frame carrying E2 to the WLAN device.
  • Step P The WLAN hotspot waits for the SCP-Response frame of the WLAN device indicating that the authentication is completed. If yes, go to step Q. Otherwise, go to step 1. Step WLAN hotspot and WLAN device exchange data frames, and then step S is performed.
  • Step R The WLAN hotspot prompts the user to fail, displays related error information, and sends a control frame carrying the error information to the WLAN device.
  • Step S End the session.
  • the embodiment of the present invention can complete the connection authentication of the WLAN with less interaction process, and can effectively prevent unintentional or malicious entry of the illegal or undesired device, and at the same time, based on trust.
  • the certificate can encrypt the data frames of the WLAN hotspot and the WLAN device, thus providing a more secure and convenient communication method.

Abstract

Disclosed are a method and system for connecting a portable wireless local area network (WLAN) hotspot. The method comprises: after receiving a WLAN hotspot access request initiated by a WLAN device according to device sliding track data (DSD), a WLAN hotspot detects a sliding operation which is conducted by a user in response to the WLAN hotspot access request; when it is detected that the user conducts the sliding operation, the WLAN hotspot generates hotspot sliding track data (HSD) and replies with an access request response; the WLAN hotspot uses the HSD to generate an asymmetric key pair and uses the asymmetric key pair to obtain the DSD of the WLAN device; and the WLAN hotspot compares the obtained DSD with the HSD, and, if the two match, sends an authentication certificate to the WLAN device so that the WLAN device can access the WLAN hotspot. The present invention can enable a user to more conveniently and safely establish a wireless local area network connection.

Description

便携式 WLAN热点的连接方法及系统  Portable WLAN hotspot connection method and system
技术领域 本发明涉及无线通讯领域, 特别涉及一种便携式无线局域网 (Wireless Local Area Networks, 简称为 WLAN)热点的连接方法及系统。 背景技术 传统的配置 WLAN热点和建立连接的过程比较复杂, 步骤包括:用户首先需要在 热点侧配置服务集标识(Service Set Identifier, 简称为 SSID)、 认证和解密方式、 设置 密码等, 之后还需要在设备侧记住并输入密码, 最后, 才能建立起无线局域网。 为避免上述复杂的流程, Wi-Fi联盟定义了一个 Wi-Fi保护设置 (Wi-Fi Protected Setup, 简称为 WPS) 标准, 用于连接 Wi-Fi热点和 Wi-Fi设备, 以及 Wi-Fi Direct中 的对等设备, 其最新标准《Wi-Fi Simple Configuration Technical Specificationv2.0.2》中 定义了三种基本的连接方式: The present invention relates to the field of wireless communications, and in particular, to a method and system for connecting a wireless local area network (WLAN) hotspot. The process of configuring a WLAN hotspot and establishing a connection is complicated. The steps include: the user needs to first configure a service set identifier (Service Set Identifier, SSID), authentication and decryption mode, and set a password on the hotspot side. Remember and enter the password on the device side, and finally, the wireless LAN can be established. To avoid these complex processes, the Wi-Fi Alliance defines a Wi-Fi Protected Setup (WPS) standard for connecting Wi-Fi hotspots and Wi-Fi devices, as well as Wi-Fi Direct. Among the peer-to-peer devices, the latest standard "Wi-Fi Simple Configuration Technical Specification v2.0.2" defines three basic connection methods:
1、 按钮配置 (Push Button Configuration, 简称为 PBC) 方式 采用该方式, 在连接 Wi-Fi连接中, 能够使用户能够非常便捷地建立起 Wi-Fi连 接, 具体地说, 用户只需要按动 Wi-Fi设备和 Wi-Fi热点上的特定按钮, 就可以完成 连接, 不需要经过复杂的配置过程。 但是, 这个方式存在一个缺点, 即一个不期望的 Wi-Fi设备和 /或 Wi-Fi热点可能 在两个按动操作之间, 无意或者恶意地与期望的热点和 /或设备建立 Wi-Fi连接。 换句 话说, 该方式自身存在无法有效防止不期望连接过程的缺陷, 这就给用户实际使用带 来一定的安全隐患。 1. Push Button Configuration (PBC) mode adopts this mode. In the connection of Wi-Fi connection, the user can establish a Wi-Fi connection very conveniently. Specifically, the user only needs to press Wi. - The specific button on the Fi device and the Wi-Fi hotspot can complete the connection without going through a complicated configuration process. However, this approach has the disadvantage that an undesired Wi-Fi device and/or Wi-Fi hotspot may inadvertently or maliciously establish Wi-Fi with the desired hotspot and/or device between two push operations. connection. In other words, the existence of the method itself cannot effectively prevent the defect of the undesired connection process, which brings certain security risks to the actual use of the user.
2、 个人识别码 (Personal Identification Number, 简称为 PIN) 方式 采用该方式, 用户只需要在 Wi-Fi设备上输入 Wi-Fi热点的 PIN, 即可完成连接。 同时, 用户也可以在 Wi-Fi热点上输入 Wi-Fi设备的 PIN。不过, 后者的一个必需条件 是 Wi-Fi热点必须具备进行输入操作的显示屏或者控制客户端。 PIN方式能够较好地克服 PBC方式的安全缺陷, 但需要记住 PIN, 而且密码需要 手动输入。 同时, PIN—般都有长度要求。 这样一来, 无疑就增加了出错的概率。 3、 近场通信 (Near Field Communication, 简称为 NFC) 方式 采用该方式,只需要轻轻将 Wi-Fi设备和 Wi-Fi热点碰一下,或者让 Wi-Fi设备和 Wi-Fi热点靠近一定距离, 即可完成连接。 但是, 这种方式也存在安全隐患, 即不期望的 Wi-Fi设备也会因为足够接近而连 接上 Wi-Fi热点。 上面对三种方式进行了具体说明, 还需要注意到前两种方式都需要经过一个复杂 的 802.1x认证过程, 以获取认证者的信任证书( Credentials )。在实际测试过程中发现, 当多个 Wi-Fi设备,几乎同时连接一个 Wi-Fi热点时,经常会导致 Wi-Fi热点的状态异 常, 极大地影响用户体验。 对于 PBC方式和设备 PIN, 热点就是认证者的角色; 而对于热点 PIN, 设备则是 认证者角色。 在获取到 Credentials之后, 还需要重新进行一次"探测-认证-关联"过程, 才能最终建立基于 WPA或 WPA-2的 Wi-Fi连接。 2. The Personal Identification Number (PIN) method is adopted. The user only needs to input the PIN of the Wi-Fi hotspot on the Wi-Fi device to complete the connection. At the same time, the user can also enter the PIN of the Wi-Fi device on the Wi-Fi hotspot. However, a requirement for the latter is that the Wi-Fi hotspot must have a display or control client for input operations. The PIN method can better overcome the security flaws of the PBC mode, but the PIN needs to be remembered, and the password needs to be manually entered. At the same time, PINs generally have length requirements. This will undoubtedly increase the probability of error. 3. Near Field Communication (NFC) adopts this method. You only need to gently touch the Wi-Fi device and the Wi-Fi hotspot, or bring the Wi-Fi device and Wi-Fi hotspot closer to a certain distance. , you can complete the connection. However, this approach also poses a security risk that undesired Wi-Fi devices will also be connected to Wi-Fi hotspots because they are close enough. The three methods are described in detail above. It should also be noted that the first two methods need to go through a complicated 802.1x authentication process to obtain the authenticator's certificate of trust (Credentials). During the actual test, it was found that when multiple Wi-Fi devices are connected to a Wi-Fi hotspot at the same time, the status of the Wi-Fi hotspot is often abnormal, which greatly affects the user experience. For the PBC mode and device PIN, the hotspot is the role of the authenticator; for the hotspot PIN, the device is the authenticator role. After obtaining Credentials, a "probe-authentication-association" process is required to finally establish a Wi-Fi connection based on WPA or WPA-2.
2012年第三季度迎来了一个非常重要的里程碑, 即 Strategy Analytics公司进行的 一项研究估算, 自智能手机 1996年问世以来, 全球智能手机用户总数已经突破了 10 亿大关。 而在 2011年第三季度时, 这个数字只有 7亿。 同时, Strategy Analytics的研 究者相信,这个数字最迟将于 2015年突破 20亿大关。另据市场研究公司 ABI Research 的一份报告显示, 到 2016年全球 97%的智能手机用户将会采用触摸屏手机。 同时, 加 上苹果 Ipad和众多厂商平板电脑的热销, 使触摸屏的普及率大幅提升。 触摸屏作为电 子输入设备之一, 是目前最简单、 方便、 自然的人机交互方式。 触摸屏包括触摸检测 部件和触摸屏控制器, 其中: 所述触摸检测部件安装在显示器屏幕前面, 用于检测用 户触摸位置, 然后将触摸信息送触摸屏控制器; 而触摸屏控制器的主要作用是从触摸 点检测装置上接收触摸信息, 并将它转换成触点坐标, 再送给 CPU, 它同时能接收 CPU发来的命令并加以执行。 而且, 基于触摸屏大的这些特性, 可以实现很多创新技 术, 以提升用户体验, 比如滑动解锁、 滑动多选、 滑动翻页等。 这样一来, 触摸屏在 智能手机和平板电脑中就占据了绝对统治地位。 此外,加上消费者对于信息共享需求的增加, 以及对共享信息私密性要求的增加, 就对无线连接方式提出了更高的要求, 主要有两个方面的要求, 即连接的便捷性和连 接的安全性。 发明内容 本发明实施例提供了一种便携式 WLAN热点的连接方法及系统。 根据本发明实施例的一个方面,提供了一种便携式 WLAN热点的连接方法,包括: 所述 WLAN热点在收到 WLAN设备根据设备滑动轨迹数据(Device Slide Data, 简称 为 DSD)而发起的 WLAN热点接入请求后, 对响应所述 WLAN热点接入请求而进行 的滑动操作进行检测; 所述 WLAN热点在检测到滑动操作时, 生成热点滑动轨迹数据 (Host Slide Data, 简称为 HSD), 并回复接入请求响应; 所述 WLAN热点利用所述 HSD生成非对称密钥对, 并利用所述非对称密钥对得到 WLAN设备的 DSD; WLAN 热点将所得到的 DSD与 HSD进行比较, 若匹配则向 WLAN设备发送认证证书, 以 WLAN设备接入所述 WLAN热点。 优选地, 所述非对称密钥对包括公钥和私钥, 所述 WLAN热点利用所述 HSD生 成非对称密钥对, 并利用所述非对称密钥对得到 WLAN 设备的 DSD 的步骤包括: WLAN热点利用所述 HSD生成公钥和私钥,并将所述公钥发送给 WLAN设备; WLAN 热点接收 WLAN 设备利用所述公钥加密 DSD 及接入参数而得到的第一密文 E1 ; WLAN热点利用所述私钥对 E1解密, 得到解密的 DSD和接入参数。 优选地,所述 WLAN热点将所得到的 DSD与 HSD进行比较,若匹配则向 WLAN 设备发送认证证书, 以 WLAN设备接入 WLAN热点的步骤包括: WLAN热点将所得 到的 DSD与 HSD进行比较, 若匹配则利用所述接入参数, 加密认证证书, 得到第二 密文 E2; WLAN热点将所述第二密文 E2发送至 WLAN设备, 以 WLAN设备利用所 述接入参数对 E2解密, 得到解密的认证证书, 并接入 WLAN热点。 优选地,所述接入参数包括 WLAN设备的 MAC地址、 WLAN设备生成的随机数 序列。 优选地, 若 DSD与 HSD不匹配, 则 WLAN热点生成用于指示终止 WLAN热点 接入认证的控制帧, 并发送至 WLAN设备。 根据本发明实施例的另一方面,提供了一种便携式 WLAN热点的连接系统,包括: 检测单元,设置为在收到 WLAN设备根据设备滑动轨迹数据 DSD而发起的 WLAN热 点接入请求后,对响应所述 WLAN热点接入请求而进行的滑动操作进行检测; 响应单 元,设置为在检测到滑动操作时, 生成热点滑动轨迹数据 HSD,并回复接入请求响应; 轨迹获取单元, 设置为利用所述 HSD生成非对称密钥对, 并利用所述非对称密钥对得 到 WLAN设备的 DSD; 热点接入单元, 设置为将所得到的 DSD与 HSD进行比较, 若匹配则向 WLAN设备发送认证证书, 以 WLAN设备接入所述 WLAN热点。 优选地, 所述非对称密钥对包括公钥和私钥, 所述轨迹获取单元包括: 非对称密 钥产生模块, 设置为利用所述 HSD生成公钥和私钥, 并将所述公钥发送给 WLAN设 备; WLAN热点接收模块, 设置为接收 WLAN设备利用所述公钥加密 DSD及接入参 数而得到的第一密文 El ; WLAN热点解密模块, 设置为利用所述私钥对 E1解密, 得 到解密的 DSD和接入参数。 优选地, 所述热点接入单元包括: WLAN热点核心控制模块, 设置为将所得到的 DSD与 HSD进行比较; WLAN热点加密模块, 设置为在匹配时, 利用所述接入参数, 加密认证证书, 得到第二密文 E2; WLAN热点发送模块, 设置为将所述第二密文 E2 发送至 WLAN设备, 以 WLAN设备利用所述接入参数对 E2解密, 得到解密的认证 证书, 并接入 WLAN热点。 优选地,所述接入参数包括 WLAN设备的 MAC地址、 WLAN设备生成的随机数 序列。 优选地, 所述热点接入单元还设置为在 DSD与 HSD不匹配时, 生成用于指示终 止 WLAN热点接入认证的控制帧, 并发送至 WLAN设备。 与现有技术相比较, 本发明实施例的有益效果在于: 本发明实施例基于对现有技术的分析和对用户需求的考虑, 通过采用触摸屏滑动 技术连接便携式热点, 从而使用户便捷而安全地建立起无线连接。 附图说明 图 1是本发明实施例提供的便携式 WLAN热点的连接方法流程图; 图 2是本发明实施例提供的便携式 WLAN热点的操作界面示意图; 图 3是本发明实施例提供的请求连接便携式 WLAN热点的 WLAN设备的操作界 面示意图; 图 4是本发明实施例提供的具有 WLAN热点功能和 WLAN设备功能的系统功能 框图; 图 5是本发明实施例提供的 SCP认证协议交互图: 图 6是本发明实施例提供的 WLAN设备侧的流程图; 图 7是本发明实施例提供的便携式 WLAN热点侧的流程图。 具体实施方式 以下结合附图对本发明的优选实施例进行详细说明, 应当理解, 以下所说明的优 选实施例仅用于说明和解释本发明, 并不用于限定本发明。 本发明实施例通过触摸屏滑动技术、 非对称密钥技术和加解密技术, 阻止不期望 连接过程的发生, 从而实现连接的安全性。 同时, 通过简化交互流程, 实现连接的便 捷性, 减少相关技术中存在的由于多个设备竞争而造成热点状态异常的问题。 本发明实施例在具有触摸屏或触摸板的便携式 WLAN 热点上获取用户的滑动轨 迹数据(HSD), 计算得到非对称密钥对, 即公钥和私钥(或者称为加密密钥和解密密 钥)。其中,公钥可以被广播出去,用于加密设备侧的滑动轨迹数据。准备连接的 WLAN 设备获取用户的滑动轨迹数据 (DSD), 并利用监听得到的公钥对" DSD、 MAC地址、 随机数序列"进行加密。 之后, 将密文发送给具有私钥的 WLAN热点。 WLAN热点用 私钥解密得到 DSD, 并与自身获取到的 HSD进行比较, 以判断是否匹配。 匹配后, 再将" MAC地址、 随机数序列"作为对称密钥对信任证书进行加密, 发送给 WLAN设 备。 WLAN设备收到密文后, 使用自身的" MAC地址、 随机数序列"解密得到信任证 书。 最后, 该 WLAN设备就完成了 WLAN连接的建立, 并且可以基于信任证书, 与 便携式 WLAN热点进行数据交换。 需要说明的是, 这里的 "便携式" WLAN热点是指某一类 WLAN热点, 即有触屏 的移动终端作为 WLAN热点使用时的场景, 不包括普通的 SOHO (家居办公)无线路 由器。 该"便携式 "WLAN热点与普通的 LAN热点的主要区别为"便携式 "WLAN热点 具有触屏, 例如 Android智能手机, 热点是移动终端的一个功能点, 但不是所有功能 所在; 而普通 WLAN热点, 例如 TP-Link的各个 SOHO无线路由器, 一般没有触屏, 而且主要是用于路由功能。 以下结合图 1至图 7对本发明实施例详细说明。 图 1是本发明实施例提供的便携式 WLAN热点的连接方法流程图, 如图 1所示, 步骤包括: 步骤 101、 WLAN热点在收到 WLAN设备根据设备滑动轨迹数据 DSD而发起的 WLAN热点接入请求后, 对用户为响应所述 WLAN接入请求而进行的滑动操作进行 检测。 图 2是本发明实施例提供的便携式 WLAN热点的操作界面示意图, 如图 2所示, 当用户准备连接一个或多个设备时,通过连接选项启动获取滑动轨迹数据的连接方式, 比如" Slide"选项。 然后, 用户可以在获取滑动轨迹的屏幕区域进行一定的滑动操作, 这里也可以采用输入法的手写面板等类似应用获取。 步骤 102、 WLAN 热点在检测到用户进行滑动操作时, 生成热点滑动轨迹数据 HSD, 并回复接入请求响应。 图 3是本发明实施例提供的请求连接便携式 WLAN热点的 WLAN设备的操作界 面示意图, 如图 3所示, 与图 2的 WLAN热点操作界面基本相同, 差别在于请求连接 的 WLAN设备能够选择其搜索列表中的一个热点进行连接。 步骤 103、 WLAN热点利用所述 HSD生成非对称密钥对,并利用所述非对称密钥 对得到 WLAN设备的 DSD。 所述非对称密钥对包括公钥和私钥, 所述步骤 103 包括: WLAN 热点利用所述A very important milestone was reached in the third quarter of 2012. A study conducted by Strategy Analytics estimated that since the launch of smartphones in 1996, the total number of smartphone users worldwide has exceeded 1 billion. In the third quarter of 2011, this figure was only 700 million. At the same time, researchers at Strategy Analytics believe that this number will exceed the 2 billion mark by 2015 at the latest. According to a report by market research firm ABI Research, by 2016, 97% of smartphone users worldwide will use touch-screen phones. At the same time, coupled with the hot sale of Apple Ipad and many manufacturers' tablet PCs, the popularity of touch screens has increased dramatically. As one of the electronic input devices, the touch screen is the simplest, most convenient and natural human-computer interaction method. The touch screen includes a touch detecting component and a touch screen controller, wherein: the touch detecting component is installed in front of the display screen for detecting a touch position of the user, and then sending the touch information to the touch screen controller; and the main function of the touch screen controller is from the touch point The detecting device receives the touch information, converts it into contact coordinates, and sends it to the CPU, which can simultaneously receive and execute the command sent by the CPU. Moreover, based on these features of the touch screen, many innovative technologies can be implemented to enhance the user experience, such as sliding unlocking, sliding multiple selection, sliding page turning, and the like. As a result, touch screens dominate the smartphone and tablet. In addition, coupled with the increase in consumer demand for information sharing and the increased demand for shared information privacy, higher requirements are placed on the wireless connection method. There are two main requirements, namely, the convenience and connection of the connection. Security. SUMMARY OF THE INVENTION Embodiments of the present invention provide a method and system for connecting a portable WLAN hotspot. According to an aspect of the present invention, a method for connecting a portable WLAN hotspot is provided, including: the WLAN hotspot receiving a WLAN hotspot initiated by a WLAN device according to Device Slide Data (DSD) After the access request, detecting a sliding operation performed in response to the WLAN hotspot access request; when detecting the sliding operation, the WLAN hotspot generates a hotspot sliding track data (Host Slide Data, referred to as HSD), and replies An access request response; the WLAN hotspot generates an asymmetric key pair by using the HSD, and obtains a DSD of the WLAN device by using the asymmetric key pair; the WLAN hotspot compares the obtained DSD with the HSD, if matched, Sending an authentication certificate to the WLAN device, and accessing the WLAN hotspot with the WLAN device. Preferably, the asymmetric key pair includes a public key and a private key, and the WLAN hotspot generates an asymmetric key pair by using the HSD, and the step of obtaining the DSD of the WLAN device by using the asymmetric key pair includes: The WLAN hotspot generates the public key and the private key by using the HSD, and sends the public key to the WLAN device; the WLAN hotspot receives the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter; The hotspot decrypts E1 using the private key to obtain the decrypted DSD and access parameters. Preferably, the WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device, and the step of accessing the WLAN hotspot by the WLAN device includes: the WLAN hotspot compares the obtained DSD with the HSD, If the matching is performed, the access parameter is used to encrypt the authentication certificate to obtain the second ciphertext E2; the WLAN hotspot sends the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain Decrypt the authentication certificate and access the WLAN hotspot. Preferably, the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device. Preferably, if the DSD does not match the HSD, the WLAN hotspot generates a control frame for indicating termination of the WLAN hotspot access authentication, and sends the control frame to the WLAN device. According to another aspect of the present invention, a connection system for a portable WLAN hotspot is provided, including: a detecting unit, configured to: after receiving a WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, The sliding operation is performed in response to the WLAN hotspot access request; the response unit is configured to generate hotspot sliding track data HSD and reply to the access request response when the sliding operation is detected; and the track acquiring unit is configured to utilize the Said HSD generates an asymmetric key pair and uses the asymmetric key pair The DSD to the WLAN device; the hotspot access unit is configured to compare the obtained DSD with the HSD, and if yes, send an authentication certificate to the WLAN device, and access the WLAN hotspot with the WLAN device. Preferably, the asymmetric key pair includes a public key and a private key, and the trajectory obtaining unit includes: an asymmetric key generating module, configured to generate a public key and a private key by using the HSD, and the public key Sending to the WLAN device; the WLAN hotspot receiving module is configured to receive the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter; the WLAN hotspot decryption module is configured to decrypt the E1 by using the private key , get the decrypted DSD and access parameters. Preferably, the hotspot access unit includes: a WLAN hotspot core control module, configured to compare the obtained DSD with the HSD; and the WLAN hotspot encryption module is configured to use the access parameter to encrypt the authentication certificate when matching Obtaining a second ciphertext E2 ; the WLAN hotspot sending module is configured to send the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses Wi-Fi hotspot. Preferably, the access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device. Preferably, the hotspot access unit is further configured to: when the DSD and the HSD do not match, generate a control frame for indicating termination of the WLAN hotspot access authentication, and send the control frame to the WLAN device. Compared with the prior art, the beneficial effects of the embodiments of the present invention are: based on the analysis of the prior art and the consideration of the user's needs, the touch hotspot sliding technology is used to connect the portable hotspot, so that the user can conveniently and safely Establish a wireless connection. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart of a connection method of a portable WLAN hotspot according to an embodiment of the present invention; FIG. 2 is a schematic diagram of an operation interface of a portable WLAN hotspot according to an embodiment of the present invention; FIG. 4 is a system functional block diagram of a WLAN hotspot function and a WLAN device function according to an embodiment of the present invention; FIG. 5 is an SCP authentication protocol interaction diagram provided by an embodiment of the present invention: FIG. 6 is a flowchart of a WLAN device side according to an embodiment of the present invention; FIG. 7 is a flowchart of a portable WLAN hotspot side according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings. Embodiments of the present invention prevent the occurrence of an undesired connection process by touch screen sliding technology, asymmetric key technology, and encryption and decryption technology, thereby achieving connection security. At the same time, by simplifying the interaction process, the connection convenience is achieved, and the problem of hotspot state abnormality caused by competition of multiple devices in the related technology is reduced. The embodiment of the present invention acquires the user's sliding track data (HSD) on a portable WLAN hotspot with a touch screen or a touch pad, and calculates an asymmetric key pair, that is, a public key and a private key (also referred to as an encryption key and a decryption key). ). The public key can be broadcasted to encrypt the sliding track data on the device side. The WLAN device to be connected acquires the user's sliding track data (DSD) and encrypts the "DSD, MAC address, random number sequence" with the public key obtained by the interception. The ciphertext is then sent to the WLAN hotspot with the private key. The WLAN hotspot decrypts the DSD with the private key and compares it with the HSD obtained by itself to determine whether it matches. After the match, the "MAC address, random number sequence" is used as a symmetric key to encrypt the trust certificate and send it to the WLAN device. After receiving the ciphertext, the WLAN device decrypts the trust certificate using its own "MAC address, random number sequence". Finally, the WLAN device completes the establishment of the WLAN connection and can exchange data with the portable WLAN hotspot based on the trust certificate. It should be noted that the "portable" WLAN hotspot here refers to a certain type of WLAN hotspot, that is, a scene when a touch screen mobile terminal is used as a WLAN hotspot, and does not include an ordinary SOHO (home office) wireless router. The main difference between the "portable" WLAN hotspot and the ordinary LAN hotspot is that the "portable" WLAN hotspot has a touch screen, such as an Android smart phone. The hotspot is a function point of the mobile terminal, but not all functions; and the ordinary WLAN hotspot, for example TP-Link's various SOHO wireless routers generally do not have a touch screen, and are mainly used for routing functions. The embodiments of the present invention are described in detail below with reference to FIGS. 1 through 7. 1 is a flowchart of a method for connecting a portable WLAN hotspot according to an embodiment of the present invention. As shown in FIG. 1, the steps include: Step 101: After receiving the WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, the WLAN hotspot detects the sliding operation performed by the user in response to the WLAN access request. 2 is a schematic diagram of an operation interface of a portable WLAN hotspot according to an embodiment of the present invention. As shown in FIG. 2, when a user prepares to connect one or more devices, a connection mode for acquiring sliding track data is started through a connection option, such as "Slide". Option. Then, the user can perform a certain sliding operation on the screen area where the sliding track is acquired, and can also be acquired by a similar application such as a handwriting panel of the input method. Step 102: When detecting that the user performs a sliding operation, the WLAN hotspot generates hotspot sliding track data HSD and returns an access request response. 3 is a schematic diagram of an operation interface of a WLAN device requesting connection to a portable WLAN hotspot according to an embodiment of the present invention. As shown in FIG. 3, the WLAN hotspot operation interface of FIG. 2 is basically the same, and the difference is that the WLAN device requesting the connection can select the search. A hotspot in the list is connected. Step 103: The WLAN hotspot generates an asymmetric key pair by using the HSD, and obtains a DSD of the WLAN device by using the asymmetric key pair. The asymmetric key pair includes a public key and a private key, and the step 103 includes: using a WLAN hotspot to use the
HSD生成公钥和私钥, 并将所述公钥发送给 WLAN设备; WLAN设备利用所述公钥 加密 DSD及接入参数, 得到第一密文 El ; WLAN热点利用所述私钥对 E1解密, 得 到解密的 DSD和接入参数。 所述接入参数包括 WLAN设备的 MAC地址、 WLAN设备生成的随机数序列。 步骤 104、 WLAN热点将所得到的 DSD与 HSD进行比较,若匹配则向 WLAN设 备发送认证证书, 以 WLAN设备接入 WLAN热点。 所述步骤 104包括: WLAN热点将所得到的 DSD与 HSD进行比较, 若匹配则利 用所述接入参数, 加密认证证书, 得到第二密文 E2, 并发送至 WLAN设备; WLAN 设备利用所述接入参数对 E2解密, 得到解密的认证证书, 以 WLAN设备接入 WLAN 热点。 进一步地, 若 DSD与 HSD不匹配, 则 WLAN热点生成用于指示终止 WLAN 热点接入认证的控制帧, 并发送至 WLAN设备。 本发明实施例需要应用于具有触摸屏或触摸板的便携式 WLAN热点和 WLAN设 备, 能够使用户更加便捷和安全地的建立起无线局域网连接。 如果 WLAN热点和 WLAN设备具有存储功能,就可以把本次成功建立 WLAN连 接的 HSD和 DSD进行缓存。 当下次需要建立连接时, HSD和 DSD有效的双方就可 以立即建立 WLAN连接, 而不需要重新进行滑动操作。 本发明实施例还提供了一种便携式 WLAN热点的连接系统, 包括: 检测单元, 设置为在收到 WLAN 设备根据设备滑动轨迹数据 DSD 而发起的The HSD generates a public key and a private key, and sends the public key to the WLAN device. The WLAN device encrypts the DSD and the access parameter by using the public key to obtain a first ciphertext E1; the WLAN hotspot decrypts the E1 by using the private key. , get the decrypted DSD and access parameters. The access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device. Step 104: The WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot. The step 104 includes: the WLAN hotspot compares the obtained DSD with the HSD, and if yes, uses the access parameter to encrypt the authentication certificate, obtains the second ciphertext E2, and sends the second ciphertext E2 to the WLAN device; The access parameter decrypts E2, obtains the decrypted authentication certificate, and accesses the WLAN hotspot with the WLAN device. Further, if the DSD does not match the HSD, the WLAN hotspot generates a control frame for indicating termination of the WLAN hotspot access authentication, and sends the control frame to the WLAN device. Embodiments of the present invention are required to be applied to a portable WLAN hotspot and a WLAN device having a touch screen or a touch panel, which enables a user to establish a wireless local area network connection more conveniently and securely. If the WLAN hotspot and the WLAN device have a storage function, the HSD and DSD that successfully establish the WLAN connection can be cached. When the connection needs to be established next time, both the HSD and the DSD active can immediately establish a WLAN connection without re-sliding. The embodiment of the invention further provides a connection system for a portable WLAN hotspot, comprising: a detecting unit, configured to be initiated when receiving the WLAN device according to the device sliding trajectory data DSD
WLAN热点接入请求后, 对用户为响应所述 WLAN热点接入请求而进行的滑动操作 进行检测。 响应单元, 设置为在检测到用户进行滑动操作时, 生成热点滑动轨迹数据 HSD, 并回复接入请求响应。 轨迹获取单元, 设置为利用所述 HSD生成非对称密钥对,并利用所述非对称密钥 对得到 WLAN设备的 DSD。 所述非对称密钥对包括公钥和私钥, 所述轨迹获取单元 包括非对称密钥产生模块、 WLAN热点接收模块和 WLAN热点解密模块。 所述非对 称密钥产生模块利用所述 HSD生成公钥和私钥, 并将所述公钥发送给 WLAN设备; WLAN热点接收模块接收 WLAN设备利用收到的公钥加密 DSD及接入参数而得到的 第一密文 E1; 所述 WLAN热点解密模块利用所述私钥对收到的 E1解密,得到解密的 DSD和接入参数。 所述接入参数包括 WLAN设备的 MAC地址、 WLAN设备生成的 随机数序列。 热点接入单元, 设置为将所得到的 DSD与 HSD进行比较,若匹配则向 WLAN设 备发送认证证书, 以 WLAN设备接入 WLAN热点, 否则, 生成用于指示终止 WLAN 热点接入认证的控制帧, 并发送至 WLAN设备。 所述热点接入单元包括 WLAN热点 核心控制模块、 WLAN热点加密模块和 WLAN热点发送模块。 所述 WLAN热点核心 控制模块将所得到的 DSD与 HSD进行比较,若匹配,则所述 WLAN热点加密模块利 用所述接入参数, 加密认证证书, 得到第二密文 E2, WLAN热点发送模块, 将所述 第二密文 E2发送至 WLAN设备, 以 WLAN设备利用所述接入参数对 E2解密, 得到 解密的认证证书, 并接入 WLAN热点。 本发明实施例涉及了两个实体间的交互, 即 WLAN热点和 WLAN设备, 从这两 个实体出发, 所述 WLAN热点的基本功能模块或者组件包括: WLAN热点人机交互 模块、 非对称密钥产生模块、 WLAN热点解密模块、 WLAN热点加密模块、 WLAN 热点核心控制模块、 WLAN热点接收模块、 WLAN热点发送模块, 所述 WLAN设备 的基本功能模块或者组件包括: WLAN 设备人机交互模块、 WLAN 设备解密模块、 WLAN设备加密模块、 WLAN设备核心控制模块、 WLAN设备接收模块、 WLAN设 备发送模块。 其中- 所述 WLAN 热点人机交互模块是触摸屏或者能够获取热点滑动轨迹数据 (Host Slide Data, 简称为 HSD) 的人机交互硬件设备。 具体地, 在操作界面上为用户提供连 接方式的选项,至少应该包括获取滑动轨迹数据的启动选项,例如附图 2所示的 "Slide" 选项。 当用户选择该选项后, WLAN热点能够启动获取 HSD的虚拟子界面或者特殊 的控件。 所述非对称密钥产生模块根据从所述人机交互模块获取到的 HSD, 产生非对称密 钥对, 即公钥和私钥 (或称为加密密钥和解密密钥)。 所述 WLAN热点解密模块, 使用私钥解密请求连接 WLAN设备的密文 El, 得到After the WLAN hotspot access request, the sliding operation performed by the user in response to the WLAN hotspot access request is detected. The response unit is configured to generate the hotspot sliding track data HSD when the user performs the sliding operation, and reply the access request response. The trajectory obtaining unit is configured to generate an asymmetric key pair by using the HSD, and obtain the DSD of the WLAN device by using the asymmetric key pair. The asymmetric key pair includes a public key and a private key, and the trajectory acquiring unit includes an asymmetric key generating module, a WLAN hotspot receiving module, and a WLAN hotspot decrypting module. The asymmetric key generation module generates a public key and a private key by using the HSD, and sends the public key to the WLAN device; the WLAN hotspot receiving module receives the WLAN device to encrypt the DSD and the access parameter by using the received public key. Obtaining a first ciphertext E1; the WLAN hotspot decryption module decrypts the received E1 by using the private key to obtain a decrypted DSD and an access parameter. The access parameter includes a MAC address of the WLAN device and a random number sequence generated by the WLAN device. The hotspot access unit is configured to compare the obtained DSD with the HSD, and if yes, send an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot; otherwise, generate a control frame for indicating termination of the WLAN hotspot access authentication. And sent to the WLAN device. The hotspot access unit includes a WLAN hotspot core control module, a WLAN hotspot encryption module, and a WLAN hotspot sending module. The WLAN hotspot core control module compares the obtained DSD with the HSD. If the WLAN hotspot encryption module matches the access parameter, the ciphertext encryption module obtains the second ciphertext E2 and the WLAN hotspot sending module. The second ciphertext E2 is sent to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses the WLAN hotspot. The embodiment of the present invention relates to an interaction between two entities, that is, a WLAN hotspot and a WLAN device. Starting from the two entities, the basic functional modules or components of the WLAN hotspot include: a WLAN hotspot human-computer interaction module, and an asymmetric key. a generating module, a WLAN hotspot decryption module, a WLAN hotspot encryption module, a WLAN hotspot core control module, a WLAN hotspot receiving module, and a WLAN hotspot sending module, wherein the basic functional modules or components of the WLAN device include: a WLAN device human-computer interaction module, and a WLAN device Decryption module, WLAN device encryption module, WLAN device core control module, WLAN device receiving module, WLAN device sending module. The WLAN hotspot human-computer interaction module is a touch screen or a human-machine interaction hardware device capable of acquiring Hot Slide Sliding Track Data (HSD). Specifically, the option of providing the user with a connection mode on the operation interface should at least include a startup option for acquiring the sliding track data, such as the "Slide" option shown in FIG. 2. When the user selects this option, the WLAN hotspot can initiate the virtual sub-interface or special control of the HSD. The asymmetric key generation module generates an asymmetric key pair, that is, a public key and a private key (or an encryption key and a decryption key) according to the HSD acquired from the human-machine interaction module. The WLAN hotspot decryption module decrypts the ciphertext El requesting to connect to the WLAN device by using a private key to obtain
WLAN设备上的设备滑动轨迹数据 (Device Slide Data, 简称为 DSD)、 设备 MAC地 址和随机数序列 。 所述 WLAN热点加密模块将解密 E1得到的 WLAN设备的 MAC地址和随机数序 列 R作为对称密钥, 对颁发给该 WLAN设备的信任证书 (Credentials)进行加密, 得 到密文 E2。 所述 WLAN热点核心控制模块的主要作用是控制其他模块的处理,协调各个模块 之前的协作运行, 完成数据的缓存、 比较等。 其中一个重要功能就是将解密 E1 得到 的 WLAN设备的 DSD与本热点上获取的 HSD进行比较, 若匹配, 则继续认证过程, 否则, 返回错误, 并终止该认证过程。 WLAN设备人机交互模块是与 WLAN热点具有完全相同的人机交互设备, 即是 触摸屏或者能够获取 DSD的人机交互硬件设备,其在操作界面上还为用户提供连接方 式的选项。 差异之处在于, 这个连接选项是在选择了某个准备连接的 WLAN热点后, 才会有效。 Device Slide Data (DSD), device MAC address, and random number sequence on the WLAN device. The WLAN hotspot encryption module encrypts the MAC address and the random number sequence R of the WLAN device obtained by decrypting the E1 as a symmetric key, and encrypts the Credentials issued to the WLAN device to obtain the ciphertext E2. The main function of the WLAN hotspot core control module is to control the processing of other modules, coordinate the cooperative operation before each module, and complete data caching, comparison, and the like. One of the important functions is to compare the DSD of the WLAN device obtained by decrypting E1 with the HSD obtained on the hot spot. If it matches, the authentication process is continued. Otherwise, an error is returned and the authentication process is terminated. The WLAN device human-computer interaction module is the same human-computer interaction device as the WLAN hotspot, that is, the touch screen or the human-machine interaction hardware device capable of acquiring the DSD, and also provides the user with the option of the connection mode on the operation interface. The difference is that this connection option is valid only after you have selected a WLAN hotspot to be connected.
WLAN设备加密模块使用 WLAN设备准备连接的 WLAN热点的公钥, 对 DSD、 设备 MAC地址和随机数序列 R进行加密, 得到密文 El。 The WLAN device encryption module encrypts the DSD, the device MAC address, and the random number sequence R by using the public key of the WLAN hotspot that the WLAN device is ready to connect to obtain the ciphertext El.
WLAN设备解密模块将自身的 MAC地址和随机数序列 R作为对称密钥, 解密密 文 E2得到准备连接的热点的信任证书 ( Credentials )。 WLAN设备核心控制模块的主要作用也是控制其他模块的处理, 协调各个模块之 前的协作运行, 完成数据的缓存、 比较等。 除此之外, 该模块还设置为产生随机数序 列 R, 该随机数序列 R和自身的 MAC共同作为一个对称密钥。 本发明实施例给出了 WLAN设备和 WLAN热点两个实体的基本功能模块或者组 件, 这些模块也能够包含在一个物理实体中。 图 4是本发明实施例提供的具有 WLAN 热点功能和 WLAN设备功能的系统功能框图, 如图 4所示, 包括人机交互模块、 非对 称密钥产生模块、 加密模块、 解密模块、 发送模块、 接收模块, 这些模块具备上述的 所有功能模块和组件的功能,区别在于,其作为某个特定角色时 (WLAN热点或 WLAN 设备), 需要使能不同的功能模块。 图 5是本发明实施例提供的利用滑动配置协议(Slide Configuration Protocol,简称 为 SCP) 进行交互的流程图, 如图 5所示, 步骤包括: 步骤 A: 请求 WLAN连接的 WLAN设备 (即请求设备) 获取用户的滑动轨迹数 据 DSD。 步骤 B: WLAN设备以 Open System的认证方式请求认证, WLAN热点进行认证 并进行确认。 具体地说, WLAN设备向 WLAN热点发送认证方式为' Open System"的认证请求 帧 Authentication Request。 WLAN热点在收到所述认证请求帧后, 判断是否接收认证 请求帧, 并在接收后, 向 WLAN设备发送认证响应帧 Authentication Response, 指示 WLAN终端接受认证。 步骤 C: WLAN 设备 Dev 发起关联请求, 即向 WLAN 热点发送关联请求帧The WLAN device decryption module uses its own MAC address and random number sequence R as symmetric keys, and decrypts the ciphertext E2 to obtain a trusted certificate (Credentials) of the hotspot to be connected. The main function of the WLAN device core control module is to control the processing of other modules, coordinate the cooperative operation before each module, and complete the buffering and comparison of data. In addition to this, the module is also arranged to generate a sequence of random numbers R, which together with its own MAC are used as a symmetric key. The embodiments of the present invention provide basic functional modules or components of two entities of a WLAN device and a WLAN hotspot, and these modules can also be included in one physical entity. 4 is a functional block diagram of a system having a WLAN hotspot function and a WLAN device function according to an embodiment of the present invention. As shown in FIG. 4, the device includes a human-machine interaction module, an asymmetric key generation module, an encryption module, a decryption module, and a sending module. Receive modules, which have the functions of all the functional modules and components described above, except that when they are used as a specific role (WLAN hotspot or WLAN device), different functional modules need to be enabled. FIG. 5 is a flowchart of interaction performed by using a Slide Configuration Protocol (SCP) according to an embodiment of the present invention. As shown in FIG. 5, the steps include: Step A: Requesting a WLAN connected WLAN device (ie, requesting a device) ) Get the user's sliding track data DSD. Step B: The WLAN device requests authentication by the Open System authentication method, and the WLAN hotspot performs authentication and confirms. Specifically, the WLAN device sends an authentication request frame authentication request with an authentication mode of 'Open System' to the WLAN hotspot. After receiving the authentication request frame, the WLAN hotspot determines whether to receive the authentication request frame, and after receiving, to the WLAN. The device sends an authentication response frame (Authentication Response), indicating that the WLAN terminal accepts the authentication. Step C: The WLAN device Dev initiates an association request, that is, sends an association request frame to the WLAN hotspot.
Association Request, 并在所述关联请求帧中携带连接方式, 即 Slide方式。 步骤 D: WLAN热点收到所述关联请求帧后, 检测用户的滑动操作, 当检测到用 户操作 WLAN热点时, 生成热点滑动轨迹数据 HSD, 并同样选择 Slide方式, 同时在 关联响应帧中指示 WLAN热点也采用了 Slide方式。 也就是说, WLAN设备根据 DSD而发起的 WLAN热点接入请求包括 WLAN设 备向 WLAN热点发送的认证请求帧 Authentication Request和关联请求帧 Association Request。 WLAN热点回复 WLAN设备的热点接入请求响应包括 WLAN热点发送给 WLAN设备的关联响应帧。 步骤 F: WLAN设备收到所述关联响应帧后, 向 WLAN热点发送滑动配置协议 SCP的 SCP-Start帧, 启动滑动认证过程。 步骤 G: WLAN热点收到 SCP-Start后, 采用非对称密钥生成算法 (例如 RSA、 Elgamal等)对 WLAN热点上的 HSD进行计算,产生非对称密钥对,即公钥和私钥(或 称为加密密钥和解密密钥)。 步骤 H: WLAN热点发送携带公钥的 SCP-Request帧到 WLAN设备。 步骤 I: WLAN设备用公钥对 DSD、 MAC地址和随机数序列 R进行加密, 得到 密文 El。 步骤 J: WLAN设备发送携带 E1的 SCP-Response帧到 WLAN热点。 步骤 K: WLAN热点用私钥解密 El, 得到 WLAN设备的 DSD、 MAC地址和随 机数序列 R。然后,判断 HSD和 DSD是否匹配,如果匹配, 则以 WLAN设备的 MAC 和 R作为对称密钥, 对信任证书 C进行加密, 产生密文 E2, 否则, 认为 WLAN设备 非法, 终止认证过程。 步骤 L: WLAN热点发送携带 E2的 SCP-Request到 WLAN设备。 步骤 M: WLAN设备将自身的 MAC地址和保存的随机数序列 R作为密钥, 解密Association Request, and carries the connection mode in the association request frame, that is, the Slide mode. Step D: After receiving the association request frame, the WLAN hotspot detects the sliding operation of the user. When detecting that the user operates the WLAN hotspot, the hotspot sliding track data HSD is generated, and the Slide mode is also selected, and the WLAN is indicated in the associated response frame. Hotspots also use the Slide method. That is, the WLAN hotspot access request initiated by the WLAN device according to the DSD includes an authentication request frame Authentication Request and an association request frame Association Request sent by the WLAN device to the WLAN hotspot. The WLAN hotspot replying to the WLAN device's hotspot access request response includes an association response frame sent by the WLAN hotspot to the WLAN device. Step F: After receiving the association response frame, the WLAN device sends an SCP-Start frame of the sliding configuration protocol SCP to the WLAN hotspot to start the sliding authentication process. Step G: After receiving the SCP-Start, the WLAN hotspot uses an asymmetric key generation algorithm (such as RSA, Elgamal, etc.) to calculate the HSD on the WLAN hotspot to generate an asymmetric key pair, that is, a public key and a private key (or It is called encryption key and decryption key). Step H: The WLAN hotspot sends an SCP-Request frame carrying the public key to the WLAN device. Step I: The WLAN device encrypts the DSD, the MAC address, and the random number sequence R with the public key to obtain the ciphertext E1. Step J: The WLAN device sends an SCP-Response frame carrying E1 to the WLAN hotspot. Step K: The WLAN hotspot decrypts El with the private key, and obtains the DSD, MAC address, and random number sequence R of the WLAN device. Then, it is judged whether the HSD and the DSD match. If the match is made, the MAC and R of the WLAN device are used as the symmetric key to encrypt the trust certificate C to generate the ciphertext E2. Otherwise, the WLAN device is considered to be illegal, and the authentication process is terminated. Step L: The WLAN hotspot sends an SCP-Request carrying E2 to the WLAN device. Step M: The WLAN device decrypts its own MAC address and the stored random number sequence R as a key.
E2, 得到 WLAN热点的信任证书 C。 步骤 N: WLAN设备发送 SCP-Response帧到 WLAN热点, 携带认证成功标识, 例如 Done, 至此基于滑动配置协议的整个处理流程正常结束。 步骤 0: WLAN设备得到信任证书 C后, 即可和热点进行安全的数据交换, 即双 方利用认证证书对数据帧进行加解密操作。 图 6是本发明实施例提供的 WLAN设备侧的流程图, 如图 6所示, 步骤包括: 步骤 A: 用户选择 Slide连接方式。 步骤 B: WLAN设备等待用户的滑动轨迹数据 DSD, 例如图 3中的 2号轨迹(从 左至右滑动)。 如果成功获取 DSD, 则执行步骤 C, 否则, 执行步骤 0。 步骤 C: WLAN设备向 WLAN热点发送认证方式为' Open System"的认证请求帧E2, get the trust certificate C of the WLAN hotspot. Step N: The WLAN device sends the SCP-Response frame to the WLAN hotspot and carries the authentication success identifier, such as Done. The entire processing flow based on the sliding configuration protocol ends normally. Step 0: After the WLAN device obtains the trust certificate C, it can perform secure data exchange with the hotspot, that is, the two parties use the authentication certificate to encrypt and decrypt the data frame. FIG. 6 is a flowchart of a WLAN device side according to an embodiment of the present invention. As shown in FIG. 6, the steps include: Step A: A user selects a Slide connection mode. Step B: The WLAN device waits for the user's sliding track data DSD, such as track 2 in Figure 3 (sliding from left to right). If the DSD is successfully obtained, go to step C. Otherwise, go to step 0. Step C: The WLAN device sends an authentication request frame with the authentication mode 'Open System' to the WLAN hotspot.
Authentication Request。 步骤 D: WLAN设备等待来自 WLAN热点的认证响应帧 Authentication Response, 如果收到, 则执行步骤 E, 否则, 执行步骤 0。 这个请求-响应协议交互过程如图 5的步骤 B所示。 步骤 E: WLAN设备向 WLAN热点发起关联请求帧 Association Request, 并在所 述关联请求帧中携带连接方式, 即 Slide方式。 步骤 F: WLAN设备等待来自 WLAN热点的关联响应帧 Association Response 0 如果收到, 则执行步骤 G, 否则, 执行步骤 0。 步骤 G: WLAN设备向 WLAN热点发送滑动配置协议的 SCP-Start帧, 启动滑动 认证过程。 步骤 H: WLAN设备等待携带公钥的 SCP-Request帧, 如果收到, 则执行步骤 I, 否则, 执行步骤 0。 步骤 I: WLAN设备生成一个随机数序列 R。 步骤 J: WLAN设备利用来自 WLAN的公钥, 对 DSD、 MAC地址和随机数序列 R进行加密, 得到密文 El。 步骤 K: WLAN设备向 WLAN热点发送携带密文 E1的 SCP-Response帧。 步骤 L: WLAN设备等待来自 WLAN热点的携带密文 E2的 SCP-Request帧, 如 果收到, 则执行步骤 M, 否则, 执行步骤 0。 步骤 M: WLAN设备将自身的 MAC地址和保存的随机数序列 R作为对称密钥, 解密密文 E2, 得到 WLAN热点的信任证书 C。 步骤 N: WLAN设备基于所述信任证书 C, 在成功建立的 WLAN链路上进行数 据交换, 并在数据交换全部完成后, 执行步骤!5。 步骤 0: WLAN设备在界面上显示失败信息, 以提示用户。 步骤 P: 结束这个会话。 图 7是本发明实施例提供的便携式 WLAN热点侧的流程图, 如图 7所示,步骤包 括: 步骤 A: 用户启动 WLAN热点 Hotspot, 或者启动智能设备的 Hotspot功能, 使智 能设备作为 WL AN热点。 步骤 B: WLAN热点收到来自 WLAN设备的认证请求帧 Authentication Request。 步骤 C: WLAN热点判断是否接收认证请求帧, 如果接收, 则执行步骤 D; 否则, 执行步骤 。 步骤 D: WLAN热点向 WLAN设备发送认证响应帧 Authentication Response, 指 示 WLAN终端接受认证。 这个请求-响应协议交互过程如图 5的步骤 B所示。 步骤 E: WLAN热点收到来自 WLAN设备的关联请求帧 Association Request, 所 述关联请求帧中携带连接方式, 即 Slide方式。 步骤 F: WLAN热点等待用户的滑动轨迹数据 HSD, 如果有效, 例如图 2所示的 "2"号轨迹 (从左至右滑动), 则执行步骤 G; 否则, 执行步骤 。 步骤 G: WLAN热点向 WLAN设备发送关联响应帧 Association Request, 而且所 述关联请求帧中携带连接方式, 即 Slide方式。 步骤 H: WLAN热点收到 WLAN设备的 SCP-Start帧,启动基于 SCP的认证过程。 步骤 I: WLAN热点采用非对称密钥生成算法 (例如 RSA、 Elgamal等) 对 HSD 进行计算, 产生非对称密钥对, 即公钥和私钥 (或称为加密密钥和解密密钥)。 步骤 J: WLAN热点向 WLAN设备发送携带公钥的 SCP-Request帧。 步骤 K: WLAN热点等待来自 WLAN设备的携带密文 E1的 SCP-Request帧, 若 收到, 则执行步骤 L; 否则, 执行步骤1 。 步骤 L: WLAN热点利用私钥对密文 E1进行解密,得到 WLAN设备的 DSD、 MAC 地址、 随机数序列 R。 步骤 M: WLAN热点判断 DSD是否与自身的 HSD相匹配, 若匹配, 则执行步骤 N, 否则, 执行步骤 。 步骤 N: WLAN热点将 WLAN设备的 MAC地址和随机数序列 R作为对称密钥, 加密自身的信任证书 C, 得到密文 E2。 步骤 O: WLAN热点向 WLAN设备发送携带 E2的 SCP-Request帧。 步骤 P: WLAN热点等待 WLAN设备的表示认证结束的 SCP-Response帧, 若收 到, 则执行步骤 Q, 否则, 执行步骤1 。 步骤 WLAN热点和 WLAN设备进行数据帧的交换, 然后执行步骤 S。 步骤 R: WLAN热点提示用户失败, 显示相关的错误信息, 并将携带错误信息的 控制帧发送到 WLAN设备。 步骤 S: 结束会话。 综上所述, 本发明实施例具有以下技术效果: 本发明实施例能够以较少的交互流程完成 WLAN的连接认证,并且能够有效防止 非法或不期望设备的无意或恶意进入, 同时, 基于信任证书, 可以对 WLAN热点和 WLAN设备的数据帧进行加密, 从而提供了更加安全便捷的通讯方式。 尽管上文对本发明进行了详细说明, 但是本发明不限于此, 本技术领域技术人员 可以根据本发明的原理进行各种修改。 因此, 凡按照本发明原理所作的修改, 都应当 理解为落入本发明的保护范围。 Authentication Request. Step D: The WLAN device waits for an authentication response frame Authentication Response from the WLAN hotspot. If yes, execute step E. Otherwise, go to step 0. This request-response protocol interaction process is shown in step B of FIG. Step E: The WLAN device initiates an association request frame Association Request to the WLAN hotspot, and carries the connection mode, that is, the Slide mode, in the association request frame. Step F: The WLAN device waits for the association response frame Association Response 0 from the WLAN hotspot. If it is received, step G is performed. Otherwise, step 0 is performed. Step G: The WLAN device sends an SCP-Start frame of the sliding configuration protocol to the WLAN hotspot to start the sliding authentication process. Step H: The WLAN device waits for the SCP-Request frame carrying the public key. If yes, go to step I. Otherwise, go to step 0. Step I: The WLAN device generates a random number sequence R. Step J: The WLAN device encrypts the DSD, the MAC address, and the random number sequence R by using the public key from the WLAN to obtain the ciphertext E1. Step K: The WLAN device sends an SCP-Response frame carrying the ciphertext E1 to the WLAN hotspot. Step L: The WLAN device waits for the SCP-Request frame carrying the ciphertext E2 from the WLAN hotspot. If yes, go to step M. Otherwise, go to step 0. Step M: The WLAN device decrypts the ciphertext E2 by using its own MAC address and the stored random number sequence R as a symmetric key to obtain a trust certificate C of the WLAN hotspot. Step N: The WLAN device performs data exchange on the successfully established WLAN link based on the trust certificate C, and after the data exchange is completed, the steps are performed! 5 . Step 0: The WLAN device displays a failure message on the interface to prompt the user. Step P: End this session. FIG. 7 is a flowchart of a portable WLAN hotspot side according to an embodiment of the present invention. As shown in FIG. 7, the steps include: Step A: The user activates the WLAN hotspot Hotspot, or activates the Hotspot function of the smart device, so that the smart device acts as a WL AN hotspot. Step B: The WLAN hotspot receives an authentication request frame Authentication Request from the WLAN device. Step C: The WLAN hotspot determines whether to receive the authentication request frame. If yes, perform step D; otherwise, perform the step. Step D: The WLAN hotspot sends an authentication response frame Authentication Response to the WLAN device, indicating that the WLAN terminal accepts the authentication. This request-response protocol interaction process is shown in step B of FIG. Step E: The WLAN hotspot receives an association request frame Association Request from the WLAN device, and the association request frame carries a connection mode, that is, a Slide mode. Step F: The WLAN hotspot waits for the user's sliding track data HSD. If it is valid, such as the "2" track shown in Figure 2 (sliding from left to right), step G is performed; otherwise, the steps are performed. Step G: The WLAN hotspot sends an association response frame Association Request to the WLAN device, and the association request frame carries a connection mode, that is, a Slide mode. Step H: The WLAN hotspot receives the SCP-Start frame of the WLAN device and starts the SCP-based authentication process. Step I: The WLAN hotspot uses an asymmetric key generation algorithm (such as RSA, Elgamal, etc.) to calculate the HSD, and generates an asymmetric key pair, that is, a public key and a private key (or an encryption key and a decryption key). Step J: The WLAN hotspot sends an SCP-Request frame carrying the public key to the WLAN device. Step K: The WLAN hotspot waits for the SCP-Request frame carrying the ciphertext E1 from the WLAN device. If yes, go to step L; otherwise, go to step 1. Step L: The WLAN hotspot uses the private key to decrypt the ciphertext E1, and obtains the DSD, the MAC address, and the random number sequence R of the WLAN device. Step M: The WLAN hotspot determines whether the DSD matches its own HSD. If yes, perform step N. Otherwise, perform the step. Step N: The WLAN hotspot uses the MAC address of the WLAN device and the random number sequence R as symmetric keys, encrypts its own trust certificate C, and obtains ciphertext E2. Step O: The WLAN hotspot sends an SCP-Request frame carrying E2 to the WLAN device. Step P: The WLAN hotspot waits for the SCP-Response frame of the WLAN device indicating that the authentication is completed. If yes, go to step Q. Otherwise, go to step 1. Step WLAN hotspot and WLAN device exchange data frames, and then step S is performed. Step R: The WLAN hotspot prompts the user to fail, displays related error information, and sends a control frame carrying the error information to the WLAN device. Step S: End the session. In summary, the embodiments of the present invention have the following technical effects: The embodiment of the present invention can complete the connection authentication of the WLAN with less interaction process, and can effectively prevent unintentional or malicious entry of the illegal or undesired device, and at the same time, based on trust. The certificate can encrypt the data frames of the WLAN hotspot and the WLAN device, thus providing a more secure and convenient communication method. Although the invention has been described in detail above, the invention is not limited thereto, and various modifications may be made by those skilled in the art in accordance with the principles of the invention. Therefore, modifications made in accordance with the principles of the invention should be construed as falling within the scope of the invention.

Claims

权 利 要 求 书 、 一种便携式无线局域网 WLAN热点的连接方法, 包括 Claims, a method of connecting a WLAN hotspot for a portable wireless local area network, including
所述 WLAN热点在收到 WLAN设备根据设备滑动轨迹数据 DSD而发起的 WLAN热点接入请求后, 对响应所述 WLAN热点接入请求而进行的滑动操作 进行检测;  After receiving the WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, the WLAN hotspot detects the sliding operation in response to the WLAN hotspot access request;
所述 WLAN热点在检测到滑动操作时, 生成热点滑动轨迹数据 HSD, 并 回复接入请求响应;  When detecting the sliding operation, the WLAN hotspot generates hotspot sliding track data HSD and responds to the access request response;
所述 WLAN热点利用所述 HSD生成非对称密钥对, 并利用所述非对称密 钥对得到 WLAN设备的 DSD;  The WLAN hotspot generates an asymmetric key pair by using the HSD, and obtains a DSD of the WLAN device by using the asymmetric key pair;
所述 WLAN热点将所得到的 DSD 与 HSD 进行比较, 若匹配则向所述 WLAN设备发送认证证书, 以所述 WLAN设备接入所述 WLAN热点。 、 根据权利要求 1所述的方法, 其中, 所述非对称密钥对包括公钥和私钥, 所述 WLAN热点利用所述 HSD生成非对称密钥对, 并利用所述非对称密钥对得到 所述 WLAN设备的 DSD的步骤包括:  The WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot. The method according to claim 1, wherein the asymmetric key pair comprises a public key and a private key, and the WLAN hotspot generates an asymmetric key pair by using the HSD, and uses the asymmetric key pair The step of obtaining the DSD of the WLAN device includes:
所述 WLAN热点利用所述 HSD生成公钥和私钥, 并将所述公钥发送给所 述 WLAN设备;  The WLAN hotspot generates a public key and a private key by using the HSD, and sends the public key to the WLAN device;
所述 WLAN热点接收所述 WLAN设备利用所述公钥加密 DSD及接入参数 而得到的第一密文 E1 ;  Receiving, by the WLAN hotspot, the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter;
所述 WLAN热点利用所述私钥对 E1解密, 得到解密的 DSD和接入参数。 、 根据权利要求 2所述的方法, 其中, 所述 WLAN热点将所得到的 DSD与 HSD 进行比较, 若匹配则向所述 WLAN设备发送认证证书, 以所述 WLAN设备接 入所述 WLAN热点的步骤包括:  The WLAN hotspot decrypts E1 using the private key to obtain a decrypted DSD and access parameters. The method according to claim 2, wherein the WLAN hotspot compares the obtained DSD with the HSD, and if yes, sends an authentication certificate to the WLAN device, and the WLAN device accesses the WLAN hotspot. The steps include:
所述 WLAN热点将所得到的 DSD与 HSD进行比较,若匹配则利用所述接 入参数, 加密认证证书, 得到第二密文 E2;  The WLAN hotspot compares the obtained DSD with the HSD, and if yes, uses the access parameter to encrypt the authentication certificate to obtain the second ciphertext E2;
所述 WLAN热点将所述第二密文 E2 发送至所述 WLAN设备, 以所述 WLAN设备利用所述接入参数对 E2解密, 得到解密的认证证书, 并接入所述 WLAN热点。 、 根据权利要求 3所述的方法,其中,所述接入参数包括所述 WLAN设备的 MAC 地址、 所述 WLAN设备生成的随机数序列。 、 根据权利要求 1-4任意一项所述的方法, 其中, 若 DSD与 HSD不匹配, 则所 述 WLAN热点生成用于指示终止所述 WLAN热点接入认证的控制帧, 并发送 至所述 WLAN设备。 、 一种连接便携式无线局域网 WLAN热点的系统, 包括: The WLAN hotspot sends the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses the WLAN hotspot. The method according to claim 3, wherein the access parameter comprises a MAC address of the WLAN device and a random number sequence generated by the WLAN device. The method according to any one of claims 1-4, wherein, if the DSD does not match the HSD, the WLAN hotspot generates a control frame for indicating termination of the WLAN hotspot access authentication, and sends the control frame to the WLAN device. A system for connecting a portable wireless local area network WLAN hotspot, comprising:
检测单元, 设置为在收到 WLAN设备根据设备滑动轨迹数据 DSD而发起 的 WLAN热点接入请求后, 对响应所述 WLAN热点接入请求而进行的滑动操 作进行检测;  The detecting unit is configured to detect, after receiving the WLAN hotspot access request initiated by the WLAN device according to the device sliding trajectory data DSD, the sliding operation performed in response to the WLAN hotspot access request;
响应单元, 设置为在检测到滑动操作时, 生成热点滑动轨迹数据 HSD, 并 回复接入请求响应;  The response unit is configured to generate hotspot sliding track data HSD when the sliding operation is detected, and reply to the access request response;
轨迹获取单元,设置为利用所述 HSD生成非对称密钥对,并利用所述非对 称密钥对得到所述 WLAN设备的 DSD;  a trajectory obtaining unit, configured to generate an asymmetric key pair by using the HSD, and obtain a DSD of the WLAN device by using the asymmetric key pair;
热点接入单元, 设置为将所得到的 DSD与 HSD进行比较, 若匹配则向所 述 WLAN设备发送认证证书, 以所述 WLAN设备接入所述 WLAN热点。 、 根据权利要求 8所述的系统, 其中, 所述非对称密钥对包括公钥和私钥, 所述 轨迹获取单元包括:  The hotspot access unit is configured to compare the obtained DSD with the HSD, and if yes, send an authentication certificate to the WLAN device, and access the WLAN hotspot by the WLAN device. The system according to claim 8, wherein the asymmetric key pair comprises a public key and a private key, and the trajectory obtaining unit comprises:
非对称密钥产生模块,设置为利用所述 HSD生成公钥和私钥,并将所述公 钥发送给所述 WLAN设备;  An asymmetric key generation module is configured to generate a public key and a private key by using the HSD, and send the public key to the WLAN device;
WLAN热点接收模块,设置为接收所述 WLAN设备利用所述公钥加密 DSD 及接入参数而得到的第一密文 E1 ;  The WLAN hotspot receiving module is configured to receive the first ciphertext E1 obtained by the WLAN device by using the public key to encrypt the DSD and the access parameter;
WLAN热点解密模块, 设置为利用所述私钥对 E1解密, 得到解密的 DSD 和接入参数。 、 根据权利要求 7所述的系统, 其中, 所述热点接入单元包括:  The WLAN hotspot decryption module is configured to decrypt E1 by using the private key to obtain a decrypted DSD and access parameters. The system of claim 7, wherein the hotspot access unit comprises:
WLAN热点核心控制模块, 设置为将所得到的 DSD与 HSD进行比较; The WLAN hotspot core control module is configured to compare the obtained DSD with the HSD;
WLAN热点加密模块, 设置为在匹配时, 利用所述接入参数, 加密认证证 书, 得到第二密文 E2; WLAN热点发送模块,设置为将所述第二密文 E2发送至所述 WLAN设备, 以所述 WLAN设备利用所述接入参数对 E2解密, 得到解密的认证证书, 并接 入所述 WLAN热点。 、 根据权利要求 8所述的系统,其中,所述接入参数包括所述 WLAN设备的 MAC 地址、 所述 WLAN设备生成的随机数序列。 、 根据权利要求 6-9任意一项所述的系统, 其中, 所述热点接入单元还设置为在 DSD与 HSD不匹配时,生成用于指示终止所述 WLAN热点接入认证的控制帧, 并发送至所述 WLAN设备。 The WLAN hotspot encryption module is configured to: when the matching is performed, use the access parameter to encrypt the authentication certificate to obtain the second ciphertext E2; The WLAN hotspot sending module is configured to send the second ciphertext E2 to the WLAN device, and the WLAN device decrypts the E2 by using the access parameter to obtain a decrypted authentication certificate, and accesses the WLAN hotspot. . The system according to claim 8, wherein the access parameter comprises a MAC address of the WLAN device and a random number sequence generated by the WLAN device. The system according to any one of claims 6-9, wherein the hotspot access unit is further configured to generate a control frame for instructing termination of the WLAN hotspot access authentication when the DSD and the HSD do not match, And sent to the WLAN device.
PCT/CN2013/083574 2013-07-10 2013-09-16 Method and system for connecting portable wlan hotspot WO2014161277A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310289286.5A CN104284331B (en) 2013-07-10 2013-07-10 A kind of method and system connecting portable WLAN hot spot
CN201310289286.5 2013-07-10

Publications (1)

Publication Number Publication Date
WO2014161277A1 true WO2014161277A1 (en) 2014-10-09

Family

ID=51657471

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/083574 WO2014161277A1 (en) 2013-07-10 2013-09-16 Method and system for connecting portable wlan hotspot

Country Status (2)

Country Link
CN (1) CN104284331B (en)
WO (1) WO2014161277A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108476460A (en) * 2016-12-09 2018-08-31 华为技术有限公司 Establish the method and terminal device of hot spot connection
CN111866995A (en) * 2020-07-26 2020-10-30 广云物联网科技(广州)有限公司 WeChat applet-based intelligent device network distribution method and system

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104902470B (en) * 2015-05-05 2018-10-30 中国科学院信息工程研究所 A kind of connection control method and system of the hotspot based on dynamic key
CN106332076A (en) * 2015-06-23 2017-01-11 西安中兴新软件有限责任公司 wireless access method, device and system
CN106211210B (en) * 2016-07-21 2020-02-07 深圳奇迹智慧网络有限公司 Mobile terminal MAC data acquisition method
CN107465997A (en) 2017-07-28 2017-12-12 广东欧珀移动通信有限公司 Bluetooth connecting method, device, terminal and computer-readable recording medium
CN111194031B (en) * 2020-02-28 2021-02-26 杭州海康威视数字技术股份有限公司 Wireless hotspot connection method and device, electronic equipment and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011132174A1 (en) * 2010-04-21 2011-10-27 Nokia Corporation Method and apparatus for determining access point service capabilities
US20120039248A1 (en) * 2010-08-10 2012-02-16 Ford Global Technologies, Llc Method and system for in-vehicle wireless connectivity
CN102625195A (en) * 2012-02-29 2012-08-01 三一重工股份有限公司 Construction machine and remote control terminal and remote control system thereof
CN102802063A (en) * 2012-08-31 2012-11-28 博视联(苏州)信息科技有限公司 Set top box device with WIFI (Wireless Fidelity) hot spots

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101783834B (en) * 2009-12-31 2014-01-01 华为终端有限公司 Mobile terminal and method for switching screen
JP2012253716A (en) * 2011-06-07 2012-12-20 Nec Saitama Ltd Portable terminal, operation method and operation program of the same, and moving image reproduction system
CN102629186B (en) * 2012-03-09 2013-10-16 无锡商数信息技术有限公司 Method for establishing terminal matching through touch trajectory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011132174A1 (en) * 2010-04-21 2011-10-27 Nokia Corporation Method and apparatus for determining access point service capabilities
US20120039248A1 (en) * 2010-08-10 2012-02-16 Ford Global Technologies, Llc Method and system for in-vehicle wireless connectivity
CN102625195A (en) * 2012-02-29 2012-08-01 三一重工股份有限公司 Construction machine and remote control terminal and remote control system thereof
CN102802063A (en) * 2012-08-31 2012-11-28 博视联(苏州)信息科技有限公司 Set top box device with WIFI (Wireless Fidelity) hot spots

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108476460A (en) * 2016-12-09 2018-08-31 华为技术有限公司 Establish the method and terminal device of hot spot connection
EP3544362A4 (en) * 2016-12-09 2019-11-06 Huawei Technologies Co., Ltd. Method for establishing hotspot connection, and terminal device
CN108476460B (en) * 2016-12-09 2021-05-04 华为技术有限公司 Method for establishing hotspot connection and terminal equipment
CN113301669A (en) * 2016-12-09 2021-08-24 华为技术有限公司 Method for establishing hotspot connection and terminal equipment
EP3893595A1 (en) * 2016-12-09 2021-10-13 Huawei Technologies Co., Ltd. Establishment by a second terminal device of a wlan hotspot connection to a first terminal device for connecting to the internet
CN113301669B (en) * 2016-12-09 2022-07-26 华为技术有限公司 Method for establishing hotspot connection and terminal equipment
CN111866995A (en) * 2020-07-26 2020-10-30 广云物联网科技(广州)有限公司 WeChat applet-based intelligent device network distribution method and system

Also Published As

Publication number Publication date
CN104284331B (en) 2019-09-24
CN104284331A (en) 2015-01-14

Similar Documents

Publication Publication Date Title
WO2021027554A1 (en) Information sharing method, terminal apparatus, storage medium, and computer program product
US11825303B2 (en) Method for performing verification by using shared key, method for performing verification by using public key and private key, and apparatus
US11178584B2 (en) Access method, device and system for user equipment (UE)
US9015065B2 (en) Method, system, and device for implementing network banking service
TWI388180B (en) Key generation in a communication system
JP6203985B1 (en) Secure provisioning of authentication credentials
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
WO2014161277A1 (en) Method and system for connecting portable wlan hotspot
US8572698B1 (en) Connecting a legacy wireless device to a WPS-enabled access point
WO2014180198A1 (en) Access method, system, and device of terminal, and computer storage medium
WO2015043131A1 (en) Wireless network authentication method and wireless network authentication apparatus
CA2929173A1 (en) Key configuration method, system, and apparatus
WO2009094942A1 (en) Method and communication network system for establishing security conjunction
WO2023280194A1 (en) Network connection management method and apparatus, readable medium, program product, and electronic device
EP2957114B1 (en) Method and network node for obtaining a permanent identity of an authenticating wireless device
WO2009152749A1 (en) A binding authentication method, system and apparatus
TW200405734A (en) Inter-working function for a communication system
US20170317981A1 (en) Home network traffic isolation
WO2007028328A1 (en) Method, system and device for negotiating about cipher key shared by ue and external equipment
WO2014127751A1 (en) Wireless terminal configuration method, apparatus and wireless terminal
WO2015100675A1 (en) Network configuration method, and related device and system
WO2007022731A1 (en) Encryption key negotiation method, system and equipment in the enhanced universal verify frame
WO2017000680A1 (en) Connection establishment method and apparatus
WO2018099407A1 (en) Account authentication login method and device
WO2018137239A1 (en) Authentication method, authentication server, and core network equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13881111

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13881111

Country of ref document: EP

Kind code of ref document: A1